Risk and Crisis Management
Commitment
To effectively manage all material risks, including ESG risks, and instill a risk culture throughout the Bank to support its resiliency to crises and to achieve sustainable growth.
Materiality
Thailand currently faces significant domestic and international risk factors across economic, social and environmental dimensions that may directly and indirectly impact the Bank. These include the middle-income trap, high household debt, aging society, environmental problems, natural disasters and geopolitical tensions. Therefore, risk and crisis management is fundamental to preventing and mitigating negative impacts on the Bank and our stakeholders. An effective risk management system not only builds confidence among stakeholders but also enables us to identify opportunities hidden within risks. We prioritize prudent and comprehensive risk management to ensure we can address key risk factors appropriately and in a timely manner. Policies, governance structures and risk management frameworks have been established to cover all significant risks, including environmental and climate change risks. Business continuity plans are in place, risk management processes are regularly reviewed and a risk-aware culture is cultivated within the organization.
Management Approach
Risk Governance Structure
To ensure our risk governance framework is efficient and effective, and aligns with the risk management policy approved by the Board of Directors, we have put in place the following integrated risk governance structure which involves directors, management members, the Risk Management Division, the Credit Management Division and business units, with each of the concerned parties tasked with clearly defined duties and responsibilities:
- Board of Directors has a duty and a responsibility to oversee all aspects of the Bank’s risks. It plays a key role in formulating risk management policies and strategies, and in supervising and monitoring the Bank’s risk profile to ensure that risks are maintained at an appropriate level.
- Board of Executive Directors is in charge of duties assigned by the Board of Directors, including considering and determining credit approval, debt restructuring, investments and other undertakings of the Bank.
- Audit Committee is responsible for independently reviewing and evaluating the adequacy of the Bank’s internal control system and presenting the evaluation results to the Board of Directors. The assessment of the internal control system covers five areas: control environment, risk assessment, control activities, information and communication and monitoring activities.
- Risk Oversight Committee has a duty to support the Board of Directors in overseeing risk management in accordance with the Bank’s risk management policy and strategy and to report risk management performance to the Board of Directors.
- Management-level Committees responsible for managing specific risks have a duty to support the Risk Oversight Committee in managing the Bank’s major risks. They include:
- Asset-Liability Management Committee (ALCO) monitors and oversees management of market risk and liquidity risk.
- Operational Risk Management Committee (ORMC) monitors and oversees operational risk and information technology risk, as well as supervises the business continuity of the Bank.
- Risk Management Division has a duty to support the Risk Oversight Committee and work with relevant parties to assess, monitor and control risks to be within acceptable levels, as well as to report risk status to the Risk Oversight Committee and senior management on a regular basis.
- Credit Management Division has a duty to manage credit risk and oversee and monitor credit approval according to the Bank’s credit policy.
- Business Units are responsible for managing risks of their own units and controlling risk levels to be within the approved scopes and in accordance with the risk management policy of the Bank.
The Bank has adopted the “Three Lines of Defense” principle in determining the structure, roles, duties and responsibilities in risk governance to ensure segregation of duties, independence as well as adequate checks and balances.
Risk Management
Our foundational risk management principle is to conduct business to achieve appropriate and sustainable returns while keeping risks within the prescribed boundaries. We place importance on managing significant risks in both the short-term and long-term and continually monitoring situations while assessing business opportunities arising from changes in the business environment, including those related to ESG. We have established a risk management framework according to requirements from regulatory authorities and the ISO 31000 standard on risk management that consists of a risk management policy, risk appetite statement, risk management processes, and reporting relevant risks on a regular basis to senior executives, the management team, the Risk Oversight Committee and other related committees.
Our risk management covers all significant financial and non-financial risks, including strategic risk, credit risk, market risk, liquidity risk, operational risk, information technology risk, reputational risk, and regulatory and compliance risk. It also encompasses managing other risks such as those related to personal data protection and market conduct. In addition, the Bank has established an Environmental and Climate-related Risk Management Policy as an integrated framework for managing environmental and climate change risks.
The Bank reviews the suitability of its risk management policies and systems on an annual basis at a minimum, when there is a significant change. Risks are monitored and managed to remain within acceptable levels, taking into account the business context, economic and social trends, and organizational culture. Capital adequacy is assessed annually with consideration of significant risks. The Audit and Control Division regularly assesses the adequacy and appropriateness of risk management. In 2025 the Bank’s capital adequacy ratio at the consolidated financial group level stood at 21.78 percent, exceeding the requirements set by the Bank of Thailand.
Crisis Management
To ensure the continuity of the Bank’s business operations during emergency situations such as natural disasters, fires and pandemics, we have established a Business Continuity Policy as a guideline to mitigate risks and prevent disruptions to normal operations caused by unforeseen events. In addition, the Bank has also developed an operational standard and a business continuity management framework covering business undertakings during both normal and crisis situations while also ensuring that adequate information and updates will be timely and regularly communicated to relevant parties. Moreover, the Bank ensures financial stability through capital adequacy assessments, liquidity contingency planning and developing proactive plans to address potential capital and liquidity constraints.
We have also established the Crisis Management Team to take charge during crises, require all units to routinely prepare and review their business continuity plans, assess risks and conduct regular drills of the plans every year to ensure readiness for potential emergency situations. The Bank conducts operational drills and tests based on its planned procedures to prepare employees to take appropriate actions in real-world situations. This includes annual IT system emergency drills and emergency response drills in liquidity crisis events.
Risk Culture
We have built a risk culture throughout the organization to strengthen the Bank’s immunity against risks associated with conducting business in a rapidly changing environment through the following actions:
Promoting Participation in Building Risk Awareness Culture
We encourage everyone in the organization to take part in risk governance and risk management and the Board of Directors and senior executives play an important role in fostering an effective risk culture through formulating the risk management policy and strategy as well as overseeing that these are duly adopted. All employees are required to take ownership of and share in the responsibilities in managing the Bank’s risks under the Three Lines of Defense principle. We also require all business units to consider their respective relevant risk issues in accordance with risk assessment principles and internal controls of the Bank. We provide various channels to receive comments and suggestions related to risk issues and risk management measures from all employees to promote participation of everyone in the organization.
Risk-aware Product and Service Development
We require those business units responsible for the development of products, services, work systems and work processes to consider potential risks and impacts to the Bank and stakeholders. Specifically, they are required to undertake risk and impact assessments according to the Bank’s criteria in areas such as finance, information and data security, personal data privacy protection, anti-money laundering and combatting the financing of terrorism and proliferation of weapons of mass destruction, market conduct, and laws and regulations. Appropriate measures to mitigate such risks are put in place accordingly.
Performance Evaluation Linked to Risk Management Performance
The Bank has set risk indicators as part of the performance evaluation of executives in several units, and as one of the factors used to consider their financial remuneration such as bonuses and special compensation.
Building Awareness and Developing Capability
We offer risk management training programs through an online platform for directors, executives and employees, and make important risk management courses mandatory, such as Personal Data Protection, Prevention of Cyber Threats, Anti-money Laundering and Combatting the Financing of Terrorism and Proliferation of Weapons of Mass Destruction. Additionally, we require directors to attend training courses or seminars related to the management of the Bank’s major risks on a yearly basis, such as Management of Information Technology Risk and Cyber Risk, Anti-corruption, Personal Data Protection and ESG Risks.
We continuously provide knowledge related to ESG risks and climate change to our executives and employees to prepare for potential risks and seek opportunities from the transition to a low-carbon economy as well as to support the Bank to achieve its Net Zero goal.
Task Force on Climate-related Financial Disclosures
Globally, we are facing extreme climate-change such as storms, floods, heat waves and droughts that are more frequent and severe. Therefore, more sectors are concerned and give priority to the reduction of greenhouse gas emissions and the transition to a low-carbon society to alleviate potential impacts and build resilience to climate change for both business sector and household sector. This change can be viewed as both risk and opportunity for businesses while businesses that can adapt well will be immune to risks and are able to cash in on opportunities compared with their competitors. The Bank recognizes the importance of risks and opportunities arising from climate change for its customers and the Bank. Therefore, we consistently monitor the situation as well as focusing on strengthening the capacity to assess climate risks and opportunities, both physical and transitional so that the Bank can appropriately manage risks and implement various measures to tackle the impacts of climate change on its business as well as providing financial support to activities or projects that help all sectors reduce or mitigate the impacts of climate change. The Bank prepared this report based on the recommendations of the Task Force on Climate-Related Financial Disclosures (TCFD), to disclosing information on our organization's climate management that complies with international standards.
This Website uses cookies to provide you with the best experience and to improve the Bank’s website services in order to better serve your requirements. You can find the details about cookies use on
Cookies Policy
