Page 75 - BAM ONE REPORT 2564 (ENGLISH VERSION)
P. 75
Form 56-1 One Report 2021
Bangkok Commercial Asset Management Public Co., Ltd. 73
Information Technology Risk Management and Compliance Division is a unit newly set up in 2021 with the
objective to upgrade the Company’s IT risk management to international standards. The Division has collaborated with
the consultant in formulating the guidelines on standard IT risk management and pushing for an analysis of IT risk
impacts and determination of IT KRIs for early warning and monitoring of such risk to be at an acceptable level and
allow for timely prevention of any cyber threat.
• Annual General Meeting of Shareholders 2021
In 2021, the Company, realizing and caring about health and safety of all meeting attendants under the COVID-19
situation, accordingly arranged the annual general meeting of shareholders through the E-meeting method pursuant
to the Emergency Decree on Meetings via Electronic Means B.E. 2563 so as to enable all shareholders to attend
the meeting safely and conveniently. The Company allowed the shareholders to submit the meeting registration
documents ahead of the meeting date and to register and confirm their ID before the meeting via the link or scanning
of the QR Code.
• Organizational restructuring to support GRC integration
The Board of Directors emphasizes the integration of good corporate governance, risk management and compliance
with rules and regulations, that is called Governance Risk and Compliance (GRC) by restructuring the organization which
includes corporate governance and risk management for the operation works of the related sectors oversight departments
to cover GRC and meet the global standard.
• Hiring outsourced advisor for Information Technology (IT) Risk management
At present, information technology plays an important role in business operation of the Company especially
when used to enhance effectiveness of services provided to customers so that they will receive services that better
meet their need. Therefore, the Company improves the risk overseeing process on information technology to support
business patterns, and be consistent with the technology that rapidly changes, which may cause risks to safety of
services, customer’s data, and service continuity. To uplift the information technology risk oversight, the Company hires
an outsourced advisor, namely ACIS Professional Center Co., Ltd, to manage information technology risks to meet the
global standards and be in line with the oversight according to the notice of the Bank of Thailand associated with
information technology risk oversight (Sor.Nor.Sor.21/2562). The consulting Company proceeds with GAP analysis and
provides the policy about important information technology risk oversight as follows: IT Risk Management Policy and
IT Outsourcing Policy.
Business Risks
Risk from failure by the Company to procure and acquire NPLs and NPAs in a sufficient amount and at
reasonable prices, which will materially impact its growth, competitiveness, financial position, and performance
The Company’s ability in revenue and cash flow generation and sustainable business expansion hinges on its
ability to procure and acquire a sufficient amount of NPLs and NPAs at reasonable prices. However, a success in the
procurement and acquisition of NPLs and NPAs depends on an array of uncontrollable factors such as changes in Thai
economy and real estate market condition, competition in bidding for NPLs and NPAs among financial institutions, value,
quality and type of NPLs and NPAs to be offered for sales by financial institutions, and the Company’s ability to access
funding sources. At the same time, the Company’s business also relies on (a) changes to the laws, regulations or public
