Objective and Approach
The objective of risk management is to put in place effective policies, mechanisms, systems, and processes for investment and operations to maximize the returns for the shareholder within an acceptable risk tolerance.
Risk management is a company-wide effort involving every business line, department, and individual. It is embedded throughout the investment life cycle, from the overall portfolio to general asset classes and to specific investment strategies and sub-strategies.
System and Mechanism
CIC has a comprehensive risk classification and management system involving the Executive Committee, Risk Management Committee, and relevant departments to manage all kinds of risks: market, credit, operational, liquidity, strategy, legal, reputational, and country risks.
In line with policies set by the Board of Directors and the Executive Committee, the Risk Management Committee oversees CIC's risk management strategies and approaches. Its key responsibilities include the following: Reviewing risk management strategies, policies and procedures; Determining the risk budgeting and allocation plan; Reviewing risk management and assessment reports; Reviewing assessment standards, management schemes, and internal control mechanisms for major risk drivers and events as well as key business processes; Conducting periodic reviews of the risk profile of asset allocations and the execution of the allocated risk budgets; Reviewing the risk management strategy and contingency plans for major risk events; Reviewing other risk-related issues under the authorization of the Executive Committee.
The Risk Management Committee, which oversees the risks in CIC's investment and operation activities, is comprised of the Chairman and CEO, President, related Executive Vice Presidents, Chief Risk Officer, and the Heads of the Department of Risk Management, the Department of Law and Compliance, the Department of Public Relations and International Cooperation, the Department of Asset Allocation, the Department of Investment Operations, the Department of Finance and Accounting, the Department of Internal Audit, the General Office, and the Department of Research. Other members of senior management and the heads of the investment departments attend Risk Management Committee meetings as needed.
The Operational Risk Management Committee and the Valuation Committee are two subcommittees established under the Risk Management Committee. The Operational Risk Management Committee is responsible for reviewing operational risk management policies and the relevant rules and regulations, examining and approving operational risk reports, and supervising the investigation and handling of operational risk incidents and implementation of action plans. The Valuation Committee is mainly responsible for reviewing and approving the company’s valuation accounting policies and valuation reports, the sources of market prices and parameters used for valuation, and valuation models and fair value adjustments.
CIC's comprehensive risk management system comprises the following pillars:
Three lines of defense:
For the first line of defense, investment departments remain well informed of the risks associated with the investment products within their mandate and follow CIC's risk management rules in their investment activities.
For the second line of defense, the Department of Risk Management sets risk limits on various asset classes based on the risk budget; formulates the risk management framework, mechanism and processes; works with the Department of Law and Compliance and the Department of Public Relations and International Cooperation to monitor and manage risks across the Committee.
For the third line of defense, the Department of Internal Audit and the Department of Institutional Integrity audit, supervise, and evaluate company-wide risk management to ensure procedural compliance and effectiveness in risk management and internal controls and make recommendations to redress inadequacies if these arise.
Management of Multiple Types of Risks
In 2020, CIC further bolstered its integrated risk management system covering macro, meso, and micro risks; formulated new guidelines on total portfolio concentration risks; revised rules on investment risk alerting and risk classification; made organizational adjustments in its risk management function; and stressed the comprehensive, consistent, and strategic nature of risk management.
In view of the material risk impacts brought about by the pandemic, CIC activated crisis management plans. These included setting in motion a breaking incident tracking mechanism, bolstering the company’s early warning system, increasing alert frequency and specificity, and accelerating response times. An inferential analytics framework was developed to facilitate forward-looking risk analyses and identification of mitigation measures.
To ensure preparedness against extreme events, the company strengthened its business continuity and contingency plans. Dynamic management of the negative list enabled more rigorous monitoring of critical risk factors. At the project level, we ensured robust ex-ante risk identification and assessment, intensive ex-post risk monitoring, and systematic review and management of project risks. Risk management tools were updated to ensure accurate and timely valuation of existing assets.
Market Risk Management
We continued to strengthen our comprehensive risk monitoring system, which covers macro-, market-, and portfolio-level risks. We also conducted forensic analysis of our exposures to traditional asset classes and alternative assets including multi-asset funds, hedge funds, private equity, real estate, infrastructure, resources, and commodities. Enhanced risk warning by asset class enabled more effective and targeted risk management in our private market investments.
Credit Risk Management
CIC regularly issues sovereign credit risk reports with analysis and early warning on potential locality-specific credit risks. The company revised its guidelines on the management of counterparty credit risks, and fine-tuned its differentiated approach for managing various kinds of counterparty risks. We closely monitored changes in the credit risk of our invested assets.
Internal Control and Operational Risk Management
CIC revised its Basic Principles of Internal Control to strengthen the governance structure, clarify key requirements, and establish a robust appraisal mechanism. Priorities included enhancing our internal control system in key business areas and bolstering mechanisms for detecting and averting different types of risks. We closely monitored major external risks, deployed countermeasures against contingencies, and conducted business continuity drills for extreme scenario preparedness.
Reputational and Compliance Risk Management
CIC strictly abides by the laws and regulations of all its investment destinations, respects local community concerns, and ensures information disclosure as required by law. In early 2021, the company put in place Measures for Managing Reputational Risks along with supporting guidelines. Thanks to its careful management of these risks, CIC has earned widespread recognition as a responsible corporate citizen and respected partner.