Financial risk management	12 Months Ended
Dec. 31, 2023
Financial risk management
Financial risk management	The risk is inherent to the Bank’s activities. Risks are classified into two categories: financial and non-financial risks. Financial risks are those associated within the Bank’s business model, with impact in the Bank’s consolidated statements of financial position and profit or loss, as follows: country risk, credit risk, market risk and liquidity risk. Non-financial risks are those related to the Bank’s operating model and the regulatory environment that may affect the integrity of the information, the Bank’s reputation and also its profit or loss accounts, as follows: operational, technological, cybersecurity, compliance (know your customer, money laundering, terrorism financing), environmental, fraud, among others. Lead by the Head of Integrated Risk Management, an ongoing process of identification, measurement, monitoring, control, mitigation and reporting to all operating areas within the Bank is carried out continuously, considering the different types of risks to which the Bank is exposed to, according to the size and complexity of its operations, products and services. The Bank has in place policies, standards and procedures, structures, and manuals relating to integrated risk management, designed to identify potential events that may affect it, all of which are consistent with the risk profile of the business, considering the complexity and the volume of its operations. The Board of Directors is responsible for establishing the Bank’s acceptable risk profile, for which it has the knowledge and understanding of the risks to which the Bank is exposed to. The Board of Directors designate the members of the Risk Policy and Assessment Committee (CPER, for its acronym in Spanish), which is responsible for overseeing the overall risk process within the Bank. CPER oversees the assessment and recommendation for approval of the Board of Directors of all the policies relating to a prudent Integrated Risk Management. Furthermore, the Committee also reviews and assesses the exposure, within the risk levels stated in its policies, by which the Bank is willing to assume the various risks it faces through business management. The Head of Integrated Risk Management directly reports to the CEO and the CPER, and has as a main duty to ensure the integrated risk management of the Bank’s operating model and IT platform, as well as the financial and credit related risks, being responsible for implementing and maintaining risk-related procedures in place to ensure that an independent control process is kept, monitoring compliance of the risk principles, policies and limits at all levels throughout the Bank. The Head of Integrated Risk Management works closely with CPER to ensure that procedures are consistent with the integrated risk management governance framework. Risk Management Committees: - Operational Risk Committee. - Country Risk Committee. - Credit Committee (Management Credit Committee / Board of Director´s Delegated Credit Committee / CPER). - Management and Monitoring Committee. - Asset and Liability Committee (ALCO). - Technological Risk and Information Security Committee The Bank emphasizes the awareness of its employees, promoting a Risk Management culture that has continuity over time and that allows them to understand and assimilate the importance of this concept from each of the processes that are executed within their areas. This is done throughout the training of all employees on an annual basis to raise their awareness in general terms of operational risks, which includes updates on applicable laws and regulations as required. A. Credit risk As part of the embedded risk, the Bank will incur in losses and/or its assets will be impaired as a result of the failure of its borrowers to comply in a timely manner or to meet the terms of credit agreements. The Bank’s customer base consists primarily of corporations, large companies, local and regional financial institutions, as well as state-owned enterprises. The Bank focuses its risk assessment on an in-depth analysis of the entity or economic group that involves: the nature of the business, the countries where it operates, types of products offered, duration of the relationship, track record and reputation, among others. Credit risk management comprises two main stages: origination and monitoring. The credit origination process involves the activities of identifying and analyzing the customer's creditworthiness and approving the terms and conditions for credit extensions. The monitoring process consists of annual credit reviews of existing exposures, "ad hoc" reviews on a case-by-case basis when conditions so require, and portfolio reviews by the Bank's credit committees. The objective is to maximize the risk-adjusted rate of return by keeping credit risk exposures within acceptable parameters. This process involves the Risk and Business Units, as well as the Risk Policy and Assessment Committee (CPER). The Bank determines the appropriate level of allowances for expected credit losses based on a forward-looking process that estimates the probable loss inherent in its credit portfolio and is the result of a statistical analysis supported by the Bank’s historical portfolio performance, external sources, and the judgment of the Bank’s Management. This level of allowance reflects assumptions and estimations made in the context of changing political and economic conditions in the region, in which the Bank operates. The Bank periodically assesses the adequacy and the validity of the allowance for expected credit losses calculation model. When assessing if the calculation model remains valid, characteristics and behavior of the loan portfolio are considered as a fundamental factor, as well as periodic economic analysis that contribute to the active management of the portfolio. A. Credit risk (continued) The Bank's business model holds a low-risk portfolio, which focuses on financial institutions and large leading corporations in the region, including "quasi-sovereign" entities in strategic sectors, with whom it mainly conducts foreign trade operations. Climate risk, like any other risk in general, implies the presence of an extreme natural event, but unpredictable, resulting in a human activity that may be damaged by such event. Consequently, the Bank incorporates into its risk assessment the possible impacts of climate risk that may affect its credit portfolio. Individually assessed reserves The Bank individually assesses the appropriate reserves for certain material financial assets, by considering interest payment delays, credit rating downgrading or any breach of the original contractual terms. Factors considered when determining a reserve include the sustainability of the counterparty’s business plan, its ability to improve performance when facing a difficult financial situation, projected payments and expected results in the event of bankruptcy, the availability of other financial support, the realizable value of collateral, and the timing of expected cash flows. Impairment loss is assessed at each reporting date, unless unforeseen circumstances require special attention on other dates. Collectively assessed reserves Reserves are separately assessed at each reporting date for each portfolio. The collective assessment is made for groups of assets with similar risk characteristics, to determine whether it is appropriate to provide for, due to incurred loss events for which there is objective evidence, but the effects of which are not yet evident in individual loan assessments. The collective assessment considers either portfolio information (e.g. historical losses in the portfolio, delinquency levels, credit utilization, loan-to-collateral ratios and expected collections and recoveries after impairment) and economic data (such as current economic conditions, unemployment, local or industry-specific situations). The Bank generally supports its assessment on historical experience and forward-looking information. However, when significant market, regional and/or global events occur, the Bank includes these macroeconomic factors in its assessments. Depending on the characteristics of the individual or collective assessment, these factors include: unemployment rates, current levels of impaired debt, changes in law, changes in regulation, bankruptcy trends and other consumer data. The Bank may use the above factors, as appropriate, to adjust for impairment. The time elapsed since a loss is incurred and a specific individual reserve requirement is identified should be taken into consideration for the assessment. The impairment reserve is reviewed by credit risk management to ensure alignment with the Bank’s general policy. Financial guarantees and letters of credit are assessed in a similar manner to loans at amortized cost. A supplemental qualitative review may result in adjustments to the level of provisions, based on prospective reviews of potential risk scenarios for businesses or loans not yet captured in the Bank’s historical information. The Bank has developed internal customer, counterparty and country rating models, which allow for proactive risk management in terms of exposure limits, transaction typology and time limits, among others. Derivative financial instruments Credit risk arising from derivative financial instruments is, at any time, limited to those with positive fair values, as recognized in the consolidated statement of financial position at fair value. With derivatives that are settled gross, the Bank is also exposed to settlement risk, which is the risk that the Bank will honor its obligation, but the counterparty will be unable to deliver the value of the consideration. A. Credit risk (continued) Credit Commitments The Bank makes available to its customers guarantees that may require the Bank to make payments on behalf of these customers and to take on commitments to issue lines of credit to ensure their liquidity needs. Letters of credit and guarantees (including standby letters of credit) commit the Bank to make payments on behalf of customers for a specific event, usually related to the import or export of goods. Such commitments expose the Bank to risks similar to those for loans which are mitigated by the same controls established in processes and policies. B. Liquidity risk Liquidity risk is the possibility of an economic loss to the Bank due to the difficulty in liquidating assets or obtaining financial resources on normal terms. The Bank conducts daily reviews of the Liquidity Coverage Ratio (LCR). The LCR methodology follows local standards and guidelines recommended by the Basel Committee. The Bank also monitors the Net Stable Funding Ratio (NSFR), to maintain an adequate funding structure over the long term. Liquidity is controlled through the periodic review of: - The maturity schedule to identify maturity “gaps” in the various timeframes. - Deposit concentration report to identify possible increases in amounts and maturities that may affect the Bank’s liquidity. The Bank has a Liquidity Contingency Plan in place, which was designed to monitor a series of indicators that could trigger a liquidity event, with potential impact on the Bank’s operations and establishes an action plan so that the Bank’s liquidity is always assured. C. Market risk Market risk is the risk that the value of the Bank’s assets and liabilities will decline due to changes in market conditions that may adversely affect its income. The risk is inherent in the financial instruments associated with the Bank’s operations and activities, including: loans, securities, borrowings and debt, derivatives, among others. The main risks include: interest rate risk and foreign exchange risk, which can affect asset prices and result in losses for the Bank. With respect to interest rate risk management, the Bank’s policy requires Management to assess the asset and liability positions in order to reduce potential adverse impacts on net interest income due to market interest rate fluctuations. The Bank manages interest rate risk by closely monitoring the appreciation and decline in value of the assets and liabilities through hedging to reduce potential negative impacts on profit or loss for the period and equity. Management conducts periodic sensitivity analyses simulating market changes in interest rates to determine potential impacts on net interest income (both upward and downward). In addition, the Bank monitors the DV01 limit, for which a parallel 1-base point shock is applied to the interest rate curve and assesses if there is any impact on equity. At the same time, the Bank's Management measures equity sensitivity following the methodology described by the Basel Banking Supervision Committee (Basel III) to measure the interest rate risk implicit in the notional value. Foreign exchange risk is the risk of change in the market value of a financial instrument due to fluctuations in the exchange rate of a given currency. The Bank operates primarily in U.S. dollars, so exposure to this type of risk is minimized. For transactions in currencies other than the US dollar, the Bank manages the exchange rate risk by arranging derivative instruments for hedging purposes, or by establishing natural hedges matching assets and liabilities expressed in the same currency. For liquidity positions, the Bank has established thresholds in order to limit the maximum level of exposure. D. Operational risk Operational risk is the possibility of incurring losses due to deficiencies, failures or inadequacies in human resources, processes, technology, infrastructure, management information, models used, or the occurrence of external events. If this occurs, it can damage the Bank’s reputation and result in regulatory sanctions, which can lead to financial losses. The Bank, like any other financial institution, is exposed to operational risks. The main objective with Operational Risk Management is to reduce losses generated from operational risk and maintain an adequate administration thereof through the use of established management tools such as: risk profile, risk mapping, global and specific limits, operational risk indicators, as well as the analysis of events and incidents recorded in a database in order to monitor action plans on actual or potential risks. As part of an adequate operational risk management, the Bank maintains a Business Continuity Plan to provide effective responses that guarantee the continuity of services and the banking business activities upon the occurrence of events that may create an interruption or instability in its operations. E. Fraud risk Fraud is any intentional act or omission designed to deceive others, resulting in a loss for the victim and/or a gain for the perpetrator. Identification of fraud risk considers both internal and external factors, and their impact on the achievement of the Bank’s objectives. Internal fraud is related to losses arising from any type of action, involving Bank employees, aimed at defrauding, misappropriating property or violating regulations, laws or internal policies. External fraud is related to losses arising from any type of action by a third party aimed at defrauding, misappropriating property or infringing the law. To manage this risk, the Bank has a general fraud risk management program in place, which includes: establishing fraud risk governance policies, evaluating fraud risk, designing and developing control activities to prevent and detect fraud, and investigating fraud, including monitoring and evaluating the fraud risk management program. F. Cybersecurity risk Cybersecurity or information technology security refers to the procedures designed, and measures implemented to protect technological appliances, networks, programs and data against cyber-attacks, in other words, unauthorized access or attacks aimed at operating, or misusing, the Bank’s technology platform to access the financial system. The Bank has approved policies and implemented procedures defining roles and responsibilities for managing information security as part of the IT security and technology risk management framework. These policies and procedures apply throughout the Bank and cover all relationships between the workforce, customers and suppliers, as well as any other individual who, on a permanent or temporary basis with the Bank, has some form of access to data, resource management and IT systems. To counter the risk arising from cyber attacks, the Bank maintains a comprehensive monitoring program of the main attack vectors: emails and end-user devices, as well as the continuous frequency of scans and vulnerability management. To address the risks arising under the hybrid model, the Bank maintains security platforms that provide an adequate level of protection, in order to keep the same security posture, regardless of the physical location of the employees. Additionally, for the risk related to cyber-resilience, the Bank continuously executes internal and external penetration tests in order to have the ability to respond, resist and/or recover from cyber attacks or incidents. The Bank's Information Security Officer is responsible for ensuring compliance with policies and procedures by anyone with access to the Bank’s systems. The Bank also commits to independent third-party reviews of its cybersecurity program. The Bank's cybersecurity program has been developed with a holistic approach, allowing the Bank to encompass both technical and strategic measures in a single framework. This program is based on five fundamental pillars: Perimeter Security, Services and Infrastructure Security, User Security, Data Security, and Security in service providers.

The risk is inherent to the Bank’s activities. Risks are classified into two categories: financial and non-financial risks. Financial risks are those associated within the Bank’s business model, with impact in the Bank’s consolidated statements of financial position and profit or loss, as follows: country risk, credit risk, market risk and liquidity risk. Non-financial risks are those related to the Bank’s operating model and the regulatory environment that may affect the integrity of the information, the Bank’s reputation and also its profit or loss accounts, as follows: operational, technological, cybersecurity, compliance (know your customer, money laundering, terrorism financing), environmental, fraud, among others.

Lead by the Head of Integrated Risk Management, an ongoing process of identification, measurement, monitoring, control, mitigation and reporting to all operating areas within the Bank is carried out continuously, considering the different types of risks to which the Bank is exposed to, according to the size and complexity of its operations, products and services.

The Bank has in place policies, standards and procedures, structures, and manuals relating to integrated risk management, designed to identify potential events that may affect it, all of which are consistent with the risk profile of the business, considering the complexity and the volume of its operations.

The Board of Directors is responsible for establishing the Bank’s acceptable risk profile, for which it has the knowledge and understanding of the risks to which the Bank is exposed to. The Board of Directors designate the members of the Risk Policy and Assessment Committee (CPER, for its acronym in Spanish), which is responsible for overseeing the overall risk process within the Bank.

CPER oversees the assessment and recommendation for approval of the Board of Directors of all the policies relating to a prudent Integrated Risk Management. Furthermore, the Committee also reviews and assesses the exposure, within the risk levels stated in its policies, by which the Bank is willing to assume the various risks it faces through business management.

The Head of Integrated Risk Management directly reports to the CEO and the CPER, and has as a main duty to ensure the integrated risk management of the Bank’s operating model and IT platform, as well as the financial and credit related risks, being responsible for implementing and maintaining risk-related procedures in place to ensure that an independent control process is kept, monitoring compliance of the risk principles, policies and limits at all levels throughout the Bank. The Head of Integrated Risk Management works closely with CPER to ensure that procedures are consistent with the integrated risk management governance framework.

The Bank emphasizes the awareness of its employees, promoting a Risk Management culture that has continuity over time and that allows them to understand and assimilate the importance of this concept from each of the processes that are executed within their areas. This is done throughout the training of all employees on an annual basis to raise their awareness in general terms of operational risks, which includes updates on applicable laws and regulations as required.

As part of the embedded risk, the Bank will incur in losses and/or its assets will be impaired as a result of the failure of its borrowers to comply in a timely manner or to meet the terms of credit agreements.

The Bank’s customer base consists primarily of corporations, large companies, local and regional financial institutions, as well as state-owned enterprises. The Bank focuses its risk assessment on an in-depth analysis of the entity or economic group that involves: the nature of the business, the countries where it operates, types of products offered, duration of the relationship, track record and reputation, among others.

Credit risk management comprises two main stages: origination and monitoring. The credit origination process involves the activities of identifying and analyzing the customer's creditworthiness and approving the terms and conditions for credit extensions. The monitoring process consists of annual credit reviews of existing exposures, "ad hoc" reviews on a case-by-case basis when conditions so require, and portfolio reviews by the Bank's credit committees. The objective is to maximize the risk-adjusted rate of return by keeping credit risk exposures within acceptable parameters. This process involves the Risk and Business Units, as well as the Risk Policy and Assessment Committee (CPER).

The Bank determines the appropriate level of allowances for expected credit losses based on a forward-looking process that estimates the probable loss inherent in its credit portfolio and is the result of a statistical analysis supported by the Bank’s historical portfolio performance, external sources, and the judgment of the Bank’s Management. This level of allowance reflects assumptions and estimations made in the context of changing political and economic conditions in the region, in which the Bank operates.

The Bank periodically assesses the adequacy and the validity of the allowance for expected credit losses calculation model. When assessing if the calculation model remains valid, characteristics and behavior of the loan portfolio are considered as a fundamental factor, as well as periodic economic analysis that contribute to the active management of the portfolio.

The Bank's business model holds a low-risk portfolio, which focuses on financial institutions and large leading corporations in the region, including "quasi-sovereign" entities in strategic sectors, with whom it mainly conducts foreign trade operations.

Climate risk, like any other risk in general, implies the presence of an extreme natural event, but unpredictable, resulting in a human activity that may be damaged by such event. Consequently, the Bank incorporates into its risk assessment the possible impacts of climate risk that may affect its credit portfolio.

The Bank individually assesses the appropriate reserves for certain material financial assets, by considering interest payment delays, credit rating downgrading or any breach of the original contractual terms. Factors considered when determining a reserve include the sustainability of the counterparty’s business plan, its ability to improve performance when facing a difficult financial situation, projected payments and expected results in the event of bankruptcy, the availability of other financial support, the realizable value of collateral, and the timing of expected cash flows. Impairment loss is assessed at each reporting date, unless unforeseen circumstances require special attention on other dates.

Reserves are separately assessed at each reporting date for each portfolio. The collective assessment is made for groups of assets with similar risk characteristics, to determine whether it is appropriate to provide for, due to incurred loss events for which there is objective evidence, but the effects of which are not yet evident in individual loan assessments. The collective assessment considers either portfolio information (e.g. historical losses in the portfolio, delinquency levels, credit utilization, loan-to-collateral ratios and expected collections and recoveries after impairment) and economic data (such as current economic conditions, unemployment, local or industry-specific situations).

The Bank generally supports its assessment on historical experience and forward-looking information. However, when significant market, regional and/or global events occur, the Bank includes these macroeconomic factors in its assessments. Depending on the characteristics of the individual or collective assessment, these factors include: unemployment rates, current levels of impaired debt, changes in law, changes in regulation, bankruptcy trends and other consumer data. The Bank may use the above factors, as appropriate, to adjust for impairment.

The time elapsed since a loss is incurred and a specific individual reserve requirement is identified should be taken into consideration for the assessment. The impairment reserve is reviewed by credit risk management to ensure alignment with the Bank’s general policy.

A supplemental qualitative review may result in adjustments to the level of provisions, based on prospective reviews of potential risk scenarios for businesses or loans not yet captured in the Bank’s historical information.

The Bank has developed internal customer, counterparty and country rating models, which allow for proactive risk management in terms of exposure limits, transaction typology and time limits, among others.

Credit risk arising from derivative financial instruments is, at any time, limited to those with positive fair values, as recognized in the consolidated statement of financial position at fair value. With derivatives that are settled gross, the Bank is also exposed to settlement risk, which is the risk that the Bank will honor its obligation, but the counterparty will be unable to deliver the value of the consideration.

The Bank makes available to its customers guarantees that may require the Bank to make payments on behalf of these customers and to take on commitments to issue lines of credit to ensure their liquidity needs. Letters of credit and guarantees (including standby letters of credit) commit the Bank to make payments on behalf of customers for a specific event, usually related to the import or export of goods. Such commitments expose the Bank to risks similar to those for loans which are mitigated by the same controls established in processes and policies.

Liquidity risk is the possibility of an economic loss to the Bank due to the difficulty in liquidating assets or obtaining financial resources on normal terms.

The Bank conducts daily reviews of the Liquidity Coverage Ratio (LCR). The LCR methodology follows local standards and guidelines recommended by the Basel Committee. The Bank also monitors the Net Stable Funding Ratio (NSFR), to maintain an adequate funding structure over the long term.

The Bank has a Liquidity Contingency Plan in place, which was designed to monitor a series of indicators that could trigger a liquidity event, with potential impact on the Bank’s operations and establishes an action plan so that the Bank’s liquidity is always assured.

Market risk is the risk that the value of the Bank’s assets and liabilities will decline due to changes in market conditions that may adversely affect its income. The risk is inherent in the financial instruments associated with the Bank’s operations and activities, including: loans, securities, borrowings and debt, derivatives, among others. The main risks include: interest rate risk and foreign exchange risk, which can affect asset prices and result in losses for the Bank.

With respect to interest rate risk management, the Bank’s policy requires Management to assess the asset and liability positions in order to reduce potential adverse impacts on net interest income due to market interest rate fluctuations.

The Bank manages interest rate risk by closely monitoring the appreciation and decline in value of the assets and liabilities through hedging to reduce potential negative impacts on profit or loss for the period and equity.

Management conducts periodic sensitivity analyses simulating market changes in interest rates to determine potential impacts on net interest income (both upward and downward). In addition, the Bank monitors the DV01 limit, for which a parallel 1-base point shock is applied to the interest rate curve and assesses if there is any impact on equity. At the same time, the Bank's Management measures equity sensitivity following the methodology described by the Basel Banking Supervision Committee (Basel III) to measure the interest rate risk implicit in the notional value.

Foreign exchange risk is the risk of change in the market value of a financial instrument due to fluctuations in the exchange rate of a given currency. The Bank operates primarily in U.S. dollars, so exposure to this type of risk is minimized. For transactions in currencies other than the US dollar, the Bank manages the exchange rate risk by arranging derivative instruments for hedging purposes, or by establishing natural hedges matching assets and liabilities expressed in the same currency. For liquidity positions, the Bank has established thresholds in order to limit the maximum level of exposure.

Operational risk is the possibility of incurring losses due to deficiencies, failures or inadequacies in human resources, processes, technology, infrastructure, management information, models used, or the occurrence of external events. If this occurs, it can damage the Bank’s reputation and result in regulatory sanctions, which can lead to financial losses. The Bank, like any other financial institution, is exposed to operational risks.

The main objective with Operational Risk Management is to reduce losses generated from operational risk and maintain an adequate administration thereof through the use of established management tools such as: risk profile, risk mapping, global and specific limits, operational risk indicators, as well as the analysis of events and incidents recorded in a database in order to monitor action plans on actual or potential risks.

As part of an adequate operational risk management, the Bank maintains a Business Continuity Plan to provide effective responses that guarantee the continuity of services and the banking business activities upon the occurrence of events that may create an interruption or instability in its operations.

Identification of fraud risk considers both internal and external factors, and their impact on the achievement of the Bank’s objectives. Internal fraud is related to losses arising from any type of action, involving Bank employees, aimed at defrauding, misappropriating property or violating regulations, laws or internal policies. External fraud is related to losses arising from any type of action by a third party aimed at defrauding, misappropriating property or infringing the law.

To manage this risk, the Bank has a general fraud risk management program in place, which includes: establishing fraud risk governance policies, evaluating fraud risk, designing and developing control activities to prevent and detect fraud, and investigating fraud, including monitoring and evaluating the fraud risk management program.

Cybersecurity or information technology security refers to the procedures designed, and measures implemented to protect technological appliances, networks, programs and data against cyber-attacks, in other words, unauthorized access or attacks aimed at operating, or misusing, the Bank’s technology platform to access the financial system.

The Bank has approved policies and implemented procedures defining roles and responsibilities for managing information security as part of the IT security and technology risk management framework. These policies and procedures apply throughout the Bank and cover all relationships between the workforce, customers and suppliers, as well as any other individual who, on a permanent or temporary basis with the Bank, has some form of access to data, resource management and IT systems.

To counter the risk arising from cyber attacks, the Bank maintains a comprehensive monitoring program of the main attack vectors: emails and end-user devices, as well as the continuous frequency of scans and vulnerability management. To address the risks arising under the hybrid model, the Bank maintains security platforms that provide an adequate level of protection, in order to keep the same security posture, regardless of the physical location of the employees. Additionally, for the risk related to cyber-resilience, the Bank continuously executes internal and external penetration tests in order to have the ability to respond, resist and/or recover from cyber attacks or incidents.

The Bank's Information Security Officer is responsible for ensuring compliance with policies and procedures by anyone with access to the Bank’s systems. The Bank also commits to independent third-party reviews of its cybersecurity program. The Bank's cybersecurity program has been developed with a holistic approach, allowing the Bank to encompass both technical and strategic measures in a single framework. This program is based on five fundamental pillars: Perimeter Security, Services and Infrastructure Security, User Security, Data Security, and Security in service providers.