It is said that risk is an integral part of the banking business. Thus, Bank Management is essentially the management of various types of Risks. The magnitude of impact and gravity of different risks vary. We anticipate, assume and analyze the probabilities of risks and returns in every action we undertake based on the historical fact sheets, prevailing market dynamics/indicators and probable future turn of events, forecast the likely magnitude of the impact and set the integrated risk and compliance management guidelines and controlling parameters for minimizing and mitigation of risk to protect from the potential losses.
MCB’s Board and Management Team fully understand and are well-versed in the potential risks in the overall banking business. Accordingly, MCB has developed a robust integrated risk and compliance management framework at the organizational level and settled the policy, manual, guidelines, Standard Operating Procedures (SOPs), Terms of Reference (TORs) for the management, and Board-level Committees, and has been effectively implementing and practicing on a day-to-day basis in business and operational processes.
For overall Bank risk and compliance management, MCB has defined five major categories of risk: credit risk, operations risk, market & liquidity risk, IT & cyber risk, and compliance risk. Correspondingly, five specialized risk and compliance management departments/units, namely the Credit Risk Management Unit, Operations Risk Management Unit, Market & Liquidity Risk Management Unit, IT & Cyber Risk Management Unit, and Compliance and Governance Department, have been established under the Integrated Risk and Compliance Department (IRCD). This function is led by the Chief Risk and Compliance Officer (CRCO). Its core functions are to identify, monitor/review/ assess/analyze, and measure the risks in respective areas, and further advise on control measures and mitigation strategies for overall risk management to minimize the risk impacts posed to the Bank.
MCB strictly follows internal policies, regulations issued by the Central Bank of Myanmar (CBM), applicable local laws, and internationally accepted prudent risk management practices. To prevent the functional role conflict and ensure the independence of Risk and Compliance Managers/ Integrated Risk and Compliance Departments, as per the prudent risk management practice, all the Risk Unit Heads report to the Chief Risk and Compliance Officer (CRCO), and the CRCO directly reports to the Board Integrated Risk and Compliance Committee (BIRCC). CRCO and/or Risk and Compliance Managers have dotted-line functional relationships with the CEO, Senior Executives, and/or other HODs. Direct reporting by CRCO to the Board level committee enables it to prevent the functional role conflict and/or undue intervention or negative influence, and hence the Integrated Risk and Compliance Department can freely and independently report the possible risk events to the Board Integrated Risk and Compliance Committee (BIRCC) whereby independence of Integrated Risk and Compliance Department is ensured. Furthermore, the Board of Directors shall have oversight of all the integrated risk and compliance management functions, risk reporting, possible risk events, and risk mitigation/control activities through BIRCC.
MCB believes in the risk philosophy that risk and compliance is not only the function of Integrated Risk and Management Department/Committee or Risk and Compliance Managers but also all the employees across the Bank and thus we always strive to inculcate this belief across the organization that all the staff are equally important and responsible for overall Bank level integrated risk and compliance management.
Typically, there are four lines of defense in the risk and compliance management framework, with three internal and one external. These lines of defense are thoroughly trained and practiced across MCB to prevent potential risk events and incidents, as well as to manage, control, and mitigate their impacts. The first line of defense includes front-line employees and other management staff in operations and business functions who directly interact and engage with external customers and/or counterparties. They are responsible for ensuring the quality of service delivery that minimizes risks, maintaining accuracy and efficiency in banking operations, and overseeing deals, negotiations, approvals, and the implementation or execution of Standard Operating Procedures (SOPs), policies, manuals, and guidelines. The second line of defense comprises the Integrated Risk and Compliance Management Units or Departments, Risk and Compliance Managers, Integrated Risk and Compliance Committees, and the Board of Directors. These groups continuously monitor, review, assess, analyze, and define risk appetite, formulate risk statements, and advise on or implement controls and risk mitigation mechanisms to prevent or mitigate the impact of risk events.
The third line of defense is the Internal Audit Department, which conducts regular risk-based audits to identify and evaluate potential risk events and their impacts. The department reports its findings to the Executive Management Committee (EMC) and the Board of Directors (BOD) to ensure effective monitoring, assessment, and control of such risks through risk-based audits. It is important to note that MCB operates under a strict “ Zero Tolerance Policy” with regard to compliance and governance. Additionally, beyond the above-mentioned Third Lines of Defense in the risk management structure, a fourth line of defense comprises timely audits and the issuance of procedural guidelines by external monitors, such as independent external auditors and regulators. This external oversight supports the identification and assessment of potential risks, thereby helping to mitigate the Bank’s overall risk exposure.
With the well-defined integrated risk and compliance management structure, functional role clarity within the risk apparatus and effective implementation of integrated risk and compliance framework, MCB has been reckoned with as one of the best managed Banks in Myanmar in terms prudent risk and compliance management practices due to which our valued customers, regulators and all other stakeholders have bestowed the trust upon us.