Page 30 - CCB_Full-Annual-Report-2021

P. 30

30 31

Contents
Contents

The Bank's capital ratios exceeded its

regulatory requirements throughout Strategic Report

the year.

The Enterprise Risk Management Governance of Risk Management Second line of defence Key Risk Indicators). The regular review of Corporate Governance Statement
Framework describes the risks the Bank is Risk management is governed by the The Chief Risk Officer and team operate as the Bank’s appetite for risk is facilitated and
willing to take in pursuit of, and the risks corporate governance framework and the second line of defence, working closely challenged by the second line of defence,
inherent within, its strategy, its governance committee structure described in the with executive management and their driven by the recommendations of the
of risk management, and the methodologies Bank’s corporate governance statement on respective teams. The Chief Risk Officer is appropriate executives and subject matter
used to measure and monitor these within pages 42 - 75, with ultimate ownership by independently responsible for managing, experts. This process includes ensuring that
its ‘Risk Management Cycle’: the key risks identified remain appropriate
the Board. designing, and continually updating the against the strategic plan, current business,
Enterprise Risk Management Framework macroeconomic, geopolitical, regulatory,
Three lines of defence model and risk assessment and evaluation tools and legal environment, and experience
and systems, providing training, review,
The Bank manages risk using the ‘three lines and challenge to the first line, and ensuring of risk throughout the preceding year.
of defence’ model, via clear responsibilities that the Bank operates within all applicable On at least an annual basis, the second
Identify Measure established for all colleagues in relation to regulatory guidelines and in line with line of defence provides a review and
risk management, including executive and challenge before presenting to the relevant
emerging industry good practices in
non-executive responsibilities documented executive committee (Risk Management Independent Auditor’s Report
relation to risk management. A key role of
Risk as applicable under the Senior Managers second line is to provide an independent Committee, Credit Committee or Asset &
Management and Certification Regime. The model view to management and the Board of the Liabilities Committee) for further review
and challenge and recommendation to the
operates as follows:
Cycle risks within the Bank. Board Risk & Compliance Committee for
First line of defence approval. The Risk Appetite Statement is
Monitor/ Manage/ Third line of defence refreshed and updated annually.
Report Mitigate The Chief Executive Officer, executives The third line of defence is comprised of
and their teams are responsible for
Internal Audit, outsourced to Deloitte under The Bank’s performance against Risk
managing risk on a day-to-day basis,
the administrative supervision of the Chief Appetite is monitored via reporting to
including identification of risks as they
Risk Officer and Chief Financial Officer, the executive risk committees. This is
emerge, evaluating and reporting them
reporting to the Bank’s Audit Committee. summarised within the Chief Risk Officer
and ensuring that the Bank operates within Financial Statements
Internal Audit is responsible for providing Risk Management Report, which is
risk appetite. This includes producing
independent assurance that the Enterprise presented to Risk Management Committee
A Risk Register is maintained to record and Key Risk Indicators and other metrics, Risk Management Framework, including its and appropriate Board committees
monitor the full list of risks to which the Committee and Board reporting, making operation by the first and second lines, is monthly. The periodic reporting shows
Bank is exposed. The Register is regularly sure that all colleagues are adequately operating effectively. status against each Key Risk Indicator (KRI)
refreshed, primarily as part of the Risk and trained, and that the executives and senior and overall rating, based on parameters
Control Self-Assessment programme, management provide leadership of the Risk Appetite set within the Enterprise Risk Management
to ensure that it provides an up-to-date governance of risk as members of the Framework, using a Red/Amber/Yellow/
record of the Bank’s overall risk profile. relevant committees. In support of this, a The Risk Appetite is the amount and type of Green scale and the expert judgement of
A forward-looking approach is ensured dedicated first line risk function is in place risks the Board is willing to take in pursuit the first and second lines. These KRI’s detail
using quarterly stress testing and scenario to provide risk management expertise of its strategy and objectives. The overall the Bank’s Risk Appetite and are reviewed
analysis, feeding into the annual Internal within an operational setting. The first line objective is to protect the Bank from at least annually or in the event of a major
Capital and Liquidity Adequacy Assessment risk function undertakes an active role in unacceptable levels of risk while supporting change to strategy and/or environment Notes to the Financial Statements
processes (ICAAP and ILAAP) through maintaining and improving internal control and enabling overall business strategy within which the Bank operates.
which the Bank ensures that it has sufficient frameworks, remediating weaknesses in (including the assessment of new business
capital and liquidity in place to cover the operational processes, and supporting opportunities). The Bank’s Risk Appetite
risks the Bank faces. business areas in the implementation of the Statement outlines a mixture of qualitative
Bank’s key risk management processes. and quantitative measures (Statements and

25 26 27 28 29 30 31 32 33 34 35