Risk Management

UOB's risk management structure, as shown in the following diagram, aims to promote a risk aware culture throughout the Group. This requires the various risk and control oversight functions to work together with the business and support units to identify their risks and to facilitate their risk and control self-assessments.

Our risk management strategy is targeted at ensuring proper risk governance so as to facilitate ongoing effective discovery, management and mitigation of risks arising from external factors and our business activities and to set aside adequate capital efficiently to address these risks. Risks are managed within levels established by the senior management committees and approved by the Board and its committees.

We have put in place a framework of policies, methodologies, tools and processes that will help us identify, measure, monitor and manage material risks faced by the Group. This enables us to concentrate our efforts on the fundamentals of banking and to create long-term value for all our stakeholders. The Group's risk governance frameworks, policies and appetite provide the overarching principles and guidance for the Group's risk management activities. They help to shape our key decisions for capital management, strategic planning and budgeting, and performance management to ensure that the risk dimension is appropriately and sufficiently considered.

In particular, the Group Risk Appetite is part of the Group's Internal Capital Adequacy Assessment Process (ICAAP), which incorporates stress-testing to ensure that the Group's capital, risk and return are within acceptable levels under stress scenarios. We also take into consideration the Group's risk appetite in the development of risk-related key performance indicators (KPIs) for performance measurement. This serves to embed a risk management mindset and culture throughout the organisation.

Our risk governance frameworks, policies and appetites are implemented through identification, assessment, monitoring and reporting processes. Risk reports are regularly submitted to Management and the Board to keep them apprised of the Group's risk profile.


UOB's responsibility for risk management starts with the Board overseeing a governance structure that is designed to ensure that the Group's business activities are:

  • conducted in a safe and sound manner and in line with the highest standards of professionalism;
  • consistent with the Group's overall business strategy and risk appetite; and
  • subjected to adequate riskmanagement and internal controls.

In this regard, the Board is primarily assisted by the Board Risk Management Committee (BRMC). The BRMC reviews the overall risk appetite and level of risk capital to be maintained for the Group.

The CEO has established senior management committees to assist in making business decisions with due consideration to risks and returns. The main senior management committees involved in this are the Management Executive Committee, Asset and Liability Committee (ALCO), Credit Committee (CC), Operational Risk Management Committee (ORMC) and the Risk and Capital Committee (RCC). These committees also assist the Board Committees in specific risk areas.

Management and the senior management committees are authorised to delegate risk appetite limits by location, business units and/or broad product lines. Risk management is also the responsibility of every employee in the Group. Risk awareness and accountability are embedded in our culture through an established framework that ensures appropriate oversight and accountability for the effective management of risk throughout the Group and across risk types. This is executed through an organisation control structure that provides three Lines of Defence as follows:

First Line of Defence – The Risk Owner:
The business and support functions have primary responsibility for implementing and executing effective controls for the management of risks arising from their business activities. This includes establishing adequate managerial and supervisory controls to ensure compliance with risk policies, appetite, limits and controls and to highlight control breakdowns, inadequacy of processes and unexpected risk events.

Second Line of Defence – Risk Oversight:
The risk and control oversight functions (Group Credit and Risk Management, and Group Compliance) and the Chief Risk Officer (CRO) provide the Second Line of Defence. The risk and control oversight functions support the Group's strategy of balancing growth with stability by establishing risk frameworks, policies, appetite and limits within which the business functions must operate. The risk and control oversight functions are also responsible for the independent review and monitoring of the Group's risk profile and highlighting any significant vulnerabilities and risk issues to the respective management committees. The independence of risk and control oversight functions from business functions ensures the necessary checks and balances are in place.

Third Line of Defence – Independent Audit:
The Group's internal and external auditors conduct risk-based audits covering all aspects of the First and Second Lines of Defence to provide independent assurance to the CEO, Audit Committee and the Board, on the effectiveness of the risk management and control structure, policies, frameworks, systems and processes. The Group's governance framework also provides oversight for our overseas banking subsidiaries through a matrix reporting structure. Our subsidiaries, in consultation with Group Risk Management, adapt the governance structure, frameworks and policies accordingly to comply with local regulatory requirements. This ensures the approach across the Group is consistent and sufficiently flexible to suit local operating environments.


UOB has established a risk appetite framework to define the amount of risk we are able and willing to take in pursuit of our business objectives. The objective of establishing a risk appetite framework is not to limit risk-taking but to ensure that the Group's risk profile remains within well-defined and tolerable boundaries. The framework was formulated based on the following key criteria:

  • relevance to respective stakeholders, with appropriate levels of granularity;
  • practical, consistent and easy to understand metrics for communication and implementation;
  • alignment to key elements of the Group's business strategy; and
  • analytically substantiated and measurable metrics.

The risk appetite defines suitable thresholds and limits across key areas including but not limited to credit risk, country risk, market risk, liquidity risk, operational risk and reputation risk. Our risk-taking approach is focused on businesses which we understand and are well-equipped to manage the risk involved. Through this approach, we aim to minimise earnings volatility and concentration risk and to ensure that our high credit rating, strong capital and funding base remain intact. This allows us to be a steadfast partner of our customers through changing economic conditions and cycles.

UOB's risk appetite framework and risk appetite are reviewed and approved annually by the Board. Management monitors and reports the risk profiles and compliance with the risk appetite to the Board.


UOB's business strategies, products, customer profiles and operating environment expose us to a number of financial and non-financial risks. Identifying and monitoring key risks are integral to the Group's approach to risk management. It enables us to make proper assessments and to mitigate these risks proactively across the Group. The key risks which could impact the success of achieving the Group's strategic objectives are as follow: