Enterprise Risk Management

Pursuant to the Company’s Manual on Corporate Governance and the Board Charter, the Board of Directors of the Company oversees that a sound enterprise risk management framework is in place to effectively identify, monitor, assess and manage key business risks, which will guide the Board in identifying units/business lines and enterprise-level risk exposures, as well as the effectiveness of risk management strategies. The Board likewise has oversight responsibilities for ensuring the presence of appropriate, adequate, strong and effective internal control mechanisms.

The Audit and Risk Oversight Committee oversees the implementation of and evaluates the risk management plan to ensure its continued relevance, comprehensiveness and effectiveness. Oversight of financial management functions are also performed by the Audit and Risk Oversight Committee, specifically in areas of managing credit, market, liquidity, operational, legal and other risk exposures of the Company, crisis management, and corporate governance compliance. This function includes regularly receiving information on risk exposures and risk management activities from Management. The Audit and Risk Oversight Committee then reports to the Board the Company’s material risk exposures, the actions taken to reduce the risks, and recommend further necessary actions or plans.

The Internal and External Auditors provide independent mechanisms to monitor and evaluate the existence and effectiveness of internal controls. The Internal Auditor reports to the Audit and Risk Oversight Committee and to Management the significant risk exposures, control issues, and such other matters as may be needed or requested by the Board and Management, and provides assurance on the reliability of financial reporting and compliance with applicable laws and regulations. The Internal Audit Group undertakes both regular and ad hoc reviews of the risk management controls and procedures of the Company, the results of which are reported to the Audit and Risk Oversight Committee. The External Auditor enables an environment of good corporate governance as reflected in the financial records and reports of the Company and provide objective assurance on the manner by which the financial statements shall be prepared and presented to the shareholders.

Risk management functions are similarly performed at the management committee level of each subsidiary of the Company, as well as assumed by the heads of each business unit and corporate service unit of such subsidiaries. Further, every manager is tasked to ensure compliance with all operational and financial controls in his/her area of responsibility and to implement internal controls as part of the total system to achieve the goals of the Company and its subsidiaries. Managers conduct regular evaluation of existing policies, systems and procedures to ensure that these remain relevant and effective to the current operating environment. Management also gives prompt and cooperative consideration to recommend improvement measures made by independent internal or external audit groups.