* Consists of Group Risk Management Division (including Shariah Risk Management), Group Credit Management Division, Group Compliance Division (including Shariah Compliance) and Group Information Security & Governance Division (ISGD). Risk Appetite The risk appetite defines the levels of risk that the Group is willing to assume within its risk capacity. It is a critical component of the Group’s ERM Framework, which enables the Board and Management at all levels to communicate, understand and assess the types and levels of risks that the Group is willing to accept in pursuit of its strategic and business goals while taking into consideration the constraints under a stressed environment. The Group’s risk appetite has been integrated into its Corporate Direction and Business Plan and remains dynamic and responsive to the changing external and internal drivers such as the business and market conditions. It is determined based on the following elements: THREE LINES OF DEFENCE APPROACH The Group takes steps to ensure that trigger levels, limit structures and delegated authorities are re-aligned and potential risk appetite implications are considered in all major resource allocation decisions. In setting the risk appetite of the Group and to enhance the Group’s risk adjusted returns, the discussion of risks is from the point of view of optimising the Group’s risk-return profile instead of ‘loss minimising’. Guided by these principles, our risk appetite is articulated through a set of Risk Appetite Statements across the Group to ultimately balance the strategic objectives of the Group. The Group’s risk governance approach is premised on the 3-Lines of Defence Approach by placing accountability and ownership of risks to where they arise while maintaining the level of independence among risk taking units, risk control units and independent assurance unit in managing risk. The 3-Lines of Defence is used in implementing the ERM Framework and providing risk management accountability across the Group. Responsible for providing Independent assurance to Board and Senior Management that Risk Management Processes and Tools are effectively implemented Responsible for establishing and maintaining Risk Management framework; developing Risk Management Tools; assessing, monitoring, reporting and controlling risk; and promoting risk awareness across the Group Responsible for ongoing oversight of risk & control at day to day work level and promoting strong risk culture within business/support unit Risk Owner or Risk Taking Units 1 Risk Control Units* 2 Internal Audit 3 01 02 03 Risk Capacity • What is the maximum limit of risk the Group can withstand without causing its failure? Risk Tolerance • How much risk is the Group prepared to take per risk type or business unit? Risk Appetite • What level of risk is deemed acceptable by the Board in pursuing its strategy? Integrated Report 2022 212 Statement on Risk Management and Internal Control
RkJQdWJsaXNoZXIy NDgzMzc=