• First Line of Defence

    Business and Support Units
    • primary responsibility of identifying, mitigating and managing risks within their lines of business.
    • ensure day-to-day activities are carried out within the established risk and compliance policies, procedures and limits.
  • Second Line of Defence

    Risk Management & Compliance Division (RMD)
    • independently assess risk exposures and the coordination of risk management on an enterprise-wide basis.
    • ensure that risk management and compliance policies are implemented accordingly.
    • ensure compliance with the applicable laws and regulations.
  • Third Line of Defence

    Internal Audit Department (IAD)
    • the IAD being the third line of defence is responsible for independently reviewing the adequacy and effectiveness of risk management processes, system of internal controls and conformity with risk and compliance policies.
  • Strategic Risk
  • Credit Risk
  • Market Risk
  • Liquidity Risk
  • Operational Risk
    • Strengthening risk culture to reinforce risk framework.

    • Ensuring the Group’s portfolios are aligned with the risk appetite and strategies.

    • Enhancing risk management governance, controls and processes.