Enterprise risk management

Enterprise risk management

Muangthai Capital Public Company Limited is determined to become a world-class organization by formulating risk management strategies that are in line with international guidelines and practices covering the entire financial business group to grow the business and generate stable returns.

The importance of risk management

  1. Create a knowledge base that is useful for management and operations.
  2. Reflects an overview of various important risks.
  3. It is an important tool for management to plan and manage properly.
  4. To develop the organization effectively.

Risk management structure

The company has a risk management structure that is internationally accepted, defining the roles and responsibilities of the Risk Management Committee as well as related committees. At present, there are reports to the Risk Management Committee in dual reporting at least twice a year. In addition, there is an internal audit department that performs duties independently, and the executives set up a regulatory compliance department to make risk management more concise and use the concept of risk management to supervise the company to achieve success according to the strategic plan. The roles and responsibilities of the Board of Directors must look at the overall picture of corporate governance, risk management, and regulatory compliance (Governance, Risk, and Compliance, GRC) to drive the organization toward sustainability with value and promote efficiency in operations.

The board of directors

Supervise risk management with efficiency and continuity.

Secretary of the Risk Management Committee

Coordinate with directors or other departments. Including being the highest responsible at the operational level. (Mr. Amornthep Pukang)

Risk management committee

Coordinate general risk management matters, including a comprehensive assessment of individual risks.

Auditor committee

Conduct independent reviews.

Internal audit department

Internal audit department Conduct a review of the risk management process at least once a year to ensure proper implementation

Working team & Employees

Identify and assess the risks that arise to their responsible departments, formulate contingency plans, and monitor results.

Risk Management Process

1. Event Identification and Analysis

The procedure for understanding the causes of risk exposure identifies events or process activities that may lead to failure, damage, and non-achievement of the organization's objectives or goals to clarify the risk identification. The company, therefore, classifies all 10 types of risks as follows:

  • Strategic Risk
  • Operation Risk
  • Healthy Risk
  • Policy and Compliance Risk
  • Financial Risk
  • Environment Risk
  • Community Risk
  • Image and Reputation Risk
  • Emerging Risk
  • Project Risk

กระบวนการระบุและวิเคราะห์ความเสี่ยง

  1. Workshop
  2. Risk Self-Assessment
  3. Benchmarking
  4. Brainstorming
  5. Key Risk Indicator : KRI
  6. Loss Report
  7. Action Plan Analysis

2. Risk Assessment

It is a damage assessment due to risks, consisting of two dimensions: namely, 'likelihood' and 'impacts,' with the following considerations:

Level “Likelihood” Frequency

1

Highly unlikely

Every 6-12 month

2

Unlikely

Every 3-6 month

3

Possible

Every 1-3 month

4

Likely

Twice a week

5

Highly likely

Once a week

Level “Impacts” Detail

1

Lowest

Damage value < 50,000 baht

2

Low

Damage value > 50,000 baht

3

Medium

Damage value > 200,000 baht

4

High

Damage value > 500,000 baht

5

Highest

Damage value > 1,000,000 bath

Take into account the risk assessment table as shown below.

The risk levels can be divided into 4 levels for further consideration and management

Risk assessment Possibility of risk to the organization

Impacts

5

5

10

15

20

25

4

4

8

12

16

20

3

3

6

9

12

15

2

2

4

6

8

10

1

1

2

3

4

5

1

2

3

4

5

Likelihood

The risk levels can be divided into 4 levels for further consideration and management

Probability Risk level Guidelines

0-4

Low

No additional management.

5-9

Medium

Prevent risk from moving to a high level.

10-15

High

Manage risks to keep them at acceptable levels.

16-25

Critical

Managing risk to an acceptable level urgently.

3. Risk Response

4. Control Activities

Once appropriate risk response methods have been selected, risk control activities are established to ensure that risk is properly managed. In all aspects of the operation, there must be adequate control activities that are appropriate for the type of control which can be grouped as follows:

The picture shows the relationship between risks and control activities, in addition to adequate internal control. Establishing additional risk control activities can also help reduce the level of risk to an acceptable level.

5. Information and Communication

Information and communication systems will be tools that management can use to convey governance policies and monitor the success of operations. Organizations must have effective information and communication systems. A good information system should consist of the following:

  1. User rights are controlled and categorized based on responsibilities and types of tasks.
  2. A data backup system is in place to prevent system failures or unforeseen events that may impact critical data.
  3. There is a functioning system that facilitates inter-departmental collaboration, enabling effective information management across departments.
  4. There is a backup facility equipped with the necessary equipment and systems to enable essential agencies to resume operations immediately in case of emergencies such as fires or building collapses.
  5. An asset management system is implemented to meet user needs without unnecessary complexity, thereby facilitating smooth operations.

6. Monitoring and Review

The Risk Management Committee organizes regular meetings to review the organization's risk management, convening at least twice a year. Meeting participants include members of the Risk Management Committee, secretaries, executives, and relevant departments to assess guidelines, modify and enhance policies and guidelines for risk management, ensuring alignment with the company's internal and external environment. At the board level, follow-ups focus on risk issues that could significantly impact the company, posing severe and unacceptable risks that may affect operational results or the direction of the company's activities.

Risk management performance

To foster a culture of risk management within the organization, the company has revised its risk manual to enhance clarity and relevance across various organizational contexts. Additionally, executive-level risk training sessions have been organized to impart knowledge and understanding of risk management principles, ensuring alignment with the company's risk manual. Moreover, each department is encouraged to take ownership of its risk management processes, from identifying risk issues to ongoing monitoring and evaluation. The company also provides a platform for employees to express opinions and suggestions regarding the risk management process, which serves as a guideline for enhancing operational efficiency. The Secretary of the Risk Management Committee is tasked with summarizing results and communicating them to the committee during biannual meetings, thereby ensuring effective oversight and alignment with organizational objectives.

In 2023, the Risk Management Committee held three follow-up meetings and discussed risk issues, with important meeting agendas summarized as follows:

  • acknowledged progress in controlling and solving risk problems.
  • approved the revised edition of the risk management manual.
  • approved the Risk Management Committee Charter.
  • new risk rankings.

Business continuity management

The company has established a Business Continuity Management (BCM) Policy and Strategy Committee, comprised of executives from various departments, with the Managing Director serving as chairman. This committee is responsible for setting the company's business continuity strategy and policy, as well as allocating resources to support operations, monitoring progress, and overseeing the overall picture of business continuity management. The organization has reviewed the operational plan for preparing a plan to deal with risks and events that may occur in the future, such as disasters, natural disasters, epidemics, sabotage, etc., in order to return business operations to normal as soon as possible. Examples of the company's operational plans and response guidelines include:

  1. Spread of infectious diseases:

    Since the outbreak of the COVID-19 disease, the company has established prevention plans and measures to deal with various epidemics that may occur in the future. These include:

    • Monitoring, evaluating, and closely following up on various epidemic situations from the Ministry of Public Health.
    • Conducting risk screening for employees and preparing special work locations for this group.
  2. Disruption in the information technology system:

    To prepare for and cope with various events that may cause damage to the information technology system from both internal and external factors, the company has established guidelines for preparation and response as follows:

    • Prepare a policy and procedures manual to provide guidelines and principles for employees.
    • Conduct emergency information technology system recovery plan drills twice a year to prepare employees and provide coping guidelines.

The company's risk performance

Risk issues Impacts Impacts   Likelihood Risk management plan Performance
KRI Acceptable level Result

1. Lack of Employee

Lack of competent personnel

3

5

Improve the recruitment process

Ratio of retired employees compared to new employees

The ratio doesn’t exceed 1

0.455

2. Corruption

Confidence in the company

4

5

Organize training to develop morality and ethics

Number of corruption incidents

0

0

3. Regulations, including laws and regulations within the Organization

The work operations within the organization are not aligned

3

5

Organize training and provide a channel for advising on regulations

Average KPI of the branch being monitored

More than 85%

85.96

4. Competition and new competitors

The operating results did not meet the target

5

4

Always improve products and business strategies

The proportion of the loan portfolio in the market

Number 1

Number 1

5. Operating expenses and staff expenses

Increasing expenses for the company

4

1

Cash withdrawal ceiling

Operating Expenses to Earning Ability

Increase of not exceed 10%

2.30% decrease

6. Regulations, including laws and regulations from regulatory body

Confidence in investors

5

1

Regularly review and follow up the law

Number of times a dispute has occurred

Not exceed 1

0

7. Increasing domestic interest rates

Higher financial costs

5

3

Provide alternative funding sources

Average interest rate

Not exceed 3.80%

3.6%

8. Disaster

Operation interruption

3

1

Prepare a budget to deal with the impacts.

Total damage value(MB/year)

Not exceed 5 MB

0 Baht

9. Cyber Threats and Data Theft

Violates the Personal Data Act and the company lacks credibility.

4

1

Incorporate modern technology into organization's operations

The number of times the attack occurred

0 time

0 time

10. Funds from financial institutions

Operation interruption

5

3

Evaluate and monitor financial ratios regularly.

Debt to equity ratio (D/E Ratio)

Not exceed 4

3.70

11. Financial liquidity

Causing delays in business development.

5

1

Sale of debentures and funding sources in various institutions

The ratio of cash inflows and outflows

Not less than 1

1.45

12. Robbery

Corporate Property Damage

3

2

Minimize the amount of cash kept in branches.

The number of times the incident occured

Not exceed 12 times

9 times

13. Loss of image and reputation (impersonation)

misunderstanding of the message's recipient results in damage to both the image and property.

1

5

warnings about fraud to customers through both online and offline channels.

Number of times customers make complaints (times/year)

Not exceed 480 times

317 times

14. The delay in the break-even point in some branches

The results did not meet the target.

4

5

Review and adjust the business plan of each area.

Ratio of Loan recrivable per branch

Not less Than 14.5

19.02

15. Increase in NPL

Net profit decreased

4

5

reducing lending to high-risk customers selling Non-Performing Loans (NPL) to other companies.

NPL balance

Not exceed 3.5%

3.11%

16.Failure to meet the organization's GHG emissions targets.(Emerging Risk)

losing investor confidence and credibility.

2

2

Initiating projects to reduce greenhouse gas emissions

Reduction Rate of GHG emission (tonCO2/loan amount)

Decrease at least 10%

4.71% Decreased

17. Carbon Tax (Emerging Risk)

Increased operating costs

1

1

Reduce the amount of GHG emissions from organization's operations.

The amount of GHG emissions (TonsCO2/ year)

Increase not exceed 10% from last year

13% increased

Risk Analysis

1. Lack of Employee

Nowadays, the microfinance business group is more competitive. Recruiting and developing personnel who can effectively work towards company goals poses a significant challenge. To ensure the company has quality personnel in sufficient numbers to support its growth, satisfaction and engagement assessments have been conducted, along with training programs aimed at developing employees' potential, fostering motivation, and preparing them for career advancement and stability. In 2023, the company implemented these initiatives and found that the ratio of retired employees to new hires was 0.455, which is considered an acceptable value according to KRI.

2. Corruption

The company is aware of the possibility of corruption within the organization. Therefore, measures have been put in place to prevent potential damages arising from severe corruption. This includes a continuous review of the causes and rates of corporate corruption through the establishment of efficient internal control systems, regular monthly audits, or the implementation of SAP operating systems to enhance operational efficiency and reduce the risk of corporate corruption. Additionally, the company conducts training to develop ethics among employees, reviews and formulates anti-corruption policies, and disseminates and emphasizes them through various channels within the organization, such as journals or speeches on various occasions. Furthermore, channels for reporting corruption (whistleblower) have been expanded to make it easier for employees and other stakeholders of the company to access and report incidents. If actual corporate corruption by employees is discovered, the company will hold those employees accountable for the damages incurred and impose penalties according to the company's maximum regulations. Furthermore, the company will take legal action against employees engaged in severe corruption. In the year 2023, no incidents of corruption were found upon investigation.

3. Regulations, Including Laws and Regulations within the Organization

To enhance the quality of operations and deliver excellent service, the company aims to maintain its position as the leading company in the microfinance business, as per company policy. Therefore, stringent regulations and procedures must be adhered to by employees and executives to uphold customer and stakeholder confidence. In the year 2023, the company increased training on regulations, guidelines, and various directives. Policies and manuals were issued to guide the operational processes for employees at all levels. Performance was measured using Key Performance Indicators (KPIs) for each branch, which were found to have increased compared to the year 2565 and met the target of 85% set by the company.

4. Competition and New Competitors

Nowadays, many microfinance businesses are emerging. This results in intense competition in the industry. Both in terms of technology, branch expansion, and the expansion of microfinance loan products. Including price competition, the company has always been prepared to cope, review, and adjust its strategy. Moreover, the company still emphasizes providing excellent service and following relevant regulations to reduce conflicts and unfair customer service. There are also plans to expand more branches to promote financial access opportunities for customers. Focus on finding new customer groups along with maintaining the existing customer base. Customer satisfaction with the company's services was inquired about to improve and create new products to be able to respond to customer needs that are constantly changing in everyday life. In the past year, the company has continued to be the number one leader in the microfinance business. The company will not stop developing to ensure that it continues to be the number one leader in the market.

5. Operating Expenses

Due to the current inflationary situation, which directly affects the prices of goods within the country, leading to increased expenses across various operations, the company has had to prepare an annual budget, survey product prices, and plan to address the problem of rising prices to maintain quality and keep expenses at a reasonable level, avoiding exceeding the budget set. Additionally, the company has sought alternative business partners in case the unit prices of goods exceed the anticipated quantities. In the year 2023, the company was able to control the average price of goods, reducing it by up to 2.30%, which aligns with the company's plan to limit the average price increase to no more than 10%.

6. Regulations, Including Laws and Regulations from Regulator

The company's main business is providing vehicle registration loans, which are supervised by various regulatory agencies such as the Bank of Thailand (BOT), the Securities and Exchange Commission (SEC), and the Office of the Insurance Commission (OIC). Therefore, the company must comply with regulations and rules set by these agencies, such as setting interest rates, protecting personal data, and reporting information to the Bank of Thailand, among others. These regulations may change over time, and failure to comply or incomplete compliance could negatively impact the company's reputation and result in fines or license revocation. The company continuously reviews and monitors external laws to align them with internal operations, conducts training, including knowledge assessment tests to inform employees of regulations and internal rules at least once a year. Additionally, the company has legal oversight units that report operational results to management and the board of directors at least twice a year. In the year 2023, the company had no legal disputes.

7. Increasing Domestic Interest Rates

The company primarily generates income from interest earned on loans, which are typically calculated at fixed rates. Conversely, the company's borrowing costs are subject to market fluctuations, resulting in potential increases in loan interest rates. Presently, the company is offering loans at lower interest rates aligned with levels set by the Bank of Thailand. However, if future financial costs or other burdens escalate, the company will consider adjusting its interest rate ceiling accordingly. Additionally, the company has diversified its funding sources by increasing the proportion of bond funds, aiming to mitigate the risk associated with domestic interest rate hikes. In 2023, the company secured funding support through a credit line of 5,300 million baht in collaboration with two renowned financial institutions: Germany's Development Finance Institution (DEG) and Sumitomo Mitsui Banking Corporation (SMBC). This collaboration has reduced the company's interest rate costs to 3.6%.

8. Disaster

The disasters occurring at present are considered increasingly severe and continuous. Whether caused by intentional human actions or unpredictable natural disasters, such disasters can have significant impacts on the company, resulting in widespread losses to individuals, property, the economy, and the environment. Therefore, the company communicates about environmental conservation and the impacts of climate change to raise awareness among employees through various channels such as the company's website, bulletin boards, and monthly newsletters. In the year 2023, the company had a Business Continuity Plan (BCP) to guide branches in handling disaster events if they occur. Additionally, a budget and measures to mitigate and cope with potential impacts, totaling 5 million baht, were prepared. However, in the past year, there were no significant disaster events.

9. Cyber Threats and Data Theft

In the current era, technology is advancing rapidly, leading to cybersecurity threats that impact all sectors, including the economy, financial industry, financial institutions, and various financial services users. These threats may manifest in new and increasingly sophisticated forms, making detection more challenging. While the company primarily relies on traditional security measures and cash transactions, its customer data storage and management systems are digitalized. This digital transformation has prompted the company to enhance its data protection systems and train its staff regularly to keep up with evolving technology, with at least quarterly training sessions. Moreover, the company has expanded communication channels with customers and regularly informs them about cybersecurity risks through newsletters and its website. Additionally, all employees receive ongoing awareness training on emerging cybersecurity threats through internal publications and the company's website. Furthermore, external agencies are periodically engaged to audit the company's systems to ensure sufficient security measures are in place for business operations and customer service. In 2023, there were no reported incidents of information security breaches or violations of personal data, aligning with the company's objectives and efforts to maintain cybersecurity.

10. Funds from financial institutions

Capital for business operations is crucial for business expansion, especially in the current economic landscape characterized by increased volatility due to rapid technological changes, shifts in climate conditions, and adjustments in financial institutions' credit control policies to enhance financial system reliability. To ensure sustainable business operations, mitigate risks, and improve debt management efficiency, the company has undertaken significant steps to secure capital. One of the strategies employed is issuing corporate bonds to raise funds for operational capital. These bonds undergo rigorous evaluation and approval processes by financial institutions to enhance financial management prudence. This approach ensures that the company has the necessary capital to sustain its operations, reduce risks, and enhance debt management efficiency. In 2023, the company maintained a debt-to-equity (D/E) ratio of 3.70, which is below the set target of 4, demonstrating its commitment to maintaining a healthy balance between debt and equity for sustainable business growth.

11. Financial Liquidity

The risk of liquidity is one of the critical risks that the company highly values and is conscious of. Even though the company may have a stable financial position, failure to convert assets into cash timely or secure sufficient capital may hinder its ability to meet existing obligations. Therefore, the company implements control and management plans to ensure sufficient cash flow for operations under both normal and crisis conditions. This is achieved through the preparation of cash flow reports and financial ratio analysis, such as liquidity ratios, to assess the adequacy of cash reserves. Additionally, the company develops appropriate capital procurement plans. In 2566, the cash flow ratio, which measures the ratio of cash inflows to outflows, was 1.45, aligning with the company's predetermined standards.

12. Roberry

Currently, the company is diligently pursuing its mission by expanding branches nationwide. However, recognizing its limitations in controlling individual behavior, the company consistently communicates its ethical values to external stakeholders to foster a sense of community consciousness. This is achieved through various media channels such as leaflets and posters. Additionally, the company implements measures to prevent theft, such as minimizing cash transactions and installing CCTV cameras in all new branches. Regular checks ensure these measures are effective, reducing the risk of incidents and damage to the company. In 2023, there were 9 robbery incidents with a total loss of 16,400 baht, which the company deems acceptable within its standards.

13. Loss of Image and Reputation

Today, it's undeniable that many individuals with ill intentions engage in deceptive practices and impersonate important communication channels of the company. In the year 2022, there was an increase in customer complaints regarding debt repayment through these channels. As a result, the company identified this as a recurring risk issue for the year 2023 and sought ways to mitigate these problems, aiming to restore customer confidence and ensure peace of mind when using the company's services. To address these challenges, the company regularly disseminates online media through various channels, typically 1-2 times per month. Additionally, offline media is utilized to alert customers of potential risks at branch locations. Over the past year, there have been a total of 317 complaints regarding these issues, aligning with the company's predefined targets.

14. The Delay in the Break-even Point in Branches

Based on the company's mission to maintain its position as a leader in the microfinance industry, continuous branch expansion is crucial to increase opportunities for customers to access financial services. Therefore, expanding branches is one of the factors driving the company towards achieving its goals. However, opening new branches inevitably brings risks regarding the cost-effectiveness of expansion. To mitigate these risks, the company must conduct thorough studies and meticulously plan the opening of new branches. This includes conducting area surveys, assessing population density, targeting customer groups, analyzing the performance of nearby branches, and financial analysis such as Payback Period and Return on Investment. These analyses should meet predefined criteria. Additionally, the company should adjust its customer acquisition strategies to improve branch operational efficiency and increase the likelihood of profitability from new branch openings. In 2023, it was found that the outstanding debt per branch amounted to 19.02 million baht per branch, with a consistent upward trend each year.

15. The Increase in Non-performing Loans.

The deterioration of debt quality poses a significant risk to the company, as failure by debtors to repay debts as scheduled could result in loss of main revenue streams from interest, as well as potential loss of principal funds, thereby impacting profitability and hindering business growth. To manage this risk, the company has implemented stringent customer checks to reduce the likelihood of bad debts. Additionally, each branch has at least one staff member responsible for re-evaluating customer documentation, ensuring confidence in customer screening. Furthermore, the company has engaged in selling such debts to asset management or debt collection companies to transfer the risk associated with unrecoverable debts. As a result, in 2023, the Non-Performing Loan (NPL) ratio was 3.11%, which is below the set target of 3.5%.

16. Failure to Achieve the GHG Emissions Targets. (Emerging Risk)

The goal of greenhouse gas emissions reduction is an international priority, recognized by all sectors, including investors, who can choose to invest in businesses that are mindful and responsible towards climate change. Organizations failing to meet greenhouse gas emission reduction targets as set internationally may risk losing investor confidence. Thus, it's crucial for companies to closely monitor organizational progress. In 2023, the company participated in a climate management pilot project and elevated its climate change initiatives to align with increasingly stringent global standards. This is to better prepare for and instill confidence in investors, as climate change can have direct and indirect impacts on both the global economy and society.

17. Carbon Tax (Emerging Risk)

The Department of Pollution Control in Thailand is currently exploring the implementation of a carbon tax, which could significantly impact companies operating within the country. In response, the company has initiated robust publicity campaigns aimed at educating its employees about the importance of resource utilization. These campaigns utilize various channels, including company magazines and websites, to disseminate crucial information. Moreover, the company has established a systematic approach to monitor and analyze data on resource consumption on a monthly basis. This allows for the identification of usage patterns and facilitates the adjustment of measures to optimize resource utilization effectively. Despite these efforts, there remains a pressing concern regarding carbon dioxide emissions. The company has set a target not to exceed a 10% increase in GHG emissions from the previous year. However, recent data indicates a 13.23% increase in carbon dioxide emissions in 2023, highlighting the urgency to reassess and potentially strengthen emission reduction strategies.