Roles and Responsibilities of Risk Oversight Committee
1. To advice the Board on the framework and policies for risk governance and overall risk management, covering all major risks such as credit risk, market risk, liquidity and capital risk, operational risk (including compliance risk), strategic and reputational risks, IT risks, etc.
1.1 To advise the Board on appropriate risk related frameworks, policies, appetite, tolerance and strategy for the Bank and its business units including authority or the delegation of authority to approve credit.
1.2 To recommend the risk and concentration levels for approval by the Board, in alignment with the Board’s risk appetite.
1.3 To approve significant policies and framework that govern the management of risks, including risk governance matters, and which have been delegated to ROC by the Board.
1.4 Supervise capital and liquidity management strategy, in alignment with the Board’s risk appetite.
1.5 Ensure and regularly review appropriate Technology, Information and cyber risk governance, policy, and appetite that meet international standards
1.6 Regularly monitor Technology, Information and cyber risk against appetite as a part of overall risk oversight
2. To formulate strategies that are consistent with the risk management policy and which can assess, monitor, and ensure that the financial institution’s risks are at appropriate levels.
2.1 To approve the supplemental risk limits as defined in the relevant policies and frameworks.
2.2 To review the adequacy of the Bank’s risk management policy and systems, and the effectiveness of policy and systems implementation in terms of identifying, measuring, aggregating, controlling and reporting these risks by top management.
2.3 To review and monitor all risks and risk management practices, including internal control and compliance processes and systems.
3. To approve the appointment, review of committee structure and composition, and roles and duties of the management – level risk management committees.
4. To report the risk management performance and all risk management matters and measures to the Board, and to consult and exchange views with the Audit Committee in order to assess if the risk management policies and strategies cover all existing and new types of risk facing the financial institution and if the implementation of such policies and strategies are effective and efficient.
5. To advise on the development and maintenance of a supportive culture, in relation to the management of risk, appropriately embedded through procedures, training and leadership actions so that all employees are alert to the wider impact of their actions on the Bank and its business units.
6. To advise on the alignment of compensation structures in relation to the management of risk and to the risk culture, taking into account the Board’s risk appetite.
7 Appointment, transfer, removal of CRO and performance appraisal of CRO’s performance shall be concurred by Risk Oversight Committee and acknowledge CRO’s KPIs.
8. To perform other duties as delegated by the Board of Directors or regulatory requirements.
Remark: According to BoT notification Sor Nor Sor 10/2561 re: Corporate Governance of Financial Institution.