Risk Management Report Integrating sustainability into risk management Our approach to risk The primary role of risk management is to protect the interests of our stakeholders, the finances and the reputation of the Group, while ensuring we are able to support our strategy, provide sustainable growth, and there is an appropriate balance between risk and reward in order to maximise shareholder value. This is supported through our Enterprise Risk Management (‘ERM’) framework and applying the three lines of defence model as described on page 59. The Group is exposed to financial risks, non-financial risks and strategic risks arising from its operations. These risks are managed through the Group’s ERM framework, which continuously evolves to accommodate changes in the operating environment, a better practice approach, and shifting regulatory and customer expectations. ERM is supported by risk policies and standards which govern each risk type. Risk profile and performance The Group has continued to support its customers amid the cost-of-living increases and global and domestic economic uncertainty. We continue to witness sustainable growth in the credit portfolio. Our overall credit performance has improved over the last 12 months and is on track to return to pre-COVID levels. The Group’s strategy will see ongoing investments in technology, driving the evolution of processes and further strengthening of the Group’s operational resilience, amid continuously evolving threats, such as cyber risk. The Group is also committed to improving the wellbeing and health of our staff in line with the Group’s strategy to build capacity. Overall, the Group’s key risks continue to be managed effectively and the Group is well-positioned to safely progress its strategic ambitions. Risk management is an essential management tool in driving innovation and sustainable value creation. Our focus remains to create and protect value by managing risks, encouraging innovation, supporting our customers’ green transition and improving performance within our means and tolerances for risk. Key components of our risk management framework Risk governance Recognising that good risk management goes hand in hand with strong governance, the Group has a well-established risk governance structure based on the three lines of defence approach, which facilitates the identification and escalation of risks, while providing assurance to the Board. Our governance structure is supported by an active and engaged Board of Directors and a dedicated Risk Management team, which operates independently of the Business Units. The Chief Risk Officer reports directly to the Chair of the Risk Management Committee. Roles and Responsibilities – Three lines of defence To create a robust control environment to manage risks, the Group has adopted the three lines of defence model. The overarching principle of the model is that risk management capability must be embedded within the business to be effective. • First Line – Businesses own risks and obligations, and the controls and mitigation strategies that help manage them. • Second Line – A functionally segregated Risk and Compliance function responsible for developing the risk management and compliance frameworks, defines risk boundaries, provides objective reviews and challenges regarding the effectiveness of risk management within the first line businesses, and executes specific risk management activities where a functional segregation of duties and/or specific risk capability is required. • Third Line – Internal audit function, which is fully independent to give the Board, as well as the Audit and Compliance Committee assurance on the effectiveness of governance, risk management and internal control. 58 CIM FINANCE ANNUAL REPORT
RkJQdWJsaXNoZXIy MzQ3MjQ5