Regulations/Rules relevant to the function of the Committee

The role, functions and the composition of the BAC are defined by the provisions of the:

• Banking Act Direction No. 11 of 2007 on Corporate Governance for Licensed Commercial Banks in Sri Lanka and the subsequent amendments thereto
• Banking Act Direction No. 05 of 2024 on Corporate governance for Licensed Banks w.e.f. January 01, 2025
• Section 9.13 of the Listing Rules of the Colombo Stock Exchange (Revised w.e.f. 01.10.2023)
• Code of Best Practice on Corporate Governance – 2023 issued by CA Sri Lanka

Terms of Reference of the Committee

The BAC, operating under delegated authority from the Board, plays a key role in supporting the Board’s responsibilities by providing structured oversight of the Group’s financial reporting requirements, internal audit, internal controls, and external audit processes. The Board-approved Charter/Terms of Reference (TOR) of the Committee comprehensively outline its purpose, composition, duties, responsibilities, and authority. The Committee is tasked with ensuring the quality and integrity of the Bank’s financial statements and disclosures, monitoring compliance with internal policies and regulatory requirements, strengthening internal controls over financial reporting, and assessing the performance and independence of the external auditor to protect the interests of shareholders and all other stakeholders.

The Charter/TOR is reviewed annually to ensure that new developments relating to the Committee’s functions are addressed. Reflecting recent amendments under the Banking Act Direction No. 05 of 2024 on Corporate Governance for Licensed Banks, the BAC Charter was reviewed and approved by the Board at its meeting held on November 29, 2024.

Key responsibilities of the Committee

• Ensure that financial reporting systems in place are effective and well managed in order to provide accurate, appropriate, and timely information to the Board, Regulatory Authorities, the Management, and other stakeholders.
• Review the appropriateness of accounting policies, and ensure adherence to statutory and regulatory compliance requirements, and applicable accounting standards.
• Ensure that the Bank adopts and adheres to high standards of corporate governance practices, conforming to the highest ethical standards, and good industry practices, in the best interest of all stakeholders.
• Evaluate the adequacy, efficiency, and effectiveness of risk management measures, internal controls, including information systems controls, and governance processes in place to avoid, mitigate, or transfer current and evolving risks.
• Monitor all aspects of Inspections, Information Systems Audit, and External Audit program of the Bank, and review Internal and External Audit Reports for follow up with the Management on responses to their findings and recommendations.
• Review the Interim and Annual Financial Statements of the Bank, to ensure the integrity of such Statements prepared for disclosure, prior to submission to the Board.

Highlights of the year 2024

In 2024, the BAC made significant strides in strengthening the Bank’s governance and risk management frameworks. The Committee ensured the timely review and approval of financial statements, maintaining compliance with Sri Lanka Accounting Standards and regulatory requirements.

A key focus was on assessing the adequacy of the impairment provision on Sri Lanka International Sovereign Bonds (SLISBs) with extensive discussions held to ensure that the provision accurately reflected market conditions and potential risks. The BAC also closely monitored developments impacting local bondholders, ensuring that the Bank's strategies and disclosures aligned with evolving market dynamics.

To strengthen internal controls, the Committee oversaw the implementation of a comprehensive, risk-based Integrated Audit Plan for 2024. This plan encompassed both internal audit and information systems audits, with a focus on high-risk areas. The Committee actively collaborated with Management to address and remediate any identified audit findings.

The BAC took proactive steps in cybersecurity by inviting the Chief Information Security Officer to present an in-depth assessment of the Bank’s cybersecurity posture, ensuring that appropriate measures were in place to safeguard against emerging threats.

Based on the project complexities, the Committee also reviewed the progress update presented by the Assistant General Manager – Operations on the Identity Access Management solution implementation in the Bank to assess and ensure safeguarding access controls.

Furthermore, the Committee collaborated with the external auditor to ensure an independent and robust audit process, safeguarding the integrity of financial reporting.

The BAC also aligned the Bank’s governance practices with the revised Banking Act Direction No. 05 of 2024 on Corporate Governance for Licensed Banks, including the revision and approval of the Audit Committee Charter.

Financial reporting

In 2024, the BAC diligently discharged its responsibilities to ensure the reliability of financial reporting. The Committee rigorously reviewed the Bank's financial statements to confirm compliance with Sri Lanka Accounting Standards, maintaining transparency and the adequacy of disclosures. Special attention was given to evaluating critical accounting policies and significant judgments made in preparing the financial statements, ensuring consistency with industry standards and providing an accurate and fair representation of the Bank’s financial position. The BAC also reviewed the assumptions underlying the Bank’s going concern status, including the viability statement, to validate their appropriateness in light of current and future risks. Furthermore, the Committee ensured that supplementary regulatory information, including tax assessments, was reported accurately and in full compliance with applicable laws and regulations.

To enhance the reliability of financial reporting, the BAC continuously engaged the services of an independent consultant, a Chartered Accountant, whose specialised skills and expertise added substantial value to the process. The Committee reviewed the Bank’s Interim and Annual Financial Statements in collaboration with Management, external consultants, internal auditors, and external auditors, ensuring that all perspectives were considered prior to their release. This review process was informed by detailed reports from the Chief Financial Officer and audit findings from both internal and external auditors. The Committee also conducted focused reviews on the integrity of financial reporting for the Bank and the Group, considering unprecedented challenges such as exchange rate volatility, inflationary pressures, fluctuating interest rates, government debt restructuring, and evolving regulatory requirements. Particular attention was given to the adequacy of post-model adjustments, especially in areas characterised by significant uncertainty. The BAC ensured that prudent accounting practices were followed, reflecting the complex economic realities, with the aim of providing stakeholders with the most accurate and meaningful financial information.

Additionally, the Committee obtained assurances from the Managing Director/Chief Executive Officer and the Chief Financial Officer regarding the integrity of the Bank’s financial records, confirming that the financial statements provided a true and fair view of the operations and financial position of the Bank and the Group.

Internal controls over financial reporting (ICOFR)

Sections 3 (8) (ii) (b) and (c) of the Banking Act Direction No. 11 of 2007 stipulate the requirements to be complied with by the Bank to ensure reliability of the financial reporting system in place at the Bank.

The Committee regularly evaluates the adequacy and effectiveness of internal control systems to safeguard the accuracy and reliability of the Bank’s financial reporting. This includes overseeing the design and implementation of controls related to financial reporting processes, ensuring compliance with regulatory requirements, and identifying potential risks. The BAC collaborates closely with internal and external auditors to assess these controls’ effectiveness and ensure that any identified weaknesses are promptly addressed. The Committee also ensures that Management has implemented robust processes to monitor ongoing compliance, thereby ensuring that the financial statements present a true and fair view of the Bank’s operations and financial position.

During the year, the Committee conducted a thorough review of the governance practices within the Finance function, including accounting policies and operational procedures, to ensure the robustness and adequacy of the account reconciliation process and the effective monitoring of suspense accounts. The Committee also reviewed the Bank’s SLFRS 09 Policy on Expected Credit Loss Provisioning to confirm its alignment with best practices and regulatory requirements. In addition, all critical system implementations were supported by post-implementation reviews conducted through Integrated Audit, with the BAC evaluating and addressing the outcomes of these assessments.

The BAC also reviewed the adequacy and integrity of the Bank’s Management Information System (MIS) through internal audit reports to ascertain whether information presented to the Board is “fit for purpose”.

For Group companies, changes to internal control systems were reviewed by the respective Board Audit Committees, with significant matters escalated to the BAC for attention and resolution. This systematic approach ensures that internal control systems across the Bank and its Group companies remain strong and effective, aligned with regulatory requirements and the Bank’s commitment to sound governance.

The Committee reviewed and approved the Directors’ Statement on Internal Controls over Financial Reporting for disclosure in the Annual Report.

Integrated Audit, Internal Audit, and IS Audit

The BAC provides oversight of the Internal Audit and IS Audit functions (Integrated Audit Function) , ensuring its independence, effectiveness, and alignment with the Bank’s strategic objectives. Integrated Audit operates free from interference by any element within the organisation, including matters of audit selection, scope, procedures, frequency, timing, or report content. The Deputy General Manager – Management Audit reports directly to, and meets frequently with, the Chair of the BAC to maintain open and transparent communication.

Integrated Audit consistently upholds the mandatory guidance set by The Institute of Internal Auditors (IIA) and adheres to the Information Systems Audit and Control Association (ISACA) Code of Ethics, ensuring high standards of professional practice integrity and objectivity.

The BAC reviewed and approved the 2024 Integrated Audit Plan, developed by the Inspection Department and the Information Systems Audit Unit (ISAU). The plan is built on a rigorous, risk-based methodology that incorporates detailed risk profiling and pre-engagement risk assessments to ensure that the scope and focus of audits are aligned with the Bank’s most pressing risks and strategic priorities. This approach thoroughly evaluates inherent risks and the strength of the control environment across all Group entities.

Audit coverage is comprehensive, encompassing a blend of onsite, online, offsite, and integrated audits to assess processes and controls, risk management frameworks, regulatory compliance, major change initiatives, investigations, and special reviews. Regular updates from the Deputy General Manager – Management Audit provided the Committee with insights into key findings, risk exposures, and the progress of corrective actions implemented by the Management.

The Committee placed particular emphasis on critical areas of governance, encompassing key operational functions such as Financial Management, Treasury Operations, Lending, Branch Operations, Procurement, Payments and Expected Credit Loss (ECL) provisioning. This ensured robust oversight of the Bank’s financial health, particularly in relation to credit risk management, and reinforced the importance of accurate and timely provisioning for potential credit losses. The Committee’s oversight in these areas ensured strict adherence to established policies, procedures, and regulatory requirements, while enhancing the Bank’s risk mitigation strategies and financial resilience.

The Committee reviewed the findings of the ISAU covering the Bank’s local operations, overseas operations and subsidiaries. The ISAU coverage focused on cyber resilience, emerging technologies, internal IT control environment, supplier chain risk management and regulatory compliance.

Regulatory Requirements on Technology Risk Management (Banking Act Direction 16 of 2021 of the CBSL), mandated the requirement of Internal Audit involvement at various levels from the year 2023 onwards; especially in case of Bank wide compliance with ISO standards. The Committee deliberated ISAU review on Bank level of Compliance with the Banking Act Direction No. 16 of 2021.

The Committee also reviewed the report on findings relating to the Business Continuity Plan and Disaster Recovery arrangement during the year 2024 including the Role Swap Exercise carried out as per Guideline on Business Continuity Planning No. 01/2006 and Business Continuity Management and Disaster Recovery (DR) Site Operations – 2024 issued by the CBSL. In addition, the Committee reviewed the report on compliance with goAML Reporting Process aligning with instructions of the FIU of the CBSL, Baseline Security Standard, PCIDSS, and SWIFT CSP to ensure safeguarding Information and IT Assets of the Bank.

The BAC deliberated on ISAU reports on Cyber Security, Vulnerability and Penetrating Testing Process, Risk on outdated IT Assets, IT General Control and Governance Risks, IT Infrastructure management, deficiencies in data classifications and Data Loss Prevention, End Point Security, Software Source Code Security, Logical and Physical Access including adequacy of controls in Privileged Access granted by the Bank.

Additionally, the Committee evaluated the resource requirements of the Integrated Audit Department to ensure its capacity to deliver comprehensive audit coverage. The BAC will conduct the performance evaluation of the Deputy General Manager – Management Audit and senior staff members of the Internal Audit Department for 2024.

The Committee members visited five branches of the Bank during the year and provided their observations and recommendations to the Board and the Management.

Effectiveness of the External Audit

The BAC ensured the independence and effectiveness of the External Auditor by implementing robust oversight mechanisms. To uphold good governance, the Committee ensured compliance with regulations limiting external audit engagements to a maximum of five years per engagement. Accordingly, Messrs KPMG, Chartered Accountants, were appointed as the Bank’s External Auditor.

The Committee met with the Auditors independently, without the presence of Executive Directors, providing them the opportunity to express their views freely on any matter. This process assured the BAC that management had provided all necessary information and explanations, imposed no restrictions on the audit’s scope, and maintained a cooperative relationship with the Auditors, free of disagreements.

The BAC reviewed the Auditors’ Declaration regarding their independence, confirming compliance with the Code of Conduct and Ethics of the CA Sri Lanka. Audit fees, expenses, and any non-audit services provided by the Auditors were scrutinised to ensure these did not impair their independence or objectivity. The Committee ensured that non-audit services adhered to regulatory requirements and the Board approved Policy on Non-Audit Services, thereby avoiding any restricted activities.

The Committee reviewed the Management Letter issued at the conclusion of the audit for the year ended December 31, 2023, and discussed it with the Auditors before its submission to the Board and the Central Bank of Sri Lanka (CBSL). The BAC also evaluated the Audit Plan and scope of work for the year ended December 31, 2024, ensuring alignment with the Bank’s expectations and regulatory standards.

Oversight on Regulatory Compliance

The Committee also ensured that the Bank complies with all regulatory and legal requirements. Closely scrutinised compliance with mandatory banking including other statutory requirements and the systems and procedures that are in place. The quarterly reports submitted by the Assistant General Manager – Compliance were used by the Committee to monitor compliance with all such legal and statutory requirements. The Bank’s Inspection Department has been mandated to conduct independent test checks covering all regulatory compliance requirements, as a further monitoring measure.

The Committee monitored the progress on implementation of the recommendations made in the Statutory Examination Reports of the CBSL through regular follow up reports tabled during the year 2024. It also reviewed the progress of implementation of the recommendations in the Statutory Examination Report of the Bangladesh Bank on the Bank’s Bangladesh Operations.

Risk Management

The Committee diligently reviewed the effectiveness of the Bank's internal control mechanisms, ensuring compliance with regulatory requirements, particularly in relation to ICAAP, and the capital assessment process for the year 2023. In alignment with Section 10 (Pillar II – Supervisory Review Process) of the Banking Act Direction No. 01 of 2016 on the “Regulatory Framework on Supervisory Review Process”, the Committee confirmed the integrity, accuracy, and reasonableness of the Bank’s capital adequacy assessment procedures.

The positive assurance statements submitted by the Chief Risk Officer provided the Committee with confidence that appropriate processes were in place to identify and manage significant risks. The Committee proactively sought and received assurances from relevant Business Units regarding the remedial actions implemented to address identified risks, ensuring the ongoing effectiveness and robustness of the internal control framework.

Governance, Conduct, and Ethics

Through a review of regulatory, external audit, compliance, risk and internal audit reports, the Committee ensured that Management’s role over the first and the second lines is clearly defined and segregated to fortify good governance. The Committee strongly advocated for and strengthened the Internal audit function. The Deputy General Manager – Management Audit is independent from the Management in their reporting lines, and holds no operational decision-making responsibilities, which provides an additional degree of independence and governance.

The Committee continuously emphasised on upholding ethical values of the staff members. In this regard, the Bank has a Code of Ethics, a Whistleblowers’ Charter and an Anti-Bribery and Anti-Corruption Policy in place, which ensure and encourage all staff members to be ethical, transparent and accountable and resort to whistleblowing if they suspect any wrongdoings or other improprieties.

Highest standards of corporate governance and adherence to the Bank’s Code of Ethics were ensured. All appropriate procedures were in place to conduct independent investigations into incidents reported through whistleblowing or identified through other means.

During the year, the Compliance Officer regularly updated the BAC on whistleblowing effectiveness, including controls assessments and outcomes of the key investigations.

The whistleblower Charter has been reviewed by the Committee and approved by the Board in 2023.

Reporting to the Board

The minutes of the Committee meetings were tabled at Board meetings, thereby providing Board Members with access to the deliberations of the Committee.

Committee evaluation and effectiveness

An independent evaluation of the effectiveness of the Committee was carried out by the other members of the Board during the year. Considering the overall conduct of the Committee and its contribution to the overall performance of the Bank, the Committee has been rated as highly effective.

R Senanayake*
Chairmen
Board Audit Committee

P Y S Perera**

February 28, 2025

* Chairman of the BAC up to December 31, 2024

** Chairman of the BAC with effect from January 01, 2025.

Terms of Reference of the Committee

The BIRMC was established in accordance with the Central Bank of Sri Lanka (CBSL) regulatory framework for Corporate Governance in licensed banks. Its formation historically aligned with Direction No. 11 of 2007, which was superseded by the Banking Act Directions on Corporate Governance for Licensed Banks No. 05 of 2024, dated September 30, 2024, issued by the CBSL. The composition and the scope of work of the Committee are in line with the said Directions, as set out in the BIRMC Charter which is reviewed annually, most recently in December 2024, which clearly sets out the membership, authority, duties and responsibilities of the BIRMC as described in the “Risk Governance and Management” Section of this Annual Report on pages 254 to 284.

The BIRMC assists the Board of Directors in fulfilling its responsibilities of overseeing the Bank’s risk management framework and activities including the review of major risk exposures, the steps taken to monitor and control those exposures pertaining to the myriad of risks faced by the Bank in its business operations. Responsibilities of the BIRMC include determining the adequacy and effectiveness of such measures and ensuring that the actual overall risk profile of the Bank conforms to the desirable risk profile, as defined by the Board. Special attention is given to the material risks that the Bank may face within its existing portfolio of risks, as well as for forward-looking and emerging risks that require action to minimise their potential impact on future performance.

All key risks such as Credit, Operational, Market, Liquidity, Data Security, Information Technology, Strategic, etc. are assessed by the BIRMC regularly through a set of defined risk indicators. The Committee works very closely with the Key Management Personnel and the Board in fulfilling its statutory, fiduciary and regulatory responsibilities for risk management. The risk profile of the Bank is communicated to the Board of Directors periodically through the Risk Assessment report following each BIRMC meeting.

Activities in 2024

In discharging the above duties and responsibilities vested in the BIRMC, the Committee reviewed all significant and emerging risks during the year, focusing on their potential impact on the Bank’s operations, financial stability and strategic objectives. The activities carried out by the Committee are appended below:

• The Bank demonstrated continued resilience in 2024, proactively managing its credit portfolio amidst a dynamic market environment as the overall market showed signs of recovery and more stability compared to 2023. Recognising that the impact of shifting market conditions in various sectors required continued vigilance, the Bank, with the help of the Integrated Risk Management Department, leveraged various internal capabilities and know-how to navigate the evolving economic landscape effectively.
• In a climate of declining interest rates and the prevailing political uncertainty in the country for most of 2024, the Committee prioritised strategic initiatives to optimise growth, profitability and asset quality.
• Local and global macro-economic factors were discussed with a view to identify and assess the impact of such factors on changes in the Banking sector as a whole and for the Bank, in order to initiate remedial action in a proactive manner. Further, various challenges experienced by the Bank due to socio-economic and geo-political factors gave rise to volatile market conditions. The impact of these factors on the Bank’s capital and performance were reviewed closely by the BIRMC, and mitigatory measures were deliberated accordingly to reduce the impact.
• Comprehensive risk oversight was maintained on all financial subsidiaries including Commercial Bank of Maldives and the Bangladesh operations. The Committee deliberated extensively on various risk aspects associated with the Maldives and the Bangladesh Operations, taking into account the unprecedented macro-economic and political uncertainties that prevailed in both countries. Strategic decisions were made to mitigate potential impacts, strengthen resilience and proactively address emerging challenges.
• Data Breach Handling Policy and Procedure was implemented to strengthen and enhance the overall Data Governance Policy Framework of the Bank in accordance with the Personal Data Protection Act No. 09 of 2022.
• Implemented the Risk-Adjusted Return on Capital (RAROC) framework as a comprehensive tool for performance measurement, pricing strategy alignment with underlying risk, and capital allocation optimisation. This framework facilitates the evaluation of the economic feasibility of credit exposures by integrating the risk and return of lending transactions, as well as for the entire portfolio.
• Formulated the Technology Risk Committee and a comprehensive Technology Risk Management Framework to strengthen oversight and enhance monitoring within the technology risk domain. This framework enables the Bank to effectively adapt to the rapidly evolving dynamics of technology-related risks while ensuring the acquisition and continuous development of essential skills required to manage such risks.
• Identified and analysed potential pressure on the Bank's Net Interest Margin (NIM) resulting from the downward trend in market interest rates. Contributed to strategy formulation by supporting decisions to mitigate potential impact, including the recommendation of mixed pricing approaches such as Hybrid Rate Lending Products.
• Approval of parameters and limits set by the Management against various risk categories upon ascertaining that they are in accordance with the relevant laws and regulations as well as the desired policy levels stipulated by the Board of Directors.
• Periodic reports from the Management were reviewed on the metrics used to measure, monitor and manage risks, including acceptable and appropriate levels of risk exposures. The reviews covered both inherent and residual risk levels which indicated the progress of implementing controls and assessing the effectiveness of measures to address the sources of risk.
• Improvements were recommended to the Bank’s Risk Management Framework and related policies and procedures as deemed suitable, in consideration of anticipated changes in the economic and business environment, including consideration for emerging risks, legislative or regulatory changes and other factors relevant to the Group’s risk profile.
• The Key Risk Indicators (KRIs) designed to monitor the level of specific risks were reviewed regularly, with a view of determining the adequacy of such indicators to serve the intended risk management objectives. Moreover, proactive measures were taken to control risk exposures. The actual results computed monthly were reviewed against each risk indicator and prompt corrective actions were recommended to mitigate the effects of specific risks, in case such risks exceeded the prudent thresholds defined by the Board of Directors.
• Reviewed and revised the Terms of Reference of all Management Committees dealing with specific risks or some aspects of risk such as the Executive Integrated Risk Management Committee, Executive Committee on Monitoring NPLs, Credit Policy Committee, Information Security Council, Asset and Liability Committee, etc. for enhanced effectiveness. Actions initiated by the Senior Management were monitored periodically to verify the effectiveness of the measures taken by these respective Committees.
• The annual work plans, related strategies, policies and frameworks of the above Committees were reviewed to ensure that these Committees have a sound understanding of their mandates and mechanisms to identify, measure, avoid, mitigate, transfer or manage the risks within the qualitative and quantitative parameters set by the BIRMC.
• Reviewed and approved the Internal Capital Adequacy Assessment Process (ICAAP) results related to Commercial Bank Group entities to ensure that the Group maintains an appropriate level and quality of capital in line with the risks inherent in its activities and projected business performance.
• Reviewed, approved and oversaw the Bank’s Recovery Plan (RCP) framework and accountability matrix whilst ensuring that RCP is subject to comprehensive internal audit. Moreover, the Early Warning Indicators/Trigger events defined in the RCP paper were periodically monitored in order to assess compliance with regulatory guidelines and Board approved RCP policy parameters.
• Reviewed and approved the identified critical systems essential for uninterrupted banking operations, as per CBSL Banking Act Directions No. 16 of 2021 on Technology Risk Management and Resilience.
• Monitored the effectiveness and the independence of the risk management function within the Bank and ensured the adequacy of resources deployed for this purpose.
• Reviewed the effectiveness of the compliance function in order to assess the Bank’s compliance with laws, regulations, regulatory guidelines, internal controls and approved policies in all areas of business operation. Increasing regulatory expectations, challenging working conditions and heightened levels of misbehaviour of certain customer segments posed further challenges during the period under review in this front.
• Initiated appropriate action through the Management against failures of the Risk Owners in order to improve the overall effectiveness of the Risk Management of the Bank.
• The risk profiles of the Subsidiaries of the Bank were monitored through periodic review of KRIs and comprehensive annual risk reviews.
• Continually overseeing the Sustainable Banking Initiatives performed by the Bank (through Executive Sustainable Banking Committee) whilst consistently directing the Data Governance Framework of the Bank and periodically evaluating the adequacy of controls deployed with regard to confidentiality, integrity and availability of Data Assets.
• Reviewed the adequacy of the Business Continuity and Disaster Recovery plans of the Bank, in line with the statutory requirements.
• Findings from the bi-annual Risk Control Self-Assessment (RCSA) exercise were reviewed.

During the year under review, the BIRMC held four (04) meetings on a quarterly basis and one (01) additional meeting specifically to discuss the ICAAP of the Bank.

Proceedings of the Committee meetings which also included activities under its Charter were regularly reported to the Board of Directors.

Ms J Lee*
Chairperson
Board Integrated Risk Management Committee

R Senanayake**
Chairman

February 28, 2025

* Chairperson of the BIRMC up to December 31, 2024

** Chairman of the BIRMC with effect from January 01, 2025.

Terms of Reference of the Committee

The Committee was established to ensure Board’s oversight and control over the selection of Directors, Chief Executive Officer and Key Management Personnel. The Composition and the scope of work of the Committee are in line with the Terms of Reference of the Committee. The Committee makes recommendations to the Board on all new appointments to the Board and Key Management Personnel in line with its Terms of Reference. The Committee has overall responsibility for ensuring that the Board and its Committees have the appropriate balance of skills, experience, independence, diversity, and expertise to effectively discharge their respective duties and responsibilities. Refer “Composition of the Board and attendance at meetings” in Figure – 45 on page 199 for further information in this connection.

The BNGC assists the Board of Directors in fulfilling its responsibilities includes:

• Review the composition of the Board and its Board Committees and make recommendations for approval by the Board, of the membership of Board and Board Committees.
• Review the leadership needs of the organisation, both executive and non-executive with a view to ensuring long term sustainability of the organisation to compete effectively in the market place.
• Implement a procedure for the appointment and re-appointment of Directors to the Board taking into account factors such as fitness, propriety including qualifications, competencies, independence and relevant statutory provisions and regulations.
• Oversee appointment and composition of the Sharia Supervisory Board (SSB or Sharia Board) of the Islamic Banking Unit (IBU).
• Implement a procedure for the selection/ appointment of Managing Director/Chief Executive Officer, Chief Operating Officer and other Key Management Personnel.
• Set the criteria such as qualifications, competencies, experience, independence, conflict of interest and other key attributes required for the eligibility to be considered for the appointment or promotion to the position of Managing Director/Chief Executive Officer, Chief Operating Officer and Key Management Personnel.
• Prior to any appointment being made to the Board, evaluate the balance of skills, knowledge, experience and diversity on the Board and in the light of this evaluation, prepare a description of the role and capabilities required for a particular appointment.
• Consider in respect of the Executive Directors and Key Management Personnel proposals for their appointment or promotion and any proposal for their dismissal or any substantial change in their duties or responsibilities or the terms of their appointment.
• Prior to the appointment of a Director, ensure that the proposed appointee would disclose any other business interests that may result in a conflict of interest and report any future business interests that could result in a conflict of interest.
• Consider and recommend from time to time, the requirements of additional/new expertise for Directors and other Key Management Personnel.
• Propose the maximum number of listed Company Board representations which any Director may hold in accordance with relevant statutory provisions and regulations.
• Peruse duly completed Affidavits and Declarations of all Directors and Key Management Personnel and recommend same for approval of the Board.
• Formulates and regularly review plans for succession for Key Management Personnel, Executive and Non-Executive Directors in the Board and in particular the key roles of Chairman, Chief Executive Officer and Chief Operating Officer, taking into account challenges and opportunities facing the Company and skills needed in the future.
• Make recommendations to the Board concerning suitable candidates for the role of Senior Independent Director in instances where Chairman is not an Independent Director, and membership of other Board Committees as appropriate in consultation with the Chairpersons of those Committees. Additionally, the Committee ensures that all Directors are required to submit themselves for re-election at regular intervals, and at least once in every three years, in accordance with the provisions of the Articles of Association of the Bank.
• Review and recommend the overall Corporate Governance framework of the Bank taking into account the Listing Rules of the CSE, other applicable regulatory requirements and industry/international best practices.
• Monitor the progress of any relevant Corporate Governance or Regulatory Developments and recommend any actions or changes it considers necessary for Board approval and ensure compliance with existing Laws and regulations.
• Be authorised to express their independent views when making decisions.
• Be authorised by the Board to obtain, at the Bank’s expense, outside legal or other professional advice on any matters within its Terms of Reference.
• Make recommendations to the Board concerning indemnity and insurance cover to be taken in respect of all Directors and Key Management Personnel in accordance with the Articles of Association, relevant statutory provisions and regulations.
• Invite any member of the Corporate Management, any member of the Bank staff or any external advisers to attend meetings as and when appropriate and necessary.

Activities in 2024

In discharging the above duties and responsibilities vested in the BNGC, the Committee obtained declarations from all Directors (except the two Executive Directors) through a prescribed format, confirming their status of independence. During the reporting period, there were no major issues that needed to be communicated to the Independent Directors. Affidavits signed by each of the Directors in the prescribed format were obtained with the assistance of the Company Secretary to satisfy an annual requirement imposed under a Direction issued by the Central Bank of Sri Lanka (CBSL) and the originals of same were furnished to the Director of Bank Supervision of CBSL to enable the CBSL to re-assess their fitness and propriety.

In addition, Affidavits signed by each of the Director was obtained with the assistance of the Colombo Stock Exchange to satisfy a regulatory requirement imposed on the Bank by the Colombo Stock Exchange to reinforce the Directors commitment towards upholding their Fitness and Propriety.

Furthermore, the Committee reviewed and recommended the introduction of the following Policies to ensure Compliance with the revised Listing Rules of the Colombo Stock Exchange,

• Policy on Relations with Shareholders and Investors
• Board Disclosure Policy
• Policy on Board Committees
• Policy on Corporate Governance, Nomination and Election
• Policy on Internal Code of Business Conduct & Ethics – Applicable to the Members of the Board
• Policy on Matters relating to the Board of Directors
• Environmental, Social, and Governance (ESG) Policy
• Policy on Control and Management of Company Assets and Shareholder Investments

Upon the retirement of Prof A K W Jayawardane, former Chairman of the Bank during the year and after careful evaluation, the Committee recommended the appointment of the new Chairman and the new Deputy Chairman.

The Committee, having considered the vacancy created in the Board by the retirement of Prof A K W Jayawardene, former Chairman, identified a suitable person and recommended the appointment of Mr P Y S Perera as an Independent – Non-Executive Director to the Board in October 2024.

Based on the Committee’s recommendations, the Board approved several significant changes in the Key Management Personnel cadre during the year. These changes included the appointment of a new Deputy General Manager – HRM (Designate) in anticipation of the retirement of the incumbent Deputy General Manager – Human Resource Management, the promotion of two Senior Officers to the Assistant General Manager grade, and the re-designation of an Assistant General Manager. Additionally, the Deputy General Manager – Corporate Banking was re-designated as the Deputy General Manager – International, and, consequently, the Deputy General Manager – Retail Banking & Marketing was re-designated as the Deputy General Manager – Corporate Banking.

During the year, the Committee recommended to the Board suitable candidates for the appointments of Directors to the Boards of the Bank’s subsidiaries.

As provided for in the Articles of Association of the Bank, the Committee recommended the retirement by rotation of two Directors, namely, Mr L D Niyangoda and Ms D L T S Wijewardena and the election of one Director, i.e. Mr P Y S Perera, who was appointed to fill a casual vacancy on the Board during the year 2024. The Committee ensures that all Directors are required to submit themselves for re-election at regular intervals, and at least once in every three years, in accordance with the provisions of the Articles of Association of the Bank.

The Committee noted the following information regarding Directors who are elected/re-elected during the year as aforesaid:

Name of Director	Board Committees in which the Director is a Chairman	Date of first appointment as Director	Date of last re-appointment	Directorships or Chairpersonships and other principal commitments both present and those held over the preceding three years in other Listed Entities	Any relationships including close family relationships between the candidate and the directors, the Listed Entity or its shareholders holding more than ten per-centum (10%) of the shares of the Listed Entity.
Ms D L T S Wijewardena	Board Technology Committee	March 31, 2021	March 30, 2022 (Elected under Article 92 of the Articles of Association)	Refer “Board of Directors and profiles”	None
Mr L D Niyangoda	None	August 26, 2016	March 30, 2022 (Re-elected under Article 86 of the Articles of Association)	Refer “Board of Directors and profiles”	None
Mr P Y S Perera	Board Audit Committee	October 02, 2024	N/A	Refer “Board of Directors and profiles”	None

The BNGC conducted periodic evaluations on the performance of the Board of Directors and the Chief Executive Officer to ensure that their responsibilities are satisfactorily discharged. The Board approved the Succession Plan in January 2024, as recommended by the Committee.

The BNGC ensures that induction programs and orientation sessions for newly appointed Directors, covering corporate governance, Listing Rules, securities market regulations, and other applicable laws and regulations, are conducted by the Bank after their appointment. This is to ensure they have a thorough understanding of their roles and responsibilities. For the newly appointed Director of 2024, these sessions are scheduled to be conducted during the 1st quarter of 2025. The Committee continued to work closely with the Board of Directors on matters assigned to it and duties and responsibilities delegated to it in terms of the Committee Terms of Reference and reported back to the Board of Directors with its recommendations.

An annual update was provided to existing Directors on Corporate Governance, Listing Rules, and other applicable laws and regulations by the former Compliance Officer in June 2024. The Bank has fully complied with the Corporate Governance requirements stipulated under the Listing Rules of the Colombo Stock Exchange (CSE). Additionally, the Bank has met all provisions outlined in the Banking Act Direction No. 11 of 2007 on Corporate Governance for Licensed Commercial Banks in Sri Lanka. The Bank is fully committed to ensuring complete alignment with the updated regulations under the new rules under Banking Act Directions No. 5 of 2024 on Corporate Governance for Licensed Banks.

During the year under review, the BNGC held ten (10) meetings.

Proceedings of the Committee meetings which also included activities under its Charter were regularly reported to the Board of Directors.

Ms J Lee
Chairperson
Board Nominations and Governance Committee

February 28, 2025

Terms of Reference of the Committee

The Committee is vested with power to evaluate, assess, decide and recommend to the Board of Directors on any matter that may affect the Human Resources Management of the Bank and shall specifically include:

• Determining the compensation of the Chairman, Deputy Chairman, Managing Director and other members of the Board of Directors of the Bank.
• Determining the compensation and benefits of the Key Management Personnel (KMP) and establishing performance parameters in setting their individual targets.
• Lay down guidelines, policies and parameters for the compensation structures for all executive staff of the Bank and oversee the implementation thereof.
• Review information related to executive pay from time to time to ensure same is in par with the market/industry rates as per the strategy of the Bank.
• Setting goals and targets for the Directors, Managing Director and KMP.
• Evaluate the performance of the Managing Director and KMP against the pre agreed targets and goals.
• Make recommendations to the Board of Directors from time to time of the additional/new expertise required at the Bank.
• Assess and recommend to the Board of Directors, succession management and issues connected to the Organizational Structure.
• Recommend/decide/direct on disciplinary action where significant financial or reputational loss to the Bank is caused by KMP of the Bank.
• Review of the effectiveness of Terms of Reference of the Executive Human Resources Steering Management Committee.

The Chairman of the Committee can convene a special meeting in the event a requirement arises provided all members are given sufficient notice of such special meeting. The quorum for a meeting is three (3) members. Members of the Corporate Management may be invited to participate at the sittings of the Committee meetings as and when required by the Chairman, considering the topics for deliberation at such meetings.

Guiding Principles

The overall focus of the Committee:

• Setting guidelines and policies to formulate compensation packages, which are attractive, motivating and capable of retaining qualified and experienced employees in the Bank.
• Providing guidance and policy direction for relevant matters connected to general areas of Human Resources Management of the Bank.
• Ensuring that the performance related element of remuneration is designed and tailored to align employee interests with those of the Bank and its main stakeholders and support sustainable growth.
• Structuring remuneration packages to ensure that a significant portion of the remuneration is linked to performance, to promote a pay for performance culture.
• Promoting a culture of regular performance reviews to enable staff to obtain feedback from their superiors in furtherance of achieving their objectives and development goals.
• Developing a robust pipeline of talent capable and available to fill key positions in the Bank.

Methodology adopted by the Committee

The Committee recognizes rewards as one of the key drivers influencing employee behaviour, thereby impacting business results. Therefore, the reward programmes are designed to attract, retain and motivate employees to perform by linking performance to demonstrable performance-based criteria. In this regard, the Committee evaluates the performance of the Managing Director and KMP against the pre-agreed targets and goals that balance short-term and long-term financial and strategic objectives of the Bank.

The Bank’s variable (bonus) pay plan is determined according to the overall achievements of the Bank and pre-agreed individual targets, which are based on various performance parameters. The level of variable pay is set to ensure that individual rewards reflect the performance of the Bank overall, the particular business unit and individual performance. The Committee makes appropriate adjustments to the bonus pool in the event of over or under achievement against predetermined targets. In this regard, the Committee can seek external independent professional advice on matters falling within its purview.

Further, the Committee may seek external agencies to carry out salary surveys to determine the salaries paid to staff vis-à-vis the market position, enabling the Committee to make informed decisions regarding the salaries and perquisites in the Bank.

Activities in 2024

The Committee reviewed the Performance Appraisals of Corporate Management Members, including the Managing Director/Chief Executive Officer, and provided key observations and recommendations to the Board. It also recommended performance-based rewards for staff, considering the applicable scheme, the Bank’s performance, and market benchmarks, for the approval of the Board.

Additionally, necessary changes within the Corporate Management grade were evaluated, taking into account the Bank’s Succession Plan and the availability of suitable candidates. This assessment aligned with the Bank’s long-term needs and the career progression of key individuals in this grade.

The Committee also examined necessary modifications to the Bank's Organization Structure to support future growth and create career advancement opportunities for employees. Furthermore, it evaluated Management's efforts in attracting and retaining top talent, developing capabilities, and enhancing the Bank's compensation and reward systems.

The Committee held Three (03) meetings during the year under review and the proceedings of the Committee meetings, which also included activities under its Terms of Reference, were regularly reported to the Board of Directors with its comments and observations. There were no meetings conducted during the last quarter of the year although a few urgent papers were approved by circulation.

R Senanayake*
Chairmen
Board Human Resources and Remuneration Committee

Dr S Selliah **

February 28, 2025

*Chairman of the BHRRC from October 01, 2024 up to December 31, 2024

** Chairman of the BHRRC with effect from January 01, 2025.

Terms of Reference of the Committee

Demonstrating its commitment to good governance, the Board of Directors of the Bank (being one of the few listed entities to do so) formed the BRPTRC in 2014 by early adoption of the Code of Best Practice on Related Party Transactions as issued by the Securities and Exchange Commission of Sri Lanka (SEC) which became mandatory for all listed entities from January 01, 2016.

The Committee assists the Board in reviewing all related party transactions (RPT) carried out by the Bank, all its subsidiaries and the associate in the Group to ensure that the interests of shareholders as a whole are taken into account by the Bank when entering into RPT and also to ensure that Directors, Key Management Personnel (KMP) and shareholders with material shareholding of the Bank do not secure any undue advantage due to their positions, thereby avoiding any conflicts of interest. The Committee also assists the Board in maintaining transparency in relation to RPT with the required disclosures.

The mandate of the Committee includes inter-alia, the following:

• Developing, updating and recommending a RPT Policy consistent with that proposed by the Section 9 of the Listing Rules on Corporate Governance issued by the Colombo Stock Exchange (CSE), the Banking Act No. 30 of 1988 and amendments thereto and the Directions issued thereunder for adoption by the Board of Directors of the Bank and its listed subsidiaries.
• Updating the Board of Directors on the RPT of the Bank and each of the companies in the Group as and when required.
• Advising the Board in making immediate market disclosures on applicable RPT as required by Section 9.14.7 of the Listing Rules of the CSE.
• Advising the Board in making appropriate disclosures on RPT in the Annual Report as required by Section 9.14.8 of the Listing Rules of the CSE.
• Reviewing and recommending RPT as per the RPT Policy for the approval of the Board of Directors.

Methodology adopted by the Committee

• Reviewing the mechanisms in place to obtain declarations from all Directors (at the time of joining the Board and quarterly thereafter) by the Company Secretary, the primary contact point for Directors, of any existing or potential RPT carried out by them or their Close Family Members (CFM) and obtaining further declarations in the event of any change during the quarter to the positions previously disclosed.
• Reviewing the mechanisms in place to obtain confirmations on any new appointments accepted by Directors of the Bank in other entities as KMP, informing the Company Secretary to identify and capture transactions carried out by the Bank with such entities, if any, which need to be disclosed under “Directors” Interest in Contracts with the Bank’ as disclosed on pages 252 and 253 of this Annual Report.
• Reviewing the mechanisms in place to capture and feed relevant information on RPT, which also includes information on KMP, CFM and the Bank’s subsidiaries and the associate into the data collection system and the accuracy of such information.
• Ensuring that a Director who has a material personal interest in matters considered at meetings is abstained while the matter is being discussed at meetings and does not take part in recommending such RPT to the Board of Directors.
• Obtaining an annual declaration from each Director, as required by the CBSL which is designed to elicit information about any existing or potential RPT.
• Ensuring that annual declarations are submitted by Directors directly to the Bank’s external auditor immediately after the closure of the Financial Year for external audit purposes.
• Obtaining independent validation from the Bank’s Internal Audit division for information submitted to the Committee for its review.

Following types of RPT were brought to the attention of the Committee during the year under review as required by the Sections 3(7)(iv) and (v) of the Banking Act Direction No. 11 of 2007 on Corporate Governance for Licensed Commercial Banks in Sri Lanka and the Sections 7.3 and 7.4 of the Banking Act Direction No. 05 of 2024 on Corporate Governance for Licensed Banks issued by the CBSL.

• Any credit facility or any other form of accommodation for Related Parties – “Individuals” as identified by the Directions aforesaid as approved by the Board.
• Any credit facility or any other form of accommodation for Related Parties – “Entities” as identified by the Directions aforesaid as approved by the Board.

Activities in 2024

As part of the Bank's policy review process, the RPT Policy was reviewed and updated during September/ October 2024, whilst ensuring that the revised policy complies with the requirements of the Section 9 of the Listing Rules issued by the CSE and the requirements set out in the Banking Act Direction No. 05 of 2024 on Corporate Governance for Licensed Banks aforesaid. The amended RPT Policy was approved by the Board of Directors in October 2024 and arrangements were also made to disseminate the amended RPT Policy among all relevant stakeholders for their acknowledgement and implementation. Further, awareness sessions were also conducted by the Finance Division for relationship managers and the regional managers to educate them on the requirements of the new Banking Act Direction. In addition, the Terms of Reference of the Committee was also reviewed in September 2024 and was approved by the Board of Directors in October 2024. Further, the Committee deliberated and took several steps to improve the processes involved in the identification of RPT including a project to identify the Related Parties in the Bank’s Core Banking System and the Loan Origination System.

The Committee held four (4) meetings during the year under review as required by Section 9.14.4 (1) of the Listing Rules. The Committee reviewed all RPT carried out during the year at its quarterly meetings and the proceedings of the Committee meetings, which also included activities under its Terms of Reference, were regularly reported to the Board of Directors for information.

R Senanayake*
Chairmen
Board Related Party Transactions Review Committee

P M Kumarasinghe**

February 28, 2025

*Chairman of the BRPTRC up to December 31, 2024

** Chairman of the BRPTRC with effect from January 01, 2025.

Terms of Reference of the Committee

The BCC assists the Board of Directors in effectively fulfilling its responsibilities relating to Credit Direction, Credit Policy and Lending Guidelines of the Bank in order to inculcate healthy lending culture, meeting standards and best practices and ensure relevant rules, regulations and directions issued by the appropriate authorities are complied with.

Responsibilities of the BCC include:

• Review and consider changes proposed by the Management from time to time to the Credit Policy and the Lending Guidelines of the Bank.
• Review the credit risk controls in lending, ensure alignment with the market context and the internal policy of the Bank and the prevailing regulatory framework in order to ensure continuous maintenance and enhancement of the overall quality of the Bank’s loan book.
• Evaluate, assess and approve credit proposals which fall within the delegated authority level of the Committee as prescribed by the Board from time to time.
• Evaluate, assess and approve concessions on interest and writing off of bad debts within the delegated authority level of the Committee as prescribed by the Board from time to time.
• Review and recommend credit proposals which fall within the purview of the Board.
• Evaluate and recommend counter party exposures, sector exposures and cross border exposures to the Board as per the frequencies identified in Risk Management Policy of the Bank.
• Monitor and evaluate special reports called for by the Board.
• Set lending directions based on the current economic climate and risk appetite of the Bank.
• Proactively review, discuss and remedy significantly large lending exposures with increased vulnerabilities.
• The Committee works very closely with the Key Management Personnel and the Board in fulfilling its statutory, fiduciary and regulatory responsibilities for risk management.

Activities in 2024

The activities carried out by the Committee are appended below:

• In the face of a challenging environment characterised by the effects of unprecedented domestic, macroeconomic and other challenges including reduced consumer spending power, prolonged conclusion of the ISB restructure, political uncertainties that prevailed over most of the year and global externalities such as armed conflicts, political turmoil, the regime changes, disruption of markets etc., the Committee strategically sets the Bank’s lending directions. It seeks to ensure prudent management of the Bank’s credit growth while aiming to maintain and improve credit quality, with a commitment to incorporating sustainable practices that align with environmental and social responsibility.
• The Committee approved credit proposals above a predetermined limit, recommended credit proposals and other credit reports intended for approval/perusal by the Board of Directors after careful scrutiny. The Committee also focused on large exposures of the Bank.
• The Committee provided guidance for the implementation of customer profit ability metrics such as Gross Return Assets (GROA), Net Return on Assets (NROA) and capital Adjusted Return Metrix.
• The Committee deliberated strategies and framework for overseas lending for better credit and FX related risk management.
• The Committee deliberated on credit related implications from political changes for the Bank’s operations in Bangladesh and Maldives.
• These tasks were carried out by the Committee in line with the Bank’s lending policies, keeping to regulator guidelines and compliances and credit risk appetite to ensure that the lending portfolios were managed in line with the stipulated credit risk parameters set by the Board of Directors while achieving the Bank’s lending targets.
• Reviewed and revised the Terms of Reference of the BCC

During the year under review, the BCC held Twelve (12) meetings and the proceedings of the BCC meetings were regularly reported to the Board of Directors.

S Muhseen
Chairman
Board Credit Committee

February 28, 2025

Terms of Reference of the Committee

BIC is mandated to achieve the Bank’s financial goals, whilst maintaining market risk and liquidity risk at desired levels and maintaining a healthy capital buffer at all times.

The BIC reviews and approves the policies and operating parameters for investment activities, initiates discussions on capital management of the Bank, reviews and recommends significant investment decisions and reviews the performance of investment portfolios.

In addition, the Committee also evaluates the Bank’s overall liquidity management operations, treasury investments and borrowing activities, and the capital adequacy. The Bank’s borrowing proposals are evaluated by the Committee together with the liquidity requirement and deployment, and suitable recommendations are provided.

The Committee also evaluates the impact of possible macroeconomic developments and trends to the profitability, liquidity, balance sheet, and capital through sensitivity and scenario analysis. As part of macroeconomic analysis process the Committee also recommends and sanctions undertaking of relevant research, investment in enhancing and developing research and analytical capabilities and acquisition of required technical and human resources.

The Committee continuously benchmarks the performance of the Bank’s investment portfolios, returns of the banking book, profitability of its business activities and implied risks factors associated with investment decisions.

Methodology adopted by the Committee

The Committee meets monthly to discuss, review and action on following key responsibilities.

• Defining the investment objectives and guidelines of the Bank in alignment with the Bank’s strategic goals and risk tolerance, taking into consideration the market conditions, regulatory changes and economic trends.
• Overseeing the implementation of the investment objectives in line with the investment related policies of the Bank by defining the asset allocations, investment horizons and potential returns.
• Approving the investment limits to be set for the Executive Investment Committee by setting the performance benchmarks and measurement criteria for different portfolios, liquidity credit and market risk parameters and reporting requirements.
• Making decisions on investments which fall beyond the limits of the Executive Investment Committee by evaluating the potential investment opportunities, risk return profiles of investments with due consideration for profitability and sustainability.
• Providing guidance on the investment activities of the Bank through oversight of the Due Diligence process, documentation, financial modeling and feasibility analysis and legal agreements. The Committee will ensure that the Bank adhere to the market best practices at all times in its investment activities.
• Provide regular updates and recommendations to the Board of Directors of the Bank on the investment opportunities and decisions approved by the Committee, performance review of portfolios, risk management measures and ensure that all Board Members are well informed of the Bank’s investment activities.

Activities in 2024

The continuously evolving banking landscape required the Committee to regularly review the Bank’s investment activities and financial position. The Committee evaluated and recommended the actions proposed by the Management in areas of investment, risk management and capital mobilisation during the year for the approval of the Board of Directors of the Bank.

Following key areas where the Committee was required to recommend and make decisions can be highlighted.

• Review of the investment and trading portfolio limits for LKR securities to allow better assets and liabilities management by the Bank’s treasury.
• Continuous review of the Bank’s FX Management Policy to optimise the impact high volatility of LKR and BDT on the Bank’s balance sheet. This encompasses the revaluation impact of LKR appreciation on the reserves and risk weighted FCY assets of the Sri Lanka operations, impact of the BDT currency depreciation in Bangladesh operations and continuous evaluation of the balance sheet positioning of both SL and Bangladesh balance sheet to gauge the FX and interest rate impact.
• Recommendation of the Bank’s Rights Issue under Capital Augmentation Plan and Tier 2 debt issuance of the Bank to strengthen the capital base.
• Approving the acceptance of the Bond Exchange program under restructuring of International Sovereign Bonds of the Government of Sri Lanka.
• Adoption of the Terms of Reference for the Committee, review and recommendation of the Bank’s ALM, Treasury and Investment policies for approval by the Board of Directors of the Bank.
• Reconstitution of the Bank’s investment and trading activities in the fixed income securities to optimise the investment returns and segregation of trading and liquidity management activities from statutory investment requirements.
• Defining parameters for macroeconomic research covering Sri Lanka and Bangladesh markets, key policy developments and forecasts.

Dr S Selliah
Chairman
Board Investment Committee

February 28, 2025

Terms of Reference of the Committee

The primary objective of the Board Technology Committee is to ensure that the organisation’s technology initiatives align with its overarching strategy and objectives while maintaining secure, reliable, and compliant technology systems that adhere to applicable regulations and standards.

This Charter outlines the framework, responsibilities, authorities, and duties of the Board Technology Committee. The Committee’s key focus areas include, but are not limited to, the following:

• Technology Strategy: Overseeing the alignment of technology initiatives with organisational goals.
• Technology Roadmaps: Evaluating and guiding the development of long-term technology plans.
• Digital Transformation: Driving initiatives that modernise and digitise operations.
• Emerging Technology: Monitoring and leveraging innovative technologies for strategic advantage.
• IT Infrastructure: Ensuring robust, scalable, and secure technology infrastructure.
• Technology Investment: Assessing and prioritising investments in technology.
• Progress Review of Key IT Initiatives: Monitoring and evaluating the implementation and outcomes of significant IT projects.

Activities in 2024

The Committee convened on nine (09) occasions during the year, with the proceedings of each meeting duly reported to the Board of Directors, along with its recommendations and observations.

The Committee prioritised several strategic areas considered pivotal for the Bank’s transition to a digital era while ensuring the robustness and reliability of its IT infrastructure. Key focus areas included the development of a Digital Transformation Roadmap and AI and Data Science Strategy. The Committee also oversaw the organization’s Information Security initiatives, IT infrastructure enhancements, and technology-related investments, providing recommendations to the Board where necessary.

Key IT Initiatives in 2024

• Microservices-Oriented Architecture: Adoption of a microservices-based architecture to enhance system flexibility, scalability, and resilience.
• Digital Signature Solution: Implementation of a digital signature platform to ensure secure and efficient document authentication across the Bank’s operations.
• Enterprise-Class Customer Relationship Management (CRM) Platform: Deployment of a sophisticated CRM system to provide a seamless, unified 360-degree view of customer profiles and interactions, enhancing customer engagement and service delivery.
• AI and Data Science Strategy: Collaborating with a leading international consultancy, the bank has outlined a dynamic, forward-looking AI and machine learning (ML) strategy designed to adapt over the next five years. This strategy includes a robust data governance framework to ensure scalability, security, and ethical implementation, allowing the bank to remain agile and responsive to the fast-evolving AI landscape.
• Low-Code/No-Code Platforms: Introduction of business process automation tools that enable IT and business users to rapidly design, develop, and deploy applications with minimal coding requirements.
• Centralised Identity and Access Management: Establishment of a centralised platform for provisioning and managing user identities and access across both internal and external-facing applications.
• Trade Finance Platform Upgrade: Enhancement of the Trade Finance platform to enable fully online customer operations, integrating seamlessly with related systems for an end-to-end digital journey.
• Interactive eStatements: Launch of interactive electronic statements to provide customers with actionable insights into their transactions across various banking products, including credit cards, CASA accounts, withholding tax certificates, and other advisories.
• Asset and Liabilities Management System: Implementation of a system to simulate the impact of economic factors on the Bank’s balance sheet, improving transparency and collaboration between the funding center and business units.
• Observability Platform: Adoption of a leading global observability platform to optimise application performance management and ensure seamless operational monitoring.

In 2024, the Bank was successfully recertified for ISO 20000 (IT Service Management), ISO 27001 (Information Security), and PCI-DSS (Payment Card Industry Data Security Standard). These globally recognised certifications affirm the Bank's adherence to robust IT systems, information security, and service management practices, enhancing customer confidence and trust.

Demonstrated exceptional Disaster Recovery and Resilience capabilities by operating seamlessly from the DR Data Center for three months, supporting over 200 servers and applications. Achieved the distinction of being the first bank to accomplish this milestone.

Projects in Progress

In line with the Bank’s commitment to innovation, operational excellence, and enhanced customer experience, several strategic initiatives were undertaken to modernise systems and processes. These initiatives aim to strengthen digital capabilities, improve security, and optimise internal operations:

Corporate Digital Platform: Implementation of a cutting-edge digital platform designed to empower business users with advanced tools and seamless functionality.

Enhanced Security Operations Center (SOC): Strengthening the Bank’s Security Operations Center to ensure robust threat detection, prevention, and incident response capabilities.

Super App: Introduction of a consolidated digital banking application offering customers a unified, comprehensive platform for all banking services.

Human Resource Information System: Deployment of an advanced Human Resource Information System (HRIS) to streamline and optimise HR processes and employee management.

The committee has given its recommendations for following major initiatives of the Bank

• New Server Consolidation and Virtualisation Solution
• Implementation of Customer Identity and Access Management Solution (CIAM)
• Purchase of 50 CRM and 75 ATMs
• Implementation of Application Performance Monitoring Solution (APM)
• Change of Implementation Partner for SAS AML Solution
• Information Technology Service Management (ITSM) Tool
• Purchase of 1,617 Nos. Personal Computers
• Gmail License
• Implementation of Loan Originating System for Bangladesh Operations (LOS)
• Low Code/No Code platform
• Agency Banking Solution
• Enhancements to ComBank Digital Application
• Corporate Digital Banking Solution
• Virtual Cards and Q+ Feature Enhancements

Ms D L T S Wijewardena
Chairperson
Board Technology Committee

February 28, 2025

 

Terms of Reference of the Committee

The BSDC was established to have an overall Bank-wide strategic management oversight. The Committee is empowered:

• To assist the Board in performing its core responsibilities relating to the Bank’s strategy.
• To advise and monitor the Management on:
• Identification of business strategies geared for the sustainable development of the Bank; and
• Establishment of processes for planning, implementing, assessing and adjusting of the business strategies.
• To oversee the Management’s engagement on the strategic perspective, direction and development of the strategy for the Bank and its business units.
• To oversee the Management’s implementation of the approved strategic plan and the progress against strategic milestones and goals.
• To oversee the Management’s implementation of major business transformation projects and their execution.
• To engage in detailed discussion and provide guidance to the Management on:
• Whether the governance, risk appetite, financial and capital planning, liquidity and funding management, risk and control environment and resources can support the Bank’s strategic objectives.
• Divestitures, Mergers and Acquisition (M&A) strategies including post transaction performance tracking.
• The impact of changes in the competitive environment.
• To foster a cooperative, interactive strategic planning process between the Board and the Management.
• To provide recommendations for strategic direction of the Bank’s subsidiaries whenever appropriate.

Activities in 2024

The activities carried out by the Committee are appended below:

• Highlighted the significance of improving customer experience and discussed the staff training needs, and the tools required to facilitate this effort.
• Deliberated on the importance of standardising service levels across all customer touch points.
• Discussed the significance of distinguishing the Bank’s service standards to secure a competitive edge in the financial industry.
• Discussed initiatives to enhance customer experience for staff and the appointment of a Customer Experience Officer to oversee these improvements
• Reviewed the progress made in enhancing the bank's digital banking platform and product offerings and evaluated their impact on customer engagement and satisfaction.
• Discussed the use of data analytics and AI to improve customer experience.
• Requested regular presentations by the CIO on the technology roadmap and ongoing technological developments within the bank.
• Deliberated and assessed various aspects concerning the digital banking platform of the Bank, exploring strategic insights, potential enhancements, and key considerations to propel its effectiveness.
• Deliberated strategies to enhance the contribution of subsidiaries to the overall Group performance and identified the way forward for optimising their operations and alignment with the Group’s objectives.
• Conducted the Mid-Year Review of the Bank’s 2024 Budget and 2024-2028 Strategic Plan.
• Discussed matters relating to the 2025 Budget of the Bank.
• Deliberated on the Banks 5 year development plan setting the Vision for the future.
• Deliberated on the potential stress on the capital adequacy arising due to many external factors and measures that need to be taken to augment capital adequacy.
• Received frequent updates on the progress of the initiatives taken in relation to the Government debt restructuring programme, and deliberated on their impact.
• Reviewed and discussed matters of importance arising from the Minutes of the Executive Strategy Development Committee Meetings.
• Considered the market share analysis and discussed matters relating to same.
• Discussed strategies for the company’s overseas expansion, focusing on potential markets and entry strategies.
• Given the challenging operating environment and the consequent stresses on the Bank, the Committee recommended appropriate revisions to its expansion plans.
• Conducted discussions regarding the initiation of operations at the Colombo Port City, exploring feasibility, strategic implications, and operational considerations to make informed decisions moving forward.

During the year under review, the BSDC held Six (06) meetings and the proceedings of the BSDC meetings were regularly reported to the Board of Directors.

S Muhseen
Chairman
Board Strategy Development Committee

February 28, 2025

The BCERC was established in accordance with Item 3.5 of the Banking Act Directions No. 01 of 2023 on Restrictions on Discretionary Payments of Licensed Banks and subsequent amendments thereto which mandates Licensed Banks to form a Board-Level Subcommittee to operate during 2023 and 2024.

Terms of Reference of the Committee

The Committee is entrusted with the responsibility of evaluating, approving, and recommending to the Board for approval all expenses, including non-essential and/or non-urgent expenditure and/or capital expenditure to be incurred by the Bank, if any.

The BCERC assists the Board of Directors in fulfilling its responsibilities by ensuring compliance with the aforementioned Banking Act Direction. Upon receipt of approval by the Bank’s Executive Procurement Committee, the BCERC is empowered to:

1. Review and approve all capital expenditure projects, except for IT-related capital expenditure, which will be recommended by the Board Technology Committee (BTC) for approval by the Board, in terms of the Terms of Reference of BTC, in excess of Rs. 25 Mn. up to Rs. 50 Mn.
2. Review and recommend for approval by the Board all capital expenditure projects, except for IT-related capital expenditure, which will be recommended by BTC in terms of the Terms of Reference of BTC, in excess of Rs. 50 Mn.

In accordance with the BCERC Terms of Reference, the Committee evaluates any expense-related proposals to ascertain whether such expenditure can be considered non-essential or non-urgent. It also discusses the Company's capital expenditure, objectives, and plans with the Management.

The Committee periodically reviews the performance of major capital expenditure projects against original projections. The BCERC works closely with Key Management Personnel and the Board in fulfilling its statutory, fiduciary, and regulatory responsibilities for capital expenditure management.

The Committee is also tasked with executing any other duties or responsibilities expressly delegated to it by the Board from time to time, relating to the Company’s non-essential or non-urgent expenditure and/or capital expenditure. The Committee also monitors and evaluates these projects to ensure they align with the Board's objectives and expectations. Special reports on capital expenditure projects, called for by the Board, are communicated to the Board of Directors periodically through reports following each BCERC meeting.

Activities in 2024

In discharging its duties and responsibilities, the BCERC held four (04) meetings during the year under review.

The Committee’s deliberations and decisions were regularly reported to the Board of Directors for their information and approval, ensuring alignment with the Bank’s strategic objectives and governance framework.

R Senanayake*
Chairmen
Board Capital Expenditure and Review Committee

D N L Fernando**

February 28, 2025

* Chairman of the BCERC up to December 31, 2024.

** Chairman of the BCERC with effect from January 01, 2025.