Display mode (Doesn't show in master page preview)
Skip Ribbon Commands
Skip to main content
Sustainable Development Policy Target Sustainable Finance Report

Risk Management


KBank has applied the Three Lines of Defense guidelines to our risk management to ensure that our risk management process is efficiently supervised, controlled and examined by responsible units. Our organizational structure focuses on clearly defined segregation of duties at each level, and each unit is independent of the management and reports directly to the Board of Directors.


KBank has in place a risk management process comprising risk identification, assessment, monitoring, controlling and reporting. This process also includes ESG risks.


KBank also places significance on early warning and monitoring of risk position and overall concentration. We regularly review the adequacy of our risk management system and efficiency of risk management via relevant committees.


Risk Management Structure
KBank has applied the Three Lines of Defense model to our risk management to ensure that our risk management process is effectively supervised, controlled and examined by responsible units. Our organization structure focuses on clearly defined segregation of duties at each level. Each unit is independent from the management and reports directly to the Board of Directors. Moreover, the board and senior management are defined duties and responsibilities in risk management process appropriately. The Board of Directors is ultimately responsible for formulating sound risk governance framework, overseeing the instillation of risk-based organization culture, approving risk appetites and policies as well as ensuring capital adequacy including appropriate capital assessment process to accommodate our current and future business operation. The Board of Directors has delegated authority to the Risk Oversight Committee to oversee overall risk management, review and examine the adequacy and effectiveness of policies, strategies, and risk appetites. The Risk Oversight Committee receives monthly risk dashboard for monitoring and managing risk exposure within approved risk appetite, and report significant risk position, risk management efficiency as well as corrective actions to address any risk policies or strategies to the Board of Directors on quarterly basis. Overall risk management policies and strategies, including the risk appetites are reviewed and examined the adequacy and effectiveness at least once a year or upon significant changes. In addition, the sub-committees are established for monitoring and managing various types of risk closely to ensure that KBank manages risk appropriately on a timely manner. All staff in the organization are accountable for taking part in risk management per the three lines of defense model. Roles and responsibilities of KBank units regarding risk management include:

  1. First Line of Defense: Business units are accountable for the risk they assume, and responsible for actively managing all relevant risk exposures in day-to-day operation. So that risks and returns are optimally managed in line with our risk appetite. Meanwhile, support units that provide services to core business units are accountable for managing business-related operational risks.
  2. Second Line of Defense: Risk management and control units are independent and responsible for establishing the policies and framework for risk management, including monitoring and reporting risk to relevant committees/sub-committees. And providing independent and objective views of specific risk-bearing activities while also ensuring that risk levels are in line with our risk appetite.
  3. Third Line of Defense: Internal Audit is independent and responsible for evaluation of the effectiveness and sufficiency of our risk management and internal controls.

Risk Management


KBank’s business operations focus on sustainable returns. To this end, the Bank places importance on effective risk management and maintaining an adequate level of capital to ensure its stability and strong financial position, fostering sustainable growth. The effort contributes significantly to the country’s sustainable macroeconomic growth, digital economic develop-ment, and green economy, leading to employment opportunities, income generation, and improvement of people’s quality of life.
The Bank’s risk management is under supervision of the Board of Directors, which put in place a risk management framework and ensure effective overall risk management, while promoting a risk culture throughout the organization. The Bank has established risk management policy, risk appetite, risk management process, and adequate and appropriate risk management guidelines that address all significant and emerging risks, taking into account ESG factors. We conduct an annual assessment of capital adequacy and regularly undertake stress tests. Additionally, operational procedures and guidelines are in place to address emergency cases, ensuring business continuity under the prevailing circumstances.

KBank has established risk management policy, risk appetite, and risk management process in line with international
practices to ensure its efficient and effective risk management system. Setting risk limits is part of the Bank’s business planning process and risk culture. The determination of the risk appetite is based on the principle of balancing expected returns against potential risks, taking into account management in accordance with the principles of a Bank of Sustainability. The Bank reviews strategic plans and conducts stress tests under different scenarios to assess the adequacy of its capital and liquidity. These assessments inform the determination of the risk appetite, leading to the setting of risk limits and metrics across various risks, both qualitative and quantitative, the development of risk mitigation strategies, and informed decisions to adjust the business strategy for optimal performance within the defined risk appetite. The risk management policy and strategy as well as risk appetite are reviewed at least once a year or upon significant changes.

KBank has fostered a risk culture. We have established risk management policy and guidelines, a defined risk appetite
and risk limit, which are in line with our strategies and business operations, and have communicated them to all employees. Clearly defined and proper risk governance and management structure have been established. Risk management and control units are responsible for providing independent and objective views on specific risk-bearing activities, whereas other business units are responsible for continuous and active management of all relevant risk exposure to be in line with its returns and risk appetite.

All committees of KBank, including senior executives, have promulgated, monitored and demonstrated exemplary
behaviors that promote risk culture. There are VDO presentations from our executives to employees at all levels to create common awareness and responsibility for risks. In addition, risk status and issues are regularly reported to the committees
responsible for risk management to ensure appropriate and timely action.

KBank promotes and instills a risk culture among employees at all levels and builds awareness of risk ownership in their own work and the organization through various methods, such as regular communications. Furthermore, the Bank has integrated risk management indicators that align with training assessment goals for both executives and employees, such as measuring employees’ understanding of how to respond to phishing email incidents through the percentage of Resiliency Rate (RR) measurement. Our staff members are encouraged to communicate their opinions and risk issues in a straightforward manner. Meanwhile, processes and channels for reporting suspicious incidents have been put in place to ensure timely monitoring, prevention and rectification. To this end, whistleblowing reports can be sent to KONNECT+ for work or the Internal Audit Department, while measures to protect the rights of whistleblowers are implemented. Additionally, the results of risk management in various aspects are used as a part of performance evaluation to raise awareness and enhance work efficiency among employees.

KBank has introduced a credit management structure that recognizes checks and balances, plus credit policy and
process, clear guidelines on desirable and undesirable credit behaviors and credit communication channels. Training sessions and revisions on credit knowledge are organized regularly to ensure that related operating staff members have knowledge and understanding in the performance of their work. We also established a process to monitor credit events. Such results are reported to the Credit Practice Review Working Group for undertaking operations as appropriate in order to improve our credit policy and process, as well as mapping out actions to address non-compliance with required regulations. This effort is aimed at building good credit operating discipline and culture within our organization. KBank has incorporated climate-related risk into our credit underwriting process to assess its impact on our credit portfolio.


Risk Culture
The Bank actively promotes and instills a strong risk culture across all levels of employees, aiming to enhance awareness and foster a sense of ownership over risks—both within individual responsibilities and at the organizational level. The Bank has integrated risk indicators into its organizational targets and Key Performance Indicators (KPIs), which are cascaded down to senior management and relevant employees, which are cascaded down to senior management and relevant employees. This approach ensures shared responsibility and active participation in effective and continuous risk management throughout the organization.
Risk Management Indicators and Performance Evaluation
The Bank has established risk management goals and indicators that comprehensively cover key product groups and service channels included compliance with key regulatory standards, such as Anti-Money Laundering (AML), the Personal Data Protection Act (PDPA) as well as risk management and employee awareness testing related to IT, cybersecurity, and data security. The results of key risk indicators are incorporated into the annual performance evaluations of employees.
Moreover, the Bank develops risk management plans, assigns responsible parties and regularly monitors performance to ensure achievement of the defined targets, timelines, and indicators. Summary reports on key risk management issues are reported regularly to senior management and relevant sub-committees. 
Communication and Motivation
The Bank implements a variety of initiatives to motivate employees at all levels to manage risks effectively such as continuous communication, regular training, and our staff members are encouraged to communicate their opinions and risk issues in a straightforward manner.
In addition, the Bank provides multiple channels to report suspected risks or irregularities, such as the Whistleblowing platform, or direct reporting to the Internal Audit function. The Bank has established protective measures to ensure the rights and confidentiality of whistleblowers are fully safeguarded.

Read more in KBank's Sustainability Report 2024 Chapter Risk mangement
บริการทุกระดับประทับใจ