Grupo Bancolombia

Corporate Information

Risk Management

Descubre el modelo de gestión integral de riesgos empresariales en Grupo Bancolombia. Aprende sobre el riesgo de gobierno corporativo y la gestión de liquidez

The entity's comprehensive risk management is carried out in compliance with current regulations and the internal standards defined by the Board of Directors, in relation to credit and/or counterparty risk, market, liquidity, bank book interest rate, operational, business continuity, technological and cybersecurity risk, country risk, among others. Click to see information about the Risk Manual (CRMS) here >>>

Ancla
Fortalecer Gestion

ERM

Comprehensive risk management in the Bancolombia Group is framed in three main components: (I) Risk organization and governance, (II) Risk Appetite Framework (RAF) and (III) Risk management tools and information, and is developed according to the size of the entity, the local systemic importance and the nature and complexity of the operation. In addition, megatrends are considered as inputs for such management, as global axes of transformation of societies, organizations and the environment, strategic business planning and the consideration of belonging to a regional economic conglomerate.

 

This general framework of comprehensive risk management, called Enterprise Risk Management (ERM), is presented as follows:

I. Risk organization and governance

Components of integrated risk management, organization chart, structure, governance, boards and committees.

II. Risk Appetite Framework (RAF)

Definitions, indicators, limits, SVA model - Profitability and price, management report, capital allocation.

III. Risk management tools and information

Dashboard and risk maps, risk position tracking and maturity models.

I. Risk organization and governance

The Board of Directors is composed of 7 members. Under the Dow Jones criteria, all 7 members of the Board of Directors are considered independent. As part of the corporate governance model, the Board of Directors is the highest body, knows and approves the resources, structure and processes of the entity associated with risk management, which implies appointments and assignment of responsibilities and attributions to the areas and/or instances in charge of such management. For the development of its supervisory functions, the Board of Directors has the support of the Risk Committee, the entity in charge of accompanying it in the approval, monitoring and control of policies, methodologies, tools, guidelines and strategies for risk management. In addition, the Board of Directors also has the support of other legal and internal committees, including the Operational Risk Committee, to which it delegates the monitoring of its risks, control environment and, in general, any relevant issue that the Committee should be aware of.

Both the Board of Directors and the Risk Committee, in the performance of their functions, evaluate through periodic management reports, in monthly sessions, the levels of exposure of the risks to which the organization is exposed, their impact and mitigation strategies; additionally, they provide guidelines for setting the limits of tolerance and risk appetite; and carry out monthly monitoring of capital, provisions and main indicators of market risks (e.g., VaR), credit (e.g., the behavior of the loan portfolio, non-performing loans, cost of credit, portfolio concentration, among others), liquidity (e.g., survival horizon, NSFR, CFEN, among others), operational risk (evolution of materialized losses and exposure), solvency, among others. Additional information about the Risk Committee here
Seguimiento

Three-line model

As part of the corporate governance framework for risk management, the three-line model has been implemented, in accordance with international best practices, with a clear, coherent and comprehensive definition of the roles and responsibilities of each line in risk management, in order to ensure effective and efficient coordination between risk managers and leverage the internal control function as detail here.

 

The third-line role is developed exclusively by the internal and external audit, for the assurance of the internal control system and the adequate management of risks, these teams are in charge of advising and auditing to ensure that policies are followed and processes are executed in accordance with the performance goals and risk tolerance selected by management.  aligned with the company's risk strategy and policies, as implemented by the first and second lines. The independence of this unit ensures the objective monitoring and control of the different risks, safeguarding the interests of the organization without conflicts of interest derived from other business priorities. The internal audit function reports directly to the Board of Directors in addition to senior executive management and remains separate from process implementation or risk management to preserve its objectivity.

 

Learn about the audit process, and the results of the Internal and External Audit evaluations here.

informe de Gestión informe de Gestión informe de Gestión informe de Gestión informe de Gestión informe de Gestión

II. Risk Appetite Framework (RAF)

The Appetite Framework defines the risk appetite defined by senior management and approved by the Board of Directors, which is implemented through the definition of limits and indicators, policies, methodologies, procedures and controls from which the organization (i) identifies the risks associated with the business plan, (ii) assesses whether such risks are assumed, mitigated, avoided, or transferred, and (iii) monitors and controls the entity's risk profile. Related information is expanded here.

 

III. Risk Management Tools and Information >>>

Cultura

Organizational Culture

Aligned with the culture model of the Bancolombia Group (Movement B), the Vice Presidency of Risks, by virtue of the guidelines granted by the Board of Directors and the Risk Committee, carries out internal corporate communication programs as part of the strategies to generate a culture around risk management in all employees, having as a premise that the banking business is a risk business and managing it is the responsibility of everyone in the organization. These strategies are created for different audiences and have been focused on understanding and raising awareness of the risks to which the organization is exposed (traditional, non-traditional and/or emerging), on the three-line model, on the adequate management of credit risk (emphasizing the complete cycle) and the importance of internal control in the Bank. Additionally, spaces are generated for the knowledge of trends and best practices in work methodologies, use of technologies and risk tools, with peer companies, competitors, industry leaders, and consultants, among others, as part of the risk management evolution strategy.

 

Learn about the training programs and training strategies, defined and implemented for the organization's employees, including Senior Management and the Board of Directors, to strengthen the organization's commitment to risk management >>>
 

investment

Learn more about our Sustainable Focus

Sustainability Model

Learn more

icon-arrow2-right

Protocols and Partnerships

Learn more

icon-arrow2-right

Ecobank

Learn more

icon-arrow2-right

Inclusive Bank

Learn more

icon-arrow2-right

Clients

Learn more

icon-arrow2-right

Ethical Bank

Learn more

icon-arrow2-right

Might be of interest

Learn more about Investor Relations

See more

Learn our Corporate Governance

See more

Learn the latest news in Press Site

See more