Page 27 - 86395_CCB - 2024 Annual Report (web)
P. 27
27
Risk Management
Approach to risk, Enterprise Risk
Management Framework and accountability
The Enterprise Risk Management Framework
(ERMF) articulates the Bank’s approach
to risk management, the risks the Bank is
willing to take, and the inherent risks, in
pursuit of its strategy.
The framework ensures that from the
top down there is effective identification, Executive and Non‑Executive responsibilities
assessment, control, management, reporting documented as applicable under the
and escalation of risk, to operate within Senior Managers and Certification Regime.
the appetite set by the Board resulting The Bank outsources its Internal Audit
in a transparent and robust risk culture. function to Deloitte LLP, who report directly
The key principles, tools, documentation, into the Bank’s Audit Committee.
governance structure, roles, and
responsibilities for risk management, across Risk Appetite
all risk categories, are confirmed in the
framework along with the methodologies The Risk Appetite articulates the type and
used to measure and monitor the ‘Risk level of risks the Board is willing to take in
Management Cycle’. In addition, the internal pursuit of its strategy and objectives. The
and external oversight, assurance, and overall objective is to protect the Bank
approvals provided by Board, Executive, from unacceptable levels of risk while
Second Line and Third Line control supporting and enabling overall business
functions is confirmed. strategy (including the assessment of new
A Risk and Control Self‑Assessment business opportunities). The Bank’s Risk
programme and a Top and Emerging Appetite Statements (RAS) outline a mixture
Risk reporting process exist to support of qualitative and quantitative measures
monitoring and management of the Bank’s (Principal Risk Statements and Key Risk
risk profile. Indicators (KRIs). An annual review of the
A forward‑looking risk management Bank’s RAS and KRIs is facilitated and
approach is adopted using quarterly stress challenged by Second Line Risk, driven by
testing and scenario analysis, feeding into the recommendations of the appropriate
the annual Internal Capital and Liquidity Executives and subject matter experts.
Adequacy Assessment processes (ICAAP and This process includes ensuring that the
ILAAP) to ensure there is sufficient capital key risks identified remain appropriate
and liquidity to cover the risks to the Bank. against the strategic plan, current business,
macroeconomic, geopolitical, regulatory,
Governance of Risk Management and legal environment, and experience of
risk throughout the preceding year. The
The Chief Risk Officer has operational Board reviews and approves the Bank’s Risk
responsibility for the management of the Appetite on an annual basis.
Bank’s ERMF. The Board has responsibility The Bank’s performance against Risk
for the setting and approval of the Bank’s Appetite is monitored via reporting to
Risk Appetite and ERMF, as well as ongoing the Executive Risk Committee. This is
oversight, principally through the Board summarised within the Chief Risk Officer
Risk and Compliance Committee. The Risk Report, presented monthly to the Risk
Bank’s corporate governance framework Management Committee and bi‑monthly
and Committee structure is outlined in the to the Board Risk Committee. The reporting
Corporate Governance section.
shows status against each KRI and overall
rating, based on parameters set within the
Three lines of defence model
ERMF, using a Red/Amber/Yellow/Green
The Bank adopts a ‘three lines of defence’ scale and the expert judgement of the First
model to provide robust risk management, and Second lines. These KRIs detail the
oversight and assurance with clear Bank’s Risk Appetite and are reviewed at least
responsibilities established for all colleagues annually, or in the event of a major change
in relation to risk management, including to strategy and/or environment within which
the Bank operates.
