Risk Management

Risk
Management

หัวข้อในหน้านี้

The ability to systematically and effectively
manage risks in a constantly changing context
is crucial to long-term business resilience
and capabilities.
The ability to systematically
and effectively manage risks
in a constantly changing
context is crucial to
long-term business resilience
and capabilities.

Risk Governance

SCBX has integrated risk management and considerations into every business process, with governance bodies overseeing coordinated efforts at every level, from the director and management down to the operational level. In addition, the Board of Directors is responsible for formulating SCBX Group Risk Management Policy, covering relevant risks and business continuity management of the Group, including internal control to ensure that SCBX Group has in place a risk governance framework that fosters a risk culture.

At the same time, sub-committees are responsible for overseeing, supporting, reviewing, and ensuring that SCBX Group has in place appropriate policies and strategies covering key risks and emerging risks under management of the Risk Office, tasked with driving group-wide risk management practice.

Risk Management Process

SCBX manages risks systematically and continuously through a review of risks and risk levels, scenario analysis, stress testing, defining business continuity management plans, organizing regular training sessions, and regularly auditing the risk management process.

Risk Identification

SCBX has identified key material risks and reviews business operations and strategies across the entire Group on a regular basis to assess any emerging risk that could become material to the SCBX Group.

Risk Assessment and Measurement

SCBX performs risk self-assessment and measurement to identify the likelihood and potential severity of any impact of risks to operations, using a wide range of quantitative and qualitative methods. SCBX also performs stress tests to implement forward-looking risk management.

Risk Control and Monitoring

The SCBX Group has established Group Risk Appetite Statements for key risk indicators and risk limits to control and monitor pre-specified material risks with plans to manage and mitigate any risk impacts.

Key Material Risks
  • Strategic Risk
  • Credit Risk
  • Investment Risk
  • Liquidity Risk
  • Market Risk
  • Technology and ICT Risk
  • Operational Risk
  • Legal and Compliance Risk
  • Reputational Risk
  • People Risk
  • Model and Artificial Intelligence (AI) Risk
  • Environmental, Social, and Governance (ESG) Risk

Read details of key material risks in the annual report of SCBX.

Risk Identification

SCBX has identified key material risks and reviews business operations and strategies across the entire Group on a regular basis to assess any emerging risk that could become material to the SCBX Group.

Risk Assessment and Measurement

SCBX performs risk self-assessment and measurement to identify the likelihood and potential severity of any impact of risks to operations, using a wide range of quantitative and qualitative methods. SCBX also performs stress tests to implement forward-looking risk management.

Risk Control and Monitoring

The SCBX Group has established Group Risk Appetite Statements for key risk indicators and risk limits to control and monitor pre-specified material risks with plans to manage and mitigate any risk impacts.

Key Material Risks
  • Strategic Risk
  • Credit Risk
  • Investment Risk
  • Liquidity Risk
  • Market Risk
  • Technology and ICT Risk
  • Operational Risk
  • Legal and Compliance Risk
  • Reputational Risk
  • People Risk
  • Model and Artificial Intelligence (AI) Risk
  • Environmental, Social and Governance (ESG) Risk

Emerging Risks

The current business context consistently exposes organizations to unprecedented external risk factors, ranging from geo-political conflicts, political instability and disturbances, macro-economic disruptive changes, natural disasters, terrorism, cyber-attacks, pandemics, as well as supply chain disruptions. SCBX continues to manage these risks through simulation models and stress testing while deploying business continuity plans with periodic tests which are specified as part of enterprise risk management.

SCBX reviews emerging risks resulting from events or factors that may cause mid-to-long-term disruptions to the company’s business models or activities.

QuantumComputing

Importance

As innovation and technology development in quantum computing advance over the next five to ten years, along with opportunities, there will be increased risks to the global financial technology sector.

Impact to the Group

Quantum computing can lead to cybersecurity risk and significantly impact SCBX Group’s business model. If used maliciously, it could break the systemically important cryptographic underpinnings of the infrastructure on which enterprises and the wider digital economy rely.

Management Approach

SCBX has invested in quantum computing ventures, such as 1Qbit through SCB 10X, to keep abreast of developments in this emerging technology and understand the new risks it brings. At the same time, an SCBX Technology Research & Development Program is being implemented to continuously improve the Group’s competitiveness.

Cybercrime, Cyber Terrorism, and State- Sponsored Activity

Importance

While the statistical chances of global cyber threats continue to increase, such threats have also evolved in terms of complexity and variety, all of which inevitably impact business, whether in terms of potential business loss, decreased economic value, or customer trust.

At the same time, geo-economic confrontation risk makes the adoption of technology crucial to a country’s strategic direction in order to become a global economic powerhouse. This increases the risk of financial sectors unknowingly falling victim to state-sponsored cybercrime and cyber terrorism.

Impact to the Group

SCBX continues to invest in innovations and new platforms to keep up with evolving threats from criminals and terrorists who have advanced their tactics by utilizing new technologies, including platforms which are crucial to SCBX’s business direction.

SCB, a subsidiary of SCBX, also operates a financial crime and fraud prevention division that safeguards account holders around the clock has noted a steady rise in technology-enabled fraud and cybercrimes as the Group moves ahead in creating new digital channels toward SCBX Group’s strategic growth.

Management Approach

SCBX Group has established a Cyber Risk Center of Excellence (CoE), tasked with equipping the Group with advanced tools, knowledge, and training to build needed skills and capabilities. The Cybersecurity CoE will also build collaboration opportunities across the regional financial infrastructure sector andother critical sectors on issues such as cybercrime and advanced cyber protection to assess the Group’s resilience in the face of these expanding threats as well as contribute to the nation’s security.

Cultivating a Risk Culture

Recognizing that risk management is the duty of every employee, the SCBX Group has fostered and embedded a risk culture as part of everyday work through organizational management systems and various activities to drive shared risk and management responsibility throughout the organization.

Three Lines of Defense

Encouraging the adoption of “Three Lines of Defense” among the First Line (Business and support units), the Second Line (Risk Management and Compliance), and the Third Line (Internal Audit), while identifying risk assessment, mitigation measures, and monitoring.

Raising awareness
Tone from the Top

Regularly communicating the importance of risk management and conducting year-round sharing sessions with employees covering risk policy and best practices through internal communication channels.

Training

Specifying risk management as one of the mandatory courses for which all employees must register and pass testing.

Praise and Recognition

The SCBX Group by SCB builds engagement in risk management through ‘Risk Culture Recognition’ activities in which awards are given to executives and employees demonstrating best practices related to operational risk management, personal data protection, and crisis management.

Risk reporting

Providing channels for providing information or notifying risk incidents through a Whistleblower channel, the Internal Audit Unit/People Unit or assigned person is responsible for managing, collecting, screening, and investigating complaints or clues received. If there are proven grounds for a complaint, the matter will be escalated in accordance with the Company’s policy and a report presented to the Audit Committee every quarter. It is the Company’s policy to maintain strict confidentiality to protect whistleblowers and informants as well as provide appropriate and fair protection.

Explore
Strengthened Foundation

ทำความรู้จัก รากฐานความยั่งยืนที่แข็งแรง

Explore
Strengthened
Foundation

ทำความรู้จัก รากฐานความยั่งยืน
ที่แข็งแรง

Explore
Strengthened Foundation

Get to know the strong foundation of sustainability

Explore
Strengthened
Foundation

Get to know the strong
foundation of sustainability

  • Corporate Governance