"The World and Japan" Database (Project Leader: TANAKA Akihiko)
Database of Japanese Politics and International Relations
National Graduate Institute for Policy Studies (GRIPS); Institute for Advanced Studies on Asia (IASA), The University of Tokyo

[Title] Risk Management Framework

[Place] Beijing
[Date] November, 2016
[Source] Asian Infrastructure Investment Bank Official Site
[Notes]
[Full text]

Risk Management Framework

Asian Infrastructure Investment Bank (AIIB)

November 2016

TABLE OF CONTENTS

INTRODUCTION... 2

RISK PHILOSOPHY... 3

RISK MANAGEMENT STRUCTURE AND ORGANIZATION... 4

RISK POLICIES AND RULES... 6

RISK TYPES... 9

RISK MEASUREMENT AND MANAGEMENT... 11

RISK LIMITS FRAMEWORK... 15

MONITORING AND REPORTING... 16

INTRODUCTION

1. The purpose of AIIB is to: (i) foster sustainable economic development, create wealth and improve infrastructure connectivity in Asia by investing in infrastructure and other productive sectors; and (ii) promote regional cooperation and partnership in addressing development challenges by working in close collaboration with other multilateral and bilateral development institutions. The Bank shall be guided by sound banking principles in its operations.

2. Effective risk management is crucial for attaining the Bank’s broader goals and mission, and for assuring the implementation of sound banking principles. As part of the risk management process, risks that are specific to AIIB will be highlighted, such as particular risks associated with infrastructure projects (e.g., large-size financing and extended tenor that lead to locked-in capital and long-term risks). Specific attention will also be placed on managing concentration risks both at the client and portfolio level.

3. This Risk Management Framework document is aimed at providing the coherent foundation for such effective risk management by outlining an overarching methodology and guideline for governing the key risks that the Bank faces. This document will detail the Bank’s risk approach and attitude toward risk, forming the guiding reference framework for all risk relevant policies and guidelines in the institution.

4. Risk Management is defined by the Risk Governance Framework that provides the general structure for the policy, guidelines, processes, and procedures. The framework is displayed in Figure 1 below:

Risk Philosophy
Risk Management Structure and Organization Risk Policies and Rules Risk Types Risk Measurement and Management
Risk Limits Framework
Monitoring and Reporting

Figure 1

5. As displayed in the Risk Governance Framework, risk management processes in AIIB are based on comprehensive risk policies and processes built on an explicit risk philosophy and mission. The subcategories Risk Management Structure & Organization, Risk Policies & Rules, Risk Types, Risk Measurement & Management, Risk Limits Framework, and Monitoring & Reporting all adhere to this broader philosophy and mission. In addition, both the Risk Limits Framework and Monitoring & Reporting address and incorporate all subcategories and play a fundamental role within the broader risk management operations.

6. Each of these interrelated component parts is further articulated in this document.

RISK PHILOSOPHY

7. AIIB's risk philosophy is the foundational pillar of the Bank's risk management and the guiding basis for the entire risk governance framework. Since each of the building blocks of the governance framework is built upon this, it is imperative to develop a clear articulation of the institution's risk philosophy.

8. AIIB's risk philosophy is constituted by the following three sections:

8.1. Mission Statement. The Mission Statement (reproduced below) provides the high level overarching philosophy of AIIB's Risk Management function:

"The AIIB Risk Management aims to

i) Enable the Bank to fulfill its mandate to promote infrastructure and other productive sectors;

ii) Ensure the stability and financial continuity of the Bank through efficient capital allocation and utilization, and comprehensively manage risks and reputational consequences;

iii) And foster strong risk culture by embedding risk accountability in the Bank."

8.1.1. As an integral part of the institution's operations, AIIB takes extra precaution in appropriately managing its risks, and will only aim to take risks which it understands thoroughly and can adequately manage.

8.2. Core Principles. Core Principles address risk profile, policy, methodology, and processes, and are developed on the basis of the Mission Statement to ensure that Risk Management effectively follows and promotes its goals and philosophy.

8.3. Objectives. Objectives provide further concrete and specific goals that the Bank seeks to achieve via its operations. The Objectives can be classified along the following three categories:

8.3.1. Framework. Framework related Objectives are targets that relate to the overall state of the Risk Management function within the broader organization.

8.3.2. Stakeholders. Stakeholders related Objectives are institution-wide aims associated with the perception and confidence of key stakeholders such as clients, shareholders, investors, and rating agencies on AIIB’s risk management approach.

8.3.3. People & Culture. People & Culture related Objectives are goals related to workplace environment and culture in the Risk Management function.

RISK MANAGEMENT STRUCTURE AND ORGANIZATION

9.The Risk Management Structure and Organization has been designed to enable the implementation of AIIB's risk philosophy and to ensure accountability regarding risk management. The structures, methods, and processes are to be organized in such a way as to provide an efficient infrastructure for proactive risk management as well as effective support for the organization's overall operations. This will be undertaken through the articulation of clear risk management responsibilities; the Risk Committee that convenes on a scheduled basis; and the Three Lines of Defense structure that addresses risks from multiple angles, covering all AIIB risks in a comprehensive manner.

9.1. Risk Management Responsibilities. The following seven key areas are the main responsibilities of the AIIB Risk Management:

9.1.1. Risk Management and Oversight. Overall development and oversight of the Bank’s risk framework and policy, and direct governance of the Risk Committee.

9.1.2. Guardian of Risk Appetite. Facilitating the articulation of the overall Risk Appetite and appropriate risk limits, and the embedding of the Risk Appetite into the Bank’s processes and culture.

9.1.3. Risk Identification and Assessment. Identification of all material risks, definition of key risk metrics/indicators, and development of methodologies, indicators, and models to measure these risks.

9.1.4. Risk Monitoring and Reporting. Regular monitoring of the Bank’s risks and the development and maintenance of a concise Board and senior management level risk reporting.

9.1.5. Strategic Decision Making. Align overall business and operational plans with appropriate risk management, and ensure that strategic planning reflects the Risk Appetite.

9.1.6. Risk Optimization. Risk optimization and active risk management by shaping the risk profile within Risk Appetite limits, strategic capital allocation through risk adjusted capital, and development of risk-adjusted performance management.

9.1.7. External Communication. Collaborate with the relevant parties in the Bank on consistent and proportionate disclosure of all risks to external parties, interaction with rating agencies, and AIIB representation in external conferences.

9.2. Risk Committee Responsibilities. The Risk Committee monitors the integrated risk processes, on a cross-sector and cross-category basis for the Bank. The committee commissions, receives and considers reports on key financial and operational risk issues, and exercises oversight on behalf of the President on the key risks of the Bank. The Risk Committee supports the Bank with the institution-wide, ongoing risk monitoring process as well as the early-warning function by means of recommendations. Furthermore, the Committee reviews and provides the required approval for all material risk acceptance decisions.

9.3. Board Responsibilities. The Board approves key risk policies as recommended by the President and the Executive Committee. The Board also monitors core risk metrics, risk limits, and each of the key risks on a quarterly basis.

9.4. Three Lines of Defense. In order to successfully implement effective governance and address the full spectrum of possible risks, AIIB's risk management activities are organized around the Three Lines of Defense Principle:

9.4.1. 1st Line of Defense. The 1st Line of Defense are the frontline Investment Operations and other client facing functions which ensure that AIIB effectively manages its risks on a daily basis. Full ownership of daily operations, and identification and evaluation of risks are carried by the 1st Line of Defense.

9.4.2. 2nd Line of Defense. The 2nd Line of Defense is the Risk Management function, which defines the mandates, guidelines, and limits to keep the business within the Risk Appetite. The 2nd Line of Defense also monitors the dynamics of the risk profile, identifying potential for breaches to the Risk Appetite. Other responsibilities involve initiating and tracking corrective actions in the organization, and reviewing and challenging 1st Line of Defense reporting.

9.4.3. 3rd Line of Defense. The 3rd Line of Defense is the Internal Audit which serves as the independent assurer providing the external review of adherence to principles, mandates, and guidelines. The 3rd Line of Defense is also in charge of reviewing models, processes, and adherence to risk guidelines, while identifying broader operational weaknesses and effects.

RISK POLICIES AND RULES

10. Risk is managed through a set of underlying policies and rules that ensure compliance with risk requirements and proper coverage of all possible risk types. The formulation of specific policies and rules is the responsibility of the Risk function in collaboration with management. The specific set of risk policies and rules is depicted in Figure 2.*1*

Risk Management Framework

Credit Risk Rules

Market Risk Rules

Project Finance Underwriting Principles

Collateral Rules

Delegation of Authority Rules

Corporate Underwriting Principles

Liquidity Risk Rules

Monitoring and Portfolio Management Rules

Industry Underwriting Principles

Covenant Rules

Operational Risk Rules

Equity Underwriting Principles

Restructuring and Workout Rules

Loss Provisioning Policy

Risk Limits Policy

Figure 2

11. Risk Management Framework

The Risk Management Framework establishes the overarching risk framework and articulates the risk philosophy as well as key principles of AIIB's approach to risk taking.

12. Credit Risk Rules

The Credit Risk Rules provide guidelines around the assessment, structuring, and approval of credit risk. They also provide guidelines around monitoring and managing individual and portfolio level risks.

12.1. Project Finance Underwriting Principles

Project Finance Underwriting Principles cover the key underwriting guidelines and requirements for project finance investment due diligence.

12.2. Corporate Underwriting Principles

Corporate Underwriting Principles cover the key underwriting guidelines and requirements for corporate loans.

12.3. Industry Underwriting Principles

Industry Underwriting Principles provide guidelines on assessing and performing investment due diligence at a detailed industry level.

12.4. Equity Underwriting Principles

Equity Underwriting Principles cover the key underwriting guidelines and requirements for equity investments.

12.5. Collateral Rules

Collateral Rules contain procedures on the employment of collateral and guarantees.

12.6. Covenant Rules

Covenant Rules provide recommendations on the use and structuring of covenants as well as the monitoring and dealing of breaches of those covenants.

12.7. Delegation of Authority Rules

Delegation of Authority Rules identify the different levels of internal investment decision authority within the Bank, while outlining the actual decision process across those levels of authority.

12.8. Monitoring and Portfolio Management Rules

Monitoring and Portfolio Management Rules cover the monitoring of the performances of individual investments as well as the entire portfolio. They also contain rules, guidelines, and processes for actively managing the entire portfolio.

12.9. Workout and Restructuring Rules

Workout and Restructuring Rules identify the parameters of dealing with non-performing assets.

13. Market Risk Rules

Market Risk Rules set the methodologies for market risk assessment, monitoring, and control, while outlining in addition, the relevant operational guidelines for managing market risk. Market Risk Rules also cover counterparty credit risk, which involves managing the credit risks of all the trading book counterparties through trading limits and proactive credit risk monitoring.

14. Liquidity Risk Rules

Liquidity Rules set the methodologies for liquidity risk assessment, monitoring, and control, while outlining in addition, the relevant operational guidelines for managing liquidity risk.

15. Operational Risk Rules

Operational Risk Rules provide guidelines on identifying and assessing the top operational risks found at AIIB. They also provide guidelines for mitigating and setting up appropriate Operational Risk controls, as well as monitoring and reporting of appropriate risk indicators. Guidelines regarding reputational risk will also be included in these rules.

16. Loss Provisioning Policy

Loss Provisioning Policy identifies AIIB provisioning rules and provides the guidelines for calculating those provisions.

17. Risk Limits Policy

Risk Limits Policy provides the guidelines on limit structure and setting of specified risk categories, and the accompanied process of monitoring and governance of these limits.

RISK TYPES

18. A standardized understanding of risk terminology within AIIB constitutes a crucial component of risk management. The overall risk is divided into the following categories for AIIB.

19. Credit Risk

Credit risk refers to the risk of loss arising from an unexpected default or change in the creditworthiness of a borrower or any relevant third party entity. Credit risk can be measured at both the sovereign and non-sovereign level.

19.1. Counterparty Credit Risk

Counterparty credit risk is a risk that arises from possible failures in any of Treasury's financial counterparties in paying and meeting its obligations on a contract.

20. Equity Investment Risk

Equity investment risk is the risk of losing money from AIIB equity investments due to deteriorating performance as measured by relative or absolute performance metrics.

21. Asset Liability Risk

Asset liability risks are risks that might arise from the mismatch of assets and liabilities in terms of currency, interest rate sensitivity, or maturity.

21.1. Currency Risk

Currency risk refers to the risk of loss arising from changes in currency exchange rates.

21.2. Interest Rate Risk

Interest rate risk refers to the risk of loss which can arise due to changes in interest rates; e.g. future interest income exceeding or undershooting a fixed or guaranteed interest rate applicable to the liabilities.

21.3. Refinancing Risk

Refinancing risk relates to the potential impact on the absolute and relative funding cost due to future changes in interest rates and the Bank’s funding spread, in cases where loans are not funded to their final maturity.

22. Market Risk

Market risk is the risk of the Bank losing money due to the overall performance of the financial markets for all marketable instruments both in the Bank’s Treasury portfolio and the Investment Operations portfolio.

23. Liquidity Risk

Liquidity risk is the risk of loss resulting from the danger that short-term current or future payment obligations cannot be met or can only be met on the basis of altered conditions, along with the risk that in the case of a liquidity crisis, refinancing is only possible at higher interest rates or that assets may have to be liquidated at a discount.

24. Operational Risk

Operational risk relates to the loss resulting from inadequate or failed internal processes, people, and systems; or from external events.

25. Integrity Risk

Integrity Risk is the risk that the Bank or its clients will engage in activities or with entities whose background and behaviour may have adverse reputational and often financial impact on the Bank.

26. Environmental and Social Risk

Environmental and Social Risk is the risk of breaching any environmental and social rules and commitments as covered in the Bank’s Environmental and Social Framework.

27. Reputational Risk

Reputational risk is the risk arising from negative perception on the part of customers, counterparties, shareholders or investors that can adversely affect an institution’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding.

RISK MEASUREMENT AND MANAGEMENT

28. For each material risk, AIIB has developed qualitative and/or quantitative methodologies for measuring and managing the risks.

29. Economic Capital

29.1. As part of standardized portfolio optimization, Economic Capital will be employed as a central performance measurement tool to quantify the amount of risk inherent in its operations in a common currency. Economic Capital is defined as the capital AIIB is required to hold to protect its net asset value from falling below zero after a worst case fair value loss over one year. The worst case scenario is generally associated to a tail probability of 0.03%, reflecting a desired confidence level for economic solvency of 99.97%.

29.2. Economic Capital will be employed to measure the portfolio diversification effects and to manage overall portfolio performance. It will also be considered in pricing for specific deals.

30. Credit Risk

30.1. Depending on the riskiness, complexity, and size of the deal, the Investment Committee or other authorized reviewers will assess the credit quality and merits of proposed individual investments in line with the Bank’s policies and procedures. In order to make its recommendations, the reviewers are provided by the relevant departments with assessments specific to their area, such as risk, legal, finance, strategy, environmental and social aspects, and procurement.

30.2. Accountabilities at different stages of the credit risk/project approval process a r e delineated and regularly updated by Management.

30.3. Sovereign Credit Risk

The evaluation of sovereign risk will focus on the extent to which: i) countries have the capacity and willingness to service external debt obligations in general and Bank debt in particular; (ii) the country's existing debt burden is sustainable and iii) the Bank's preferred creditor status and that of other MDBs is honored. Bank evaluation of sovereign risk is based on quantitative and qualitative risk measurements, based on internal rating models and additional sovereign analyses including internal and external sources. The Bank will use these analyses to determine appropriate sovereign risk guidelines that vary according to risk rating.

30.4. Non-sovereign Credit Risk

The evaluation of non-sovereign credit risk will focus on a private company's (including publicly owned companies without the benefit of an explicit full sovereign guarantee) credit worthiness and the ability and willingness of the private counterparty to repay its debt obligations. In order to assess the risk, financial and non-financial factors, as well as quantitative models will be employed and taken into consideration to assign a risk rating. The Bank will use these analyses to determine appropriate limits, investment sizing, and pricing.

30.5. Counterparty Credit Risk

30.5.1. The Bank will mitigate the counterparty credit risk from its investments and derivative holdings through the credit approval process, the use of collateral agreements, and risk limits. The credit approval process will involve evaluating counterparty and security specific creditworthiness. Swaps will only be entered into on the basis of netting and collateralization of exposures measured on a mark-to-market basis, with collateralization thresholds based on ratings or other appropriate credit indicators. Collateral held will include cash and highly liquid investment securities.

31. Equity Investment Risk

31.1. Equity investment risk is generally a combination of market and performance risk, with varying mitigating methods depending on the type of investment. Appropriate risk measurements should be used according to the specific risk and investment type being addressed. If equity is listed, the equity investment is marked-to-market, subject to liquidity discounts. For unlisted equity investments, equity investment risk is measured through valuation models and external benchmarks.

32. Asset Liability Risk

32.1. In its asset liability management process, the Bank pursues three goals: i) reducing risks that might arise from the mismatch of assets and liabilities in terms of currency, interest rate sensitivity, or maturity; ii) monitoring the evolving risks to the Bank’s income over time and establishing a framework that reduces the potential volatility of the Bank's income over the medium term; iii) minimizing volatility of available equity; and iv) assigning clear responsibility for all asset liability mismatch risks to which the Bank is exposed.

32.2. Asset liability risk will be managed through a combination of balance sheet projections, net interest income impact, and economic value of equity impact. In addition, risk limits will be placed in order to control the risks.

32.3. Currency Risk

32.3.1. In principle, the Bank does not intend to take currency risk. Therefore, currency risk will be hedged by the Bank by matching the currency of debt funding assets with the currency of such assets through the use of currency swaps.

32.3.2. In the case of equity investments denominated in other currencies, a decision may be made not to hedge the currency aspect of these investments.

32.3.3. Because administrative expenses are denominated predominantly in one currency, exchange rate variations may affect administrative expenses measured in dollars with an impact on net income. Over time, if this becomes of significance, a program to approximately hedge the currency of administrative expenses into U.S. dollars could be undertaken (e.g. through holding a portion of the equity funded liquidity portfolio in Renminbi).

32.4. Interest Rate Risk

32.4.1. Both assets in the Treasury portfolio and Investment Operations portfolio can present interest rate risk. In hedging these assets, it is important to distinguish between assets funded by debt and assets funded by equity.

32.4.2. In the case of assets funded by debt, interest rate risk can be managed properly by matching the interest sensitivity of the debt with that of the asset. In managing the debt funded liquidity, deviations in the interest sensitivity (or duration) of the assets from that of the corresponding debt will be permitted up to the limits to be set out in the General Investment Authority. Most often this is achieved by converting both asset and liability to floating rate.

32.4.3. In the case of assets funded by equity, AIIB should net out all equity from the investment operations portfolio. The net equity portfolio will be managed by assigning a theoretical interest rate sensitivity (or duration), allowing oversight for asset liability risk purposes.

32.5. Refinancing Risk

To compensate refinancing risk, the Bank will charge an associated risk spread and maturity premium (for longer maturity loans) and will periodically review the adequacy of these spreads in light of expectations of funding costs relative to LIBOR.

33. Market Risk

Market risk will be assessed through adequate methods such as value-at-risk (VaR) and non- statistical measures on a daily and/or weekly basis. Those measures will be monitored to help the Bank control and maintain its risk exposures within the approved market risk limits.

34. Liquidity Risk

Liquidity Risk will be measured via a set of risk limits and additional liquidity risk ratios, and will be managed through buffer and liquidity contingency plans.

35. Operational Risk

Effective management and mitigation of operational risk relies on a system of internal controls aimed at identifying various risks, and establishing acceptable risk parameters and monitoring procedures. Top operational risks within the Bank will be periodically identified, for which materiality values and Key Risk Indicators (KRIs) will be established in order to control operational risk.

36. Integrity, Environmental & Social, and Reputational Risks

36.1. Integrity, Environmental & Social, and Reputational Risks management and mitigation comprises the identification of the most relevant risks for the Bank along with their accompanying impact assessment; mitigation and crisis management; reporting and monitoring; as well as developing an action plan. With respect to projects, such risks are managed through the applicable Bank operational policies and directives and their application in the preparation and implementation of projects, including the corresponding policy assurance.

RISK LIMITS FRAMEWORK

37. The Risk Limits Framework provides the guidelines on limit setting of specified risk categories. Limit setting enables the management of exposures and concentration risks in the portfolio, restricting downsides such as absolute losses; while allowing the management of hidden, non-visible, non-quantifiable risks by providing a consistent methodology of controlling specified risks. In addition, limits provide a clear and efficient way of revealing the magnitude and nature of risk concentrations, enabling transparency on the 'largest and riskiest investments'; while also allowing for proactive shareholder communication and expectation setting.

38. The Risk Limits Framework is further subdivided into the three core elements of Limit Structure, Limit Setting, and Limit Monitoring and Governance. Limit Structure defines the risk categories where the limits will be placed; Limit Setting provides the actual metrics and targets; while Limit Monitoring and Governance outlines the governance framework and the process of measuring and monitoring the limits.

39. Risk limits are placed across the following five risk categories:

39.1. Capital Adequacy Limits ensure that AIIB maintains an adequate capital reserve for any

possible risks and sudden unexpected events where capital becomes necessary.

39.2. Credit Risk Limits are subdivided by sovereign and non-sovereign borrowers, and provide concentration limits for loans, while ensuring that the Bank's exposures are within manageable boundaries, in case of borrower defaults or payment failures. Borrower credit risk limits also ensure that loans are only extended to trustworthy borrowers who meet a certain credit rating threshold.

39.3. Equity Investment Risk Limits ensure that the Bank's equity investments are well diversified and not concentrated.

39.4. Liquidity Risk Limits provide cover for liquidity risk, ensuring that the Bank has enough liquid assets to meet any short term financial demands that arise through its operations.

39.5. Market Risk Limits provide cover for any risks arising from changes in the market conditions. Interest rate risk and foreign exchange risk limits are included in this category.

MONITORING AND REPORTING

40. Effective monitoring and reporting are necessary in order to achieve active, comprehensive, and efficient control of all risks. Monitoring ensures that risk policies are implemented appropriately throughout the entire organization.

41. Monitoring framework involves oversight of each risk type, along with detailed tracking of core metrics and limits. Risk limit breaches and mitigating actions are timely noted, and a risk limit tracking table is developed as part of the monitoring process.

42. Within the scope of risk reporting, internal and external risk information obtained through monitoring are gathered and provided to relevant parties in order to provide pertinent updates on risk management and advice on key strategic or operational decisions.

43. Reporting varies from detailed monthly reporting to summarized quarterly reporting, depending on the intended audience. The reporting to the Board of Directors is on a quarterly basis and consists of a Risk Dashboard that includes summaries on core risk metrics, risk limits, and each of the key risks. The reporting to the President/Risk Committee is on a quarterly (monthly) basis, and consists of a comprehensive report that includes detailed information on each of the sections covered in the Risk Dashboard.

{*1* Additional policies, rules, and principles will be added for new instruments.}