Basis
radicant bank ag ("radicant") consciously assumes specific risks within the scope of its business activities. The controlled handling of these risks, which includes the identification, analysis, evaluation, management and monitoring, is an important core competence of radicant.
The UN's 17 Sustainable Development Goals (SDGs) play a central role in radicant's risk management. These Sustainable Development Goals are an integral part of the strategy definition and serve as a guiding principle in the pursuit of the business strategy. All of radicant's internal and external actions are guided by the 17 SDGs. The risk policy and risk control, and thus also the product and service design, are based on the SDGs. radicant has set itself the goal of not only being a bank, but also of making a difference, providing recommendations for everyday decisions and enabling collective action for a better, more sustainable future.
The basic principles and structure of radicant's risk management are laid down in the risk policy approved by the Board of Directors. The objective of the risk policy is to create a basis for consciously dealing with and limiting or restricting the risks that are essential for radicant. This should ensure that the quantitative and qualitative requirements for radicant's viability are met in the long term and at all times. An important principle of radicant's risk policy and risk management process is the clear separation between the profit-oriented business units and the independent control bodies (risk control).
Risk Governance
The Board of Directors has the ultimate responsibility for regulating, establishing and monitoring effective risk management. At least once a year or in the event of significant changes in risk, the Board of Directors assesses the overall risk situation, the financial and capital and liquidity planning and the adequacy of the internal control system (ICS). Based on the risk situation, the Board of Directors defines quantitative and qualitative guidelines (risk tolerance) for the main risks, which specify the maximum tolerable risk level.
In order to perform its monitoring function, the Board of Directors receives a detailed financial and risk report from Risk Control on a quarterly basis. Based on this reporting, the Board of Directors assesses the current risk profile, the implementation of the risk strategies and the development of radicant's top risks.
The Executive Committee (ExCo) is responsible for the operational implementation of the risk policy and the basic principles of the institution-wide risk management. The ExCo is responsible for operational income and risk management. To this end, it implements, among other things, a risk and control environment, effective processes and an internal control system (ICS) tailored to radicant's current risk profile. In addition, the ExCo issues the necessary directives that specify and stipulate the regulatory and supervisory requirements for radicant's employees.
Risk control, which is independent of the profit-oriented business units, with the functions of Finance & Risk Controlling, Legal, Compliance and Information Security, is assigned to the Chief Financial & Risk Officer (CFO/CRO). The independent control units monitor risks as well as compliance with legal, regulatory and internal regulations, risk tolerance and risk limits. They ensure the systematic monitoring of individual as well as aggregate risk positions. As part of the quantitative and qualitative analyses, this also includes carrying out scenario analyses under unfavourable business conditions.
The risk control functions report in detail to the ExCo, internal audit and the Board of Directors on the development of radicant's risk profile and their activities at least quarterly as part of the financial and risk reporting. An escalation process has been set up for special risk situations, risk events or matters of great significance, which ensures timely notification to the appropriate addressees.
In addition, the Compliance function reports annually to the ExCo, Internal Audit and the Board of Directors on the compliance risk assessment of radicant's business activities and its risk-oriented activity plan.
The internal audit function is performed by the internal audit department of the parent company - Basellandschaftliche Kantonalbank.
Compliance with capital adequacy, risk diversification and liquidity requirements
The detailed regulatory disclosure requirements pursuant to FINMA Circular 2016/1 "Disclosure - Banks" for the capital adequacy and liquidity requirements are disclosed at the level of the parent company of radicant Basellandschaftliche Kantonalbank. The key regulatory indicators for radicant are available at www.radicant.com/de/offenlegung.
Key risk categories
Due to its business activities, radicant is exposed to the following significant risk categories, the handling and management of which is governed by the institution-wide risk management system:
- credit risks
- interest rate and liquidity risks
- other market risks
- operational risks
Credit and default risks
radicant does not engage in lending business and does not offer overdraft limits. The credit risk is limited to the counterparty risks in the interbank business and to the default risks resulting from the financial investments held.
The credit risks in the interbank business or from the financial investments held are limited by means of counterparty limits. Before entering into a business relationship in the interbank business, the counterparty risk is assessed. Compliance with the limits is monitored daily.
For the underlyings of the investment funds and certificates held in the financial investments, a lookthrough approach is followed for risk monitoring. The financial instruments are subject to a clear competence structure and must comply with defined qualitative and quantitative limits. The monitoring of compliance with the limits as well as the development and reporting is carried out by Finance & Risk Controlling.
Interest rate and liquidity risks
The principles, responsibilities and instructions for the management of radicant's interest rate risks are defined and stipulated in regulations issued by the Board of Directors. radicant does not engage in interest rate differential business or maturity transformation and can only take on interest rate risks to a limited extent. Accordingly, there is only a low risk tolerance and risk limits for entering into interest rate risks, and the management of interest rate risks concentrates on monitoring the development and reporting by Finance & Risk Controlling.
Liquidity and refinancing risks are limited by predefined risk tolerances. Finance & Risk Controlling is responsible for identifying, analysing, evaluating, managing and monitoring liquidity and refinancing risks. In the current start-up phase of radicant, there are only minor outflow risks of customer funds. In this phase, radicant's liquidity and refinancing situation is largely dependent on the capitalisation and liquidity of its parent company, Basellandschaftliche Kantonalbank.
Other market risks
Market risk represents the potential loss that radicant may incur due to changes in market prices. Radicant does not engage in active trading for its own account.
Currency risk
radicant does not offer its customers foreign currency accounts and currency transactions or FX derivatives. At present, radicant is therefore not exposed to any significant currency risks from its customer business. The resulting foreign currency risks from existing foreign currency positions or transactions in connection with operations are hedged with foreign currency derivatives depending on the risk assessment. The monitoring of the development and reporting of currency risks is carried out by Finance & Risk Controlling.
Equity Price Risk
Radicant may invest in financial instruments to enhance short and medium term liquidity, to support its core business - asset management - or to generate a return to diversify the Bank's core business. These may not be entered into for trading purposes.
The share price risk of the financial instruments in the financial investments is limited and monitored via the defined qualitative and quantitative limits. The monitoring of compliance with the limits as well as the development and reporting is carried out by Finance & Risk Controlling.
Operational risks
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events. This definition also includes legal and compliance risks as well as information security risks (including cyber risks).
For the identification, evaluation and periodic reassessment of risks, radicant uses a "Governance, Risk & Compliance Tool" (GRC Tool). This tool evaluates and assigns all risks to which radicant is exposed according to risk categories. Based on the identified and evaluated gross risks, controls and measures are defined and assigned, and the net risks are additionally evaluated after taking these risk mitigating measures into account. The summarised risk assessment of the gross and net risks must be evaluated and approved annually by the Board of Directors. The Board of Directors is also informed semi-annually about the development and current assessment of the identified "top risks" of radicant.
In order to limit, measure and monitor operational risks, the Board of Directors has also defined operational risk indicators with a corresponding maximum defined risk tolerance. The development of these risk indicators is regularly recorded and reported by Finance & Risk Controlling to ExCo and the Board of Directors.
The internal control system (ICS) of radicant is based on the identified and assessed risks and is also administered and monitored in the GRC tool. The controls defined in the GRC tool are assigned to a responsible person. The completion and evidence of the implementation of the controls must be documented and monitored in the GRC tool. The Board of Directors receives an annual summary assessment of the adequacy and effectiveness of the ICS from Financial & Risk Controlling.
The Legal function is responsible for assessing and reporting on legal risks. Legal is involved in all contractual negotiations and the drafting of legal documents. To prevent legal risks, radicant uses standardised, digital customer contracts.
The additional principles, responsibilities and instruments for the management of compliance risks are set out in specific regulations issued by the Board of Directors. As an independent function, the Compliance function monitors compliance risks and adherence to the relevant legal, regulatory and internal regulations – including risk tolerance compliance – as well as compliance with customary market standards and codes of conduct. In addition, Compliance also covers the role of the internal money laundering unit in accordance with money laundering legislation. To cover its responsibilities, Compliance must prepare an annual assessment of compliance risks and an evaluation of risk tolerance compliance for the attention of the ExCo and the Board of Directors. Based on this, it develops a risk-oriented activity plan according to which the Compliance function carries out its activities.
The monitoring and assessment of information security risks – including cyber risks and the protection of electronic client data - is ensured by the independent Information Security function in close coordination with Legal and Compliance. Due to radicant's business activities and orientation towards a purely digital or mobile offering, information security risks are of very great importance. To this end, the Information Security function specifies security principles and measures that serve to protect critical IT systems and sensitive (customer) data. In addition, regular vulnerability analyses and penetration tests are carried out under the supervision of Information Security to identify security gaps. Important instruments for the permanent monitoring, detection, analysis and elimination of information security risks are the 24-hour, 7-day Security Operation Centre (SOC) and measures and instruments for the detection and prevention of data loss.
The principles, responsibilities and processes of Business Continuity Management (BCM) are laid down in a regulation of the Board of Directors. The necessary business impact analyses, business continuity plans and tests have been carried out and documented. The Chief Information Security Officer also covers the role of BCM Officer, which is important for planning and coordinating BCM activities and reporting on BCM risk assessment and activities. Central to the structure of radicant's BCM is the inclusion of radicant's key outsourcing partners. A crisis team has been defined for specific threat situations that require critical decisions and cannot be handled within the framework of the ordinary management structure.
Methods used to identify default risks and to determine the need for value adjustments
radicant does not offer any credit business or overdraft limits. The overruns resulting from fees and/or interest charges are treated as uncovered customer receivables and are assessed annually or, in the case of larger overruns, at shorter intervals by Finance & Risk Controlling for their recoverability. The assessment of recoverability is based on the assets available and invested at radicant. No further analyses are carried out or information requested from the customers. If no invested assets of the customer can be counted towards the excess through the sale of securities, it is assumed that the customer's receivable is impaired and a full individual value adjustment is made.
If there are receivables from customers that are not fully individually impaired, value adjustments for latent default risks are also made for losses that have occurred but have not yet been allocated to a specific borrower. Default risks are considered latent and are covered by value adjustments for latent default risks if losses are expected due to events that have already occurred at the time the annual financial statements are prepared, but these losses cannot yet be allocated to specific borrowers.
Business policy on the use of derivative financial instruments and hedge accounting
radicant trades in standardised and OTC derivatives for its own account solely to hedge foreign currency risks. There is no trading for or on account of customers. Only derivatives on currencies - including currency swaps, forward exchange transactions or currency options – are concluded.
No other derivatives in instruments other than currencies are currently concluded. All gains and losses from foreign currency hedging transactions are recognised in trading income, as are those from the underlying transactions. There is no hedge accounting in the interest business.