KBZ Bank considers robust risk management as vital to its success and takes a holistic and integrated approach to it, where management systematically identifies, monitors and manages all material risks that the Bank is exposed to.
This ensures that any risks are continuously managed and mitigated in line with the Bank’s strategies and risk appetite. A wide variety of risks are considered in our approach, including credit, market, operational, liquidity, business, and reputational risks; environmental and social shifts; and other risks that could impact our business.
Holistic Approach to Risk Management
There are three main components to our Risk Governance Framework: our Board of Directors, our Three Lines of Defence, and a comprehensive governance process.
Our Board of Directors ensure that best practices in risk management are integrated into all management initiatives and business activities, and that they are constantly updated to keep up with Myanmar’s fast-evolving business and regulatory environments. The Board works with, and reviews the work of, two Board Committees – the Board Executive Committee and Board Audit and Risk Committee (BARC) – to achieve these goals.
The BARC is the Board Committee primarily responsible for providing oversight on risk management activities, and ensuring that the necessary material controls and processes are in place and functional. The BARC’s risk control functions actively monitor the Bank’s operations for compliance, and manage incidences of non-compliance, thereby ensuring that the Bank remains within predetermined risk parameters at all times. These functions form part of our second and third lines of defense, and include:
- Risk and credit management
- Internal Audit
The first two functions provide oversight, as well as governance and support to business and functional units on risk and compliance matters. The Internal Audit function, meanwhile, provides independent assurance to the Board and the BARC that risk and compliance management is functioning effectively.
All risk control functions provide regular updates and reports to the BARC.
However, the Board remains ultimately responsible for ensuring that the Bank’s operations comply with Board approved policies, as well as applicable laws and regulations, and are consistent with sound and prudent practices.
Senior managers support the Board by promptly reporting any significant developments that may change the types or levels of risk.
A triple line of defence forms the core of our risk governance framework
- 1. Our business and support units serve as the first line of defence, systematically identifying, assessing, controlling, mitigating, and reporting the risk exposures of their business and operational activities.
- 2. Dedicated Risk Management units, such as the Credit, Market, IRRBB, Liquidity and Operational Risk management departments, and the Legal and Compliance and Financial Crime Compliance units, form a second line of defence. They continually conduct independent reviews, assessments, monitoring, and reporting of their respective risk areas.
- 3. Internal Audit is the third line of defence. It independently tests and verifies the efficacy and robustness of the processes of the business and support units, and ensures they comply with the relevant laws and regulations, as well as various risk management and control policies and procedures.
The Risk Appetite & Statement (RAS) guides our business and supports units on risk-taking, monitoring and control measures. It articulates the level and the nature of the risks that the Bank is willing to take or avoid on behalf of its shareholders, while maintaining its commitments to all other stakeholders. Specifically, it articulates the strategies in place to mitigate returns, volatility, solvency, liquidity, as well as operational and other risks in the short-, medium- and long-terms.
Environmental, social, and governance (ESG) factors are also important considerations.
A Responsible Financing Framework is being put in place as part of our commitment to Sustainability Risk Management. As part of that Framework, we consider the secondary impact of our business activities. In lending, for instance, we assess sustainability risks alongside financial performance, and ensure borrowers are socially responsible and compliant with Myanmar’s social development and environmental protection goals. The Bank is in the process of developing an exclusion list for sustainability financing, and sustainability risk assessments will be integrated into the credit evaluation process by the third quarter of 2020.
In addition, the Bank also has a Reputation Risk Appetite & Statement, which articulates its zero appetite for legal, regulatory, and industry risks, and states that business units must comply with all laws and regulations and industry standards. The Bank also has no appetite for data security risks and will not tolerate the loss or unauthorised or accidental disclosure of customer or other sensitive information.
The Board of Directors is responsible for approving our risk management positions and any amendments made to keep them current and relevant. The Board also ensures procedures are in place to implement these positions, and to effectively monitor and report on all key risk indicators.