Risk Management and Compliance
The Group Risk Management and Compliance is a centralized and independent function. The Group CRO is the head of the Risk Management function and reports to the Board Risk Committee. His appointment, dismissal, remuneration and evaluation are also determined by the Board Risk Committee. The function is primarily responsible for identifying, measuring, monitoring, controlling and reporting the risk profile of the Group. It assists and acts as the internal advise to the Executive Management to actively assess and control the Group’s overall risk. In coordination with the regional Risk Management units, the Risk Management and Compliance function ensures:
- The overall Groups business strategy and business activities conducted within the region are consistent with the risk appetite approved by the Board.
- Risk policies, procedures and methodologies are tailored in a manner that is relevant to the region where such businesses are conducted and are consistent with the Group’s risk appetite.
- Appropriate risk management architecture and systems are developed and implemented for the region.
- Adequate monitoring of portfolios’ risks and limitations across the Group and at a regional level.
The Group Internal Audit Function is an independent function, mainly responsible for evaluating the adequacy and effectiveness of the Group’s internal controls, ensuring compliance with policies, procedures and regulatory requirements. The Group’s Internal Auditors are not assigned any executive responsibilities in order to maintain their autonomy and impartiality in fulfilling their duties and responsibilities. The Internal Audit function reports directly to the Board Audit Committee which is accountable for monitoring the overall performance of the function.
The Group maintains a sound control environment supported by a set of policies and procedures which are adhered to by all members across the Group and are designed to specifically cater and accommodate the needs and requirements of the Group. The effectiveness of internal controls are monitored through a well-structured control self-assessment program designed as per COSO framework. This is routinely monitored by the Board and is subject to independent assessment and review, to identify enhancement opportunities and the effectiveness of the control framework.