30
corporategovernance
group Perspective
Chief Risk Officer, Dr John Lee, explains why it is important that Maybank must report on areas like customer service
and employee engagement that are not so easily quantified.
Why is sustainability reporting increasingly important ?
We have been able to show good financial performance every year. These results however do not fully describe or
capture how we manage issues in Maybank. I find it hard for anyone to ever quantify the organisation as a series of
numbers. Our people, our communities, our customers are all part of our DNA. These factors are just as important —
they are the sum of Maybank. Reporting is an opportunity not just to present our performance but also how we are
going to move forward.
What are the challenges in non-financial information?
It is not easy. Companies tend to refer to financial numbers and quantify risk based on financial performance. With
regard to the non-financial aspect, the challenge is in determining which data is most relevant in giving insight into the
progress that we are making. Which data should inform our sustainability approach as well as the company’s targets are
something we are still working on.
Do you think sustainability reporting is valuable?
I am convinced the more we understand the bigger picture of our business, the better. Reporting is particularly valuable
as a monitoring and evaluation tool. At the same time, we are constantly scrutinising the quantitative and qualitative
impact of how non-financial factors like customer service and employee engagement impact our bottom line in order
to understand our business better. The key is to draw out the larger risk landscape, especially the non-financial risk and
map out the challenges as well as opportunities that are available for us as a leading financial institution.
“Our financial risk is
important, but it only tells
part of the story”
GROUP Chief Risk Officer
Building a Strong Internal Risk Culture
Environmental, social and governance (ESG) risks can have a significant impact on our businesses, our reputation and, ultimately, on our earnings. We work to identify
risk in areas such as product and service delivery, compliance, customer satisfaction, infrastructure and innovation. In each case, we assess the possible impact on our
financial performance as well as on our wider reputation. By embedding risk considerations into appropriate business decisions, we strengthen the quality of oversight
and the sense of risk ownership in the business.
Building an effective risk management culture requires putting in place adequate governance including organisational structure, roles and responsibilities and policies
and procedures. The Seven Broad Principles define for us the risk management principles at Maybank.
we see sustainabilitydifferently
PRINCIPLES
1.
The risk management approach is premised on three lines of defence — risk-taking units, risk control units and internal audit.
2.
The risk-taking units are responsible for the day-to-day management of risks inherent in their business activities, while the risk control units are responsible
for setting up risk management frameworks and developing tools and methodologies for the identification, measurement, monitoring, control and pricing of
risk. Complementing these is internal audit, which provides independent assurance of the effectiveness of the risk management approach.
3.
Risk management provides risk oversight for the major risk categories including credit risk, market risk, liquidity risk, operational risk and other industry-
specific risks.
4.
Risk management ensures that the core risk policies of the Group are consistent, sets the risk tolerance levels and facilitates the implementation of an
integrated risk-adjusted measurement framework.
5.
Risk management is functionally and organisationally independent of the business sectors and other risk-taking units within the Group.
6.
The Board, through the Board Risk Management Committee, maintains overall responsibility for risk oversight within the Group.
7.
Risk management is responsible for the execution of various risk policies and related business decisions empowered by the Board.
Risk management for us is an organisation-wide discipline to which both functional and line-of-business contribute. The process provides stronger focus on integrating
risk management into the decision-making process as well as removing organisational silos. It can also increase understanding on non-financial risk management
particularly in the area of ESG.
We monitor ESG risk to ensure that appropriate due diligence around environmental and social risks is carried out. For this purpose, we undertake active dialogues with
partners and clients to promote transparency and mutual understanding of environmental and social issues in the medium to long run. The challenge in mapping any
risk is that we cannot know everything. But what we can put in place is a strong governance process, the necessary structures and the right people to manage these risks
when they surface.
Moving forward, we aim to strengthen our ESG policies and introduce it as an integral part of the approval process for transactions.
Dr John Lee was named Bank Risk Manager of
the Year 2013 by Asia Risk
G4-14
