The MD and CEO and Chief Risk Officer (CRO) have oversight over the ERM framework which embeds a strong risk management and risk culture in the organisation.

The Board of Directors appoints the CRO, who heads the independent risk function in the Bank. The Risk function provides an independent and integrated assessment of risks across various business lines. The risk management function has separate units responsible for the management of credit risk, market risk, operational risk, liquidity and interest rate risk, group risk and technology risk. Every quarter, the CRO presents updates to the Risk Management Committee (RMC) and the Board on the performance against risk appetite and the risk profile. In addition, formal updates on various portfolios are provided to the RMC and the Board periodically. Our Board of Directors are apprised of developments in a wide variety of key topics such as risk management education, which is delivered by relevant functional experts or in the form of secondary research Defenceand analysis. Three of our non-executive directors and all our executive directors have expertise in enterprise risk management.

Further details on risk management, including categories of risks assumed, independence of the risk management function, controls, stress testing, governance structure, approach, risk categories, management and mitigation can be found in the Management's Discussion and Analysis section.

We undertake the Internal Capital Adequacy Assessment Process (ICAAP) annually to provide the management with an overview of the identified risks and their evaluation, which informs the internal capital allocation needs to address these risks. The ICAAP is linked to overall business planning and establishes a strategy for maintaining appropriate capital levels. The ICAAP outcomes are reviewed by senior management and formally approved by the Board. Where required, the ICAAP is enhanced to include greater detail and more in-depth analysis of the risks it covers.

In addition to this, we have a Stress Testing Policy approved by the Board that aligns with the regulatory guidelines and covers material risks. Stress testing is a key element of the ICAAP and an integral tool in the Risk Management Framework.

The Landscape of Emerging Risks

GEOPOLITICAL RISKS

In the current geopolitical landscape, countries are aiming to be better prepared to manage the risks emerging from global supply chains and manufacturing bottlenecks that arose during the pandemic. Events such as the war in Ukraine have also contributed to high inflation across many countries, which the central banks are trying to address via tightening monetary policy. More recently, some foreign banks have come to global attention due to their financial condition owing to their exposure to large portfolios of long-dated investment securities, following which in March 2023, we witnessed certain US-based banks being liquidated. With a strong balance sheet and adequate liquidity position, the Group is well-positioned to navigate the current economic environment and support its customers.

Large-scale geopolitical and local events can frequently materialise unexpectedly and originate externally, providing limited opportunities for mitigation. To gauge the potential price risks within our portfolio, we employ the Value-at-Risk (VaR) methodology. This also involves utilising stressed VAR and regular stress testing to evaluate exposure to market movements. We have also established a comprehensive market risk limit framework, which includes sensitivity measures. Furthermore, to comply with the RBI Guidelines, we have implemented an enterprise-wide Review and Early Warning Signal Framework that serves as an effective means of monitoring credit risk.

To protect our IT infrastructure and remain prepared in the face of any cyber threats or risks, we have continued to employ our cyber-resilience framework for addressing cyber risks. The programmatic nature of this framework enables us to prevent and tackle cyber threats and crimes in an effective manner. We also continue to hold timely cyber drills across our offices to examine the extent to which our currently established prevention and detection systems and response controls are capable of actively addressing cyber risks. Our approach to cybersecurity and data privacy is detailed further in the ‘Ethics and Governance’ section.

CLIMATE CHANGE RISKS¹

As revealed by the Intergovernmental Panel on Climate Change’s (IPCC’s) Synthesis Report for the Sixth Assessment Report: Climate Change 2023, the current set of climate commitments and policies introduced and implemented by nations are found to be insufficient in stopping the rise in temperature of 1.5°C above the pre-industrial levels - the Paris Agreement target, within this century. As articulated in the IPCC report, there is scientific consensus on the adverse impacts of climate change. The private sector commitments made by the G7 countries indicate that the global temperature may increase by 2.7°C by the middle of the century, which is significantly higher than the goals set during the Paris Agreement, as per analysis by CDP and Oliver Wyman. Given this, timely intervention in current climate policies and pledges is deemed critical.

We recognise the potential impacts of climate change as emerging risks to our business and have developed a detailed profile of probable risks and opportunities arising from climate change. Climate risks are broadly categorised into physical and transition risks. Physical risks are caused by chronic or acute changes in weather and climatic patterns. This can adversely impact physical infrastructure and have repercussions for business continuity. Transition risks are caused due to the economy’s transition to low-carbon activities and could directly impact businesses, primarily due to changes in policy and technology.

In FY 2022-23, we carried out pilot exercises to assess physical risk to operations and transition risks to the portfolio, focusing on exposure to one industry sector. This pilot was undertaken across three-time frames so as to align with national climate action commitments and global climate goals. The scenarios for the pilot assessments are based on presently available public information and proxies which would be updated in due course when more specific data is available.

To understand the potential of physical risks impacting the Bank’s operations, an assessment was conducted under two scenarios provided by the IPCC’s Representative Concentration Pathways - RCP 4.5 and RCP 8.5. The three time frames chosen for the physical risk assessment were short-term (2022-2027), medium-term (2027-2035) and long-term (2035-2050). The risk assessment sought to understand impacts of heat stress, extreme rainfall or flooding, cyclonic events, water stress and sea level rise on the bank’s infrastructure and its people².

We covered most of our operational corporate offices and the entire branch network of the bank spanning 25 states and 4 Union territories in the country, while the study of the impact of cyclones and sea level rise was limited to our presence in coastal districts. We identified quantitative measures for the acute physical risks and heat stress to be able to translate the physical impacts into financial impacts.

It is to be noted that the estimated annual financial impact due to physical risks to our operations was assessed to be within the bank’s current operational risk appetite for the short, medium and long-term periods. For chronic physical risks such as sea level rise and water stress, the assessment produced heat maps to highlight regions of potentially high risk that may be triggered over the long term, given the nature of these risks.

Our assessment indicated that financial impacts were primarily in the form of additional costs towards the recovery of damage to physical infrastructure due to acute climate-related events and increased energy costs towards cooling of premises brought on by heat stress. A minor impact due to the increasing heat stress could be on the health of our employees and the costs associated with it, which we address through various employee well-being initiatives such as facilitating regular health check-ups and conducting awareness sessions, details of which may be found in the ‘Empowering Our Employees’ section. The potential increase in energy consumption to meet the growing business requirements of additional space for an increasing workforce could likely result in an increase in our emission footprint, even as the grid increasingly incorporates electricity generated from renewable sources. We have been sourcing electricity generated from renewable sources of energy and continue to invest in energy efficiency initiatives to reduce our energy consumption. For more details about our initiatives, please refer to ‘Managing Our Environmental Footprint’ section. In the same vein, we continue to strengthen our business continuity plans to be resilient to such risks, even as this assessment showed that most of our offices and branches were found to be at low to medium risk from heavy rainfall and flooding, sea level rise and cyclones.

For the power sector portfolio, carbon intensity expressed in tCO₂e/MWh was collected from public disclosures of portfolio companies wherever available. In cases where emissions data was not publicly available, proxies were developed based on generation capacity and utilisation data sourced from internal documentation and peer disclosures.

For projecting the emission intensities of companies for 2030 and 2050, publicly announced targets wherever available or India’s netzero target by 2070 were used. Assuming a similar exposure pattern to the underlying companies, WACI was projected for the portfolio for the identified points in time. The scenario analysis concluded that Kotak’s power portfolio nearly converges with the IEA’s Net Zero Emissions (NZE) scenario towards the end of the analysis time period, and the emission intensity of our portfolio is well within the National Pledges Scenario's estimated emission intensity throughout the timeframe considered for the analysis.

Based on both of these pilots, guidelines have been developed and internally adopted under the guidance of the Risk Management Committee. The guidelines include approaches for risk identification, measurement and benchmark scenario comparison, while also providing direction on additional data requirements that would strengthen the exercises moving forward. They also outline a governance and oversight structure under which the periodic assessments will be independently reviewed by the Head of Sustainability and the Chief Risk Officer. Given the evolving nature of the subject, the guidelines are subject to annual reviews.

Specifically, to address the transition risk, the guidelines set out a plan for rolling out capacity building for origination and underwriting teams. In FY 2022-23, we convened an ESG training programme for a cohort of these teams which focused on understanding the relevance of ESG from a banking perspective, with a specific emphasis on emerging climate technologies and the associated growh in sustainable finance transactions. The module focused on risks and opportunities that origination and underwriting must embed in sourcing and evaluating proposals. We are also working towards developing sector guidelines to help us proactively engage with clients and effectively apply an ESG lens in credit appraisal.

Climate change not only presents risks but also provides opportunities. These opportunities are in the form of lending and investments that enable companies to transition to environmentally friendly operations. Our risk assessments support us in identifying such opportunities across emerging sectors.

GRI 201-2, GRI 3-3 | ²GRI 203-2