All business activities carry a degree of risk, but the banking industry is exposed to a range of risks some of which are more critical than in other industries. There is also an inherent trade-off between risk and performance. Therefore, Riyad Bank needs to balance the performance risk equation while ensuring that its risks are mitigated and controlled. To achieve this the Bank needs a robust governance structure that ensures effective risk management, foresees risks and takes necessary proactive measures to minimize such risks.

While risks cannot be completely eliminated, limits have to be set to the accepted degree of risk, which implies that risks need to be quantified. Overarching control over the Bank’s risk management process is exercised by the Risk Management Committee of the Board of Directors. The Committee establishes risk limits and effective control procedures, for each type of risk. Within this framework risks have to be controlled proactively using sophisticated tools and instruments. The roles and responsibilities of all stakeholders have to be laid down which gives a holistic perspective to risk management.

Regulatory requirement and market best practices require banks to ensure that there is adequate separation of responsibilities in key elements of the risk management process. Banks should have risk identification, measurement, monitoring and control functions with clearly defined responsibilities that are sufficiently independent from risk-taking functions of the Bank and that report risk exposures directly to the governing body or its delegates. The supervisory committees are informed of the levels of risk to which the Bank is exposed periodically and independently.

The Bank is exposed to various types of risks, including but not limited to credit risk, market risk, liquidity risk, operational risk and information security risk. The Bank has developed an Enterprise Risk Management (ERM) Framework to define the objectives of high-level risk management, risk governance, and risk management strategy at Riyad Bank including wholly owned subsidiaries, external agencies, branches and representative offices.

The term “Enterprise Risk Management” refers to the methods and processes that are used to manage risks and seize opportunities related to achieving the Bank’s strategic objectives within the optimal use of available resources. The principle of Enterprise Risk Management is based on the Bank’s financial position and its institutional reputation under the approval of the Bank’s Board of Directors. This is done through the risk appetite statement that broadly specifies the overall level and types of risks that the Bank wishes to place in order to achieve its strategic objectives, and then periodically following up on compliance with these risks, when necessary. In addition to the aforementioned, the Risk Department reports periodically and when necessary to the Board of Directors and the Risk Committee emanating from it with the Bank Capital Adequacy Reports (ICAAP), the ability to withstand stress testing and the appropriate reports to provide the Bank’s management with a comprehensive view of the risks at the enterprise level.

Credit risk

Market and liquidity risk

Financial crime risks

Operational risk

Technical risks

Cyber security and information security risks

BASEL III Pillar 3 Disclosures

The Basel Framework requires a number of quantitative and qualitative disclosures under Pillar III. These are published on the Bank’s website, www.riyadbank.com in accordance with SAMA instructions, noting that these disclosures are not subject to examination or review by the external auditors of Riyad Bank.