RISK MANAGEMENT FRAMEWORK The primary goal of risk management is to ensure that the outcomes of risk-taking are consistent with our overall risk appetite, our strategic growth objectives, and related business activities. The Risk Management framework provides the foundation for achieving this goal. Its key elements include risk culture, risk governance, risk appetite, and risk management policies, processes and tools. We utilize the ISO 31000 Standard for Risk Management as a comprehensive framework to help ensure risk is managed effectively and efficiently.
Figure 4 - Risk Management Framework
RISK CULTURE
Our strong risk culture emphasizes transparency and accountability. Our risk culture is the core of the Risk Management framework, including risk management principles and accountabilities as defined within a three lines of defence framework. Key elements that influence and support our risk culture include:
• Tone from the Top - Demonstrated throughout CWB and emphasized by the actions of senior management and the Board of Directors, which send consistent and clear messages throughout the organization; • Values Alignment - Supported by CWB’s core values , which emphasize that how we do things is as important as what we do, and that we always act with integrity as we strive to balance risk and reward; • Accountability - An environment where the first, second and third lines of defence can freely escalate risk issues and concerns, and issues are discussed openly and acted upon appropriately. We have zero tolerance for inappropriate risk taking in violation of our core values, risk appetite and reputational risk management principles; and, • People Management - Performance and compensation structures that align with our desired risk behaviours and reinforce our values. Our risk culture is supported by maintenance of effective risk management principles, policies, processes, and tools with oversight provided to guide business practices and risk- taking activities of all employees in support of CWB’s reputation and adherence to all legal and regulatory requirements. On an annual basis, our employees are required to complete formal training on key risk topics, including ethical behaviour, regulatory compliance risk, cybersecurity, and various other operational risks. By taking this mandatory training, all employees develop a basic knowledge of risk management in support of our risk culture. We have an established Code of Conduct that describes standards of conduct to which all directors, officers, and employees must adhere and attest to on an annual basis, an anonymous ethical concerns hotline, and we conduct a periodic, confidential enterprise-wide Risk Culture survey. Our three lines of defence framework provides a consistent, transparent, and clearly documented allocation of accountability and segregation of functional responsibilities. This segregation of responsibilities helps to establish a robust control framework that demonstrates our risk culture, contributes to effective risk management, and encourages continuous improvement of risk management practices. Our three lines of defence framework is described in Table 31.
46 | CWB Financial Group 2022 Annual Report
Powered by FlippingBook