Risk and Crisis Management
Commitment
To efficiently manage all material risks, including ESG risks, and instill a risk culture throughout the Bank to support its resiliency to crises and achieve sustainable growth.
Materiality
Risk and crisis management is an essential foundation for conducting sustainable business especially in the current global situation characterized by volatility, uncertainty, complexity and ambiguity (VUCA). As economic, social and environmental challenges have impacted banks’ business and their clients, directly and indirectly, prudent and comprehensive risk management is required to help confront potential threats and identify hidden business opportunities. Placing the highest importance on risk and crisis management, the Bank has formulated risk management guidelines for each of major risk and prepared business contingency and business continuity plans that are appropriate for different scenarios to ensure effective risk management. Moreover, we systematically analyze and assess major risk factors, and continually improve our risk management process, as well as creating a strong risk culture across the organization.
Management Approach
Risk Management
Our risk management covers all major risks affecting the financial business, including strategic risk, credit risk, market risk, liquidity risk, operational risk and information technology risk. We have established a risk management framework that consists of risk management policy, risk appetite statement, risk management processes and regular reporting of different types of risks to senior executives, the management team, the Risk Oversight Committee and other related committees. This is to ensure that our risk management is effective in accordance with statutory requirements. An analysis of major risk factors and a review of the suitability of the risk management framework is also conducted on a regular basis. In addition, we undertake an internal capital adequacy assessment every year.
Risk Management for Climate Change
Climate change has become a major global issue as extreme weather like storms, floods and droughts happen with more frequency and severity. This has led most sectors to pay more attention to the reduction of greenhouse gas emissions to transition to a low carbon society. This situation presents both business risks and opportunities as businesses who manage to adjust properly will be able to withstand risks and gain a competitive advantage over their rivals. Realizing the importance of good understanding and being able to assess climate change risks, we have strived for building capabilities in the assessment of physical risks and transition risks including their impacts to the Bank.
Physical Risks
We incorporated risks from natural disasters caused by climate change such as flooding as a part of operational risk to be assessed and monitored, and have provided for mitigation and control measures to manage the risk to be within acceptable levels. Additionally, we have formulated an Emergency Response Plan to prevent and reduce damage to lives and Bank assets.
Transition Risks
The Bank keeps abreast of changes in policies, rules and regulations related to Thailand’s transition to a low-carbon society as well as closely following the advancement of low-carbon technology and business adaptation in the banking industry. The Bank is in the process of studying and developing assessment tools for physical risks and transition risks to analyze risks and impacts of climate change including a climate scenario analysis and a stress test in addition to constantly enhancing the required knowledge and skills for relevant employees.
Crisis Management
We have issued a business continuity policy as a guideline to mitigate risks and prevent and minimize potential impacts to normal business operations, while a business continuity management framework has been developed to cover business undertakings during both normal and crisis situations. We regularly communicate with related parties. Moreover, we promote financial stability management by adhering to an internal capital adequacy assessment and preparing a liquidity contingency plan in advance to prepare for potential issues related to capital and liquidity in the future.
To ensure that the Bank’s business can continue to operate during emergency situations without interruption, we have established the Crisis Management Team to take charge during crises. All units must routinely prepare and review their business continuity plans and conduct regular drills of the plans every year to promote readiness for potential emergency situations. Note that we also conduct risk assessments and reviews of contingency plans regularly to ensure the continuity of the Bank’s business activities in the event of a crisis.
Risk Culture
As risk management is a good foundation for our sustainable business conduct, we cultivate a risk management culture by encouraging all employees to be involved in risk management and control according to the three lines of defense principle. Additionally, risk management is incorporated as part of the performance evaluation for executives. We have adopted the following guidelines to build an effective risk culture:
Participation in Building Risk Culture We encourage everyone in the organization to take part in risk management while the Board of Directors and senior executives together act as a role model to influence proper risk culture in the organization through formulating risk management policy and strategy, as well as tracking and monitoring compliance with the policy and strategy. All employees have the role of managing risks within their scope of responsibility under the three lines of defense principle. We require all business units to evaluate relevant risk issues in accordance with risk assessment principles, internal controls, and other related policies of the Bank while providing various channels to receive comments and suggestions related to risk issues from employees at all levels to promote the participation of everyone in the organization.
Risk-aware Product and Service Development Business Units responsible for products, services, work systems and work processes are required to consider potential risks and impacts to the Bank and related stakeholders by conducting a feasibility study and assessing the suitability of a particular product or service being developed. They are also required to undertake a risk and impact assessment according to the Bank’s criteria in areas such as finance, cybersecurity, personal data privacy, money laundering, terrorism financing and the proliferation of weapons of mass destruction, market conduct, and laws and regulations. After making the risk and impact assessment, appropriate measures to mitigate such risks must be established.
Raising Risk Awareness and Building Risk Management Capability We provide online training on risk management to executives and employees and have made important risk management courses mandatory such as Personal Data Protection, Prevention from Cyber Threats, Market Conduct, and Anti-Money Laundering and Counter Terrorism Financing. We require directors to attend training courses related to management of major risks of the Bank on a yearly basis such as Management of IT Risk and Cybersecurity and Personal Data Protection. In addition, we also raise awareness and promote understanding about risks for the whole bank by disseminating risk management practices and important risk information through our internal communication channels.
Key Activities
In 2022, we made a significant effort to develop our risk and crisis management to be more efficient and effective:
- Enhancement of risk assessment and internal capital adequacy assessment according to the Internal Capital Adequacy Assessment Process (ICAAP) by incorporating broader significant risks including technology and cyber risks and legal and compliance risks into the risk management process.
- Enhancement of a monitoring and reporting process for early warning systems on capital and liquidity to be more comprehensive and complete.
- Stress testing under ICAAP to consider ESG risk factors including climate change and other events that may impact the Bank such as data leakage and fraud cases in businesses the Bank has invested in.
- Review and update of the Business Continuity Plan and participation in the testing of emergency plans with external parties such as the Bank of Thailand, the Stock Exchange of Thailand, National Credit Bureau and National ITMX Company to rehearse operational steps and transaction-making to ensure they are practical in the event of an emergency.
- Covid-19 Crisis Management During the Covid-19 pandemic, we have been committed to actively providing support to customers, employees, communities and society through various measures. Moreover, we have followed the guidelines to handle emergency situations affecting the Bank including business contingency plans, business continuity plans and crisis management plans, as well as closely monitoring the situation and regularly assessing risks so that we could adjust measures and plans to be appropriate to the situation.
Emerging Risks
For the next 3-5 years, the Bank will face many challenges and emerging risks. Therefore, the Bank needs to monitor and analyze situations, to be ready to handle and manage them effectively.
|
Emerging Risks |
Importance |
Impact |
Mitigation |
|
Emerging cyber threats |
Development of digital banking services that help facilitate and introduce new forms of services to customers is one of the Bank’s main goals. However, adoption of new technology may bring forward more frequent cybersecurity threats that are changing continuously which in turn may cause damage to assets of the Bank and our customers, affecting customer trust. |
For the next 3-5 years, cyber threats are likely to be more serious and take more diverse forms. If we are unable to manage cyber threats properly, this may impact the Bank’s credibility in conducting our business as well as customer trust.
New forms of cyber threats require the Bank to keep up with and adapt ourselves accordingly to ensure that the Bank can effectively manage risks from cyber threats through improving risk assessment framework and building awareness of employees, customers and other stakeholders on a continuous basis. |
We put forth the following measures:
|
|
Carbon Border Adjustment Mechanism (CBAM) of the European Union |
The European Union (EU) has a plan to adopt Carbon Border Adjustment Mechanism (CBAM) to reduce carbon emissions in countries with carbon leakage or carbon pricing measures less strict than the EU from 1 January 2026 onward. As a result, importers must acquire CBAM certificate to offset the differences between the domestic carbon emission prices in export countries and the carbon prices in the EU market. |
At the early stage, CBAM will be applied only on certain categories of products including cement, iron and steel, aluminum, fertilizers and electricity before extending to other products in the future. Businesses in Thailand are required to be ready to compete in export markets in the long run through greenhouse gas emission measurement that meets international standards and investment in carbon emission reduction. Businesses that are unable to adapt or not timely enough to respond will lose their competitiveness, affecting their revenue and profit. These impacts potentially increase the Bank’s credit risks if we do not have a proper preparation to handle the issue in advance. |
We issued following measures:
|
Climate Risk Management
Climate Risk Management
Globally, we are facing extreme climate-change such as storms, floods, heat waves and droughts that are more frequent and severe. Therefore, more sectors are concerned and give priority to the reduction of greenhouse gas emissions and the transition to a low-carbon society to alleviate potential impacts and build resilience to climate change for both business sector and household sector. This change can be viewed as both risk and opportunity for businesses while businesses that can adapt well will be immune to risks and are able to cash in on opportunities compared with their competitors. The Bank realizes the criticality in understanding, monitoring and assessing the situation and climate change risks as well as enhancing capabilities in climate risk assessment both for physical and transition risks.
Globally, we are facing extreme climate-change such as storms, floods, heat waves and droughts that are more frequent and severe. Therefore, more sectors are concerned and give priority to the reduction of greenhouse gas emissions and the transition to a low-carbon society to alleviate potential impacts and build resilience to climate change for both business sector and household sector. This change can be viewed as both risk and opportunity for businesses while businesses that can adapt well will be immune to risks and are able to cash in on opportunities compared with their competitors. The Bank realizes the criticality in understanding, monitoring and assessing the situation and climate change risks as well as enhancing capabilities in climate risk assessment both for physical and transition risks.
