Risk and Capital Management Disclosures

Executive Summary

This Risk and Capital Management Disclosures encompass the qualitative and quantitative disclosures required by the Central Bank of Bahrain (CBB) in compliance with Basel III guidelines.

The information presented herein pertains to SICO BSC (c) consolidated with its subsidiaries (together termed as “SICO” or the “Bank”).

The report contains a description of the Bank’s risk management and capital adequacy practices, including detailed information on the capital adequacy process.

The disclosures have been prepared in accordance with the Public Disclosure Module (“PD”) of the CBB Rule Book, Volume I for Conventional Banks. These disclosures should be read in conjunction with the Notes, in particular the Significant Accounting Policies and Financial Risk Management, in the Bank’s Consolidated Financial Statements for the same period.

These disclosures have been reviewed by the Bank’s external auditors KPMG, based on agreed upon procedures as required under Para PD-A.2.4 of the PD Module.

1. OVERVIEW AND STRUCTURE OF RISK MANAGEMENT

Risk management is the systematic process of identifying, assessing and mitigating the risks to which SICO is exposed. Risk management is essential to the Bank’s success, as risk is inherent in its activities, and risks are mitigated by establishing appropriate controls and ensuring that effective monitoring and reporting processes are in place.

The major risks types to which SICO is exposed are:

Credit risk
Concentration risk
Market risk
Operational risk
Liquidity risk
Fiduciary risk
Compliance and reputational risk
Legal and regulatory risk

The Bank maintains a strong focus on its risk management framework, capital management and risk governance structure and adopts a structured, consistent and disciplined methodology to align business strategy, processes, people, technology and knowledge to evaluate and manage its risks.

The stages in the risk management process are as follows:

Risk identification: Identification of the risks that impact SICO’s various business activities.

Quantification of risks and capital coverage: This step involves quantifying the risks identified in the risk identification process. It creates the objective basis for decision-making and enables the Board and Senior Management to make decisions regarding SICO’s risk-bearing capacity within this framework.

Aggregation: Once risks have been identified and quantified, individual risks are aggregated to determine SICO’s risk exposure and impact.

Ex ante control: SICO has established various tolerance limits based on the overall risk strategy of the Bank. These limits are revised periodically, taking into account the changing market and economic conditions. SICO has established a comprehensive limit framework to monitor its exposure to all significant risks.

Risk monitoring and ex post control: The risk monitoring process ensures that SICO’s risk profile remains in line with its risk tolerance. In this context, there is a standardised procedure for dealing with increasing levels of limit utilisation and limit breaches.

The Bank also applies a rigorous framework of limits to control risk across multiple transactions, products, businesses and markets. This includes setting credit and market risk limits at a variety of levels and monitoring these limits on a daily basis. Limits are typically set at levels that may be periodically exceeded, rather than at levels that reflect the Bank’s maximum risk appetite.

2. RISK GOVERNANCE STRUCTURE

SICO has established a strong organisational structure including disciplined control functions to support the Bank’s business strategy and risk management.

SICO’s Board and Senior Management are responsible for understanding the nature and level of risks faced by the Bank and for ensuring that the risk management process chosen is appropriate considering SICO’s risk profile. Senior Management are responsible for ensuring that there is a process to relate the business risk to an adequate level of capital, setting the tolerance for various risks and putting in place the framework and process for measuring and monitoring compliance.

Board of Directors (BOD): The BOD is primarily responsible for approving the Bank’s risk strategy, risk appetite and risk policies to manage risks that arise from SICO’s business activities. These policies are consistent with the Bank’s broader business strategies, capital strength, management expertise and ability to control risk.

Board Audit and Risk Committee (BARC): The BARC is responsible for reviewing the Bank’s accounting and financial practices to ensure integrity of the Bank’s financial statements and adequacy of risk management, compliance and internal control frameworks. The committee also oversees the Internal Audit function. The committee provides active oversight on the risk management framework, approves risk policies and limits and ensures adequacy of risk controls

Board Investment Committee (BIC): The BIC is the second stage where decision making surrounding SICO’s investment and credit activities is considered. This committee approves investments within its discretionary powers as delegated by the BOD, and in some cases the BIC recommends proposals to the BOD for approval.

Nominations, Remuneration and Corporate Governance Committee (NRCGC): The NRCGC contributes to the control framework by nominating qualified Board Members and key management positions. It also approves the remunerations that factor in the risk taken by the business and oversees corporate governance-related issues.

Assets, Liabilities and Investment Committee (ALIC): ALIC acts as the principal policy-making body at the management level which is responsible for overseeing the Bank’s capital and financial resources. It is also responsible for managing the balance sheet and all proprietary investment activities, including investment strategy, and asset, country and sector allocations. The committee is specifically responsible for managing the balance sheet risk, capital and dividend planning, forecasting and monitoring interest rate risk positions, liquidity and fund management. The committee is also responsible for formulating and reviewing the Bank’s investment policies (subject to approval by the BOD), strategies and performance measurement and assessment.

Assets Management Committee (AMC): AMC is a management committee that oversees the fiduciary responsibilities carried out by the Asset Management unit in managing clients’ discretionary portfolios as well as the funds operated and managed by SICO. It also reviews the investment strategy of the Bank’s funds and portfolios and reviews asset allocations, subscriptions and redemptions and adherence to client guidelines.

Internal Control Committee (ICC): The ICC is a management committee that oversees the internal control functions carried out by SICO’s various departments. The remit of ICC is to strengthen the internal control culture throughout the company and to ensure adequacy of controls in the various processes followed in the Bank.

Risk Management Department (RMD): RMD is responsible for establishing a sound risk management framework to assist the Bank in the realisation of its business objectives. It also provides oversight of risk management and risk controls across the organisation by coordinating and communicating with each business unit to manage the risks that arise for its business activities. It also ensures that the principles and requirements of managing risk are consistently adopted throughout the Bank.

Compliance Unit: The unit is responsible for internal compliance, regulatory compliance and KYC and Anti-Money Laundering functions. It ensures compliance with internal and external rules and regulations and is responsible for implementing the compliance framework across the entire Bank.

Internal Control Unit: The unit is responsible for ensuring the internal control framework of the Bank’s business units is adequate and recommends changes wherever deemed. The unit is also responsible for ensuring that all policies and procedures are followed correctly. The unit is responsible for ensuring the internal control framework of the Bank’s business units is adequate and recommends changes wherever deemed. The unit is also responsible for ensuring that all policies and procedures are followed correctly.

Internal Audit Unit: The unit provides an additional line of defence within the Bank’s risk management and control framework. Internal Audit is primarily responsible for providing independent and objective assurance that the process for identifying, evaluating and managing significant risks faced by the Bank is appropriate and effectively applied by the business units, control functions and Senior Management.

3. CBB AND BASEL GUIDELINES

CBB Rulebook

This disclosure document has been prepared in accordance with the CBB requirements outlined in the Public Disclosure Module (“PD”), which falls under Volume 1 (Conventional Banks) of the CBB Rulebook. This quantitative disclosure document follows the requirements of Basel III - Pillar 3.

Basel III framework

Basel III is a comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector.

Basel III measures aim to:

Improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whatever the source
Improve risk management and governance
Strengthen banks’ transparency and disclosures

The Basel III Guidelines are based on three pillar framework as follows:

Pillar 1 - Describes the minimum capital requirements by applying risk-based methodology in the calculation of risk weighted assets (RWAs) and capital requirements for major asset classes to obtain the capital adequacy ratio (CAR).
Pillar 2 - Describes the supervisory review processes, which includes the Internal Capital Adequacy Assessment Process (ICAAP).
Pillar 3 - Describes market discipline, which includes disclosure of the risk management process, and capital adequacy requirements and guidelines.

Pillar 1

Pillar 1 lays the basis for calculating the regulatory Capital Adequacy Ratio (CAR). It sets out the definition and calculations for RWAs and the derivation of the regulatory capital base. The capital adequacy ratio is calculated by dividing the regulatory capital base by total RWAs.

Below are the approaches used for deriving the CAR:

SICO has adopted the Standardised Approach for Credit Risk and Market Risk and follows the Basic Indicator Approach for Operational Risk to determine its capital requirements.

Pillar 2

This pillar sets out the supervisory review and evaluation process of an institution’s risk management framework as well as its capital adequacy assessment through ICAAP framework.

The supervisory review and evaluation process represents the CBB’s review of the Bank’s capital management and an assessment of internal controls and corporate governance. The process is designed to ensure that institutions identify their material risks, allocate adequate capital and employ sufficient resources to support such risks. The process also encourages institutions to develop and apply enhanced risk management techniques for the measurement and monitoring of risks, in addition to the credit, market and operational risks addressed in the core Pillar 1 framework.

Other risk types not covered by the minimum capital requirements in Pillar 1 include liquidity risk, interest rate risk in the banking book, concentration risk, reputational risk and other risks. These are covered either by capital or risk management and mitigation processes under Pillar 2.

Pillar 2 also comprises ICAAP, which incorporates a review and evaluation of capital requirements relative to the risks to which the Bank is exposed. The ICAAP addresses all components of the Bank’s risk management, from the daily management of more material risks to the strategic capital management of the Bank. The ICAAP is based on the Bank’s capital management framework, which is designed to ensure that SICO has sufficient capital resources available to meet regulatory and internal capital requirements, even during periods of economic or financial stress.

Pillar 3

This pillar describes the level of qualitative and quantitative information that should be disclosed about an institution’s risk management and capital adequacy practices.

Scope of Application

SICO is a conventional wholesale bank incorporated in Bahrain and regulated by the CBB. SICO provides investment banking services on a regional basis, with a principal focus on the GCC. There is a regulatory requirement to calculate and maintain minimum regulatory capital ratios on both standalone as well as consolidated basis.

The principal subsidiaries that are fully consolidated in the SICO’s financial statements are SICO Funds Services Company BSC (c) (“SFS”), incorporated in Bahrain and providing custody and fund administration services; SICO Financial Brokerage LLC, incorporated in Abu Dhabi and providing brokerage services in the UAE and SICO US Real Estate Corp (USA) which is the holding company for US real estate investments.

The Bank has controlling interest in SICO Fixed Income Fund (“SFIF”) and SICO Kingdom Equity Fund (“SKEF”); and therefore consolidates the SKEF and SFIF financials as per requirements of IFRS 10.

4. CAPITAL STRUCTURE AND CAPITAL ADEQUACY

For the purpose of computing the regulatory capital adequacy ratio, the Bank applies the methodology and rules as defined in the CA Module of the CBB’s Rule Book. The following also need to be considered:

a. The Bank’s paid-up capital consists only of ordinary shares that have proportionate voting rights, and the Bank does not have any other type of capital instruments.
b. The Bank’s Tier 1 capital, which consists of Common Equity Tier 1, comprises share capital, share premium, reserves, retained earnings, eligible reserves and unrealised losses arising from fair valuing investment securities classified under fair value through other comprehensive income.
c. The Bank does not maintain any additional Tier 1 (AT1).
d. The Bank’s Tier 2 capital comprises of general provisions recognized under IFRS 9 Expected Credit Losses
e. The Bank has prepared its capital structure in accordance with the CBB’s Basel III capital adequacy framework
f. The Bank has no subsidiaries and/or investments that are required to be deducted from capital.
g. The Bank has no restrictions on the transfer of funds or regulatory capital within the Group, other than restrictions over transfers to ensure minimum regulatory capital requirements are met for subsidiary companies.

4.1. Capital structure

4.2. Capital adequacy ratio

Consolidated and subsidiaries above 5% of Group capital

* SICO Financial Brokerage LLC (UAE) CAR has been computed using the capital charges as outlined in Emirates Securities and Commodities Authority (ESCA) regulations, wherein the minimum required ratio is 1.0 with anything above 1.25 considered healthy.

4.3. Internal capital adequacy assessment process

The Bank’s capital management framework is intended to ensure that there is sufficient capital to support the underlying risks of the Bank’s business activities and to maintain a well-capitalised status under regulatory requirements. The Bank has a comprehensive Internal Capital Adequacy Assessment Process (ICAAP) that includes Board and senior management oversight, monitoring, reporting and internal control reviews, to identify and measure the various risks that are not covered under Pillar 1 risks and to regularly assess the overall capital adequacy considering the risks and the Bank’s planned business strategies. The non-Pillar 1 risks covered under the ICAAP process include liquidity risk, interest rate risk in the banking book, concentration risk, reputational risk and other risks. The ICAAP also keeps in perspective the Bank’s strategic plans, growth expectations, future sources and uses of funds, dividend policy and the impact of all these on maintaining adequate capital levels. In addition, the ICAAP process also includes stress testing on the Bank’s capital adequacy to determine capital requirement and planning to ensure that the Bank is adequately capitalised in line with the overall risk profile. The Bank has complied with regulatory capital requirements throughout the year.

4.4. Regulatory capital disclosures

The capital reconciliation approach shows the link between the balance sheet in the published financial statements and the numbers that are used in the composition of capital disclosure.

For the three-step approach for reconciliation of regulatory capital, please refer to the relevant appendix as follows:

5. CREDIT RISK

Credit risk represents the potential for financial loss resulting from the failure of a borrower or counterparty to honour its financial or contractual obligations. The Bank’s exposure to credit risk comes mostly from:

Cash placed with banks and financial institutions
Proprietary investments in fixed income instruments
Overdrafts to brokerage clients
Settlement risks with delivery versus payment (DVP) customers, counterparty brokers and custodians
Secured financing transactions (i.e. REPO and reverse REPO)
Margin trading facilities

Risk management works in coordination with business units in identifying and aggregating credit exposures. Credit risk also encompasses the following risks to which SICO is exposed and are being effectively managed as a part of the Credit Risk Management strategy:

Counterparty Risk: SICO deals with different counterparties for its money market placements, brokerage and REPO activities. To measure counterparty risk, SICO performs a detailed assessment of the counterparty risk using both qualitative and quantitative factors.

Settlement Risk: SICO is exposed to settlement risk through its brokerage services on unfunded deals where exposure remains until settlement of the trade or transaction. SICO applies several assessments on its clients during the screening and on a subsequent periodic basis to minimise settlement risk.

Default Risk: As part of SICO’s margin trading facilities and reverse REPO, it is exposed to the risk of default wherein individuals and corporates may be unable to make the required payments on their obligations. SICO accepts only liquid securities as collateral and applies haircuts to the collateral value, which acts as a margin of safety in case it is to offset collateral against outstanding obligations. Moreover, SICO employs margin calls to ensure collateral coverage does not drop below the agreed parameters.

To measure the aforementioned credit risk components, SICO employs several methodologies for mitigating credit risk. SICO also uses ratings issued by external credit assessment institutions (ECAIs), such as Standard & Poor’s, Moody’s and Fitch, to derive the risk weightings under the CBB’s Basel III capital adequacy framework. These ratings are used mainly for banks and financial institutions, but also, where applicable, for other exposures such as debt instruments. Where ratings vary between rating agencies, the more conservative rating is adopted.

Credit risk is monitored and controlled by policies and procedures that are put in place by RMD and that have been approved the Board. The policy framework establishes approval authorities, concentration limits, risk-rating methodologies and guidelines for managing exposures. For lending exposures such as margin trading and reverse REPO, financial securities obtained as collateral are liquid in nature, and appropriate haircuts are also applied to them. The lending exposures are closely monitored along with their collaterals, which are marked to market on a daily basis, and margin calls are enforced where collateral coverage drops below the required level. The Bank also adheres strictly to the large exposure norms as prescribed by the CBB under the Credit Risk Management Module.

The Bank maintains collective impairment provisions in line with the requirements under IFRS 9. The collective Impairment provision is a forward-looking calculation and is established based on various factors. These factors include credit risk ratings of the counterparty, historical default rates adjusted considering multiple scenarios of the future macroeconomic outlook, loss ratios given an event of default, and rating migrations.

5.1. Gross credit exposures

The on-balance sheet and off-balance sheet gross exposures have been risk weighted using the applicable risk weights and credit conversion factors (CCF).

5.2. Maturity profile

Note: Commitments and contingencies mentioned above do not have a defined maturity and hence conservatively considered less than 1 year.

5.3. Sectoral distribution

5.4. Geographical distribution

Title

The following exposures were in excess of the 15% large exposure limit as defined in the Credit Risk Management Module of the CBB’s rule book. However, these exposures qualified to be considered as exempt from the large exposure limits of CBB, on account of their short term tenor (of less than 3 months), lending collateralized by GCC Government securities and inter-bank nature. These exposures have been pre-notified to the CBB in accordance with the requirements of rule CM-5.6.2 of the Credit Risk Management module of the Rulebook.

6. Market risk

Market risk is the risk of loss in the value of any financial instrument due to an adverse fluctuation in equity prices, interest rates and foreign exchange rates, whether arising out of factors affecting specific instruments or the market in general.

The Bank’s exposure to market risk primarily comes from its investment and trading activities that are conducted by its Proprietary Investments Unit. The Bank invests and trades across different products, such as equities and fixed income, and through different types of funds in regional and international markets.

Market risk is controlled and mitigated primarily through a series of different layers of limits and maintaining a dynamic investment allocation. These limits reflect the Bank’s risk appetite in the context of the market environment and business strategy. In setting limits, the Bank takes into consideration many factors, including market volatility, product liquidity and risk appetite.

These limits are adhered by the Proprietary Investments Unit and are also monitored independently by RMD. Market risk is monitored and also controlled by policies and procedures that are put in place and followed across the Bank. The policy framework establishes and clearly defines the approval authorities and portfolio review parameters.

Market risk encompasses the following risks to which SICO is exposed and are being effectively managed as a part of the Market Risk Management strategy:

Equity price risk
Interest rate risk
Currency risk

The market risk weighted assets and the capital requirement is computed as follows:

6.1. Equity price risk

A significant portion of the Bank’s proprietary investments portfolio comprises equity instruments that are affected by equity price risk. Uncertain conditions in equity markets are carefully considered by rebalancing asset allocations to minimise risk exposures. This risk is also mitigated by managing the portfolio within duly approved investment guidelines and other investment limits. These are closely monitored by RMD and regularly reviewed by ALIC.

SICO’s risk management approach continues to be forward-looking, proactive and highly effective in rebalancing its investment portfolio in line with the Bank’s investment strategy to ensure capital preservation, quality and liquidity.

Equity positions in banking book

6.2. Interest rate risk

Interest rate risk is the risk where changes in market interest rates might adversely affect the Bank’s financial condition. Investments in debt instruments, lending to counterparties through repos, and bank placements, as well as bank borrowings and repo borrowings give rise to interest rate risk. The Treasury Unit monitors and manages these exposures to mitigate this risk.

A reasonable spread is maintained between money market placements and deposit interest rates. Treasury assets and liabilities are maintained in closely matching maturity buckets in highly liquid, short-term money market vehicles to avoid any material mismatch. Moreover, SICO does not trade speculatively in derivatives.

Bank placements are mostly short term (less than three months) with a fixed interest rate and are subject to re-pricing risk at rollover. Investments in bonds are subject to interest rate risk, and the Bank controls the same by managing the portfolio duration by combining floaters and short-duration bonds along with longer-duration ones.

6.2(a). Interest rate risk semsitive assets and liabilities

The Bank also applies stress testing to monitor interest rate shocks on its banking book on a periodic basis.

6.2(b) Interest rate risk in the banking book

A 50 bps, 100 bps and 200 bps increase/decrease in market interest rates would negatively/positively affect the value of the fixed rate debt instruments in the banking book as follows:

The interest rate risk on the Bank’s placements, reverse-repo loans and short-term borrowings is considered minimal, and hence no sensitivity analysis has been presented. Moreover, on the liabilities side, the customer liabilities are not interest rate sensitive. The short term borrowings are at fixed rates wherein the interest rate risk is considered minimal and therefore, no sensitivity analysis has been presented.

There has been no currency sensitivity analysis provided since the Bank invests in securities in USD and/or USDpegged currencies only.

6.3. Currency risk

A substantial portion of SICO’s business is transacted in Bahraini Dinar, GCC currencies and United States Dollar. The Bank’s exposure to foreign currencies is minimal and hence the foreign exchange risk is low. Foreign exchange rate risk is managed by applying appropriate limits that are set in accordance with the Bank’s strategic plans and risk tolerance, determined by ALIC and approved by the BOD. Treasury manages these positions on an ongoing basis, hedging such exposures as appropriate, while RMD along with ALIC regularly reviews such positions.

7. Operational risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, systems or human factors, or from external events. Unlike market or credit risks, which are systemic in nature, operational risk is institution-specific and is inherent in the day-to-day operations of the Bank. This risk could arise from a broad spectrum of causes such as deficient transaction processing, business practices, workplace practices, system failures, human errors, business interruptions and damage to physical assets. Operational risk also includes internal and external fraud.

The Bank has in place sound internal control measures, consisting of operating policies and procedures framework, compliance initiatives and adequate and skilled personnel, which are the key to successful operational risk management. The Bank has a very conservative control philosophy and adopts a number of mechanisms to manage this risk. These include a well-defined organisational structure, approved policies and procedures guidelines, segregation of duties, approval authorities, periodical reconciliations and various limits. Internal Control, Compliance and Internal Audit functions support this activity. The Bank has in place a Risk and Controls Self-Assessment (RCSA) framework to review and manage its operating risks.

The operational risk weighted assets are computed as per the guidelines of the CBB, which are as follows:

Average gross income for the past three years (excluding extraordinary and exceptional income)

8. Other risks

8.1. Concentration risk

Concentration risk arises when the Bank’s exposure is concentrated with one or more related counterparties, assets classes, sectors or geographies. Weakness in the counterparty or assets, sector or country may place SICO under considerable risk and potential loss.

The Bank complies strictly with the large exposure norms prescribed by the CBB in the Credit Risk Management Module of the CBB’s rule book.

The Bank continues its efforts to maintain an acceptable level of concentration by adhering to the limits set by the investment guidelines.

8.2. Liquidity risk

Liquidity risk is the inability to meet contractual and contingent financial obligations, on- or off-balance sheet, as they are due as a result of the potential inability to liquidate financial assets at the required time and price to cope with a pay out of liabilities or investment obligations in assets. Such risks may arise from a depletion of cash and cash equivalents, investments turning illiquid and mismatches in the maturity pattern of assets and liabilities.

The Bank’s Treasury Unit manages this risk by monitoring settlement obligations and maintaining sufficient liquid assets, including call deposits and short-term placements. The Bank’s liquidity position is monitored on a daily basis, and maturity mismatches of its maturity profile are also monitored and reported to the ALIC and Board. Moreover, the bank’s investment book which is also majorly invested in liquid assets provides support to the Bank’s liquidity profile. Liquidity risk is also managed through ensuring compliance with regulatory liquidity requirements. Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) are the ratios which the Bank follows as per CBB requirements.

8.3. Fiduciary risks

Fiduciary risk is defined as the risk that funds entrusted to a financial institution through investments or trusts or agency accounts are (i) not properly managed, (ii) not used for the intended purposes, (iii) not properly recorded and accounted for and (iv) do not achieve value-for-money objectives.

The RMD carries out risk assessment on the various fiduciary activities of the Bank by working alongside the Bank’s relevant lines of business and committees to ensure SICO fulfils its fiduciary duties to asset management, fund administration and custody clients, wherein it adopts the appropriate standards relative to the fiduciary relationship with a client. Below are the various activities carried out by SICO and its subsidiary SFS that can give rise to the following fiduciary risks:

Asset Management: The Bank has a range of controls to support the quality of the investment process, supervised by the Asset Management Committee (AMC). There are operating policies and procedures, and Investment Guidelines, coupled with dedicated buy-side research and other guidelines, to support this activity. There are also strict operational controls to protect clients’ assets, a staff code of conduct and ‘Chinese walls’ to avoid any conflicts of interest.

RMD and Compliance regularly monitor the activities of the Asset Management division, and report their findings and observations to the AMC and in the periodic compliance reports sent to clients.

Custody and Fund Administration: The Bank’s custody and fund administration activities are handled by SFS, which operates as a standalone subsidiary. SFS has put in place a number of operating controls, including the monitoring and reporting of securities position reconciliations.

Corporate Finance: This activity is subject to legal and reputation risk. Such risks are mitigated by obtaining the necessary legal and regulatory approvals. Advisory and underwriting matters are monitored and controlled by Senior Management.

8.4. Business continuity

SICO has in place business continuity plans (BCPs) to ensure the Bank’s business operations and functions are carried out in case of any disturbance or unexpected events affecting business operations. The BCP provides each business line with the necessary guidelines and procedures in case of an emergency or disaster. The Bank has established a business continuity centre at a different location within the Kingdom of Bahrain, which maintains a fully operational status and is capable of carrying out the majority of the Bank’s operational activities. The effectiveness of the business continuity centre has been tested by conducting actual business from the BCP site as required under CBB regulations.

8.5. Compliance risk

Compliance risk is risk of current and prospective risk to earnings or capital arising from the violation of or noncompliance with laws, regulations, rules, prescribed practices, contractual agreements or ethical standards. Compliance risk can lead to diminished reputation, limited business opportunities, reduced expansion potential and even to the cessation of operations. The Bank ensures adherence to all applicable regulations provided by various regulatory authorities, including regulations by the CBB and Bahrain Bourse. In addition, the Bank’s internal policies ensure that its practices are in line with best market practices.

8.6. Legal risk

Legal risk is risk from uncertainty due to legal actions or uncertainty in the applicability or interpretation of contracts, laws or regulations. Currently, there are no on-going lawsuits against the company and based on our assessment, we do not consider the need for the creation of any provision in these consolidated financial statements with respect to the lawsuits.

APPENDIX 1

Step 1: Balance sheet under the regulatory scope of consolidation.

This step in not applicable to the Bank since there is no difference between the regulatory consolidation and the accounting consolidation, as they are identical.

APPENDIX 2

Step 2: Reconciliation of published financial balance sheet to regulatory reporting.

*The figures are gross of expected capital loss.