NTUC Income AR 2018

2. Insurance Risk Insurance risk refers to the uncertainty of claim payment upon a contingent, uncontrollable event, in return for a premium. The assumption of insurance risk to earn an economic profit is our core business. This risk is managed through the combination of underwriting and pricing. The Insurance Risk Policy sets out the types of risks that are acceptable to the Co-operative, the limits of retention and how new risks are to be evaluated and approved. 3. Credit Risk Credit risk is the risk of default by borrowers and transactional counterparties as well as the loss of value of financial assets due to deterioration in credit quality of the obligors. The Credit Risk Management Policy puts in place a robust process where ratings are applied to credit exposures. Each credit is rated and assigned a limit which will be aggregated and monitored across different sources of credit risk. Limits are set according to the evaluation of the credit worthiness and risk appetite. 4. Operational Risk Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Operational Risks are managed through: • Establishing and executing enterprise-wide risk management strategies for specific operational risks that could materially impact the ability to do business or impact reputation. • Risk and Control Self-Assessment Heads of Business Units and/or appointed Risk Champions and Representatives are accountable for the day-to-day management of the operational risks inherent in their operations. They identify and assess key risks and controls, and design controls and action plans to manage operational risks as part of their overall portfolio of risk, to achieve an effective internal control environment. • Use of appropriate operational risk management tools, methodology and mitigation strategies to identify, measure and monitor key operational risk exposures. • Risk reviews by the Risk Management function on specific areas of concern to identify areas for improvements and to close gaps or weaknesses. In particular, there are policies, processes and controls in place: • to protect the Co-operative from risks associated with money laundering and terrorist financing, and these include regular monitoring and screening activities. • to protect the customers, business and other related third parties from fraud risks. • to manage cyber risks and technology risks relating to data loss/leakage, system security vulnerabilities, system breakdown and availability, privileged access misuse and technology obsolescence. 5. Reputational Risk The Co-operative’s business relies on its reputation and the trust its policyholders place in it for their financial security. The Co-operative is committed to continue to earn this trust by reinforcing fair and ethical practices, supported by strong compliance and corporate governance structures and processes. Roles and Responsibilities The RMC provides Board level oversight on risk management. The Risk Review Committee (RRC) is a management committee responsible for the implementation and operationalisation of the risk management strategy. The Chief Risk Officer and the Risk Management function are accountable to both committees and have primary responsibility to ensure that objectives of the committees are met. Corporate Governance 27 2018 ANNUAL REPORT