We operate in a dynamic global environment, with new risks on the horizon that may not yet be fully recognised or understood but may significantly impact society, organisations and individuals as well as the planet. Effective risk management therefore is key to strengthening business resilience by mitigating these effects by responding and adapting quickly. 


We are guided by a robust risk management framework to ensure business continuity. Our goal is to enhance our risk management capability to meet regulatory expectations, safeguard the Bank’s interests, as well as those of our stakeholders, and to promote long-term business performance.

Enterprise-Wide Risk Management (EWRM) Framework​


CIMB’s Enterprise-Wide Risk Management (EWRM) Framework provides an overarching risk management architecture for managing risks across entities and businesses within the Group. Sustainability risk is outlined as one of the main risks to be addressed, amongst others such as credit risk, market risk, operational risk, liquidity risk, etc. The key features of the EWRM framework include risk culture, governance and organisation, risk appetite, risk management processes and risk management infrastructure.


We employ the three lines of defence model in our risk management process across the CIMB Group. Refer to our latest Sustainability Report  for our latest list of Emerging Risk identified.

Sustainability Risk Management Framework


The Framework:


  • Identifies and assesses the various sustainability risk components, to include environmental, social, economic and ethical risks;


  • Defines the appropriate governance, which is supported by appropriate policies and procedures;


  • Puts in place risk assessment tools to improve the understanding of and preparedness against existing and emerging sustainability risks;


  • Ensures due diligence and assessment of sustainability risk impacts; and


  • Cultivates a risk management culture through the three-lines of defense, as well through the relevant controls and measurements for efficient/credible reporting.