Risk and Crisis Management
Commitment
To efficiently manage all material risks, including ESG risks, and instill a risk culture throughout the Bank to support its resiliency to crises and achieve sustainable growth
Materiality
Amid the current rapid economic, social and environmental changes, risk and crisis management is an essential foundation for preventing and mitigating various risks that may affect business performance and the confidence of the Bank’s stakeholders as well as the whole economic system at large. To properly tackle various risk factors, it is therefore necessary for the Bank to ensure it adopts comprehensive and prudent risk management, while at the same time looking for opportunities from these changes to enhance its business competitiveness. The Bank has formulated risk management guidelines for each of the major risks and prepared business contingency and business continuity plans that are appropriate for different scenarios to ensure effective risk management. Moreover, we systematically analyze and assess major risk factors, continually improve our risk management process, and seek to create a robust risk culture across the organization. We have also begun to integrate environmental, social and governance (ESG) and climate change issues into our organization’s risk management so that we are able to undertake risk and crisis management in an efficient and effective manner.
Management Approach
Our foundational risk management principle is to conduct business that delivers satisfactory and sustainable returns and maintain risks within specified levels. We have established a risk management framework that consists of a risk management policy, risk appetite statement and risk management processes supported by regular reporting of different types of risks to senior executives, the management team, the Risk Oversight Committee and other related committees. The Bank also sets out comprehensive risk management guidelines that cover all major risks, including strategic risk, credit risk, market risk, liquidity risk, operational risk, information technology risk, reputational risk and compliance risk. In considering how to manage the said major risks, we also take into account aspects resulting from risk factors related to environmental issues and climate change, both physical risks and transition risks that are material to the Bank’s business. Moreover, we consider emerging risks that may affect the Bank’s business in the future in order to prepare to manage such risks in an effective and timely manner.
The Bank regularly and continuously analyzes major risk factors and reviews the suitability of its risk management. In addition, we undertake an internal capital adequacy assessment every year. In 2023, the capital adequacy ratio of our financial business group was 19.57 percent, higher than the ratio required by the Bank of Thailand and sufficient for our business operations.
The Bank conducts a regular review of the suitability of its risk management policy and risk management system as well as monitoring risks to be within acceptable levels. We also continuously update risk management guidelines to be appropriate for the business environment; for example, enhancement of a monitoring and reporting process for early warning systems on capital and liquidity levels, enhancement of risk assessment and internal capital adequacy assessment according to the Internal Capital Adequacy Assessment Process (ICAAP) by incorporating broader significant risks and stress testing that incorporates environmental and climate change dimensions. During 2023, we added environmental and climate change dimensions into our risk management principles and guidelines to ensure proper and sufficient management of risks in those dimensions as well as to ensure the operations of the Bank and other subsidiaries in its financial business group meet international standards.
Risk Governance Structure
To ensure efficient and effective risk management mechanisms, we have established the following risk governance structure to connect relevant parties from the Bank’s committees and management to the Risk Management Division, Credit Management Division and relevant business units whereby each party has the following roles and responsibilities.
Board of Directors is responsible for overseeing all risks in the organization. It plays a key role in formulating the risk management policy and strategy, and monitors the Bank’s risks to be within acceptable levels.
Board of Executive Directors is in charge of duties assigned by the Board of Directors such as credit approval, debt restructuring and investment, and other undertakings of the Bank including considering and endorsing other matters before submission to the Board of Directors for approval or acknowledgement.
Risk Oversight Committee has a duty to support the Board of Directors in overseeing risk management in accordance with the Bank’s risk management policy and strategy as well as reporting risk management performance to the Board of Directors.
Committees at management level responsible for managing specific types of major risks have a duty to support the Risk Oversight Committee in managing major risks the Bank is facing, namely:
Crisis Management
To ensure that the Bank’s business can continue to operate during emergency situations such as natural disasters, fires and pandemics without interruption, we have established a business continuity policy as a guideline to mitigate risks and prevent and minimize potential impacts to normal business operations. In addition, a business continuity management framework has been developed to cover business undertakings during both normal and crisis situations while also ensuring that adequate information and reporting be timely and regularly communicated to concerned parties. Furthermore, we promote financial stability management by adhering to an internal capital adequacy assessment process and preparing a liquidity contingency plan to prepare in advance for potential future issues related to capital and liquidity. Each year a liquidity crisis drill is conducted to test the contingency plan and ensure that personnel in related units understand each step in the plan and would be able to carry out the plan when there is an emergency.
The Bank has established the Crisis Management Team to take charge during crises and requires all units to routinely prepare and review their business continuity plans and conduct regular drills of the plans every year to ensure readiness for potential emergency situations. For the IT crisis drill, a simulation is organized to ensure that employees are able to follow the Bank’s IT Incident Management Guideline properly and to provide an opportunity to develop IT emergency response processes and to assess the impact and decision-making under crisis. At the same time, we also regularly conduct risk assessments and reviews of contingency plans to ensure the continuity of the Bank’s business activities during a crisis.
The Bank has participated in the testing of emergency plans with external parties such as the Bank of Thailand, the Stock Exchange of Thailand, National Credit Bureau, National ITMX Company and the Thailand Banking Sector Computer Emergency Response Team (TB-CERT) to rehearse operational steps and responses in the event of an emergency. Furthermore, since the beginning of the Covid-19 pandemic in 2020, we have reviewed and developed emergency plans, a business continuity plan and a crisis management plan to cover pandemic risks focusing on the adoption of technology to enhance safety and accommodate customers in using our services as well as enhancing the efficiency of employees in performing their duties.
The Bank regularly and continuously analyzes major risk factors and reviews the suitability of its risk management. In addition, we undertake an internal capital adequacy assessment every year. In 2023, the capital adequacy ratio of our financial business group was 19.57 percent, higher than the ratio required by the Bank of Thailand and sufficient for our business operations.
The Bank conducts a regular review of the suitability of its risk management policy and risk management system as well as monitoring risks to be within acceptable levels. We also continuously update risk management guidelines to be appropriate for the business environment; for example, enhancement of a monitoring and reporting process for early warning systems on capital and liquidity levels, enhancement of risk assessment and internal capital adequacy assessment according to the Internal Capital Adequacy Assessment Process (ICAAP) by incorporating broader significant risks and stress testing that incorporates environmental and climate change dimensions. During 2023, we added environmental and climate change dimensions into our risk management principles and guidelines to ensure proper and sufficient management of risks in those dimensions as well as to ensure the operations of the Bank and other subsidiaries in its financial business group meet international standards.
Risk Governance Structure
To ensure efficient and effective risk management mechanisms, we have established the following risk governance structure to connect relevant parties from the Bank’s committees and management to the Risk Management Division, Credit Management Division and relevant business units whereby each party has the following roles and responsibilities.
Board of Directors is responsible for overseeing all risks in the organization. It plays a key role in formulating the risk management policy and strategy, and monitors the Bank’s risks to be within acceptable levels.
Board of Executive Directors is in charge of duties assigned by the Board of Directors such as credit approval, debt restructuring and investment, and other undertakings of the Bank including considering and endorsing other matters before submission to the Board of Directors for approval or acknowledgement.
Risk Oversight Committee has a duty to support the Board of Directors in overseeing risk management in accordance with the Bank’s risk management policy and strategy as well as reporting risk management performance to the Board of Directors.
Committees at management level responsible for managing specific types of major risks have a duty to support the Risk Oversight Committee in managing major risks the Bank is facing, namely:
- Asset-Liability Management Committee (ALCO) supports and oversees risk management of liquidity risk and market risk.
- Operational Risk Management Committee (ORMC) supports and oversees management of operational risk and information technology risk, as well as supervising the business continuity management of the Bank.
Risk Management Division has a duty to support the Risk Oversight Committee and work with relevant parties to evaluate, monitor and control risks to be within acceptable levels as well as reporting risk positions to relevant parties and senior management on a regular basis.
Credit Management Division has a duty to manage credit risk, and oversee and monitor credit approval according to the Bank’s credit policy. The division consists of various units, namely the Credit Policy Unit, the Credit Acceptance Unit, the Portfolio Management Unit, the Risk Asset Review Unit, the Special Credit Management Unit, the Loan Recovery and Legal Unit, and the Bank Property Unit.
Business Units carry out business activities that assume risks and are responsible for managing risks of their own units to be within the approved levels and in accordance with the risk management policy as approved by the Board of Directors.
To ensure that risk governance is efficient and effective with proper checks and balances, we have adopted the “three lines of defense” principle with the three lines independent from each other to determine a structure, duties, roles and responsibilities in risk management.
Crisis Management
To ensure that the Bank’s business can continue to operate during emergency situations such as natural disasters, fires and pandemics without interruption, we have established a business continuity policy as a guideline to mitigate risks and prevent and minimize potential impacts to normal business operations. In addition, a business continuity management framework has been developed to cover business undertakings during both normal and crisis situations while also ensuring that adequate information and reporting be timely and regularly communicated to concerned parties. Furthermore, we promote financial stability management by adhering to an internal capital adequacy assessment process and preparing a liquidity contingency plan to prepare in advance for potential future issues related to capital and liquidity. Each year a liquidity crisis drill is conducted to test the contingency plan and ensure that personnel in related units understand each step in the plan and would be able to carry out the plan when there is an emergency.
The Bank has established the Crisis Management Team to take charge during crises and requires all units to routinely prepare and review their business continuity plans and conduct regular drills of the plans every year to ensure readiness for potential emergency situations. For the IT crisis drill, a simulation is organized to ensure that employees are able to follow the Bank’s IT Incident Management Guideline properly and to provide an opportunity to develop IT emergency response processes and to assess the impact and decision-making under crisis. At the same time, we also regularly conduct risk assessments and reviews of contingency plans to ensure the continuity of the Bank’s business activities during a crisis.
The Bank has participated in the testing of emergency plans with external parties such as the Bank of Thailand, the Stock Exchange of Thailand, National Credit Bureau, National ITMX Company and the Thailand Banking Sector Computer Emergency Response Team (TB-CERT) to rehearse operational steps and responses in the event of an emergency. Furthermore, since the beginning of the Covid-19 pandemic in 2020, we have reviewed and developed emergency plans, a business continuity plan and a crisis management plan to cover pandemic risks focusing on the adoption of technology to enhance safety and accommodate customers in using our services as well as enhancing the efficiency of employees in performing their duties.
Risk Culture
We are committed to cultivating a risk management culture across the organization to strengthen the immunity of the Bank and its ability to conduct business in the face of risks and a fast-changing environment. To achieve this, we encourage all executives and employees to be aware of their roles in the management of pertinent risks and to be involved in risk management and control according to the three lines of defense principle. Additionally, quality of risk management is included in the performance evaluation of executives.
Guidelines for Building Risk Culture
Participation in Building Risk Culture - We encourage everyone in the organization to take part in risk management while the Board of Directors and senior executives act together as a role model to foster an effective risk culture in the organization through formulating the risk management policy and strategy, as well as tracking and monitoring compliance with the policy and strategy. All employees are tasked with managing risks within their scope of responsibility under the three lines of defense principle. We also require all business units to evaluate relevant risk issues in accordance with risk assessment principles, internal controls, and other related policies of the Bank while providing various channels to receive comments and suggestions related to risk issues from employees at all levels to promote the participation of everyone in the organization.
Risk-aware Product and Service Development – Business Units responsible for the development of products, services, work systems and work processes are required to consider potential risks and impacts to the Bank and related stakeholders. They are also required to undertake a risk and impact assessment according to the Bank’s criteria in areas such as finance, information security, personal data privacy protection, anti-money laundering, combatting the financing of terrorism and the proliferation of weapons of mass destruction, market conduct, and laws and regulations. After making the risk and impact assessment, appropriate measures to mitigate such risks must be established.
Raising Risk Awareness and Building Risk Management Capability - We developed a risk management training curriculum for executives and employees to study through an online platform as well as making important risk management courses mandatory, such as Personal Data Protection, Prevention of Cyber Threats, Market Conduct, Anti-Money Laundering, Combatting the Financing of Terrorism and Proliferation of Weapons of Mass Destruction. We require directors to attend training courses related to the management of the Bank’s major risks on a yearly basis, such as Management of IT Risk and Cybersecurity and Personal Data Protection trainings. In addition, we also raise awareness and promote understanding about the management of ESG and climate change risks.
Guidelines for Building Risk Culture
Participation in Building Risk Culture - We encourage everyone in the organization to take part in risk management while the Board of Directors and senior executives act together as a role model to foster an effective risk culture in the organization through formulating the risk management policy and strategy, as well as tracking and monitoring compliance with the policy and strategy. All employees are tasked with managing risks within their scope of responsibility under the three lines of defense principle. We also require all business units to evaluate relevant risk issues in accordance with risk assessment principles, internal controls, and other related policies of the Bank while providing various channels to receive comments and suggestions related to risk issues from employees at all levels to promote the participation of everyone in the organization.
Risk-aware Product and Service Development – Business Units responsible for the development of products, services, work systems and work processes are required to consider potential risks and impacts to the Bank and related stakeholders. They are also required to undertake a risk and impact assessment according to the Bank’s criteria in areas such as finance, information security, personal data privacy protection, anti-money laundering, combatting the financing of terrorism and the proliferation of weapons of mass destruction, market conduct, and laws and regulations. After making the risk and impact assessment, appropriate measures to mitigate such risks must be established.
Raising Risk Awareness and Building Risk Management Capability - We developed a risk management training curriculum for executives and employees to study through an online platform as well as making important risk management courses mandatory, such as Personal Data Protection, Prevention of Cyber Threats, Market Conduct, Anti-Money Laundering, Combatting the Financing of Terrorism and Proliferation of Weapons of Mass Destruction. We require directors to attend training courses related to the management of the Bank’s major risks on a yearly basis, such as Management of IT Risk and Cybersecurity and Personal Data Protection trainings. In addition, we also raise awareness and promote understanding about the management of ESG and climate change risks.
Emerging Risks
For the next 3-5 years, the Bank will face many challenges and emerging risks. Therefore, the Bank needs to monitor and analyze situations, to be ready to handle and manage them effectively.
|
Emerging Risks |
Importance |
Impact |
Mitigation |
|
Emerging cyber threats |
Development of digital banking services that help facilitate and introduce new forms of services to customers is one of the Bank’s main goals. However, adoption of new technology may bring forward more frequent cybersecurity threats that are changing continuously which in turn may cause damage to assets of the Bank and our customers, affecting customer trust. |
For the next 3-5 years, cyber threats are likely to be more serious and take more diverse forms. If we are unable to manage cyber threats properly, this may impact the Bank’s credibility in conducting our business as well as customer trust.
New forms of cyber threats require the Bank to keep up with and adapt ourselves accordingly to ensure that the Bank can effectively manage risks from cyber threats through improving risk assessment framework and building awareness of employees, customers and other stakeholders on a continuous basis. |
We put forth the following measures:
|
|
Carbon Border Adjustment Mechanism (CBAM) of the European Union |
The European Union (EU) has a plan to adopt Carbon Border Adjustment Mechanism (CBAM) to reduce carbon emissions in countries with carbon leakage or carbon pricing measures less strict than the EU from 1 January 2026 onward. As a result, importers must acquire CBAM certificate to offset the differences between the domestic carbon emission prices in export countries and the carbon prices in the EU market. |
At the early stage, CBAM will be applied only on certain categories of products including cement, iron and steel, aluminum, fertilizers and electricity before extending to other products in the future. Businesses in Thailand are required to be ready to compete in export markets in the long run through greenhouse gas emission measurement that meets international standards and investment in carbon emission reduction. Businesses that are unable to adapt or not timely enough to respond will lose their competitiveness, affecting their revenue and profit. These impacts potentially increase the Bank’s credit risks if we do not have a proper preparation to handle the issue in advance. |
We issued following measures:
|
Task Force on Climate-related Financial Disclosures
Globally, we are facing extreme climate-change such as storms, floods, heat waves and droughts that are more frequent and severe. Therefore, more sectors are concerned and give priority to the reduction of greenhouse gas emissions and the transition to a low-carbon society to alleviate potential impacts and build resilience to climate change for both business sector and household sector. This change can be viewed as both risk and opportunity for businesses while businesses that can adapt well will be immune to risks and are able to cash in on opportunities compared with their competitors. The Bank recognizes the importance of risks and opportunities arising from climate change for its customers and the Bank. Therefore, we consistently monitor the situation as well as focusing on strengthening the capacity to assess climate risks and opportunities, both physical and transitional so that the Bank can appropriately manage risks and implement various measures to tackle the impacts of climate change on its business as well as providing financial support to activities or projects that help all sectors reduce or mitigate the impacts of climate change. The Bank prepared this report based on the recommendations of the Task Force on Climate-Related Financial Disclosures (TCFD), to disclosing information on our organization's climate management that complies with international standards.
This Website uses cookies to provide you with the best experience and to improve the Bank’s website services in order to better serve your requirements. You can find the details about cookies use on
Cookies Policy
