Stop parsing PDFs. Get the API. Request Access

AI Terminal

MODULE: AI_ANALYST
Interactive Q&A, Risk Assessment, Summarization
MODULE: DATA_EXTRACT
Excel Export, XBRL Parsing, Table Digitization
MODULE: PEER_COMP
Sector Benchmarking, Sentiment Analysis
SYSTEM ACCESS LOCKED
Authenticate / Register Log In

DNB Bank ASA

Capital/Financing Update Mar 5, 2020

3579_10-k_2020-03-05_571d57f8-6a7e-4592-acf9-68160b3bb89b.pdf

Capital/Financing Update

Open in Viewer

Opens in native device viewer

DNB Group

Risk and capital management

Disclosure according to Pillar 3 2019

CAPITAL ADEQUACY

RISK MANAGEMENT AND CONTROL IN DNB

CAPITAL MANAGEMENT AND ICAAP

4 LIQUIDITY RISK AND LIABILITY MANAGEMENT

CREDIT RISK

COUNTERPARTY CREDIT RISK

MARKET RISK

OPERATIONAL RISK

WORK WITH CLIMATE RISK

10 RISK CATEGORIES, EXPLANATION OF TERMS AND ABBREVIATIONS

The report contains information on risk management, risk measurement and capital adequacy in accordance with the "Regulation on capital requirements and national adaption of CRR/CRD IV" and the guidelines issued by the European Banking Authority (EBA) in "Final report on the disclosure requirements Guidelines under Part Eight of Regulation 575 2013 (EBA-GL-2016-11)". CRR/CRD IV regulations do not apply to insurance companies. This means that DNB Livsforsikring AS will be issuing a separate Pillar 3 report, Solvency and Financial Condition Report, which will be published on 4 April 2020.

The capital adequacy regulations consist of three pillars:

  • → Pillar 1 includes the quantitative minimum requirements for banks' capital and descriptions of measurement methods for Risk-Weighted Assets (RWA) and eligible capital.
  • → Pillar 2 sets out requirements for the Internal Capital Adequacy Assessment Process (ICAAP) and the banks' responsibility for assessing risks other than those described under Pillar 1.
  • → Pillar 3 contains disclosure requirements and shall enable the market to assess financial institutions' capital and risk management.

The methods used to calculate capital requirements for the various types of risk are shown in the figure. DNB reports credit risk according to the Advanced IRB approach (A-IRB), where internal risk models are used to calculate capital requirements. Some credit portfolios are temporarily or permanently exempt from IRB reporting, and are reported according to the standardised approach. Market risk is measured using the standardised approach. Operational risk is reported following the standardised approach.

Guidelines and procedures for Pillar 3 reporting have been adopted by the Boards of Directors in DNB ASA and DNB Bank ASA, and the report is considered by the Boards of Directors before publication. The Pillar 3 report is not subject to external auditing. Information in accordance with Pillar 3 requirements are made public each quarter in separate Excel-files, see: https://www.ir.dnb.no/press-and-reports/financial-reports

For information on DNB's remuneration scheme see DNB's annual report: https://www.ir.dnb.no/press-and-reports/financial-reports

Reporting methods used in DNB

The DNB Group's risk and capital management report gives a good and accurate description of the risk situation and how risk is measured, managed and reported in DNB.

Ida Lener Chief Risk Officer Group Risk Management

2019 in brief, DNB Group

4

Common equity Tier 1 Hybrid capital Tier 2 capital

Legal structure and consolidation rules for capital adequacy requirements

The consolidated financial statements of DNB ASA (DNB) include DNB Bank ASA, DNB Livsforsikring AS, and DNB Asset Management Holding AS, all with underlying subsidiaries.

DNB prepares consolidated financial statements in accordance with IFRS. A description of the Group's accounting principles can be found in DNB's annual report. When the consolidated accounts are prepared, intra-group transactions and balances as well as unrealised gains or losses on these transactions between group units are eliminated.

Consolidation of capital adequacy is regulated by the EU Capital Requirements Directives for banks and investment firms (CRR/CRD IV). In accordance with the aforementioned regulatory framework, only companies in the financial sector and companies providing ancillary services will be included in consolidated capital adequacy.

Associated companies are proportionally consolidated (pro rata up to 50 per cent) based on DNB's ownership interests therein. This applies to the following companies:

→ Eksportfinans (40 per cent ownership). In addition, DNB Bank ASA has also issued guarantees for other loans in Eksportfinans. The transactions have been carried out on ordinary market terms as if they had taken place between independent parties.

  • → Luminor Group AB (approximately 20 per cent ownership).
  • → Vipps AS (approximately 45 per cent ownership).

At year-end 2019, DNB's share of risk-weighted assets for credit and market risk in Eksportfinans amounted to NOK 1.7 billion, and NOK 14.5 billion in Luminor. The companies are also in the calculation of capital requirements for operational risk. Risk-weighted assets in Vipps were insignificant at the end of 2019.

Consolidation of capital adequacy will be based on the valuation principles used in the operating companies' financial statements. The valuation principles that form the basis for solvency calculations in the respective companies at national level are applied to shareholdings in the foreign companies that are being consolidated.

The solvency report for the consolidated group (crosssectoral reporting) includes the subsidiary DNB Livsforsikring AS and the pro rata consolidation of Fremtind AS, where DNB has a 35 per cent ownership interest.

For an overview of DNB's legal structure, see: https://www.dnb.no/portalfront/nedlast/no/om-oss/ dokumenter/Legal\_Structure\_DNB\_Group\_22\_May\_2019. pdf

"Consolidation of capital adequacy is regulated by the EU Capital Requirements Directives for banks and investment firms (CRR/CRD IV)."

1 Capital adequacy

At the end of 2019, the DNB Group's common equity Tier 1 (CET1) capital adequacy ratio was 18.6 per cent, which was 1.5 percentage points higher than the total regulatory requirement for DNB. The capital requirement of 17.1 per cent includes a margin to the minimum capital requirement of 1 percentage point.

  • 7 Capital adequacy
  • 8 Leverage ratio
  • 8 Development in risk-weighted assets
  • 8 Buffer requirements

CET1 capital ratio

Per cent

CET1 capital ratio, DNB Group Per cent

CET1 capital ratio, DNB Bank Group Per cent

18.3 (17.3) 24.4 (21.9)

CET1 capital ratio, DNB Bank ASA Per cent

Capital ratio, DNB Group Per cent

Capital ratio, DNB Bank Group Per cent

Capital ratio, DNB Bank ASA Per cent

19.3 (18.1) 26.3 (23.5)

CAPITAL ADEQUACY

Capital adequacy is calculated in accordance with the EU capital adequacy regulations for banks and investment firms (CRR/CRD IV), which was implemented in Norway from 31 December 2019. This means that the Basel I floor, which has in practice governed DNB's risk-weighted assets (RWA) since 2007, was discontinued from 31 December. The historical figures for risk-weighted assets and capital ratios in this report are shown without the Basel I floor. A discount for Small and Medium sized Enterprises (SMEs) became applicable in Norway from the same date. This means that qualifying exposures below EUR 1.5 million will receive almost 24 per cent reduction in RWA. At year-end, this amounted to NOK 17.4 billion in reduced RWA.

Under the capital requirements regulations, the bank must meet Pillar 1 requirements, buffer requirements and Pillar 2 requirements. The minimum requirement for capital adequacy under Pillar 1 is that primary capital constitute of at least 8 per cent of the institution's RWA. The capital adequacy requirement must be fulfilled by at least 4.5 per cent common equity Tier 1 (CET1) capital and at least 6 per cent Tier 1 capital. The rest can be fulfilled by Tier 2 capital. In addition to the minimum requirements for own funds, the bank must have capital buffers consisting of CET1 capital. At the end of 2019, the total combined buffer requirement for DNB was 9.6 per cent. More information about the combined buffer is available later in this chapter.

The Pillar 2 requirement for DNB is determined on an annual basis by Finanstilsynet (the Financial Supervisory Authority of Norway) on the basis of an overall assessment of the bank's risk and capital conditions, through the Supervisory Review and Evaluation Process (SREP). The Pillar 2 requirement for the DNB Group is set at the highest of NOK 19.4 billion or 1.8 per cent of RWA. At the end of 2019, the Pillar 2 capital add-on was 2.0 per cent of RWA.

The table shows the various elements that together constitute the capital adequacy requirements for DNB. The DNB Group should have a margin of at least 1.0 percentage point to the overall regulatory requirement for common equity Tier 1. The objective of the capital margin is to cushion against fluctuations in risk-weighted assets and earnings that could arise from changes in exchange rates or credit spreads, to enable the Group to maintain normal growth in lending and a predictable dividend policy. At the end of 2019, the total regulatory requirement for common equity Tier 1 was approximately 16.1 per cent. The requirement will vary due to the countercyclical buffer determined by the magnitude of exposure per country.

From the end of 2020, Finansdepartementet (the Norwegian Ministry of Finance) has announced that requirements for systemic risk buffers will be changed from 3.0 per cent on all exposure, to 4.5 per cent on Norwegian exposure. For exposures in other countries, the local buffer will be used, or no buffer if no systemic risk buffer has been established in the country. The effective systemic risk buffer for DNB is estimated at 3.1 per cent at year-end 2020. The systemic risk buffer add-on for systemically important banks will be replaced by the O-SII (Other Systemically Important Institutions) buffer. The O-SII buffer can be 1.0 per cent or 2.0 per cent depending on the size of the bank and applies to the entire RWA. The level for DNB will be unchanged at 2.0 per cent.

The CET1 capital ratio for the DNB Group was 18.6 per cent and the capital ratio was 22.9 per cent at year-end, compared with 17.2 and 20.8 per cent, respectively, a year earlier. CET1 increased by NOK 1.5 billion from the previous year to NOK 178.3 billion at the end of 2019. Retained earnings in 2019 contributed to an increase in CET1 capital by approximately NOK 10 billion, while the buy-back programmes and the investment in Fremtind Forsikring AS reduced CET1 capital by NOK 5.0 billion and NOK 3.0 billion, respectively. Risk-weighted assets were reduced by NOK 69 billion. This is discussed later in the chapter. Information about capital adequacy in the other companies in the DNB Group is available in the attachment to the Pillar 3 report.

Composition of different capital adequacy requirements, DNB Group

Per cent Dec. 2018 Dec. 2019 Dec. 2020
Minimum Common equity Tier 1 capital requirement 4.5 4.5 4.5
Systemic risk buffer 5.0 5.0 5.1
- of which buffer for systemically important institutions 2.0 2.0 2.0
Countercyclical buffer 1.7 2.1 2.1
Capital conservation buffer 2.5 2.5 2.5
Pillar 2 capital requirement 1.8 2.0 2.0
Common equity Tier 1 (CET1) capital requirement¹⁾ 15.5 16.1 16.2
Hybrid capital 1.5 1.5 1.5
Equity Tier 1 capital requirement¹⁾ 17.0 17.6 17.7
Subordinated loan 2.0 2.0 2.0
Own funds requirement¹⁾ 19.0 19.6 19.7

1) in addition, a CET1 capital buffer of minimum 1.0 percentage point applies

Risk-weighted assets, DNB Group

NOK billion

1 250

Capital ratio, DNB Group Per cent

LEVERAGE RATIO

As a supplement to the risk-weighted capital adequacy regime, the Basel Committee introduced a new capital measure after the financial crisis, the leverage ratio.

The leverage ratio is calculated on the basis of Tier 1 capital including the hybrid capital. The calculation base consists of both balance sheet items and off-balance sheet items. For off balance sheet items, the same conversion factors are used as in the standardised approach for the capital adequacy calculation. In addition, some special adjustments are made for derivatives and repurchase agreements. The definitions of leverage ratio and calculation base are in accordance with international regulations. The Norwegian leverage ratio requirement consists of a minimum requirement of 3 per cent that will apply to all financial institutions, a mandatory 2 per cent buffer for banks and an additional mandatory buffer of 1 per cent for systemically important financial institutions. DNB is thus the only systemically important bank in Norway that will be required to have a leverage ratio of 6 per cent.

At year-end 2019, the Group's leverage ratio was 7.4 per cent, compared to 7.5 per cent a year earlier. DNB meets the minimum requirement of 6 per cent by a wide margin.

DEVELOPMENT IN RISK-WEIGHTED ASSETS

RWA is used to assess the banks' solvency in capital adequacy. The minimum requirement for total own funds is 8 per cent of risk-weighted assets for credit risk, counterparty credit risk, market risk and operational risk. RWA is also used for the calculation of the capital conservation buffer, systemic risk buffer, buffer for systemically important institutions and countercyclical capital buffer.

DNB's risk-weighted assets decreased by NOK 69 billion during the year and amounted to 961 billion at the end of December 2019. The reduction was mainly due to repayments and increased impairments on defaulted loans, which reduced the RWA for credit risk. Improvements in data quality contributed to the reduction in RWA for the IRB portfolio. The sale of Luminor Group AB reduced the riskweighted assets reported by the standardised approach by approximately NOK 18 billion. Furthermore, a reduction in the capital requirement for loans to small and mediumsized enterprises (the SME discount) was introduced as a consequence of the introduction of the CRR/CRD IV regulations in Norway. This resulted in a reduction in the capital requirement by NOK 17.4 billion. The effect of SME discount was offset by increased security margins in the IRB models for Loss Given Default (LGD) for the same portfolio.

BUFFER REQUIREMENTS

The combined buffer is a key element in the new capital adequacy regulations. The combined buffer is the sum of the capital conservation buffer, the systemic risk buffer, the buffer for systemically important institutions and a countercyclical buffer. These buffer requirements must be met by CET1 capital. If CET1 capital falls below what is required to meet the minimum requirement and the combined buffer, a capital plan shall be submitted to Finanstilsynet no later than five business days after failure to comply. In the case of violations of the buffer requirements, the company cannot pay dividends to shareholders, interest on mutual funds or bonus to employees without the consent of Finanstilsynet.

The institution-specific countercyclical buffer requirement for the DNB Group amounted to 2.1 per cent at the end of 2019. This requirement is set as a weighted average of the countercyclical buffer requirements in the countries in which the bank operates. Countercyclical buffer rates increased from 2 to 2.5 per cent in Sweden and Norway. In Denmark, the rate increased from 0.5 to 1 per cent. The total combined buffer requirement for DNB was 9.6 per cent at the end of 2019.

Leverage ratio, DNB Group Per cent

Development in risk-weighted assets, DNB Group NOK billion

1 100

The table shows DNB's compliance with the minimum and buffer requirements as at year-end. With respect to the minimum capital adequacy requirement, Tier 2 capital can represent up to 2 per cent and additional Tier 1 capital can represent up to 1.5 per cent. The pillar 2 capital requirement must be met by CET1 capital.

The CET1 capital exceeded the overall requirements by NOK 19.6 and 23.2 billion, respectively for the DNB Bank Group and the DNB Group.

Total capital requirements, 31 December 2019

DNB Bank
NOK million Rate Group DNB Group
Risk-weighted assets 924 869 960 691
Minimum Common equity Tier 1 capital requirements 4.5 % 41 619 43 231
Minimum Tier 1 capital requirement 6.0 % 55 492 57 641
Minimum Total own funds requirement 8.0 % 73 990 76 855
Pillar 2 capital requirement 2.0 % 18 900 19 400
Common equity Tier 1 buffer requirements
Capital conservation buffer 2.5 % 23 122 24 017
Systemic risk buffer 3.0 % 27 746 28 821
Buffer for other systemically important institutions (O-SII) 2.0 % 18 497 19 214
Counter-cyclical buffer 2.1 % 19 515 20 463
Combined buffer requirement 9.6 % 88 880 92 515
Allocation of capital to cover capital requirements
Total eligible capital 225 781 220 216
Total eligible capital requirement (181 769) (188 770)
Surplus of Total eligible capital 44 012 31 447
Tier 1 capital 195 064 200 291
Tier 1 capital requirement (163 272) (169 556)
Surplus of Tier 1 capital 31 792 30 735
Common equity Tier 1 capital 169 016 178 304
Common equity Tier 1 capital requirement (149 399) (155 146)
Surplus of Common equity Tier 1 capital 19 617 23 158

2

Risk management and control in DNB

The ability to identify and manage risk is at the core of financial operations, and is a prerequisite for long-term value generation over time. The primary aim of risk management in DNB is to optimise the risk-earnings ratio in a long-term perspective. Through risk management, DNB should always be able to identify, manage, monitor and report risks that are relevant in relation to DNB's targets.

11 Corporate governance and governing documents

  • 13 Risk management and control
  • 18 Risk appetite
  • 19 Resolution and recovery plan

DNB's corporate culture should be characterised by individual responsibility, with transparent methods and processes which support sound risk management.

CORPORATE GOVERNANCE AND GOVERNING DOCUMENTS

Corporate governance is how the Board of Directors and group management governs and manages the company to preserve and develop the company's values in an optimal manner. Sound corporate governance and good leadership is a prerequisite for ensuring sustainable operations. The corporate governance of DNB shall ensure that DNB's business operations are conducted in a responsible and profitable manner, in the best interests of customers, shareholders, employees and other stakeholders.

Corporate governance is an interaction between the processes and structures used for management and control in the DNB Group. This places demands on the conduct of the Board of Directors, management and employees. Everyone in DNB must comply with these rules.

DNB has a five-level hierarchy for governing documents. The Board of Directors has delegated the responsibility for ensuring that documents at lower levels are founded on DNB's overarching governing documents to the group executive vice presidents. In this way, the Board of Directors and the group chief executive ensure that all essential business processes are covered in underlying documents and guidelines. This contributes to an unified corporate governance.

Level 1: Group governance principles

Governance principles form the highest level in the hierarchy of governing documents. These principles provide the main framework for all governance of operations. They may be defined by legal requirements or include areas that are of particular significance. The principles describe the desired culture, behaviour and division of responsibilities at the overall level.

DNB's governance principles include: → purpose and values

  • → governance model and authorisation structure
  • → instructions for the Board of Directors and management
  • ethical principles (Code of Conduct) → principles for corporate social responsibility → principles for risk appetite
  • → the company's Articles of Association

Below is a brief description of DNB's principles for ethics and corporate social responsibility. A more detailed description of risk appetite follows later in this chapter. Additional information on DNB's governance principles can be found in the annual report.

Ethical principles

In order to deliver on DNB's mission and values, everyone in DNB must act in a way that safeguards the interests of society – now and in the future – which will enable DNB to continue to build confidence. Confidence from our customers, owners and the market is crucial for DNB to maintain sustainable operations over time. To earn this confidence, we must operate with high ethical standards so that DNB is perceived as an open, transparent and sensible financial services group with a high degree of integrity.

Our Code of Conduct is DNB's most important ethical framework. It describes expectations, obligations and requirements related to the conduct of both permanent and temporary employees in DNB Group, as well as our hired consultants, board members and other employee representatives. DNB's Code of Conduct has been approved by the Board of Directors of DNB ASA and is available at: https://www.dnb.no/en/about-us/csr/code-of-conduct.html

Principles for corporate social responsibility

Working with corporate social responsibility represents sustainability in practice. DNB contributes to increased value creation by linking capital with our workforce and expertise. Corporate social responsibility is also how DNB creates value, both for our shareholders and for other stakeholders (employees, customers and society at large).

Governing documents in DNB

DNB has the following approach to corporate social responsibility:

  • → DNB shall conduct long-term and sustainable financial value creation for our owners. This means that we emphasise corporate social responsibility in all decisionmaking processes.
  • → DNB shall make a positive contribution to the development of society. This means that we must define specific goals and measures related to the UN's Sustainable Development Goals and work systematically to achieve them.
  • → DNB shall act fairly. This means that the products and services we provide should always be based on customer needs. We wish our customers well. In a market with new players and major changes, DNB must be a bank that customers trust.
  • → DNB shall be open about our business. This means being honest about the dilemmas that arise from balancing short-term and long-term needs. Through dialogue with stakeholders, we will listen to and monitor society's expectations of us.

Level 2: Group policies

Group policies specify the principles for conducting business activities within the Group's key areas of operation. The policies are intended to ensure that our conduct is in line with our governance principles, and they describe the purpose and expected working methods of each area. The Board of Directors has approved nine policies for the DNB Group, where three are closely linked to risk management: Risk management policy, compliance policy and security policy.

Policy for Risk Management

The group executive vice president for Group Risk Management owns the policy for risk management, which defines seven overarching principles:

  • → Everyone in DNB must understand and act on relevant risks in their own work.
  • → DNB shall have a defined risk appetite for all significant

risk areas.

  • → Risk management in DNB shall be organised in a practical and appropriate manner.
  • → DNB shall establish strategies and/or limits for all significant risks.
  • → DNB shall carry out risk assessments in connection with significant changes in operations.
  • → DNB risk management shall be based on effective and appropriate tools and models.
  • → DNB shall conduct periodic risk reporting and have the capacity for ad hoc reporting.

Policy for Compliance

The group executive vice president for Group Compliance owns the compliance policy, which defines the principles for the responsibility and organisation of compliance work. DNB's operations are conducted on the basis of various authorisations from the authorities with associated conditions and requirements. Public authorities supervise our business and ensure compliance with these requirements. Compliance with these conditions and requirements is a necessary prerequisite for continued operation. A good culture of compliance also helps to strengthen confidence from our customers, employees and shareholders. The compliance policy defines six general principles for compliance with applicable regulations:

  • → DNB shall have good management and control of compliance risk. All three lines of defence control and report on compliance.
  • → DNB shall have a strong compliance culture that is anchored with the Group's management. All employees are responsible for ensuring compliance with external regulations, and with internal regulations derived from external regulations.
  • → The compliance risk shall be low.
  • → DNB shall internally record and report breaches of external regulations, and internal regulations derived from external regulations.
  • → DNB employees shall have sufficient and relevant expertise to comply with regulations.

→ DNB shall have an effective and independent compliance function in the second line of defence covering all parts of the organisation, according to a risk-based approach.

Policy for Security

The security policy is owned by the group executive vice president for Technology and Services, and outlines the principles for how DNB should manage security to the best of our stakeholders. Security in DNB is about safeguarding our ability to avoid damage to or loss of assets as a result of unwanted, intentional actions, as well as technological, environmental or human errors and accidents. Assessments of security risk are implemented as part of DNB's risk management process. Our security policy defines seven overarching principles:

  • → Security shall be integrated in business activities.
  • → DNB shall adopt a systematic and risk-based approach to security.
  • → DNB shall determine the criteria for security investments.
  • → Security shall conform with internal and external requirements.
  • → DNB shall promote a positive environment and openness towards security.
  • → DNB shall govern security in third party matters.
  • → Security performance shall be evaluated.

Level 3: Group standards

All level three documents are linked to one or more group policies.

Our risk management policy is elaborated in several standards. Standards have been established for capitalisation, model approval, authorisations, stress testing, credit risk, market risk and operational risk, among others.

Our compliance policy is elaborated in a number of specific standards for compliance, anti-money laundering, protection of personal information, anti-corruption, conflicts of interest and competition law, among others.

"The Board of Directors has approved nine policies for the DNB Group, where three are closely linked to risk management: Risk management policy, compliance policy and security policy."

Our security policy is elaborated in the standard for dealing with financial crime and the standard for security.

Level 4: Group instructions and rules

Level four in the hierarchy of governance documents consists of instructions and rules. The credit regulations, anti-money laundering framework and information security requirements are examples of documents at this level.

Level five are the lowest level of the overarching policy documents and includes detailed descriptions of all essential group processes.

RISK MANAGEMENT AND CONTROL

The Group's long-term risk profile is decided by the Board of Directors through DNB's risk appetite, and the risk appetite framework is reviewed and renewed at least once a year. The approved targets and limits of the risk appetite framework are reflected in other elements of risk management, such as limits on authorisations and business activity. Risk indicators that underpin the limits stipulated in the risk appetite framework, as well as other overarching limits and strategies, form part of the Group's management and reward system. The risk appetite framework is described in more detail later in this chapter.

The Internal Capital Adequacy Assessment Process (ICAAP) is integrated with the governance processes by means of the risk appetite framework and general monitoring of risk trends. ICAAP is described in more detail in the chapter on capital management and ICAAP.

The recovery plan aims to ensure that the DNB Group can recover from a very serious stress situation without involving or getting support from the authorities. The plan is updated annually and is an integrated part of the Group's risk and capital management framework. The recovery plan is described in more detail later in this chapter.

Authorisations

Credit approval authorisations and position and trading limits are required for all key financial areas. The authorisations and overarching limits are decided by the Boards of Directors of DNB ASA and DNB Bank ASA and are delegated in the organisation. All further delegation of limits and authorisations must be approved and followed-up by the immediate superior. All authorisations in DNB are personal. Authorisations are granted on the basis of assessments of the relevant individual's expertise and experience, and the need from a business perspective. When granting, information about the conditions and restrictions in the authorisation is provided. All authorisations granted in DNB are documented and monitored. For more information about authorisations for credit approval, liquidity and market risk, see the chapters describing the individual risk categories.

Roles and responsibilities

Responsibility for risk management and internal control is divided between three lines of defence:

  • → The first line of defence comprises all the Group's operational functions. It is the responsibility of operational management to establish, manage and follow up internal control within their own area of responsibility, including processes and activities to achieve set targets related to efficient operations, reliable financial reporting, risk management and compliance with laws and regulations. Employees are responsible for carrying out the established internal control through their daily tasks.
  • → The second line of defence consists of independent control functions that monitor and follow up the internal control conducted by management and the employees in the Group's operational functions. In DNB, second line functions are organised under Group Risk Management and Group Compliance.
  • → The third line of defence is Group Audit, which has a risk-based approach to review and assess the Group's processes for governance and internal control. Group Audit is independent of the Group's executive

Governing bodies of DNB ASA As at 31 December 2019

Board of Directors Audit Committee Risk Management Committee Compensation and Organisation Committee Annual General Meeting Election Committee Group Chief Executive Officer and Group Management meeting First line of defence Operational management Internal control and compliance Third line of defence Group Audit Supervisory authorities Second line of defence Group Risk Management Group Compliance Executive bodies Advisory bodies Statutory auditor

First line of defence Second line of defence, monitoring function Third line of defence

management and reports to the Board of Directors of DNB ASA.

Group Risk Management

Group Risk Management is headed by a group executive vice president, who is also the Chief Risk Officer (CRO) and reports directly to the group chief executive and, if necessary, directly to the Board of Directors. The CRO defines the principles and framework for risk-taking and internal control, in addition to assessing and reporting on the Group's risk situation. The bulk of the Group's professional resources within risk management are gathered under Group Risk Management. Operational risk management takes place in business and support areas.

Group Risk Management carries out the role as an independent control function in charge of risk management. This involves ensuring that all significant risks in the Group are identified, measured and reported by the relevant organisational units. Special expert units have been established in Group Risk Management, which are responsible for frameworks and risk control within the various types of risk.

Validation of the IRB models and stress testing of the Group's IRB portfolios are carried out at least once a year. The work is organised in units that are independent of the business areas. Validation is also independent of units responsible for model development and credit management. The Board of Directors sets requirements for the content of the work on validation and stress testing.

Group Risk Management is responsible for conducting a credit risk review and model input review. In 2019, a separate credit risk review unit was established and given responsibility for a systematic second-line control of the bank's credit areas. The credit risk review assesses compliance with the standard for credit activities, credit strategies and credit rules, and the results are reported to the Board of Directors. The model input review aims to ensure the correct and

consistent application of IRB models that include subjective input. The results from both the credit risk review and model input review are used for training to ensure continuous improvement in relation to credit work.

The internal control consists of processes and systems for assessing and testing that risk management is working as intended, and supports the Group's goal attainment. All managers are responsible for conducting internal control in their area. Group Risk Management is responsible for facilitating good internal control practices in DNB.

Operational Risk Officers (ORO) are established in Group Risk Management who operate in all key business areas of DNB. ORO are tasked with following up that the first line records operational events, and that risk-mitigating measures are established. ORO quality control risk reporting from the various areas. In addition, ORO participate when the first line conducts the annual process for assessing and verifying the quality of the internal control system.

See also descriptions in the separate chapters on management and control of operational risk, market risk, credit risk and liquidity risk.

The compliance function

The compliance function is headed by group executive vice president for Group Compliance, who is also Group Chief Compliance Officer (GCCO). The compliance function is an independent second-line control function that assists the Boards of Directors, Chief Executive Officer (CEO) and other first-line executives in their efforts to ensure that DNB carries out its operations in accordance with relevant regulations. This includes providing advice and guidance on compliance, monitoring and controlling compliance and compliance risk, as well as reporting on compliance status and compliance risk.

The compliance function contributes with advice, guidance, monitoring and control, as well as reporting and information.

The compliance function is primarily intended to advise, monitor and report on compliance with regulations that set conditions and requirements for the Group's licensed operations. This applies to financial, regulatory, competition and data protection regulations, as well as regulations aimed at counteracting money laundering, corruption and sanctions violations.

The compliance function has a particular and independent responsibility for monitoring and reporting compliance risk related to regulations relevant to the given area or unit. Monitoring and control activities conducted by the compliance function shall include an assessment of whether sufficiently effective policies and procedures have been implemented to detect compliance risk. This also includes an assessment of preventive measures and procedures. The compliance function should be involved in and help to assess the risk related to the implementation of new strategies, organisational changes and other changes in the business.

GCCO has the overall responsibility for systems and structures within the compliance function. All business and support areas, international branches of DNB Bank ASA, companies in the DNB Group licensed under financial market regulations, and other companies as decided by GCCO must have a compliance function as part of the Group's independent second line of defence.

Group Audit

DNB's Group Audit acts as the third line of defence and assists the Board of Directors in ensuring that the quality of all important aspects of the Group's risk management is satisfactory. Group Audit receives its instructions from the Board of Directors of DNB ASA, which also approves their annual plans and budgets. Group Audit is responsible for ensuring the establishment and performance of adequate, effective risk management and internal control. Group Audit must also assess whether management processes and control measures are effective and contribute to the

Group's target attainment.

Boards and committees

Several advisory bodies have been established to help group executive vice presidents by preparing decision-making documents in addition to monitoring and control of various specialist areas:

  • → The Asset and Liability Committee (ALCO) is an advisory body for the Chief Financial Officer (CFO) for matters relating to the management of capital expenditure and the distribution of capital, as well as market and liquidity risk. In a risk management context, the committee is an arena for sharing information and coordinating the various units that handle the operative management of market and financing risk, with Group Risk Management who sets the premises for the Group's risk-taking.
  • → Three main credit committees, the Group Advisory Credit Committee (GACC), the Advisory Credit Committee for Large Corporates and International, and the Advisory Credit Committee for Small and Mediumsized Enterprises, are advisory bodies for decisionmakers in the business areas and in Group Credit Management. The committees handle and endorse credit proposals by means of personal authorisations. They are important consultative bodies for credit-related issues such as credit models, validation, risk reporting as well as business and credit strategies. GACC is headed by Group Chief Credit Officer. GACC considers credit proposals for selected borrowers that are customers of more than one business area, and advises the group chief executive and the Board of Directors when they consider large individual credit proposals. GACC plays a key role in formulating the Group's credit policy and Group standards for corporate social responsibility in connection with credit activity, and in the follow-up of credit strategies, rules for credit approval and portfolio risk management.
  • → The Financial Markets Risk Committee (FMRC) is headed by the chief market risk officer and is responsible for approving and following up principles and

procedures for activities that entail market risk for DNB Bank Group. This includes recommending market risk frameworks, approving and following up guidelines, methodologies and control related to market risk, as well as approving principles and overarching processes for risk assessments of financial instruments.

→ The Non-Financial Risk Committee (NFRC) is headed by the CRO, and aims to contribute to developing the Group's solutions within management of operational risk, compliance risk and security risk. The Non-Financial Risk Committee shall contribute to ensuring a consistent approach and joint coordination of first-line responsibility for the management of non-financial risk. The Committee exchanges information and assessments on complex individual cases in non-financial risk, such as significant operational risks and incidents, cases that may appear to be demanding regarding low compliance risk policies, and cases from international entities in DNB (such as sanctions cases).

Group chief executive and the group management team

The group chief executive is responsible for implementing risk management measures that contribute to the achievement of targets the Board of Directors of DNB ASA sets for operations, including effective management systems and internal control. The group management meeting is the group chief executive's collegiate body for management at the group level. Major decisions concerning risk and capital management are generally made in consultation with the group management team. The group executive vice presidents for the business and support areas take part in the group management meeting.

The Board of Directors and board committees

The Board of Directors of DNB ASA is the supreme governing body for the Group's business operations and is responsible for ensuring satisfactory oversight of operations, financial reporting and asset management. The Board of Directors determines and follows up DNB's long-term risk profile through the risk appetite framework.

The Board of Directors monitors the Group's capital situation on an ongoing basis. This is discussed in more detail in the chapter on capital management and ICAAP.

Each year, the Board of Directors of DNB ASA reviews the group chief executive's report on the status of risk management and control, which includes assessments of the principal risk areas in the Group. The review documents the quality of the internal control and risk management efforts, and identifies any weaknesses and needs for improvement. The Boards of Directors of DNB Bank ASA, DNB Livsforsikring AS and other major subsidiaries conduct equivalent annual assessments of the companies' internal control and key risk areas.

The Risk Management Committee

The Risk Management Committee oversees the Group's internal control and risk management systems as well as internal audit to make sure that they function effectively. The committee considers changes to systems and procedures that are presented to the Board of Directors for approval. In addition, the committee provides advice on the Group's risk profile, including risk appetite, and the committee prepares the Board of Director's follow-up of risk development and risk management. Advice to the Board of Directors can be about strategies for capital and liquidity management, credit risk, market risk, operational risk, risk related to compliance and reputation, as well as other risks in the Group. The committee consists of four members who are elected by the Board of Directors for two years at a time. DNB requires that the committee includes at least one member experienced in identifying, assessing and managing risk exposures of large, complex firms. The organisation of The Risk Management Committee and the quarterly risk management report to the Board of Directors in DNB ASA are considered to adequately cover the requirements in the countries in which DNB operates. This includes the American CFR § 252.1441), among others.

The Audit Committee

The Audit Committee supervises the process of financial reporting and considers whether the Group's internal control, including internal audit and risk management systems, works effectively. The committee shall further ensure that the Group has an independent and effective external audit. The Audit Committee reviews the DNB Group's quarterly financial statements. The committee conducts a thorough review of discretionary assessments and estimates in addition to any changes to accounting practices. The committee shall monitor internal control systems as well as the Group's internal audit, including ensuring that they work effectively, as well as evaluate changes to systems and procedures that are submitted to the Board of Directors for approval. It also deals with quarterly financial statements and proposed annual financial statements for DNB ASA and the DNB Group. Additionally, the committee deals with proposals for company and Group accounts for DNB Bank ASA and DNB Livsforsikring AS, and the company accounts of DNB Boligkreditt AS.

The Compensation and Organization Committee

The Board of Directors of DNB ASA has a Compensation and Organization Committee consisting of three members from the company's Board of Directors, and the committee normally meets six to seven times a year. One of the members is an employee-elected board member. The Compensation and Organization Committee prepares matters for the Board of Directors and is primarily responsible for:

  • → making an annual assessment of and a proposal for the total remuneration paid to the group chief executivepreparing annual proposals for targets for the group chief executive
  • → preparing and recommending proposals for remuneration of the Group Auditor

1) CFR § 252.144 - Risk-management and risk-committee requirements for foreign banking organizations with total consolidated assets of \$100 billion or more but combined U.S. assets of less than \$100 billion.

  • → ensuring that the heads of risk management and compliance control units do not have their remuneration determined in a way that affects, or is likely to affect, their objectivity
  • → being an adviser to the group chief executive regarding remuneration and other significant personnel-related matters for Group management and possibly others who report to the group chief executive
  • → assessing other matters as determined by the Board of Directors and/or the Compensation and Organization Committee
  • → reviewing other personnel policy issues that may be believed to pose a high reputation risk

The committee is also the Board of Director's preparatory body for selected issues relating to culture, management and succession planning.

Monitoring and reporting

The Group's risk situation is reported at least monthly to the group management team, and at least quarterly to the Board of Directors and the market. Group Risk Management has the primary responsibility for risk reporting in DNB. This applies to both internal risk monitoring and risk reporting to the market and authorities. All levels in the organisation shall have access to relevant, necessary risk data. Examining targets, limits and strategies is part of the internal riskreporting process.

In accordance with the requirements set by the Board of Directors, the compliance function and GCCO regularly report to the group chief executive and the Boards of Directors of DNB Bank ASA and DNB ASA on the compliance situation. Local compliance functions regularly report on the compliance situation to GCCO, as well as to the head of the area in question.

All employees in DNB have an obligation to report and deal with major events or deviations. Operational events and compliance breaches are to be registered in a loss and event

database. Actions taken in respect of all major events and compliance breaches are to be registered, and status reported to the group management and the Board of Directors.

Risk reporting to the Boards of Directors of DNB

The table shows the regular independent reports on risk and compliance to the Boards of Directors of DNB ASA and DNB Bank ASA. In addition, the Board of Directors is informed at the first meeting if there is a breach of risk appetite limits or other significant events or changes in the risk situation.

Data quality in risk reporting

As a result of experience gained during the financial crisis, the Basel Committee has designed "Principles for effective risk data aggregation and risk reporting" (BCBS 239). The principles provide recommendations for management, infrastructure, quality and control in connection with risk data aggregation and risk reporting. In 2019, DNB established the programme "Fit4Future" which will, among other things, safeguard DNB's interpretation of the principles. The programme is jointly owned and operated by Group Finance and Group Risk Management. The purpose of the programme is to ensure good governance, infrastructure, quality and control in compiling and aggregating financial and risk data. Furthermore, the program will contribute to good processes and good quality in risk reporting and financial reporting.

Risk reporting to the Boards of Directors of DNB

Frequency Reporting

Quarterly DNB Group's risk report

The report includes a broad review of the risk situation and changes to risk in the last quarter, with analyses and comments. The report is the second-line assessment of the risk situation. Key elements are risk level measured in accordance with the risk appetite framework and status of the indicators set out in the recovery plan. Any breach of the framework established by the Boards of Directors of DNB ASA, DNB Bank ASA and DNB Livsforsikring AS is also followed up through the risk report.

The Subsidiaries' risk reports

Risk reports are prepared for DNB's subsidiaries. The reports give the Board of Directors a comprehensive review of the risk picture and developments in the last quarter, with main emphasis on the most important risks. For the companies that have established their own risk appetite framework, monitoring of this is a central element of the risk reports.

Semi-annually GCCO Compliance Report

Group Compliance prepares a report on the status and development of the compliance situation for group management and the Board of Directors. The report is GCCO's independent assessment and shall provide a clear overall picture of compliance risk in the Group and form the basis for any action taken.

Operational risk in DNB Group

The report is a second-line assessment of the risk situation and the risk development within operational risk. The report is presented to group management and the Board of Directors along with the DNB Group's risk report in the first and third quarters.

Annually The ICAAP Report (Internal Capital Adequacy Assessment Process)

The ICAAP report contains a detailed description of the DNB Group's process for self-assessments of risk and the capital situation, as well as analyses and an evaluation of the status at year-end. Separate assessments and ICAAP reports for major subsidiaries are included in the Group report. The DNB Group's process for self-assessment of the liquidity situation, ILAAP (Internal Liquidity Adequacy Assessment Process), is an integral part of the ICAAP report. Group Audit performs a review of the ICAAP process in DNB, and a report containing the auditor's conclusions is considered in the same board meeting as the self-assessment.

Recovery Plan for the Group

The recovery plan, which is part of the crisis management regime for banks, is an integral part of the DNB Group's risk and capital management. Descriptions of various identified measures that could improve the Group's common equity Tier 1 capital ratio and liquidity situation in the event of a crisis, are an important element of the recovery plan. The plan is updated yearly. The status of defined recovery indicators is reported to the Board of Directors quarterly and to group management monthly.

IRB-validation Report and IRB Compliance Report

Validation is a key element in the quality assurance of DNB's IRB system. The independent unit responsible for validation examines once a year the precision of all internal models used in the calculation of capital requirements. The results are presented to the Board of Directors in the IRB-validation report.

Group Audit prepares an annual IRB compliance report showing compliance with IRB requirements. The report is considered by the Board of Directors of the bank at the same time as the IRB-validation report.

Stress testing

Stress testing is a key element in the assessment of the DNB Group's capitalisation and is also used in connection with financial planning. Stress tests are used to predict how changes in macroeconomic conditions will affect the need for capital. The group management team is involved in determining the scenarios and underlying assumptions that will be used in the stress tests and uses the outcome of such testing as a basis for strategies and action plans.

Stress testing is a second line function, and CRO has the overall responsibility for stress testing in DNB. Stress tests are presented to the Group Advisory Credit Committee or ALCO for their opinions, and are approved by the CRO. The CRO is responsible for recommending measures based on the conclusions of the stress tests.

Important stress tests that are carried out minimum annually in DNB:

  • → Extensive stress testing of the DNB Group and DNB Boligkreditt AS are carried out as a part of the annual ICAAP reporting, see the chapter on capital management and ICAAP.
  • → Crisis scenarios are being developed and tested as part of the DNB Group's recovery plan.
  • → Stress tests of specific credit portfolios are conducted on an ongoing basis.
  • → The bank regularly conducts liquidity risk stress tests to ensure that sufficient liquid assets are available to meet difficult situations in a satisfactory manner.
  • → A special stress testing program for counterparty credit risk has been established, which will reveal undesirable outcomes of the total counterparty credit risk exposure, both on a stand-alone basis and as part of the bank's credit risk exposure.

DNB participates in the stress tests of European banks coordinated by the European Banking Authority (EBA). The stress tests are conducted every other year and the next stress test will be in 2020. DNB also participates in the

CET1-ratio according to EBA's stress tests Per cent

Average of 48 European banks

15

20

Leverage ratio according to EBA's stress tests Per cent

Average of 48 European banks

"Stress tests are used to predict how changes in macroeconomic conditions will affect the need for capital." 2017 2018 2019 2020

International Monetary Fund (IMF) stress test, which is conducted every five years, and this stress test will also be conducted in 2020. In the 2018 stress tests of European banks, DNB appeared as extremely solid, compared with the 48 European banks which took part as shown in the figures on the previous side. More information can be found on EBA's website.

RISK APPETITE

The risk appetite framework forms part of the strategic management of the DNB Group and consists of limits and assessment principles for the types of risks that are of particular importance for DNB. Principles for risk appetite were updated by the Board of Directors in 2019 and are included as part of the governance principles at the highest level of DNB's hierarchy of governing documents.

The Group's risk appetite framework is decided by the Board of Directors and is reviewed and renewed at least once a year.

The risk appetite framework must be implemented throughout the organisation, by means of risk tolerances for and as a part of work with strategies and planning processes in DNB. Risk indicators have been established on lower organisational levels to underpin the limits in the risk appetite framework. The risk indicators can be in the form of limits for quantifiable risk or qualitative assessments of the risk level. They need not be based on the same measurement parameters as the ones used at the group level, but it must be possible to link them to the same risk types and measure the same trends. The procedures for monitoring risk indicators are tailored to the individual business areas and aims to ensure that risk is kept within the level stipulated in the risk appetite framework.

The risk level is measured against the risk appetite framework every month, and provides an overall summary of the risk situation in the DNB Group. The risk appetite

framework contains 15 different risk dimensions, across different risk types and business areas. The table gives an overview of the framework and associated dimensions applicable at the end of 2019.

Measurement and monitoring

Constant monitoring of risk appetite ensures that risks that are identified as the most significant at an overarching level are followed up and discussed by operative units in the organisation.

In addition, group management is given a monthly report. The status is assessed against the risk appetite limits, and appears in the form of a green, yellow, orange, or red status light. Each status has a clear meaning, and defined action rules apply in the event of the breach of limit values, as follows:

  • → Breach of the yellow limit can be handled by the Group's executive management.
  • → Breach of the orange limit can be handlet by the Group's administration, but he Board of Directors shall be informed executive management, but the Board of Directors shall be informed.
  • → Breach of the red limit must be reported to the Board of Directors on the agenda for the next board meeting. Concrete proposals for possible countermeasures shall be presented and/or proposals for extending the limits for risk appetite.

Risk types and associated dimensions in the risk appetite framework

Risk type Dimensions
Profitability and earnings → Risk-adjusted profit
→ Common equity Tier 1 capital adequacy, the DNB Group and the DNB Bank Group
Capital adequacy → Solvency margin DNB Livsforsikring AS, without transitional rules
→ Market risk as a percentage of financial capital
Marked risk → Regulatory capital requirements for market risk, DNB Bank Group and DNB Livsforsikring AS
→ Concentration risk towards industries and counterparties
Credit risk → Credit quality (expected loss), total and per customer segment
→ Annual credit growth, total credit portfolio and per customer segment
→ Liquidity Coverage Ratio
Liquidity risk → Net Stable Funding Ratio
→ Deposits to loans, DNB Bank Group
→ Operational losses
Operational risk → Forward-looking risk assessment, information security
→ Forward-looking risk assessment, IT operations
Reputation risk → Overall risk assessment, potential events and consequences

Governance principles for risk appetite

As part of the risk appetite framework, four governance principles have been defined that set out the procedures and responsibilities for the entire DNB Group.

  • → Ownership: The risk appetite framework is owned by the Board of Directors. All changes to the framework and the governance principles must therefore be approved by the Board of Directors.
  • → Responsibility: Each risk appetite statement is owned by a coordinator in Group Risk Management, who is responsible for monitoring and preparing action plans if defined risk levels are exceeded. The coordinator is also responsible for evaluating whether the measurement picks up satisfactorily on risk changes.
  • → Annual review: The risk appetite framework must be reviewed at least once a year. This review must be independent of the strategic and financial planning process.
  • → Reporting: Group management receives a monthly report on risk levels in the group in the form of a "status report". The Board of Directors receives quarterly status reports with comments and analyses.

RESOLUTION AND RECOVERY PLAN

Since 2013, the DNB Group has formulated recovery plans based on the recommendation from the European Banking Authority (EBA). The preparation of such a plan is required according to the EU's Bank Recovery and Resolution Directive (BRRD), which came into force in the EU as of 1 January 2015. From 2019 it has become a legal requirement in Norway for banks to have a recovery plan.

The recovery plan is prepared as an integrated part of the Group's risk and capital management framework and will be activated if pre-defined recovery indicators are breached. Such breaches will trigger a thorough assessment of the situation and whether actions should be implemented or not. If the bank's recovery is unsuccessful, crisis management will be carried out under the auspices of public authorities. Finanstilsynet (The Financial Supervisory Authority of Norway) will then be responsible for developing a plan for this phase. The recovery plan aims to ensure that the Group can recover from a very serious stress situation without involving or getting support from the authorities. DNB has also submitted a liquidation plan, Living Will, to the US authorities concerning its operations in the US.

DNB has a contingency plan for liquidity that includes descriptions of how the bank should handle liquidity crises that either only affect the bank or affect the entire industry. Based on the types of crises that could affect the bank's liquidity situation and assessments done by ALCO and group management, Group Treasury sets up a plan for remedying the liquidity shortfall. The plan specifies triggers and time frames for all measures that are to be implemented, in addition to the priorities with respect to funding sources and costs of alternative solutions and the possible effect on the banks' capital coverage. Possible measures may include the issuance of covered bonds through the use of available reserves in the DNB Boligkreditt AS cover pool, changing deposit terms and restricting lending, as well as pledging holdings of collateral to raise money in the

market for repurchase agreements (the repo market) and draw on central bank facilities.

DNB has a hierarchy of contingency measures as illustrated in the figure. Because the risk appetite framework functions as an early warning system, there are a number of overlaps between indicators in the risk appetite statements and recovery plans. For common indicators, red lights in a risk appetite context coincide with threshold values (recovery threshold) in the recovery plan.

The recovery plan includes:

  • → strategic analysis of the DNB Group and essential social functions performed by DNB
  • → operational and legal dependencies within and outside the Group
  • → governance processes in recovery planning and recovery plan implementation
  • → crisis scenarios that could trigger a recovery situation
  • → recovery measures that could improve the Group's capital adequacy and liquidity situation
  • → preparatory measures to ensure the effectiveness of the recovery measures
  • → communication plan in crisis situations

The recovery plan is updated annually and is then reviewed by Finanstilsynet and the DNB collegiate body2). The supervisory authorities may suggest improvements, but may also give direct orders for changes. In 2018, the group management conducted an exercise based on a crisis scenario where the recovery plan was tested. Similarly, a crisis exercise was conducted for large corporates in 2019. As part of the risk reporting, ALCO receives a monthly status report of the indicators in the recovery plan. The Board of Directors receives the status report quarterly.

2) The DNB collegiate body is composed of the supervisory boards of its subsidiary banks in the EU/EEA area

Connection between risk appetite, different preparedness measures within the Group and the recovery plan

3 Capital management and ICAAP Risk appetite

ICAAP activities in DNB through the year

  • Ongoing risk monitoring and capital adequacy assessment process
  • Risk appetite review
  • Strategy and financial targets
  • review Review of capitalisation subsidiaries Risk report Q4 Strategy and financial targets Risk report Q3 Risk report Q2 Risk report Q1 ICAAP report Strategy start-up DNB College SREP feedback Comments on SREP ICAAP is a continuous process The ICAAP report

21 Capital assessment process in DNB

  • 21 Assessment of risk profile, capital requirements and regulatory capital levels
  • 22 Systemic risk
  • 22 Internal assessments and regulatory requirements
  • 23 Stress testing of capital

Annual updating of risk appetite limits, strategy and setting of financial target indicators are important elements of the ICAAP process.

CAPITAL ASSESSMENT PROCESS IN DNB

Financial institutions are required to carry out an Internal Capital Adequacy Assessment Process (ICAAP) at least once a year. Capital adequacy assessments should be forwardlooking and take into account business plans, access to capital markets and general economic conditions. The capital adequacy assessment process must cover risks which are not included when the minimum capital requirement stipulated by the authorities is calculated, and reflect that risk quantification is based on methods and data that contain uncertainties. The Group's liquidity and funding situation must be reviewed in the Internal Liquidity Adequacy Assessment Process (ILAAP) in connection with capitalisation. The supervisory authorities do annual assessments of the ICAAP and ILAAP processes and outcomes of these Supervisory Review and Evaluation Process (SREP).

Quarterly risk reports are prepared for the Boards of Directors of DNB ASA and DNB Bank ASA and include assessments of the Group's capitalisation based on macroeconomic trends, risk exposure, the capital situation and expected future profitability. The risk reports are examined at the same time as the Group's quarterly financial report, to enable the Group's financial performance to be weighed against changes in risk.

The targets and limits in the risk appetite framework are updated and renewed in the first quarter. The assessments in ICAAP, ILAAP and feedback from the supervisory authorities through the SREP are important elements of the decision-making basis. Targets for capital adequacy, the solvency margin and liquidity risk are operationalised in the risk appetite framework. The risk appetite framework is subject to monthly review.

The Group's strategy and financial targets for the next three years are prepared in the second half of the year. The capital situation is a key element of strategic and financial planning. In the financial strategy process, the target for the Group's return on equity is converted to a required yield on allocated capital. A key principle of DNB's governance model is that the Group's capital requirements are to be fully allocated to the business areas. Economic capital, meaning capital requirements calculated by internal risk models, is one of the bases for capital allocation.

The Group's ICAAP is documented annually through a separate ICAAP report, which is presented to the Boards of Directors of DNB ASA and DNB Bank ASA and sent to Finanstilsynet (The Financial Supervisory Authority in Norway). An international supervisory collegiate body has been established for DNB and is headed by Finanstilsynet1). The ICAAP report is part of the basis for the supervisory collegiate's assessment of the DNB Group's risk and capitalisation. Several of DNB's subsidiaries prepare their own ICAAP documentation, which is included in the Group's ICAAP.

ASSESSMENT OF RISK PROFILE, CAPITAL REQUIREMENTS AND REGULATORY CAPITAL LEVELS

The capital adequacy regulations specify a minimum primary capital (own funds) requirement based on risk-weighted assets that include credit risk, market risk and operational risk. In addition to meeting the minimum requirement, the bank must satisfy various buffer requirements. For more information on minimum and buffer requirements see the chapter on capital adequacy.

Finanstilsynet conducts assessments to determine whether there is a need for additional capital to cover risk elements that are not adequately covered by the basis of calculation for the minimum requirements and the general capital requirements in Pillar 1. These are referred to as the Pillar 2 requirements. In the event of non-compliance with all requirements, including the Pillar 2 requirements, the bank will be required to give Finanstilsynet an account of

1) The DNB collegiate body is composed of the supervisory boards of its subsidiary banks in the EU/EEA area.

the reasons for the non-compliance and planned measures to address this. In such a situation, Finanstilsynet will have the same intervention options as in the event of noncompliance with the buffer requirements, but with a greater scope of action.

The main conclusion of Finanstilsynet's assessment in last year's SREP process was that, based on the prevailing risk level and external factors, the DNB Group was adequately capitalised as at 31 December 2018.

The Group's capital strategy and dividend policy justify the Group's position as one of the best capitalised financial services groups in the Nordic region. Dividends are determined on the basis of factors such as the need to maintain satisfactory capital adequacy and changes to external regulatory parameters. The Group standard for capitalisation specify the targeted capitalisation level, the frequency of reviews of the capital situation and the measurement methods that are to be used. The Group standard for capitalisation is reviewed each year based on ICAAP and feedback from the authorities through SREP.

The capitalisation of subsidiaries will reflect that equity resources should be kept as high in the group structure as possible. For the banking group, common equity Tier 1 and total capital adequacy must be in line with the Group's objectives. The capitalisation of DNB Boligkreditt AS will be aligned such that the minimum requirement, buffer requirements and the Pillar 2 capital requirement are met. An additional margin is needed to meet fluctuations in earnings and capital, which are caused by assessments of derivative contracts and of funding in Norwegian kroner. DNB Livsforsikring AS will satisfy the solvency requirements without the transitional arrangements. Foreign subsidiaries will be capitalised with an appropriate margin on the basis of capital requirement, the units' risk profiles, the level at comparable local institutions, size and maturity of financing from the parent bank and tax issues.

"The Group's capital strategy and dividend policy justify the Group's position as one of the best capitalised financial services groups in the Nordic region."

SYSTEMIC RISK

In accordance with Norwegian regulations, banks' ICAAP should include an assessment of systemic risk. In the EU's capital adequacy regulation, systemic risk is defined as the risk of disruptions to the financial system that have potentially serious consequences for the financial system and the real economy. The drivers of systemic risk are often factors that are already included in risk assessments, such as house price movements. In order to assess whether the systemic risk entails an increase in capital requirements, the measures that have already been implemented to cover such risk must be reviewed.

A high household debt-to-income ratio, high housing prices and the Norwegian economy's dependence on oil prices are factors that increase systemic risk in Norway. However, these are counteracted by other characteristic features of the Norwegian economy, such as a national currency, an independent monetary policy, considerable fiscal flexibility and a strong social security network. Risk in the housing market has been addressed by means of higher risk weights for retail mortgage loans in the calculation of the banks' capital adequacy requirements, and requirements for down payments, payments of principal and debt servicing capacity in the regulation on requirements for retail mortgage loans.

The analyses of the international rating agency Standard and Poor's (S&P) are partly based on the Banking Industry Country Risk Assessment (BICRA), which covers key systemic risk elements. Like Sweden and a handful of other countries, Norway has a very good S&P score. Furthermore, the Norwegian financial sector is relatively small in relation to most other comparable European countries. DNB therefore considers systemic risk to be relatively low in Norway.

INTERNAL ASSESSMENTS AND REGULATORY REQUIREMENTS

The key element in assessing financial strength and capitalisation is the comparison of risk with available lossabsorbing capital, including accumulated earnings. In

addition, various stress tests will be important references.

Economic Capital

DNB calculates economic capital for all of the main risk categories. Economic capital shall correspond to 99.9 per cent of unexpected losses within a horizon of one year, i.e. economic capital should reflect a "millennial loss". A simulation model is used that calculates unanticipated losses for different types of risk and for the Group as a whole. The quantification is based on historical data. If the historical data is not sufficient discretionary estimates are used. A diversification effect arises when the risks are assessed together, since it is unlikely that all of the loss events would occur at the same time. Due to the diversification effects between different risk categories and business areas, the Group's economic capital ends up being lower than it would have been if all of the business areas had been independent companies.

Comparison of internal assessments and capital requirements

The figure shows a comparison of economic capital and the regulatory minimum capital requirements in Pillar 1, which is 8 per cent of risk-weighted assets (RWA). Economic capital and regulatory policy are based on the same confidence level, the 99.9th percentile.

At the end of 2019, the internal risk calculation was lower than the regulatory minimum requirement. The difference is primarily attributable to the measurement of credit risk. The main reason for this is that 32 per cent of the credit portfolio, measured by risk-weighted assets, is measured according to the standardised approach in calculating the capital adequacy requirement. The standardised approach provides a higher risk weight than the IRB method. Internal classification models are used for calculating economic capital for all portfolios, regardless of whether the models have formal IRB approval. The credit portfolio is considered well diversified with respect to industries and therefore there is no calculated addition in economic capital for

Economic capital, DNB Group

NOK billion 31 Dec. 2019 31 Dec. 2018
Credit risk 35.3 37.5
Market risk 7.4 7.4
Market risk in life insurance 4.6 7.4
Insurance risk 0.8 1.4
Operational risk 8.8 8.9
Business risk 6.9 6.8
Gross economic capital 63.8 69.3
Diversification effect (12.1) (13.1)
Net economic capital 51.7 56.2
Diversification effect in per cent of gross economic capital 19.0 18.9

Comparison of capital requirements and economic capital, DNB Group NOK billion

concentration risks against industries. There is a small addon for concentration risk against individual customers.

The internal method for calculating market risk is more conservative than the method used to calculate the capital adequacy requirement. The main difference is that equity investments in the banking portfolio are treated as credit risk in the capital adequacy calculations, with a risk weight of 100 per cent, and corresponding capital adequacy requirement of 8 per cent. Economic capital intended for the same investments is approximately 40 per cent of the exposure. The internal market risk measurement includes elements that are not covered by the regulatory Pillar 1 requirements. These are risk aspects covered by the Pillar 2 supplement in the regulatory capital requirement.

Market risk in life insurance operations is treated separately with regard to economic capital. Asset volumes, asset mix, the size of buffer capital and the rate of return guaranteed to customers are taken into account. The model also calculates the risk of accounting losses resulting from the liability adequacy test. The liability adequacy test is used to assess whether the premium reserves are adequate to cover liabilities to policyholders. Provisions must be recorded in the financial statements if undercoverage occurs. The capital adequacy requirement for insurance operations depends on the amount of equity and other subordinated capital injected by the rest of the Group into the insurance arm. The measurement methods are therefore fundamentally different. DNB's model generally measures the risk as higher than what follows from the capital requirement.

DNB has a significant profit risk related to basis swaps in the banking activities. These are derivative contracts that are used to convert funding in foreign currency to lending in Norwegian kroner. The contracts are valued on an ongoing basis at fair value in the financial statements and affect the bank's earnings. However, since the contracts in practice fall due for payment at maturity, value fluctuations will be neutralised over the life of the contracts. The risks

associated with the value fluctuations in the basis swaps are included in the assessment of how large a margin DNB should allow to the regulatory requirements.

STRESS TESTING OF CAPITAL

At least once a year, an extensive stress test (the ICAAP stress test) is presented to the Board of Directors as a basis for evaluating whether the Group's risk profile is satisfactory. This is normally done in connection with the treatment of the Group's budget for the following year and financial plan for an additional two years, i.e. the Group's target process. The results from the target process and the ICAAP stress test are an important part of the Group's ICAAP report.

The ICAAP stress test assumes a significant deterioration of macroeconomic conditions and shows how this could affect the Group's total risk situation, profit performance and capitalisation. A stress scenario based on relevant risk factors is worked out as the basis for the annual stress test. The scenario is reviewed by ALCO and approved by the Chief Risk Officer (CRO). In the stress test, calculated loan losses are used in accordance with IFRS 9. The Group's model for calculating economic capital is used to estimate losses related to market risk and operational risk.

In the ICAAP stress test for 2020, emphasis was placed on the following macroeconomic risk factors:

  • → Strong downturn internationally.
  • → Drop in residential and commercial property prices in Norway. Falling house prices have a ripple effect in the form of weakened private consumption and investment, thus producing significantly weaker development in the mainland GDP and increased unemployment.
  • → Lower energy prices and a global downturn are affecting Norway through lower oil and gas prices and reduced traditional exports.
  • → Unrest in international financial markets, with sharp stock market declines and increased risk premiums in the money markets. Long-term interest rates fall further.

The economic shocks were converted into specific development paths for key macro variables. The most important ones are described below. Both the international crisis and the national shocks were expected to take place in early 2020. In the worst year, the macroeconomic scenario corresponds to a 50-year crisis and was set so that the bank would operate at a loss in at least one of the projection years.

The macro economic scenario and its assumptions are as follows:

  • → Mainland GDP growth drops from 2.3 per cent to minus 0.7 per cent in the first year. The mainland economy shrinks by around 2.9 percentage points in the first three years.
  • → Oil prices fall to levels between USD 30–40 per barrel, and oil investments on the Norwegian continental shelf decline significantly.
  • → The registered unemployment rate rises to around 5.4 per cent, which is higher than the level at the beginning of the 1990s.
  • → House prices fall by 30 per cent. Households respond to falling house prices, declining real wage growth and an uncertain labour market by reducing their spending and increasing their rate of savings.
  • → The key policy rate has been cut to zero, but higher money market premiums, especially in the beginning of the scenario will hold 3-month NIBOR at around 0.5 to 1.7 per cent throughout the stress test period.
  • → Global GDP growth falls steeply in 2020 and becomes negative in 2021. Norwegian exports of traditional goods and services are weakened substantially despite a weakening of the Norwegian krone.

The stress test showed negative profit in the first of the four years. The negative profit is primarily due to a drop in net interest income and substantial impairments. Common equity Tier 1 capital ratio drops to 15.6 per cent in the first year. Positive results contributes to restore it to 19.2 per cent towards the end of the period.

In addition to DNB's own stress testing, Finanstilsynet carries out an annual stress test of DNB. American regulatory requirements for stress testing are therefore fulfilled according to CFR § 252.1462) .

"The ICAAP stress test is a basis for evaluating whether the Group's risk profile is satisfactory."

2) CFR § 252.146 - Capital stress testing requirements for foreign banking organizations with total consolidated assets of \$100 billion or more and combined U.S. assets of less than \$100 billion.

DNB seeks to maintain well-diversified funding, which includes a broad deposit and funding base from personal and commercial customers. However, the Norwegian funding market is relatively small, and DNB relies on international funding in various currencies. In 2019, DNB had good access to both long-term and short-term funding. After market turmoil at the beginning of the year, credit spreads narrowed throughout the rest of the year. With the issuance of large volumes of long senior debt in the fourth quarter, the Group is well equipped to meet upcoming MREL requirements.

  • 25 Developments in liquidity risk in 2019
  • 26 Funding
  • 27 Liquidity portfolios
  • 28 Management and control of liquidity risk
  • 28 Stress testing of liquidity risk
  • 29 Ratings

DEFINITION

Liquidity risk is the risk that the Group will be unable to meet its obligations as they fall due, or will be unable to meet its liquidity obligations without a substantial rise in associated costs. Liquidity is vital for financial operations, but as a rule this risk does not materialise until other events give rise to concern about the Group's ability to meet its financial obligations

Liquid assets NOK billion 546 (490)

Total long-term debt securities NOK billion

Average LCR in 2019 Per cent 136 (125)

DEVELOPMENTS IN LIQUIDITY RISK IN 2019

DNB had good access to both long-term and short-term funding throughout 2019. Despite market turmoil at the beginning of the year, activity was high and DNB covered a large part of the Group's refinancing requirements for long-term funding in the first quarter. Credit spreads increased at the beginning of the year, but then narrowed throughout the rest of the year. At the end of the first quarter, the US government yield curve was inverted, indicating market expectations of a recession. Trade wars and uncertainty surrounding Brexit reinforced this impression. Rising long-term US government bond yields reduced fears of recession in the third quarter. At the start of the fourth quarter, the European Central Bank (ECB) resumed quantitative easing. DNB was a very active issuer of senior bonds toward the end of the year with a view to accommodating the upcoming MREL regulation.

The Minimum Requirement for own funds and Eligible Liabilities (MREL) is an EU requirement stating that banks must have a minimum amount of own funds and eligible liabilities that can be written down or converted into equity (bail-in) when a bank is close to liquidation. On 1 January 2019, the new rules on deposit guarantees and crisis management took effect. The regulation to the Financial Services Regulation provides further rules on how the minimum requirement for convertible debt (MREL requirement) shall be determined for the individual bank, including that it must be fulfilled by liabilities with lower priority than ordinary liabilities, often called senior nonpreferred debt. The MREL requirement became known to DNB in the fourth quarter. The Group has announced that it will have NOK 157 billion in senior non-preferred debt by the 30 June 2020 deadline. Until the end of 2022, ordinary senior debt issued by DNB Bank ASA prior to 1 January 2020 and which meet specific criteria can contribute to fulfilment of the requirement. With the large uptake of senior debt in the fourth quarter of 2019, DNB is well positioned to meet the MREL requirement.

The CRR/CRD IV regulations stipulate that institutions must at all times have a liquidity reserve (Liquidity Coverage Ratio, LCR) of at least 100 per cent for all currencies combined. This means that an institution's holdings of liquid assets must at least correspond to the net liquidity outflow in a situation of stress in the money and capital markets for a 30-day period forward in time. The LCR stayed well above the minimum requirement of 100 per cent throughout 2019 and reached 138 per cent at the end of December. In addition, there is a minimum requirement for LCR of 50 per cent in NOK and 100 per cent in other significant currencies. The table shows the LCR in the main currencies and in total at year-end 2018 and 2019.

The long-term liquidity risk target (Net Stable Funding Ratio, NSFR) defines illiquid assets, including lending to customers, which must be funded by stable funding sources. Customer deposits, equity and borrowing with more than 12 months of residual maturity are considered to be stable funding sources. DNB has established an internal target for NSFR and it is measured monthly. The NSFR was 112 per cent at the end of the year for the DNB Bank Group.

LCR development, significant currencies, DNB Bank Group

Per cent EUR USD NOK Total
31 December 2019 227 220 62 138
31 December 2018 190 243 65 117

Issued senior debt and covered bonds, DNB Bank Group

Senior unsecured bonds Covered bonds
NOK Billion NOK Currencies NOK Currencies
31 December 2019 16.0 206.7 67.3 365.6
31 December 2018 6.7 147.5 70.9 380.8

DNB Group 2019 — Risk and capital management

4 Liquidity risk and liability management

FUNDING

The DNB Bank Group's total net long-term debt securities was NOK 656 billion at the end of 2019, compared with NOK 606 billion the previous year. Ordinary senior bond funding is mainly issued through the European Medium Term Note (EMTN) programme. Senior bond programmes have also been established in US dollars and Japanese yen. Covered bonds programmes have also been established in Europe and the USA.

The national covered bond market in Norway has become larger than the Norwegian government bond market and is as liquid. Covered bonds are an important instrument for long-term funding in DNB and are issued by DNB Boligkreditt AS. Investors are provided with security in the company's portfolios of mortgage loans. Covered bonds have proved to be a more robust and lower priced funding instrument in turbulent periods than ordinary senior bonds.

The figure at the top shows the maturity profile of DNB's long-term funding at the end of 2019, divided between senior unsecured bonds and covered bonds. The maturity profile is essentially the same as at the end of last year, but with an increased maturity of senior debt, which is due to a large uptake of senior debt in 2019.

At year-end 2019, the average residual maturity for debt securities issued was 3.7 years, compared to 4.1 years at the end of 2018. This reduction is largely attributable to the uptake of senior debt in 2019 with an average maturity of 3.7 years. This debt is qualified in accordance with the MREL requirement until 2022, and must be refinanced within that time senior non-preferred debt (Tier 3). The average maturity has been around 4 years in the last few years. The figure shows the development in average term to maturity for long-term funding of senior unsecured bonds and covered bonds.

Deposits are the bank's largest source of funding and contribute to stable funding over time. The DNB Bank Group's

Long-term funding, maturity profil, DNB Bank Group NOK billion

Year

"DNB was a very active issuer of senior bonds toward the end of the year with a view to accommodating the upcoming MREL regulation."

deposit to loan ratio, measured as customer deposits as a share of net lending to customers, and following adjustment for short-term money market positions, decreased from 58.2 per cent at the end of 2018 to 57.9 per cent at the end of 2019. Among other things, this decrease is due to higher lending volumes to personal banking customers, which have a somewhat lower deposit to loan ratio.

DNB uses a number of short-term commercial paper programmes for short-term funding. These programmes provide good access to short-term funding. Using multiple funding channels contributes to greater flexibility to meet investors' interests. DNB is a bank with a good credit rating in a strong economy, and attracts substantial funds from other banks, central banks and money market funds. The funds include deposits and excess liquidity from national and international banks, which, together with commercial paper funding, serve as a short-term liquidity buffer.

Pledged assets

The use of covered bonds has contributed to raising awareness of asset encumbrance. The proportion of loans secured by pledged assets is high in Norway. This is because Norway does not have an effective securitisation market and almost all loans are kept on the banks' balance sheet. In addition, there is a high rate of home ownership in Norway and this ownership is loan-financed. DNB's current level of pledged assets is comfortable considering the Group's diversification, capitalisation and liquidity.

At the end of 2019, pledged assets amounted to NOK 539 billion, corresponding to 22 per cent of the DNB Bank Group's balance sheet.

More information on pledged assets is available in the additional Pillar disclosures

LIQUIDITY PORTFOLIOS

As an element of its ongoing liquidity management, DNB needs to hold securities in the form of bonds as well as other liquid assets, such as deposits in other banks and central banks. Among other things, the securities are used as collateral for short-term loans from central banks and are an element of the liquidity buffers for ensuring fulfilment of regulatory liquidity requirements. Total liquid assets amounted to NOK 546 billion at the end of 2019, against NOK 490 billion at the end of 2018.

The bond portfolio

The bank's bond portfolio consists of an international portfolio and a Norwegian sub-portfolio. At year-end 2019, the total bond portfolio amounted to NOK 180 billion.

The Norwegian portfolio amounted to NOK 88 billion. Of this, NOK 39 billion comprised of Norwegian government securities and other level 1 assets issued by the public sector. Other level 1 assets in the form of covered bonds accounted for NOK 46 billion while the remainder consisted of level 2A assets. Level 1 and level 2A refer to the categorisation of liquid assets within the LCR framework, where level 1 represents the most liquid assets.

The international liquidity portfolio totalled NOK 92 billion at year-end, consisting of a trading portfolio and a banking portfolio.

The trading portfolio amounted to NOK 36 billion with AA rating or better. Public sector bonds aggregated to 69 per cent of the portfolio and the remainder consisted of covered bonds. The weighted average maturity of the trading portfolio was 2.3 years and the change in value resulting from a one basis point change in spreads was NOK 8.8 million at year-end 2019.

Customer deposits (NOK billion) Ratio of deposits to loans (per cent)

Ratio of deposits to loans adjusted for short-term money market investments in New York (per cent)

Liquid assets, DNB Bank Group, 31 December 2018 Per cent

Liquid assets by currency, DNB Bank Group, 31 December 2019 Per cent

The banking portfolio amounted to NOK 53 billion. It was established in 2019 and changes in market value are recorded as Other Comprehensive Income (OCI)1). The portfolio was entirely comprised of public sector bonds of which NOK 49 billion had AA rating or better. The weighted average maturity of the banking portfolio was 3.7 years and the change in value resulting from a one basis point change in spreads was NOK 19.5 million at year-end 2019.

MANAGEMENT AND CONTROL OF LIQUIDITY RISK

The Group's risk appetite framework defines the limits for liquidity management in DNB. Internal limits are established for the LCR, NSFR and ratio of deposit to loan for the banking group. Risk appetite is operationalised through DNB's liquidity strategy and limits. These must be approved by the Board of Directors at least once a year.

The group policy for risk management is elaborated in a standard for management of liquidity risk and sets out more detailed requirements for organisation, the division of responsibilities and risk reporting. Group Risk Management is responsible for the second line of defense for liquidity risk.

In line with the bank's operations in general, liquidity risk should be low and bolster the bank's financial strength. This implies that the bank should seek to have a balance sheet structure that reflects the liquidity risk profile of an international bank with AA level long-term credit ratings issued by recognised rating agencies. Maintaining a low risk profile calls for adequate diversification of the sources of funding with respect to both contractual counterparties and instruments.

The DNB Bank Group's liquidity risk management is centralised and has been delegated to DNB Bank ASA.

1) Other comprehensive income, or OCI, consists of items where changes in value affect the balance amounts, but the effect is not reported in the income statement.

The liquidity risk in branch offices and subsidiaries is consolidated in the banking group's balance sheet and included in the basis for the banking group's liquidity management. Liquidity risk within the banking group is managed on both the consolidated and individual levels. DNB ASA is funded by the banking group and its primary function is to be a financially sound and mainly equitybased owner.

The subsidiaries in DNB ASA, DNB Livsforsikring AS and DNB Asset Management, manage and administrate customer assets. This management is covered by internal liquidity rules in the respective companies.

Group Treasury is responsible for providing funding to subsidiaries and branch offices outside Norway. DNB Bank ASA and DNB Boligkreditt AS have entered into a bilateral agreement that regulates the coordination of funding and liquidity between these two entities. Group Treasury is responsible for ensuring that the Group stays within the liquidity limits at all times. This unit is also in charge of managing the bank's liquidity portfolio. Group Treasury's liquidity risk responsibilities are part of the Group's first line of defence.

The organisation of liquidity management in DNB is based on a clear authorisation and reporting structure and is in conformity with CRR/CRD IV. The Boards of Directors of DNB Bank ASA and DNB ASA set the limits and guidelines and regularly review the bank's liquidity risk. Liquidity limits are determined annually or more often when needed. The principles and limits for liquidity management are drawn up by Group Treasury and Group Risk Management and are described in the note on Limits and Strategy for Liquidity Risk Management in DNB Bank Group. These are endorsed in the Asset and Liability Committee (ALCO) before being decided by group management and the Board of Directors.

The limit structure for liquidity risk is in conformity with the structure in the EU capital requirements regulations. The

liquidity risk is controlled internally through the short-term liquidity risk requirement, LCR, as well as the long-term structural liquidity risk target NSFR. In addition, the Group has limits for internal liquidity indicators that supplement LCR on a shorter and longer horizon. The objective of the liquidity risk limits is to reduce the bank's dependence on short-term funding from domestic and international money and capital markets. The reason for this is that funding from such sources tends to be more credit and market sensitive than ordinary deposits.

The liquidity risk and the utilization of liquidity limits are reported regularly and monitored by Group Treasury, the risk management unit in DNB Markets and Group Risk Management. LCR, its limits and operational liquidity are reported daily, whereas NSFR and its limits are calculated and reported monthly. LCR, NSFR and the ratio of deposits to loans are reported monthly to ALCO and group management and quarterly to the Board of Directors through the Group's risk report.

The risk management unit in DNB Markets is responsible for reporting deviations from liquidity risk limits to the relevant parties and committees. Deviations from the limits for LCR and NSFR are immediately reported to Group Treasury, Group Risk Management, and to the group executive vice president in DNB Markets and the Chief Financial Officer (CFO). The CFO then reports to group management and ALCO. Deviations are reported to the Board of Directors at least quarterly as part of the Group's risk report.

The credit ratings of the underlying securities in the bond portfolio are continuously monitored and reported. Monitoring of market risk in the liquidity portfolio is discussed in the chapter on market risk.

A contingency plan for liquidity has been prepared and is discussed in the chapter on risk management and control in DNB.

STRESS TESTING OF LIQUIDITY RISK

The bank conducts regular stress tests to ensure that DNB has sufficient liquid assets to cope with difficult situations in a satisfactory manner. The bank must periodically assess the assumptions on which liquidity risk management is based. Among other things, this implies a reappraisal of the assets the bank holds that can be classified as liquid, and that can be used as collateral in Norges Bank (the Central Bank of Norway), or other central banks. The degree to which assets defined as stable meet the requirements for stability in a stressed situation is also assessed. Stable liabilities are the portion of the bank's funding that are not deemed likely to fluctuate substantially in the short-term. Examples include deposits from customers, equity capital and longterm covered bonds.

DNB simulates the liquidity effect of a downgrading of the bank's credit rating due to one or more negative events. The results of the stress tests are included in the bank's contingency plan for liquidity management during a financial crisis. The effects that a financial crisis lasting for up to 12 months could have on liquidity are tested. The stress tests differentiate between a financial crisis that only affects the bank, a systemic crisis that affects the banking industry in general, and a combination of the two. The stress factors are continuously assessed by Group Treasury in connection with the implementation of the stress test.

The need to strengthen DNB Boligkreditt AS' cover pool in a stressed situation is quantified in an extended stress test. This stress test estimates the bank's potential liquidity exposure in the event of a steep fall in housing prices combined with a major change in the market value of the derivative contracts between DNB Boligkreditt AS and DNB Bank ASA. A weakening of the Norwegian krone is the factor that has the greatest effect on changes in the value of the derivative contracts. This counterparty credit risk is reported weekly and is closely monitored and managed by Group Treasury.

A reverse liquidity stress test is used to identify circumstances that could drain the bank's liquidity reserves in the longer term. The combined stress scenario described above is used as the point of departure. In addition, it is assumed that there will no longer be a market for issuing and refinancing covered bonds, and that the bank experiences that large corporate customers withdraw their deposits. A calculation is then done to determine the amount of deposit attrition among private individuals and small businesses the bank can withstand in the course of 30 days before its liquidity reserves become negative.

The stress tests are performed each quarter, and the results are reported to the bank's Board of Directors. The stress tests provide information about potential challenges to the funding situation and form the basis for the Group's contingency plans, including the setting and possible adjustment of liquidity limits.

The liquidity stress tests in DNB are considered to cover all requirements relating to liquidity risk in all countries in which DNB operates. This includes the principles and requirements of the Basel Committee and the US CFR article 252.1452).

RATINGS

Credit ratings are forward-looking and reflect how future events could impact the issuer's creditworthiness. The credit rating represents the rating agencies' assessment of the issuer's capacity and willingness to meet financial obligations on time. Strong credit ratings issued by recognised rating agencies are thus important for ensuring predictable, flexible access to funding.

2) 12 CFR § 252.145 - Liquidity risk-management requirements for foreign banking organizations with total consolidated assets of \$250 billion or more and combined U.S. assets of less than \$100 billion

A short-term credit rating is an expression of the probability of an issuer failing to meet its financial obligations in the current year, and of the expected financial loss resulting from non-fulfilment of the obligations. A long-term credit rating is an expression of the same probability but over a period of one year or more.

In January 2019, the rating agency Standard & Poor's (S&P) upgraded DNB's short-term credit rating from A-1 to A-1+ and the long-term credit rating from A+ to AA-. This means that DNB has a long-term AA credit rating from both Moody's and S&P.

Credit Ratings of DNB Bank ASA

Rating agency Rating Latest rating report Latest rating action
Standard & Poor's Short term: A-1+
Long term: AA
Outlook: Stable
Resolution Counterparty Rating: AA- (LT)		 S&P rating report – January 2019 22 Jan. 2019
Moody's Short term: P-1
Long term: Aa2
Outlook: Negative
Counterparty Risk Rating: Aa1 (LT)		 Moody's Credit Opinion – January 2019 16 Mar. 2016
Dominion Bond Rating
Service (DBRS)¹⁾		 Short term: R-1 (middle)1)
Long term: AA (low)1)
Outlook: Stable1)		 DBRS rating report – August 2018 29 Sep. 2015
Scope Ratings¹⁾ Short term: S-11)
Long term: AA-1)
Outlook: Stable1)		 Scope rating report – March 2018 2 Feb. 2017

1) Unsolicited rating

"DNB has a long-term AA credit rating from both Moody's and Standard & Poor's."

5 Credit risk

DNB's credit portfolio remained stable throughout the year. The portfolios of retail mortgage loans and loans to small and medium-sized enterprises in Norway grew steadily and incurred very low losses. The large corporate customer portfolio has been rebalanced, and the exposures to shipping and oil related industries have been substantially reduced. There are still challenges in the offshore sector, despite a slight improvement in the oil price and higher rates in some segments. Funding and liquidity are assured for most of DNB's customers in this sector for the next few years.

  • 31 Developments in credit risk in 2019
  • 32 Developments in credit risk in selected industries
  • 35 Capital requirements for credit risk
  • 36 Overview of credit exposures
  • 40 Internal ratings-based (IRB) approach
  • 43 Exposure for IRB portfolios
  • 47 Standardised approach
  • 48 Management and control of credit risk
  • 50 Investment in securitisation

DEFINITION

Credit risk is the risk of financial losses due to failure on the part of the Group's customers (counterparties) to meet their payment obligations towards DNB. Credit risk is attached to all claims against customers, primarily loans, but also liabilities in the form of other extended credits, guarantees, interest-bearing securities, undrawn credits, derivative trading and interbank deposits. Credit risk includes concentration risk, which is the risk associated with large exposures to a single customer and clusters of commitments in geographical areas or industries, or with homogeneous customer groups.

1) Excluding institutions, government, central banks, equity positions and exposure in associated companies

enterprises Personal customers

Capital requirement

NOK billion 65.6 (71.9)

Economic capital NOK billion

Net impairments NOK billion

DEVELOPMENTS IN CREDIT RISK IN 2019

DNB's total credit portfolio amounted to NOK 1 987 billion in EAD at the end of the year, and is approximately equally distributed between corporates and personal customers. There were no significant changes in the portfolios in 2019. Credit exposure towards more volatile sectors such as oil, gas, offshore and shipping was further reduced. The efforts to reduce risk concentrations towards these sectors is completed. Impairments on credit exposures were very low throughout the year, ending at NOK 2.2 billion. The level of new impairments according to IFRS 9 stage 3 was slightly lower than last year. For more information, see the overview of developments in credit exposures and impairments later in this chapter.

The figure shows developments in the credit portfolio measured in EAD. The bank's credit portfolio increased by NOK 38 billion in 2019. This growth was mainly distributed between loans to small and medium-sized enterprises in Norway, and retail mortgage loans in Norway. Loans to small and medium-sized enterprises grew by 6 per cent where factoring and car financing accounted for the bulk of the growth. The quality of the portfolio was good and remained virtually unchanged throughout the year. The retail mortgage loan portfolio increased by just under 4 per cent. The number of defaults in the retail mortgage loan portfolio is very low.

The credit card portfolio is very limited compared to the bank's size, and accounted for just under 3 per cent of EAD at year-end, slightly lower than at the end of 2018. Credit card defaults and losses are low and manageable. DNB has deliberately not been particularly active in the segment and emphasises accountability and social responsibility in future commitments.

The large corporates and international portfolio was reduced by 2.1 per cent in 2019. Exposures to shipping and oil, gas and offshore were reduced by 11 per cent during the year. These segments still have a somewhat larger

proportion of exposures classified as high risk than other credit portfolios. The rest of the large corporates and international portfolio maintained a stable, good quality. See also the review of selected industries in the following pages.

DNB maintains a branch office in Grand Cayman, which is under the New York office. The bank's operations directed at the corporate market will be moved to DNB New York. When this process is completed, DNB will only have money market and liquidity management activities at the Grand Cayman branch.

Corporate social responsibility in DNB's credit approval process

Corporate social responsibility assessments are a key part of DNB's credit decisions Environmental, Social and Governance (ESG) are assessed on an equal basis as financial analyses in the extension of credit and are important parameters on an equal basis as debt servicing capacity. DNB's long-term profitability is dependent on its customers also integrating corporate social responsibility into their strategic choices. By requiring customers to be accountable, DNB can both make a positive contribution to society, while also reducing risks to our customers and to the bank. DNB has adopted models for assessing companies' sustainability risk. ESG guidelines have been established for the most important industries. The reporting and follow-up of ESG in the credit process have also been further developed in 2019. For all exposures with a value of more than NOK 50 million, risk levels for ESG associated with the loan are registered.

1) Excluding institutions, government, central banks, equity positions and exposure in associated companies 2) EAD from the internal follow-up of credit risk. All credit exposure is measured by internal models.

Terms used in the discussion of credit risk

  • → Gross commitment, or exposure (in connection with capital requirements), is the total credit exposure before impairment, collateral and conversion factors. It is the sum of deducted amounts and off-balance sheet items such as unused limits and guarantees.
  • → Net commitment is the same amount, calculated after impairments.
  • → Exposure at default (EAD) indicates the share of the approved commitment that is expected to be drawn at the time of any future default, at the same time as there is a downturn in the market, if that value is more conservative than the long-term average. EAD is the sum of the drawn amount and off-balance sheet items multiplied by a conversion factor (CCF) and is calculated before impairments.
  • → The probability of default (PD) is the calculated probability that a customer will not be able to service their credit within the next twelve months. PD is calculated on the basis of a combination of financial and non-financial factors and forms the basis for internal risk classification of the customers. Defaulted exposures are automatically assigned a PD of 100 per cent. The PD applied in capital adequacy calculations will be relatively stable over time (through-the-cycle), while PD used in the calculation of Expected Credit Losses (ECL) will vary with actual default rates (point-in-time). In addition, the bank calculates the lifetime PD to reflect the probability of default over the expected life time of the loan, which is used to allocate stage in the calculation of expected losses.
  • → Loss given default (LGD) indicates how much the Group expects to lose if customers fails to meet their obligations. The LGD that is applied in the capital adequacy assessment is computed assuming there is a major downturn in the market, and that value

should be more conservative than the long-term average. The models take into account the collateral pledged by the customer, future cash flows and other relevant factors.

  • → Expected loss (EL) indicates the average annual expected losses over a business cycle, including inherent safety margins and cyclicality that are taken into account in the bank's IRB models. EL is calculated as EL = PD x LGD x EAD. Under normal circumstances, this figure should be higher than the actual losses.
  • → Expected credit loss (ECL) calculates expected losses based on the expected business cycle. ECL is calculated as ECL = PD x LGD x EAD, where both PD and LGD should correspond to the actual observed level, and projected values depend on the bank's view of future macroeconomic development. DNB's model for calculating expected credit losses is based on IRB models, but adjusted for inherent security margins and cyclicality so that the estimates are point-in-time.

In the internal follow-up of credit risk, internal models are used to calculate CCF (EAD), PD and LGD for all credit commitments, regardless of whether they are approved for calculating capital requirements. EAD and other key figures may thus differ slightly between statements showing the development in the credit portfolios and what appears in the capital adequacy statement.

In the internal follow-up of credit risk, credit exposures are grouped based on calculated PD. The breakdown is defined as follows:

  • → Low risk: PD 0.01 0.75 per cent.
  • → Moderate risk: PD 0.75 3 per cent.
  • → High risk: PD over 3 per cent, also includes defaulted exposures where PD=100 per cent.

DEVELOPMENTS IN CREDIT RISK IN SELECTED INDUSTRIES

The industries that DNB monitors especially closely either due to the size of the portfolio, or because they are seen as challenging and/or cyclical, are oil, gas and offshore, commercial real estate, shipping and retail industries. The portfolios are described in more detail below. Measured by EAD, DNB's retail mortgage loans portfolio comprised 45 per cent of the bank's credit portfolio and is described below.

Retail mortgage loans

DNB's retail mortgage loans portfolio mainly consists of loans for financing of homes in Norway. DNB's market share has shown a slight downward trend in recent years and was 24 per cent at the end of 2019. A total of 78 per cent of the bank's portfolio in Norway belonged to DNB Boligkreditt AS at the end of 2019, which served as the basis for issuing covered bonds.

DNB's retail mortgage loans portfolio was of high quality, and 80 per cent of the loans were classified as low risk at year-end 2019. There have been few defaults in the retail mortgage loans portfolio. At year-end 2019, the percentage of defaulted loans was 0.2 per cent of the portfolio, which is the same as the previous year.

The regulation on requirements for residential mortgage lending was extended with effect from 1 January 2020. This is a measure designed to counter the strong growth in housing prices and household debt, especially in Oslo. Financial institutions may grant loans that do not meet all of the criteria in the regulation for up to 10 per cent of the value of total approved loans. For loans secured with collateral in homes in Oslo, the limit is set to a maximum of 8 per cent deviation. DNB monitors lending practices closely to ensure compliance with the regulations in all parts of the bank.

Development in retail mortgage loans, EAD NOK billion

Loan-to-value retail mortgage loans, granted volume Per cent

The loan-to-value ratio (LTV) is a measurement of the degree to which a collateral object, such as a property, is loan-financed. For the retail mortgage loans portfolio, the loan-to-value ratio is calculated as the loan's share of the property's market value. Short-term bridge financing is not included in the calculation. The market values of all the homes are updated quarterly. The weighted average LTV for all of DNB's Norwegian retail mortgage loans was 60.1 per cent at the end of 2019, compared with 60.3 per cent one year earlier. The figure shows an object-oriented distribution of the retail mortgage loans portfolio. That is, all loans associated with the same property are included in the calculation, and the total lending volume per security object is placed in the same loan ratio.

Commercial real estate

Measured in EAD, the commercial real estate portfolio, excluding residential property, constituted 10 per cent of DNB's total credit portfolio. The portfolio increased by NOK 15 billion in 2019. Credit quality within commercial real estate was good throughout the year. The share of high risk increased marginally, and was just over 4 per cent at the end of the year. Defaulted exposures accounted for less than 1 per cent. DNB has limited exposure to the shopping centre sub-segment due to uncertainty regarding developments in retail trade.

The high price levels for office properties in the most attractive locations have helped push prices upward in Oslo and the other larger Norwegian cities. The high rental rates and growth in rental prices in this segment are expected to continue. In the logistics market segment, there is a growing demand for efficient and modern logistics properties.

In the second half of 2019, we changed our market outlook from positive to neutral for financing office property. This is because, on the demand side, tenants require shorter leases and greater flexibility in area use. Turnover-based

rental contracts have become more common, where the landlord and the tenant share the risk and the profit. Tenants are also more concerned with the environment today than just a short time ago. They want buildings with a good indoor climate and low energy consumption. This results in increased investment needs, and many owners of older buildings cannot compete as well for tenants. The shorter technical service life of buildings increases the risk to the landlord and indirectly to the lender. The measures that DNB has implemented to reduce this risk are lower loan-to-value ratios and good assessments of the expected value development of the properties.

Oil, gas and offshore

Measured in EAD, the oil, gas and offshore credit portfolio accounted for 5 per cent of DNB's overall credit portfolio. The volume of the portfolio was reduced by NOK 6 billion during the year, and credit quality remained virtually unchanged. Since 2015, the oil-related portfolio has had a higher proportion of defaults, and higher risk, than DNB's other credit portfolios. At the end of 2019, counterparties classified as high risk (including defaults) accounted for 31 per cent. The proportion of defaulted exposures was 13 per cent. The oil and gas sub-segment has good credit quality, and mainly all exposures in this segment are classified as low or medium risk.

Oil prices rose throughout 2019 and came in at USD 66 per barrel at year-end. At the end of the year, producers of land-based shale oil in North America experienced a more limited access to the capital markets. This is especially true for small and medium-sized enterprises, and may indicate that investors are becoming impatient to receive returns in the form of dividends after several years of high investment. This has led to a somewhat greater investment activity directed at offshore oil production, although onshore production in North America continues to increase. The United States is now the world's largest producer of oil and gas ahead of Russia and Saudi Arabia. The high

activity in the United States has led to a surplus of US liquid natural gas (LNG), which is now being exported to Europe and Asia, and has led to a significant drop in gas prices. Demand for oil is expected to gradually level out and eventually decline as measures aimed at reducing greenhouse gas emissions begin to take effect. It is uncertain whether we will see this effect around 2025 or 2030. Currently, the demand for oil continues to increase, reaching around 100 million barrels a day in 2019.

Development in commercial real estate, EAD NOK billion

Shipping

The shipping portfolio amounted to 3.5 per cent of DNB's total credit portfolio at the end of 2019. The credit quality in this portfolio improved throughout 2019, and the proportion of high risk was sharply reduced from 21 to 12 per cent. Defaulted exposures accounted for 2 per cent of the portfolio.

The fundamental conditions in shipping are currently predominantly positive, with strong earnings in several of the major segments. An exception is the dry bulk market, which picked up somewhat during the year, but still has earnings around or just above break-even levels. On the supply side, there is moderate growth in the order book of new vessels, which corresponds to 9 per cent of the fleet, the lowest level since the early 2000s. In addition, part of the fleet was out of operation in the latter part of 2019, and will continue to be so well into 2020 due to the installation of exhaust cleaning systems (scrubbers) to comply with new sulphur emissions requirements came into force on 1 January 20201). Despite generally positive conditions in shipping and the prospect of a solution to the US–China trade war, there is growing uncertainty about the pace of growth in the world economy, which could adversely affect shipping markets.

The tanker market developed very strongly through the fourth quarter. This was driven by high exports from the US, especially to Asia, along with the effects of IMO 2020 mentioned above. The sulphur regulation is also increasing the demand for cleaner fuels, which is positive for shipping of crude oil and oil products. Container market volume growth has been weak this year, and freight rates have seen a slight downward trend, while charter rates (leasing of ships to line operators) have increased by 37 per cent compared to the same period last year (Alphaliner index).

1) The International Maritime Organization's new regulation for marine fuels (IMO 2020).

Fleet growth is low, and with normal demand trends, the outlook is moderately positive. The market for the transportation of liquefied natural gas (LNG) is strongly increasing, and fleet growth has been high at times. The rates rose in the third quarter and remained at a high level in the fourth quarter, above the average rates from 2018. For liquefied petroleum gas (LPG) there is very good fleet utilisation and good rates. The outlook is moderately positive in the gas segments.

Retail industries

Measured in EAD, the credit portfolio associated with wholesale and retail trade companies accounted for 2.6 per cent of DNB's total credit portfolio at the end of 2019. Historically, DNB has had a robust and profitable portfolio in retail industries, geographically concentrated in Norway, Sweden and Denmark. Credit quality was good throughout 2019. The proportion of defaulted exposures remained unchanged at 5 per cent at year-end, while the proportion of high risk increased slightly to 12 per cent.

In 2019, retail industries developed differently in Norway, Sweden and Denmark. In Norway, trade fell slightly, while it increased in Sweden and remained unchanged in Denmark. The trend where specialised chains are losing ground to low-price chains with a wide offering continued in 2019. The growth in e-commerce was on a lower level in Norway compared with Sweden and Denmark.

In all three countries, the shift away from physical stores to e-commerce, and the competition from e-commerce in general, is a major challenge. There has been an excess of new stores, and the number of bankruptcies is at a high level. Competition from national and international e-commerce results in high price transparency, which contributes to a negative margin development for the stores, that at the same time have challenges with high Nordic costs. In addition, there is competition from border trade, outlet and brand stores. The retailers have to go through a

transformation that includes multi-channel operation where there is a good integration between the physical store and the stores web site. At the same time the stores should offer new experiences for the customers, to get their attention.

Development in shipping, EAD NOK billion

Chemical and product tankers Container Crude oil tankers Dry bulk Gas (LNG and LPG) Other shipping RoRo/PCC

Development in retail industries, EAD NOK billion

CAPITAL REQUIREMENTS FOR CREDIT RISK

The total capital requirement for credit risk in the DNB Bank Group at the end of 2019 came to NOK 65.6 billion, a reduction of NOK 6.2 billion compared to the year before. Capital requirements for credit risk reported according to the standardised approach were reduced by NOK 3.2 billion and the capital requirement for the IRB portfolio was reduced by NOK 3 billion.

The figure shows the change in the risk-weighted calculation base for DNB Bank Group's credit portfolio, distributed among the most significant portfolios.

  • → The reduction in risk-weighted assets for corporate IRB approach was mainly connected to the defaulted portfolio, where the reduction was NOK 35 billion. This was due to both a decline in defaulted volume and an increase in impairments. In addition, the work on data quality improvements has contributed to a reduction of risk-weighted assets.
  • → The reduction in risk-weighted assets for corporates reported according to the standardised approach is mainly due to the sale of Luminor Group AB. In addition, a bigger part of the corporate portfolio was reported according to the IRB approach.

Development in risk-weighted assets, credit risk, DNB Bank Group NOK billion

NOK million Nominal
exposure		 EAD Risk weights,
per cent		 Risk-weighted
assets		 Capital
requirement
31 Dec. 19		 Capital
requirement
31 Dec. 18
IRB approach
Corporate 965 259 800 350 48 381 718 30 537 33 716
Specialised Lending (SL) 12 219 11 675 54 6 281 503 526
Retail - mortgage loans 796 424 796 424 22 173 664 13 893 13 617
Retail - other exposures 98 656 83 466 25 20 663 1 653 1 727
Total credit risk, IRB approach 1 872 559 1 691 915 34 582 327 46 586 49 587
Standardised approach
Central government 330 557 375 095 0 80 6 12
Institutions 221 692 147 190 23 33 334 2 667 3 664
Corporate 181 664 147 058 79 116 497 9 320 11 824
Retail - mortgage loans 61 381 58 205 48 28 061 2 245 2 539
Retail - other exposures 128 473 47 692 74 35 149 2 812 2 958
Equity positions 10 601 10 544 91 9 546 764 774
Other assets 20 251 19 454 80 15 513 1 241 508
Total credit risk, standardised approach 954 618 805 237 30 238 180 19 054 22 278
Total credit risk 2 827 177 2 497 152 33 820 507 65 641 71 865

OVERVIEW OF CREDIT EXPOSURES

Definition of default

DNB's definition of a defaulted portfolio conforms with the IRB rules: An exposure is deemed to be in default if an owed amount is more than 90 days overdue, the overdue amount is significant, and the default is not due to delays or incidental circumstances that affect the counterparty. In DNB, a "significant overdue amount" is defined as more than NOK 2,000. The amount for credit cards is NOK 200.

An exposure should also be classified as defaulted if the bank:

  • → due to a weakening of the counterparty's creditworthiness, records an impairment loss representing a not insignificant amount
  • → due to a weakening of the counterparty's creditworthiness, sells a claim at a discount and the discount represents a not insignificant amount
  • → expects debt settlement, bankruptcy proceedings or public administration to be opened against the counterparty
  • → agrees to changes of terms and conditions, due to the counterparty's payment problems, and assumes that it will reduce the value of the cash flow by a not insignificant amount
  • → has other reasons for expecting that the payment obligation will not be met (anticipated default)

Anticipated default arises when there is a probability that ordinary business operations will not give the customer sufficient debt-servicing capacity to meet all of its debt obligations. The factors used to evaluate debt servicing capacity include:

  • → sufficient cash flow to service all financial obligations, including an assessment of refinancing risk
  • → the probability that new capital will be injected
  • → the possibility of sale of assets

The rule for corporate customers is that if there is a default event, the customer is deemed to have defaulted on all their loans. If there are controlling interests or financial ties between multiple companies (debtors) in a corporate group, the default of one debtor will result in all of the debtors being defined as being in default. For personal customers, a default of one agreement will result in all agreements of the same type being considered to be in default, for example, if one mortgage loan is in default, all mortgage loans will be considered to be in default.

The definition of defaulted credit exposures used in the financial statements (IFRS) is somewhat different from the one used in the calculations of capital requirements. Exposures that are restructured to avoid default are classified as performing in accordance with IFRS, while they are reported as in default with regard to capital adequacy requirements.

In September 2016, the European Banking Authority (EBA) published new recommendations on the definition of defaulted exposures. DNB will follow the recommendations and will start phasing in new rules for defaults in 2020. The changes include clarification of the definition of anticipated default, contagion between agreements to the same debtor, materiality threshold levels and a required minimum disqualification period after defaulted exposure has been reclassified as performing. This will lead to changes for DNB and will have consequences for the interpretation and reporting of defaults and for the bank's IRB models. The deadline for fulfilment of the recommendation is 1 January 2021.

Gross exposure by customer segment, industry segments and countries

Gross exposure for the DNB Bank Group, was NOK 2 827 billion at the end of 2019. The figures show gross exposure split by customer segment, industry and country.

Loans and credit extended to personal customers accounted for 44 per cent of DNB's gross exposure, the same level as at the end of last year. Corporate lending amounted to 47 per cent. Exposures to government, central banks, equity positions and other assets are excluded from the figure showing customer segments.

Most of DNB's credit portfolio is linked to Norway or Norwegian customers. Norwegian-related exposures accounted for 75 per cent of the portfolio at year-end 2019. More detailed information can be found in the additional disclosures to this report.

The corporate loan portfolio is well diversified among different industries. The largest sub-portfolio is lending to commercial real estate, which represented 17 per cent of gross corporate lending at the end of 2019.

Exposures with forbearance measures

Exposures with forbearance measures are defined as credit exposures where the loan terms have been changed as a result of the customer having financial problems.

Exposures with forbearance measures include both defaulted and performing exposures. The purpose of forbearance measures is to assist the customer through a financially challenging period. It is a prerequisite that customers must be expected to be able to meet their obligations at a later date.

Gross exposure split by customer segments, DNB Bank Group, 31 December 2019 Per cent

Gross exposure split by country, DNB Bank Group, 31 December 2019 Per cent

Norway 75 % Sweden 8 % Rest Europe 8 % USA and Canada 5 % Other countries 4 %

Gross carrying amount, corporate portfolio split by industry segments, DNB Bank Group, 31 December 2019 Per cent

  • Commercial real estate 17 % Residential property 10 % Bank, insurance and portfolio management 10 %
  • Oil, gas and offshore 10 %
  • Services 8 %
  • Manufacturing 7 %
  • Retail industries 6 %
  • Power and renewables 5 %
  • Fishing, fish farming and farming 5 %
  • Shipping 4 %
  • Other 18 %

The most common forms of forbearance are:

  • → changing the term of the loan
  • → loan refinancing
  • → debt forgiveness, including forgiveness of overdue interest payments
  • → deferment of overdue interest payments

Forbearance is an element of DNB's strategy for limiting losses. Procedures for handling these exposures have been incorporated in the credit process. Operative guidelines have been prepared describing the procedures in the business units for identifying, analysing and approving forbearance cases. The development in the volume of exposures with forbearance measures is reported quarterly to the Boards of Directors of DNB ASA and DNB Bank ASA.

The DNB Bank Group's total gross forborne exposures were reduced by NOK 5.3 billion during 2019 and came in at NOK 35.6 billion at the end of the year. Restructuring and sale of exposures in the offshore portfolio contributed significantly to the decline in both the defaulted and the performing part of the portfolio.

Impairments and defaults

The term default as used here is based on the accounting definition (IFRS). Exposures that are restructured to avoid default are classified as performing according to this definition, while they are reported as in default with regard to IRB regulations. See the text box for a more detailed definition of defaults.

A credit exposure shall be assessed for impairment in stage 3 as soon as a loss event occurs that provides objective evidence of a reduced future cash flow for servicing the loan. Loss events include:

  • → significant financial problems
  • → payment defaults or other material breach of contract
  • → the approval of deferred payment or new credit to pay instalments
  • → agreed changes to interest rates or other loan terms

due to financial problems or the likelihood that the borrower will enter into debt negotiations

→ other financial restructuring, or if the borrower is subject to bankruptcy proceedings

When calculating expected credit losses, all credit exposures are divided into three groups:

  • → Stage 1: Includes exposures that have not experienced a major negative development in PD since the agreement was signed. According to IFRS 9, an expected credit loss is to be calculated for the next twelve months.
  • → Stage 2: Includes exposures with significant negative development in PD compared to PD upon entering into the agreement. In addition, it includes loans with PD between 5 and 40 per cent, forbearance, and for personal customers loans that are between 30–60 days overdue. For these, an expected credit loss is calculated over the entire life of the agreement.
  • → Stage 3: Includes defaulted loans. As for stage 2, an expected credit loss is calculated over the entire life of the agreement.

For the exposures in stages 1 and 2, expected losses are estimated using DNB's ECL model, which is based on internal models for EAD, PD and LGD and on forecasts for future economic development. For stage 3, the impairments are calculated individually per customer, and without the use of models. The impairments in stage 3 are calculated as the difference between the carrying amount and the present value of estimated future cash flows discounted at the original effective interest rate. Estimated future cash flows are based on the development of the customer's exposure, the value of collateral, previous experience with the customer, the probable outcome of the negotiations and expected macroeconomic developments that will affect the customer's expected cash flow. For further information on DNB's calculation of impairment in accordance with IFRS 9, see note 5 in DNB's annual report.

The figure shows the trend in net impairments in 2019. Net

Gross carrying amount with forbearance measures, DNB Bank Group

NOK million 31 Dec. 2019 31 Dec. 2018
Exposures with forbearance measures not in default 23 438 25 540
Exposures with forbearance measures in default 12 133 15 299
Total exposures with forbearance measures 35 571 40 839

Development in net impairments, DNB Bank Group NOK million

Personal customers Corporate customers

impairments are the sum of all impairments during the period minus all reversals made during the same period. In the third quarter, a major impairment loss was recorded for a customer in the travel industry.

Accumulated impairment losses

The figure shows the change in accumulated impairment losses on the balance sheet according to IFRS 9 from year-end 2018 to year-end 2019. Accumulated impairment losses amounted to NOK 11.6 billion at the end of the year, the same level as the previous year.

Defaulted exposures

Defaulted exposures in the DNB Bank Group decreased by NOK 4.5 billion in 2019 and amounted to NOK 15.0 billion at year-end. This corresponds to approximately 0.8 per cent of the loan portfolio. About half of DNB's defaulted exposures are in the offshore portfolio. The defaulted volume in this segment was reduced by NOK 2.0 billion in 2019 and amounted to NOK 7.4 billion at year-end. The reduction was due to a combination of exposures reclassified as performing and sales of exposures.

The figure shows the distribution of net defaulted exposures by industry segments. More detailed information can be found in the additional disclosures to this report.

Past due loans and overdrafts

The table shows overdue amounts on loans and overdrafts on credits/deposits broken down by the number of days after maturity. Overdue loans and overdrafts on credit lines/deposit accounts are monitored on an ongoing basis. In cases where it has been determined that the customer's ability to pay is likely to be reduced, the exposure is assessed for impairment. In most cases where there is determined to be no need for impairment, the main reason is that the value of the mortgaged asset exceeds the outstanding balance on the loan. The reduction in past due loans and overdrafts on credits over 90 days that we experienced in 2018 continued in 2019. The reduction was

Development in accumulated impairment of loans and financial commitments, DNB Bank Group NOK billion

Retail industries Commercial real estate Shipping

Power and renewables Manufacturing Other sectors

Past due exposures not subject to impairment, gross carrying values, 31 December 2019

NOK million ≤ 30 days > 30 days
≤ 60 days		 > 60 days
≤ 90 days		 > 90 days
≤ 180 days		 > 180 days
≤ 1 year		 > 1 year
Loans 12 476 2 265 600 1 298 3 921 4 132
Debt securities - - - - - -
Total exposures 12 476 2 265 600 1 298 3 921 4 132

just under NOK 1 billion. This reduction suggests that the challenging period certain industries have been through appears to be over.

Historical developments in annual net impairment losses

The figure shows the net annual impairment losses as a proportion of lending for the period 1959–2019. From 1992, net impairment losses are also broken down between personal and corporate customers, excluding the public sector and credit institutions. The period from 1987 to 1993 is referred to as the Norwegian banking crisis and stands out from other years. Other years that stand out are 2009, when the financial crisis led to increased losses, such as those linked to Baltic operations, and 2016 when DNB was compelled to record substantial impairment losses on the oil-related portfolio.

Net impairment losses per year, 1959-2019 Per cent

"The period from 1987 to 1993 is referred to as the Norwegian banking crisis and stands out from other years with regard to impairment losses."

INTERNAL RATINGS-BASED (IRB) APPROACH

DNB started using internal credit risk models in 1995. The models approved for credit risk measurement in capital adequacy are fully integrated into the bank's internal risk management tools. DNB uses the Advanced IRB (A-IRB) approach for its corporate portfolios. The Foundation IRB (F-IRB) approach is not used. There is no distinction between A-IRB and F-IRB for retail.

The table shows the reporting methods used for the different credit portfolios in DNB, distributed among asset classes.

Reporting methods for credit portfolios in DNB

Asset class Main reporting
methods
Corporate and Specialised Lending (SL) A-IRB
Retail, mortgage loans IRB
Retail, other exposures IRB
Governments and central banks Standardised approach
Institutions Standardised approach
Equity positions and other assets Standardised approach

The IRB approach is used in the corporate portfolio for most exposures in the DNB Bank Group. The majority of the retail mortgage loan portfolio is reported using the IRB approach. The retail other exposures portfolio is reported using the IRB approach and largely consists of credit cards.

The purpose of the IRB system is to ensure sound risk management and fulfilment of capital adequacy requirements. This calls for high quality and transparency throughout the value chain. The Board of Directors assesses the need for capital on the basis of risk measurements and an overall evaluation of operating parameters and business and strategic targets. IRB value chain must be validated to determine whether the authorities' requirements and

internal quality requirements have been met. The validation will thus both verify the adequacy of the IRB system and identify needs for improvement.

A standard has been established for the decision-making process for risk classification and quantification models that sets out the guidelines for all work on classification models in DNB. Suggested changes and new models must be presented to the Group Advisory Credit Committee (GACC) for consideration, and any changes must thereafter be approved by the Chief Risk Officer (CRO). As a condition, affected parties are expected to have been involved in the process. The independent unit in charge of validating the IRB models also needs to do an assessment before any decision is made. Group Audit does not play any role in the development of IRB models, but prepares an annual IRB compliance report which contains an assessment of whether DNB's IRB system fulfils external requirements. Group Audit normally does an independent assessment when applications for new IRB models are submitted.

Measured by RWA including counterparty credit risk, 71 per cent of the credit portfolio was reported according to the IRB approach at year-end 2019, compared to 69 per cent at year-end 2018. The figure shows the distribution of asset classes in the IRB portfolio.

Areas of application for the IRB models are:

  • → capital adequacy calculations
  • → decision-support in the credit process
  • → setting limits in the risk appetite framework and credit strategies
  • → risk measurement and ongoing reporting
  • → pricing risk and measuring portfolio profitability
  • → basis for models for stress testing and IFRS 9 expected credit loss

Risk classification

DNB divides its performing credit portfolio into ten risk categories based on the Probability of Default (PD) for the exposures. The risk classification should reflect the longterm risk of the customer and exposure. Defaulted exposures are assigned a PD of 100 per cent.

DNB's models for classifying risk on individual customers are adapted to industries and segments, and are updated if calibrations show that their explanatory power has diminished.

DNB's models reflect the fact that different variables give the best explanations for risk in different portfolios. As far as possible, DNB's IRB models are developed based on historical data using statistical methods. This is the case for the models used for retail mortgage loans and small and medium sized enterprises. There tends to be less and less available data the farther back in time. A distinction is therefore made between data used to develop models and the data used for calibrating them. The historical data used for calibration purposes covers a longer period, that also includes a major economic downturn. There are fewer customers and few defaults in the large corporate customer portfolio. These models are therefore developed as a combination of statistical methods and expert assessments. DNB also uses simulation models that are developed specifically for companies where the most important source of debt payment is income generated by the unit's assets.

The PD level in the models should reflect the expected average default frequency over a full business cycle. By the same token, the EAD and LGD models should reflect the average exposure and loss rate during an economic downturn if those are more conservative than the long-run average. DNB is required to include the Norwegian banking crisis, which occurred in the period from 1988 to 1993, when calibrating models. The estimates in the models are adjusted for uncertainties, and conservative approaches are applied, to ensure that the models are more likely not to underestimate the risk over time.

Asset classes in the IRB portfolio, EAD, DNB Bank Group, 31 December 2019 Per cent

Special requirements for DNB's IRB models

Finanstilsynet (Financial Supervisory Authority of Norway) has stipulated that, in practice, PD level in the large corporate customer portfolio should provide a virtually invariable capital requirement irrespective of economic conditions. In addition, a floor has been set for LGD which makes the simulation models more conservative than that warranted by the statistical basis.

Finanstilsynet has set requirements for the PD level in the retail mortgage loans portfolio by defining the level during recessions, in addition to weighting good and bad economic periods. There is a minimum PD requirement of 0.2 per cent for all credit agreements. Finanstilsynet has also issued requirements for LGD levels. As a result of these requirements, the risk-weights for the retail mortgage loans portfolio are much higher than they would have been if they had been based on unbiased estimated PD and LGD.

Models used in IRB reporting

For an overview of the IRB models used by DNB, please see the additional Pillar 3 disclosures. The tables in the overview display a brief description of the models, and comments are included where models have been adjusted to meet requirements issued by Finanstilsynet.

A new model was implemented in 2019 to replace an existing model associated with the small business segment. During 2018, updated calibration levels for the PD and LGD models were prepared for large corporate customers. An application for approval is pending with Finanstilsynet.

In order to comply with a new regulation for the definition of default, effective from 1 January 2021, new calibration levels will be prepared for all models. DNB will apply to Finanstilsynet for permission to use the new calibration levels during the first half of 2020.

The work towards incorporating updated calibration levels for the models due to the new definition of default has begun. The new definition of default is applicable from 2021.

Validation of IRB models

Independent validation is a key control function of DNB's IRB system. A prerequisite for the IRB approval is that the IRB system, with the IRB models, are tested (validated) at least annually by an entity that is organisationally independent of the model development process and business areas. The validation results provide a basis for assessing whether the Group's calculations of credit risk and capital requirements are sound. Risk-mitigating measures are recommended in cases where validation results indicate a need for improvement. The results of this work are presented annually to DNB's Board of Directors.

The validation process should enable the bank to assess the performance of the IRB system and the models in an appropriate and consistent manner. DNB has a total of 33 IRB models of various complexity and varying degrees of automation. Validation is carried out on the basis of a model life cycle consisting of six elements: design and development, input data, implementation, model use, performance and control. Each element is evaluated for each model, except for control, which is jointly evaluated across all IRB models.

The six elements included in the validation are assessed using qualitative and quantitative methods. Validation of control is a qualitative analysis that will provide an assessment of whether control of the models is consistent and useful throughout the life cycle of the model. In the validation conducted in 2019, emphasis was placed on governing documents, model documentation and the model owner's monitoring of the IRB models.

The assessment of the model's performance consists largely of quantitative analyses, with a particular focus on the rating of borrowers' creditworthiness (discriminatory power) and estimation of the level of the risk parameters (proper calibration). A PD model with good discriminatory power can to a large extent distinguish between customers who default on their loan obligations and those who do not. An LGD model should be able to predict which defaulted credit exposures will result in relatively large and small losses.

Validation of the calibration level should provide an assessment of whether the risk parameters are set at the correct level. Level requirements vary between the risk parameters. The PD level should reflect the expected average default frequency over a full business cycle. The LGD level should correspond to the loss severity during an economic downturn if this level is more conservative than the long-run average. For EAD, the level should be based on loan exposures at default during an economic downturn, if this level is higher than the average level for a full business cycle.

Level requirements mean that we should expect deviations between predicted and observed levels in given periods. Whether the deviations are acceptable depends on the business cycle in which the given period occurs. When LGD level should correspond to the loss severity during an economic downturn, the loss rate observed during a normal period should be lower than LGD. The same applies to EAD.

Validation results

Validation results of 2019 are being processed. Once the Board of Directors has approved the results, they will be posted in the additional Pillar 3 disclosures. The comments and figures in this section are based on the 2018 validation results. Counterparty credit risk is included in the validation of IRB models.

DNB's credit risk classification

Risk
grade		 From
PD		 To
PD		 Moody's Standard
& Poor's
1 0.01 0.10 Aaa - A3 AAA - A÷
2 0.10 0.25 Baa1 - Baa2 BBB+ - BBB
3 0.25 0.50 Baa3 BBB÷
4 0.50 0.75 Ba1 BB+
5 0.75 1.25 Ba2 BB
6 1.25 2.00
7 2.00 3.00 Ba3 BB÷
8 3.00 5.00 B1 B+
9 5.00 8.00 B2 B
10 8.00 Defaulted1) B3, Caa/C B÷, CCC/C

1) PD in risk grade 10 goes to maximum 40 per cent

The figures show predicted PD at the beginning of the year compared with the observed default rate during the year for the largest portfolios. Other results are shown in the additional Pillar 3 disclosures.

The observed default rate throughout the period has been lower than the predicted PD for the retail mortgage loans portfolio. The increase in the PD level in 2016 is due to the implementation of new requirements from Finanstilsynet. The observed values for the SME portfolio were also lower than those predicted for the period. The observed default rate among large corporate customers is volatile because there are so few customers and defaults in the portfolio.

The figures show the results of the LGD validation that affect the largest portfolios. The observed loss rate for the customers who defaulted during the year is the sum of the customers' total losses as a percentage of the customers' total defaulted exposures. The observed loss rate is compared with the customers' predicted LGD from the beginning of the year. This predicted LGD level is based on defaulted customers and will normally give a higher level than for the entire portfolio, which also includes healthy customers. The exception is the figure for large corporates which, due to few defaults, shows the level of the entire healthy portfolio at the beginning of the year.

The observed loss rate is considerably lower than the predicted LGD for all the models in the retail mortgage loans portfolio. For SME and the large corporate customer portfolios, many of the defaults were not completed when the results were calculated. Until the defaults are completed, estimated loss rates will therefore be uncertain and may change. For the large corporate customers portfolio, close to two-thirds of the volume was still in default, while less than a third of all SME customers were still in default in this period.

EXPOSURE FOR IRB PORTFOLIOS

The proportion of DNB's credit portfolio reported according to the IRB approach amounted to NOK 1 670 billion at the end of 2019. The risk parameters DNB uses to measure risk in the large corporate and retail mortgage loans portfolios are different from those that have been approved for calculating capital adequacy according to the advanced IRB approach. The approved models have mandatory mechanisms that ensure more stable capital adequacy requirements over time, and that the calibration levels are more conservative. More risk-sensitive risk models are preferable for internal management purposes.

The tables show key figures used in the capital adequacy calculation. The key figures for the IRB portfolio are displayed without counterparty credit risk. The counterparty credit risk in the IRB corporate portfolio amounted to NOK 22 billion at year-end 2019.

PD distribution in the IRB portfolios

The tables show the different risk parameters for the IRB portfolios distributed by PD intervals used in the CR6 table in EBA's guidelines for Pillar 3 reporting. Both PD and LGD are EAD weighted.

The mortgage loans portfolio has remained stable throughout 2019. The proportion of the IRB retail mortgage loans portfolio that has a PD below 0.5 per cent is 43 per cent, and virtually unchanged from the previous year. Finanstilsynet does not allow agreements in the IRB retail mortgage loans portfolio to have a PD lower than 0.2 per cent. The exposure in the performing portfolio, measured in EAD, rose about 3 per cent in 2019. The proportion in default is slightly lower compared to year-end 2018 and was 0.2 per cent. The reduction in average risk weight is due to a positive migration during the year.

For just under 43 per cent of the volume in the IRB corporate portfolio, PD was lower than 0.5 per cent, compared with 41 per cent the previous year. For 10 percent of the portfolio,

IRB retail mortgage loans

31 December 2019 31 December 2018
EAD,
NOK billion		 PD, % LGD, % Risk weight, % EAD,
NOK billion		 PD, % LGD, % Risk weight, %
PD 0.00 to 0.15 - - - - - - - -
PD 0.15 to 0.25 93.9 0.20 18 7.9 88.4 0.20 18 7.8
PD 0.25 to 0.50 248.8 0.30 20 11.4 247.1 0.31 20 11.6
PD 0.50 to 0.75 201.9 0.60 20 18.8 195.6 0.61 20 19.2
PD 0.75 to 2.50 192.8 1.32 21 32.5 187.3 1.35 21 32.9
PD 2.50 to 10.00 55.5 3.30 21 57.4 51.6 3.40 21 58.1
PD 10.00 to 100.00 2.1 14.36 22 117.8 1.9 14.77 22 115.8
Performing portfolio 795.0 0.86 20 21.5 771.9 0.87 20 21.6
PD 100.00 (Defaulted exposure) 1.4 100.00 10 218.8 1.5 100.00 24 222.3
Total 796.4 1.03 20 21.8 773.4 1.06 20 22.0

IRB corporate portfolio

31 December 2019 31 December 2018
EAD,
NOK billion		 PD, % LGD, % Risk weight, % EAD,
NOK billion		 PD, % LGD, % Risk weight, %
PD 0.00 to 0.15 81.9 0.07 27 14.7 80.0 0.08 28 16.8
PD 0.15 to 0.25 67.3 0.19 25 24.8 59.5 0.20 26 25.7
PD 0.25 to 0.50 189.6 0.37 24 30.7 177.4 0.38 23 32.2
PD 0.50 to 0.75 120.2 0.60 25 39.2 114.1 0.61 23 37.6
PD 0.75 to 2.50 204.5 1.38 25 53.0 219.5 1.36 24 53.7
PD 2.50 to 10.00 93.4 4.47 27 80.7 93.8 4.58 26 84.3
PD 10.00 to 100.00 11.3 16.99 29 132.4 5.8 13.96 27 123.4
Performing portfolio 768.2 1.37 25 43.3 750.2 1.29 25 44.4
PD 100.00 (Defaulted exposure) 22.2 100.00 37 181.4 27.3 100.00 30 269.8
Total 790.5 4.15 26 47.2 777.4 4.75 25 52.3

PD is lower than 0.15 per cent.

IRB credit portfolio

A security buffer of 5 percentage points was added to the LGD estimates for some of the LGD models for small and medium-sized enterprises. Despite this, the risk weight of the performing portfolio dropped from 44.4 to 43.3 per cent during 2019. This is mainly attributable to the introduction of the SME discount in Norway as of 31 December 2019. Without the SME discount, the average risk weight for the performing corporate portfolio was 0.3 percentage points lower than last year. Growth in EAD linked to the low risk portfolio contributed to a reduction in average risk weight.

IRB portfolio distributed by industries

The table shows an overview of the IRB portfolio distributed by different industries. The reduction in EAD in the manufacturing, shipping and oil, gas and offshore segments can be seen in the context of the rebalancing of the portfolios in volatile industries. The increase in the share of defaults for the hotel, cruise and tourism segment is mainly due to the default of one large customer. For other developments, the description of developments in the credit portfolio is shown in general and for selected industries at the beginning of this chapter.

31 December 2019 31 December 2018
Performing portfolio Performing portfolio
NOK Million EAD EAD
default, %		 Weighted
PD, %		 Weighted
LGD, %		 Risk
weight, %		 EAD EAD
default, %		 Weighted
PD, %		 Weighted
LGD, %		 Risk
weight, %
Commercial real estate 175 113 0.7 0.93 24 37.0 156 761 0.5 1.00 21 34.8
Shipping 53 662 2.4 1.86 27 64.1 64 016 4.5 1.90 29 69.0
Oil, gas & offshore 94 518 13.0 2.52 24 54.9 103 685 15.0 2.03 26 57.1
Power & Renewables 41 090 0.0 0.52 29 33.4 43 566 1.0 0.53 29 33.4
Healthcare 38 949 0.0 0.65 23 34.5 37 651 0.0 0.63 23 37.0
Public sector 1 334 0.0 0.12 23 7.6 1 378 0.0 0.10 22 7.5
Fishing, fish farming and farming 43 605 1.0 0.97 25 35.8 36 158 0.5 0.95 23 35.6
Retail industries 40 731 6.0 1.48 28 45.4 41 125 6.5 1.44 28 48.0
Manufacturing 61 498 1.0 1.55 26 44.1 68 558 3.4 1.10 25 43.0
Technology, media and telecom 29 539 0.1 0.96 30 44.3 35 095 0.2 1.29 30 50.9
Hotel, cruise & tourism 21 184 5.2 1.07 19 34.9 17 308 0.4 1.08 18 32.8
Services 51 060 2.1 2.20 27 56.2 45 388 2.0 1.85 26 51.6
Residential property 64 936 0.6 1.30 24 36.0 63 289 0.8 1.23 21 35.6
Construction 20 099 2.9 2.37 29 47.6 17 596 4.6 1.68 28 48.2
Transport road/rail 19 318 0.6 1.14 25 42.8 13 879 0.6 0.99 26 46.0
Bank, insurance and portfolio management 27 057 2.0 1.00 25 38.3 25 741 0.3 1.29 24 44.6
Other 6 770 1.5 1.24 31 55.6 6 222 0.8 1.20 30 54.8
Total Corporate portfolio 790 465 2.8 1.37 25 43.3 777 415 3.5 1.29 25 44.4
Retail mortgage loans 796 424 0.2 0.86 20 21.5 773 419 0.2 0.87 20 21.6
Other exposures to personal customers 83 466 1.8 1.28 33 22.8 87 560 1.7 1.26 33 23.0
Total 1 670 355 1.5 1.12 23 31.7 1 638 395 1.8 1.08 23 32.3

The table shows the EAD weighted PD for the performing IRB corporate portfolio distributed by industry segment and country. The geographic distribution is based on the customers' addresses.

The EAD weighted PD is higher in the Norwegian portfolio because it includes a large sub-portfolio of small and medium-sized enterprises. In addition, a substantial part of both the shipping portfolio and the offshore portfolio is associated with Norway. At the opposite end lies the Swedish portfolio which only comprises large corporate customers and has little exposure to cyclical industries. The table showing EAD distributed by country can be found in the disclosures to this report.

IRB corporate portfolio, weighted PD for the performing portfolio, split by industry segments and countries

Norway Sweden Rest of Europe North America Other
Countries		 Total 2019 Total 2018
Commercial real estate 0.95 0.40 1.19 0.23 0.00 0.93 1.00
Shipping 2.10 2.60 1.60 1.06 2.18 1.86 1.90
Oil, gas & offshore 2.13 1.42 2.12 3.13 4.21 2.52 2.03
Power & Renewables 0.16 0.72 0.34 0.60 1.89 0.52 0.53
Healthcare 3.66 2.18 0.75 0.38 0.74 0.65 0.63
Public sector 0.42 0.03 0.00 0.00 0.00 0.12 0.10
Fishing, fish farming and farming 0.87 0.26 0.84 1.64 1.62 0.97 0.95
Retail industries 1.52 1.76 1.05 0.09 0.00 1.48 1.44
Manufacturing 2.23 0.77 0.51 1.32 1.41 1.55 1.10
Technology, media and telecom 1.43 0.65 0.99 0.11 0.33 0.96 1.29
Hotel, cruise & tourism 1.43 1.25 1.19 0.59 1.73 1.07 1.08
Services 2.45 1.67 1.40 10.82 4.77 2.20 1.85
Residential property 1.33 0.80 0.00 0.00 0.00 1.30 1.23
Construction 2.48 0.87 0.62 0.00 0.15 2.37 1.68
Transport road/rail 1.15 0.68 1.01 0.00 0.00 1.14 0.99
Bank, insurance and portfolio management 1.31 0.66 0.86 0.59 0.00 1.00 1.29
Other corporate customers 2.01 2.01 0.80 0.48 0.33 1.24 1.20
Total corporate portfolio 1.38 1.11 1.28 1.30 2.25 1.37 1.29

Annual migration in the IRB portfolios

Risk classifications of all customers to which DNB has credit exposure must be completed at least once a year. The figures show how volumes, measured by EAD, in the IRB corporate and retail mortgage loans portfolios migrated between risk categories the last year. Positive figures indicate migration to better risk categories. Migration is measured for customers to which the bank has had exposure for the entire year.

Comparison of expected loss and actual value adjustments

The figures below show Expected Losses (EL) at the beginning of the year compared with new impairment losses in IFRS 9 stage 3 recorded during the year for the largest IRB-approved portfolios in the DNB Bank Group. EL is calculated using the key figures that are used in the capital adequacy calculation.

EL for the retail mortgage loans portfolio increased, while the impairments remained very low.The increase in EL in 2016 was due to requirements set by Finanstilsynet, that the average LGD should be at least 20 per cent at portfolio level, and that PD should be minimum 0.2 per cent at agreement level. Actual value adjustments are significantly lower than EL.

In the corporate portfolio, both EL and actual value adjustments were reduced in 2019. The decrease in EL was mainly due to data quality improvements in the registration of collateral. The impairments were reduced in 2019 as a result of reversals of previous impairments.

Comparison by expected and actual value adjustment, IRB retail mortgage loans NOK billion

<=-5 -4 -3 -2 -1 0 1 2 3 4 >=5 Downgrading Improvement

Comparison by expected and actual value adjustments, IRB corporates NOK billion

0

1) Figures for 2019 are without counterparty credit risk.

STANDARDISED APPROACH

DNB reports the portfolios that are not IRB approved using the standardised approach. In addition, exposures that could have been reported according to the IRB approach, but on which DNB does not have sufficient data, are reported by means of the standardised approach. Finanstilsynet has granted an exception from the IRB approach for governments, central banks and equity positions. Other portfolios reported according to the standardised approach are considered to be temporary exceptions. This applies to, among other things, exposures to housing cooperatives in Norway and the credit portfolio in DNB's subsidiary in Poland.

Measured by EAD, 32 per cent of the DNB Bank Group's credit portfolio was reported following the standardised approach at the end of 2019. Estimated risk-weighted assets and capital adequacy for the portfolios reported according to the standardised approach are presented in the section on capital adequacy.

In the standardised approach, external credit ratings for foreign government risk and public administration outside Norway, as well as international banks and credit institutions, are used to set risk weights. That is, the exposure categories governments and institutions. The ratings are based on the country ratings and are generally set as the middle of the ratings from Moody's, Standard & Poor's and Fitch.

"In the standardised approach, external credit ratings are used to set risk weights for foreign government risk and public administration outside Norway, as well as international banks and credit institutions."

MANAGEMENT AND CONTROL OF CREDIT RISK

The risk appetite framework defines maximum limits for credit exposure. Limits have been set for annual growth, risk concentrations and credit quality. An upper limit for growth, measured in terms of EAD, is set for each customer segment. To control concentration risk limits are set for credit exposure on individual customers and on industry segments. The limits for credit quality are defined as limits for expected losses and applies to all types of credit risk. Expected losses are measured using internal credit risk models.

The risk appetite framework is operationalised through credit strategies for the individual customer segments. In addition, risk indicators are established and used for monitoring managers on all levels. To read more about risk appetite, please see the chapter on risk management and control in DNB.

Decision-making process and authorisations

Group Risk Management is responsible for independent control and monitoring of the quality of credit portfolios and the effectiveness of the credit process. Group Credit Management is part of Group Risk Management and is responsible for establishing the framework for the credit process, and for credit management in all business areas.

Each business area is responsible for managing its own credit activities and portfolios within the confines of the risk appetite limits and credit strategies. To ensure effective, high-quality decisions, DNB has established multiple levels of credit approval authorisations. The levels are based on the size, complexity of the credit, the required expertise and the risk involved.

The "two pairs of eyes" principle should be used in connection with all extension of credit. This means that a credit is approved by one person based on a recommendation from another person. In cases where the requested credit exceeds a specific level, the decision must be endorsed

by a credit officer in Group Credit Management. For the smallest credits in the corporate segment, however, automated risk classification can replace one of the "pairs of eyes".

For large corporate customers, there is work in progress to digitise the credit process. For customers with a low risk classification, the process of credit application will be simplified and more automated for less complicated cases.

Authorisations

All credit approval and endorsement authorisations are personal. The exception is the Board of Directors which approves credit proposals as a collegiate body. The Board of Directors decides credit applications of an extraordinary nature. These are primarily credit applications corresponding to more than 10 per cent of the bank's equity or particularly complex cases presenting challenges of principle. If the decision-maker is not sure whether the credit is within the limit of his/her authorisation, or if the credit is of an unusual nature or raises concerns about ethical or reputational issues, the matter must be escalated to a higher level decision-making body.

Advisory committees from an independent risk organisation are advisory function for business area grantees. The Group Advisory Credit Committee (GACC), led by the group chief credit officer, considers applications with common interest across business areas.

In the personal banking market, credit applications should, as a rule, be processed using automated measurement and decision-support systems. Applications from low-risk personal banking customers with good debt-servicing ability and a moderate debt/asset ratio are approved automatically. The process automatically collects data on income, debt and assets, as well as updated information about the value of the collateral in connection with refinancing existing loans and issuing pre-qualification letters.

Credit decisions in DNB

The group chief executive has delegated credit-approval authorisations to the business areas and Group Risk Management. These are exercised in a decision-making system where the business area approves the application and Group Credit Management endorses decisions up to the board level on behalf of Group Risk Management.

Independent control

Credit risk review is an independent second-line function, established to control and supervise the compliance with credit standards, credit strategies and credit regulations. Credit risk review performs controls in all the bank's credit areas. Credit risk review findings are used to implement improvement in daily credit work, and for training purposes.

Model input review shall ensure correct and consistent use of the IRB models using subjective input. Model input review is a cooperation between Group Risk Management and the business areas. The findings are used for training purposes to ensure continuous improvement in the application of the IRB models.

Credit risk reporting

Economic capital is calculated for all credit agreements and forms the basis for evaluating the profitability of the agreements. The calculation is based on the risk parameters in the internal credit models and considers factors like industry concentration, geographic concentration, especially volatile segments and large individual exposures.

Exposure relative to the limits set in the risk appetite framework is reported to group management each month. If limits are exceeded, a report is sent to the Board of Directors, together with orientation on the cause and an action plan. The Groups risk report distributed to the Board of Directors gives an extensive description of the risk appetite status and other developments in the risk situation. Group Risk Management has established an independent second-line function that conducts reporting and analysis of credit risk, including the follow-up of risk appetite. In the internal monitoring of credit risk, all portfolios are measured and reported using internal models, irrespective of whether the internal models have been approved for use in capital adequacy calculations or not.

Credit regulations

If the customer has not proven a satisfactory debt-servicing capacity, credit should not be granted even if the collateral is adequate. The customer's debt-servicing capacity is determined based on future cash flows. The main sources of these cash flows are income from business operations for corporate customers and income for personal customers. In addition, the extent to which realisation of the collateral will cover the bank's exposure in the event of default, and possible reductions in future cash flows, are considered.

Risk classifications are done on all corporate customers on which DNB has credit exposure whenever sizeable credits are considered, and at least once a year. The risk classification should reflect the long-term risk on the customer and the exposure.

Management of the risk classification system is organisationally independent of operational activity and is handled by Group Risk Management. The classification models are designed to cover a portfolio of exposures. If the model assigns a manifestly incorrect risk classification, the model-generated classification can be overridden manually. Any such overrides must be well founded and are only permitted in exceptional cases after a thorough assessment by a unit outside the relevant business unit. Risk classifications of exposure on private individuals are never overridden. For more information, see the description of the classification system in the section on credit models and risk classification.

Collateral and other risk adjustment measures

In addition to assessments of debt-servicing capacity, the Group uses collateral to reduce credit risk. Collateral primarily consists of physical assets such as homes, commercial property or vessels, or in the form of guarantees, cash deposits, netting agreements or credit insurance. As a rule, physical assets must be insured. In addition, the bank uses negative pledge clauses, which prohibit customers from pledging assets to other lenders.

Watchlist

DNB continually updates lists of exposures that need to be monitored particularly carefully. The objective is to identify customers who require close monitoring to:

  • → convince the customer to carry out the necessary improvement measures or phase out the customer relationship while the customer still has financial impetus
  • → take the necessary measures to prevent or reduce losses

If a material breach of financial covenants or a loss event occurs, the exposure will be put on a watchlist for special monitoring. Loss events include for example serious financial problems, the approval of interest-only periods due to the debtor's financial problems or a material breach of contract. In addition, exposures with the following characteristics are considered as candidates for the watchlist:

  • → Customers classified as high risk.
  • → Customers who have received forbearance or other payment facilitation due to liquidity problems.
  • → Customers whose financial situation has deteriorated, for instance due to a major reduction in income, the loss of important business areas, significant changes to operating parameters or the loss of key personnel.

When a customer is placed on a watchlist, a new risk assessment is undertaken, the value of the collateral is reviewed, and an action plan is prepared for the customer relationship. When a loss event occurs, an assessment is undertaken to determine whether this calls for impairment of the exposure. Please see the section on impairment and default earlier in this chapter.

The guarantors are largely private individuals, businesses, the government, municipalities, guarantee institutes and banks. The value of a guarantee depends on the guarantor's debt-servicing capacity and financial wealth and is assessed individually. In cases where the bank is given a guarantee by a company, its value will fluctuate along with the company's financial performance and financial strength. A guarantee provided by a limited company is subject to the restrictions on the pledging of collateral by a limited company stipulated in the Limited Liability Companies Acts.

Stress testing

DNB's credit portfolios are subjected to a variety of stress tests, both at Group level and for specific portfolios. The stress tests are used to gauge vulnerability to losses resulting from both loss of income and customer default in a business area or specific portfolio. Stress tests are also used to identify critical drivers of changes in credit risk and capital adequacy. Overall stress testing of the total credit portfolio is done at least once a year in connection with the Internal Capital Adequacy Assessment Process (ICAAP).

Stress testing is a second-line function and is managed by units that are independent of the business areas. The CRO has the primary responsibility for all stress testing. The central specialist unit for stress testing is responsible for quality control and for approving the assumptions and methodology used for the stress tests performed in the line. The results of stress tests are presented to GACC or ALCO for their opinions, and must be approved by CRO. The CRO is responsible for recommending measures based on the conclusions of the stress tests.

Various methods are used to estimate credit losses in connection with stress testing. If there is a need to show detailed results, for instance in connection with stress testing of specific portfolios the model for calculating expected credit loss (ECL) is used, in accordance with IFRS 9. Using a macroeconomic scenario as the point of departure, for example, as described in the chapter on

capital management and ICAAP, the PD, LGD and EAD for each individual borrower are calculated forward in time using a stressed scenario as input in the models. The new PD, LGD and EAD values are then used to perform new estimates of expected loss.

DNB uses specially developed scenarios for stress testing subsidiaries, business areas and specific portfolios. These may consist of fewer macroeconomic variables and/or involve more direct changes of various risk parameters in the model, depending on the needs of the different subsidiaries, business areas or portfolios.

INVESTMENT IN SECURITISATION

The international bond portfolio is a part of DNB's liquidity portfolio and is discussed in the chapter on liquidity risk and asset and liability management.

"Stress testing is a second-line function and is managed by units that are independent of the business areas."

6 Counterparty credit risk

Counterparty credit risk is sensitive to market risk factors such as interest rates and exchange rates. DNB has several measures to limit counterparty credit risk. Counterparty credit risk in the DNB Bank Group, measured in EAD, increased slightly in 2019 and was about 9 per cent higher at year-end than one year ago. Credit derivatives were not purchased or sold in 2019, and DNB had no outstanding credit derivatives at year-end.

  • 52 Developments in counterparty credit risk in 2019
  • 52 Capital requirements for counterparty credit risk
  • 52 Risk-mitigating measures
  • 53 Settlement risk
  • 53 Management and control of counterparty credit risk
  • 53 Stress testing

DEFINITION

Counterparty credit risk is a form of credit risk that arises in connection with trades in financial instruments, such as derivatives. Derivatives are most often traded Over the Counter (OTC), i.e. by individual contracts between two counterparties. Counterparty credit risk is the risk that the counterparty will fail to perform its contractual obligations in a transaction. It differs from other credit risks in that the exposure usually depends on market risk factors, such as interest rates, exchange rates, commodity prices or share prices.

DEVELOPMENTS IN COUNTERPARTY CREDIT RISK IN 2019

DNB enters into derivative contracts on the basis of customer demand for hedging derivative instruments and in order to hedge DNB's positions resulting from such activity. In addition, derivatives are used to hedge positions in the trading portfolio, take positions in the interest rate, currency, commodities and equity markets, and to hedge foreign exchange and interest rate risks that arise in connection with funding and lending.

The DNB Bank Group's counterparty credit risk increased by 9 per cent in 2019, and amounted to NOK 53.6 billion, measured in Exposure at Default (EAD), at year-end. The increase is mainly due to changes in customers' derivative contracts with DNB.

The bottom figure shows how DNB has reduced the risk in derivative trading by using netting agreements and collateral. As a result of netting agreements and collateral arrangements with major counterparties, counterparty credit risk represents a moderate risk in DNB. Counterparty credit risk arising in subsidiaries and affiliates is not included in the figures. Such exposure is limited and mainly related to Eksportfinans.

CAPITAL REQUIREMENTS FOR COUNTERPARTY CREDIT RISK

When the capital requirements for counterparty credit risk are calculated, EAD is determined using the Current Exposure Method (CEM). EAD is calculated as the sum of marked-tomarket contracts plus an add-on that reflects the potential future exposure. Both the IRB and standardised approach are used to establish risk weights for counterparty credit risk depending on the method approved for the counterparty. For more information about capital calculatons, see the chapter on credit risk. Capital requirements for Credit Value Adjustment (CVA) are discussed in the chapter on market risk.

Risk-weighted assets for counterparty credit risk in DNB Bank Group amounted to NOK 25.6 billion at the end of the year, around NOK 4 billion less than at year-end 2018.

In December 2017, DNB applied to Finanstilsynet (the Financial Supervisory Authority of Norway) for permission to use the Internal Model Method (IMM) to calculate EAD and maturity in determining capital requirements for counterparty credit risk for interest rate and currency derivatives. Permission was granted in December 2019 on conditional terms set by Finanstilsynet. The terms are under consideration. IMM is the method for calculating capital requirements that best reflects risk sensitivity and provides the full effect of all risk-mitigating agreements. IMM is used to monitor and report the level of counterparty credit risk internally. The basis for calculating counterparty credit risk comprises approximately 3 per cent of DNB's total calculation base, and a transition to IMM will not change the total calculation base significantly.

RISK-MITIGATING MEASURES

In order to minimise counterparty credit risk against individual counterparties, netting agreements may be entered into. These agreements make it possible to net the positive and negative market values linked to contracts with the same counterparty.

Bilateral security agreements have been established with the largest financial counterparties, in addition to an increasing number of non-financial counterparties. These agreements are called Credit Support Annex (CSA) agreements. Under these agreements, the market value of all derivative contracts between DNB and the counterparty is settled either daily or occasionally weekly, which largely eliminates counterparty credit risk. These transactions are mostly settled in cash, though government bonds and covered bonds are used as well. The agreements are not normally dependent on the credit quality of the counterparty. Some of the agreements change if one or both counterparties get their credit rating downgraded. The

Counterparty credit risk spilt by sector, EAD, DNB Bank Group, 31 December 2019 Per cent

Risk mitigation of derivatives, 31 December 2019, DNB Bank Group NOK billion

threshold for collecting collateral is then lowered to further reduce the credit risk for the other counterparty.

In line with market practices and regulations following the financial crisis, an increasing proportion of derivative contracts are being offset via central counterparties clearing houses. In the EU and Norway, the European Market Infrastructure Regulation (EMIR) requires that a number of standard derivative agreements between financial counterparties be cleared. By clearing derivatives, counterparty credit risk is moved from several individual counterparties to one central counterpart with full offsetting of all agreements. Central counterparties are regulated and have procedures for reducing risk. Among other things, the financial requirements for the members require initial and ongoing collateral, as well as contributions to the default fund, and they have thorough procedures for dealing with any default. The central counterparties hold several layers of capital to absorb any losses resulting from defaults among the members. The principle shall be that the defaulting member shall cover losses in the first instance via deposited funds, and thereafter part of the capital of the central counterparty shall be used before drawing from the other members' default funds.

DNB is a member of several central counterparties and clears interest rate, equity and commodity derivatives, and repurchase agreements. The largest exposure is against the central counterparty LCH and stems from interest rate derivatives. At year-end 2019, approximately 85 per cent of DNB Bank ASA's outstanding volume of the standard interest derivatives was cleared at LCH. Capital requirements are calculated for exposure to central counterparties in accordance with CRR/CRD IV. At year-end 2019 the risk-weighted assets related to exposures towards central counterparties were NOK 18 billon.

Counterparty credit risk in equity derivatives, securities financing and currency trading for private customers is reduced by daily settlement.

SETTLEMENT RISK

Settlement risk is linked to the settlement of transactions where the bank has met its obligation to deliver the agreed security or sum without knowing whether the counterparty has met its obligation to deliver the agreed security or sum to the bank. One example is a currency exchange where the bank sends the agreed amount in one currency before receiving the agreed amount in the other currency. DNB has established various measures for reducing and controlling settlement risk. One important measure is the balance check on the account. This means that the bank does not make a payment to the counterparty until coverage is established for the obligation on the counterparty's account. Moreover, in connection with settlements of securities transactions, one of the conditions attached to the securities account is that securities cannot be delivered before the bank has received payment. The normal procedure in the banking market is that the main currencies are settled through Continuous Linked Settlement (CLS). CLS ensures payment versus payment, which means that the final transfer of the bank's payment is not executed before the counterparty's payment takes place. In addition, settlement risk limits have been established, which entail a ceiling on the total settlement amounts for a single counterparty that fall due on the same day.

MANAGEMENT AND CONTROL OF COUNTERPARTY CREDIT RISK

Counterparty credit risk is defined as a sub-category of credit risk, but as counterparty credit risk exposure is significantly dependent on market risk factors, it is also treated in the context of market risk. Management of counterparty credit risk in DNB is elaborated on and concretised in both the Group Standard for Market Risk and the Group Standard for Credit Risk. The standard for market risk has underlying instructions that determine definitions, calculation methods, and the reporting of counterparty credit risk. The standard for counterparty credit risk is elaborated in e.g. the credit regulations, which describe the credit process, frameworks and credit management

for counterparty credit risk. Counterparty credit risk is included in the risk appetite for credit risk and limits are delegated on the different authorisation levels specified in the credit guidelines, which are described in more detail in the section on credit risk.

The Financial Markets Risk Committee (FMRC) is headed by the Chief Market Risk Officer (CMRO) and is responsible for approving and following up principles and procedures for market and counterparty credit risk. In connection with the application to use IMM for capital requirement calculations, FMRC has received a special responsibility for assessing and approving models and measurement methods in the IMM system. The decision-maker for changes to the IMM models is the chief risk officer.

DNB uses the internal simulation models to calculate risk exposure in connection with the monitoring and measurement of counterparty credit risk. A combination of historic time series and the market's expectations with respect to future trends for various risk factors, are used to calibrate the simulation models. The simulation models are continuously monitored and upgraded so DNB can ensure that they are always suitable for the area of application. Among other things, weekly automated backtests are performed to test the models' predictive ability.

The internal models that are used to calculate counterparty credit risk exposures are validated annually by the validation unit in Group Risk Management. The validation unit is organisationally independent from the units where the models are developed. The models and their use are also reviewed annually by internal auditors. Both validation and audit reports are considered by FMRC and group management, and provided as information to the Board of Directors.

STRESS TESTING

A special programme for stress testing counterparty credit risk has been established. The stress testing programme is designed to identify undesired future outcomes of the total

counterparty credit risk exposure both in isolation and together with the bank's total credit risk exposure. Central to the stress tests is the design of various scenarios. In addition to uncovering potential losses in the counterparty credit risk exposure, stress tests shall also identify specific and general correlation risk between credit risk and market risk factors, so-called wrong-way risk. Wrong-way risk is the additional risk that arises through an adverse correlation between a counterparty's exposures and the credit quality of the counterparty.

"DNB uses the internal simulation models to measure and monitor counterparty credit risk."

7 Market risk

DNB's market risk, measured as economic capital, was reduced in 2019, even though the financial markets have been characterised by high uncertainty. DNB's market risk is generally low. Norwegian interest rates are the most important underlying driver of market risk in the DNB Group, especially through the liabilities in the life insurance operations. Other significant drivers of market risk are foreign interest rates, currency and equity investments.

Developments in market risk in 2019 Capital requirements for market risk Market risk exposures Management and control of market risk

DEFINITION

Market risk is the risk of losses due to unhedged positions in the foreign currency, interest rate, commodity and equity markets. The risk reflects potential fluctuations in profits due to volatility in market prices or exchange rates. Market risk occurs in several segments of the DNB Group and includes both risk that arises through ordinary trading activities, and risks that arise as parts of banking activities and other business operations.

Capital requirements for market risk, DNB Bank Group NOK billion

Market value of equity and real estate investments in the banking portfolio, DNB Group NOK billion

DEVELOPMENTS IN MARKET RISK IN 2019

Uncertainty in the financial markets characterised 2019, with trade wars, geopolitical turmoil and uncertainty surrounding global economic growth as driving factors. Nevertheless, 2019 ended as one of the best years after the financial crisis for the value development in the financial markets. This was partly the result of more expansionary monetary policies in the euro area and the US.

The Norwegian economy experienced good growth. Norges Bank (the Central Bank of Norway) raised its key policy rate by 25 basis points three times during 2019, ending the year at 1.50 per cent. At the recent rate increase, Norges Bank signalled that the key policy rate would most likely remain at this level for the near future. The three-month money market rate (Norwegian Interbank Offered Rate, NIBOR) rose by 60 basis points during 2019, ending at 1.84 per cent at year-end. The Oil price (Brent spot) rose from USD 55 per barrel in early January to nearly USD 75 in April, coming in at USD 66 at year-end. Oslo Børs' (the Oslo Stock Exchange) main index rose by 16.5 per cent from January to December.

The figure on the previous page shows the development in economic capital for the DNB Group's market risk. At the end of 2019, financial capital was NOK 11.2 billion, compared with NOK 13.9 billion in 2018. About 40 per cent of the market risk is related to the life insurance business, and the reduction was primarily due to reduced market risk in DNB Livsforsikring AS. As a result of a good return on investments, DNB Livsforsikring AS built up risk buffers through 2019. The shareholding was also reduced towards the end of the year. Information on risk level and risk management in DNB Livsforsikring AS can be found in the company's own Pillar 3 report, which is published on dnb.no on April 4.

The Market risk in DNB Bank was relatively stable in 2019, and remained well within the risk appetite limits and other limits for market risk. Economic capital for the banking

portfolio increased as a result of the investment in Fremtind AS. The utilisation of market risk limits was moderate. Only small adjustments were made to the risk limits set by the Board of Directors in 2019. The market risk limits are discussed later in this chapter.

Important events in 2019:

  • → The insurance companies of DNB and SpareBank 1 have been merged, effective from 1 January 2019. DNB's non-life and personal insurance operations were transferred to an associated company, Fremtind Forsikring AS, where DNB ASA holds a 35 per cent ownership interest. At the same time, the risk reclassified as market risk because ownership of the associated company is treated as a financial investment.
  • → In June 2019, DNB accepted the offer from Euronext to acquire all of DNB's 19.82 per cent ownership interest in Oslo Børs VPS Holding ASA.
  • → In the first quarter, DNB Markets decided to centralise currency operations, and all follow-up of currency risk has now been centralised in Norway. This was implemented in June 2019. At the same time, a decision was made to discontinue DNB's strategic positioning, thus reducing the Group's currency risk. There are still currency risk limits in connection with customer transactions and liquidity management.
  • → In September 2018, Nordea and DNB signed an agreement to sell part of their shareholdings in Luminor Group AB to a consortium led by Blackstone. Following this transaction, the DNB Group and Nordea will own approximately 20 per cent each, while the consortium will own approximately 60 per cent. The sale was completed in September 2019.

The trading portfolio

The definition of the trading portfolio is given in the CRR/CRD IV regulations and DNB has implemented an internal guideline that describes how to define the trading portfolio. The trading portfolio consists of positions in financial instruments, commodities and credit derivatives held for the purpose of resale or to take advantage of price or interest rate fluctuations in the short term, as well as hedging such positions. For example, the instruments in the trading portfolio are related to customer transactions through DNB Markets and include "market making" and facilitating company financing.

The banking portfolio

DNB refers to the market risk related to positions and activities that are not included in the trading portfolio as the banking portfolio. The banking portfolio is comprised of financial instruments that, among other things, derive from the Group's financing activities and equity investments. Market risk also arises in the banking portfolio as a result of different fixed-interest periods for liabilities and assets.

"The Market risk in DNB Bank was relatively stable in 2019, and remained well within the risk appetite limits."

CAPITAL REQUIREMENTS FOR MARKET RISK

Capital requirements are calculated according to the CRR/CRD IV regulations. The Group's insurance operations are excluded from the calculation of capital requirements for market risk. Information on risk levels and capital requirements for DNB Livsforsikring AS and Fremtind Forsikring AS is available in the companies' own Pillar 3 reports "Solvency and Financial Condition Report".

DNB reports market risk according to the standardised approach. According to CRR/CRD IV, capital requirements should be calculated for interest and share price risks associated with the trading portfolio. In addition, capital requirements are calculated for currency and commodity risk for the overall operations. The market value principle is used as the accounting principle for the trading portfolio, and the portfolios are valued daily.

The capital requirement for market risk was reduced by NOK 27 million during the year. Position risk for debt instruments was reduced by NOK 85 million. The reason for the reduction is that the average risk weight for the debt instruments was reduced throughout the year.

The market value of derivative contracts depends on the counterparty's creditworthiness and other market risk factors. Credit Value Adjustment (CVA) is an adjustment of the market value of Over the Counter (OTC) derivatives to account for the impaired creditworthiness of the counterparty. Provisions are calculated for CVA, which is recorded in the income statement. The capital requirement for CVA shall cover risk associated with the calculation of the CVA provisions. DNB calculates capital requirements for CVA risk according to the standard CRR/CRD IV method. The capital requirement for CVA risk is about 14 percent higher than at the end of 2018. Developments in the riskweighted calculation basis (RWA) for CVA risk in the DNB group are shown in the figure at the top right.

MARKET RISK EXPOSURES Market risk limits

The risk appetite framework sets the overall framework for market risk in the DNB Group, expressed as the maximum share of economic capital. In addition, there are separate risk appetite limits for market risk in the banking group and in DNB Livsforsikring AS.

The risk appetite framework for market risk is operationalised in the form of limits for each type of risk. The limits for significant market risk exposures are determined by the Board of Directors of DNB ASA. Limits are set annually, and will automatically expire if they are not renewed. The limits are delegated by the Board of Directors to the Chief Executive Officer (CEO), who delegates them further to the risk takers in the first line of defence that make investment or trading decisions. If limits are exceeded, it must be reported immediately both to whoever delegated the limits and to Group Risk Management.

Administrative limits and escalation levels are set for exposures that are defined as less significant. Such limits are used when there is a need for operational scope of action. Administrative limits are determined by the executive vice presidents. The Chief Risk Officer (CRO) must be informed of any changes to the limits.

The table gives an overview of the most significant market risk limits set by the Board of Directors and administrative limits that applied at the end of 2019. For a full picture of the market risk in DNB, the market risk limits for DNB Fremtind AS and DNB Livsforsikring AS are included in the table. In addition to these, smaller limits are set for options.

Capital requirements for market risk, DNB Bank Group

NOK million 31 Dec.
2019		 31 Dec.
2018
Position risk, debt instruments 842 927
Position risk, equity instruments 30 16
Currency risk 1 0
Commodity risk 0 1
Credit value adjustment risk (CVA) 1) 354 311
Total market risk 1 227 1 254

1) In the in CRD IV reporting (Corep) the CVA risk is not included

Development in RWA for CVA risk, DNB Bank Group NOK billion

Market risk limits, 31 December 2019, DNB Group

in market risk

NOK million Limit, trading
portfolio		 Limit, banking
portfolio		 Total Description
Interest rate risk1) 4 10 14 Sensitivity limit
Limits set by
the Board of
Directors		 Currency risk 2 500 2 500 Market value limit
Equity risk 2 300 3 100 5 400 Market value limit
Commodities risk 300 300 Market value limit
Basis swap risk1) 15/(-30) 15/(-30) Sensitivity limit
NOK million Limit, trading
activities		 Limit, non
trading activities		 Total Description
Administrative
limits		 Commercial real estate risk 3 350 3 350 Market value limit
Physical asset risk2) 5 750 5 750 Market value limit
Strategic investments3) 18 300 18 300 Market value limit
Basiscurve risk1) 52 52 Sensitivity limit
Credit spread risk1) 414) 25 66 Sensitivity limit

1) Per basis point value 2) Includes residual value of vehicles associated with leasing operations

3) Includes investments in Luminor Group AB and Vipps 4) 35 of these are shared between the trading portfolio and banking portfolio

Interest rate risk

Interest rate risk occurs when financial instruments change value as a result of interest rate fluctuations and occur in both the banking and the trading portfolio. Interest rate risk is expressed at the basis point value (BPV), which represents how much the present value of the positions will change if the underlying interest rate changes by one basis point. BPV is thus a measure of the sensitivity of the portfolios with regard to changes in interest rate levels. The figures show the interest rate risk in the trading and banking portfolios, respectively. Interest rate exposure in the trading portfolio was reduced in 2019, while interest rate exposure in the banking portfolio increased.

DNB's total interest rate risk limit at the end of 2019 amounted to NOK 14.2 billion per basis point change, distributed between NOK 4.0 million in the trading portfolio and NOK 10.2 million in the banking portfolio. Separate limits are set for each currency and the different intervals on the yield curve. Interest rate risk in the banking portfolio is measured and reported daily by DNB Markets and Group Treasury. The limits were not exceeded in 2019.

To obtain a broader picture of interest rate risk, changes in net interest income (delta net interest income, delta NII) are calculated and the change in the value of interestsensitive assets and liabilities as a result of an interest rate shock (delta economic value, delta EV). According to the Basel Committee's standard "Interest rate risk in the banking book", changes in net interest rates for interestsensitive products in Norwegian kroner in the banking portfolio are calculated as a result of an instantaneous parallel shift in the yield curve of 200 basis points, with a time horizon of 12 months. The effect on the present value of the exposure in Norwegian kroner is calculated in six scenarios for the yield curve, and scenario that yields the greatest impairment defines delta EV. Delta NII and delta EV are reported regularly to the management of Group Treasury, the Asset Liability Committee (ALCO), group management and the Board of Directors of DNB ASA.

Interest rate exposure in the banking portfolio, BPV, 2019 NOK million

"There were no breaches of market risk limits in 2019."

The figure to the right shows interest rate sensitivity distributed among maturity bands for the banking portfolio, measured by basis point value. The following instruments are included: forward contracts, bonds and commercial papers, deposits, interest rate swaps and basis swaps. The exposure is considered to be positive if the bank would profit in the event of an increase in interest rates. DNB's net interest rate exposure at the end of 2019 was positioned for falling interest rates as shown in the figure. Summarised over all maturities, net interest rate sensitivity is negative. This means that DNB would experience a positive effect on earnings if interest rates fell for all maturities at the end of 2019.

The table in the middle shows the impact on the banking portfolio activities of different interest rate changes. An interest rate increase of 100 basis points would result in a loss of about NOK 235 million for exposures in Norwegian kroner, and a similar interest rate decrease will result in a profit of about NOK 235 million. Interest rate risk connected to the banking portfolio is almost linear, so that change in the interest rate multiplied by the interest rate sensitivity provides a comprehensive picture of the interest rate risk.

Equity investments

Equity investments in the banking portfolio are grouped into direct investments, venture investments, credit portfolio, strategic financial investments, real estate investments and investments in private equity (PE) funds. As a shareholder, DNB actively exercises ownership through the Boards of Directors of selected companies. Exposure relative to market risk limits is measured on the basis of the investments' market value, including any future commitments in PE funds.

The way in which DNB recognises equity investments depends on both the degree of control and the ownership interest. When DNB's ownership interest is less than 20 per cent and DNB does not have significant influence in the company, the investment is measured at fair value. If

the ownership interest is between 20 and 50 per cent, it is normally recognised as an associated company and is accounted for using the equity method. If DNB has control, typically with an ownership interest of more than 50 per cent, the investment is considered a subsidiary and is fully consolidated in the accounts.

  • → Direct investments consist of an investment portfolio containing unlisted companies rooted in the customer environment.
  • → Through DNB Ventures AS, DNB invests in Nordic startups with considerable capacity for innovation and value development potential.
  • → The purpose of the credit portfolio is to secure or recover the value of credit exposures through ownership and subsequent realisation. Based on business-related and long-term assessments, the bank may decide to sell equities pledged as collateral or convert defaulted debt into equity and ownership.
  • → Strategic financial investments are investments in the financial sector with strategic anchoring. The ownership of Luminor Group AB and Vipps are among the largest investments, in addition to Fremtind Forsikring AS, that was incorporated as an associated company as of 1 January 2019.
  • → Real estate exposures are either strategic real estate investments or properties repossessed as a result of customer default. The real estate exposure is measured as the market value of the underlying properties, regardless of the financing structure.
  • → The PE portfolio consists of shares in unlisted PE funds. The portfolio consists mainly of acquisition funds that invest in mature enterprises and a smaller proportion in venture funds investing in companies in the start-up phase.

For ordinary shareholdings, the difference between book value and fair value constitutes changes in the value of the shareholding. For subsidiaries and affiliated companies, the book value is equal to market value. For property, the

Effects on results from interest rate shocks on the rate sensitive instruments in the banking portfolio, 31 December 2019

NOK million + 200 bp +150 bp + 100 bp +50 bp - 50 bp -100 bp -150 bp -200 bp
Exposure in NOK (557) (418) (278) (139) 139 278 418 557
Exposure in EUR 57 43 28 14 (14) (28) (43) (57)
Exposure in USD 29 22 15 7 (7) (15) (22) (29)
Total (471) (353) (235) (118) 118 235 353 471

Equity and real estate investments in the banking portfolio, 31 December 2019

NOK million Book value Fair value
Direct investments 125 173
Venture investments 70 71
Credit portfolio 558 391
Strategic financial investments1) 15 081 15 167
PE funds including loan portfolio 222 253
Total equity investments 16 056 16 055
Real estate portfolio investments, M&A 350 485
Real estate portfolio Poland 74 74
Total real estate investments 424 559
Total equity and real estate investments 16 480 16 614
1) Includes the investment in Fremtind AS

58

book value is the value to which the properties are booked in the company accounts, while market value is the last valuation of the property.

Other exposures

Basis swap spread risk arises because a substantial portion of DNB's assets in Norwegian kroner is funded with foreign currency through covered bonds issued by DNB Boligkreditt AS. The currency is switched to Norwegian kroner through a basis swap with the same or shorter term. A basis swap is a combined interest rate and currency swap deal where the parties exchange future cash flows and also agree to pay and receive interest. Basis swaps are normally kept to maturity and valued daily. This entails that the recorded value of a swap fluctuates during the term of the swap. There are no limits on basis swaps that are used as hedging instruments.

Currency risk in the Group is hedged against DNB Markets, which is the only unit that is directly exposed to currency risk. The exposure is small and is predominantly linked to business operations and, to some extent, to supporting customer trades.

Asset risk (other physical assets) is exposure to direct ownership of physical assets that are not standardised. Examples of such assets include industrial equipment and construction equipment. The limit for this risk also covers exposure to the residual value of vehicles associated with leasing operations.

Credit spread risk mostly arises as a result of the bank's liquidity risk management through the management of bonds in the liquidity portfolio. The credit spread is the add-on to the reference interest rate in a bond coupon. Credit spread risk is the risk of changes in market assessments of the credit spread.

In addition, there are limits for commodity risk and basis curve risk. Commodity exposure is small, and the risk associated with the exposure is marginal. Basis curve risk occurs when interest rate instruments denominated in the same currency are not valued with the same yield curve.

MANAGEMENT AND CONTROL OF MARKET RISK

The group policy for risk management covers all types of risk in the DNB Group. For market and counterparty credit risks, the group policy is elaborated and concretised in the Group standard for market risk that establishes definitions, principles for delegation of frameworks and requirements for the management of market and counterparty credit risks. The Group standard for market risk is reviewed annually and substantial changes are approved by the Board of Directors of DNB ASA. Comprehensive group instructions for market risk as well as local instructions for business areas with significant market risk exposure have also been implemented. The local instructions operationalise the Group standard in the individual business area.

DNB uses various risk measures in the management and control of market risk:

  • → Economic capital is used to measure the overall market risk, and in the internal risk and capitalisation assessments.
  • → Value at Risk (VaR) is used to compare risk across asset classes and to monitor the level of risk for each risk type. VaR is calculated for interest rate, equity and currency risk attached to both banking and trading activities. Limits are not set for VaR.
  • → Sensitivity measures are used to report and follow up exposures against specific limits, e.g. yield curve intervals. Sensitivity measures in the market risk measurement reflect how much the bank risks losing at a given change in the underlying risk type. The sensitivity measures are important for the qualitative risk assessment and are also used as a basis for quantitative risk modelling.

In addition to the risk measures that are included in the follow-up of market risk, stress testing is used to identify exposures and losses that could arise under extreme but, at the same time, credible market conditions.

DNB observes the principle of three lines of defence in the monitoring of market risk. First line responsibility is performed where the risk is taken. Local control units track and control the activity. Barriers are established between units that take risks and the control units. The CRO and Group Risk Management establish the principles for management of market risk and constitute as the second line of defence. The second line of defence supports, monitors, and challenges the first line of defence for risk management. The third line of defence is Group Audit, which reports to the Board of Directors of DNB ASA.

The Financial Markets Risk Committee (FMRC) is headed by the chief market risk officer (CMRO). The committee follows up and approves the framework for managing market risk related to the bank's activity in financial markets, including methodology and control procedures. FMRC has members from Group Risk Management, DNB Markets and Group Treasury.

The Market risk exposure, risk appetite and framework utilisation are reported monthly to group management and the Asset and Liability Committee (ALCO), as well as quarterly to the Boards of Directors of DNB ASA and DNB Bank ASA.

"DNB uses various risk measures in the management and control of market risk."

8 Operational risk

There were no significant operational events in 2019 and losses were small. Information security and IT operations are considered to be the most significant operational risk areas. The development and implementation of risk-mitigation measures in these areas has therefore had particularly high priority.

  • 61 Developments in operational risk in 2019 61 Capital requirements for operational risk
  • 61 Management and control of operational risk

DEFINITION

Operational risk is the risk of losses due to deficiencies or errors in internal processes or systems, human errors or external events. This definition includes legal risk, but not strategic risk or reputation risk.

Internal fraud External fraud Employment practices and workplace safety Products and business practices Damage to physical assets Business disruption and system failures Process and routine errors

Capital requirements, DNB Bank Group NOK million

Operational events, DNB Bank Group Number

3 976 (2 964)

DEVELOPMENTS IN OPERATIONAL RISK IN 2019

There were 3 976 operational events recorded in 2019, most of which were related to process and routine errors, as well as product and business practice. Process and routine errors represent the greatest losses, together with external fraud. The number of recorded events has increased over the past two years due to the removal of the minimum limit for what is to be recorded. The operational event registration tool is being improved on a continuous basis, which also contributes to the increase in the number of recorded events. At the same time, there has been a great deal of attention regarding operational events and employee training. Despite the increase in the number of events in 2019 there was an overall reduction in operational losses as there were no single events with large actual losses.

DNB is continuing to develop the functionality of the risk management tool, which facilitates comprehensive measurement and control of risk and compliance. In 2019, system support was developed for risk assessments, compliance reporting and risk models.

DNB has assessed IT operations and information security, including cyber security, as particularly significant areas of risk in 2019. Several technical and organisational measures have been implemented to strengthen information security. The security organisation has been enhanced and expanded through the establishment of a central function with dedicated security resources for all the Group's business and support areas. The objective is to follow up and ensure that necessary security measures are implemented across the organisation in accordance with the Group's security requirements. A new and updated computer platform is being introduced, with stronger security solutions, especially related to securing information and clients. New automated security tools have been put in place to strengthen defence against cyber-attacks, and training activities have been conducted to raise awareness of security threats.

In terms of IT operations, the Group has introduced a new

operating model, which focuses to a greater extent on building up and strengthening internal technical expertise on critical infrastructure and services. Comprehensive improvement programmes have been implemented to modernise and strengthen central IT services and critical infrastructure, both in the payment area and linked to the bank's IT platform for electronic transaction monitoring. IT risk management has been improved in terms of process, capacity and system support. New group instructions for IT risk management, which came into force in May 2019, set requirements for this work.

CAPITAL REQUIREMENTS FOR OPERATIONAL RISK

DNB uses the standardised approach for calculating capital requirements for operational risk. Capital requirements for operational risk increased by NOK 208 million in 2019, as a result of increased income.

MANAGEMENT AND CONTROL OF OPERATIONAL RISK

Management of operational risk shall contribute to efficient and successful operations. DNB has a goal of low operational risk and low annual losses. The Board of Directors has the main responsibility for operational risk management in DNB, which is handled by the Risk Management Committee. This entails establishing a sound risk culture and clearly delegating responsibility for ongoing monitoring and control of operational risk. All managers in DNB are required to be aware of and manage operational risk in their own processes, systems, products and services.

The responsibility for operational risk lies in the business and support areas. The largest areas have their own departments working on this. The Group Operational Risk Division in Group Risk Management is DNB's central specialist unit for operational risk management, and constitutes the Group's second-line defence for operational risk. Group Operational Risk is an independent control function with responsibility for the framework for operational risk management, group reporting and risk reduction through insurance. Group Operational Risk is

Capital requirements for operational risk, DNB Bank Group

NOK million Factors 31 Dec. 2019 31 Dec. 2018
Corporate finance 18 % 262 239
Trading and sales 18 % 462 584
Retail brokerage 12 % 20 21
Commercial banking 15 % 4 163 4 123
Retail banking 12 % 1 808 1 661
Payment and settelments 18 % 340 208
Agency services 15 % 37 45
Asset management 12 % 31 34
Total capital requirements1) 7 122 6 914

1) Capital requirements for operational risk correspond to 8 per cent of the risk-weighted assets.

Operational risk management in DNB

also responsible for the maintenance and development of the Group's risk management tools, which facilitate comprehensive management and measurement of risk and compliance. Dedicated operational risk officers have been established affiliated with Group Operational Risk to monitor operational risk in all business and support areas.

The figure at the previous page shows the most important elements of DNB's operational risk management. The Group should be characterised by a sound risk culture which involves identifying and assessing risk, establishing, implementing and evaluating measures as well as ensuring pertinent reporting to relevant stakeholders. All identified losses and events must be recorded in a loss and event database, along with any relevant measures.

The Group's governing documents, together with laws and regulations, set the premises for managing operational risk in DNB. The Group's risk management policy contains general principles, which are elaborated in a more detailed standard for operational risk. The standard is also based on Finanstilsynet's (Financial Supervisory Authority of Norway) Module for Operational Risk and the Basel Committee's document, "Principles for the Sound Management of Operational Risk". The standard focuses on responsibility for operational risk management and helps to ensure that DNB's operational risk management is developed based on recognised principles.

The Group's risk appetite sets the limits for how much operational risk DNB is willing to accept. Risk identification and assessment, together with registration and follow-up of operational events, shall provide an overall picture of the operational risk and contribute to reliable measurement of risk.

The business and support areas report their greatest risks and associated measures to Group Risk Management quarterly. Developments in risks that are considered significant to the Group, such as cyber risk, are reported to

the Board of Directors quarterly. Risk appetite is reported monthly to group management, and quarterly to the Board of Directors as part of the Group's risk reporting.

A scenario analysis programme for the Group's most significant risks has been established over the past two years and will be further developed. Comprehensive contingency and business continuity plans have been drawn up in order to limit the consequences of serious events like operational disruptions. The plans are constantly updated, and regular exercises are carried out.

The Group's insurance programme is intended to help limit the financial consequences of undesirable events which occur despite established security procedures and other risk-mitigating measures. The insurance policies cover fire and other disasters, criminal activities, embezzlement, cyber-attacks, professional liability, and directors' and officers' liability in the Group's operations worldwide. Losses incurred in connection with lending and market operations are not normally covered, unless they are attributable to operational errors or omissions. Cyber risk is considered to be one of the greatest risks, both internally and for the industry as a whole, and in light of this, the Group's cyber risk insurance has been significantly expanded in 2019.

Approval of products and services, called Shelf Control, is an important part of the Group's framework for operational risk. For all products and services there must be a definition describing what they are and what they mean to the customer, who the target group is and who in DNB is responsible for the product. The Shelf Control describes the assessments required in connection with approval and follow-up. It covers the establishment of new products and services, changes to existing products and services, as well as monitoring or retirement of existing products and services.

An important element of the Group's risk management is

internal control, which is carried out in all business ares. A self-assessment of internal control is conducted annually, and in 2019, all areas of the Group provided an attestation where managers confirmed that:

  • → they have identified their main processes
  • → they have identified their main risks
  • → risk-mitigating measures and controls are established for each risk
  • → the controls are tested
  • → they know the strengths and weaknesses of the controls
  • → action is taken to close any gaps

The self-assessment was reported to Group management and the Board of Directors.

Effective management of non-financial risks requires collaboration and coordination across the organisation. In order to encourage this cooperation, the Non-Financial Risk Committee (NFRC), chaired by the chief risk officer, was established in 2019. The NFRC is an advisory body for the group executive vice presidents of the business and support areas. The committee's scope covers first-line responsibility for managing non-financial risk, including operational risk, compliance risk and security risk. To read more about the NRFC, please see the chapter on risk management and control in DNB.

Management and control of reputation risk

The risk appetite framework states that DNB should not be associated with activities that could damage the company's reputation. Reputation risk is followed up through monitoring and analysis of media coverage and customer satisfaction. A lower limit has been set for what is the acceptable level in the reputation survey, and forward-looking assessments are being made of the relevant issues that may damage DNB's reputation. Reputation risk is positively affected through an active relationship with corporate social responsibility and through the ethical regulations for employees. Reputation risk is managed through group policies and business activities, including compliance.

"The Group's cyber risk insurance was significantly expanded in 2019."

9 Work with climate risk

Climate risk get increased attention from investors, stakeholders and clients. DNB regards climate risk as a strategically important topic for the bank's long-term value creation, and for DNBs role as a resilient and responsible bank. The Paris-agreement from 2015 sets clear aspirations to limit global warming to 1.5 or 2 degrees Celsius. The goal is to mitigate long term physical risks and impacts of climate change, although transition risk may increase on a short and medium term. DNB works continuously to develop and improve our identification, management and control of climate risk.

  • 64 Developments of climate risk in 2019
  • 64 Corporate governance of climate risk in DNB
  • 64 Climate risk is increasingly integrated in DNB's risk management

DEFINITION

  • Climate risk refers to how climate change itself, and society's response to it, presents risks to financial stability. Climate risk is generally divided in two:
  • → Physical risks are linked to potential adverse impacts from climate change such as extreme weather, floods or droughts, and the rise of sea level.
  • → Transition risks arise from the tightening of climate policies and regulations to shift the economy away from emission-intensive industries and activities.

DEVELOPMENTS OF CLIMATE RISK IN 2019

DNB works continuously to develop and improve our identification, management and control of climate risk. The most important actions to address and reduce climate risk in 2019 were:

  • → DNB committed in 2019 to a second phase of UNEP FI's TCFD (Task Force on Climate-related Financial Disclosures) banking pilot which will run to mid-2020. The purpose is to model and quantify climate risk through scenario and sensitivity analysis of our credit portfolio.
  • → DNB decided in 2019 to include a set of concrete climate risk assessments into DNB's overall credit risk process. This is in addition to the already existing Environmental, Social and Governance (ESG) risk assessment.
  • → DNB expanded in 2019 the climate risk analysis to more industry sectors in our credit portfolio. The assessment of oil and gas began in 2018, and was extended to renewable energy and shipping in 2019. This work will continue in 2020.

CORPORATE GOVERNANCE OF CLIMATE RISK IN DNB

Both physical and transition risks can result in real financial impacts to companies and assets. In DNB, transition risk is regarded as more material than physical risk. This is based on analysis of ESG risks to DNB's credit sector portfolios conducted in 2019.

DNB has established governing principles for corporate responsibility, that form the basis of our obligations, processes and measurements of corporate responsibility, including climate-related efforts. The work of following up metrics and targets for the integration of corporate responsibility is regularly endorsed by the Board of Directors. In 2019, climate risks and opportunities were specifically addressed by both DNB's Board of Directors and group management, and the direction for the work in 2020 was set.

Direct emissions

To manage direct emissions and impact from own operations, DNB works on several levels:

  • → DNB has been certified according to ISO 14001 on environmental management since 2014. This entails an annual internal and external audit (by DNV GL), measuring continuous improvement of emissions and energy usage.
  • → DNB has reported and published a Climate Accounting Report since 2011.
  • → DNB has had concrete reduction targets on Greenhouse Gas (GHG) emissions since 2009.
  • → DNB has conducted a substantial climate risk disclosure effort in our CDP1) reporting, for which DNB in 2019 achieved the top rating A for the third consecutive year. CDP covers both direct and indirect emission reduction measures.

Our reporting experience of direct emissions, as well as concrete reduction targets, has been useful for work to integrate climate risk in credit lending and asset management.

Indirect emissions

To manage indirect emissions and impact from credit and asset management portfolios, DNB has worked systematically since we endorsed the TCFD in 2017. DNB's first engagement in two UNEP FI-led TCFD pilot projects throughout in 2017 and 2018, gave us the opportunity to reflect on how we understand and manage climate-related risks and opportunities on the DNB business. However, more insight into climate risk is needed to give quantifiable results. In 2019, we have thus continued our work on stress tests and scenario analysis, with a broader scope both in terms of industries and scenarios. In phase two of the UNEP FI TCFD pilot, DNB prioritize the sectors of renewable

1) Climate Disclosure Project is an organization that runs the global disclosure system for investors and companies to manage their environmental impacts.

energy and oil -and gas production. We expand on the scenario approach and will quantify climate risk in credit portfolios for climate scenarios of 1.5, 2 and 4 degrees Celsius increases in temperature. The scenarios envisage a range of sever climate-related changes, against which we stress test our portfolio resilience over the short, medium (2030) and long (2040) term time horizon.

INTEGRATION OF CLIMATE RISK IN DNB'S RISK MANAGEMENT

  • → Specific climate risk assessment requirements were approved and integrated into DNB's credit risk framework. This implies that corporate clients must address climate risks. We engage with clients to improve resilience to climate risk exposure and successfully manage the transition to a low-carbon scenario. As an example, through the 2019 commitment to Poseidon Principles, DNB will measure and publish the carbon intensity of the shipping portfolio starting in 2020.
  • → Continuous work on expanding climate risk analyses in credit risk management and risk reporting.
  • → When conducting stress tests on portfolio level, DNB always evaluates how climate may be a potential triggering factor that should be included in the development of scenarios.

For more detailed information about DNBs perception and work on climate risk, see DNB's Sustainability Library: https://www.dnb.no/en/about-us/csr/sustainability-library. html

Sustainability in salmon farming

DNB is the world's leading bank in the financing of the seafood industry, with a focus on salmon farming. As it deals with living organisms, this industry has traditionally been concerned with both biology and sustainability. The quality and price of the product is highly dependent on healthy fish and a clean environment, and as such, there is a clear link between sustainability and financial performance. Outside the industry, a great deal of attention has been paid to the sustainability of the industry, both in terms of production itself and the negative impact on wild salmon due to escapes and the transmission of disease, sea lice and genetic material.

Areas that have brought negative attention to the salmon farming industry:

  • → Climate impact: Farmed salmon has a far smaller carbon footprint than meat production, and the negative attention is primarily related to the production of soy, which is an important ingredient in salmon feed, mainly purchased from Brazil. Despite using only certified soy, questions are being raised about deforestation, among other things. Feed production represents over 80 per cent of the CO2 emissions associated with salmon farming and research is underway on alternative feed ingredients with a lower carbon footprint.
  • → Use of antibiotics and other medicines: Norwegian salmon farming has the lowest antibiotic consumption of all industrial animal protein production in the world. Antibiotic-free fish achieve a higher price in the market.
  • → Animal welfare: Stress associated with lice treatments and a generally high mortality rate are challenges for the industry. Large investments are being made in lice control and digital aids are increasingly used to improve knowledge about the fish, fish welfare and the environmental footprint of salmon farming.
  • → Packaging: Most of the salmon is exported fresh in polystyrene boxes. Polystyrene is difficult to recycle and represents a pollution problem. The industry is working intensively to come up with more environmentally friendly solutions.

DNB wants to contribute to sustainable development in the industry. We expect our customers to strive for a high standard that goes beyond current laws and regulations. We do thorough research before we take on new customers and monitor our customers' efforts in this area. If a customer does not operate sustainably and dialogue does not result in positive progress, we may end our relationship with that customer. Given all the initiatives mentioned in the points above, we consider it likely that the industry will reduce its environmental footprint in the years to come.

10

Risk categories, explanation of terms and abbreviations

66 Risk categories 67 Explanation of terms 69 Abbreviations

10 Risk categories, explanation of terms and abbreviations

RISK CATEGORIES

In DNB, risk is divided into six main categories which are subject to special measurement and monitoring.

Credit risk is the risk of financial losses due to failure on the part of the Group's customers to meet their payment obligations towards DNB. Credit risk refers to all claims against customers, primarily loans, but also liabilities in the form of other extended credits, guarantees, interestbearing securities, approved, undrawn credits and interbank deposits. Credit risk also includes concentration risk, which is the risk associated with large exposures to a single customer and clusters of commitments in geographical areas or industries, or with homogeneous customer groups.

Counterparty credit risk is a form of credit risk that arises in connection with trades in financial instruments, such as derivatives. Counterparty credit risk is the risk that the counterparty will fail to perform its contractual obligations in a transaction.

Market risk is the risk of losses due to unhedged positions in the foreign exchange, interest rate, commodity and equity markets. The risk reflects potential fluctuations in profits due to volatility in market prices and exchange rates. Market risk includes both risk which arises through ordinary trading activities and risk which arises as part of banking activities and other business operations. In addition, market risk arises in DNB Livsforsikring AS through the risk that the return on financial assets will not be sufficient to meet the obligations specified in agreements with customers.

Residual value risk is the risk that the value of collateral securing exposure is lower than expected. Residual value risk is included in credit risk in the capital adequacy framework but in internal DNB reporting it is included as market risk.

Operational risk is the risk of losses due to deficiencies or errors in internal processes or systems, human errors or external events. This definition includes legal risk, but not strategic risk or reputation risk.

Insurance risk is risk associated with operations in DNB Livsforsikring AS and refers to changes in insurance obligations due, inter alia, to changes in life expectancy and disability rates within life insurance.

Liquidity risk is the risk that the Group will be unable to meet its obligations as they fall due, and the risk that the Group will be unable to meet its liquidity obligations without a substantial rise in appurtenant costs. Liquidity is vital for financial operations, but as a rule this risk does not materialise until other events give rise to concern about the Group's ability to meet its financial obligations.

In addition to the above risk categories, the Group is exposed to the following: Strategic risk can be defined as the risk of a decline in income if the Group fails to exploit the strategic opportunities which are offered. The Group's strategic risk is not measured or reported, but is on the agenda in discussions concerning annual strategy processes.

Business risk is the risk of profit fluctuations due to changes in external factors such as the market situation, government regulations or a weakened reputation. Reputational risk is often a consequence of other risk categories. The Group's business risk is generally handled through the strategy process and through on-going work to safeguard and improve the Group's reputation.

Basis risk is a part of market risk. Basis risk is the risk that changes in the value of a hedge are not correlated with the changes in value of the underlying position being hedged. The most pronounced form of basis risk in DNB, which arises in connection with currency hedging of future cash

flows in foreign currencies, is so-called basis swap risk.

Credit spread risk is the risk of changes in the market value of securities and derivatives as a result of changes in credit spreads. Credit spread is a type of risk factor that measures market sensitivity, in terms of basis point value, to credit and liquidity risk.

Compliance risk is the risk that DNB fails to comply with external regulations, or internal regulations derived from external regulations.

10 Risk categories, explanation of terms and abbreviations

EXPLANATION OF TERMS Primary capital (own funds)

Regulatory capital is capital that can be used to cover capital requirements. Regulatory capital includes Tier 1 capital and supplementary capital (Tier 2). Common equity Tier 1 capital consists of paid-in capital and retained earnings. Hybrid capital (perpetual hybrid bonds) has traits of both debt and equity, and is part of the Tier 1 capital. However, it cannot exceed 1.5 percentage points of the minimum Tier 1 capital requirement of 6 per cent. Hybrid capital is perpetual and can be written down or converted to equity when the common equity Tier 1 capital ratio falls below 5.125 per cent.

Tier 2 capital consists of subordinated debt. Subordinated debt can be either perpetual or time limited. It is interestbearing and repayment may be demanded, but it is ranked below other debt and above Tier 1 capital. Subordinated debt cannot represent more than 2 percentage points of the minimum capital adequacy requirement of 8 per cent.

Basel III

Basel III is an international regulatory standard on bank capital adequacy, stress testing and market liquidity risk issued by the Basel Committee for Banking Supervision. The final elements of this framework were added in December 2017 and will, in accordance with the agreement, be implemented by 1 January 2022 at the latest. Basel III has been implemented in EU and EEA by means of CRR/CRD IV.

  • → CRR (the Capital Requirements Regulation) is a regulation and applies throughout the EU independent of national legislation. Through the EEA agreement, Norway is required to comply with the regulation.
  • → CRD IV (the Capital Requirements Directive) is the legal framework for the supervision of credit institutions and investment firms in the EU. In accordance with the EEA agreement, Norway is required to transpose the directive into Norwegian legislation.

CRR/CRD IV was implemented in Norway on 31 December 2019 through the Norwegian Capital Requirements Regulation and the National Adaptation of CRR/CRD IV. See the section on capital requirements calculations in DNB below.

Basis swap

In this context we use the term basis swap for a type of swap in which two parties exchange variable interest and principal payments in different currencies. This is usually done to hedge future cash flows in foreign currencies.

Buffer requirements

Banks are required to hold considerably more capital than the minimum requirement in the form of different buffer requirements. This will be buffers that the banks, under particularly adverse conditions, should be able to disregard, but which the banks in normal/good times must have in addition to the minimum requirement. The buffer requirements must be met with common equity Tier 1 capital.

Financial institutions must fulfil a combined buffer requirement consisting of four separate requirements:

  • → The capital conservation buffer is a buffer imposed on all banks to provide time and space for correcting measures if the bank were to get into a crisis situation.
  • → Systemic risk buffers are a buffer that reflect particularly high structural risk aspects in the economy, which are not due to time-varying economic cycles.
  • → The buffer for systemically important financial institutions is a buffer to mitigate the likelihood that systemically important financial institutions come into a crisis situation.
  • → The countercyclical capital buffer is a buffer that takes into account that credit risk may increase during periods of strong credit growth. The buffer shall reduce the effect of cyclical variations. During recessions the buffer requirement can be reduced or removed to make it easier for banks to provide credit.

In addition, financial institutions must have a capital requirement margin. The institutions themselves assess the size of the margin, but Finanstilsynet (Financial Supervisory Authority of Norway) provides guidance through the Supervisory Review and Evaluation Process (SREP).

According to § 2-9 e of the Financial Agreements Act, financial institutions that do not fulfil the above buffer requirements must prepare a plan for increasing its common equity Tier 1 capital ratio. Financial institutions can in such cases not pay dividends to shareholders or bonuses to employees without Finanstilsynet's consent.

EAD (Exposure at Default)

Exposure at default indicates the share of the approved commitment that is expected to be drawn at the time of any future default, at the same time as there is a downturn in the market, if that value is more conservative than the long-term average. EAD is the sum of the drawn amount and off-balance sheet items multiplied by a conversion factor (CCF) and is calculated before impairments.

ECL (Expected Credit Loss)

DNB applies a three-step approach in measuring expected credit loss (ECL) on loans to customers, loan obligations, financial guarantees and other financial instruments subject to the write-down rules in IFRS 9:

  • → A financial instrument is initially classified as stage 1 unless it has already been written down at the time of acquisition. The exposures in stage 1 are calculated as expected credit losses on a one-year horizon.
  • → If a significant increase in credit risk is identified after the initial classification, the financial instrument is moved to stage 2 and the expected credit loss is calculated for the entire remaining maturity. An increase in credit risk reflects both customer-specific circumstances and the development of relevant macro factors for the segment to which the customer belongs. The assessment of what is considered to be a significant increase in credit risk is based on a combination of quantitative and qualitative indicators.
  • → If the credit risk worsens and the financial instrument is considered to be in default or at risk of loss, the financial instrument is moved to stage 3. For exposures in stage 3, expected credit losses are determined based on individual assessments.

For exposures in stage 1 and stage 2, a model (the ECL model) is used to calculate expected credit losses.

EL (Expected Loss)

Expected loss indicates the average annual expected losses over a business cycle, including inherent safety margins and cyclicality that are taken into account in the bank's IRB models. EL is calculated as EL = PD x LGD x EAD. Under normal circumstances, this figure should be higher than the actual losses.

ICAAP (Internal Capital Adequacy Assessment Process)

Financial institutions are required to have an ongoing internal assessment of risk and capital needs. The process is outlined in Pillar 2 of the capital adequacy regulations.

10 Risk categories, explanation of terms and abbreviations

The bank must assess all risks inherent in operations. Updating of risk appetite limits, financial plans and strategies and setting of financial target indicators are important elements of the ICAAP process. The process is documented annually through the ICAAP report to Finanstilsynet. Based on this report and other information that Finanstilsynet has about the bank, an overall assessment of the bank's risk and capital situation (SREP) is carried out. In connection with the assessment, a separate add-on to the other capital requirements, the Pillar 2 capital add-on, is also set.

Capital requirement calculations used in DNB

  • → IRB approach (Internal Ratings-Based approach): An approach to measure risk-weighted assets (RWA) for credit risk using internal risk models. Advanced IRB (A-IRB) is a method of calculating credit risk using internal PD, LGD and EAD models. Finanstilsynet gives permission to use internal models.
  • → Standardised approach, credit risk: Method for calculating RWA using stipulated risk weights or rates. Risk weights depend on e.g. the type of counterparty asset class, collateral and external rating.
  • → Standardised approach, market risk: The risk is divided into four asset classes in the standardised approach for market risk (interest, equity, currency, and commodity positions) and in addition the CVA risk for derivatives is calculated. Different calculation methods are used for each of these asset classes.
  • → Standardised approach, operational risk: A method where income is allocated to eight different business areas, where Finanstilsynet defines which service categories are included in each area. When calculating the minimum requirement, average gross income over the past three years is multiplied by fixed per centages ranging between 12 and 18 per cent, depending on which business area has generated the income.
  • The calculation methods are described in CRR/CRD IV. Also see Basel III.

CCF (Credit Conversion Factor)

CCFs are used in determining the EAD in relation to credit risk exposures. The CCF is an estimate of the proportion of undrawn commitments expected to have been drawn at the time of default.

LGD (Loss Given Default)

Loss given default indicates how much the Group expects to lose if customers fails to meet their obligations. The LGD that is applied in the capital adequacy assessment, is computed assuming there is a major downturn in the market, and that value should be more conservative than the long-term average. The models take into account the collateral pledged by the customer, future cash flows and other relevant factors.

Liquidity Indicators

  • → LCR (Liquidity Coverage Ratio) measures short-term liquidity risk. The LCR requires banks to hold risk-free assets that may be easily liquidated in order to meet required payments during a thirty-day crisis period without central bank support.
  • → NSFR (Net Stable Funding Ratio) measures long-term liquidity risk, aiming to create additional incentives for banks to fund their activities with more stable sources of funding.

MREL (Minimum Requirement for own funds and Eligible Liabilities)

The MREL is an EU requirement stating that banks must have a minimum amount of own funds and eligible liabilities that can be written down or converted into equity (bail-in), when a bank is under crisis management by the authorities.

Covered Bonds

Covered bonds provide coverage for its claims in an underlying cover pool if the issuer defaults on his obligations. Norwegian covered bonds can only be issued by specialized credit institutions, while foreign covered bonds may be

issued by both banks and specialized credit institutions.

PD (Probability of Default)

The probability of default is the calculated probability that a customer will not be able to service their credit within the next twelve months.PD is calculated on the basis of a combination of financial and non-financial factors and forms the basis for internal risk classification of the customers. Defaulted exposures are automatically assigned a PD of 100 per cent. The PD applied in capital adequacy calculations will be relatively stable over time (throughthe-cycle), while PD used in the calculation of Expected Credit Losses (ECL) will vary with actual default rates (point-in-time). In addition, the bank calculates the lifetime PD to reflect the probability of default over the expected life time of the loan, which is used to allocate stage in the calculation of expected losses.

RWA (Risk-Weighted Assets)

Risk-weighted assets are the basis for calculating capital requirements and are used for assessing the bank's solvency. RWA are a quantification of credit risk, counterparty credit risk, market risk and operational risk. The calculation methods are described in the EU's Capital Requirements Regulation (CRR).

Solvency II

The Solvency II Directive is an EU Directive that describes capital requirements for insurance companies. Solvency II was effective from 1 January 2016, and is based on a threepillar structure like the Basel III standard for banks:

  • → Pillar 1 includes requirements for valuation of assets and insurance provisions, capital and capital requirements.
  • → Pillar 2 contains rules for risk management, internal control, and supervisory control and monitoring.
  • → Pillar 3 is to ensure market discipline through the duty of information to the public and reporting duty to the supervisory authorities.

Systemically Important Financial Institution (G-SII and O-SII)

Some financial institutions are systemically important and of particular importance to the financial system and the economy, and are defined as Globally Systemically Important Institutions (G-SII) or Other Systemically Important Institutions (O-SII). They are characterised by having a size and operations that would make them difficult to replace, and where problems in the institutions would cause a ripple effect with significant harm to society. In Norway, this applies for DNB ASA and Kommunalbanken AS, which are defined as O-SII.

Leverage Ratio

The leverage ratio is defined as Tier 1 capital as a percentage of total exposure calculated according to the CRR.

VaR (Value at Risk)

Value at risk (VaR) is a measure of the risk of loss for investments. It estimates how much a set of investments might lose (with a given probability), given normal market conditions, in a set time period.

Wrong-Way Risk (WWR)

WWR is the additional risk that arises through an adverse correlation between counterparty exposures and the credit quality of the counterparties, and is therefore a correlation between credit risk and market risk.

Economic Capital

DNB calculates economic capital for all the main risk categories. The simulation model used in the calculation, the Total Risk Model, calculates unanticipated losses for different types of risk and for the Group as a whole. DNB has stipulated that economic capital should cover 99.9 per cent of potential unexpected losses within a one-year horizon.

DNB Group 2019 — Risk and capital management 69

10 Risk categories, explanation of terms and abbreviations

ABBREVIATIONS

A-IRB Advanced IRB ALCO Asset Liability Committee AML Anti-Money Laundering BCBS The Basel Committee on Banking Supervision BICRA Banking Industry Country Risk Assessment BRRD Bank Recovery and Resolution Directive CCF Credit Conversion Factor CCR Counterparty Credit Risk CEM Current Exposure Method CEO Chief Executive Officer CET1 Common Equity Tier 1 CFO Chief Financial Officer CLS Continuous Link Settlement CRD IV Capital Requirements Directive CRO Chief Risk Officer CRR Capital Requirements Regulation CSA Credit Support Annex CVA Credit Value Adjustment DVP Delivery versus Payment

EAD Exposure at Default EBA European Banking Authority ECB European Central Bank EL Expected Loss F-IRB Foundation IRB FMRC Financial Markets Risk Committee FRA Forward Rate Agreement GACC Group Advisory Credit Committee GCCO Group Chief Compliance Officer GCD Global Credit Data: A non-profit organisation for banks GDPR General Data Protection Regulation G-SII Global Systemically Important Institutions ICAAP Internal Capital Adequacy Assessment Process IFRS International Financial Reporting Standards ILAAP Internal Liquidity Adequacy Assessment Process IMM Internal Model Method IRB Internal Ratings-Based Approach LCH London Clearing House, a British clearing house serving large international stock exchanges as well as OTC markets LCR Liquidity Coverage Ratio

LGD Loss Given Default LR Leverage Ratio LTV Loan to Value MIR Model Input Review MREL Minimum Requirement for Own Funds and Eligible Liabilities MTM Mark-to-market NSFR Net Stable Funding Ratio ORO Operational Risk Officer O-SII Other Systemically Important Institutions OTC Over the Counter PE Private Equity PD Probability of Default RWA Risk-Weighted Assets SCR Solvency Capital Requirement SREP Supervisory Review and Evaluation Process S&P Standard and Poor's VaR Value at Risk WWR Wrong-Way Risk

DNB

Postal address: P.O. Box 1600 Sentrum N-0021 Oslo

Head office: Dronning Eufemias gate 30 0191 Oslo

dnb.no

More from DNB Bank ASA

Transaction in Own Shares 2025
Dec 29
Transaction in Own Shares 2025
Dec 29
Transaction in Own Shares 2025
Dec 29
Transaction in Own Shares 2025
Dec 29
Transaction in Own Shares 2025
Dec 22
Transaction in Own Shares 2025
Dec 22
Transaction in Own Shares 2025
Dec 22
Transaction in Own Shares 2025
Dec 22
Transaction in Own Shares 2025
Dec 15
Transaction in Own Shares 2025
Dec 15
View all filings →

Talk to a Data Expert

Have a question? We'll get back to you promptly.