Risk Manager

Identify, measure, and manage financial, operational, and strategic risks — protecting Sri Lanka's banks, insurance companies, and corporates from losses through robust Enterprise Risk Management frameworks aligned to CBSL and Basel III requirements.

CompetitiveHigh demand Global career

Build My Roadmap Compare with Another Career Find Tutors for Key Subjects

Risk managers are responsible for identifying, assessing, measuring, and managing the risks that an organisation faces — from credit and market risks in banking, to operational and compliance risks in corporate organisations, to actuarial and underwriting risks in insurance. Risk management has evolved from a back-office support function into a strategic management discipline: the Central Bank of Sri Lanka (CBSL) mandates that all licensed commercial banks maintain comprehensive risk management frameworks aligned to Basel III standards; the Insurance Regulatory Commission of Sri Lanka (IRCSL) mandates risk management requirements for insurers; the Securities and Exchange Commission (SEC) Sri Lanka has risk governance requirements for listed companies. Sri Lanka's banking sector is the primary employer of specialist risk managers. Commercial Bank of Ceylon — credit risk, market risk, operational risk; Hatton National Bank (HNB); Sampath Bank; Bank of Ceylon; People's Bank; National Development Bank; LOLC Finance. Each of these institutions maintains Risk Management Departments staffed with specialists in credit risk (risk of loan default), market risk (risk of loss from changes in interest rates, exchange rates, and equity prices), and operational risk (risk of loss from internal process failures, system failures, fraud, and external events). Risk management disciplines are also present in insurance companies (actuarial risk; reinsurance risk; underwriting risk; catastrophe risk), in large corporates (enterprise risk; supply chain risk; strategic risk), and in project management (project risk management — risk registers; mitigation planning; contingency reserves). The risk management profession in Sri Lanka is supported by international certifications: FRM (Financial Risk Manager) from GARP (Global Association of Risk Professionals) is the most widely recognised specialist certification; PRM (Professional Risk Manager) from PRMIA is another; and risk management modules in the CFA (Chartered Financial Analyst) programme are also highly valued in banking risk roles.

What a Risk Manager does daily

Credit risk management — assessing the credit risk of loan applications and existing loan portfolios; credit scoring model development and monitoring; concentration risk management (avoiding over-exposure to single sectors or borrowers); NPL (Non-Performing Loan) management; loan loss provisioning; IFRS 9 expected credit loss modelling; CBSL credit risk guidelines compliance
Market risk management — identifying and measuring the organisation's exposure to changes in interest rates (interest rate risk in the banking book — IRRBB); foreign exchange risk (for organisations with foreign currency assets, liabilities, or transactions); equity price risk (for investment portfolios); Value at Risk (VaR) calculation and monitoring; stress testing of market risk positions
Operational risk management — identifying, assessing, and managing risks from internal process failures (operational errors; system failures; fraud; business continuity failures); maintaining the Risk and Control Self-Assessment (RCSA) framework; Key Risk Indicators (KRI) monitoring; operational loss data collection and analysis; business continuity planning
Enterprise Risk Management (ERM) framework — developing and maintaining the organisation's ERM framework; Risk Appetite Statement (what level of risk the organisation is willing to accept); risk taxonomy (classification of all risk categories); risk register maintenance; risk committee governance support
Regulatory risk and compliance management — CBSL Basel III Pillar 1 capital requirements (credit risk, market risk, operational risk capital calculations); CBSL Pillar 2 (ICAAP — Internal Capital Adequacy Assessment Process); CBSL Pillar 3 (risk disclosure); CBSL direction compliance; regulatory stress testing
Risk reporting — preparing risk management reports for the Board Risk Committee; ALCO (Asset and Liability Committee); Senior Management Risk Committee; CBSL risk reporting submissions; developing executive risk dashboards that communicate risk exposures clearly
Stress testing and scenario analysis — developing and running stress test scenarios (macroeconomic stress scenarios: what happens to the credit portfolio if GDP falls 5% and unemployment rises 3%?; market stress scenarios; institution-specific scenarios); presenting stress test results to the Board; capital adequacy assessment under stress
Credit policy and credit process management — developing and maintaining credit policies (who can borrow, how much, on what terms, with what collateral requirements); credit approval process management; credit limit setting; portfolio concentration limits
Risk modelling — developing and validating statistical risk models (credit scorecards; probability of default (PD) models; loss given default (LGD) models; exposure at default (EAD) models; economic capital models); ensuring model performance is monitored and models are recalibrated as needed
Insurance risk management — for insurance sector roles: underwriting risk management (pricing risk; reserving risk); reinsurance programme management; catastrophe risk modelling (for insurers with property or natural catastrophe exposure in Sri Lanka); IRCSL solvency margin compliance; actuarial liaison

Why this matters: Sri Lanka's 2021–2022 economic crisis — during which the country defaulted on its foreign debt for the first time — demonstrated acutely the consequences of inadequate risk management at the national and institutional level. The crisis resulted in banking sector stress, significantly elevated NPL ratios, and substantial loan loss provisioning by Sri Lanka's commercial banks. The recovery of Sri Lanka's financial system requires rigorous risk management at every level — individual bank loan approval, portfolio management, capital adequacy management, and regulatory compliance. CBSL's strengthened Basel III implementation requirements post-crisis mean that risk management is no longer an optional governance formality but a fundamental operational discipline with direct consequences for capital adequacy, loan growth capacity, and regulatory licensing. Beyond banking, enterprise risk management in Sri Lanka's corporate sector is also maturing — driven by SEC listed company governance requirements, external auditor expectations, and the board-level recognition after the economic crisis that unmanaged risk can have existential consequences.

Step-by-Step Career Roadmap

What to do

Develop strong mathematics and statistics — risk management is fundamentally quantitative; strong maths and statistics from school (particularly probability, statistics, and financial mathematics) is the primary academic foundation
Read about banking and financial crises — Sri Lanka 2022; the 2008 global financial crisis; the 1997 Asian financial crisis; understanding what goes wrong when risk is not managed properly builds the intuitive appreciation for why risk management matters
Develop logical reasoning and problem-solving skills — risk analysis is applied logical reasoning; developing strong analytical reasoning from school through mathematics, science, and structured problem-solving provides the cognitive foundation
Begin building Excel skills — Excel proficiency is the primary risk analyst tool; building Excel skills (formulas, data organisation, basic charts) from school provides a head start

Key subjects

MathematicsScienceCommerceEnglish

Skills to build

Probability and statistics basicsExcel foundationsLogical reasoningFinancial crisis understanding

Suggested activities

Maths competition participation
Banking and financial crisis reading
Excel basics practice
Financial news reading (Daily FT; Daily Mirror Business)

Important notes

Risk management requires genuinely strong mathematics — students who are not comfortable with statistics, probability, and quantitative modelling will find the technical dimensions of risk management extremely challenging; honest self-assessment of quantitative ability is important before committing to this career path

💡 Backup / alternative options

Compliance OfficerAuditorInvestment AnalystActuary

⚠️ Important: Career paths and admission requirements change. Always verify the latest university entrance criteria, professional body requirements, and A/L subject combinations with official sources before making final decisions.