The Board shall elect the Risk Management Committee (“RMC”) members amongst themselves, comprising mostly Independent Directors and at least three (3) in total. The appointment of a Committee member terminates when the member ceases to be a Director, or as determined by the Board.

The RMC Chairman shall be appointed by the Board. The Chairman of the Board shall not be the RMC Chairman. In the absence of the Chairman, the members present shall elect a Chairman for the meeting amongst themselves.

The Committee members may relinquish their membership in the RMC with prior written notice to the Board. In the event of any vacancies arising in the RMC resulting in the number of Committee members falling below three (3), the vacancy shall be filled as soon as possible.

Only the Committee members have the right to attend the meeting. However, other individuals such as the Chief Executive Officer, Chief Financial Officer and external advisers may be invited to attend for all or part of any meeting, as and when appropriate and necessary.


The RMC assists the Board in establishing a sound framework to manage risks, which includes:

  1. Reviewing the Group’s risk management philosophy / policy;
  2. Reviewing the extent to which management has established an effective enterprise risk management framework;
  3. Reviewing the Group’s risk management framework and assessing the resources and knowledge of management and staff involved in the risk management process;
  4. Reviewing the Group’s risk profile and risk appetite/tolerance;
  5. Creating risk awareness within the organisation at the Board Level and to ensure the tone from the Top Management on Risk and Compliance culture is cascaded to the rest of the organisation;
  6. Communicating to the Board, critical risks (present or potential) the Group faces, their changes, and Management action plans to manage the risks;
  7. Reviewing the risk profile of the Group and the Risk Management Team’s plans to mitigate business risks identified from time to time;
  8. Reviewing periodic reports from the management on risk exposure, risk portfolio composition and risk management activities;

Significant risk issues evaluated by the RMC and/or major changes proposed by this Committee will be discussed at the Board meetings. The RMC is supported by Risk Management Team comprising all Heads of Division, Risk Management Liaison Officer and Risk Management Adviser.


The Committee members shall meet at least four (4) times a year. More meetings shall be scheduled as considered necessary by the Chairman of the RMC. The presence of two (2) members constitutes a quorum for a meeting of the Committee.

Attendance at a meeting may be in person or by ways of participation via video conference or teleconference or other means as may be agreed by the members.

A circular resolution in writing, signed by all the Committee members, shall be as effectual as if it has been passed at a meeting of the Committee duly convened and held.

Any such resolution may consist of several documents in like form, each signed by one or more Committee members.

The Company Secretary or his/her representative or other appropriate senior officer shall act as the secretary of the Committee and shall be responsible, together with the Chairman, for drawing up the agenda and circulating it, supported by explanatory documentation to Committee members prior to each meeting.

The Company Secretary or his/her representative or other appropriate senior officer shall also attend each Committee meeting and be responsible for keeping the minutes of the meetings as well as circulating them to the Committee members including the members of the Board of Directors.

Minutes of the RMC meeting shall be distributed to the RMC members for their review within three (3) weeks after the RMC meeting.

The Company Secretary shall issue and circulate the notice of the RMC meetings confirming the venue, time and date at least seven (7) days before the meeting to the RMC members.

The agenda for the meeting includes the relevant documents and information requested by the RMC. They shall be circulated amongst the RMC members at least five (5) days before the meeting.


The Committee shall, whenever necessary and reasonable for the Company to perform its duties, in accordance with procedures to be determined by the Board of Directors and at the cost of the Company:-

  1. have authority to investigate any matter within its terms of reference;
  2. have the resources which are required to perform its duties;
  3. have full and unrestricted access to any information pertaining to the Company and Group; and
  4. be able to obtain external or other independent professional advice and assistance to enable it to discharge its duties, as it considers appropriate.


The Chairman of the Committee should attend the Annual General Meeting to answer any shareholder question on the Committee’s activities.


The main responsibilities and duties of the RMC shall include, but are not limited to the following:-

  1. Review risks identified by the RMT.
  2. Review the adequacy and effectiveness of risk management.
  3. Establish and periodically review the Group’s risk management guidelines and policies and ensure implementation of the objectives outlined in the policies and compliance with them.
  4. Recommend for the Board’s approval of the Group’s risk management policies, strategies, Group Risk Profile, and any proposed changes thereto.
  5. Review the risk profile of the Group and the Risk Management team’s plans to mitigate business risks as identified from time to time.
  6. Evaluate the effectiveness of the Group’s risk management structure, risk management processes and support system to identify, assess, monitor and manage the Group’s key risks.
  7. Review and recommend the corrective measures undertaken to remedy failings and/or weakness.
  8. Review and recommend risk management strategies and policies.
  9. Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring and controlling risk and the extent to which these are operating effectively.
  10. Ensure adequate infrastructure, resources and systems are in place for risk management.
  11. Review periodic reports from the management on risk exposure, risk portfolio composition and risk management activities.
  12. Review and recommend new policies or changes to policies, and to consider their risk implications including the procedures in place by management to prevent and detect fraud such as cyber fraud.
  13. Review the impact of risk on capital adequacy and profitability under normal and stressed scenarios.
  14. Review and evaluate the various processes and systems engaged by the Company and to ensure that they are conducted within the standards and policies as set by the Board.
  15. Assess the adequacy of the business recovery/disaster recovery procedures.
  16. Provide reporting on the updates on key risk management issues to the Board.


The Chairman of the Committee shall report to the Board on its proceedings after each meeting on all matters with its duties and responsibilities.

The Committee shall make whatever recommendation to the Board it deems appropriate or any area within its remit where action or improvement is needed.

The Committee shall produce a report to be included in the Company’s Annual Report about its activities in the discharge of its duties.


The minutes of the meetings from the Committee shall be circulated to all members of the Board. The minutes shall be kept at the registered office of the Company under the custody of the Secretary of the Company and shall be open for inspection by the Board. Any request by the Management or others to inspect the minutes shall be subjected to the approval of the Committee.


The Committee is authorised by the Board to seek appropriate professional advice inside and outside the Group at the expense of the Company as and when it considers necessary in the discharge of its responsibilities.


Any revision or amendment to this Terms of Reference, as proposed by the Committee or any third party, shall first be presented to the Board for its approval. Upon the Board’s approval, the said revision or amendment shall form part of this Terms of Reference and this Terms of Reference shall be considered duly revised or amended.