4. Operational Risk The operational risk is the risk that arises from
the damage that occurs from lack of good corporate governance within the organization. Risk may also arise from the inadequate efficiency of the internal audit and internal control systems which could be relating to internal operation process, personnel, systems or external events. This also includes legal risks such as litigations, exploitation by
the government and also damage from settlements outside
the courtroom. Such risks can pose adverse impact on other risks, especially strategic risk and reputation risk. TBANK has established policies and guidelines to ensure the prevention and monitoring of this type of risk.
As the internal control system is an important tool in controlling and preventing potential risk that may occur, TBANK has implemented an efficient internal control system as follow: • Regarding the organization of the Bank’s structure, TBANK has specified the roles, the scope of duties and responsibilities for each position, based on a system of check and balance. The front office where all the transaction takes place is separated from the middle office, comprised of the Risk Control Department and the back office who record all items in the transactions. • Establish the transaction-supporting units which are independent and have expertise in their respective fields of work such as information technology unit, legal and appraisal unit in order to prevent any possible errors that may arise • Put operational procedures and regulations related to all types of transaction, staff manuals as well as the authority ranks for approval in writings as a guideline to set the same standards for all internal operations within the organization • Establish the Audit Committee and the Risk Management Committee to control, monitor, and assess
the risks of TBANK. The committees are responsible for examining and correcting the pitfalls in order to create soundness and efficiency in the Bank’s operation. • Improve the management of the information technology system and information security system in order to enhance its potential to accommodate business expansion and gain credibility from the customers in the aspect of data and technology. A particular focus is given to the prevention of damages from unauthorized access to the Bank’s information.
58
Annual Report 2012 Thanachart Bank Public Company Limited
• Formulate the Business Continuity Plan which consists of an emergency plan, a plan for backup systems, and a business recovery plan to prevent disruption in business operation. In addition, the drills are essential to test for
the readiness and to consistently improve the plans for its effective implementation. TBANK also employs the services of the third party to operate some group activities as per the direction of the work operations of financial institutions at present and in the future. TBANK determines policies in order to manage the risk that may occur from outsourcing. These policies have to also be subject to regulations of BOT and must be beneficial to
the internal control of the Bank as well. In the measurement and assessment of operational risk, TBANK determines a principle, form or condition of the process used in the measurement and assessment of risk in TBANK. In the determination of this process, TBANK considers the circumstantial factors such as supervising guidelines of the government units associated with the Bank, state and complexity of the business, the capability of the Bank in accepting risk, probability, likelihood or frequency as well as the impact or severity of risk that has happened or may happen. As per BOT specification for commercial bank to maintain the funds to risk-weighted assets in credit, market and operation according to Basel II guidelines, TBANK has employed the Basic Indicator Approach to calculate operational risks. In addition, to monitor operational risk, TBANK determined a policy for executives of each department to have the responsibility of monitoring the risk and consider a part of their regular duties. This will help promptly inform all of the risk and problems that occur and to respond to the changes in each time period in an appropriate and timely manner, not damaging to the Bank. Nevertheless, to inform of the result of business operations and problems that occur, as well as trends and changes in information of risk factors, TBANK organized a filing and reporting of the information associated with operational risk management such as information on data loss, key risk indicators and important risk points to be continually and regularly reported to the Board of Directors, the Risk Management Committee and the executives to use in the determination of policies, to develop a sufficient risk management system and to be a tool in aiding TBANK to evaluate the capability and efficiency of the internal control system.