CITIC Limited is committed to enhancing the integrity, foresight, execution, and coordination of its comprehensive risk management system. By aligning business development with control models, the company establishes a tiered and categorised risk management policy framework guided by risk preference, implements targeted improvements to various risk management mechanisms, and strengthens the risk and compliance culture, effectively creating a robust “protective net” and solid “firewall” to safeguard the company’s high-quality development.
Risk strategy and preference
CITIC Limited established a five-year risk strategy in 2021, systematically planning the development of a comprehensive risk management system in three phases. In 2024, the company fully implemented its risk strategy under the “Consolidation and Enhancement Year” work plan, focusing on reinforcing and improving existing mechanisms, enhancing management capabilities in key areas and addressing weaknesses, driving the transmission of control requirements to grassroots units and business fronts, continuously enriching the breadth, depth, and essence of the comprehensive risk management system, thereby improving management effectiveness across multiple dimensions.
The company has created an integrated risk preference system that spans legal entities and multiple levels. This system determines the overall risk exposure, bottom line, structure, and limits through a mix of qualitative and quantitative approaches. Additionally, a comprehensive management mechanism has been established to cover the entire process of setting, transmission, execution, monitoring, and reporting.
Risk management framework
The company has established a comprehensive risk management organisational structure characterised by “Four Levels” and “Three Lines of Defence”. The board of directors holds overall responsibility for maintaining a robust and effective risk management system. The Audit and Risk Management Committee, representing the board, oversees the company’s financial reporting and risk management systems, reviews the effectiveness of the internal audit function, and evaluates the company’s corporate governance policies and practises. The Audit and Compliance Department plays a leading role in risk management, while relevant functional departments act as specialised units for managing various types of risks. Each member unit identifies and effectively manages its risk status within the framework of the comprehensive risk management system, ensuring timely reporting.
The company is dedicated to continuously enhancing its comprehensive risk management system across all levels. It focuses on strengthening risk identification, assessment, and monitoring. By employing off-site monitoring and on-site inspections, the company thoroughly evaluates the business conditions, financial status, and major business activities of its subsidiaries to identify potential risks. Timely reports are generated on weaknesses and risk vulnerabilities, which prompt the implementation of control measures, thereby improving the overall effectiveness of the risk management system.
The company utilises CITIC Financial Holdings to strengthen the specialised management of financial risks. Subsidiaries in banking, securities, trust, and insurance have established risk management committees, which are led by the risk management department to implement comprehensive practises. Other subsidiaries form dedicated departments or assign specific personnel to handle risk management activities based on their business nature and organisational capacity.
Risk and compliance culture development
The company promotes the principle that “effective risk management creates value” and actively leverages the guiding role of risk and compliance culture. In 2024, it initiated a new round of campaign focused on “mastering risks and adhering to compliance”. This campaign aims to seamlessly integrate risk and compliance culture into the entire process of business management, including management mechanisms, policies, business rules, and codes of conduct. The objective is to transform the concept of risk management into voluntary actions embraced by all employees.
Major risk analysis
CITIC Limited faces various risks, including but not limited to financial risk, credit risk, strategic risk, investment risk, legal compliance and anti-money laundering risk, reputation risk, work safety risk, and information technology risk. The company has established a comprehensive risk management and internal control system that spans all its business segments to identify, assess, and manage the various risks associated with its operations.
Financial risk
As a sub-committee of the Executive Committee, the Asset and Liability Management Committee (“ALCO”) has been established to monitor financial risks of the Group in accordance with the relevant financial and treasury risk management policies.
1.
Asset and liability Management
CITIC Limited’s sources of funds for different businesses include long-term and short-term debt and equity, of which ordinary shares, preferred shares and perpetual securities are the alternative forms of equity financing instruments. CITIC Limited manages its capital structure to finance its overall operations and growth by using different sources of funds. The type of funding is targeted to match the characteristics of our underlying business.1.1
Debt
ALCO centrally manages and regularly monitors the existing and projected debt levels of CITIC Limited and its major non-financial subsidiaries to ensure that the Group’s debt size, structure and cost are at reasonable levels.As at 31 December 2024, consolidated debt of CITIC Limited (1) was RMB1,734,957 million, including loans of RMB244,855 million and debt instruments issued (2) of RMB1,490,102 million. Debt of CITIC Bank (3) accounted for RMB1,220,522 million. CITIC Limited attaches importance to cash flow management, the head office of CITIC Limited had cash and deposits of RMB1,435 million and available committed facilities of RMB59,265 million.
The details of debt are as follows:
| As at 31 December 2024 | RMB million |
|---|---|
| Consolidated debt of CITIC Limited | 1,734,957 |
| Among which: Debt of CITIC Bank | 1,220,522 |
Note:
(1)
Consolidated debt of CITIC Limited is the sum of “bank and other loans” and “debt instruments issued” in the Consolidated Statement of Financial Position of CITIC Limited excluding interest accrued;
(2)
Debt instruments issued include corporate bonds, notes, subordinated bonds, certificates of deposit issued, certificates of interbank deposit issued, convertible corporate bonds and beneficiary certificates excluding interest accrued;
(3)
Debt of CITIC Bank refers to CITIC Bank’s consolidated debt securities issued, including long-term debt securities, subordinated bonds, certificates of deposit issued, certificates of interbank deposit issued and convertible corporate bonds excluding interest accrued.
The debt to equity ratio of CITIC Limited as at 31 December 2024 is as follows:
| RMB million | Consolidated |
|---|---|
| Debt | 1,734,957 |
| Total equity(4) | 1,423,014 |
| Debt to equity ratio | 122% |
Note:
(4)
Total consolidated equity is based on the “total equity” in the Consolidated Statement of Financial Position
1.2
Liquidity risk management
The objective of liquidity risk management is to ensure that CITIC Limited always has sufficient cash to repay its maturing debt, perform other payment obligations and meet other funding requirements for normal business development.CITIC Limited’s liquidity management involves the regular cash flow forecast for the next three years and the consideration of its liquid assets level and new financings necessary to meet future cash flow requirements.
CITIC Limited centrally monitors and graded manages its own liquidity and that of its major non-financial subsidiaries and improves the efficiency of fund utilisation. With flexible access to domestic and overseas markets, CITIC Limited seeks to diversify sources of funding through different financing instruments, in order to raise low-cost funding of medium and long terms, maintain a mix of staggered maturities and minimise refinancing risk.
Details of liquidity risk management are set out in Note 50(b) to the consolidated financial statements.
1.3
Contingent liabilities and commitments
Details of contingent liabilities and commitments of CITIC Limited as at 31 December 2024 are set out in Note 49 to the consolidated financial statements.1.4
Pledged loan
Details of cash and deposits, inventories, trade and other receivables, fixed assets, intangible assets, right-of-use assets pledged as security for CITIC Limited’s loan as at 31 December 2024 are set out in Note 44(d) to the consolidated financial statements.1.5
Credit rating
| Standard&Poor’s | Moody’s | |
|---|---|---|
| 31 December 2024 | A-/Stable | A3/Stable |
2.
Treasury risk management
Treasury risk management essentially covers the following financial risks inherent in CITIC Limited’s businesses:- Interest rate risk
- Currency risk
- Counterparty risk for financial products
- Commodity risk
- Market price risk
CITIC Limited is committed to establishing a comprehensive and uniform treasury risk management system. Within the group-wide treasury risk management framework, member companies are required to, according to their respective business characteristics and regulatory requirements, implement suitable treasury risk management strategies and procedures and submit reports on a regular and ad hoc basis.
2.1
Interest rate risk
CITIC Limited regularly monitors current and projected interest rate changes, with each of the operating entities of the Group implementing its own interest rate risk management system covering identification, measurement, monitoring and control of market risks. Interest rate risk is managed by taking into account market conditions and controlled at a reasonable level.For our financial subsidiaries, repricing risk and benchmark risk are the main sources of interest rate risk. Observing the principle of prudent risk appetite, they closely track changes in the macroeconomic situation and internal business structure, continue to optimise the maturity structure of deposits, make timely adjustments to the loan repricing lifecycle, and take the initiative to manage sensitive gaps in interest rates for the overall objective of achieving steady growth both in net interest income and economic value within a tolerable level of interest rate risk.
For our head office and non-financial subsidiaries, the interest rate risk arises primarily from debt. Borrowings at floating rates expose CITIC Limited to cash flow interest rate risk, while borrowings at fixed rates expose CITIC Limited to fair value interest rate risk. Based on its balance sheet and market conditions, CITIC Limited and its non-financial subsidiaries will conduct analysis and sensitivity testing on interest rate risk, adopt a flexible approach in choosing financing instruments at floating and fixed rates, or choose to employ, at the suitable time, the interest rate swaps and other derivative instruments approved for use by the ALCO to manage interest rate risk.
Details of interest rate risk management are set out in Note 50(c) to the consolidated financial statements.
2.2
Currency risk
CITIC Limited has major operations in mainland China, Hong Kong and Australia, with Renminbi (“RMB”), Hong Kong dollar (“HKD”) and United States dollar (“USD”) as functional currencies respectively. The Group’s member companies are exposed to currency risk from gaps between financial assets and liabilities, future commercial transactions and net investments in foreign operations that are denominated in a currency that is not the member company’s functional currency. The reporting currency of the consolidated financial statements of CITIC Limited is RMB. Translation exposures from the consolidation of subsidiaries, whose functional currency is not RMB, are not hedged by using derivative instruments as no cash exposures are involved.CITIC Limited measures its currency risk mainly by currency gap analysis. Where it is appropriate, the Group seeks to lower its currency risk by matching its foreign currency denominated assets with corresponding liabilities in the same currency or using forward contracts, cross currency swaps and other derivative instruments, provided that hedging is only considered for firm commitments and highly probable forecast transactions.
Details of currency risk management are set out in Note 50(d) to the consolidated financial statements.
2.3
Counterparty risk for financial products
CITIC Limited has business with various financial institutions, including deposits, interbank lending, financial investment products and derivative financial instruments. To mitigate the risk of non-recovery of deposited funds or financial instrument gains, member companies of CITIC Limited approve and adjust the list of counterparties and credit limits of approved financial institutions through internal credit extension processes. A regular report is required.2.4
Commodity risk
Some businesses of CITIC Limited involve the production, procurement, and trading of commodities, and they face exposure to price risks of commodities such as iron ore, crude oil, gas and coal.To manage some of its raw material exposures such as supply shortages and price volatility, CITIC Limited has entered into long-term supply contracts for certain inputs or used plain vanilla futures, forward contracts and other derivative instruments for hedging. While CITIC Limited views that natural offsetting is being achieved to a certain extent across its different business sectors, it performs a continual risk management review to ensure commodity risks are well understood and controlled within its business strategies.
2.5
Market price risk
CITIC Limited holds investments in financial assets classified as Derivative financial instruments or Investments in financial assets in the Consolidated Statement of Financial Position, including shares of listed company. To control price risks arising from such investments, the Group actively monitors the price changes and diversifies the relevant investment risks through appropriate asset allocation.Credit risk
Credit risk refers to the potential loss incurred when a debtor or counterparty fails to fulfil their obligations as agreed. The company primarily faces credit risk associated with activities such as issuing loans and advances, bond investments, debt plans, investments in debt-like financial products, accounts receivable, margin financing, financial guarantees, and loan commitments.
CITIC Limited adheres strictly to regulatory guidelines on credit risk management. Under the leadership of the board and senior management, the company utilises the CITIC Financial Holding platform to conduct unified monitoring, analysis, and control of credit risk exposures related to loans, investments and other financial activities: 1. Guiding its subsidiaries in establishing and enhancing their credit risk management systems: This includes improving the tracking and assessment of credit risks, refining due diligence, review, approval, and post-lending management processes, optimising credit risk rating tools, clarifying risk asset classification standards, and prudently provisioning for credit asset losses. 2. Enhancing control of unified credit and concentration limits: A risk limit management mechanism ensures coordination between the parent company’s and its subsidiaries. The company adheres to the principle of “One CITIC, One Client”, creating a cross-entity concentration limit management system to effectively control large risk exposures. Subsidiaries are required to establish risk limits based on industry, region, and client dimensions, ensuring proper asset portfolio management to prevent risk concentration. 3. Coordinating risk mitigation in key areas: CITIC implements central government’s policy requirements by actively supporting the funding of “white list” projects in real estate and local government debt management. It establishes risk disposal strategies for real estate and local government debt businesses and formulates risk resolution plans while increasing efforts in risk management. 4. Leveraging the benefits of integrated industry and financial services to enhance collaborative risk mitigation efforts: By enhancing resource integration and innovation and establishing of the CITIC collaborative risk mitigation fleet, the company provides comprehensive risk management services for risk projects, including incremental funding, asset operation, and brand enhancement. This creates a distinctive CITIC model for collaborative risk management, working together to effectively address significant project risks.
In 2024, key credit risk indicators in the comprehensive financial services segment showed continued improvement, with asset quality steadily enhancing. CITIC Bank’s year-end non-performing loan (NPL) ratio was 1.16%, down 0.02 percentage points from the start of the year, representing six consecutive years of decline. CITIC Trust’s proprietary business NPL ratio decreased by 1.31 percentage points compared to the beginning of the year. CITIC Securities maintained stable asset quality and demonstrated effective risk management in critical areas. Seizing the favourable window for real estate policy, CITIC Securities expedited its efforts to address key risk projects within the sector. Additionally, the company capitalised on opportunities from the hidden debt replacement policy to accelerate the disposal of existing risks. The NPL ratios in these two key areas dropped by 0.48 and 0.11 percentage points, respectively. The risk of large clients remains contained. The implementation of the large client limit management mechanism has been successful, resulting in an improved structure among the top ten clients and a reduction in client concentration risk.
Strategic risk
Strategic risk management aims to effectively respond to changes in external policies and the macroeconomic environment, mitigate the risk of deviation from strategic objectives, and ensure the scientific implementation and dynamic optimisation of strategic planning. Based on the “Five-Five-Three” strategic framework, the company aligns its development goals with the “Ten-Hundred-Thousand-Ten thousand” targets. It seeks to deepen industry-finance collaboration, enhance core business competitiveness, and accelerate the transformation towards high-end, intelligent, and green development, thereby strengthening strategic resilience. The company conducts regular in-depth analyses of internal and external environments, paying particular attention to key variables such as domestic and international industrial policies and geopolitical shifts. This process facilitates continuous updates on the progress of annual strategic implementation and enables proactive identification of deviation risks. By integrating medium-term planning adjustments with budgeting mechanisms, the company promotes the effective decomposition and execution of strategic objectives. This approach aims to maintain controllable risks and ensure sustainable development in complex environments, ultimately creating long-term value for shareholders.
Investment risk
The investment risk management at CITIC Limited aims to ensure that investments align with national policies and adhere to the group’s strategic planning and business strategy. The focus is on continuously enhancing the management of investment projects while mitigating significant investment risks. The company concentrates on national strategic priorities and industrial policies, actively engaging in sectors such as comprehensive financial services, advanced intelligent manufacturing, advanced materials, new consumption, and new-type urbanisation, meanwhile accelerating the development of strategic emerging industries. The company strictly follows a primary business list and a negative list for investment projects, enhancing pre-investment approvals and refining post-investment evaluations to effectively meet investment risk control requirements.
Legal, compliance and anti-money laundering risks
CITIC Limited is committed to operating in full compliance with laws and regulations, ensuring a stable and secure business operation. The company focuses on enhancing the prevention and management of legal risks, conducting thorough legal reviews of major investment projects, and effectively addressing significant litigation and arbitration cases. Additionally, it reinforces the protection of intellectual property, including the “CITIC” trademark. The company has established and refined a comprehensive compliance management and internal control system, continuously optimising policies, processes, and systems in key business and management areas. Regular evaluations of the effectiveness of the compliance management system are conducted. CITIC Limited fosters a strong risk and compliance culture, actively supervising subsidiaries to meet their compliance obligations, improve reporting mechanisms and enhance early-warning capabilities of compliance risks. With the objectives of “risk-based, comprehensive coverage, accountability enforcement, stable operations, and value creation”, CITIC Limited continually refines its anti-money laundering management framework and internal control mechanisms, as well as supervises subsidiaries to achieve effective closed-loop management of money laundering risks, implement tailored and scenario-specific risk classification and control measures, and balance money laundering risk management with the optimisation of financial services, supporting sustainable development.
Reputation risk
CITIC Limited follows the guiding principles of “source prevention, comprehensive management, tailored strategies, and systematic implementation” to effectively mitigate major reputation risk events. The company emphasises full-cycle management, focusing on preventing reputation risks at the operational management level and establishing a robust process management framework. CITIC Limited encourages participation across all entities to integrate its reputation risk management with the overall risk management and comprehensive oversight frameworks. The company promotes coordinated responses by creating a public opinion monitoring mechanism that facilitates collaboration both internally and externally. Furthermore, CITIC Limited prioritises education and training, enhancing confidentiality protocols and behavioural standards for employees and management. It intensifies professional training to raise awareness of reputation risk prevention and strictly prohibits any activities that could compromise the integrity of the CITIC brand.
Work safety risk
CITIC Limited strictly complies with work safety laws, regulations and standards, holding the notion of people-oriented, upholding the supremacy of the people and the life. The company has established and improved the work safety responsibility systems and work safety polices and rules in all personnel, implemented a double-prevention mechanism featuring graded management and control of work safety risks and the screening and treatment of potential hazards. To improve risk prevention and mitigation mechanisms, CITIC Limited continuously improves the level of standards and information technology of work safety. The company is dedicated to prevent and reduce work safety accidents, with a strong commitment to prevent major accidents. By ensuring the health and safety of employees and protecting corporate assets, CITlC Limited supports the sustainable development of its operations.
Information technology risk
CITIC Limited is committed to managing information technology risks, prioritising robust cybersecurity and data protection. The company strategically balances development and security, continuously enhancing its cybersecurity management and refining the data security ecosystem. To address vulnerabilities effectively, CITIC Limited conducts security drills and emergency exercises, ensuring business continuity and supporting high-quality development. The company consistently optimises its cybersecurity protocols and diversifies its risk assessment methods. Through conducting a series of activities including targeted risk inspections and defensive drills, CITIC Limited implements comprehensive risk governance, solidifying its security framework.