Risk management

As a financial institution with a European footprint and focus on values-based banking, Triodos Bank is exposed to a variety of risks. These risks are managed through a comprehensive risk management framework, which integrates risk management into strategic planning activities and daily business activities along the value chain. This approach ensures that risk management is embedded within the entire bank by identifying, measuring and controlling risks at all levels of the organisation.

Triodos Bank’s risk management function is embedded within the organisation based on the ‘three lines of defence’ model. While business managers (the first line) are primarily responsible for a sound business and risk approach, they are supported as well as challenged by risk managers (the second line) with local business knowledge to identify, assess and manage risks. The risk appetite process allows Triodos Bank’s risk profile to be managed within the defined risk tolerance levels to achieve Triodos Bank's strategic objectives.

Periodically, each business unit performs a strategic risk assessment to identify and manage potential risks that could impede the realisation of business objectives. The results of these assessments are consolidated and used as input for the Executive Board’s own risk assessment. The strategic risk assessment is an integral part of the business plan cycle.

External developments may influence the strategy of the bank and therefore pose a strategic risk. In particular, the start of the COVID-19 pandemic in Q1 2020 and continued waves of infection in 2021 due to further virus mutations (e.g. Omicron) caused an impact on selected customer groups (asset side) and investors' behaviour (liability side). The bank's primary attention is on managing through the pandemic by providing stable bank services and operations as well as supporting their customers. In addition, the continuing low interest rate environment in Europe has led to decreased interest margins and consequently lower profitability. New regulatory requirements have led and will lead to extra effort of co-workers, adaptation of systems and processes as well as increasing contributions to the deposit guarantee scheme and resolution costs.

The strategic risk environment forms one of the starting points for determining the corporate strategy, the assessment of the capital and liquidity requirements in relation to the risk appetite and the recovery plan. Business units are assessed on their sensitivity to risks to determine the input for scenarios used to stress-test Triodos Bank’s solvency, liquidity and profitability.

The outcomes of the selected stress scenarios indicate that Triodos Bank is sensitive to a continuing, low interest environment scenario. It shows that, with projected business volumes and fee income, profitability might be under pressure in the coming years. This risk will be mitigated by focusing on higher yielding lending products, further improving our commission income and reducing our cost base due to higher cost efficiencies in our core bank operations.

Scenario impacts were calculated and assessed in relation to profitability, capital and liquidity. The results evidenced that Triodos Bank has a solid capital base, as indicated by the levels of its capital ratios and capability to absorb unexpected losses.

Next to the regular stress scenarios, Triodos Bank performs a specific scenario dedicated to climate risk. Climate risk contains two elements: i) transition risk (risk related to the transition of fossil sources of energy to sustainable ones) and ii) physical risk (the risk of changing weather conditions, which may be of an acute or chronic nature).

As sustainability aspects are a starting point in Triodos Bank’s lending processes, the transition risks in its loan portfolio are minimal. Triodos Bank’s lending approach is already focused on financing enterprises contributing to a low-carbon future.

Triodos Bank’s portfolio could be impacted by the physical risks of climate change. Regarding physical risk, the changes in climate leading to storms, floods and droughts may have an impact on its assets. In the longer term, impact on weather conditions (such as wind and solar resources) may affect renewable energy generation.

Triodos Bank carries out annual climate stress tests which take extreme but plausible situations into account. As part of determining the scenarios, it evaluates whether extreme weather situations could impact the bank’s resilience with a time horizon of three years. At present, the conclusion is that significant impacts are deemed as unlikely within this time horizon.

In the longer term, society and the banking sector should drastically reduce and minimise financing of unsustainable assets to address the associated risks that would otherwise have a profound impact on society as a whole.

As a mission-driven bank, Triodos Bank’s reputation is a valuable asset, which is vital to its ability to perform its activities and realise its mission. In this sense Triodos Bank is sensitive to reputational risk events. Unlike other risk types, reputational risk is not confined to a specific defined source of risk. Reputational risk may stem from different types of risk and can therefore be viewed as an ‘intersecting’ risk type. Reputational risk may be considered externally induced when driven by external developments (e.g. the fall of stock prices due to the COVID-19 crisis, which led to the suspension of trading in Depository Receipts). Such circumstances can result in changing stakeholder audience perceptions and are managed with great care.

An integrated enterprise risk management report presents Triodos Bank's risk profile, regarding all identified risk types, in relation to its risk appetite. The report is an important risk monitoring tool, which also contains analyses on specific risk-type developments and topics. This report is distributed quarterly and discussed with the Supervisory Board's Audit and Risk Committee.

Several risk committees are in place at Group level. Each is dedicated to cover and manage specific types of risk. The monthly Asset and Liability Committee is responsible for managing liquidity risk, interest rate risk, foreign exchange risk and the bank's capital adequacy. The monthly Non-financial Risk Committee monitors and manages the development of non-financial risks (i.e. operational risk and compliance risk). The Anti-Money Laundering and Counter-Terrorist Financing Risk Committee monitors and manages the regulatory and associated topics regarding anti-money laundering and countering the risk of terrorist financing.

The Enterprise Risk Committee of Triodos Bank is the body delegated by the Executive Board to propose the risk appetite, to monitor the actual risk profile against the risk appetite, and to discuss and decide on topics pertaining to the enterprise risks of Triodos Bank (e.g. strategic, reputational and model risks).

The Credit Risk Committee plays an important role in assessing the risk of new loans and monitoring the credit risk of the bank’s loan portfolio. The assessment and management of credit risk of individual loans is primarily the responsibility of local banking business units. The Group Risk function sets the normative framework, analyses and assesses large loans and monitors the credit and concentration risks of Triodos Bank’s loan book.

The Risk management section of Triodos Bank’s annual report provides a description of the main risks related to the strategy of the bank. It includes a description of the design and effectiveness of the internal risk management and control systems for the main risks during the financial year. The Group’s growth over the past years, in combination with new legislation and regulatory demands, requires the bank to continuously review, assess and adapt its internal organisation and governance structure.

Capital and liquidity requirements

Regulators are demanding a more resilient banking sector by strengthening the solvency of banks and introducing strict liquidity requirements developed by the Basel Committee on Banking Supervision. Triodos Bank complies with the capital and liquidity requirements based on the Capital Requirements Regulation.

Triodos Bank’s capital strategy is focusing on a sound and resilient capital base. Triodos Bank aims for a Common Equity Tier 1 (CET-1) Ratio which lies above 15% and a Total Capital Ratio (TCR) above 15.5%, well above its own internal economic capital adequacy models to guarantee a healthy and safe risk profile. The quality of capital as well as the solvency rate are important. Currently, 82% of Triodos Bank’s capital is qualified as CET-1 capital. In 2021, Triodos issued a subordinated debt instrument (green bond) of EUR 250 million which qualifies as Tier 2 capital in line with prudential regulations. With the successful placement of the green bond Triodos has further strengthened and diversified its capital base.

Economic capital is the amount of risk capital held to enable the organisation to survive stress events, e.g. resulting from market or credit risks. Economic capital is calculated periodically and supports Triodos Bank’s own view of capital adequacy for the purpose of the yearly Internal Capital Adequacy Assessment Process (ICAAP), which is subject to the supervisory review and evaluation process.

In 2021, the bank’s Tier 1 capital base marginally increased by EUR 40 million to EUR 1,144 million per end of December 2021 due to profit retention. The bank’s CET-1 ratio decreased from 18.7% to17.5% per end of December 2021 due to conscious growth of sustainable lending in our well diversified portfolio. The bank’s TCR increased from 18.8% to 21.3% per end of December 2021, which was mainly driven by the issued green bond of EUR 250 million in Q4 2021.

The liquidity buffer mainly consists of liquid assets with central banks (more than two-thirds at the end of 2021) and liquid investments in bonds (close to 25% of total liquidity). There is a small amount of liquidity at sight with commercial banks (1% of total liquidity), mainly for payment services, and some investments (around 1.1% of total liquidity) are made in cash loans (<1-year maturity) with Dutch and German municipalities. Around 24% of the bond investments are in central government bonds and 67% is invested in regional government and agency bonds. The other bond investments were made in green bonds of corporates and banks for diversification and to optimise risk-return. Due to market circumstances in the past years (dominated by the downward impact of central bank asset purchases on bond yields), the opportunities to re-invest maturing bonds are limited. Consequently, the percentage of liquidity at the current account at central banks has increased from about 40% early 2018 to more than 70% at the end of 2021.

The Liquidity Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR) are both well above the minimum limits of Basel III and above our internal limits. More detailed information about Triodos Bank’s approach to risk is included in the Annual Accounts section on Risk management.

In Control Statement

The Executive Board is responsible for designing, implementing and maintaining an adequate system for internal control over financial reporting. Financial reporting is the product of a structured process carried out by various functions and banking entities under the direction and supervision of the financial management of Triodos Bank.

The Executive Board is responsible for the risk management function and compliance function. The risk management function works together with management to develop and execute risk policies and procedures involving identification, measurement, assessment, mitigation and monitoring of financial and non-financial risks.

The compliance function plays a key role in monitoring Triodos Bank’s adherence to internal policies and external rules and regulations. The adequate functioning of the risk management and compliance-functions as part of the internal control system is frequently discussed in the Audit and Risk Committee of the Supervisory Board. It is further supported by Triodos Bank's risk culture as a key element of the bank's risk management framework.

Triodos Bank’s internal audit function provides independent and objective assurance of Triodos Bank’s corporate governance, internal controls, compliance and risk management systems. The Executive Board, under the supervision of the Supervisory Board and its Audit and Risk Committee, is responsible for determining the overall internal audit work and for monitoring the integrity of these systems.

The risk management framework is an important cornerstone in the in-control statement process (see also Risk management on page Risk management). Triodos Bank is working in a continuously changing environment, which requires regular upgrades of its control framework.

The risk management and control systems provide reasonable, but not absolute, assurance regarding the reliability of financial reporting and the preparation and fair presentation of its financial statements.

Compliance and integrity

Triodos Bank has internal policies, rules and procedures to ensure management, from SB and EB to the level of teamlead, complies with relevant laws and regulations regarding customers and business partners. In addition, the Compliance department independently monitors the extent to which Triodos Bank complies with internal policies and procedures.

The external aspects of the Compliance department's role primarily concern accepting new customers, monitoring financial transactions and preventing money laundering. Internal aspects primarily concern checking private transactions by co-workers, preventing and, where necessary, transparently managing, conflicts of interest and safeguarding confidential information. In addition, it is concerned with raising and maintaining awareness of, for example, financial regulations, compliance procedures and fraud and anti-corruption measures, and with compliance with good governance standards such as the Dutch Corporate Governance Code.

Triodos Bank has a European compliance team which is led by the Group Director Compliance, who is also the formal Group Data Protection Officer. Compliance officers and data protection officers are appointed in every banking entity with a functional line to the Compliance department. The Group Director Compliance reports to the Chief Risk Officer and has an escalation line to the Chair of the Audit and Risk Committee, which supports the independence of the compliance function.

In 2018, De Nederlandsche Bank (DNB) conducted a thematic, sector-wide survey among Dutch banks, focusing on the measures that banks have taken to prevent money laundering and terrorism financing. Following this survey, DNB concluded that Triodos Bank is required to implement enhanced measures concerning customer due diligence and monitoring of customer transactions.

On 6 March 2019, DNB imposed on Triodos Bank N.V. a formal instruction (aanwijzing) to remedy shortcomings in the compliance with provisions of the anti-money laundering and countering terrorist financing laws and the financial supervision laws. Triodos Bank accepted this instruction and is implementing mitigating measures, which are on track. Following the formal instruction, Triodos Bank received an administrative penalty on 14 December 2020 that was paid without delay.

In 2020, DNB performed an on-site inspection regarding the compliance function. The first purpose was to obtain assurance that the compliance function is sufficiently empowered to provide independent advice to and assume a challenging role to the first line and management. The second purpose was to assess whether the management body has an adequate role in overseeing the implementation of a documented compliance framework. Regarding the first purpose DNB recognised the improvements that were made but concluded that the functioning of the compliance function is not in all aspects sufficiently effective and that the existing improvement plan needs more detailed guidance. Regarding the management oversight, DNB concluded that the management body is not sufficiently involved in overseeing the compliance function.

Based on both findings a remediation plan was prepared at the beginning of 2021 and progress with the remediation of the findings is on track.

Triodos Bank was not involved in any other material legal proceedings or any other further sanctions associated with non-compliance with legislation or regulations in terms of financial supervision, corruption, advertisements, competition, data protection or product liability.

Fraud Risk

Fraud risk is a common risk in the financial sector. Triodos Bank performs a yearly Systematic Integrity Risk Analysis (SIRA) to assess its vulnerabilities to, amongst others, fFraud. Internal fraud within Triodos is relatively low compared to the sector. Controls like internal training and awareness are in place and Triodos has pre- and in-employment procedures resulting in a low-risk culture in relation to fraud. The number of incidents has been limited in the last years and the impact minimal. External fraud is much more common as it is with peers in the sector. Triodos has implemented a number of fraud monitoring controls over the past years. In 2021 a major step was taken by implementing the stop payment functionality in Triodos Bank Netherlands. The impact of fraud on the annual results is limited. Within Triodos a central KYC and Financial Crime domain has been set-up with a Group Director to functionally steer Triodos Bank policy and practice on financial crime at Group level.

Sustainability Risks

Sustainability considerations are shared at all levels of Triodos Bank and are an integral part of its management, including the evaluation of risk. Social and environmental aspects are taken into account in all day-to-day business decisions whenever relevant. Therefore, Triodos Bank does not have a separate department that continuously focuses on sustainability or corporate social responsibility.

Triodos Bank employs specific criteria to ensure the sustainability of products and services. It employs both positive criteria to ensure it is actively doing good and negative criteria for exclusion, to ensure it does not do any harm. The negative criteria exclude loans and investments in sectors or activities that are damaging to society. The positive criteria identify leading businesses and encourage their contributions to a sustainable society. These criteria are tested regularly and adjusted if necessary. Triodos Bank has also defined sustainability principles for its internal organisation. These are included in its Business Principles. All sustainability criteria referred to can be found on the bank's website.

Driebergen-Rijsenburg, 16 March 2022

Triodos Bank Executive Board

Jeroen Rijpkema, Chair
André Haag
Carla van der Weerdt1
Jacco Minnaar
Nico Kronemeijer