201

                                                                                                                   Form 56-1 One Report 2022











                     2.2  Formulated the enterprise risk management framework, comprising key risk indicators, risk appetite and
            risk tolerance, based on the Company’s strategic objectives, and oversaw coordination between the Risk Management
            Department and the Information Technology and Digital Group in establishing the IT risk management guidelines to suit
            nature of business as well as determining the IT key risk indicators for tracking and safeguarding against any IT risk and
            cyber threats.


                 3.  Monitoring and reporting of the Company’s risk status
                     3.1  Monitored and ensured that risk management was carried out in line with the established policy by
            following up on key risk identification and assessment process to suit the situation, and ensured reports on risk status
            such as enterprise risk status/watchlist and liquidity risk status, reports to the Risk Oversight Committee on credit risk
            management: asset quality, and loss data reports, and reports on risk status and damage on a monthly and quarterly
            basis.
                     3.2  Monitored risk situations closely involving the economy, finance, competition, technology and cyber
            threats as well as changes in government rules, regulations and statute, especially monitoring liquidity risks which there
            are monitoring tools, namely liquidity gap report, projected current ratio, and debt to equity ratio (D/E Ratio).


                 4.  Report on risk management result
                     The Risk Oversight Committee reported to the Board of Directors enterprise risk status and loss events with
            high or very high severity of impact on a quarterly basis.


                 5.  Monitoring of compliance with personal data protection law and IT regulations
                     5.1  Monitored and followed up on the Company’s preparedness for compliance with the personal data
            protection law by conducting privacy risk assessment to lay down guidelines for tracking availability of the operation,
            planning and performance review in order to ensure that the Company and its employees would be able to perform
            duties completely and correctly as required by law.
                     5.2  Monitored and ensured that performance review was conducted in compliance with the applicable IT
            rules and regulations, such as IT security measures and personal data management, etc.


                 6.  Monitoring and operation in other key areas
                     6.1  Considered the result of the annual Control Self Assessment (CSA), Form 56-1 One report on the topic
            of risk management and reported the CSA results of the Risk Oversight Committee on both the committee and the
            individual basis.
                     6.2  During the COVID-19 pandemic, provided advice regarding the key risks that may affect the Company,
            particularly liquidity risk, to enable normal and continued business operation, assessed the economic conditions which
            might pose impact on the Company, and closely monitored liquidity risk management of the Company.