RISK MANAGEMENT FRAMEWORK The primary goal of risk management is to ensure that the outcomes of risk-taking are consistent with our overall risk appetite, our strategic growth objectives, and related business activities. The Risk Management framework provides the foundation for achieving this goal. Its key elements include risk culture, risk governance, risk appetite, and risk management policies, processes and tools. We utilize the ISO 31000 Standard for Risk Management as a comprehensive framework to help ensure risk is managed effectively and efficiently.
Figure 4 - Risk Management Framework
RISK CULTURE Our strong risk culture emphasizes transparency and accountability. Our risk culture is the core of the Risk Management framework, including risk management principles and accountabilities as defined within a three lines of defence framework. Key elements that influence and support our risk culture include: • Leadership : Leaders, at all levels, set a consistent ‘tone from the top’ and reinforce a strong risk culture through their words, actions and decisions. • Compensation, People Management & Incentives : Performance and compensation structures align with our desired risk behaviours and reinforce our values. • Accountability & Ownership : Promote clear accountabilities and responsibilities within the first, second and third lines of defence, have capacity and autonomy to fulfill those accountabilities, take ownership of decisions and actions, and individuals are held accountable for them. • Risk Mindsets & Behaviours: The risk framework, including risk appetite and risk management, is embedded across our institution to ensure financial and non-financial risks are effectively managed. • Group Dynamics & Decision-Making: The work environment enables individuals to feel safe to speak up, openly communicate and work together to make sound decisions and achieve financial and non-financial outcomes. • Resilience: Individuals are vigilant towards known and unknown threats, identify and effectively respond to problems and opportunities, and continuously learn, improve, and adapt to changing conditions. Our risk culture is supported by maintenance of effective risk management principles, policies, processes, and tools with oversight provided to guide business practices and risk-taking activities of all employees in support of CWB’s reputation and adherence to all legal and regulatory requirements. On an annual basis, our employees are required to complete formal training on key risk topics, including regulatory compliance risk, cybersecurity, and various other operational risks. By taking this mandatory training, all employees build their knowledge of risk management in support of our risk culture. We have an established Code of Conduct that describes standards of conduct to which all directors, officers, and employees must adhere and attest to on an annual basis, an anonymous ethical concerns hotline, and we conduct a periodic, confidential enterprise-wide Risk Culture survey. Our three lines of defence framework provides a consistent, transparent, and clearly documented allocation of accountability and segregation of functional responsibilities. This segregation of responsibilities helps to establish a robust control framework that demonstrates our risk culture, contributes to effective risk management, and encourages continuous improvement of risk management practices. Our three lines of defence framework is described in Table 26.
CWB Financial Group 2023 Annual Report | 43
Powered by FlippingBook