Credit risk is the risk that financial loss arises from the failure of a customer or counterparty to meet its obligations under a contract that it has entered into with the Group. Credit risk arises principally from the Group’s lending, trade finance and treasury activities.

Risk Management Department (RMD), under the supervision of CRO, provides centralized management of credit risk within the Group.  Credit policies and procedures are formulated by RMD and are approved by the RC and the Board of Directors.  Such policies include setting controls over the maximum level of the Group’s exposure to customers and customer groups and other risk concentrations in selected market sectors, industries and products.  These credit policies and procedures are regularly updated and serve as guidance to business units as to the risk appetite of the Group from time to time.

RMD also undertakes independent review and objective assessment of credit facilities originated by business units.  Different credit approval and control procedures are adopted according to the level of risk associated with the customer or transaction.  Currently, a credit scoring system is used to process retail credit transactions, including residential mortgage loans, personal loans and credit cards.  The Credit Risk Assessment Committee comprising experts from credit and other functions of the Group is responsible for making an independent assessment of all credit facilities which require the approval of Deputy Chief Executives or above.

The Group adopts an eight-grade facility grading structure according to HKMA’s loan classification requirement. RMD provides regular credit management information reports and ad hoc reports to members of Management Committee, RC, AC and Board of Directors.

Market risk is the risk associated with the movements of foreign exchange rates, interest rates or equity and commodity prices on the earnings of the Group.  The Group’s market risk arises from customer-related business and from position taking.  Trading positions are subject to daily marked-to-market valuation.  Market risk is managed within the risk limits approved by the RC. The overall risk limits are divided into sub-limits by reference to different risk factors, including interest rate, foreign exchange rate, commodity price and equity price.

The Market Risk Division in RMD is responsible for the daily oversight of the Group’s market risk.  The Division ensures that the overall and individual market risk positions are within the Group’s risk tolerance.

VaR is a statistical technique which estimates the potential losses that could occur on risk positions taken over a specified time horizon within a given level of confidence.  The Group uses historical movements in market rates and prices, a 99% confidence level and a 1-day holding period to calculate portfolio and individual VaR.

The Group’s interest rate risk exposures are mainly structural driven. The major types of structural positions are:

repricing risk – mismatches in the maturity or repricing periods of assets and liabilities

basis risk – different pricing basis for different transactions so that yield on assets and cost of liabilities may change by different amounts within the same repricing period

The Group’s Asset and Liability Management Committee ("ALCO”) maintains oversight of interest rate risk and the RC sanctions the interest rate risk management policies formulated by the ALCO.  The interest rate risk is identified, measured on a daily basis. The Finance Department closely monitors the related risks and reports to Risk Committee of the Board and ALCO.

Gap analysis is one of the tools used to measure the Group’s exposure to repricing risk.  This provides the Group with a static view of the maturity and repricing characteristics of its balance sheet positions. The Group uses interest rate derivatives to hedge its interest rate exposures and in most cases, plain vanilla interest rate swaps are used.

Sensitivities of earnings and economic value to interest rate changes (Earnings at Risk and Economic Value at Risk) are assessed through hypothetical interest rate shock of 200 basis points across the yield curve on both sides.  Earnings at Risk and Economic Value at Risk are respectively controlled within an approved percentage of the projected net interest income for the year and the latest capital base as sanctioned by the RC.  The results are reported to the ALCO and the RC on a regular basis.

The impact of basis risk is gauged by the projected change in net interest income under scenarios of imperfect correlation in the adjustment of the rates earned and paid on different instruments. Ratios of assets to liabilities with similar pricing basis are established to monitor such risk.

Stress tests on repricing risk and basis risk are conducted regularly. The ALCO monitors the results of stress tests against limits and decides whether remedial action should be made.

The goal of liquidity management is to enable the Group, even under adverse market conditions, to meet all its maturing repayment obligations on time and to fund all of its asset growth and strategic opportunities, without forced liquidation of its assets at short notice.

The Group funds its operations principally by accepting deposits from retail and corporate depositors. In addition, the Group may issue certificates of deposit to secure long-term funds.  Funding may also be secured through adjusting the asset mix in the Group’s investment portfolio.  The Group uses the majority of funds raised to extend loans, to purchase debt securities or to conduct interbank placements.

The primary goal of the Group’s asset and liability management strategy is to achieve optimal return while ensuring adequate levels of liquidity and capital within an effective risk control framework and ALCO is responsible for establishing these policy directives (including the liquidity contingency plan), and the RC sanctions the liquidity management policies. The ALCO monitors the Group’s liquidity risks using cash flow analysis and by examining deposit stability, concentration risk, loan to deposits ratio and liquidity profile of the investment portfolio.

Operational risk relates to the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events.  An Operational Risk Management Division is set up within the Operational Risk and Compliance Department to oversee the entire operational risk management framework of BOCHK.

The Group has put in place an effective internal control process which requires the establishment of detailed policies and control procedures for all the key activities.  Proper segregation of duties and independent authorisation are the fundamental principles followed by the Group.  Business line management is responsible for managing and reporting operational risks specific to their business units on a day-to-day basis by identifying, assessing and controlling the risks inherent in business processes, activities and products. These are followed by periodic monitoring and ongoing review of changes by the Operational Risk and Compliance Department. The Operational Risk and Compliance Department formulates corporate-level policies and procedures concerning operational risk management which are approved by the RC. The Operational Risk and Compliance Department evaluates the operational risk profile, records operational risk data and reports operational risk issues to the RC and senior management.

Business continuity plans are in place to support business operations in the event of disasters.  Adequate backup facilities are maintained and periodic drills are conducted.  The Group also arranges insurance cover to reduce potential losses in respect of operational risk.

Reputation risk is the risk that negative publicity regarding the Group’s activities, factual or otherwise, may cause a potential decline in the Group’s business or lead to costly litigation. Reputation risk is inherent in every aspect of the Group’s business operation and covers a wide spectrum of issues.

In order to mitigate reputation risk, the Group has formulated and implemented a Reputation Risk Management Policy. This policy establishes standards to prevent and to manage reputation risk proactively at an early stage. It requires constant monitoring of external reputation risk incidents and published failures of risk incidents within the financial industry.