Enterprise Risk Management

Risk management at BDO begins at the highest level of the organization.

At the helm of the risk management infrastructure is the Board of Directors (the Board), which is responsible for establishing and maintaining a sound risk management system. The Board assumes oversight over the entire risk management process and has the ultimate responsibility for all risks taken.

The Board has constituted the Risk Management Committee as the Board-level committee responsible for the oversight of the enterprise risk management program.

Considering the importance of appropriately addressing credit risk, the Board has also constituted the Executive Committee. The Executive Committee is responsible for approving credit-specific transactions, while the Risk Management Committee is responsible for approving risk appetite levels, policies, and risk tolerance limits related to credit portfolio risk, liquidity risk, market risk, interest rate risk, operational risk (including business continuity risk, IT risk, information security risk, data privacy risk, and social media risk), consumer protection risk, and environmental and social risks, to ensure that current and emerging risk exposures are consistent with the Bank’s strategic direction and overall risk appetite.

As part of the enterprise-wide risk management framework, the Risk Management Group, which reports to the Risk Management Committee, is mandated to adequately and consistently evaluate, manage, control, and monitor the overall risk profile of the Bank’s activities across the different risk areas (i.e., credit risk, liquidity risk, market risk, interest rate risk in the banking book, operational risk including business continuity risk, IT risk, information security risk, and data privacy risk, as well as environmental and social risks) to optimize the risk-reward balance and maximize return on capital, in line with the Bank’s risk management mission.

The risk management process is applied at three levels: the transaction level, the business unit level, and the portfolio level. This framework ensures that risks are properly identified, quantified, and analyzed in the light of its potential effect on the Bank’s business. The goal of the risk management process is to ensure rigorous adherence to the Bank’s standards for precision in risk measurement and reporting and to make possible, in-depth analysis of the deployment of capital and the returns that are delivered to the shareholders.