48 June 30, 2022
To achieve this, IDA’s balance sheet is managed in multiple currencies: SDR and the currencies comprising the SDR
basket. The exchange rate risk management methodology includes the hedging of: (i) currency risk arising from
settlement of loan disbursements, loan repayments and donor contributions; (ii) debt funding; (iii) IDA loans; (iv)
donor contributions; and (v) administrative budget.
The reported levels of its assets, liabilities, income, and expenses in the financial statements are affected by exchange
rate movements in all the currencies in which IDA transacts, relative to its reporting currency, the U.S. dollar. These
movements are shown as currency translation adjustments. Translation adjustments relating to the revaluation of assets
and liabilities denominated in SDR and SDR component currencies (IDA’s functional currencies), are reflected in
Accumulated Other Comprehensive Income (Loss), in equity. Translation adjustments relating to non-functional
currencies are reported in IDA’s Statement of Income (see Notes to the Financial Statements for the year ended June
30, 2022, Note A – Summary of Significant Accounting and Related Policies).
IDA uses currency forward contracts to convert future inflows from members’ receivables provided in national
currencies into the five currencies of the SDR basket, thereby aligning the currency composition of member
contributions with the net cash outflows relating to loans and grants, which are primarily denominated in SDR.
Liquidity Risk
Liquidity risk arises in the general funding of IDA’s activities and in managing its financial position. It includes the
risk of IDA being unable to fund its portfolio of assets at appropriate maturities and rates, and the risk of being unable
to liquidate a position in a timely manner at a reasonable price.
IDA’s aggregate liquid asset holdings are kept above a specified prudential minimum to safeguard against cash flow
interruptions. The Prudential Minimum is equal to 80% of 24 months of projected net outflows. For FY22, the
prudential minimum was $19.3 billion. For FY23, the prudential minimum has been set at $20.8 billion. As of June
30, 2022, IDA’s liquid assets were $39.2 billion, 203% of the FY22 prudential minimum.
IDA will hold liquidity above the prudential minimum to ensure sufficient liquidity under a wide range of shock
scenarios as well as to give it flexibility in timing its borrowing transactions and to meet working capital needs.
Operational Risk
Operational risk is defined as the risk of financial loss, or damage to IDA’s reputation resulting from inadequate or
failed internal processes, people, and systems, or from external events.
IDA recognizes the importance of operational risk management activities, which are embedded in its financial
operations. As part of its business activities, IDA is exposed to a range of operational risks including physical security
and staff health and safety, data and cyber security, business continuity, and third-party vendor risks. IDA’s approach
to identifying and managing operational risk includes a dedicated program for these risks and a robust process that
includes identifying, assessing, and prioritizing operational risks, monitoring, and reporting relevant key risk
indicators, aggregating, and analyzing internal and external events, and identifying emerging risks that may affect
business units and developing risk response and mitigating actions.
Cybersecurity Risk Management
IDA’s operations rely on the secure processing, storage, and transmission of confidential and other information in
computer systems and networks. As is the case for financial institutions generally, cybersecurity risk continues to be
significant for IDA due to the evolving sophistication and complexity of the cyber threat landscape. These risks are
unavoidable, and IDA seeks to manage them on a cost-effective basis consistent with its risk appetite.
To protect the security of its computer systems, software, networks and other technology assets, IDA has developed
its cybersecurity risk management program, consisting of cybersecurity policies, procedures, compliance, and
awareness programs. IDA deploys a multi-layered approach for cybersecurity risk management to help prevent and
detect malicious activity, both from within the organization and from external sources. In managing emerging cyber
threats such as malware including ransomware, denial of service and phishing attacks, IDA strives to adapt its
technical and process-level controls and raise the level of user awareness to mitigate the risk.
IDA periodically assesses the maturity and effectiveness of its cyber defenses, through risk mitigation techniques,
including but not limited to, targeted testing, internal and external audits, incident response desktop exercises and
industry benchmarking.