Our foundational risk management principle is to conduct business that delivers satisfactory and sustainable returns and maintain risks within specified levels. We have established a risk management framework that consists of a risk management policy, risk appetite statement and risk management processes supported by regular reporting of different types of risks to senior executives, the management team, the Risk Oversight Committee and other related committees. The Bank also sets out comprehensive risk management guidelines that cover all major risks, including strategic risk, credit risk, market risk, liquidity risk, operational risk, information technology risk, reputational risk and compliance risk. In considering how to manage the said major risks, we also take into account aspects resulting from risk factors related to environmental issues and climate change, both physical risks and transition risks that are material to the Bank’s business. Moreover, we consider emerging risks that may affect the Bank’s business in the future in order to prepare to manage such risks in an effective and timely manner.
The Bank regularly and continuously analyzes major risk factors and reviews the suitability of its risk management. In addition, we undertake an internal capital adequacy assessment every year. In 2023, the capital adequacy ratio of our financial business group was 19.57 percent, higher than the ratio required by the Bank of Thailand and sufficient for our business operations.
The Bank conducts a regular review of the suitability of its risk management policy and risk management system as well as monitoring risks to be within acceptable levels. We also continuously update risk management guidelines to be appropriate for the business environment; for example, enhancement of a monitoring and reporting process for early warning systems on capital and liquidity levels, enhancement of risk assessment and internal capital adequacy assessment according to the Internal Capital Adequacy Assessment Process (ICAAP) by incorporating broader significant risks and stress testing that incorporates environmental and climate change dimensions. During 2023, we added environmental and climate change dimensions into our risk management principles and guidelines to ensure proper and sufficient management of risks in those dimensions as well as to ensure the operations of the Bank and other subsidiaries in its financial business group meet international standards.
Risk Governance Structure
To ensure efficient and effective risk management mechanisms, we have established the following risk governance structure to connect relevant parties from the Bank’s committees and management to the Risk Management Division, Credit Management Division and relevant business units whereby each party has the following roles and responsibilities.
Board of Directors is responsible for overseeing all risks in the organization. It plays a key role in formulating the risk management policy and strategy, and monitors the Bank’s risks to be within acceptable levels.
Board of Executive Directors is in charge of duties assigned by the Board of Directors such as credit approval, debt restructuring and investment, and other undertakings of the Bank including considering and endorsing other matters before submission to the Board of Directors for approval or acknowledgement.
Risk Oversight Committee has a duty to support the Board of Directors in overseeing risk management in accordance with the Bank’s risk management policy and strategy as well as reporting risk management performance to the Board of Directors.
Committees at management level responsible for managing specific types of major risks have a duty to support the Risk Oversight Committee in managing major risks the Bank is facing, namely:
- Asset-Liability Management Committee (ALCO) supports and oversees risk management of liquidity risk and market risk.
- Operational Risk Management Committee (ORMC) supports and oversees management of operational risk and information technology risk, as well as supervising the business continuity management of the Bank.
Risk Management Division has a duty to support the Risk Oversight Committee and work with relevant parties to evaluate, monitor and control risks to be within acceptable levels as well as reporting risk positions to relevant parties and senior management on a regular basis.
Credit Management Division has a duty to manage credit risk, and oversee and monitor credit approval according to the Bank’s credit policy. The division consists of various units, namely the Credit Policy Unit, the Credit Acceptance Unit, the Portfolio Management Unit, the Risk Asset Review Unit, the Special Credit Management Unit, the Loan Recovery and Legal Unit, and the Bank Property Unit.
Business Units carry out business activities that assume risks and are responsible for managing risks of their own units to be within the approved levels and in accordance with the risk management policy as approved by the Board of Directors.
To ensure that risk governance is efficient and effective with proper checks and balances, we have adopted the “three lines of defense” principle with the three lines independent from each other to determine a structure, duties, roles and responsibilities in risk management.
Crisis Management
To ensure that the Bank’s business can continue to operate during emergency situations such as natural disasters, fires and pandemics without interruption, we have established a business continuity policy as a guideline to mitigate risks and prevent and minimize potential impacts to normal business operations. In addition, a business continuity management framework has been developed to cover business undertakings during both normal and crisis situations while also ensuring that adequate information and reporting be timely and regularly communicated to concerned parties. Furthermore, we promote financial stability management by adhering to an internal capital adequacy assessment process and preparing a liquidity contingency plan to prepare in advance for potential future issues related to capital and liquidity. Each year a liquidity crisis drill is conducted to test the contingency plan and ensure that personnel in related units understand each step in the plan and would be able to carry out the plan when there is an emergency.
The Bank has established the Crisis Management Team to take charge during crises and requires all units to routinely prepare and review their business continuity plans and conduct regular drills of the plans every year to ensure readiness for potential emergency situations. For the IT crisis drill, a simulation is organized to ensure that employees are able to follow the Bank’s IT Incident Management Guideline properly and to provide an opportunity to develop IT emergency response processes and to assess the impact and decision-making under crisis. At the same time, we also regularly conduct risk assessments and reviews of contingency plans to ensure the continuity of the Bank’s business activities during a crisis.
The Bank has participated in the testing of emergency plans with external parties such as the Bank of Thailand, the Stock Exchange of Thailand, National Credit Bureau, National ITMX Company and the Thailand Banking Sector Computer Emergency Response Team (TB-CERT) to rehearse operational steps and responses in the event of an emergency. Furthermore, since the beginning of the Covid-19 pandemic in 2020, we have reviewed and developed emergency plans, a business continuity plan and a crisis management plan to cover pandemic risks focusing on the adoption of technology to enhance safety and accommodate customers in using our services as well as enhancing the efficiency of employees in performing their duties.