The Bank’s comprehensive risk management is developed in compliance with current regulations and internal standards as defined by the Board of Directors, in relation to market, credit/ counterparty, liquidity and operational risk. This management is strengthened with the three lines of defense model, with a cohesive and coordinated approach, in which its independence is guaranteed. Within the Corporate Governance Framework, the roles of the responsible areas in each line are defined, according to the level of responsibility in Grupo Bancolombia, in order to guarantee effective and efficient coordination among them for risk management (in its different stages) and internal control.
At the same time, the organization has a general comprehensive risk management framework called enterprise risk management (ERM), consisting of: Government and Organization Risk (scheme of integrated risk management, organizational chart, structure, government, boards and committees), Risk Appetite and liquidity management (Definitions, indicators, limits, SVA Model - Profitability and Price, management report, allocate capital), risk management tools and information (Dashboard and risk maps, monitoring of risk positions and maturity models).
Risk Management Organization:
The CRO is responsible for risk management of Grupo Bancolombia and he does it through local CRO’s from each company that is part of the Group. The corporate governance model gives him direct authority over risk management, which guarantees through the risk framework, the existance of committees and hierarchical structure.
The CRO reports directly to the CEO with a hierarchical level that allows direct access to the Board of Directors, Risk Committee and Audit Committee; his functions are:
a) Design policies and methodologies to identify, measure, monitor and control risk.
b) Evaluate limits and risk exposure.
c) Inform risk Committee and/or the board about risk management.
The comprehensive risk management is integrated and coordinated with other activities of the organization and has advanced methodologies that allow us to identify the different risks to which it is exposed, including emerging risks. Additionally, the Board of Directors and the Risk Committee give the guidelines to set the tolerance limits and risk appetite for the main risk indicators; it is measured and monitored monthly by type of risk.
Risk Management Report – 2020:
Risk Management Report is an annual report created for every interest group (our clients, employees, shareholders, among others) about risk management, including emerging risk and information of public knowledge. See chapter 4 – Growth mantaining financial strength, Pages 73-84: https://www.grupobancolombia.com/wcm/connect/00d650f7-2685-4d2d-922c-e76763ae32ca/Grupo_Bancolombia__Annual_Report_2020.pdf?MOD=AJPERES
Risk management culture:
Within its organizational culture, Grupo Bancolombia identifies six cultural characteristics which drive and reinforce behaviours: Integrity, Customer, High Performance, Sustainable Growth, Humanity and Dynamism. These bind the commitment of the organization with careful and proper risk management.
Additionally, the organization’s Code of Ethics promotes and disseminates the values of responsibility, respect, proximity, and integrity. An internal Ethic Line is available, through it, employees, board members, shareholders and suppliers can report anything they deem to be unethical.
Furthermore, each year we implement communication strategies that allow us to promote a risk culture across the company. These strategies are created for different audiences, according to their role in the three lines of defense model, which allows understanding and awareness when managing risks.
One way to promote culture in 2020 was the Movie Risks strategy, using creative videos to explain the risks we manage, and specific actions taken during the pandemic. In addition, we implemented the participation of the Corporate Chief Risk Officer in discussions with the entire organization.
To determine the maturity of risk culture in the organización, in 2021 we implemented a survey in each of the geographies where the bank has a presence. This tool allows us to know, every year, what employees think about risk management and The Risk Department to determinated where the most important improvement areas are and monitoring the progress of cultural change.
Other strategies of risk culture:
Grupo Bancolombia has training programs, both virtual and face to face, including corporate programs related with risk topics. Some of these are mandatory, such as Operational Risk, SOX law and SARLAFT, with a general compliance of 97,7% for Grupo Bancolombia. Additionally, it includes several training plans for commercial areas and risk areas strengthening the organization’s commitment to risk management. The following are included.
Credit Risk School has as its principal objective the development and strengthening of knowledge of credit risk management for all employees. Technical knowledge and appropriate decision-making are part of training strategies and the certification of certain positions. In addition, Grupo Bancolombia has virtual strategies to reinforce employees’ knowledge of risk management. These include Credit Risk Management, Operational Risk Teams, “Master of Risk” and Environmental and Social Risk Management. These strategies had a coverage of 854 employees was in 2020.
The Business School has different areas of emphasis considering the diversity in commercial teams. Among its objectives, is to achieve high performance, strengthen employee awareness and adoption of risk management as key behaviours within the organizational strategy. The main goal is to provide a superior experience for our customers. In 2020, the Business School tageted 3,317 people who were already in a position and 554 new people.
Compliance Department provides specialized training on topics related to compliance risk (SARLAFT, Personal Data Protection, Ethics, SAC, Anticorruption and Antifraud) complementing the annual virtual training plan, which had an impact in 2020 1 of 459 trained employees from 32 areas across the company.
- Risk information and monitoring:
Monitoring compliance with policies, limits, measurement of exceptions, bulletins, and periodic reports of risks for each business units with information about identified risks, progress in action plans, relevant events, and indicators. Also, we have a regular report for the board of directors, which provide information about risk management, with emphasis on the main risks, including alerts, expectations and changes in policies, methodologies, and risk management issues in general. Additionally, to manage the risk profile of the Bank we have three lines defense framework, with responsabilities and roles for each line.
Grupo Bancolombia has a channel available to all its employees to report potential risks, as well as materialized events or losses. Through this mechanism, we seek to extend to all employees the possibility to participate in the risk management system and as an entity, it allows us to complement the processes of collection and reporting massive losses centralized in areas with large volumes of incidents. Additionally, to identify proactively credit risk events Bancolombia has a committee to analyze and monitor clients in “Watch List Situation (AEC) and stablish action plans to improve Bancolombia’s position referred to each client.
Risk Strategic Planning has some specific objetives to improve the organizational culture. This planning allows the companies that belong to Grupo Bancolombia to be aligned towards a general objective, “growth mantaining financial strength”. This objective is being monitored by strategic and predictive indicators.
Three lines defense model: This model was developed in 2018 to establish the functions and the responsibilities regarding to the integral risk management and ensure effective and efficient coordination between the areas involved as part of the development of the risk culture. During 2021 we are going to promote the three-line defense model, conducting a review role. In addition, first line attribution will be defined, and second-line processes will be analyzed to simplify decision making. Currently, this model is part of the training plan as a section of the SOX law training program, in order to disclose this tool and to promote the commitment and responsibility of every employee in the internal control management and in the progress of the culture of the Bank’s risk management.
Risk maps: Presents the most important risks could impact each company of Grupo Bancolombia and may have economic or reputational impacts in short and medium term. Risk maps are a tool that allow Board of Directors, Risk Committees, Audit, Legal Entities, Rating Agencies, risk managers, among others, to follow up on the strategic business situation. This topic was inside of risk strategic planning 2021.
Establish, lead and develop the corporate tax strategy in accordance with the Grupo Bancolombia strategy, through the planning, advice and control of tax processes with the objectives of complying with the tax regulations applicable to each country, optimizing tax management and influencing the business decision-making process, to finally manage the tax risk and contribute to the generation of value of the Grupo Bancolombia.
Our Tax Policy can be consulted here.
Below there are other tax references of our institution:
Annual Report 2020: Tax policy (page 35).
Annual Report 2019: Tax policy (page 41).
Annual Report 2018: Tax policy (page 30).
By paying our taxes, Bancolombia Group contributes to the public finance of the countries where we are present.
Country by Country Report
Consolidated report of Grupo Bancolombia that shows income, profit before taxes, taxes paid, taxes accrued, declared capital, number of employees and tangible assets in each of the countries where it has a presence.
The 2020 country-by-country report will be delivered to the Colombian tax administration in December 2021, according to the established deadlines.
Segment Tax Report
Taxes by geographic regions, profits and income please see years.
Effective Tax Rate
Click here to find the report on our paid and reported tax rate of the last two years.
In order to timely comply with the tax obligations, pursuant to the current standards, at Bancolombia Group we review and analyze the laws, decrees and opinions issued by the local and territorial entities.In the taxable year of 2019, tax considerations regarding the implementation of the Economic Growth Law 2010 of 2019 were taken into account. Full text of considerations, see Note 12 , to the Form 20F, number 12.2 (page F-119 – F-123) URLhttps://www.sec.gov/Archives/edgar/data/1071371/000155837021004672/cib-20201231x20f.htm#DRISKFACTORS_849979
Encourage the Tax Liability
At Bancolombia Group we are involved in debates, public and private forums, summoned by industry associations and regulators addressing tax issues. Through such events, the inquiries with regard to the policies and proposals that impact the industry or the sustainability of the business are stated on a respectful way, and the tax liability is encouraged by understanding the financing impact of the State in the sustainable development of the community.
Grupo Bancolombia processes personal data in accordance with Colombian regulations and with the guidelines and international standards established in its Data Protection Policy (the “Policy”). Respecting and protecting personal data of clients, users, employees, suppliers and other individuals whose personal information we collect, use and process is one of our priorities and we have adopted strong principles in that respect.
Click here to find more about our Privacy Statement.
Customer Privacy Complaints
Bancolombia is committed with the confidentiality, integrity or availability of our information, including personal data. The measures we adopt always are based on the respect for the data subject rights, in accordance to this, we promote the highest standards of information security in all process we develop and among our employee’s daily labor.
Under the Data Protection legislation in Colombia, data subjects have the following rights with regards to their personal information: the right to access, to rectification, to restriction or processing, to erasure and the possibility to lodge a complaint with supervisory authorities.
Bancolombia had adopted clear guidelines on data subject requests, we trained our collaborators, and we stay vigilant in order to receive and manage this type of requests. In this sense, a data subject request is a formal demand by a data subject to Bancolombia as a data controller to take an action on their personal data.
DATA SUBJECTS REQUEST
In 2020 Bancolombia have not identify cases of leaks, theft, breach or loss of customer data.