Non-Financial Risk

Environmental, social and governance risks


Environmental & Social (E&S) risk refers to potential adverse impacts of the FMO investments on the environment, the employees and workers, the communities, and other stakeholders. Corporate Governance (G) risks refers primarily to risk to client business and – as a result- to FMO.

Risk appetite and governance

FMO has an appetite for managed risk in our portfolio. Our clients operate in difficult markets, in countries where regulations on ESG are less institutionalized. We accept that when we first start working with a client, the ESG performance may be below our standards. In addition to impacts on the environment, employees and workers, communities and other stakeholders, ESG risks can result in non-compliance with applicable regulation, NGO and press attention, reputation damage  and financial loss where such risk adversely affects operational and financial performance.

As part of the investment process, FMO screens all clients on ESG risk and categorizes them according to the ESG risk that their activities represent. FMO assesses in detail clients with an A or B+ ESG risk category to identify ESG impact and risks and to assess the quality of existing risk management and mitigation measures. Due diligence also includes an analysis of contextual and human rights risk. In case of gaps in ESG risk management, FMO works with clients to develop and implement an Action Plan to avoid adverse ESG impacts and/or to improve ESG risk management over time. Key ESG risk items are tracked during the tenor of the engagement. FMO’s ESG risk management support to clients is an important part of development impact ambitions.

In addition, for clients with an A or B+ ESG category, FMO monitors client performance on key ESG risk themes (against the IFC Performance Standards) using the ESG Performance Tracker (ESG-PT). The ESG-PT keeps track of key ESG risks and client performance level, enabling FMO to have a portfolio-wide view of its ESG risks.

Developments internal

An update to the methodology for tracking ESG performance has been approved and a new ESG Performance Tracker is being developed, addressing some key issues in the existing system. Historic data will be migrated and we will keep reporting ESG performance using the ESG target. 

Human rights training for E&S staff was completed in Q3 2019, the human rights trainers provided all E&S teams with human rights coaching and mentoring at sector and transaction level. This has further improved our knowledge and experience on the topic and enabled us to identify a range of sector specific human rights issues that we developed further due diligence guidance on. The human rights project ended in 2019. Furthermore, FMO finalized and launched its Human Rights Defenders Approach, which is now available at FMO's website.

Developments external

The European Commission has set up a technical expert group on sustainable finance (TEG) to assist it particularly in the development of a unified classification system for sustainable economic activities, an EU green bond standard, methodologies for low-carbon indices, and metrics for climate-related disclosure. The TEG consists of members from civil society, academia, business and the finance sector, as well as additional members and observers from EU and international public bodies. The TEG published its technical report on EU taxonomy in June 2019.

In December 2019, an agreement was reached on the framework for sustainable investments and the European Commission published the European Green Deal. At the same time, the Dutch Central Bank and European Banking Authority started to share their first expectations on how banks should manage their ESG risks and climate risk in particular.

The Commission’s Action Plan on sustainable finance is part of broader efforts to connect finance with the specific needs of the European and global economy related to sustainable development. Based on the insights to date, the EU sustainable finance package and related publications may influence FMO’s green definitions, ESG practice, disclosures and (climate-) risk management.

In October, a Working Group by the EBF and UNEP Finance Initiative started with the objective to develop a guideline for implementation of the EU Taxonomy by banks. By participating in the working group, FMO has the ability to learn from experts in the field and develop guidelines that take into consideration the angle of bilateral banks and developing markets.

Compliance risk


Compliance Risk is the risk of failure to comply with laws, regulations, rules, related self-regulatory organization, standards and codes of conduct applicable to FMO’s services and activities.

Risk appetite & governance

FMO’s standards and policies and good business practices foster acting with integrity. FMO is committed to its employees, clients and counterparties, adhering to high ethical standards. FMO has a Compliance framework which entails identifying risks, designing policies, monitoring, training and providing advices. FMO has policies on topics such as know your customer (KYC) & sanctions, anti-bribery and corruption, conflicts of interest, internal fraud, private investments, privacy and speak-up. FMO also regularly trains its employees in order to raise awareness by means of e.g. face-to-face trainings and mandatory compliance related e-learnings. Employees are also encouraged to speak up in case of suspected integrity violations conducted by an FMO employee. Management is periodically informed via the Compliance Committee or when required on an ad-hoc basis, on integrity related matters at client or employee level. In case of violations, management will take appropriate actions. The governance of compliance also entails the following key risks:

KYC & sanctions

FMO’s KYC procedure includes screening of clients on compliance with applicable anti-money laundering, terrorist financing and international sanctions laws and regulations. Due diligence is performed on clients, which includes checks such as verifying the ultimate beneficial owners of the client we finance, identifying politically exposed persons, and screening against mandatory international sanction lists. These checks are also performed regularly during the relationship with existing clients. Following the DNB onsite inspection in 2018, FMO set up a FEC Enhancement Plan (FEC EP) . In 2019 FMO started with execution of the FEC EP which consisted of a.o. conducting the Systematic Integrity Risk Assessment (SIRA) and enhancing the know your customer (KYC) policy and procedures. The updated KYC policy and procedures have been implemented. Part of the FEC EP consists of remediation of the customer KYC files and bringing them in line with the updated policy. FMO has not been able to achieve the interim target on number of remediated customer KYC files. However additional actions, based on lessons learnt, are undertaken to further improve the FEC EP. The progress of the FEC EP is closely monitored by the Management Board and reported to DNB.

It cannot always be prevented that a client is involved or alleged to be involved in illicit acts (e.g. corruption). If such an event occurs, FMO will initiate a dialogue with the client to understand the background in order to be able to assess the severity. When FMO is of the opinion that no improvement by the client will be achieved (e.g. awareness, implementing controls) or the risk to FMO’s reputation is unacceptably high, FMO can invoke legal clauses in the contract to terminate the client relationship.

General Data Protection Act (GDPR)

As from 2016 FMO is implementing improved policies, procedures and controls in order to adhere to the GDPR Regulation. In 2017 a GDPR project started addressing data protection of personal data processed of employees, clients and other stakeholders.


Corruption is a global problem, requiring a global response. FMO is guided by the OECD Convention on Combating Bribery and the UN Convention against Corruption, and is dedicated to fight corruption and bribery not only to adhere to the law, but also because such acts undermine sustainable development and the achievement of higher levels of economic and social welfare. Good governance, fair business practices and public trust in the private sector is necessary to unlock the full potential of an economy and its citizens. Corruption can be best prevented collaborative and FMO actively supports the Transparency International’s Netherlands branch and the International Chamber of Commerce in order to share best practices and stimulate the dialogue between Dutch corporates on best practices in doing international business.


In 2019 one customer integrity related incident occurred outside FMO’s risk appetite and has been reported to DNB. The incident is being addressed appropriately to make sure that it does not reoccur. No significant integrity incidents related to FMO employees have been reported. Over the course of the year there were two data leaks which required reporting to the Dutch Data Protection Authority.

Operational risk


FMO defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Risk appetite and governance

Operational risks are not actively sought and have no direct material upside in terms of return/income generation, yet operational risk events are inherent in operating a business. Operational risk events can result in non-compliance with applicable (internal and external) standards, financial losses or misstatements in the financial reports, and reputational damage. Operational risk events– including those related to information security and personal data breach – are identified and assessed, and mitigating controls are evaluated and, where applicable, implemented. FMO has defined risk appetite levels for operational incidents (P&L impact) and misstatements in financial reporting (P&L impact). In 2019, the following risk appetite indicators have been included: % overdue high priority self-identified management actions, % of key monitoring controls performed on schedule, compliance with mandatory controls in the current version of SWIFT Customer Security Framework and Severity Data Breaches GDPR in current year.

FMO has in place an operational risk framework that supports and governs the process of identifying, measuring, monitoring, reporting and mitigating operational risks, and that aims for keeping the risks within the operational risk appetite. Operational risks are managed and monitored in accordance with the ‘three lines of defense’ governance principle. Management of the first line of defense is primarily responsible for managing (embedded)risks in the day-to-day business processes. The first line acts within the risk management framework and supporting guidelines defined by specialized risk departments and committees, the second line of defense. Internal Audit in its role of the third line of defense provides independent assurance on the effectiveness of the first and second lines.

Operational risk control self-assessments are conducted annually in order to identify inherent operational risks, controls, and residual operational risks. The strategy and business/strategic objectives are also reviewed annually by the Directors in a risk perspective. Based on these Risk and Control Self Assessments, the Directors sign an internal In Control Statement at the year-end, which sets the foundation for the management declaration in the Annual Report. Despite all preventive measures, operational risk events cannot always be eliminated. FMO, however, systematically collects risk event information and analyses such events in order to take appropriate actions. Furthermore, operational risks resulting from new products or activities are assessed in FMO’s Product Approval and Review Process. No risk events outside FMO’s risk appetite have been reported.

(Information) Security

Operational risk management also encompasses the domains of Information Security and business continuity management. Information is one of the bank’s most valuable assets. In recognition of the importance of protecting the bank’s information and its associated assets, such as systems and infrastructure, FMO has established a structured information security approach to ensure the confidentiality, integrity and availability of information. This approach defines the organizational framework, responsibilities and information security directives that apply to FMO, its vendors and third parties with whom the bank exchanges information. Business continuity management ensures organizational resilience of the FMO organization and the ability to respond effectively to threats, thus safeguarding stakeholders’ interests and the organization’s reputation.


FMO’s Management Board supports the ambition to further develop the maturity of the second line oversight function. In 2019, FMO has improved the operational risk framework by, among others, designing a Bank Risk Policy. FMO’s information security policy has also been updated and relevant process and ICT controls are further enhanced. Operational risk and information security awareness trainings were rolled out in order to raise operational risk and information security awareness in the three lines of defense. It was also assessed how operational risk, including information security, framework can be further improved. This resulted in implementing a Governance Risk and Compliance (‘GRC’) tool to support monitoring and testing key operational risk controls.

Other risks

Legal risks


Legal risk is defined as the risk of a counterparty (client, supplier, stakeholder or otherwise) not being liable to meet its obligations under law or FMO being liable at law for obligations not intended or expected, caused by lack of awareness or misunderstanding of, ambiguity in, or indifference to the way law and regulation apply to business, relationships, processes, products and services, leading to financial or reputational loss.

Risk appetite and governance

Given the specific nature of legal risks that can occur, no risk appetite metrics are assigned to this risk type. Instead, the most relevant developments on this risk type are included in the risk appetite report on a quarterly basis. FMO’s Legal team is responsible for the review of the legal aspects of FMO’s contracts with its clients and for mitigating legal risks arising from FMO’s businesses and operations. The members of the team are qualified in a variety of jurisdictions and competent to provide expert and professional advice on a wide range of legal areas. Where applicable, the team seeks external expertise, particularly for legal analyses in emerging market jurisdictions in which FMO operates, or in the event of particularly complex matters. Members of the team also serve on several cross-departmental committees, enabling them to address legal risks at an early stage and share their knowledge where needed.


Brexit. Following the adoption of the Withdrawal Agreement, the United Kingdom has left the European Union. It is considered now a ‘third country’. A ‘hard Brexit’ has been avoided, and a transition period is envisaged until 31 December 2020. During this transition period, the equivalence of UK regulations is assessed, including legislation on financial services. Whether any risks for FMO materialize (such as the inability to clear trades through UK-based clearing houses), will depend on the outcome of these negotiations.

LIBOR / new Benchmark Regulation. The London Interbank Offered Rate (LIBOR), the Euro Interbank Offered Rate (EURIBOR) and other interest rates or other types of rates and indices which are deemed to be “benchmarks” are the subject of ongoing national and international regulatory reforms. The administration and/or methodology of these benchmarks may change. As a result, they may perform differently than in the past, may disappear entirely, or there could be other consequences which cannot be predicted. In June 2016, the European Union adopted the Benchmark Regulation on indices (such as LIBOR and EURIBOR) used in the European Union as benchmarks in financial contracts. It became effective as of 1 January 2018 and it provides that a supervised entity which uses a benchmark is required to have in place a “robust written” contingency plan to cover the eventuality of the benchmark no longer being available or being subject to material change. The potential elimination of the LIBOR benchmark raises various concerns, such as the risk of LIBOR becoming unrepresentative before appropriate fallback clauses are in place for existing and future financial contracts that are based on LIBOR, and the compliance with the replacement benchmark rates.

Regulatory risk


FMO defines two types of regulatory risks. Regulatory compliance risk is defined as the risk that FMO does not operate in accordance with applicable regulations, and future regulation risk is the risk that a change in regulations will impact the viability of the business strategy of FMO.

Risk appetite and governance

FMO is subject to banking laws and government regulation in the Netherlands. DNB has broad administrative power over many aspects of the banking business including liquidity, capital adequacy, permitted investments, ethical issues and anti-money laundering. Changes in banking regulation may adversely affect FMO's operations or profitability. To ensure that FMO adheres to existing financial and prudential regulation and to assess the impact on the business strategy, FMO has in place the Financial Regulation Committee (FRC). FMO is closely monitoring the process of translating Basel standards into European legislation, providing feedbacks to EC and EBA consultations and incorporates the latest available information in terms of capital planning.


In December 2017, the Basel Committee on Banking Supervision published the finalization of the Basel III reforms (BCBS 424). An important element for FMO is a change in the treatment of private equity exposures under the new standardized approach for credit risk. FMO’s private equity exposures would no longer receive a 150% risk weight but they would fall under one of three categories: speculative equity (400% risk weight), equity holdings under national legislated programs (100% risk weight), and all other equity exposures (250% risk weight). The exact impact of the new standard will depend on the translation into European legislation. The standard is expected to become mandatory per January 2022 with a five-year phase-in period.

In May 2019, the European Council adopted a comprehensive legislative package of reforms to CRR, CRD IV, the BRRD and the SRMR (the "EU Banking Reforms"), including measures to increase the resilience of EU institutions and enhance financial stability. Most of the rules will start applying in mid-2021. The most relevant reform for FMO is the requirement to apply a look through for investments in equity and debt funds. In short, investments in Collective Investment Undertakings (CIUs, or Funds) are no longer automatically labelled as ‘high risk’ with a 150% risk weight. Instead, risk weights will be determined using the look-through approach (LTA) or mandate-based approach (MBA) which requires an institution to look at the funds underlying investments and calculate the risk weights based on funds actual investments and leverage. A project is underway to apply this requirement. Other changes in the EU Banking Reforms will only have minor impacts to FMO, primarily due to adjusted reporting requirements.

In January 2019, the BCBS published the final standard on the capital requirements for market risk (BCBS 457). Although FMO does not have a trading book portfolio, the revised standards affect the capital requirements for FMO’s foreign exchange position in the banking book. The capital requirements for foreign exchange positions will increase with a multiplication factor of 1.2 under the simplified alternative approach. In case a sensitivity-based approach needs to be implemented, the capital requirements will depend on the type of currency and the correlation between the currencies. The final CRR-2 provided only a reporting requirement for market risk and the final standard is expected to come into effect in January 2022.

In January 2019 the European Banking Authority (EBA) published a guideline (EBA/GL/2019/01) specifying which types of exposures are to be associated with particularly high risk. The guideline requires institutions that apply the standardized approach for credit risk to label exposures with a particular high risk if these exposures show structural differences not reflected in the existing flat risk weights. Applying the criteria in the guideline, FMO has determined that all subordinated debt exposures, and all project finance with a client rating worse than F13 (BB-) will be labelled as high risk items. In accordance with the Guideline, FMO applies the higher risk weights as of July 1, 2019, which resulted in a 1.2% decrease in FMO’s total capital ratio.

In June 2019, in accordance with the EBA Guidelines on Management of Non-Performing and Forborne Exposures (EBA/GL/2018/06), FMO submitted an NPE (non-performing exposure) Strategy and Operational Plan to the Dutch Central Bank. This was required as FMO’s NPE ratio was above the 5.0% threshold at the end of 2018.