Page 81 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 81
75
Form 56-1 One Report 2022
5.) Reputation risk
Reputation risk is risk of damage to the Company arising from its tarnished reputation due to the negative
perception of customers, trade partners, shareholders and/or regulatory agencies towards the Company.
Tools for managing reputation risk
• Customer satisfaction survey is conducted.
• The Company has in place a system for both internal and external persons to lodge their complaints through
channels, such as submission of complaints to the Company’s Customer Relations Division, executives or
directors, whether in writing or by telephone or via the Company’s website or other channels of government
agencies.
• Comp assigns department t always keep abreast news and informati about t Company
in order to prevent or reduce impact of reputation risk on the Company.
6.) Information technology risk (IT risk)
IT risk refers to risk potentially arising from use of IT which will affect the Company’s systems or operation,
including risk from cyber threat. The IT risk management framework and guidelines have been formulated under
three key principles, i.e. system and data confidentiality (C), data and system integrity (I), and maintaining of
IT availability (A).
Tools for managing IT risk
• Control self assessment (CSA): The Company requires that all work units concerned with the IT system must
assess their internal risks and controls regularly on a yearly basis and work out corrective and monitoring plans.
• IT Key risk indicators (IT KRI): The Company determines IT KRI for departments’ tracking of IT business
group risks through departments under the respective business groups, which is a primary approach to
prevent such risks from evolving into corporate risks in the future.
The Company has set up Corporate Governance and Compliance Department with the role and duty to monitor
and ensure that work units across the organization comply with the relevant regulations applicable to the transactions
and in line with the corporate governance principles, and to coordinate with both external regulatory agencies and
internal units in establishing measures, rules, orders and manuals that align with the requirements of the regulatory
agencies, the anti-money laundering policy, the counter-terrorism and proliferation of weapon of mass destruction financing
policy under the guidelines of the Anti-Money Laundering Office (AMLO), and the Company’s rules and regulations.
In addition, the Company has emphasized on business continuity management and management of external
risks that are beyond the Company’s control, such as natural disasters, flood, fire, terrorism, riot, strike, epidemic, etc.
To effect this, the Company has appointed the Business Continuity Management Working Committee to be in charge of
determining and preparing business continuity management policy guidelines and plans. The Company has also set up
the backup data center to cope with disaster events and the secondary operation center, and has performed exercise
of the business continuity plan (BCP) regularly at least once a year.
