The Bank’s comprehensive risk management is developed in compliance with current regulations and internal standards as defined by the Board of Directors, in relation to market, credit/ counterparty, liquidity and operational risk. This management is strengthened with the three lines of model, with a cohesive and coordinated approach, in which its independence is guaranteed. Within the Corporate Governance Framework, the roles of the responsible areas in each line are defined, according to the level of responsibility in Grupo Bancolombia, in order to guarantee effective and efficient coordination among them for risk management (in its different stages) and internal control.
At the same time, the organization has a general comprehensive risk management framework called enterprise risk management (ERM), consisting of: Government and Organization Risk (scheme of integrated risk management, organizational chart, structure, government, boards and committees), Risk Appetite and liquidity management (Definitions, indicators, limits, SVA Model - Profitability and Price, management report, allocate capital), risk management tools and information (Dashboard and risk maps, monitoring of risk positions and maturity models).
Risk Management Organization:
The CRO is responsible for risk management of Grupo Bancolombia and he does it through local CRO’s from each company that is part of the Group. The corporate governance model gives him direct authority over risk management, which guarantees through the risk framework, the existance of committees and hierarchical structure.
The CRO reports directly to the CEO with a hierarchical level that allows direct access to the Board of Directors, Risk Committee and Audit Committee; his functions are:
a) Design policies and methodologies to identify, measure, monitor and control risk.
b) Evaluate limits and risk exposure.
c) Inform risk Committee and/or the board about risk management.
The comprehensive risk management is integrated and coordinated with other activities of the organization and has advanced methodologies that allow us to identify the different risks to which it is exposed, including emerging risks. Additionally, the Board of Directors and the Risk Committee give the guidelines to set the tolerance limits and risk appetite for the main risk indicators; it is measured and monitored monthly by type of risk.
Management Report – 2021:
Risk Management Report is an annual report created for every interest group (our clients, employees, shareholders, among others) about risk management, including emerging risk and information of public knowledge. See item G: https://www.bancolombia.com/wcm/connect/1244f804-5f45-4599-beed-4251ac3ccd7d/INTEGRATED-ANNUAL-REPORT-2021.pdf?MOD=AJPERES
Risk management culture:
Within its organizational culture, Grupo Bancolombia identifies six cultural characteristics which drive and reinforce behaviours: Integrity, Customer, High Performance, Sustainable Growth, Humanity and Dynamism. These bind the commitment of the organization with careful and proper risk management.
Additionally, the organization’s Code of Ethics promotes and disseminates the values of responsibility, respect, proximity, and integrity. An internal Ethic Line is available, through it, employees, board members, shareholders and suppliers can report anything they deem to be unethical.
Furthermore, each year we implement communication strategies that allow us to promote a risk culture across the company. These strategies are created for different audiences, according to their role in the three lines of model, which allows understanding and awareness when managing risks.
With the corporate communication campaign “Turn the risk around”, it taught all employees of Grupo Bancolombia that this is a business of risks and that we are all responsible to manage it. In only 6 months, we were able to reach more than a half of all the employees of the group, 11,276 unique users and 33,133 visits to our page content with 9 publications. Furthermore, in the feedback we received from our employees, they highlighted and appreciated the creativity and effort to connect people with topics that are normally communicated in a technical way. This communication strategy leverages the definitions of the measurement of employee performance around the management of risks.
To empower the lines of risk defense, the self-managed policies and processes were created through a chat bot that can be found within the bank´s platforms such as Microsoft Teams and employee intranet. This tool seeks to solve employee’s doubts about guidelines, policies and portfolio rating procedures.
For Grupo Bancolombia, experimentation is of utmost importance, for that reason, we launched a risk experimentation framework along with the Innovation VP’s team, which defines the methodology and action framework, as well as a credit portfolio. This framework aims to encourage the culture of risk experimentation through new ways of making policies, risk models and information for customer service.
Within the risk culture framework, we created spaces to discuss trends, best practices, work methodologies, technology, and risk tools with peer companies, competitors, industry leaders, and consultants. These spaces were designed to better evolve risk management.
Other strategies of risk culture:
Grupo Bancolombia has training programs, both virtual and face to face, including corporate programs related with risk topics. Some of these are mandatory, such as Operational Risk, SOX law and SARLAFT, with a general compliance of 96,1% for Grupo Bancolombia. Additionally, it includes several training plans for commercial areas and risk areas strengthening the organization’s commitment to risk management. The following are included:
Credit Risk School has as its principal objective the development and strengthening of knowledge of credit risk management for all employees. Technical knowledge and appropriate decision-making are part of training strategies and the certification of certain positions. In addition, Grupo Bancolombia has virtual strategies to reinforce employees’ knowledge of risk management. These include Credit Risk Management, Operational Risk Teams, “Master of Risk” and Environmental and Social Risk Management. These strategies had a coverage of 4.171 employees in 2021.
The Business School has different areas of emphasis considering the diversity in commercial teams. Among its objectives, is to achieve high performance, strengthen employee awareness and adoption of risk management as key behaviours within the organizational strategy. The main goal is to provide a superior experience for our customers. In 2021, the Business School tageted 2.763 people who were already in a position and 848 new people.
Compliance Department provides specialized training on topics related to compliance risk (SARLAFT, Personal Data Protection, Ethics, SAC, Anticorruption and Antifraud) complementing the annual virtual training plan, which had an impact in 2021 of 8170 trained employees from 90 areas across the company.
- Risk information and monitoring:
Monitoring compliance with policies, limits, measurement of exceptions, bulletins, and periodic reports of risks for each business units with information about identified risks, progress in action plans, relevant events, and indicators. Also, we have a regular report for the board of directors, which provide information about risk management, with emphasis on the main risks, including alerts, expectations and changes in policies, methodologies, and risk management issues in general. Additionally, to manage the risk profile of the Bank we have three lines framework, with responsabilities and roles for each line.
Grupo Bancolombia has a channel available to all its employees to report potential risks, as well as materialized events or losses. Through this mechanism, we seek to extend to all employees the possibility to participate in the risk management system and as an entity, it allows us to complement the processes of collection and reporting massive losses centralized in areas with large volumes of incidents. Additionally, to identify proactively credit risk events Bancolombia has a committee to analyze and monitor clients in “Watch List Situation (AEC) and stablish action plans to improve Bancolombia’s position referred to each client.
Three lines model: This model was developed in 2018 to establish the functions and the responsibilities regarding to the integral risk management and ensure effective and efficient coordination between the areas involved as part of the development of the risk culture.
Risk maps: Presents the most important risks could impact each company of Grupo Bancolombia and may have economic or reputational impacts in short and medium term. Risk maps are a tool that allow Board of Directors, Risk Committees, Audit, Legal Entities, Rating Agencies, risk managers, among others, to follow up on the strategic business situation.