Download Pdf

Risk Management - Annual Report 2022–23

Mitigating Risks. Ensuring Stability.

We have implemented a robust Comprehensive Risk Management Framework to enhance our ability to identify and mitigate risks. Our Board serves as the highest governing body responsible for overseeing all aspects of risk management, and they are supported by an independent risk function.

Risk Management Approach

The risk management processes are guided by well-defined policies appropriate for various risk categories, independent risk oversight, and periodic monitoring through the sub-committees of the Board of Directors. Our risk management approach is underpinned by four pillars, namely:

Risk philosophy

Our Bank’s risk philosophy states that risk management is the collective responsibility of all employees. When making decisions, regulatory compliance and reputation should be factored in, as compliance is nonnegotiable and safeguarding reputation has equal weight in protecting financial losses.

Risk appetite

It is ensured through Risk Appetite statement that business decisions are in line within approved risk dimensions. Risk policies are approved by the Board and then cascaded for action by business departments. Executive Committees lay down specific instructions around business decisions to address risk issues. New Product/Process or review of the same are vetted by Risk Department.

Risk identification and mitigation

RMD, as part of its role, identifies risks and uncertainties that are faced by the Bank as and when they emerge. Material risks within these are covered in the various reporting frameworks of the RMD vis-à-vis the Board and the RMC, including the ICAAP and quarterly Risk Dashboards. RMD participates in risk mitigation at strategic, policy, and operational levels and works collaboratively with business teams to build consensus and ensure ownership of risk in the first line of defence (LOD).

Risk culture

We have adopted a two-pronged approach for embedding a robust Risk & Compliance Culture across all the verticals and levels in the Bank. At the governance level, the Board of Directors and Senior Management act as the anchor points of the Risk & Compliance Culture, while, at the operational level, the Compliance Department and RMD drive the culture across the Bank. This is being reinforced through an accountability and responsibility framework and cascade of values across the Bank.

Risk Governance Framework

At the apex of our three-tier risk governance framework is the Board and its Committees governing risk management. The Risk Management Department (RMD), headed by the Chief Risk Officer (CRO), takes responsibility for implementing and driving the policies, procedures, and frameworks approved by RM and executive risk committees of the Bank. In accordance with the RBI guidelines, the roles and responsibilities of the CRO are approved by the Board. The CRO reports to the MD & CEO of the Bank. Further, RMD has no business targets, it participates in major decision-making forums, and is empowered to form its independent views.

Key Material Risks

  • Credit risk comprises traditional default, recovery, and concentration risks as well as emerging risks like country, digital, and fraud risk.
  • Trading risk is largely an interest rate risk from participation in government securities, derivatives, and bond markets.
  • Interest rate risk in the banking book is due to mismatch between the interest rate exposures of its assets and liabilities.
  • Liquidity risk includes risk under stress as covered by the LCR regulations, structural liquidity, and concentration risk.
  • Operational risk results from inadequate processes/systems and human factors. Emerging areas include outsourcing, fraud, continuity, data privacy, and legal risks.

At a Bank level, key material risks include strategy and business, compliance, regulatory and reputation risks.

Integrated Approach to Managing Risk

Under our risk management approach, the RMD works closely with business and operations units in the 1st LOD (Line of Defence), compliance and finance functions in the 2nd LOD and internal audit in the 3rd LOD to bring together a 360-degree view of the risks.

One example of this approach is the Risk Appetite of the Bank.

Risk Appetite refers to the level and type of risk that the bank is willing to accept in pursuit of its business objective. We have a Risk Appetite Statement (RAS) which articulates the Bank’s stance on select risks and cascades them to the operational units i.e., be translated into limits coherently.

RMD monitors and reports adherence to RAS limits to the respective reporting/approving authorities as part of its role as the 2nd LOD.

Citi Consumer Business Acquisition: Project Myrtle

Axis Bank, with the Citi Consumer Business acquisition, expanded not only the scope and scale of business but also the complexity. The acquisition posed some key risks, including the need to integrate systems for customer experience, credit monitoring, and regulatory reporting, maintain our credit standards, and integrate employees. To manage these risks, we created an Integration Management Office (IMO) that managed numerous areas of integration—policies, processes, systems, data, etc. Teams were assigned to each workstream and they took on full ownership of the integration.