Overview of Risk Management
In 2020, the Thai economy contracted sharply by 6.1 percent, mainly due to COVID-19 pandemic which spread globally like wildfire. In the first half of the year, the government sector imposed a number of coronavirus containment measures. As a result, almost all sectors of the economy had to come to a temporary standstill. In particular, the tourism sector ground to a halt as no tourists were allowed to enter the country. The export sector was also hard hit by the sharply falling demand of counterpart countries in line with the lockdown measures and the economic slowdown of counterpart countries. As well, private consumption weakened in line with strict suppression measures and reduced employment despite the fact that later the government eased the measures and rolled out stimulus and relief packages. Moreover, private investment was depressed as the pandemic forced investors to postpone investment spending in line with a decrease in demand for goods and services. On the other hand, public spending increased considerably, mainly due to expenditure related to COVID-19 containment and economic stimulus measures. In this connection, in 2020 the BOT and the financial institutions worked together in launching relief packages aiming at mitigating the adverse effects from the COVID-19 outbreak. Meanwhile, the BOT’s Monetary Policy Committee (MPC) passed a resolution to cut the benchmark interest rate by three times in 2020. As a result, the policy rate dropped to 0.50 percent per annum in keeping with the prevailing economic conditions. As regards loans, in 2020 the Thai commercial banking sector recorded a year-on-year positive growth. Noteworthy was the growth of both corporate loans and retail loans. As regards deposits, deposits increased in line with the increase in loans while non-perform loans rose in line with the weakened economy.
The Thai economy is expected to recover and grow by 2.5 - 3.5 percent in 2021, according to the Office of the National Economic and Social Development Board (NESDB). The major factors contributing to the growth include the increasing volume of international trade as well as the improving global economy, thanks to the progress made in COVID-19 vaccine distribution and further relaxation of lockdown measures. On the other hand, the public sector’s disbursements and the domestic demand which is expected to grow slowly are two other key supporting factors which help contribute to this year’s economic growth.
The Board of Directors and high-level executives of the Company have been placing emphasis on transparency management by keeping on overseeing, monitoring, and developing risk management systems on an on-going basis, ensuring that the various measures remain appropriate and timely in dealing with changing risks, both internal and external. The Company has also established an organization structure which support the risk management in line with the policy framework of various committees, with details as follows:
The Company’s Risk Management Structure
The Company’s Board of Directors has a role in policy determination and establishes guidelines for an efficient enterprise-wide risk management including risk management and business continuity management of Thanachart Group, ensuring that it is efficient and in line with the Company’s operations by taking into consideration the impact of risks on the Company’s operational goal and financial position.
Executive Committee has a role in considering and approving all activities to be in line with the Company’s Risk Management Policies, as well as, assessing the business continuity management of Thanachart Group to present to the Company’s Board of Directors for approval.
Risk Oversight Committee has a role in proposing the Company’s Risk Management Policy and the Group’s Risk Management Policy to the Company’s Board of Directors for approval. The Committee also establishes risk management strategic plans to be in line with the Risk Management Policy and revises the sufficiency of the Company’s Risk Management Policy including the efficiency of the system and practice of the specified policy. Furthermore, it has a role to control, monitor, and supervise the Company and the companies under the Group to comply with the Risk Management Policy as well as regularly report the result of the compliance to the Board of Directors including the adjustments to conform to specified policies and strategies.
Audit Committee has a role in determining the supervisory guidelines for the operation, ensuring that the Company and the Group are operating in compliance with measures of related authorities. The Committee also has a role in assessing the effectiveness and competency of the overall Group’s risk management process and sufficiency of overall internal control system.
The Company’s Risk Management Structure Chart
As at 31 December 2020
- The conduct of business affairs is under a system of check and balance with Middle Office comprising of the Risk Control Unit and Back Office, being separated from the Front Office.
- The Company puts in writing of all the established policies and guidelines regarding the risk management that specifies responsibilities of related unit as the operational guidelines for the employees. Moreover, the Company has established a four-step guideline for risk management. The guideline includes 1) the identification of the characteristics of risk as well as risk factors, 2) the development of appropriate tools and models for risk measurement, 3) the control of risks within acceptable limits, and 4) the close monitoring of risk status in order to properly manage any possible risks in a timely manner.
- The differences in size and risk ratios determined for each exposure measured by tools and models allowed the Company to be able to perceive the degree of severity from the possible risks. These risk variables could also be used as a ceiling or the acceptable risk level as well as to provide warning signals before severe losses occur.
- The risk management report is presented to the board of directors of each subsidiary company and the overview report is presented to the Company’s Board of Directors in a periodic and timely manner.
The aforementioned risk management systems are developed based on prudent principles and will be reviewed regularly to suit prevailing situations. The systems are designed to be transparent, explicit, and examinable, and to take into consideration the interests of shareholders, customers, and staff.Key Risk Categories
Credit risk arises from a situation in which the debtors or counterparties fail to repay or fulfill their agreed obligations. This might be contributed by the fact that the debtor’s financial position is under distress due to volatilities of economic conditions that pose adverse impact on businesses or the debtors’ mismanagement, which as a result, may adversely affect the Company and its subsidiaries’ earnings and capital. The credit risk may arise from ordinary financial transactions such as credit lending, financial obligations in the form of avals or guarantees, other transactions related to credit lending, as well as investment in debt instruments issued by state agencies or state enterprises with neither guarantee from government nor the BOT and private debt instruments such as debentures.
Under its credit risk management policies and guidelines, the Company and its subsidiaries have successfully established a credit culture. To start with, the credit risk of the borrowers or counterparties or issuers of debt instruments will be independently assessed by the model developed specifically to each type of borrowers or counterparties by the Credit Analysis Unit. At this juncture, authorized Credit Committee would then consider and determine the level of credit risk of borrowers or couterparties, appropriate credit lines and investment budget, as well as terms and conditions on loans or other obligations. The Committee also controls the overall risk status by appropriately diversifying credit risk into various business sectors and groups of customers within the established risk ceilings. In addition, the Committee closely monitors the quality of loans to ensure proper and vigilant management by emphasizing on business capability and repayment ability under the supervision of an independent risk control unit-ensuring that credit transactions are in line with the policies and guidelines of credit risk management.Key Credit Risk Factors
Credit Concentration Risk
The Company and its subsidiaries aim to appropriately diversify its loans to various groups of customers, focusing on high potential customers and attempt to prevent concentration of loans to a particular group of customers. Group limits and single limits are set in accordance with risk level of the borrowers. Analyzing and monitoring are carried out, and results are regularly reported to relevant committees to minimize risks from uncontrollable factors. Furthermore, the Company and its subsidiaries has loan portfolio management and analyzes the loan portfolios in general, and manages the portion of the portfolios in correlation with circumstantial changes for maximum return under acceptable risk levels.
Risk of Non-performing Loans
Non-performing loans are loans classified as substandard, doubtful, and doubtful of loss. They have been the major concerns of each financial institution. They have adverse effect on earnings and capital of the Company. At this juncture, the Company and its subsidiaries have focused efforts on controlling credit quality through appropriate policies and procedures to regularly monitor the quality of the loans.
Risk from Collaterals
For collateralized loans, the Company and its subsidiaries carefully assess and classify quality of each type of collateral by taking into account the liquidity and overall risk from that collateral. The assessment result is one of the important factors applied in the classification of each credit exposure. In this regard, the collateral, both in the form of immovable and movable whose value could be appraised, is subject to appraisal or valuation complying. The Company and its subsidiaries significant types of collaterals are marketable equity securities, commercial immovable property, immovable property from housing, vehicles, machinery, etc. The Company and its subsidiaries have determined guidelines, standards, and frequency of appraisal and valuation of each type of collateral. Furthermore, a report of the appraisal and valuation is made which includes clear and sufficient data and analysis to determine the price. In case that it cannot be specified whether the collateral price has decreased or depreciated over time, the impairment of the asset must be considered by a concerned official.
Risk from Impairment of Property Foreclosed
The Company and its subsidiaries consider setting aside allowance for impairment of property foreclosed, by using the guidelines on setting aside allowance for impairment of property foreclosed and also by exercising discretion in estimating impairment loss when it is found that the value expected to be received from the property would be lower than the book value, taking into account the most recent appraisal value of the property, as well as type and characteristics of the property.
- Credit Concentration Risk
The market risk arises from movements in interest rates, exchange rates, and prices of instruments in money market and capital market, which may adversely affect earnings and capital of the Company and its subsidiaries. It could be divided into two main risks including price risk and interest rate risk. In this connection, the Company and its subsidiaries had adopted a risk oversight and management policy aiming at keeping the risk at an appropriate level and in compliance with the Risk Management Policy of the Company and its subsidiaries.
Price risk is the risk arising from the decrease in revenue or from negative impacts on the value of financial assets or liabilities. When the prices of debt instruments or equity instruments change, the available-for-sale investments and trading investments of the Company and its subsidiaries may be reduced in value.
The Company and its subsidiaries have developed risk measurement tools based on the Value-at-Risk model (VaR Model) to estimate the maximum loss amount at a certain confidence level and over a given asset holding period. The Company and its subsidiaries had imposed various ceilings in relation to of transaction in order to control risk to remain in an acceptable level, for example, Position Limit and Loss Limit. The Risk Control Unit separated from the front office and back office, has the duty of risk control and reporting on the status of the ceilings imposed on various risks to the Board of Directors and departments and executives associated to the risk management in order to respond to the risk in a timely manner. The Company and its subsidiaries had designated the Executive Committee to be responsible for overseeing and monitoring this type of risk.
Interest Rate Risk
Interest rate risk is the risk that earnings or capital are adversely affected by changes in interest rates that pose impact on its rate-sensitive items including assets, liabilities, and off-balance sheet items. These changes may have a negative impact on net interest income and capital fund of the Company and its subsidiaries.
It is a goal of the Company and its subsidiaries to run their business operatings under a long-term effective interest rate risk management system, in other words, to maintain an appropriate structure of assets and liabilities which are rate-sensitive at different time intervals. To ensure maximum benefits of the Company and its shareholders, the Company and its subsidiaries have developed the Repricing Gap Analysis Model as a tool for measuring interest rate risk by assessing the impact that may arise from the mismatch of the repricing periods of assets, liabilities, and obligations at different time intervals, which is used for risk measurement every month. In order to ensure that the risk of the Company and its subsidiaries business operation is within an acceptable limit, they have also established an acceptable risk ceiling and an early warning risk level, taking into consideration the structure of assets, liabilities, and obligations as well as interest rate repricing which are expected to take place in each period of the Company and its subsidiaries’ business plan. The Executive Committee is responsible for monitoring and controlling such risk very closely. To effectively design appropriate measures to accommodate the risks, the committee has to monitor economic conditions, development in the money market and capital market, and the interest rate trend which could become important interest rate risk factors.Details of Financial Assets and Liabilities as at 31 December 2020 Classified by the Period when the Interest Rate would be Repriced in Accordance with Contract Related to Financial Assets and Liabilities of the Company and Its Subsidiaries were as follows:
(Unit: Million Baht)
Items Period of Interest Rate Repricing of Due Date Floating Interest Rate At Call 0-3 Months 3-12 Months 1-5 Years Over 5 Years Non-interest Bearing Total Financial Assets Cash - - - - - - 2 2 Interbank and Money Market Items 2,334 - 452 4,963 - - 49 7,798 Financial Assets Measured at Fair Value through Profit or Loss - - 46 155 444 735 1,977 3,357 Derivatives Assets - - - - - - 145 145 Investments - - 8,461 8,613 1,949 270 2,357 21,650
Loans to Customers
3,174 2,026 226 17,104 29,330 19 630 52,509 Receivables from Purchase and Sale of Securities - - - - - - 1,247 1,247 Other Assets - - - - - - 2,223 2,223 Total Financial Assets 5,508 2,026 9,185 30,835 31,723 1,024 8,630 88,931 Financial Liabilities Interbank and Money Market Items - 990 3,977 955 7,390 - - 13,312 Derivative Liabilities - - - - - - 14 14 Debts Issued and Borrowings 52 - 4,105 1,525 21,248 6,957 - 33,887 Other Liabilities - - 2 11 201 221 2,326 2,761 Total Financial Liabilities 52 990 8,084 2,491 28,839 7,178 2,340 49,974
- Price Risk
Liquidity risk arises from the inability of the Company and its subsidiaries to repay their debts or obligations upon the delivery date due to the lack of ability to convert assets into cash or to mobilize adequate funds or to mobilize funds at an acceptable cost. This could adversely affect the current and future earnings and capital of the Company and its subsidiaries. The liquidity risk management mechanism starts with the assessment of the cash flows and liquidity position over particular time horizons of the Company and its subsidiaries when the different levels of funds may be required to accommodate borrowings upon maturities, to reduce other types of liabilities, or to acquire of assets by using Liquidity Gap Analysis, various liquidity ratios, and “What If” scenarios to evaluate the sufficiency of the cash flow liquidity depending on customer behavior in extending contracts upon maturity and estimate the need of liquidity in various “What If”scenarios.
Meanwhile, the Company and its subsidiaries develop an emergency plan in the case of a liquidity problem and there will be a revision of the significant occurrences that affect working operations. In this regard, the Company and its subsidiaries have assigned the Executive Committee in controlling and managing the liquidity risk to monitor and manage risk on a regular basis.
The Structure of the Company and Its Subsidiaries’ Funds Classified by Source of Fund and Maturity Date are as follows:
Capital Funds Classified by Source of Fund 2020 2019 Million Baht Percent Million Baht Percent Interbank and Money Market Items 13,312 28.20 15,660 25.91 Debts Issued and Borrowings 33,887 71.80 44,780 74.09 Total 47,199 100.00 60,440 100.00
Capital Funds Classified by Maturity Date
2020 2019 Million Baht Percent Million Baht Percent Less than 1 Year 11,604 24.59 36,669 60.67 More than 1 Year 35,595 75.41 23,771 39.33 Total 47,199 100.00 60,440 100.00
Financial Assets and Liabilities as at 31 December 2020 Classified by Maturity Date were as follows:
(Unit: Million Baht)
Items Maturity Date of Financial Instruments At Call Less than 1 Year Over 1 Year Unspecified Total Financial Assets Cash 2 - - - 2 Interbank and Money Market Items 2,375 5,423 - - 7,798 Financial Assets Measured at Fair Value through Profit or Loss - 920 460 1,977 3,357 Derivatives Assets 142 3 - - 145 Investments - 17,074 2,219 2,357 21,650
Loans to Customers
5,703 17,348 29,458 - 52,509 Receivables from Purchase and Sale Securities - 1,247 - - 1,247 Other Assets 1,141 1,064 18 - 2,223 Insurance Assets Premium Receivables 670 - - 670 Reinsurance Assets
- Claims Reserves
- 156 54 - 210 Reinsurance Receivables - 99 - - 99 Total Financial Assets and Insurance Assets 9,363 44,004 32,209 4,334 89,910 Financial Liabilities Interbank and Money Market Items 990 4,932 7,390 - 13,312 Derivatives Liabilities - 14 - - 14 Debts Issued and Borrowings 52 5,630 28,205 - 33,887 Other Liabilities - 2,428 333 - 2,761 Insurance Liabilities Insurance Contract Liabilities
- Loss Reserves and Outstanding Claims
- 1,358 481 - 1,839 Due to Reinsurers - 719 - - 719 Total Financial Liabilities 1,042 15,081 36,409 - 52,532 Commitments Other Commitments 1 - 63 - 64
The operational risk is the risk that arises from the damage that occurs from lack of good corporate governance within the organization. Risk may arises from the inadequate efficiency of the internal audit and internal control systems which could be relating to internal operation process, personnel, systems or external events and adversely affect the Company and its subsidiaries’ operating income and capital. This also includes legal risks such as litigations, exploitation by the government, and also damage from settlements outside the courtroom. Such risk can pose an adverse impact on other risks, especially strategic risk and reputation risk.
The Company and its subsidiaries are well aware that efficient operational risk management is crucial to the business to achieve goals sustainably. Under current uncertainties, the Company and its subsidiaries, thus, place importance on efficient and effective operational risk management that is sufficiently comprehensive across the Company and its subsidiaries, so that timely preparations can be made in unexpected situations and increasingly stringent regulations are followed. The Company and its subsidiaries set Operational Risk Policies and management that gear toward risk protection and monitoring. In addition, as internal control is a key mechanism in controlling and mitigating possible damage, the Company and its subsidiaries ensure that there is a strong internal control system: an organization structure that has counterbalance, transaction-supporting units with a specialized skill set and independence to reduce possible errors, practice regulations applicable to all types of transactions, information technology system management and data security system, including the business continuity plan.
The Company and its subsidiaries determine a principle, form or condition of the process used in the measurement and assessment of internal risks of the Company and its subsidiaries. In the determination of this process, the Company and its subsidiaries consider the circumstantial factors such as supervising guidelines of the government units associated with the Company, state and complexity of the business, the capability of the Company in accepting risks. The Company has also put in place the tools for important operational risk management e.g. Risk and Control Self-Assessment, Key Risk Indicators (KRIs), in case of disaster and loss storage (Loss Data), the use of external service providers for Thanachart Group (Outsourcing Policy), incident management, and business continuity plans (BCP).
In addition, to monitor operational risk, the Company and its subsidiaries determine a policy for executives of each department to be responsible for monitoring the risk by considering this as a part of their regular duties. This will help identify all risks and problems that occur in order to respond to the changes in an appropriate and timely manner and not damaging to the Company and its subsidiaries. Nevertheless, to be informed of the result of business operations and problems that occur, as well as trends and changes in information of risk factors, the Company and its subsidiaries organize a filing and reporting of the information associated with operational risk management to be continually and regularly reported to the Board of Directors, the Risk Oversight Committee, and high-level executives to use in the determination of policies, to develop a sufficient risk management system, and to be a tool in aiding the Company and its subsidiaries to evaluate the capability and efficiency of the internal control system.
Information Technology Risk
Today, information technology plays a very important role in the business operations of the Company and its subsidiaries, particularly in increasing efficiency in providing customers with financial services which are accurate, efficient, safe and meet customer needs at a lower cost. The Company and its subsidiaries recognize that the use of information technology which is changing rapidly all the time, may pose risks to service-related security, customer information, service continuity and impacts on the business operations of the Company and its subsidiaries. As a result, the Company and its subsidiaries pay great attention to the management of information technology risks, ensuring that they are managed in line with international standards. Emphasis is placed on protecting information and interests of customers, taking into consideration three key principles including 1) Confidentiality - security of systems and information, 2) Information integrity - trustworthiness and dependability of systems and information, and 3) Availability - ability to make systems and information accessible as needed.
To enable the Company and its subsidiaries to manage information technology risks in an efficient and continuous manner and also in line with the nature of their business operations, volume of transactions, information technology complexity, and related risks such as operational risk, strategic risk, reputational risk and legal risk, the Company and its subsidiaries have established a risk governance framework based on the fundamental principle of the three lines of defense - a guide to how responsibilities should be clearly divided and segregated. These include the following: 1) operations of information technology, 2) management of information technology risks, and 3) audit of information technology. Moreover, the Company and its subsidiaries have established the policy and standards for ensuring information technology security, the policy on information technology management, regulations as well as procedures and processes related to risk management. Importantly, they provide Directors, executives and staff with knowledge and awareness of information technology risks on a continuous basis.
The Company and its subsidiaries have put in place the following processes for managing the information technology risks in line with international standards.
- The risk assessment consists of 1) risk identification, 2) risk analysis, and 3) risk evaluation. The objectives are to estimate the likelihood that the risks may arise and to assess the extent of effects on business operations.
- As regards risk treatment, the Company continues to manage, control and prevent the risks in an appropriate manner, in line with the risk assessment results. The objective is to keep the remaining IT risks at an acceptable level. In this connection, the Company has established a number of IT key risk indicators.
- The Company has put in place a process for monitoring, reviewing and reporting the risk, ensuring that the IT risk is at an acceptable level. In this connection, reports are presented regularly to the committee concerned.
This type of risk arises from the inappropriate formulation of strategies, business planning, and implementation which are not compatible with internal setups and external environment, resulting in an adverse impact on earnings, capital or the existence of the Company and its subsidiaries. In managing the strategic risk, the formulation of strategies of the Company and its subsidiaries will be considered over the three years ahead, with the review required annually or in the case of an external event that may impact the achievement of the Company’s business goals. The Executive Committee is responsible for regular monitoring and evaluating the performance of the work units upon the established targets stated in the annual operation plan.
The reputational risk means a risk that occurs when the public i.e. customers, strategic or alliance partners, investors, and regulators have a negative perception of or lose confidence in the Company and its subsidiaries. This risk may impact the Company and its subsidiaries’ revenue and/or capital at present and in the future. Reputational risk may arise from noncompliance with corporate governance and business ethics, or nonconformity to the laws, regulations, as well as the Company and its subsidiaries practice rules.
The Company and its subsidiaries have continuously taken into account the importance of the reputational risk. The policy consists of reputational risk framework and reputational risk management processes which entail reputational risk assessment and measurement divided into 5 levels of impact and likelihood, reputational risk prevention by raising awareness and devising measures to prevent reputational risk events, regular monitoring and reporting to relevant committees, including risk management in case of high and very high risk levels. The Company and its subsidiaries set up a main working unit to be directly responsible for risk management processes.
The regulatory risk arises from incompliance to laws, regulation, requirements, standards, and guidelines in the Company and its subsidiaries transactions which can lead to financial loss, reputation damage, and interference by state entities. Also, there are risks from the amendments or changes in regulations, laws or requirements of the authorities especially the SEC, the SET, the OIC, the AMLO, the BOT, etc. Such changes may affect the strategies and business operations of the Company and its subsidiaries.
The Compliance Unit of each member company of Thanachart Group is the department responsible for ensuring that the companies are incompliance with regulations and requirements from related various state agencies and the Code of Business Ethics. The department also provides advices and disseminates knowledge to executives and employees. Furthermore, it helps high-level executives to effectively manage risk of regulatory violation. The role and responsibilities do not overlap with the Internal Audit Department. As well, its specific responsibilities Among others, these included work related to participation in Thailand’s Private Sector Collective Action Coalition Against Corruption (CAC) and collaboration with the regulators or state agencies concerned. In this connection, related reports would be sent to the top management as well as the Audit Committee of each company in parallel.
In evaluating regulatory risk, the Compliance Department assesses incompliance risks in various transactions by considering all related internal and external factors for the Company. These include regulatory climate and outlook of the authorities, auditing assessment by the officials, business policies, debates and complaints, internal audit, and internal work procedures. The consideration is placed on the magnitudes of possible impact and likelihood of occurrence in each aspect of incompliance risks. Random review is executed to comply with Control and Monitor standard, and a recommendation is proposed to correct errors and improve performance.