Enterprise Risk Management Framework
BPI has an established enterprise risk management (ERM) and capital management framework that enables the Bank to identify, measure, control, and monitor its significant financial and non-financial risk exposures, ensure adequate liquidity, and set aside sufficient amounts of capital to cover and mitigate such risks. The framework reflects the Bank’s internal standards as guided by the regulatory directives issued by the Bangko Sentral ng Pilipinas (BSP) in promoting effective risk management governance, implementing robust business continuity and resiliency standards that are regularly tested, and performing the internal capital adequacy assessment and other risk management processes. The Bank’s ERM framework is anchored on the pillars of 1) sound risk governance, 2) value-enhancing risk methods and processes, and 3) risk-intelligent data and technology.
BPI ERM Policy & Risk Strategy
The Bank’s ERM policy applies to BPI and its wholly-owned subsidiaries (BPI Group). It follows a top-down approach with risk appetite setting and overall strategy emanating from the Board of Directors (Board). The Board carries out its risk management function through its Risk Management Committee (RMC), which directs risk strategy, defines risk appetite statements, and reviews risk management structures, metrics, limits, and issues across the BPI Group. The RMC promotes a strong risk culture and exercises oversight through the Subsidiary Board-level RMCs across the BPI Group. The RMC manages risks through clearly-delineated functions to ensure effective risk management governance and control processes across the Bank using the “three lines of defense” model. This model defines the risk management responsibilities of each unit owning and managing the risk (1st line), overseeing risk management function (2nd line), or providing independent assurance on the quality and effectiveness of risk management and internal controls (3rd line).
The Chief Risk Officer (CRO) of the BPI Group reports directly to the RMC and is responsible in leading the formulation of risk management policies, methodologies, and metrics consistent with the overall business strategies of the Bank. The CRO also ensures that risks are prudently and rationally undertaken, within the Bank’s risk appetite, and commensurate to maximize returns on capital. The CRO is supported by the Risk Management Office (RMO), a team of skilled risk managers dedicated to identifying, measuring, controlling, and monitoring the BPI Group’s risk exposures. The CRO and the RMO actively engage the RMC, Management, and business units to effectively communicate through various internal channels the Bank’s risk culture, risk awareness campaigns and learning programs, and risk management best practices.
The Bank has identified its main risks classifications as Credit, Market (including foreign exchange, price, and interest rate) and Liquidity, and Operational and IT risks. The Bank is exposed to these financial risks primarily through its lending activities; trading and investments in securities, currencies, financial derivatives and structured investment products; and engaging in operating activities, infrastructure, and technology to support the Bank’s day-to-day businesses. Other risks managed by the Bank are cross-border risk, compliance and regulatory risks, model risk, business and strategic risks, reputational risk, conduct risk, and other emerging risks that the Bank may be exposed to in its daily operations.
The Bank also proactively promotes ERM education internally and externally through its various strategic partnerships with the industry and academic communities, facilitating public conferences, career talks, and learning and internship programs focusing on current and emerging risk themes.
With all these efforts and initiatives in ERM best practices, BPI has been recognized as the Risk Management “House of the Year-Philippines” in 2014 and again in 2018 by Asia Risk magazine; and as ASEAN Risk Champion in 2019 by the Enterprise Risk Management Academy (ERMA).
The RMC reviews the reports from the Bank's various management committees and business units that are necessary to identify and assess the risk exposures and capital adequacy and their implications to the Bank. It also reviews and recommends to the Board the approval of the Bank's risk and capital management policies, the appropriate capital structure in support of long-term strategic objectives, current business plans, and risk appetite. The committee also reviews, approves, and confirms proposals relating to risk limits, risk exposure allocations, and related risk management policies and methodologies.
The Bank has established risk management processes and controls and uses various methodologies, metrics, tools, and systems to identify, measure, control, and monitor its risk exposures. It continuously invests in risk technology and business-enabling systems, and enhances its processes to ensure completeness and accuracy of data, 360o risk perspective, and timely reporting. Independent reviews are regularly conducted by the Bank’s Internal Audit, external auditors, and regulatory examiners to ensure that controls and risk mitigation are in place and functioning as intended.