My first Publication ocbc_ar17_fullreport_english | Page 87

functional risk management units
and other support units such
as Operations and Technology
are actively involved in the risk
management process.
• 
Risk Appetite – The Board sets the
Group’s risk appetite, which defines
the level and nature of risks that the
Group takes. Risk-taking decisions are
aligned with strategic business goals
and risk-adjusted return expectations.
Portfolio risk limits are cascaded
from the risk appetite and are used
to establish business-operating
boundaries.
• 
Risk Management Frameworks –
The overarching risk management
frameworks are supported by policies,
methodologies, tools, processes
and controls across the various risk
types. These are built around robust
governance structures to ensure that
they are effective, comprehensive
and consistent.
• 
Holistic Risk Management –
Risks are managed holistically,
taking into account the potential
interconnectivity among risk types.
Both business and risk-control units
actively participate in regular forums
to identify and assess material
emerging risks and opportunities
from changes in the business
environment. Quantitative stress
testing and sensitivity analysis
supplemented with qualitative
analysis help senior management
quantify the impact that potential
adverse events pose to our portfolios
and Group earnings. The results
are considered in business strategy
formulation, capital adequacy
assessment and risk limits setting.
•
Independent Review – Group Audit
conducts risk-based internal audits
to provide independent assurance
that our risk management systems
as well as control and governance
processes are effective and comply
with both regulatory requirements
and internal rules and standards.
Group Audit also evaluates the overall
risk awareness, aptitude and attitude
of the Management in effecting the
risk and control measures through
a Management Control Oversight
Rating (“MCOR”).
Our banking subsidiaries are required
to implement risk management policies
that conform to Group risk standards or
to adopt stricter local regulations where
applicable. The approving authority and
limit structures of our subsidiaries are
consistent with those of the Group, which
are designed to ensure proper ownership
and accountability.
Great Eastern Holdings and Bank
OCBC NISP are listed companies that
publish their own annual reports
which contain information on their
risk management frameworks and
practices (for information on GEH’s
risk management, refer to Note 39 in
the Group’s Financial Statements).
Their risk management policies and
practices are aligned with Group risk
standards where appropriate.
RISK GOVERNANCE
AND ORGANISATION
The Board establishes the Group’s
risk appetite and risk management
principles. The Board Risk Management
Committee (“BRMC”) is the principal
Board committee that oversees the
Group’s risk management with the
following key responsibilities:
• Sets the Group’s overall risk
management philosophy, ensuring
it is in line with the overall corporate
strategy and risk appetite as approved
by the Board.
• Reviews risk disclosure policy and
risk management principles for
the approval of the Board.
• Oversees the Group’s risk management
systems for identifying, measuring,
monitoring, controlling and reporting
risk and ensuring the adequacy of risk
management practices.
• Approves risk management
frameworks, major risk policies
and material risk models.
The BRMC is supported by GRM, which
is headed by the Group Chief Risk Officer
(“CRO”). GRM is an independent risk and
control oversight function that supports
the Group’s business development within
a prudent, consistent and effective risk
management framework and governance
structure. GRM also establishes relevant
risk management frameworks, policies
and procedures, risk measurements and
methodologies. Various risk reports,
including key stress test results and
action plans, are submitted regularly
to senior management, the BRMC and
the Board to apprise them of the Group’s
risk profile.
GRM also reviews and monitors the
Group’s risk profiles and portfolio
concentrations and highlights any
significant vulnerabilities and risk issues
to the respective risk management
committees. Our risk management and
reporting systems are designed to ensure
that risks are comprehensively identified
and evaluated to support risk decisions.
As part of our ongoing effort to enhance
group-wide risk data aggregation and
reporting capabilities and to meet the
requirements stated in BCBS 239, we have
also embarked on initiatives to enhance
our governance, reporting processes and
systems, aligning them with the broad
principles stated in BCBS 239.
The independence of risk management
from business functions ensures that we
achieve the necessary balance between
risk-taking and return considerations.
The compensation of risk officers is also
determined independent of business
units and reviewed by the Remuneration
Committee to ensure it remains
market-competitive.
Senior management actively manages
risks through various risk management
committees, such as the Credit Risk
Management Committee, the Market
Risk Management Committee, the
Asset and Liability Committee and
the Operational Risk Management
Committee. Both risk-taking and risk-
control units are represented in these
committees, emphasising shared risk
management responsibilities.
All new products and services are
governed by a New Product Approval
Process (“NPAP”) managed by GRM and
approved by the New Product Approval
BUILDING ON OUR CORPORATE STRATEGY FOR SUSTAINABLE GROWTH
85