Integrated Risk Management Overview

Risk is an integral part of the banking business. Thus, Bank Management is synonymous with managing various types of Risks.  The magnitude of impact and gravity of different risks are varied. We anticipate, envisage, and analyze the probabilities of risks and returns in every action we undertake based on the historical fact sheets, prevailing market dynamics/indicators, and probable future events, forecast the probable magnitude of the impact, and set the integrated risk and compliance management guidelines and controlling parameters for minimizing and mitigation of risk to protect from the potential losses. The Board of Directors (BOD) and Management Team of Myanmar Citizens Bank (MCB) understand and are conversant about the potential risks in the overall banking business. Thus, MCB has developed a robust Integrated Risk and Compliance Management Framework at the organizational structural level and developed the policy, manual, guidelines, Standard Operating Procedures (SOPs), and TORs of the Management and Board level Committees and have been effectively implementing and practicing on day to day business and operational processes.  

Risk Governance

Board Integrated Risk and Compliance Committee – BIRCC

The Board Integrated Risk and Compliance Committee (BIRCC)
oversees and reviews the establishment, effectiveness, and
implementation of MCB’s risk management framework. It also
defines the bank’s different risk appetites and sectoral exposures
across business areas and reviews actual performance against these
parameters. It ensures that all transactions are undertaken with due
consideration of associated risks and risk mitigation tools. It also
reviews business outcomes from risk perspectives and takes
corrective actions, when necessary.

Purpose and Scope

The purpose of MCB’s Integrated Risk and Compliance (Committee) is to: (i) oversee the establishment and implementation of a comprehensive risk management framework and compliance policy; (ii) review the effectiveness of the risk management framework and compliance controls in identifying and managing risks, internal processes and regulatory compliance which include but not limited to ensuring the adequacy of risk and compliance management policy and infrastructure to facilitate the implementation of action plans for risk management; and (iii) guide objectives of the framework to ensure the provision of high-quality products and services, promote a risk-aware and compliance-oriented culture, and direct processes throughout the bank to take advantage of opportunities while managing and monitoring risks that may impact the achievement of the bank’s business objectives.

Duties of Board Integrated Risk and Compliance Committee

The Committee is primarily responsible for overseeing the MCB’s Risk Management Strategy, reviewing and approving MCB’s Risk Management Framework, and monitoring the alignment of the MCB’s risk profile and controls with Risk Appetite as mentioned in the MCB’s Risk Appetite Statement in the Risk Management Policy and Compliance Policy.  It will also oversee the identification, management, and reporting of risks inherent in the operations, including that adequate resources are allocated to risk management and compliance functions. Such oversight will include but is not limited to, the elements in the Responsibilities and Duties section mentioned below.

  1. Risk Appetite
  2. Overall Risk Governance
  3. Capital
  4. Credit Risk
  5. Market Risk
  6. Liquidity Risk
  7. Operational Risk
  8. IT and Cyber Security Risk
  9. Compliance Risk
  10. Other Risks

Integrated Risk Department

For comprehensive risk and compliance management, MCB has defined 5 major risks namely; Credit Risk, Operations Risk, Market & Liquidity Risk, IT & Cyber Risk, and Compliance Risk. Accordingly, five different Risk and Compliance Management
Departments/ Units: Credit Risk Management Unit, Operations Risk Management Unit, Market & Liquidity Risk Management Unit, IT & Cyber Risk Management Units, and Compliance and Governance Department under the Integrated Risk and Compliance Department (IRCD). This department is headed by the Chief Risk and Compliance Officer (CRCO) of the Integrated Risk and Compliance Department. Its core functions include identifying, monitoring/ reviewing/ assessing/ analyzing, and measuring risks in respective areas, as well as advising on control measures and mitigations to minimize the bank’s overall risk exposure for several management of risks. MCB adheres strictly to internal policies, regulations issued by the Central Bank of Myanmar (CBM), several local laws, and internationally accepted prudent risk management practices. To prevent conflicts of interest and ensure the independence of Risk and Compliance Managers/ Integrated Risk and Compliance Departments (IRCD), as per the prudent risk management practice, all the Risk Unit Heads report to CRCO, who in turn reposts directly to the Board Integrated Risk and Compliance Committee (BIRCC). The CRCO and/or Risk and Compliance Managers also maintain a dotted-line functional relationship with the Chief Executive Officer (CEO), Senior Management, and/or other HODs. Direct reporting by the CRCO to the board-level committee helps prevent conflicts of interest and/or undue intervention or negative influence, allowing the IRCD to freely and independently report potential risk events to the BIRCC, thereby ensuring its operational independence. Furthermore, the BOD shall have oversight of all the integrated risk and compliance management functions, risk reporting, possible risk events, and risk mitigation/control activities through BIRCC.

Integrated Risk Department Reporting Structure

Integrated Risk Department Structure

Integrated Risk Management Framework

The Four Lines of Defense (4LOD) Model

MCB believes in the risk philosophy that risk and compliance is not only the function of the Integrated Risk and Management Department/Committee or Risk and Compliance Managers but also all the employees across the bank and thus we always strive to inculcate this belief across the organization that all the staff are equally important and responsible for overall bank level integrated risk and compliance management. Typically, there are 4 Lines of Defense, including 3 Lines of Defense internally and 1 Line of Defense externally, in the Risk and Compliance Management Framework. These lines of defense are thoroughly educated and practiced across MCB to prevent possible risk events, and incidents and manage, control, and mitigate the risk impacts.

First Line of Defense

The First Line of Defense is always the front-line employees and other executives/management staff, both in operations and business front, who directly interact and engage in deals with the external customers and/or counterparties, involved in transactions/deals, negotiation, approvals, implementation/execution of SOPs, Policy, Manuals, Guidelines, etc., for ensuring the accuracy, efficiency and overall quality of service delivery whereby risk is minimized in every transactions or actions conducted by the bank.

Second Line of Defense

The Second Line of Defense is the Integrated Risk and Compliance Management Units/Departments, Risk and Compliance Managers, Integrated Risk and Compliance Committees, and Board of Directors who continuously monitor, review, assess/analyze, define the risk appetite, make the risk statements, advise or impose the control or risk mitigating mechanisms to prevent or reduce the risk events and impacts.

Third Line of Defense

The Third Line of Defense is the Internal Audit Department, and Compliance and Governance Department which also continuously monitors, assesses, controls, and reports the possible risk events and impacts through risk-based audit and compliance/governance checking. To note, MCB operates with a “Zero Tolerance Policy” in terms of compliance and governance.

Fourth Line of Defense

The Fourth Line of Defense consists of External Audits and timely investigations by the CBM, along with its issued guidelines, which help assess and address risk events to reduce the bank’s overall exposure to risks. With a well-defined integrated risk and compliance management structure, functional role clarity within the risk apparatus, and effective implementation of integrated risk and compliance framework, MCB has been recognized as one of the best-managed Banks in Myanmar in terms of prudent risk and compliance management practices, earning the trust of our valued customers, regulators, and all other stakeholders.