Mega Bank Annual Report 2017

23 Annual Report 2017 -23- Operational Risk Management System Year 2017 Item Content A. Operational Risk Management Strategies and Procedures 1. Strategies „ Establish an effective framework and formulate internal control procedures for each level. „ Enhance employee training in laws, regulations and business. „ Strengthen control of operating procedures. „ Implement internal and external audit and supervision measures to reduce the entire bank ’ s operational risk loss. 2. Procedures „ Conduct risk identification and assessment, suitability analysis and planning of information system, before launching new products or businesses or establishing new overseas branches, and hold a review council, in accordance with the Bank ’ s "Operating Guidelines for Establishing New Business, New Products and Overseas Branches". „ Formulate business management regulations, operational specifications, and establish them in the computer system to allow staff to inquire timely and to comply with, when performing their duties. „ Conduct self-assessment of operational risk to identify and measure the degree of operational risk exposure, strengthen risk management awareness, and improve current control mechanism. „ Conduct self-reviews to understand the implementation of various business control mechanism, and rectify the deficiencies immediately. „ Submit and compile operational risk loss incidents based on the 8 major industry types and 7 major loss incident types stipulated in Basel II, and conduct reviews on the factors of occurrence of the loss and improve them. „ Establish key indicators for operational risk to monitor potential risk, and apply appropriate management measures where necessary. B. Organization of Operational Risk Management 1. Board of Directors: approve operational risk management policies. 2. Auditing Department: conduct regular reviews on the effectiveness of operational risk management mechanism to each unit. 3. Risk Management Department: formulate operational risk management policies and concrete targets, design and implement operational risk assessment and management mechanism, summarize and submit reports on the operational risk loss regularly. 4. Head Office ’ s business supervisory units: identify operational risk, formulate respective business management regulations and operational specification, as well as establish control mechanism. 5. All units of the Bank: perform various operations according to the various control mechanisms, conduct regular self-reviews and self-assessment of operational risk, and submit reports on loss incidents. C. Scope and Characteristics of the Operational Risk Reporting and Measurement System 1. The Bank submits a report to the Board of Directors regularly on the results of self- assessment of operational risk, occurrence of operational risk loss incidents, implementation of regulatory compliance system, and audit and self-review status. 2. The Bank ’ s reporting on operational risk loss incidents, the implementation of law compliance system and the performance of audit system apply to each unit of the Bank. Self-review system is conducted by General Affairs and Occupational Safety & Health Department, Data Processing & Information Department, all business units and subsidiary banks. 3. When deficiencies are discovered, the units shall review and improve immediately, and make regular reports to Head Office.