The Bank places importance on systematic and effective risk management and risk control. It has clearly established a risk management framework, policies, as well as guidelines and manuals for corporate risk management that are in alignment with the regulations of the Bank of Thailand, the guidelines of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and the COSO ERM Framework. The Bank focuses on the management of ESG risks, including climate-related risks, and has integrated ESG risks into credit risk management and credit portfolio assessment processes. In addition, the Bank also places importance on identifying guidelines for managing emerging risks that are expected to occur in the future.
The Bank has linked its risk management processes with its strategic plans and business opportunities to integrate risk management across the organization.Measures to control, monitor, and report risk have also been taken to manage and mitigate risk within an appropriate level. Relevant committees regularly review the sufficiency of the risk management system and evaluate its effectiveness in managing risk. At the same time, the Bank fosters a culture of risk management within the organization to ensure that the Bank’s risk management system is in line with good international practices and to be prepared to prevent and adapt to risks as well as efficiently seeking business opportunities from those risks.
Risk Management Governance Structure
The Bank has established an organizational structure and efficient risk management in accordance with good corporate governance principles. The duties and responsibilities of each department are clearly segregated. The risk governance structure comprises the Board of Directors and high-level committees that are subcommittees of the Board of Directors, including the Board of Executive Directors, the Risk Oversight Committee, the Compliance Committee, and the Audit Committee. They are responsible for overall risk oversight and its policies. In addition, there are also subcommittees of the management team that manage and monitor the risks. This includes the President and senior executives, namely the Management Committee, Assets and Liabilities Management Committee, Governance Risk and Compliance Committee at the management level, and the Credit Scrutiny Committee, etc. The overview of the Bank’s risk management supervision structure is summarized as follows
In 2022, the Bank has more concretely managed environmental, social, and governance (ESG) risks. The ESG Task Force was established to identify ESG risks that are consistent with the Bank’s context, existing risks, and emerging risks. The ESG Task Force has also clearly defined the meaning and scope of the risks, evaluated and prioritized relevant ESG risks, and identified management guidelines to mitigate the impact of the risks that may occur.
Building Risk Culture
As reflected in the Bank's organizational structure, the bank has a risk governance structure based on the three lines of defense principle, which extends from the level of the Board of Directors, management, to departments and all employees. The Bank has also elevated risk management. The Risk Oversight Committee (ROC) is responsible for driving and supervising risk management to ensure alignment with the policy and keep risks within acceptable levels. The Bank adheres to internationally-accepted risk management principles according to COSO and prudent banking approaches. The Bank also set up processes and guidelines and introduced various tools for risk management and the early warning system, which can be summarized as follows
3.1 Declaration of the intention to practice the core values, which includes integrating appropriate risk management and internal risk control into work operations
3.2 Promoting the core values by raising awareness an understanding of appropriate ehavior as well as encouraging participation of personnel at all levels, ranging from the Bank’s directors to all employees, through various activities and projects so that a risk culture is established throughout the organization
3.3 Assigning the Risk Oversight Committee, which is a subcommittee, to drive and supervise risk governance in accordance with the policy and within the risk appetite of the Bank.
3.4 Running Krungthai Khunnatham (Sustainable Krungthai) Initiative, which covers the observation of Code of Conduct, zero tolerance culture, Anti-bribery and Corruption Policy in the Bank’s business operations so as to ensure transparency, accountability, and no conflict of interest
3.5 Having a whistle-blowing policy in place while the management and operational levels of Governance Risk and Compliance Committee (GRC) ensure speedy responses to reported incidents. This not only shows how serious and attentive the Bank is in governing risk but also builds the general public’s trust in the Bank.
- The bank established a clear risk management policy and framework.
- The Bank determined the authority to approve the risk limit, risk appetite, and risk tolerance.
- The Bank has been creating an atmosphere or environment conducive to clear risk management and communicating about risk management to employees at all levels. The Bank places importance on fostering a risk culture through the following executions.
- The Bank has tools that facilitate effective risk management and tests its risk assessment tools regularly to ensure that they are accurate.
- The Bank conducts stress tests to ensure that the Bank has sufficient capital both in normal and crisis situations.
- The Bank has a mechanism to monitor, assess, and report risks in the form of a risk dashboard to the relevant committees on a monthly basis, and keep risks within its risk appetite.
Raising Risk Awareness
Promoting understanding, raising awareness, and encouraging participation in the Bank’s risk management among all employees and business units throughout the organization are crucial for promoting an effective risk culture. In 2022, the Bank provided basic training in enterprise risk management as a compulsory course for all employees. The course, as well as its test and evaluation, is delivered entirely online.
Moreover, in order to promote the integration of environmental, social, and governance (ESG) and climate change issues into the Bank’s risk management process to ensure efficiency both at the operational level and portfolio level, the Bank places importance on developing the knowledge and understanding of employees and executives in business units under the Risk Management Group by providing training courses that are relevant to the aforementioned issues to employees and executives in all departments in the Risk Management Group and business units that need them for implementation.
The Bank conducts regular risk assessments to identify current and emerging risks to the business operations of the company or group of companies (emerging risks) in the next 3-5 years and to assess the potential impact of such risks, which may affect the company’s ability to achieve business goals, as well as measures to prevent and mitigate their impacts on the Bank’s and its customers’ business operations.
Risk management in Product Process
The bank has set up Product Committee (PC) to approve new products and review products under incorporating risk criteria in line with the bank's policies and strategic plans. Furthermore, the bank has established product assessment to ensure that the product development and product review processes have covered all risks and necessary functions.