Risk Management

The business of banking is naturally exposed to risk. As such, we at EastWest Bank regard risk management as more than just a corporate box-ticking exercise, but a business imperative.

Over the years, we have strengthened our focus on identifying and managing risks on all fronts, recognizing that whatever threatens the survival of our business also threatens the success of our customers, as well as our longstanding relationship.

Risk influences in 2016

In 2016, we intensified our efforts to manage the growing risks in our market environment. While bouts of market volatility and feverish banking competition characterized the previous year, the sources of risk in 2016 were more wide-ranging. Along with the growing geopolitical tension within the Asian region, there were also changes in political leadership here and abroad that created market uncertainty. Increasing incidents related to cybercrime also heightened regulators' hawkish stance towards consumer protection.

The Bangko Sentral ng Pilipinas (BSP) moved towards a more prescriptive position, imposing greater discipline on the major credit, operational, and liquidity risks banks are inherently exposed to. Following this directive, EastWest conducted a comprehensive analysis of all the different gaps present in addressing credit, liquidity, capital, operations, and reputational risks, among others.

Believing that managing risk is the shared responsibility of everyone at EastWest Bank, we continued to instill a proactive mindset in every task we perform that can possibly expose our Bank to risk and potential losses.

We took serious efforts to increase risk consciousness across our entire organization so assigned personnel can catch potential risk, especially during routine processes. Through continuous training and various modes of learning, we continue to equip everyone with the skills to prevent risk from occurring at the onset of each transaction. We harness every unit's capabilities to manage their own risk-taking.

Risk Management Structure

Risk management is deeply entrenched in the financial and operational design of EastWest:

  1. Our Board of Directors upholds primary responsibility for effective risk and internal control management.

  2. Business and operating heads, acting as Business Risk Managers (BRMs), act as the second line of defense, ensuring that risk guidelines and policies prevail and remain attuned to the Bank's needs and regulatory obligations.

    The Risk Management Committee (RMC) of the Board complements this function, maintaining the oversight function of monitoring the Bank's overall risk profile via monthly reporting from the Risk Management Division (RMD). It proactively updates its models for identified risks, analyzes EastWest's exposures, and measures other potentially relevant risks.

  3. Our Internal Audit Division (IAD) serves as the third line of defense, providing independent assurance on the continued relevance and sufficiency of the Bank's overall risk management.

    Together with the Audit Committee, the IAD reviews our risk management systems, functions, and activities, recognizing that these have been undertaken in accordance with the RMD's duties and responsibilities, as mandated by the BSP. It also assesses the Bank's Board and Senior Management oversight to be generally sufficient, with performance and overall risk profiles regularly discussed together and all pertinent regulatory requirements and policies raised over monthly meetings. These reviews and assessments conclude that the foundations for a sound risk management system are properly established in the Bank, going hand-in-hand with Board-approved Risk Management Charters and Manuals.

Types of Risks

The risks we face are inherent in the business of banking whether they are related to income generation, customer service, or compliance with regulations.

Capital risk
This type of risk refers to the possibility of a company losing value of its capital, which consequently limits its ability to cover for risk exposures that are inherent in doing business.

We mitigate this risk by implementing proactive capital risk management to ensure that capital is preserved while shareholder value is maximized. We maintain capital ratios above the minimum BSP prescription.

Credit risk
This refers to the possibility of borrowers and customers failing to pay their obligations to the Bank when they fall due, whether these are for loan repayment or a contractual obligation. In recent years, credit risks were classified based on the age of the loan portfolio or their doubtfulness. Under BSP Circular No. 855, Series of 2014, however, banks now have to produce models for estimating losses on their portfolio. This obliges banks to forecast potential losses based on the entire life cycle of a loan account or portfolio backed by historical experience.

We are able to temper this risk by applying stringent credit scorecards and minimum acceptance criteria for every consumer loan product, and an Internal Credit Risk Rating System (ICRRS) for corporate clients. We also use a Board-approved Credit Risk Management Manual as guidance in performing credit evaluation for retail consumers and credit underwriting for corporate customers. We regularly monitor key credit risk indicators and conduct stress tests based on internally determined and BSPprescribed stress scenarios.

Liquidity risk
This pertains to the possibility that the Bank might be unable to service its obligations as they fall due, or would have to do so at exorbitant cost. For instance, liquidity risk exists when the maturity of the Bank's termed assets spans longer than its corresponding liabilities. This gives rise to the possibility that the Bank may either have a shortage of available financial resources to pay for its liabilities on time, or can only access such resources at excessive cost.

We mitigate this risk by:

  • Periodically tracking liquidity risk within the realm of the Treasury Group's responsibility, obtaining an accurate knowledge of our future cash flows at any given time;
  • Adopting a Maximum Cumulative Outflow (MCO) model, a cash flow analysis tool that projects our cash flow, includes off-balance sheet commitments, under normal operations;
  • Using a Board-approved Liquidity Risk Management Manual for setting risk appetite, as well as observing regulator- and internally determined liquidity risk limits;
  • Adhering to a Funding Contingency Plan, which the Treasury Group regularly updates, to assure readiness in case a liquidity issue emerges; and
  • Foreseeing historical stress scenarios to gain insight into our ability to fund our liabilities under these circumstances.

Market risk
The value of the Bank's investment portfolio could be adversely affected by market events impacting risk factors, such as interest rates, foreign exchange rates, and equity prices. This possibility is the market risk inherent in our business. This could arise when we take trading positions for the Bank's proprietary account, or whenever such market positions may have to be taken to allow us to service customer transactions.

To manage this risk, we use various models and tools:

  • Value-at-Risk (VaR): to assess potential losses related to positions we take in the trading book;
  • Earnings-at-Risk (EaR): in consideration of repricing assets and liabilities in the banking book;
  • Market risk limit (MRL): to represent the maximum potential loss level we are willing to take; and
  • Loss alert limit (LAL): as early warning to facilitate loss reduction strategies.

It is only prudent for the Bank to perform stress tests based on regulator- and internally prescribed stress scenarios, such as interest rate shocks for the trading and banking books. Every day, the Treasury Group and RMD also monitor the trading book by both portfolio, product and/or trader.

Operational risk
This relates to risks arising from lapse in systems, people, processes, and external events that affect our business operations. Lapses and failures in delivery and performance of our functions and operations, after all, are not without consequences. While inherent in the banking ecosystem, operational risk becomes doubly pronounced as the Bank expands its business and reach.

We address this risk by espousing close collaboration among our various Bank Units, gathering pertinent operational risk data, producing the likelihood and business impact matrix for every risk category, and simulating the operational risk loss for individual events. A Board-approved Operational Risk Management Manual also dictates our risk appetite and tolerance for operational risk. Every month, there is monitoring and reporting of key indicators to RMC.

Reputational risk
Banks also bear the brunt when stakeholders air their negative public opinion that typically arise from poor product and service delivery, non-compliance, poor corporate governance, or unsatisfactory financial performance, among others. Being a publicly listed company and the growing popularity of social media become major sources of reputational risk for a bank.

We at EastWest remain steadfast in monitoring this risk through identification methods that are both quantitative and qualitative in design, proactively watching and responding to our various environments, and putting controls in place.

Geared up for the future

As we move within a highly dynamic environment, these risks continue to evolve and pose uncertainty in varying forms. Our industry will remain subject to intricate regulations, guideline updates, and adjustments that respond to bigger systemic conditions.

With the principles of risk management clear and echoing its extreme importance to us, EastWest supports these compliance and regulatory shifts 100% and support the move toward greater transparency and efficiency. It is to the favor of our customers, employees, and shareholders that regulators impose these policies and ensure the stability of financial institutions like us.

Internally, we all act as partners of the Board and decision-makers, taking into consideration the risk involved in whatever activity we embark on. Even at the lowest rung of the ladder, risk management discipline is deeply ingrained in us and how we do things.

We keep abreast of developments that pose one or more of the risks detailed above, may it be due to intensifying competition from a local bank, the entry of new and foreign players, or the threat of online fraud and criminal activity. But while alert and taking calculated steps, we take advantage of opportunities where it counts, not straying from our vision of being an industry leader in the near future and delivering more than we promised to the banking public we serve.

New Relevant BSP Regulations

Circular No. 905, Implementation of Basel III Framework on Liquidity Standards – Liquidity Coverage Ratio and Disclosure Standards
This new rule requires banks to have available High Quality Liquid Assets (HQLA) to meet anticipated net cash outflow for a 30-day period under stress conditions. The standard, which initially covers universal and commercial banks, prescribes that, in a normal situation, the value of the liquidity ratio be no lower than 100% on a daily basis because the stock of unencumbered HQLA is intended to serve as a defense against the potential onset of liquidity stress.

Circular No. 900, Guidelines on Operational Risk Management
This outlines prescriptive rules on operational risk management, under which Bank officials must establish a comprehensive operational risk management framework to better monitor risks coming from all its activities, products, and services aside from its direct credit, liquidity and market risk exposures. Under this directive, the BSP's Supervision and Examination Sector should be notified of any operational risk events that could lead to significant operational losses or exposures, activation of a business continuity plan (BCP), or any material change in the business environment within 10 days after discovery.Aside from business-as-usual monitoring efforts of credit risk, the bank also performs stress tests based on scenarios defined internally and those prescribed by regulators. These stress tests help the bank look into its largest exposures (concentration risk), its ability and capacity to withstand defaults from top credit portfolios and the incremental amount of credit risk that it can still afford.

Circular No. 899, Amendments to the Guidelines on Outsourcing
BSP provides updated guidelines of bank operating systems that can and cannot be passed on to an external service provider, stressing the importance of establishing processes, procedures, and systems for identifying, monitoring, and mitigating outsourcing risks.

The circular details the power of the BSP to deploy supervisory enforcement actions to ensure adherence, as well as underscores the direct responsibility of the Board and senior management in handling and overseeing outsourced bank activities.

Inherent bank functions that cannot be outsourced are services aligned with the placement of deposits and withdrawals, grants of loans and extension of other credit exposures, position-taking and market risk-taking activities, risk exposure management, and strategic decision-making.