Non-Financial Risk
ENVIRONMENTAL, SOCIAL AND GOVERNANCE RISKS
Definition
Environmental, Social and Governance (ESG) risk is the potential adverse impact of the investments FMO makes to people and the environment. Such risks will also negatively impact the sustainable development of FMO's investees, which can lead to financial losses and/or reputational damage for FMO.
Risk appetite and governance
FMO has an appetite for ESG risks that can be managed and mitigated over time. FMO’s clients operate in difficult markets, in countries where regulations on ESG are less institutionalized. However, FMO actively works with clients to achieve improvements over time.
As part of the investment process, FMO screens all transactions on ESG risk and categorizes them as low, medium, medium-high or high ESG risk. All medium-high and high ESG risk transactions undergo a thorough ESG assessment to identify ESG impact and risks and to assess the quality of existing risk management and mitigation measures. Due diligence also includes an analysis of contextual and human rights risk. Where ESG risk management shows gaps FMO works with clients to develop and implement an Action Plan to avoid adverse ESG impacts and/or to improve ESG risk management over time. Key ESG risk items are tracked during the tenor of engagement. FMO’s ESG risk management support to clients is an important part of development impact ambitions.
In addition, for high-risk clients, FMO monitors client performance on key ESG risk themes (against the IFC Performance Standards) using the ESG Performance Tracker (ESG-PT). For each high ESG risk client the ESG-PT keeps track of key ESG risks and client performance level, enabling FMO to have a portfolio-wide view of its ESG risks. This indicates the resources required for ESG risk management; performance is judged on distance travelled.
Developments
The ESG-PT is a new system launched on 1 January 2018, alongside a new ESG performance target.
COMPLIANCE RISK
Definition
Compliance Risk is the risk of failure to comply with laws, regulations, rules, related self-regulatory organization, standards and codes of conduct applicable to FMO’s services and activities.
Risk appetite & governance
FMO’s standards and policies and good business practices foster acting with integrity. FMO is committed to its employees, clients and counterparties, adhering to the high ethical standards. FMO has a Compliance framework which entails identifying risks, designing policies, monitoring, training and providing advices. FMO has policies on topics such as know your customer (KYC) & sanctions, anti-bribery and corruption, conflicts of interest, internal fraud, private investments, privacy and speak-up. FMO also regularly trains its employees in order to raise awareness by means of e.g. face-to-face trainings and mandatory compliance related e-learnings. Employees are also encouraged to speak up in case of suspected integrity violations conducted by an FMO employee. Management is periodically informed via the Compliance Committee or when required on an ad-hoc basis, on integrity related matters at client or employee level. In case of violations, management will take appropriate actions. The governance of compliance also entails the following key risks:
KYC & sanctions
FMO’s KYC procedure screens clients on compliance with applicable anti-money laundering, terrorist financing and international sanctions laws and regulations. Due diligence is performed on clients, which includes checks such as verifying the ultimate beneficial owners of the client we finance, identifying politically exposed persons, and screening against mandatory international sanction lists. These checks are also performed regularly during the relationship with existing clients. In 2018, timely conducting of periodic KYC reviews was a specific area of focus for FMO. As a result, we managed to timely complete the periodic reviews that were due in 2018. In 2018 we implemented new requirements based on the European Fourth Anti-Money Laundering Directive. In August 2018, DNB conducted an on-site inspection on the systemic integrity risk analysis (SIRA) and KYC procedure. FMO has started the necessary enhancements of the KYC procedures and increasing the effectiveness of controls based on DNB findings. During 2019, FMO will continue to strengthen its KYC procedure. Follow up is closely monitored by the Management Board and the Compliance Committee.
It cannot always be prevented that a client is involved or alleged to be involved in illicit acts (e.g. corruption). If such an event occurs, FMO will initiate a dialogue with the client to understand the background in order to be able to assess the severity. When FMO is of the opinion that no improvement by the client will be achieved (e.g. awareness, implementing controls) or the risk to FMO’s reputation is unacceptably high, FMO can invoke legal clauses in the contract to terminate the client relationship.
General Data Protection Act (GDPR)
As from 2016 FMO is implementing improved policies, procedures and controls in order to adhere to the GDPR Regulation. In 2017 a GDPR project started addressing data protection of personal data processed of employees, clients and other stakeholders.
Corruption
Corruption is a global problem, requiring a global response. FMO is guided by the OECD Convention on Combating Bribery and the UN Convention against Corruption, and is dedicated to fight corruption and bribery not only to adhere to the law, but also because such acts undermine sustainable development and the achievement of higher levels of economic and social welfare. Good governance, fair business practices and public trust in the private sector is necessary to unlock the full potential of an economy and its citizens. Corruption can be best prevented collaborative and FMO actively supports the Transparency International’s Netherlands branch and the International Chamber of Commerce in order to share best practices and stimulate the dialogue between Dutch corporates on best practices in doing international business.
Developments
In 2018, no significant integrity incidents related to FMO employees have been reported and there were no incidents at existing clients outside FMO’s risk appetite.
Implementation of ICT solutions to facilitate adherence to the GDPR was prioritized in 2018 and the GDPR project was completed in accordance with the set internal timelines. No data leaks which required reporting to the data protection authority occurred over the course of the year.
OPERATIONAL RISK
Definition
FMO defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
Risk appetite and governance
Operational risks are not actively sought and have no direct material upside in terms of return/income generation, yet operational incidents are inherent in operating a business. Operational incidents can result in non-compliance with applicable (internal and external) standards, financial losses or misstatements in the financial reports, and reputational damage. Operational incidents – including those related to information security and personal data breach – are identified and assessed, and mitigating controls are evaluated and, where applicable, implemented. FMO has defined risk appetite levels for operational incidents (P&L impact) and misstatements in financial reporting (P&L impact).
FMO has an operational risk framework in place that supports and governs the process of identifying, measuring, monitoring, reporting and mitigating operational risks, and that aims for keeping the risks within the operational risk appetite. Operational risks are managed and monitored in accordance with the ‘three lines of defence’ governance principle. Management of the first line of defence is primarily responsible for managing (embedded)risks in the day-to-day business processes. The first line acts within the risk management framework and supporting guidelines defined by specialized risk departments and committees, the second line of defence. Internal Audit in its role of the third line of defence provides independent assurance on the effectiveness of the first and second lines.
Operational risk control self-assessments are conducted annually in order to identify inherent operational risks, controls, and residual operational risks. The strategy and business/strategic objectives are also reviewed annually by the Directors in a risk perspective. Based on these Risk and Control Self Assessments, the Directors sign an internal In Control Statement at the year-end, which sets the foundation for the management declaration in the Annual Report. Despite all preventive measures, operational risk events / incidents cannot always be eliminated. FMO, however, systematically collects incident information and analyses such events in order to take appropriate actions. Furthermore, operational risks resulting from new products or activities are assessed in FMO’s Product Approval and Review Process. No incidents outside FMO’s risk appetite have been reported.
(Information) Security
Operational risk management also encompasses the domains of Information Security and business continuity management. Information is one of the bank’s most valuable assets. In recognition of the importance of protecting the bank’s information and its associated assets, such as systems and infrastructure, FMO has established a structured information security approach to ensure the confidentiality, integrity and availability of information. This approach defines the organizational framework, responsibilities and information security directives that apply to FMO, its vendors and third parties with whom the bank exchanges information. Business continuity management ensures organizational resilience of the FMO organization and the ability to respond effectively to threats, thus safeguarding stakeholders’ interests and the organization’s reputation.
Developments
FMO’s Management Board supports the ambition to further develop the maturity of the second line oversight function. In 2018, FMO has improved the operational risk framework by, among others, installing an Operational Risk Committee and designing an operational risk policy. FMO’s information security policy has also been updated and relevant process and ICT controls are further enhanced. Operational risk and information security awareness trainings were rolled out in order to raise operational risk and information security awareness in the three lines of defence. It was also assessed how operational risk, including information security, framework can be further improved. This resulted in selecting a Governance Risk and Compliance (‘GRC’) tool to support monitoring and testing key operational risk controls. This will be implemented in 2019.
OTHER RISKS
LEGAL RISK
Definition
Legal risk is defined as the risk that a (term in a) contract entered into by FMO (or an FMO partner) with a client, or a rule or statute in a relevant jurisdiction, relevant for the full implementation of such term or contract, is interpreted, by a court of law, arbiter or otherwise, in such a way as to adversely affect FMO’s position, for instance because a contract is not (fully) enforceable in accordance with its terms, or the structure of the transaction is deemed invalid or illegal.
Risk appetite and governance
Given the specific nature of legal risks that can occur, no risk appetite metrics are assigned to this risk type. Instead, the most relevant developments on this risk type are included in the risk appetite report on a quarterly basis. FMO has a Legal department responsible for the review of FMO’s legal contracts and for mitigating legal risks arising from FMO’s businesses and operations. The members of the team are qualified in a variety of jurisdictions and competent to provide expert and professional advices for a wide range of legal aspects. An internal library of legal templates has been developed and maintained by the team with the aim to benchmark and standardize the conditions and provisions as much as possible. Where applicable, the Legal department also seeks external expertise, particularly for legal analyses in emerging market jurisdictions in which FMO operates or in the event of complex transactions and cases. Furthermore, FMO’s legal experts are also members of several cross-department committees for promptly addressing potential legal risks at pre-contracting phase and for sharing their knowledge in different FMO’s projects.
Developments
Brexit. On 29 March 2017, the United Kingdom notified the European Council of its intention to withdraw from the European Union. A hard Brexit (i.e. one without an agreement between the United Kingdom and the EU 27) could expose FMO to several legal risks. First, FMO is clearing trades through a UK based bank. If this were not to be recognised under EU regulation (EMIR) upon Brexit, this would affect the ability of FMO to continue to clear trades through the same counterparty. The European Commission notified that EU banks and companies may continue using UK-based clearing houses to process derivatives trades if Brexit negotiations fail. The exemption would be strictly short-term.
Second, fund managers operating out of the UK into the EU (“passporting” its UK licence under UCITS and AIFMD) would lose their passporting rights. This risk may be mitigated by the fact that many of FMO’s fund managers are not using this passport (located in other jurisdictions), and for those that do, it is in their own interest to address this issue. Please note that a hard Brexit is not expected to materially impact the enforceability of the choice of English law, or the choice of an English court or arbitration, as is the case in many of our outstanding transactions.
LIBOR / new benchmark regulation. The London Interbank Offered Rate (LIBOR), the Euro Interbank Offered Rate (EURIBOR) and other interest rates or other types of rates and indices which are deemed to be “benchmarks” are the subject of ongoing national and international regulatory reforms. The manner of administration of benchmarks may change, with the result that they may perform differently than in the past, or benchmarks could be eliminated entirely, or there could be other consequences which cannot be predicted. In June 2016, the European Union adopted a Regulation (the “Benchmark Regulation”) on indices (such as LIBOR and EURIBOR) used in the European Union as benchmarks in financial contracts. The Benchmark Regulation, which became effective as of 1 January 2018, provides that a supervised entity which uses a benchmark is required to have in place a “robust written” contingency plan to cover the eventuality of the benchmark no longer being available or being subject to material change. The potential elimination of the LIBOR benchmark raises various concerns, such as the risk of LIBOR becoming unrepresentative before appropriate fallback clauses are in place for existing and future financial contracts that are based on LIBOR, and the compliance with the replacement benchmark rates.
FMO has established separate working groups of legal experts and other specialists to closely monitor market developments and promptly address the abovementioned risks. A detailed action plan has been proposed by the groups and reviewed by the ALCO to cope with potential legal implications of the Brexit. External specialists’ assistance has also been sought for required mitigations.
REGULATORY RISK
Definition
FMO defines two types of regulatory risks within the financial and prudential (“banking”) regulation domain. Regulatory compliance risk is defined as the risk that FMO does not operate in accordance with applicable regulations, and future regulation risk is the risk that a change in regulations will impact the viability of the business strategy of FMO.
Risk appetite and governance
FMO is subject to detailed banking laws and government regulation in the Netherlands. DNB has broad administrative power over many aspects of the banking business, including liquidity, capital adequacy, permitted investments, ethical issues and anti-money laundering. FMO is subject to indirect supervision by the European Central Bank ("ECB") under the system of supervision, which comprises the ECB and the national competent authorities of participating EU Member States, the Single Supervisory Mechanism ("SSM"). The SSM is one of the elements of the Banking Union. The ECB may give instructions to DNB in respect of FMO or even assume direct supervision over the prudential aspects of FMO's business.
Changes in banking regulation may adversely affect FMO's operations or profitability, and it is difficult to predict the timing or form of any future regulatory or enforcement initiatives in respect thereof. FMO has in place the Financial Regulation Committee (FRC) to ensure that FMO adheres to existing financial and prudential regulation and assesses the impact thereof on FMO’s business strategy.
Developments
The latest developments in (future) banking regulations are described insofar as these are not yet covered in the previous sections of the Risk Management chapter.
On 23 November 2016, the European Commission announced a further package of reforms to the CRR, CRD IV, the BRRD and the SRM Regulation (the "EU Banking Reforms"), including measures to increase the resilience of EU institutions and enhance financial stability. The most important element for FMO is the requirement to apply a look through for equity investments in funds. In short, investments in Collective Investment Undertakings (CIUs, or Funds) are no longer automatically labelled as ‘high risk’ with a 150% risk weight. Instead, risk weights will be determined using the look-through approach (LTA) or mandate-based approach (MBA) which requires an institution to look at the funds underlying investments and calculate the risk weights based on funds actual investments and leverage. There are several criteria which must be fulfilled to be able to use the LTA and MBA. These include (amongst others) the eligibility of a fund to apply the look through, sufficiently granular reporting and independent data verification. Under the CRR-2 proposals, an important part of FMO’s equity investments in funds would not fulfil one of the eligibility criteria to apply the look-through approach (LTA) or mandate-based approach (MBA) as these funds are neither marketed in the European Union, nor managed by managers subject to the AIFM Directive. Consequently, these funds would become subject to a 1,250% risk weight under the fall-back approach. In the final stage of the Trilogue, a process to reach an agreement on the final texts for the EU Banking reforms, multi- & bilateral development banks were added to apply a look-through approach provided that the CIU’s investment mandate limits the types of assets that the CIU can invest in to assets that promote sustainable development in developing countries. The EU Banking Reforms are still subject to debate and approval at the EU Level as well as implementation and entry into force in the Member States. Until the EU Banking Reforms are in final form, it is uncertain how the proposals will ultimately affect FMO.
On 7 December 2017, the Basel Committee on Banking Supervision (BCBS) published the finalization of the Basel III reforms (bcbs 424). An important element for FMO is a change in the treatment of private equity exposures under the new standardized approach for credit risk. FMO’s private equity exposures would no longer be treated as investments with a particular high risk and receive a 150% risk weight accordingly. Instead, three separate categories have been included: speculative equity (400% risk weight), equity holdings under national legislated programs (100% risk weight), and all other equity exposures (250% risk weight). All three categories could apply to FMO’s equity investments and the exact impact of the new standard will depend on the translation into European legislation in the coming years. As currently foreseen, the standard will become mandatory per January 2022 with a five-year phase-in period for the higher risk weights for private equity exposures. FMO is closely monitoring the process of translating the Basel III reforms into European legislation and incorporates the latest available information in terms of capital planning.
On 8 March 2018, the European Commission launched a set of proposals on sustainable finance as it looks to encourage green investments and mitigate the risks to investors posed by climate change. The Action Plan on Financing Sustainable Growth stipulates that urgent action is required to reach the EU 2030 targets part of the Paris Agreement on climate change, and indicates that the support of the financial sector is required. The measures include a unified EU classification system (“taxonomy”), regulations on how financial markets participants should integrate Environmental, Social and Governance (ESG) factors in their decision-making, and a new market standard on sustainability disclosures.
On 31 October 2018, the EBA finalized its Guidelines on Management of Non-Performing and Forborne Exposures to take effect 30 June 2019. The Guideline requires all institutions with an NPE (non-performing exposure) ratio over 5.0% to draft an NPE Strategy and submit the document to the supervisor. The strategy should include an evaluation of the drivers of NPEs in the portfolio, available capabilities and governance structure, and an operational plan to reduce NPE levels. The guideline also provides a standardized NPE, to align with the definition used in the FINREP. As of Q2 2018, FMO has been fully aligned with the NPE definition provided by the Guideline. As FMO is above the threshold at the end of 2018, FMO will be required to submit an NPE Strategy to DNB before 30 June 2019.
On 18 December 2018, a political agreement was reached on an amendment to the Capital Requirements Regulation (CRR) which will implement the “prudential backstop” for non-performing exposures. The backstop will require, among other requirements, that all unsecured non-performing exposures more than 3 years vintage to be fully covered. If the impairment allowance does not fully cover the exposure, the difference must be covered with an own funds reduction from CET1 capital. The backstop will only apply to loans originating after 2018, therefore the potential impact will only be realized in 2022 at the earliest. The impact on FMO is expected to be limited and will depend on the size of FMO’s future non-performing exposures over 3 years vintage.
On 14 January 2019, the BCBS published the final standard on the capital requirements for market risk (bcbs 457). Although FMO does not have a trading book portfolio, the revised standards affect the capital requirements for FMO’s foreign exchange position in the banking book. The capital requirements for foreign exchange position will increase with a multiplication factor of 1.2 under the simplified alternative approach. In case a sensitivity-based approach needs to be implemented the capital requirements will depend on the type of currency and the correlation between the currencies. The standard will come into effect in January 2022. FMO is closely monitoring the process of translating the standard into European legislation and incorporates the latest available information in terms of capital planning.
On 17 January 2019, the EBA published its final guideline specifying which types of exposures are to be associated with particularly high risk and under which circumstances. The guideline requires that, institutions that apply the standardized approach for credit risk should label exposures with a particular high risk in case these exposures show structural differences that are not reflected in the existing flat risk weights. For FMO, this could imply that also other exposures than private equity will receive a higher risk weight per reporting date September 2019.