CDB’s risk management overview

GRI 2-12, 2-25

Risk management is at the core of every decision-making process as CDB navigates through heightened economic, financial, and regulatory risks. Our purpose is to safeguard value, promote value creation, and ensure long-term sustainability. Managing strategic risks is crucial for both value creation and protection. CDB’s enterprise-wide risk management approach enhances performance, fosters innovation, and facilitates the accomplishment of strategic objectives by capitalising on opportunities that drive business growth. The responsibility for risk management lies with the Board, which establishes the risk appetite, approves policies and limits, and ensures their implementation across CDB through appropriate risk tolerance limits and structures. To fulfil its obligations, the Board is supported by various committees, comprising experts with in-depth knowledge of their respective domains, to ensure that we achieve our risk-related objectives to the best of our capabilities.

Our ERM approach and governance

CDB’s enterprise-wide risk management framework encompasses a comprehensive approach to identifying, assessing, and mitigating risks across all facets of its operations. It involves the development and implementation of robust risk management policies, procedures, and controls to ensure effective risk governance and compliance with regulatory requirements. The framework includes a systematic process for risk identification, risk assessment, and risk monitoring to proactively manage potential threats. CDB maintains a strong focus on financial stability and the protection of stakeholders’ interests by continuously evaluating and managing strategic risk, credit risk, operational risk, liquidity and funding risk, market risk, capital risk, IT and security risk, as well as regulatory and compliance risk. Regular risk reporting and analysis are integral components of the framework to facilitate informed decision-making and foster a risk-aware culture within the Company.

Our enterprise risk management framework (ERMF)

Our Enterprise Risk Management Framework (ERMF) provides the governance structure and approach to identify, assess, and manage risks across the entire organisation, together with a clear risk appetite aligned with our strategy. By implementing the ERMF, we have enhanced risk awareness, strengthened decision-making processes, and improved the ability to proactively mitigate potential threats. It has helped us achieve regulatory compliance, safeguard assets, maintain stakeholder confidence, and ultimately, ensure the long-term sustainability and success of the Organisation.

Through the framework, we created higher levels of assurance and visibility about potential risks and provided clarity on risk identification and mitigation. The implementation of ERMF has enabled regulatory compliance, ensuring adherence to industry standards and minimising legal and reputational risks. Moreover, it has inculcated a risk-aware culture throughout the Organisation, fostering accountability and promoting transparency. Additionally, employees have benefitted from improved risk communication, increased awareness, and effective risk management practices, contributing to a positive work environment.

CDB Strategy

Governance and Structure

ERM
Framework

Managing risk is a key part of CDBs' everyday activities. The framework ensures risks are managed in a consistent way across the Company with appropriate oversight and accountability.

BOD and
its subcommittees

The board has the ultimate responsibility for the oversight of risk, including approval of strategy and risk appetite.

Management risk oversight committees

These committees are responsible for management of all risks and implementation of risk governance processes, standards, policies, and frameworks.

Three lines of defense

CDB uses the three lines of defense governance model which promotes transparency, accountability, and consistency through the clear identification and segregation of roles. This emphasises the fundamental concept that risk ownership and management are everyone's responsibility across all levels of the hierarchy.

ERM processes

Risk appetite

Top risks and emerging threats

Risk matrix

Stress testing

CDBs' risk appetite statement sets out the aggregate level and types of risk that the Company is willing to accept to meet its strategic objectives. ERM processes enable CDB to measure, monitor, actively manage, and mitigate risks to ensure it remains within risk appetite.

Control framework

Risk standards, frameworks, policies and internal controls underpinned by:

Systems, data, and infrastructure

Risk culture and values

Our risk culture

Creating a risk culture that fosters long-term value for customers and stakeholders is integral. This involves open communication and accountability at all levels, promoting a proactive approach to risk management, encouraging continuous improvement, aligning risk objectives with business goals, and ensuring transparency in decision-making processes. Our risk culture is built on four principles: enforcing robust risk governance; balancing growth with stability; ensuring accountability for all our risk-based decisions and actions; and encouraging awareness, engagement and consistent behaviour in every team member. Each of these principles is founded on our distinctive set of values (Perseverance, Empathy, Reliable, Consistency) that guides every action we take.

Snapshot of key risk categories, mitigating measures and future outlook

Please refer “Our business landscape” section for a detailed review of the key risk categories, their potential impacts and opportunities on our organisation, our strategic response to the risks, and future focus.