Risk Management Policy

Management of risks is fundamental to the success of CBA Group business and to building long-term shareholder value. The Board is cognizant of the broad range of risks that apply to financial institutions in the banking industry including but not limited to, strategic risk, credit risk, liquidity risk, market risk, operational risk, information and communication technology risk, reputational risk, compliance risk, country and transfer risk.

The Board is responsible for determining and approving the Group’s risk management strategy and risk appetite while Management is responsible for implementing the Board’s strategy and for developing policies and procedures to identify, manage and mitigate risks across all of the Group’s operations in line with the risk appetite.

The key design component of the Group’s approach to risk management is that the heads of the business units have accountability for the risks within their units, with oversight, analysis, monitoring and reporting of these risks conducted by the Enterprise Risk Management and Compliance function which is independent of the business units and is accountable to Board Risk Management Committee (BRMC) through regular reporting on the adequacy and effectiveness of management controls for material risks.

The Board Risk Management Committee reports to the Board of Directors on the effectiveness of the risk management framework, internal controls and policies.