The Bank undertook a number of initiatives to enhance our crisis management to be more efficient and effective. Risk culture serves to strengthen immunity within the Bank’s business operations against risks in a fast-changing environment. We cultivate a risk management culture as a critical part of our operations by adopting the three lines of defense principle that underpins our risk management framework, and assign risk management responsibility to raise risk awareness among executives and employees in all units about potential risks from their work. This will help build a solid risk culture for the organization. Additionally, risk management is incorporated as part of the performance evaluation for executives.
Guidelines to build an Effective Risk Culture
Participation in Building Risk Culture
The Board of Directors, the Risk Oversight Committee and high-level executives together play an important role as a pillar and a role model providing tone from the top. They influence risk culture in the organization through formulating risk management policy and strategy, as well as tracking and monitoring compliance with the policy and strategy. To foster a risk management culture, all employees are required to know their roles in managing risks within their scope of responsibility, report risks through provided channels, and propose corrective measures or risk mitigation plans. We also require each unit to consider the likelihood that some risk issues will have an impact on their business unit and ensure their practices are consistent with risk assessment principles, internal controls, and other related policies of the Bank. Various channels are available for employees at all levels to share comments and suggestions related to risk issues. This promotes employee participation and helps raise the efficiency and effectiveness of the risk management practices of the Bank.
Risk-Aware Product and Service Development Process
Business units responsible for products, services, work systems and work procedures are required to consider potential risks and impacts to the Bank and related stakeholders by assessing whether a particular product or service which is being planned might have risks or impacts. They are also required to make impact assessment in areas such as cybersecurity, privacy data, money laundering, terrorism financing and the proliferation of weapons of mass destruction, laws and regulations. Then after making a risk and impact assessment, appropriate measures to mitigate such risks must be established.
Awareness Building and Talent Development
We raise awareness and promote understanding about risk in the whole bank by disseminating news, articles and video clips about potential risks to the Bank’s business operations through our internal communication channels. We also provide online training to executives and employees so they can study at their own convenience anywhere, anytime. In 2021, we updated our risk curricula to focus more attention on topics like cybersecurity, protection of personal data and market conduct.
Management During Covid-19
Given the ongoing and severe impact of Covid-19 from 2020 to date, we have been committed to actively provide support to customers, employees, communities and society. In 2021, we took the following actions to support to help them get through the crisis.
Health and safety are our top priority and we issued employee support measures according to the 4S
We have supported customers to get through the Covid-19 crisis by issuing a range of relief programs suitable for different customer groups.
Community and Society
We care for the quality of life for people in the wider society and actively lend a helping hand to people in need as a partner and friend. We have been providing financial support to various relief programs and have been cooperating with the government and other sectors to alleviate the crisis and help the country to return to a normal situation as soon as possible.