Prudence in Action: The Risk Philosophy Powering Commercial Bank’s Stability

Commercial Bank Chief Risk Officer Kapila Hettihamu

As banks navigate an environment shaped by economic uncertainty, rapid technological change and evolving regulatory expectations, strong risk management has become a defining factor of long-term stability. At Commercial Bank of Ceylon PLC, a disciplined and conservative approach to risk has remained central to the bank’s resilience and performance across economic cycles.

In this interview, Commercial Bank Chief Risk Officer Kapila Hettihamu explains how the bank manages risk across its operations, strengthens asset quality, and balances innovation with prudence. He outlines the governance structures, policies and forward-looking tools that guide risk-taking decisions, while highlighting the role of the Board and senior management in maintaining a strong risk culture.

Q: Commercial Bank is often described as having a conservative risk profile. What does that mean in practical terms?

A: A conservative risk profile, in our context, does not mean avoiding risk altogether. Banking, by its nature, involves risk. What it does mean is that we are deliberate, well-calibrated, and forward-looking in how we take risk, ensuring that every exposure is aligned with the bank’s strategic objectives, capital strength, and long-term sustainability.

We believe that blending enduring fundamentals with a readiness to adapt—guided always by sound business rationale and prudent risk management—is the perfect catalyst for our future success.

At Commercial Bank, risk management is embedded into decision-making rather than treated as a back-end control function. We focus on disciplined underwriting, strong portfolio diversification, and proactive monitoring, supported by robust policies and governance structures. This approach has allowed us to remain resilient during periods of economic stress while continuing to support customers and the broader economy. Ultimately, prudence for us is about consistency, resilience, and protecting stakeholder confidence across cycles.

Q: Credit risk remains the most material risk for banks. How does Commercial Bank approach credit risk management today?

A: Credit risk management is indeed central to banking stability, and it is an area where we have continuously strengthened our capabilities. Our approach begins well before a credit decision is made, through rigorous pre-sanction evaluations that assess borrower fundamentals, cash-flow sustainability, sector dynamics, and broader macroeconomic conditions.

Equally important is what happens after a facility is granted. We place strong emphasis on active portfolio monitoring and early identification of emerging risks. Our Early Warning Signals framework, supported by predictive analytics, allows us to detect signs of stress at an early stage and engage proactively with customers. This significantly improves our ability to manage potential deterioration before it becomes a non-performing exposure.

We also maintain a strong focus on portfolio diversification across sectors, geographies, and customer segments. This reduces concentration risk and enhances the bank’s ability to withstand sector-specific or external shocks.

Navigating credit risk is widely regarded as an intricate blend of science and art. Crafting a sound credit decision is much like a Michelin-starred chef meticulously balancing complex ingredients to create a dish that perfectly satisfies a guest’s palate. At Commercial Bank, the defining ingredient in this highly calibrated process is our enduring ‘Credit Culture.’ Cultivated over decades and deeply embedded in our institutional DNA, this culture ensures that our uncompromising fundamental principles are passed down through generations of bankers. It is this unique blend of quantitative precision and qualitative judgment that allows us to master our most material risk today.

Q: The bank reported improvements in asset quality alongside strong portfolio growth. How was this balance achieved?

A: Achieving growth while improving asset quality requires discipline and a willingness to take difficult decisions. The bank attributes its strong asset quality to a comprehensive credit framework driven by objective assessments, transparent underwriting, and proactive risk mitigation. By deploying highly regarded, independent experts across every stage of the lending lifecycle, the bank continues to achieve and maintain this benchmark of excellence.

Importantly, this prudence did not constrain growth. On the contrary, it strengthened confidence in the portfolio and allowed the bank to expand lending selectively and responsibly, resulting in growth that exceeded industry averages. This demonstrates that sound risk management and growth are not mutually exclusive — they are mutually reinforcing.

Q: How does the bank use data, analytics, and stress testing in managing risk?

A: Data-driven decision-making has become a critical pillar of modern risk management. At Commercial Bank, we leverage advanced analytics and internally developed risk models to enhance credit assessment, customer risk scoring, and portfolio monitoring. The bank’s commitment to the responsible adoption of technology is evidenced by our updated underwriting framework. We facilitate data-driven lending decisions while preserving ‘Human in the Loop’ governance, fully supported by the robust and timely validation of all active models. Stress testing and scenario analysis are integral to this process. With the support of our R& D and finance teams, we regularly assess how adverse macroeconomic conditions — such as changes in interest rates, exchange rates, or economic growth — could impact asset quality, capital adequacy, and liquidity. These exercises help us identify vulnerabilities, validate capital buffers, and refine contingency plans.

Stress testing is not a theoretical exercise for us. The insights feed directly into strategic planning, capital allocation, and risk appetite calibration, ensuring that the bank remains resilient under a wide range of economic outcomes.

Q: Innovation and digitalisation are transforming banking. How do you ensure these do not introduce unmanaged risks?

A: Innovation is essential to remain relevant and competitive, but it must be pursued responsibly. As the bank adopts new technologies — including AI-driven analytics, cloud-based solutions, and enhanced digital platforms — risk considerations are embedded from the outset.

We have established dedicated governance frameworks to manage technology, cyber, and data risks. Identifying threats within an evolving technology landscape is a continuous challenge that extends beyond traditional IT risk frameworks. Accordingly, we have proactively strengthened our data governance protocols, establishing robust policies and incident-response procedures that fully comply with regulatory standards.

The objective is not to slow innovation, but to ensure that new capabilities are introduced in a controlled and secure manner. By aligning innovation with strong risk oversight, we are able to unlock efficiency and customer value without compromising operational resilience or trust.

Q: Environmental, social, and conduct risks are receiving increased attention globally. How is the bank responding?

A: Risk management today extends well beyond traditional financial risks. Environmental and social considerations, as well as conduct risk, are now critical to long-term sustainability and reputation.

 We view the protection of our social and environmental fabric not merely as a regulatory requirement, but as our fundamental obligation as a responsible corporate citizen to build a sustainable future for generations to come. On conduct risk, the bank has established a comprehensive framework covering conflict-of-interest management, insider trading prevention, ethical decision-making, and automated monitoring. Regular training and audits reinforce a strong culture of integrity and accountability. For us, ethical conduct is not just a compliance requirement — it is fundamental to maintaining trust with customers and the wider public.

Q: How do you ensure that risk management remains aligned with a changing economic environment?

Risk management is dynamic by necessity. Our risk appetite framework is reviewed continuously in light of macroeconomic trends, regulatory developments, and portfolio performance. This ensures that the level and nature of risk we take remain aligned with our capital strength and strategic priorities.

Regular risk reporting, key risk indicators, and dashboards allow senior management to monitor developments in real time and take timely corrective action where needed. This agility has been particularly important in navigating recent economic volatility.

Aligning our risk management with a shifting economic environment requires a proactive and deeply disciplined approach. At the foundational level, our priority is capital preservation—actively building robust buffers and preventing capital leakages. We pair this with dynamic liquidity management, carefully anticipating fund flows and securing reliable contingency funding avenues. Simultaneously, we continuously refine our portfolio through intelligent diversification and a strategic exit from high-risk segments.

Furthermore, our status as a Domestically Systemically Important Bank (DSIB) carries a distinct responsibility. We actively embrace prudent regulatory measures aimed at stabilising the broader economy, ensuring our risk management framework and overarching bank strategies remain firmly congruent. Finally, because our footprint extends offshore, we maintain a highly coordinated approach to navigate multi-jurisdictional volatilities and global uncertainties, ensuring steady, unified alignment across all our operations

Ultimately, effective risk management is about anticipation rather than reaction. By remaining forward-looking and disciplined, we are able to support customers, protect the balance sheet, and sustain confidence through uncertainty.

Q: Looking ahead, what will define effective risk management for Commercial Bank?

Looking ahead, effective risk management at Commercial Bank will be defined by the seamless integration of our enduring principles with next-generation capabilities. While our uncompromising fundamentals—prudence, discipline, culture, and strong governance—will remain unchanged, the tools we use and the risks we navigate are rapidly evolving.

To stay ahead in this dynamic landscape, our future strategy centers on several critical pillars:

• Advanced analytics and technology: Deepening our analytical capabilities and strengthening our technological infrastructure to facilitate truly data-driven decisions.
• Proactive resilience: Leveraging robust stress testing frameworks that empower proactive, forward-looking decision-making rather than reactive problem-solving.
• Cybersecurity vigilance: Maintaining an aggressive, continuous focus on cyber risk management in an increasingly digitised financial ecosystem.
• Dynamic governance: Elevating our risk governance and controls to operate beyond a traditional ‘gatekeeper’ role, acting instead as a strategic partner to the business.
• Portfolio excellence: Relentlessly focusing on enhancing the overall quality and resilience of our asset portfolio.

Ultimately, risk management will continue to play a central role in enabling the bank’s sustainable growth. By perfectly balancing opportunity with responsibility, we remain highly confident in our ability to navigate an increasingly complex environment while delivering enduring, long-term value to all our stakeholders.