The risk management function at Bank of Palestine aims to establish a process to effectively identify, measure, manage, control and monitor risks faced by the Bank. The goal is to manage these risks to enhance the risk-return profile of the Bank’s balance sheet by ensuring that risks:

- Remain within the approved risk appetite of the Bank as articulated by the Board of Directors (BoD) and embedded in the Bank’s policies and procedures by way of risk limits.

- Are underwritten to increase the long-term shareholder value of the Bank and to protect other stakeholders including customers, suppliers, employees, investors, and the Palestine Monetary Authority (PMA).

- Are correlated with the profitability targets set by the Board and pursued by the business lines. The objective is an optimization of the risk-return trade off within the boundaries set by the Board through the approved risk appetite.

- Are accurately and timely reflected in the Bank’s risk reports enabling stakeholders to take adequate management decisions.

• The following principles underlie the risk governance structure of BoP, and the risk management framework generally

- The Risk Management Function is an independent function from any other units which have operational or business-related responsibilities. Independence does not imply isolation, but quite the contrary, risk management, front office, and back-office support functions should be in close communication ensuring that risks are managed effectively throughout the Bank.

- The risk management function seeks to implement international standards in risk management by sing Risk Control Self-Assessment RCSA in line with the Basel requirements.

- Risk Management shall use its own independent information sources for prices and financial information (i.e. MIS/Business Objects, Bloomberg, rating reports, audited financials).

- Risk Management departments use the SAS EGRC program to define indicators for risks allowing the bank to predict future risks.

- Risk Management shall be involved in the review of new products and services from the design phase and in any case pre-approval.

- Furthermore, Risk Management may propose means to optimize the risk-adjusted return profile of the Bank, such as optimization of liquidity and Credit Risk i.e. recommending certain portfolio allocations.

- The methodologies and tools developed/acquired by the Risk Management Department shall consider the ‘principle of proportionality’ by which it is acknowledged that BoP operates under a business environment of low to medium complexity and thus may be in a position to adequately manage risks by applying simpler yet robust methods.

- Risk Management represents the ‘second line of defense’ in the control system of the Bank, having a clear role in ensuring the effectiveness of controls in the first line (i.e. business units’ controls).

- Business Continuity Plans by way of projecting scenarios for risk, with custom-made Business Impact Analysis adapted to the specifics of the bank of Palestine.

- Risk-based Audits whereby the risk department conducts checks and audits of various departments especially the departments with weight on risk.

- Disaster recovery with the ability to resume operations after a disaster during the 15 hours post any incident using different and alternative locations by investing in modern technology to store data and transmit data speedily and securely.

The Risk Management Policy of the Bank is under the authority of the Board of Directors. The Board is responsible for approving the Bank’s risk appetite and strategy and formally review it annually or more often if required. The Board delegates specific oversight of all risk management activities in the Bank to the Board Risk Committee (BRC). While the Board delegates oversight authority to the BRC, ultimate responsibility for the Bank’s effective risk management and adherence to this Policy rests with the Board.

The Board formally reviews the Risk Management Framework and the risk profile of the Bank at least annually or as internal or external events may dictate.

The risk management departments at the Bank of Palestine are under the management and supervision of the Risk Manager. These departments are responsible for applying and developing the Risk Management Framework, and their responsibilities include the following:

- Prepare draft risk policies and procedures.

- Develop procedures, methodologies and tools relevant to risk management.

- Monitor the risk management framework at the bank level and prepare reports accordingly.

- Review the before and/or after of banking transactions in accordance with determinants set forth in the risk management policy.

- Provide an evaluation based on the study of certain procedure risks and communicate results and recommendations to the risk management committee.

- Promote the risk culture at the bank level, develop common dialogue based on this culture and provide the necessary support and training to achieve this objective.

- Provide explanations for risk-based regulations and practices and disseminate them at the business unit level.

- Provide training for branches and business units on how to manage risks and apply more strict controls on operations.

- Review procedures, policies, products and operations that affect the risk management framework prior to giving final approval.

• Responsibilities of the Board in relation to risk management include the following:

- Develops a business strategy based on which financial and risk budgets are drafted, including capital planning (ICAAP).

- Approves Risk Management Policies for the Bank and articulates risk appetite as part of the Risk Management Policies including risk tolerances and limits.

- Establishes the risk governance structure as part of the Risk Management Policies.

- Reviews significant risk issues highlighted by Board Risk Committee.

- Delegates relevant authority to Board Risk Committee for ongoing review of the effectiveness of the Risk Management Framework.

- Reports to shareholders on risk management as part of the annual report.

• The Board delegates responsibility to the Board Risk Committee (BRC) for the following:

- Ensure development and implementation of the Bank’s risk management framework.

- Review of risk management effectiveness and follow up of remedial actions.

- Review of the risk profile of the Bank at least quarterly through the risk management reporting package prepared by the Risk Management Function.

- Review Risk Management Policies at least annually and recommend changes, if required.

- Ongoing oversight and monitoring of the Bank’s material risk exposures.

- Monitor compliance with Bank risk management policies, PMA regulations and any other external risk management requirements.

- Approval of the appointment of the Chief Risk Officer and senior risk officers and of the risk management organizational charter.

Bank branches and business units are responsible for the daily risk management operations and their responsibilities include the following:

- Identify, measure, evaluate, monitor and report business unit-based risks.

- Evaluate the effectiveness of systems and controls used to monitor daily operations, and design, operate and monitor systems that are compatible with the nature of work.

- Raise regular reports on risk-based situations and incidents to the relevant risk management departments.

The Assets and Liabilities Committee at Bank of Palestine manages risks at the executive management level monitors banking risks by presenting the latest developments on the Risk Management Framework to committee members.

The responsibilities of the Assets and Liabilities Committee at the executive management level are as follows:

- Review, at least once a year, the Risk Management Framework, including policies, procedures, reports and methodologies.

- Ensure that the bank maintains an acceptable level of banking risks, as determined in the risk management policy approved by the committee, and recommend corrective measures in the instance of deviation from the policy.

- Analyze risk management reports and take the necessary administrative measures accordingly, with an aim to maintain the risk level that the bank is willing to accept in order to achieve optimal levels.

- Evaluate, supervise and manage risks across the bank, including, but not limited to, credit risks, operational risks, and risks related to interest rates, cash, and the market.

- Annual review of the risk budget and capital plan in conjunction with the financial budget.

- Consider the impact of changes in market, economic, political and competitive environments on the bank’s risk profile.

- Monitor and follow up on compliance with the requirements of the Palestinian Monetary Authority and specify time limits for compliance with these requirements.

- Raise reports to the Board of Directors on important issues resulting from the review process.

- Raise awareness about the importance of risk management at administrative and staff levels and assist the Risk Management department in disseminating the culture of banking risks.

- Recommend/supervise official training programs for the risk management staff on banking risk management.

- Review the risk management policy before obtaining approval from the Board of Directors.

- Discuss and review important policies, products and operations that impact the Risk Management Framework before presenting them to the Board for final approval.