Our Risk Management Policy serves as an essential tool for organizations aiming to cultivate a robust risk management culture. It provides a framework designed to enhance risk awareness, streamline processes and ensure that risks are systematically identified, assessed and managed across all business units. By implementing this policy, companies can protect their assets, optimize decision-making and align risk management practices with strategic objectives, ultimately fostering a culture of accountability and continuous improvement. This tool is particularly beneficial for organizations looking to formalize their risk management approach and ensure compliance with regulatory requirements.

This document includes two samples illustrating practical applications of risk management. Sample 1 outlines a systematic approach to managing risks across the organization, detailing objectives, responsibilities and procedures necessary for effective implementation. It emphasizes the importance of structured risk assessments and continuous monitoring to ensure alignment with the company's goals. Sample 2 focuses on the specific risks associated with new or expanded products and services, highlighting the need for tailored risk management processes that address strategic, reputational, credit and compliance risks. Together, these samples provide practical frameworks and actionable strategies that organizations can adapt to strengthen their risk management processes and enhance operational resilience.

Sample procedures include:

• Develop and review a statement on the risk tolerance of the group/division/business unit at least annually.
• Facilitate risk assessment if requested by a business unit as part of the three-year plan and as part of support for key decisions.
• Evaluate controls in key risk areas on an ad hoc basis.
• Review and approve the corporate risk tolerance.