Risk governance
- Three Lines of Defense, which governs the day to day acceptance, controlling, mitigation and management of risk.
- Governance Documents, the combined set of policies, procedures, guidelines and terms of references that implements the Three Lines of Defense; and.
- Governance Committees, which provide oversight of the implementation and enforcement of the bank’s risk appetite and risk management framework.
The Three Lines of Defense model strengthens the bank’s control framework.
The Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
Risk Management Framework, sets out the general approach and framework for risk management including the risk universe, risk types, risk appetite and risk governance.
- Policies, document for each risk type or risk theme outline the general approach and strategy as well as the relevant principles and roles & responsibilities.
- Procedures, details the risk type or risk theme’s specific policy at a process level including applicable controls and standards.
- Guidelines, provide detailed guidance at granular level and / or complement the policies and procedure will detail information; and.
- Terms of Reference (or Mandates), set out the mandate, responsibilities and accountability for governance committees.
The bank’s risk governance is executed through different governance committees. These include:
- Board Risk Management Committee, which provides ultimate oversight and independent on risk matters on behalf of the Board of Directors.
- Risk Management Committee, which is the management level oversight committee to review, challenges and oversees the risk function, the implementation of the Risk Management Framework and the adherence to the bank’s approved risk appetite.
- Operational Risk Committee, which provides oversight over the bank’s revised control driven Operational Risk Framework and the Operational Risk acceptance. and
- Credit Management Committee's, which focuses on selected cases, which are either of significant risk or exposure, or cannot be resolved through the delegated authorities between First and Second Line of Defense.