2018 Annual Report

The Group Chief Risk Officer, who is part of ADCB’s Executive Management team, attends meetings of each of the four Committees that report to, and support, the main Board.

Our risk appetite is established by identifying the amount and type of risks considered reasonable to deliver on our business strategy and to ensure that ADCB can maintain its activity in the event of unexpected circumstances.

ADCB’s risk profile and appetite are approved by the Board and Risk and Credit Committee and then cascaded down to every department and individual throughout the organisation. We have a strong risk culture, anchored to our strategy, and all staff are responsible for highlighting and managing potential risks in the course of their work. We reinforce individual accountability through a focus on the Three Lines of Defence model.

In this model, as depicted on the right, management control is the first line of defence in risk management, our various risk control and compliance oversight functions are the second line of defence, while independent assurance — our internal audit team — is the third.

1st Line of Defence
Business Line management responsible for identification and control of risks

2nd Line of Defence
Control function of risk management and compliance

3rd Line of Defence
To provide independent assurance

As part of our continued efforts to improve the enterprise risk management operating model and in line with financial services best practices and regulatory guidelines, during 2018 the Bank took the opportunity to create a new role of Group Chief Credit Officer. The position reports to the Group CEO with full access to the Board Risk and Compliance Committee, and is a member of the Management Executive Committee and the Management Risk Committee. The functions that report into this new role include Corporate Credit, Retail and Commercial Credit, and Wholesale Credit Operations.

The Chief Risk Officer role continues to cover: Risk Management, Market Risk, Compliance, Operational Risk, Fraud, Policy & Portfolio governance and recently incorporated the function of Information and Physical security.

The roles and responsibilities for each function are set out in the graphic below.

In 2018, under the direction of a newly- appointed Group Chief Risk Officer, the Bank identified, reviewed and refreshed its 10 principal risks and how each one is monitored. You can read about each of these principal risks in greater detail on page 43.

We continue to invest in our risk management capabilities to strengthen our approach. This year we engaged a number of external consultants and subject matter experts to review, test and approve our internal processes and policies, including information security/cybersecurity, compliance and credit and expected loss model validation.

2018 marked the introduction of IFRS 9 Accounting Standard relating to approach to provisions for credit risk. In the lead up period, ADCB developed models to drive the provision assessments for both retail and wholesale portfolios. These modules were successfully deployed in 2018 with relevant provision and staging trends, by line of business and the various portfolio segments, tracked and reported to management and Board Committees. Our predictive capabilities have been enhanced via in-house development of early alert dashboards and we have extended the use of Etihad Credit Bureau score to assist in decisions within the Commercial Business. We also initiated standardised enterprise-wide stress tests and reverse stress tests. At the same time, we provided staff with a range of technical training and risk awareness programmes.

We consistently monitor the impact of international developments and domestic challenges on our portfolio and adapt our approach accordingly. One of the ways we are improving the quality and speed of our response to emerging risks and regulatory reporting requirements, for example, is by investing in automation and upgrading our internal information management systems. This helps to ensure that our risk management practices remain best-in-class.

CAPITAL PLANNING PROCESS

Regulators view the systemic risk of bank failures very seriously. The loss they can cause to depositors and the costs of bailouts by the government can be substantial, and as a result, the capital structure of banks is subject to rigorous regulation. The Basel Accords focus on risk management in banks and link the business profile of banks to their risk profiles and subsequently to regulatory capital. Hence, the Bank places high emphasis on capital structure, capital planning and capital allocation as part of strategic decision-making.

CAPITAL PLANNING IN ACTION

In practical terms, the role of capital in any bank is to provide creditor protection. Capital acts as a buffer against potential losses, thereby protecting depositors and other creditors. Provisions provide a cushion against expected losses.

For a more detailed study of our Risk management, see our separate Basel III — Pillar III report.

The principal risks faced by ADCB are presented in the following pages, together with a summary of the critical areas of focus and how the Bank managed these risks in 2018. Metrics are assigned to each of these areas and reported via a dashboard to the Board using a Red/Amber/Green approach. This facilitates focus and discussions on the right areas as well as providing trends over time.

The heatmap, below, demonstrates our assessment of principal risks in 2018 in comparison to 2017. We have plotted each risk in terms of potential impact and likelihood to provide a baseline, which we will use as a benchmark for future years. This assessment takes into account our internal control environment with outcomes depicted below:

CAPITAL RISK

DEFINITION:
ADCB defines capital risk as the potential for: (i) insufficient level or composition of capital to support our normal activities or stressed conditions and (ii) risk of loss arising from the Group failing to maintain the level of capital required by prudential regulators and other key stakeholders (shareholders, debt holders and rating agencies) to support operations and risk appetite.

APPROACH:
We maintain a healthy and active approach to capital management, including the maintenance of buffers sufficient to support our strategic aims and maintenance of an investment grade rating.

ADCB is well-capitalised and regularly runs stress tests to ensure there will be sufficient capital coverage at all times. We also have a proactive approach to liquidity risk, which includes monitoring of positions, regular stress testing, and buffers in excess of the Basel requirements.

We manage capital utilisation, and business growth within the risk- weighted asset (RWA) target ranges reflected in our business plans.

Such plans also target stability of earnings. We grow our business by targeting recurring economic profit commensurate with risks being taken and returns expected.

ACCOUNTABLE EXECUTIVES:
Group Chief Financial Officer, Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
PMC, BACC, BRCC, Board

COMPLIANCE/REGULATORY RISK

DEFINITION:
ADCB defines compliance/regulatory risk as the potential for impact and exposure to regulatory sanctions, or loss from a failure on our part to comply with regulatory requirements, laws or industry standards.

APPROACH:
We are committed to acting in accordance with our compliance standards, laws, regulations and industry standards, as well as internal policies and sound corporate governance principles. Identified breaches will be remedied as soon as practicable. The Bank has no appetite for deliberate or negligent non-compliance.

ACCOUNTABLE EXECUTIVES:
Group Chief Compliance Officer & Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
MEC, BACC, Board

CONDUCT RISK

DEFINITION:
ADCB defines conduct risk as the potential for detriment to retail customers, corporate clients or market integrity from the inappropriate supply of financial services, or from a failure on our part to abide by the Group’s Code of Conduct Policy and/or applicable laws or regulations, including insider trading and anti-bribery risk.

APPROACH:
We will maintain the standards in our code of conduct and core values (Integrity, Care, Ambition, Respect and Discipline), by continuously demonstrating that we “Do the Right Thing” in the way we conduct business and assess outcomes through real-time customer feedback.

The Bank expects employees to conduct themselves with a high degree of integrity and to strive for excellence in the work they perform and the outcomes they achieve.

The appetite for behaviours which do not meet these standards is very low. ADCB takes any breaches of its Code of Conduct very seriously. We have clearly defined policies on anti- bribery and corruption, anti-money laundering and insider trading.

We are committed to creating a safe working environment for all of our staff, where people are protected from physical and psychological harm. We have zero tolerance for practices or behaviours that could be expected to lead to staff being harmed while at work.

The Bank relies on motivated, diverse and high-quality staff to perform its functions. We foster an environment where employees are empowered to the full extent of their abilities and one where our top talent retention rates are consistently high and above the industry standard.

We are also committed to treating our customers fairly by operating with transparency and providing clear information on products and services, managing conflicts of interest related to these services, avoiding mis-selling and having a rigorous process to ensure products and services we sell are suitable to customers.

ACCOUNTABLE EXECUTIVES:
Management Executive Committee members

ACCOUNTABLE COMMITTEES:
MEC, CGC, NCHR, BACC, Board

CREDIT RISK

DEFINITION:
ADCB defines credit risk as the potential for financial loss due to the failure of a customer to meet the agreed obligations to pay the Bank. It also includes concentration risk (increased exposure to large client groups, sectors or geographies) and decreases in credit quality.

APPROACH:
We manage our credit exposures by having a sound analytical framework, focusing on analysis of cashflows and taking into account the legal framework in which the Bank and borrower operates.

We manage credit risk carefully by applying a set of criteria and policies to lending, confining our dealings to clients of good creditworthiness and ensuring facilities are appropriately secured, wherever feasible. We have a greater appetite for risk in industries we better understand and have the insights, capability and capacity to manage and monitor. We remain a relationship-driven business rather than pursuing opportunistic transactions. Wherever possible, collateral is to be taken to reduce our unsecured lending.

ACCOUNTABLE EXECUTIVE:
Group Chief Credit Officer, Business Heads for Consumer & Wholesale, Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
MRCC, BACC, SBRCC, Board

FINANCIAL CRIME RISK

DEFINITION:
ADCB defines financial crime risk as the potential for legal or regulatory penalties, material financial loss or reputational damage resulting from the failure to comply with applicable laws and regulations relating, but not limited to, international sanctions, anti-money laundering and anti- bribery and corruption.

APPROACH:
We have no tolerance for breaches in laws and regulations related to financial crime, recognising that while incidents are unwanted, they cannot be entirely avoided. The Bank has no appetite for any fraud or corruption perpetrated by its staff. Any and all allegations of suspected fraud or corruption are taken seriously as set out in the code of conduct.

ACCOUNTABLE EXECUTIVES:
Chief Compliance Officer, Group Chief Risk Officer & Head of Fraud & Investigations

ACCOUNTABLE COMMITTEES:
MEC, BACC, Board

INFORMATION SECURITY AND TECHNOLOGY RISK

DEFINITION:
ADCB defines Information Security and Technology Risk as the potential for loss from a breach of confidentiality, integrity or availability of the Group’s information systems and assets through cyber-attack, insider activity, error or control failure; this includes the risk of loss of confidential information plus the management and quality of data held within systems which may lead to financial losses.

APPROACH:
We have a minimal appetite for risk concerning the availability of critical business systems. Service availability requirements have been identified and agreed within each business area.

We have no appetite for damage to our assets from threats arising from malicious attacks. To address this risk, we have strong internal processes and robust technology controls. Our appetite remains low for IT system- related incidents which are generated by improper project management practices, excluding the unknowns before any ‘go live’.

ADCB provides a secure environment for its people and assets by ensuring its physical measures meet high standards. We have no appetite for the failure of physical security measures.

We are committed to ensuring that information is authentic, appropriately classified, properly conserved and managed in accordance with legislative and business requirements.

We have no appetite for the deliberate misuse of information.

Nor do we have any appetite for compromise of processes or data integrity issues that may cause limited or erroneous data to adversely affect our ability to make correct business decisions or jeopardise the integrity of management and regulatory reporting, which may also lead to financial loss. We will mitigate these risks at all times balancing the cost of maintaining a controlled environment against the impact and likelihood assessment of a risk happening.

ACCOUNTABLE EXECUTIVES:
Head — Information and Physical Security Governance, Head of Data & Governance, Head of Technology Services and Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
MEC, BRCC, Board

LIQUIDITY & FUNDING RISK

DEFINITION:
ADCB defines liquidity risk as the potential that the Bank will be unable to meet its payment obligations associated with its financial liabilities when they fall due and to replenish funds when they are withdrawn. Funding risk is the risk that ADCB will be unable to achieve its business plans due to its capital position, liquidity position or structural position.

APPROACH:
We actively manage our liquidity and funding base to ensure, that we always have sufficient liquidity to meet our liabilities when due, under both normal and stressed conditions, without incurring unacceptable losses or risking damage to the Group’s reputation.

We do not have any appetite to lose our investment grade rating and are mindful of managing liquidity and funding within the constraints of Basel III, regulator obligations and the desire to be the last bank standing.

ACCOUNTABLE EXECUTIVE:
Treasurer, Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
ALCO, BRCC, Board

MARKET RISK

DEFINITION:
ADCB defines market risk as the potential that changes in market prices, such as interest rates, equity prices, foreign exchange rates, commodity prices and credit spreads (not related to credit standing) will affect the Group’s income, assets/ liabilities or the value of its holdings of financial instruments.

APPROACH:
We control our trading portfolio and activities to ensure that market risk losses (financial or reputational) do not cause material damage to the Bank. Our appetite across six key categories is laid out within the market risk appetite framework covering: interest rate risk, foreign exchange risk, equity exposure risk, commodity risk, volatility risk and liquidity risk. Specific limits are established based on trading book, investment book and banking book activities.

ACCOUNTABLE EXECUTIVES:
Treasurer, Head of Market Risk & Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
ALCO, BRCC, Board

OPERATIONAL RISK

DEFINITION:
ADCB defines operational risk as the potential for loss resulting from inadequate or failed internal processes, people and systems, or the impact of external events. This includes fraud, technology, outsourcing and legal risk as well as damage arising from inadequate or failed internal processes, people and systems.

APPROACH:
We control operational risks to ensure that fraud and operational losses (financial or reputational), including any related to conduct of business matters, do not cause material damage to the Bank.

We monitor the stability of our systems, the effectiveness of business continuity planning and disaster recovery to ensure the level of service we offer our customers and the expectations of regulators are never compromised.

We have adopted four levels of operational risk severity rating: minor, moderate, significant and major, whereby minor risk would lie within the Bank’s appetite, and major constitutes a threat to the Bank’s ability to continue operations.

The Bank mitigates these risks at all times, balancing the cost of maintaining a controlled environment against the impact and likelihood assessment of a risk happening.

ACCOUNTABLE EXECUTIVES:
Head of Operational Risk, Business Heads, Group Chief Risk Officer

ACCOUNTABLE COMMITTEES:
MEC, BACC, BRCC, Board

REPUTATIONAL RISK

DEFINITION:
ADCB defines reputational risk as the potential adverse effects that can arise if the Bank’s reputation is damaged due to factors such as unethical practices, breach of law or regulation, customer dissatisfaction and complaints or adverse publicity.

APPROACH:
We protect the firm from material damage to its reputation by ensuring that any business activity is satisfactorily assessed and managed by the appropriate level of management and governance oversight. We have a very low appetite for material legal cases against the Group and where appropriate, will adequately make provisions for the same in a timely manner.

ACCOUNTABLE EXECUTIVES:
Management Executive Committee (MEC) members

ACCOUNTABLE COMMITTEES:
BACC, Board