Risk Management

SLM Corporation Public Company Limited (the “Company”) recognizes the importance of risk management as one of the Company’s key management tools, and is part of good corporate governance. It is also an important basis for achieving the company’s objectives. The Company has prepared a risk management plan to use as a guideline for risk management. This will help support the Company to have a systematic operation, steady and continuous, efficient and effective, acceptable level of risk in order to minimizes the chance of failure and loss. As well as to reduce the impact and uncertainty in the overall operating results of the Company which will lead to the achievement of the Company’s objectives. The Company has managed and supervised a risk management system to facilitate the assessment of impacts and trends in business risks in all departments.
For systematic and efficient risk management and the Company can supervise the employees of all departments to participate in the management of various risks of the Company. This will enable risk analysis and assessment, consideration of a risk management plan, risk control, monitoring of risk management results including risk management reporting, and operation according to the risk management process effectively. Therefore, the Risk Management Committee meeting approved the appointment of the Risk Management Working Group which consists of directors who are executives, director level, department manager and/or department head.

Risk Management Policy

1. Promote risk management in all departments, and create an understanding of the causes of risks arising from various factors inside and outside.
2. All employees and executives of the Company are able to manage and control risks by applying the same risk management process. From risk identification to risk assessment.
3. Prepare a risk management plan so that employees understand and can use it as a guideline for risk management.
4. Follow up and develop a risk management system in order to have a structure and management process suitable for that risk.
5. Employees focus on risk management in their work on a regular basis.

Risk Management Guidelines

1. There shall be processes, guidelines and measures for risk management that are adequate quality, and in accordance with international standards and the Company’s operations. Identifying, analyzing, assessing, prioritizing, managing, controlling, monitoring, reporting, evaluating, and communicating risk information continuously and consistent, and practice throughout the company. By covering significant risks such as strategic risks, credit risk, market risk, liquidity risk, operational risks and risks from compliance with various related laws and regulations.
2. Communicate the risk management policies to create understanding, awareness and shared responsibility on various risks that the company faced. This includes risk control management and the impact of risks to the Company in the management process and operating throughout the Company which covers the Board of Directors, Audit Committee, executives, management and all employees.
3. Arrange for consideration of all types of risk factors faced by the Company or expected to suffer. Including events or any action that may occur and have a negative impact on the Company and the achievement of its objectives and growth at the organization level, business unit, department and function. By analyzing the nature, causes and effects, including management approaches to prevent or reduce the risk to an appropriate level.
4. Provide a risk assessment process, both qualitatively, such as the company’s reputation and image, and quantitatively, such as loss, reduction of revenue and an increase in expenses, etc. By considering both the likelihood of occurrence and the potential impact on the Company to determine appropriate control measures or methods and effective.
5. Provide an acceptable risk assessment (Risk Appetite) to limit the damage that may occur within the level of appropriate that the Company can accept. Including setting the event or the level of risk that is a warning signal (Warning Sign) for operators to take any action to respond risks that are consistent with their ability to take risks such as risk management by accepting, reducing, avoiding or finding a risk-taking partner
6. Monitor and report on risk management performance to consider the suitability and efficiency of the Company’s risk management.
7. Establish operational regulations, measures, and action plans to manage risks in writing for executives and operators to follow and to control operational risks. It must be reviewed and updated regularly to suit the changes of the Company, business, corporate culture, and the current and future environment.