BOC HONG KONG (HOLDINGS) LIMITED Mandate of the Risk Committee
  1. Purpose

    1. The Risk Committee (the "Committee") is a standing committee of the Board of Directors (the "Board"). The purpose of the Committee is to assist the Board in discharging its role in monitoring and in exercising oversight over the management of the risk exposures of BOC Hong Kong (Holdings) Limited (the "Company"), Bank of China (Hong Kong) Limited (the "Bank") and its subsidiaries (together, the "Group"). The Management of the Company and the Bank performs the daily risk management responsibilities of the Group according to the risk acceptance criteria as prescribed in the risk appetite statement and policies established by the Committee.

      The following are the oversight responsibilities of the Committee:

      • the establishment of risk appetite, risk profile and risk management strategy of the Group;

      • the identification, assessment and management of the material risks faced by the various business units of the Group;

      • the review and assessment of the adequacy of the Group's risk management policies, process, system and internal control; and

      • the review and monitoring of compliance with the Group's risk management process, system and internal control including compliance with prudential, legal and regulatory requirements governing the business of the Group.

    2. The function of the Committee is oversight. In this regard, the Committee's principal role shall be:

      • reviewing, approving and monitoring high level risk related policy issues;

      • exercising its power of approval on significant or high risk exposures or transactions;

      • reviewing significant breaches of the Bank's risk limits;

      • defining the roles and responsibilities of the Chief Risk Officer of the Company and the Bank and assessing his/her effectiveness and independence in the management of all risk exposures of the Company and the Bank; and

      • evaluating the Company's remuneration system from the risk management perspective.

    3. Within the risk acceptance criteria and policies established by the Committee, the Management of the Company and the Bank is responsible for the development, implementation and operation of risk management process, system and internal control of the Group so as to create and maximize shareholder value by:

      • proactively bringing a risk management perspective to business decisions through promoting awareness of the need to manage risk and the achievement of a balance between risk and return, and inculcating the risk culture in every aspect of the bank's business operation;

        • development of internal rating system and the internal rating-based risk identification, measurement and control procedures to support the measurement and

          monitoring of risk capital and so as to comply with Basel and regulatory requirements;

        • designing and implementing a risk management framework which appropriately balances the "risk and reward" components;

        • ensuring that risk-related policies and procedures are adhered to throughout the Group; and

        • ensuring a better understanding with the Group's major stakeholders about the risk management decision making process.

          The risk management functions of the Company and the Bank, working as a partner with the business units, shall assist the Chief Risk Officer and Chief Executive to manage the risks of the Group and support them in all risk-taking activities.

    4. Roles and Responsibilities
      1. Identification and monitoring of risks

        1. The Committee has oversight responsibility for credit risk, market risk, operational risk, technology risk, interest rate risk, liquidity risk, legal and compliance risk, strategic risk and reputation risk, and any other material risk which may arise from time to time. The Committee is responsible for monitoring these risks on a consolidated basis across the Group.

        2. Risk appetite and strategy

          1. The Committee shall review and recommend for approval by the Board:

            • risk principles and objectives governing the extent to which the Group is willing to assume risk (i.e. risk appetite) based on the Group's strategic objectives, nature and complexity of business, ability to absorb losses in relation to its capital base and the minimum expected return acceptable for a specified level of risk;

            • targeted balance sheet and related business strategies including lending, funding, investment and trading strategies proposed by the Management of the Company and the Bank; and

            • high level risk governance structure of the Group including the mandate and approval authority to be delegated to the highest management, the Chief Executive of the Company and the Bank who is responsible for managing all risk exposures undertaken by the Group arising from transactions approved in the ordinary course of the Group's banking business.

          2. As directed by the Board, the Committee shall be responsible for reviewing and approving major risk management policies including but not limited to the following:

            • scope of risk taking in which the Group is prepared to engage or is restricted from engaging; and

            • risk limits and general risk acceptance criteria covering market risk, interest rate risk, credit risk and liquidity risk limits, and to the extent possible, also all kinds of operational risks.

          3. The Committee shall also consider implications from changes in the Group's external environment (e.g. regulatory environment), business strategy and risk appetite, and initiate necessary changes to the risk management strategy for the Board's approval.

          4. Risk oversight

            1. Approve and review major risk management policies.

              The Committee shall approve and review major risk management policies proposed by the Management and ensure that they are adequate to carry out the Group's risk management strategy, specifically relating to the following areas:

              • general framework of delegation of approval authorities to various levels of the Management;

              • basis and methodologies for risk identification, measurement, monitoring, reporting and validation; and

              • monitoring and reporting of the Group's risk profile, risk exposures against limits, and non-compliance with the Group's risk management policies and procedures.

            2. Review material risk exposures/activities

            1. As the top management, the Chief Executive of the Company and the Bank is responsible for managing all risk exposures undertaken by the Group arising from transactions approved in the ordinary course of the Group's banking business. However, the Committee shall recommend for approval by the Board procedures and thresholds (which could be in terms of risk characteristics, size on single/group borrower basis, complexity and novelty of the transaction, concentration or prudential limits or other criteria which the Committee considers appropriate) beyond which the Chief Executive shall be required to submit his decision to the Committee prior to the Group entering into any binding commitments or taking any steps which may impact on the business reputation of the Group. In reviewing such proposal, the Committee is entitled to rely on the soundness and completeness of risk analysis conducted by the Management and assume that, unless expressly drawn to its attention, all applicable risk management and prudential standards and regulations have been complied with and the Chief Executive is in full support of the proposal. After due and careful consideration, the Committee may:

              • not approve the transaction if it believes there are reasons that the transaction shall not proceed; or

              • concur with the Chief Executive's decision with or without altering any term or condition of the transaction; or

              • refer the transaction to the Board if the Committee considers there are no reasons not to approve the transaction but it is deemed so significant that Board approval is desirable.

            2. The Committee is expected to review, approve and oversee risk-related activities that may significantly alter the Group's risk profile such that substantial upgrading of existing expertise or entirely new expertise is required to manage the risk arising from such activities. These would involve the introduction of new business lines or products and the establishment or substantial expansion of the Group's operation in new or existing geographical locations.

            1. Monitor compliance with the Group's risk management policies and procedures.

              1. Apart from the prior review aforesaid, the Committee shall periodically review material risk exposures approved by the Chief Executive to monitor compliance with the Group's risk management policies and procedures.

              2. The Committee shall review material non-compliance with the Group's risk management policies that may result in significant financial loss or risk implications and proposed rectification actions.

              3. The Committee shall periodically review relevant risk information from the Group's and the Bank's Risk Management Department, Legal & Compliance and Operational Risk Management Department, Financial Crime Compliance Department, Asset and Liability Management Committee, and other business and supporting units as considered necessary.

              1. Roles and responsibilities of the Management

                1. Chief Executive

                  To enhance efficiency and market responsiveness, the Committee shall only be responsible for approving general risk acceptance criteria and high-level policies while the Chief Executive of the Company and the Bank shall be given the authority to approve detailed risk management policies including those relating to specific types of products/borrowers and establishment of detailed implementation procedures within the general criteria and policies approved by the Committee, and to manage the risk profile of the Group to ensure continuity of the Group as an institution and compliance with statutory, regulatory and social obligations through the effective use of key control mechanisms.

                2. Chief Risk Officer

                  The role of Chief Risk Officer is established by the Company and the Bank with the function of assisting the Chief Executive to manage all risk exposure of the Group. The Chief Risk Officer who receives reports from the risk management functions of the Company and the Bank acts independently with his/her mandate being set by the Committee and performance appraisal being approved by the Board. However, in his/her day-to-day functioning, the primary reporting line of the Chief Risk Officer shall be to the Chief Executive. The Chief Risk Officer shall support the Chief Executive who is responsible for all risk-taking activities. The Risk Committee shall also provide inputs to the Chief Executive Officer in the appraisal and evaluation of the performance of the Chief Risk Officer.

                3. Reporting Responsibilities

                  1. The Committee shall report to the Board on the matters set out in this Mandate, regularly update the Board about the Committee's activities and consider other topics as defined by the Board.

                BOC Hong Kong (Holdings) Ltd. published this content on 11 November 2016 and is solely responsible for the information contained herein.
                Distributed by Public, unedited and unaltered, on 11 November 2016 09:52:47 UTC.

                Original documenthttp://www.bochk.com/dam/bochk/an/2016/20161111d_en.pdf

                Public permalinkhttp://www.publicnow.com/view/B38C1E9F0B5E49056EE133E925DD389472869A18