My first Publication ocbc_ar17_fullreport_english | Page 95

Other Risks
Non-structural foreign exchange
exposures in banking book are largely
transferred to trading book for foreign
exchange risk management. High quality
liquid assets (“HQLA”) held in banking
book to comply with LCR expose the
Group to credit spread risk. While HQLA
are of low default risk, their value could
be sensitive to changes in credit spread.
This risk is monitored against approved
CS01 limits on a daily basis and subject
to historical and anticipatory stress tests.
The other risk residing in the banking
book is non-strategic equity price risk
arising from our equity investment
in listed and non-listed companies.
Such non-strategic equity forms an
insignificant portion of our overall
securities portfolio, excluding GEH.
OPERATIONAL
RISK MANAGEMENT
Operational risk is the risk of loss
resulting from inadequate or failed
internal processes, people, systems and
management or from external events.
Operational risk management enables
us to fulfil our fiduciary duties, comply
with legal and regulatory requirements
and mitigate other risk factors. This
will also help manage any reputational
risks impact.
The Group’s operational risk management
aims to manage both expected and
unexpected losses, including those
caused by catastrophic events. These
twin objectives act as parameters to
manage our risk as we pursue new
business opportunities.
OPERATIONAL RISK MANAGEMENT
OVERSIGHT AND ORGANISATION
The Operational Risk Management
Committee (“ORC”) is the senior
management group that supports the
BRMC and CEO in managing operational
risk. It supports the Group’s business
strategy by ensuring that the operational
risk is within acceptable tolerance levels
and approved risk appetite. ORC also
ensures that the Group’s operational
risk management programmes are
appropriate and effective.
The Operational Risk Management
(“ORM”) department establishes the
ORM framework, supporting policies
and procedures. It also independently
oversees operational risk monitoring
and controls that reside within business,
products and process owners. The ORM
programmes are actively implemented
through the respective Operational
Risk Partners (“ORP”) or managers in
the business units and subsidiaries. To
raise competency levels in managing
operational risk, all ORPs or managers
are certified by an industry recognised
accreditation programme.
OPERATIONAL RISK
MANAGEMENT APPROACH
We adopt an operational risk
management framework that ensures
operational risks are properly identified,
managed, monitored, mitigated and
reported in a structured and consistent
manner. The framework is underpinned
by a strong risk management and
control culture.
Each business unit undertakes self-
assessments on a regular basis by
assessing the robustness of its risk and
control environment, including compliance
with all legal and regulatory requirements.
Self-assessment declarations are subject
to risk-based independent reviews.
Performance metrics are also used to
detect early warning signals and to
drive appropriate management actions
before the risks result in material losses.
To enhance controls over trading activities
and data loss prevention, we have specific
risk units to perform surveillance over
these areas.
Senior management attests annually
to the Audit Committee, BRMC and
CEO regarding the adequacy and
effectiveness of the internal controls and
risk management systems as well as key
control deficiencies and accompanying
remedial plans. Operational risk data
(e.g. operational risk events and self-
assessments) are analysed and reported
regularly to senior management.
To mitigate against operational losses,
insurance programmes are in place to
protect the Bank and its employees
against adverse events. These
programmes cover losses relating to
crime, cyber risks, professional indemnity,
directors’ and officers’ liability, property
damage and public liability.
In addition, the subject specific key risks
that the Group focuses on include but are
not limited to:
Outsourcing Risk Management
We recognise the risks associated with
outsourcing arrangements. As part
of our outsourcing risk management
programme, we have a multi-disciplinary
outsourcing management group to
manage outsourcing risks in a structured,
systematic and consistent manner. In
addition, as an active member of the
ABS Outsourcing Advisory Committee,
we share outsourcing practices and keep
abreast of developments in the industry.
Physical and People Security
Risk Management
We have a programme to ensure that
physical and security risk to people and
assets is adequately addressed. This
includes having a unit to actively monitor
and scan global events that may pose
a risk to OCBC locations, people and
assets. This unit provides advisories and
response procedures to better prepare
the Bank and its employees against risk
events. To mitigate physical security
risks, we are enhancing the access
control management of our buildings.
Business Continuity Risk Management
We have a comprehensive and robust
business continuity management
programme that aims to minimise
the interruption to essential business
activities and services during a crisis. This
is achieved through the implementation
of robust recovery strategies and business
recovery plans which are reviewed and
tested annually. Senior management also
provides an annual attestation to the
BRMC which includes a measurement
of the programme’s maturity across the
Group and the extent of alignment to
MAS guidelines, as well as a declaration
of acceptable residual risk.
Fraud Risk Management
Our fraud risk management and whistle-
blowing programmes aim to prevent
and detect fraud or misconduct. Fraud
incident reports – including root cause
analysis, extent of damage, remedial
actions and recovery steps for major
incidents – are regularly reported to
the ORC and BRMC. We have a Fraud
Surveillance System to detect suspicious
transactions. This system uses machine
learning through continuous assessment
BUILDING ON OUR CORPORATE STRATEGY FOR SUSTAINABLE GROWTH
93