* Consists of Group Risk Management Division (including Shariah Risk Management), Group Credit Management Division, Group Compliance Division (including Shariah Compliance) and Group Information Security & Governance Division. Risk Appetite The risk appetite defines the levels of risk that the Group is willing to assume within its risk capacity. It is a critical component of the Group’s ERM Framework, which enables the Board and Management at all levels to communicate, understand and assess the types and levels of risks that the Group is willing to accept in pursuit of its strategic and business goals while taking into consideration the constraints under a stressed environment. The Group’s risk appetite has been integrated into its Corporate Direction and Business Plan and remains dynamic and responsive to the changing external and internal drivers such as the business and market conditions. It is determined based on the following elements: THREE LINES OF DEFENCE APPROACH 3 Internal Audit 2 Risk Control Units* 1 Risk Owner or Risk Taking Units Responsible for providing Independent assurance to Board and Senior Management that Risk Management Processes and Tools are effectively implemented Responsible for establishing and maintaining Risk Management framework; developing Risk Management Tools; assessing, monitoring, reporting and controlling risk; and promoting risk awareness across the Group Responsible for ongoing oversight of risk & control at day to day work level and promoting strong risk culture within business/support unit Risk Capacity • W hat is the maximum limit of risk the Group can withstand without causing its failure? Risk Tolerance • H ow much risk is the Group prepared to take per risk type or business unit? Risk Appetite • W hat level of risk is deemed acceptable by the Board in pursuing its stategy? The Group takes steps to ensure that trigger levels, limit structures and delegated authorities are re-aligned, and potential risk appetite implications are considered in all major resource allocation decisions. In setting the risk appetite of the Group and to enhance the Group’s risk adjusted returns, the discussion of risks is from the point of view of optimising the Group’s risk-return profile instead of ‘loss minimising’. Guided by these principles, our risk appetite is articulated through a set of Risk Appetite Statements across the Group to ultimately balance the strategic objectives of the Group. 01 02 03 The Group’s risk governance approach is premised on the 3-Lines of Defence Approach by placing accountability and ownership of risks to where they arise while maintaining the level of independence among risk taking units, risk control units and independent assurance unit in managing risk. The 3-Lines of Defence is used in implementing the ERM Framework and providing risk management accountability across the Group. INTEGRATED ANNUAL REPORT 202 1 Key Messages Overview Value Creation MD&A Sustainability Leadership Accountability Financial Additional Information 197
RkJQdWJsaXNoZXIy NDgzMzc=