My first Publication ocbc_ar17_fullreport_english | Page 96

RISK MANAGEMENT
(This section forms an integral part of OCBC’s audited financial statements)
of individual customers’ transaction
patterns, and the setting of standard
deviations for monitored transactions.
Group Audit independently reviews all
fraud and whistle-blowing cases and reports
their findings to the Audit Committee.
Reputational Risk Management
Reputational risk is the current and
prospective risk to earnings and capital
arising from adverse perceptions of
the Group’s image among customers,
counterparties, shareholders, investors
and regulators. We have a reputational
risk management policy which focuses
on understanding and managing our
responsibilities towards our different
stakeholders as well as protecting
our reputation. A key emphasis of the
programme is effective information sharing
and engagement with stakeholders.
Fiduciary Risk Management
We have a fiduciary risk management
programme to manage risks associated
with fiduciary relationships from managing
funds or providing other agency services.
The programme provides guidelines
on regular identification, assessment,
monitoring and mitigation of fiduciary risk
exposures, to ensure our compliance with
applicable corporate standards.
Legal and Regulatory Risk Management
We hold ourselves to high standards
when conducting our business and at all
times observe and comply with applicable
laws, rules and standards. We have an
established compliance risk programme
which defines the required environment
and organisational components for
managing the risk in a structured,
systematic and consistent manner. Each
business unit is responsible for having
adequate and effective controls to
manage both legal and regulatory risks.
Senior management provides the BRMC
and CEO with an annual Regulatory
Compliance Certification regarding the
state of regulatory compliance.
Technology, Information and
Cyber Risk Management
We adopt a holistic approach to ensure
that technology, information and cyber
risks are properly assessed, monitored,
94
OCBC ANNUAL REPORT 2017
mitigated and reported. Appropriate
controls are in place to ensure the
confidentiality, integrity and availability
of our information assets.
We raise our staff awareness on cyber
information and vigilance against cyber risk
through regular email reminders, training
and campaigns that include the use of test
emails. We participate in industry-level
exercises and collaborate with industry
participants and government agencies to
share intelligence and counter measures
against new forms of cyber-attacks.
external audits as well as regulatory
inspections. The senior management
and the Board have oversight of the
programme, which is reviewed regularly to
ensure that it remains robust and relevant
in the context of the evolving regulatory
landscape and operating environment. They
are kept apprised on enhancements to the
programme as well as significant regulatory
changes in the various host countries where
we have business operations.
Anti-Money Laundering/Countering the
Financing of Terrorism Risk Management
We have a structured framework and
programme for combating money
laundering and countering the financing
of terrorism that is implemented
across the Group. This incorporates
the MAS Notice 626 on Prevention of
Money Laundering and Countering the
Financing of Terrorism and is in line
with the principles or guidelines set by
international organisations, such as the
Basel Committee and Wolfsberg Group. We regularly invest in the group-wide
systems, upgrading or replacing them
from time to time to strengthen our
capabilities in customer risk management
and transaction monitoring. Given the
dynamic and complex evolution of money
laundering tactics, we have identified and
leveraged on new fintech solutions using
machine learning and artificial intelligence
to supplement and optimise our existing
customer transaction monitoring system.
These solutions will enable the Bank
to more accurately detect suspicious
transactions and reduce the high rate
of false positive alerts often generated
by rule-based monitoring systems.
Our programme is aimed at managing and
mitigating potential exposure to existing and
emerging money laundering and terrorism
financing (“ML/TF”) risks emanating from
the various customer segments, products
and services, delivery channels as well
as the range of host countries where
we have business operations. It includes
observance of sanctions required by the
MAS and the respective regulators of
countries where our international offices
and subsidiaries operate. In this regard, we
have implemented appropriate policies
and procedures to conduct customer due
diligence to know our customers as well as
transaction monitoring capabilities to detect
unusual or suspicious transactions. Where
required, our international offices and
subsidiaries customise the programme to
ensure that they are fit for the host country
where they operate in, provided the
higher standard is adopted. We recognise that our employees
play an integral role in our AML/CFT
efforts and have emphasised the
importance of staying vigilant against
ML/TF and sanctions risks to our
business and network. To ensure that
our employees understand these risks,
they must undergo basic training
when they join the bank and regular
refresher training thereafter. We also
provide specific training to enable
relevant employees to carry out their
respective roles and to keep abreast of
developments in the financial industry.
The respective Board and management
committees of the entities in the Group
are trained regularly to enable them
to oversee our AML/CFT programme.
The training encompasses AML/CFT
and sanctions regulations, case studies
depicting local or transnational criminal
activities and new or developing typologies.
Our anti-money laundering and countering
the financing of terrorism (“AML/CFT”)
programme is subject to internal and