My first Publication ocbc_ar17_fullreport_english | Page 252

NOTES TO THE FINANCIAL STATEMENTS
For the financial year ended 31 December 2017
39. RISK MANAGEMENT (continued)
39.5 INSURANCE-RELATED RISK MANAGEMENT (continued)
Market and credit risk (continued)
(h) Credit risk (continued)
Ageing analysis of financial assets past due:
Past due but not impaired
Less than
6 months 6 to 12
months Over 12
months Sub-
total Past due and
impaired @ Total
2017
Loans
Insurance receivables
Other debtors and interfund balances
Total –
22
1
23 62
4
#
66 –
3
#
3 62
29
1
92 47
6
5
58 109
35
6
150
2016
Loans
Insurance receivables
Other debtors and interfund balances
Total –
20
1
21 –
7
–
7 9
3
#
12 9
30
1
40 4
6
4
14 13
36
5
54
$ million
for assets to be classified as “past due and impaired”, contractual payments must be in arrears for more than 90 days. These receivables are not
secured by any collateral or credit enhancements.
# represents amounts less than $0.5 million.
(1) @

(2)
(i) Concentration risk
An important element of managing both market and credit risks is to actively manage concentration to specific issuers, counterparties,
industry sectors, countries and currencies. Both internal and regulatory limits are put in place and monitored to manage concentration
risk. These limits are reviewed on a regular basis by the respective management committees. GEH Group’s exposures are within the
concentration limits set by the respective local regulators.
GEH Group actively manages its product mix to ensure that there is no significant concentration of credit risk.
(j) Operational and compliance risk
Operational risk is an event or action that may potentially impact partly or completely the achievement of the organisation’s objectives
resulting from inadequate or failed internal processes and systems, human factors, or external events.
Compliance risk is any event or action that may potentially impact partly or completely the achievement of the organisation’s objectives, as
a result of its failure to comply with applicable laws, regulations and standards. The applicable key compliance areas include:
– laws, regulations and rules governing insurance business and regulated financial activities undertaken by Great Eastern;
– codes of practice promoted by industry associations;
– anti-money laundering; and
– countering of financing of terrorism.
The day-to-day management of operational and compliance risk is through the maintenance of comprehensive internal controls,
supported by an infrastructure of systems and procedures to monitor processes and transactions. GMC reviews operational and
compliance issues on a GEH Group basis at its monthly meetings while local level issues are managed and monitored by the local SMTs.
GEH Group Internal Audit team reviews the systems of internal controls to assess their ongoing relevance and effectiveness, and
reports at least quarterly to the GEH Audit Committee.
(k) Technology risk
Technology risk is defined as risk related to any potential adverse outcome, damage, loss, disruption, violation, or failure arising from the
use of or reliance on computer hardware, software, electronic devices, and networks.
GEH Group adopts a risk based approach in managing technology risks relating to data loss/leakage, system security vulnerabilities,
inferior system acquisition and development, system breakdown and availability, outsourced vendor service delivery, privileged access
misuse and technology obsolescence. Key risk indicators related to technology risks are reported to the GEH Group Board on a regular
basis. Independent assessment is performed by GEH Group Internal Audit for its adequacy and effectiveness.
250
OCBC ANNUAL REPORT 2017