RISK MANAGEMENT OVERVIEW We maintain an integrated and disciplined approach to risk management. Effective risk management supports the creation of long-term shareholder value by providing a framework to balance the prudent management of our risks with delivering sustainable risk-adjusted returns for our shareholders. Our Risk Management framework, which is developed and maintained by our Group Risk Management (GRM) function, encompasses risk culture, risk governance, risk appetite, and risk management policies, processes and tools. The framework also provides independent review and oversight across the organization. Our Risk Management framework guides us in prudent and measured risk-taking aligned with our strategic objectives, which include an effective balance of risk and reward. This requires continuous consideration, understanding and responsible management of all key risks at both the strategic and operational levels. Each team member must make common-sense business decisions in line with our clearly defined and prudent risk appetites, along with regulatory and legal requirements. We have demonstrated our ability to effectively manage risks, including through periods of financial uncertainty, underpinned by a strong risk culture and a disciplined risk management approach; however, not all risks are within our direct control. A description of key internal and external risk factors we consider are included in the Top Emerged and Emerging Risks and Risk Universe – Report on Principal Risks sections. We actively evaluate existing and potential risks to develop, implement and continually enhance appropriate risk mitigation strategies. Managing risk is a shared responsibility across CWB. Our three lines of defence framework provides a consistent, transparent, and clearly documented allocation of accountability and segregation of functional responsibilities. This segregation of responsibilities helps to establish a robust control framework that demonstrates our risk culture, contributes to effective risk management, and encourages continuous improvement of risk management practices. Our three lines of defence framework is described in Table 26. Table 26 - Three Lines of Defence Framework First Line Second Line Third Line Business and Support Areas GRM and Other Corporate Oversight Functions Internal Audit • Own and manage all risks within their lines of business. • Pursue suitable business opportunities within their established risk appetite and limits. • Act within the delegated risk-taking authority as set out in established policies.
• Establish a Risk Management framework to provide a consistent and integrated view of risk exposures across CWB. • Set key risk metrics on which risk appetite and limits are based. • Establish policies, standards, processes and practices that address all significant risks across CWB. • Independently assess, quantify, monitor, control and report all significant risk exposures against the risk appetite and limits. • Provide independent oversight, effective challenge and independent assessment of risk.
• Provide independent assurance to the Audit Committee on the effectiveness and appropriateness of (and adherence to) the Risk Management framework. • Independently audit first and second lines and report on their effectiveness regarding respective functional responsibilities. • Independently review adherence to controls, policies, standards, guidelines and regulations. • Identify operational weaknesses; recommend and track remediation actions.
• Establish appropriate operating guidelines and internal control structures in accordance with risk policies.
RISK MANAGEMENT PRINCIPLES Our risk management principles are based on the premise that we accept appropriate risks for an appropriate return. In conducting our business activities, we will take financial risks that are aligned with our strategic objectives in a manner that supports the responsible and efficient delivery of products and services to valued clients and is expected to create sustainable, long-term value for shareholders and other stakeholders. Risk-taking and risk management activities across all our operations are guided by the following principles: • Three Lines of Defence - Ongoing commitment to a three lines of defence framework, with independent oversight and effective challenge from the second line, and an independent and effective Internal Audit function comprising the third line of defence; • Balance Risk and Reward - An effective balance of risk and reward through alignment of business strategy with risk appetite, diversifying risk, pricing appropriately for risk, and mitigating risk through sound preventative and detective controls; • Understand and Manage Risks - Establish operational resilience through use of common sense, sound judgment and risk-based processes to ensure that risks are thoroughly understood, measured and managed within the confines of well-communicated risk tolerances; • Protect our Brand - An enterprise-wide view of risk and the acceptance of risks required to build the business with continuous consideration for how those risks may affect our reputation; • Shared Accountability - A risk culture in which every employee is accountable to understand and manage the risks inherent in their day-to-day activities, including identification of risk exposures, with communication and escalation of risk-based concerns; and, • Client Focus - Recognition that strong client relationships reduce risks by ensuring that the risks we accept as part of doing business are well understood, and that the services provided are suitable for, and understood by, our clients.
42 | CWB Financial Group 2023 Annual Report
Powered by FlippingBook