Risk Management


    Managing risks, increasing enterprise value

As the management of risk is fundamental to the financial soundness and integrity of the Bank, risk evaluation forms an integral part of the Bank's business strategy development. The Bank's risk management philosophy is that all risks taken must be identified, measured, monitored and managed within a robust risk management framework and that returns must commensurate with the risks taken. 

The Board of Directors has the overall responsibility of determining the type and level of business risks that the Bank undertakes in achieving its corporate objectives. The Board has delegated to various committees the authority to formulate, review and approve policies on monitoring and managing risk exposures. The major policy decisions and proposals on risk exposures approved by these Committees are subject to review by the EXCO of the Board. The Board has appointed the Risk Management Committee to oversee senior management's activities in managing credit, market, liquidity, operational, legal and other risks and to ensure that the risk management process is in place and functioning. 

The various committees comprise top management and senior executives of the Bank who meet regularly to deliberate on matters relating to the key types of risks under their respective supervision. The key risks are credit risk, balance sheet risk, liquidity risk, market risk and operational and reputational risk. 

The In-Country Credit Committee deals with approval of credit applications and review of existing credit portfolio. 

The Credit Management Committee deals with all credit risk matters, including formulation and review of credit policies and assessment of risk profiles. 

The Asset Liability Committee ("ALCO") formulates, reviews and approves policies and strategies regarding the balance sheet structure, liquidity needs and trading activities. 

The Risk Management Division acts as catalyst for the development and maintenance of sound risk management policies, strategies and procedures within the Bank. The Division is independent of other business units in the Bank which are involved in risk taking activities. The Division also provides functional support to the Risk Management Committee, ALCO and Credit Management Committee as well as assisting the Management in managing risk inherent to the Bank.

Credit risk is defined as the risk of loss arising from any failure by a borrower or a counterparty to fulfil their financial obligations, as and when they fall due. It also includes risk of a decline in the credit standing of a counterparty. Such decline may not imply default but the probability of default increases. Credit risk is the single largest risk faced by the Bank. It is inherent in the activities of the Bank such as loans and lending-related commitments, treasury and capital market operations, and investments. Business units have primary responsibilities for the day-to-day and active management of credit risks.

The Executive Committee (EXCO) is established by the Board of Directors to formulate the Bank's business strategies and conduct on-going monitoring of the Bank's performance. The EXCO, under delegated authority from the Board of Directors, approves credit policies, guidelines and procedures to control and monitor such risks. It has day-to-day responsibility for identifying and managing portfolio and risk concentration issues, including industry sector exposure. The risk parameters for accepting credit risk are clearly defined and complemented by policies and processes to ensure that the Bank maintains a well diversified and high quality credit portfolio.

For the timely recognition of asset impairment, recovery action and the avoidance of undue concentration, a disciplined process is in place to regularly monitor, review and report the Bank's portfolio risks. These include large credit exposures by obligor groups, sectors, security types, internal credit ratings, industries, countries as well as level of non-performing loans, appropriateness of classification and adequacy of provisioning.

Credit risk exposures are managed through a robust credit underwriting, structuring and monitoring process. The process includes monthly reviews of all non-performing and special-mention loans, ensure credit quality and the timely recognition of asset impairment. In addition, credit review and audit are performed regularly to proactively manage any delinquency, minimise undesirable concentrations, maximise recoveries, and ensure that credit policies and procedures are complied with. Past dues and credit limit excesses are tracked and analysed by business and product lines. Significant trends are reported to the Credit Management Committee.

To maintain independence and integrity of the credit approval process, the credit approval function is segregated from credit origination. Credit approval authority is delegated through a risk-based credit discretionary limit (“CDL”) structure to ensure that the CDLs are tiered according to the borrower’s rating. The Bank has in place a very stringent process for the delegation of CDLs based on the experience, seniority, and track record of the officer. All officers with the authority to approve credits are guided by credit policies and guidelines with distinction made for institutional and individual borrowers. These credit policies and guidelines, which cover key parameters associated with credit structuring and approval, are periodically reviewed to ensure their continued relevance.

An internal credit rating system, which incorporates both statistical models and expert-judgement scorecards, has been developed, implemented and used as part of the credit approval process. Statistical models were built for portfolios with sufficient default data, and expert judgement scorecards were developed for low default portfolios.

Generally, a borrower is assigned a Customer Risk Rating (“CRR”) and a Facility Risk Rating (“FRR”). The CRR is a borrower's standalone credit rating and is derived after a comprehensive assessment of its financial condition, the quality of its management, business risks and the industry it operates in. The FRR incorporates transaction-specific dimensions such as availability and types of collateral, seniority of the exposures, facility structures, etc.

Consumer exposures are managed on a portfolio basis. The Bank has scorecards and stringent product programs for credit underwriting purposes.

During 2007, the Bank replaced the policies governing approval of credit facilities with "Related Parties", to "Connected Parties", to comply with revision in Bank Negara Malaysia’s (BNM) guidelines on Credit Transactions and Exposures with Connected Parties.

Risk concentrations by industry are monitored closely to avoid undue concentration in any particular industry. Industry risk refers to the likelihood of groups of customers being adversely affected by economic developments impacting a particular industry in which such customers operate. Exposure concentrations and non-performing loans by industry type are analysed and significant trends reported to the Credit Management Committee as well as to the Risk Management Committee, EXCO and the Board of Directors.

In particular, the trends and composition of exposures to property-related loans are closely monitored, analysed and reported on an on-going basis to ensure that exposures are kept within regulatory limits and internal guidelines.

Credit Stress Test
To assess the potential loss arising from the impact of plausible adverse events on the Bank's credit portfolio, credit stress test are periodically conducted. The extent of the plausible credit impairments is analysed to determine if the potential losses are within the Bank's risk tolerance.


The Bank incorporates periodic credit stress testing as an integral part of its portfolio management process.  This allows the Bank to assess the potential credit losses arising from the impact of plausible adverse events.

Basel II
Over the last few years, as part of the Bank's plan to adopt best practice in risk management, substantial investments and significant progress were made in aligning to the requirements of the International Convergence of Capital Measurement and Capital Standards framework (Basel II). This effort included investments in human resources, IT systems, processes, and the development of internal models to estimate risk.

The Bank intends to adopt an Internal Rating Based Approach (IRBA) in the management of its credit exposures. To this end, significant changes have been made to the Bank's organisational structure, policies and procedures to ensure that internal risk ratings are integral to the Group's credit decision and management processes.

At the same time, the Bank has mapped all its business activities to the business lines defined by Basel II under the Standardised Approach for operational risk. To complement these initiatives, work is in progress in our parent bank to develop and implement a process to assess the adequacy of the Bank's capital to support the risks inherent to its core banking activities. 
The Bank is committed to continue strengthening and investing in its risk management systems, processes and procedures to adopt best practices in its risk management framework.

The Bank classifies its loan portfolios according to the borrower's ability to repay the loan from its normal source of income. All loans and advances to customers are classified into the categories of 'Pass', 'Special Mention' or 'Non-Performing'. Non-Performing Loans are further classified as 'Substandard', 'Doubtful' or 'Loss' in accordance with BNM GP3 except the Bank has lowered the default period to three months instead of six months. Interest income on all Non-Performing Loans is suspended. Such loans will remain classified until servicing of the account is satisfactory. Classified loans are transferred to Special Assets Management to maximise recovery prospects.

Loan classification Description
All payments are current and full repayment of interest and principal from normal sources is not in doubt.
Special Mention
There is some potential weakness in the borrower's creditworthiness, but the extent of any credit deterioration does not warrant its classification as a Non-Performing Loan.
There is weakness in the borrower's creditworthiness that jeopardises normal repayment. Default has occurred or is likely to occur or the repayment schedule has been restructured. A credit (except consumer loan) is greater than 90 days past due but less than 270 days past due. Consumer loan greater than 90 days but less than 120 days past due falls under this classification.
A credit (except consumer loan) is greater than 270 days past due but less than 365 days past due. Consumer loan greater than 120 days but less than 180 days past due falls under this classification.
A credit (except consumer loan) is greater than 365 days past due. Consumer loan greater than 180 days past due falls under this classification.


Specific provisions are made for each loan grade in the following manner:
Loan classification Provision
Substandard 20% of any unsecured loan outstanding less interest-in-suspense
Doubtful 50% of any unsecured loan outstanding less interest-in-suspense
Loss 100% of any unsecured loan outstanding less interest-in-suspense

A classified account is written off where there is no realisable tangible collateral securing the account and all feasible avenues of recovery have been exhausted.

A rescheduled account is one where repayment terms have been modified, but the principal terms and conditions of the original contract have not changed significantly. This is done to alleviate a temporary cash flow difficulty experienced by a borrower. It is expected that the problem is short-term and not likely to recur. The full amount of the debt is still repayable and no loss of principal or interest is expected. 

When an account has been rescheduled three months before it meets the criteria for auto classification, the account can be graded as 'Performing'. However, if the rescheduling takes place after the account has been graded as 'Non-Performing', it remains as such and is upgraded to 'Pass' after six months and provided there are no excesses and past dues. 

A restructured account is one where the original terms and conditions of the facilities have been modified significantly to assist the borrower to overcome financial difficulties where the longer-term prospect of the business or project is still deemed to be viable. A restructuring exercise could encompass a change in the credit facility type, or in the repayment schedule including moratorium, or extension of interest and/or principal payments and reduction of accrued interest, including forgiveness of interest and/or reduction in interest rate charged. 

When an account has been restructured based on financial consideration, the account will be graded as 'Non-Performing'. It can only be upgraded to 'Pass' after six months when all payments are current in terms of the restructured terms and conditions and there is no reasonable doubt as to the ultimate collectability of principal and interest.

The Bank has set up a centralised and independent department named Special Asset Management Department to manage non-performing loan (“NPL”) and non-performing asset (“NPA”) portfolios. SAM consists of two sub-units, namely the Restructuring Unit and the Recovery Unit. The two sub-units will manage the NPL and NPA portfolio of the Bank. Responsibilities include formulating account strategy/action plan, negotiate/reach agreement with borrower on restructuring/recovery plan, seek approval and implement the restructuring/recovery plan, monitor/review the progress/effectiveness of the restructuring/recovery plan and where necessary make changes to the restructuring/recovery plan.  

Balance sheet risk is defined as the potential change in earnings arising from the effect of movements in interest rates on the structural banking book of the Bank that is not of a trading nature.

The Asset Liability Committee ("ALCO"), under delegated authority from the Board of Directors, approves policies, strategies and limits in relation to the management of structural balance sheet risk exposures. This risk is monitored and managed within a framework of approved policies and limits, and is reported monthly to ALCO. The decisions of ALCO and highlights of its monthly risk management reports are reviewed by the Bank's Board of Directors and Risk Management Committee.

The balance sheet risk in the banking book arises from customers' preferences and characteristics in the booking of assets and liabilities, which result in a mismatch in the interest repricing and maturity dates of these assets and liabilities. The Bank assesses the impact of changes in interest rates over time on the banking book by projecting the corresponding changes in Net Interest Income ("NII") and Economic Value of Equity ("EVE") of the Bank. The primary objective of balance sheet risk management, therefore, is to monitor and avert significant volatility in NII and EVE.

The risks arising from the trading book for example interest rates, foreign exchange rates and equity prices are managed and controlled under the market risk framework that is discussed under the section 'Market Risk Management'.

Liquidity risk is defined as the risk to the Bank's earnings or capital arising from its inability to meet its financial obligations as they fall due, without incurring significant costs or losses. Liquidity risk arises from the general funding of the Bank's banking activities and in the management of its assets and liabilities, including off-balance sheet items. The Bank maintains sufficient liquidity to fund its day-to-day operations, meet deposit withdrawals and loan disbursements, participation in new investments, and repayment of borrowings. Hence, liquidity is managed in a manner that addresses known as well as unanticipated cash funding needs.

Liquidity risk is managed within a framework of policies, controls and limits approved by the Bank's ALCO which are in line with the policies of UOB Bank Group and which are also adequate to meet the requirements under Bank Negara Malaysia's New Liquidity Framework. These policies, controls and limits ensure that the Bank maintains well diversified sources of funding, as well as sufficient liquidity to meet all its contractual obligations when due. The management of liquidity is carried out using a prudent strategic approach to manage the Bank's funding requirements.

Aligning to the regulatory liquidity risk management framework, liquidity risk is measured and managed on a projected cash flow basis. The Bank is monitored under "business as usual", "bank-specific crisis" and "general market crisis" scenarios. Cash flow mismatch limits are established to limit the Bank's liquidity exposure. The Bank has also employed liquidity early warning indicators and established trigger points to signal possible contingency situations. At the tactical level, the Bank's Global Markets & Investment Management Division's Asset Liability Management unit is responsible for the active management of cash flows in accordance with the Bank's approved liquidity risk management policies and limits.

Liquidity contingency funding plans are in place to identify potential liquidity crises through early warning indicators; detailing crisis escalation process and the various strategies including funding and communication strategies to be taken to minimise the impact of a liquidity crunch. Although, the Bank have self-sufficient funding capabilities, funding will also be provided by the UOB Bank Group's Head Office in Singapore to the Bank should the need arise.

Market risk is defined as the potential loss in market value of a given portfolio that can be expected to be incurred arising from adverse movement in the level of market prices or rates, the three key components being interest rate risk, foreign currency risk and equity risk.

Interest Rate Risk refers to the volatility in net interest income as a result of changes in levels of interest rates and shifts in the composition of the assets and liabilities. Foreign currency risk is defined as the risk which arises from adverse exchange rate movements on the foreign exchange positions from time to time and Equity Risk is the risk which arises from adverse movements in the price of equities on the equity positions taken from time to time.

The Bank is exposed to market risk in its trading portfolio because the values of its trading positions are sensitive to changes in market prices and rates. Similarly, it is also exposed to market risk in its investment portfolio. Market risk is governed by the Group ALCO, which provides risk oversight and policy guidance.

Market risk is managed using a framework of risk management processes based on market risk management policies and risk control procedures, as well as risk and loss limits. Mark-to-market technique is used to revalue marketable securities, equities and foreign currency positions. Mark-to-market of trading positions are then compared against predetermined market risk limits. The market risk limits are set after taking into account the risk appetite of the Bank, and the risk-return relationship. Risk and loss limits are proposed by every trading desk/division, reviewed by the Market Risk Management Department and approved by Group ALCO annually. Group ALCO also reviews and approves new limits or changes to existing limits as and when these are proposed. The Trading positions and limits are regularly reported to the Management.

The monitoring of market risk trading limits and the reporting of any limit excess are carried out independently by the Middle Office, which is responsible to monitor, control and report all market and liquidity risk exposures arising from the activities and operations of UOBM GMIM, including daily Mark to Market valuation of GMIM product exposures.

To complement the Value at Risk ("VaR"), stress and scenario test are performed on the trading portfolio to identify the bank's vulnerability to event risks. The test serves to provide early warning of plausible extreme losses to facilitate proactive management of market risks.

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Potential loss may be in the form of financial loss or other damages, for example, loss of reputation and public confidence that will impact the Bank's credibility to transact, maintain liquidity and obtain new business. 

Operational risk is managed through a framework of policies, techniques and procedures as approved by our Parent Bank. There are periodic risk management reports reviewed by Senior Management and Risk Management Committee.

This framework of techniques and procedures encompasses the following:

  • the building of Operational Risk Profiles ("ORPs");
  • conduct of Operational Risk Self Assessment ("ORSA") based on the ORPs;
  • development of an Operational Risk Action Plan ("ORAP");
  • the monitoring of Key Operational Risk Indicators ("KORIs");
  • the collection and analysis of risk events/loss data; and
  • the process for monitoring and reporting operational risk issues.

The building of the ORPs involves risk identification, the assessment of inherent or absolute risks, as well as the identification and classification of management controls. The methodology provides the tool for the profiling of significant operational risks to which business and support units are exposed. These units then define the key management policies/procedures/controls that have been established to address the identified operational risks. 

As part of the continual assessment, ORSA provides the business/support heads with an analytical tool to identify the wider operational risks, assess the adequacy of controls over these risks, and identify control deficiencies at an early stage so that timely action can be taken. 

Where actions need to be taken, these are documented in the form of an ORAP for monitoring and reporting to management. 

Processes and procedures of the business units are reviewed to ensure that they reflect current practices and the appropriate controls are in place with clear delineation of roles, responsibilities and accountability. 

KORIs are statistical data that are collected and monitored regularly by business units on an on-going basis for the early detection of potential areas of operational control weakness. Trend analysis is carried out to determine whether there are systemic issues to be addressed. 

A policy and framework on incident reporting was established to ensure consistent and accurate loss data collection. The loss database is being built and will facilitate the conduct of root cause analysis, thereby strengthening the operational risk management capability of the business units. 

Included in the overall framework of operational risk is the disciplined product programme process. This process aims to ensure that the risks associated with each new product/service are identified, analysed and managed. 

As part of the Bank's comprehensive operational risk framework, Business Continuity Management and Crisis Management strategies and plans have been developed to mitigate the potential impact of major business and\or system disruptions. 

In line with the increasing need to outsource internal operations in order to achieve cost efficiency, policy has been established to ensure that outsourcing risks are identified and managed prior to entering into the arrangements as well as on an ongoing basis. 

Risk transfer mechanisms, such as insurance, to mitigate the risk of high loss events also form part of this framework. Identified operational risks with relatively high residual risk assessment ratings and new risks that are beyond the control of the Bank will be scrutinized for insurability. 

As part of preparations to comply with Basel II, the Bank has mapped all its business activities to the eight Business Lines as defined by the Basel Committee on Banking Supervision. 

Legal risk is part of operational risk. Legal risk arises from inadequate documentation, legal or regulatory incapacity or insufficient authority of customers and uncertainty in the enforcement of contracts forms part of operational risk. This is managed through consultation with the Bank's legal counsel and external counsel with the relevant laws, regulations, policies and procedures in their respective areas. 

The Bank has put in place Compliance Officers to monitor and enforce compliance with the relevant laws, regulations, policies and procedures in their respective areas.