Risk Governance

Risk governance structure ensures the independence of the Enterprise Risk Management (ERM) Division, provides the communication and reporting lines to escalate significant risks and analyze risk profile, promotes close collaboration of the ERM Division with Risk Owners and other internal assurance providers and establishes the roles and responsibilities of all parties that participate in risk management

Board of Directors

Board has an overall responsibility, exercising oversight for enterprise risk management
Establishes and defines the risk appetite
Monitors key risks, considers risks that affect strategy and leverages risk information into decision-making
Approves the Enterprise Risk Management Policy

Audit Committee

Supports Board in monitoring the effectiveness of enterprise risk management and internal control system
Reports on key risks and the progress of mitigation plans on periodic basis

Cabinet of the CEO and Executive Management

Participate in the formulation of the risk appetite framework
Accountable of the proper identification, assessment and treatment of enterprise risks, based on the ERM framework
Promote an ethical and risk-oriented culture across business sectors
Analyze the effect of principal risks and discuss upcoming emerging risks

Third Line

Internal Audit provides independent and objective assurance on the adequacy and effectiveness of governance, risk management, and control processes

Second Line

Enterprise Risk Management Division, Compliance Division and Information Security Officer are responsible for providing risk assurance services in their respective area

First Line

All business units and their respective process, risk and control owners that are responsible to manage risks on daily operations and escalate concerns/ issues that may alert the severity of risks

Who we are

What We Do

Where

Contact Us

OUR PEOPLE

SUSTAINABILITY

INVESTOR RELATIONS

MEDIA