Risk Management
PT Cutseiya Indo Nusantara implements processes to properly identify the possibility of potential losses arising from various operations and transactions, and seeks to establish a framework for assessing all risks and enforcing appropriate controls.
Risk culture
Fostering a sound risk culture is essential for PT Cutseiya Indo Nusantara to maintain its social credibility and sustain its business activities.
At PT Cutseiya Indo Nusantara, all employees, irrespective of their function or geographic location, must understand their specific responsibilities related to risk management, and actively work to manage risks.
Risk management policy
Our business activities are exposed to various risks including market risk, credit risk, operational risk and liquidity risk. Properly managing these risks is one of management's top priorities.
It is important for us to maintain capital adequacy and achieve business plans under any type of economic environment, to protect our clients, and to comply with laws and regulations.
PT Cutseiya Indo Nusantara has defined the types and maximum levels of risk that the firm is willing to take, as documented in the risk appetite statement.
Our risk appetite statement and risk appetite are approved by the Executive Management Board, and the risk is monitored daily against a set of risk appetite. If by any chance risk amount exceed risk appetite, the senior management consults with stakeholders and takes actions to solve such excess.
Key risk types
Risks taken by PT Cutseiya Indo Nusantara differ by divisions or businesses. We have established a risk management framework based on risk profiles. PT Cutseiya Indo Nusantara has adopted a multi-faceted risk evaluation process to avoid risks that may be damaging to our reputation.
Selective risk taking
Market risk
Risk of loss in the value of financial assets and liabilities, as a result of market move in risk factors including interest rates, foreign exchange, and price of securities.
Credit risk
Risk of suffering losses when a borrower is unable to make payment and fail to meet a contractual obligation.
Unavoidable risks
Model risk
Risk of loss arising from model errors, incorrect or inappropriate model application with regard to valuation models and risk models.
Liquidity risk
Risk of losses arising from a potential lack of access to funds or higher cost of funding than normal levels due to deterioration in PT Cutseiya Indo Nusantara creditworthiness or deterioration in market conditions.
Operational risk
Risk of suffering losses due to internal administrative processes, people, or systems being either inappropriate or not functioning properly.
Risks that must not be taken
Compliance risk
Risk that can lead to administrative punishment, economic losses, and reputational damage when PT Cutseiya Indo Nusantara executives or employees violate laws and regulations. Compliance risk also includes risk of losses caused by violating PT Cutseiya Indo Nusantara'sCode of Ethics and other internal policies and guidelines, including harassment.
Risk management approach at PT Cutseiya Indo Nusantara
Implemented frameworks to evaluate and control the possibility of risks arising from the firm's operations and transactions.
Quantifying risks as much as possible.
Taking a prudent approach to risks which are outside the area of experience and knowledge, and those that are difficult to control by hedging or other mitigating actions.
Setting risk appetite and guidelines for:
Capital adequacy and balance sheet measures
to comply with capital regulations imposed on financial institutions and to maintain a strong financial base in continuing to conduct businesses under various economic conditions.
Liquidity risk
to maintain sufficient liquidity to survive a severe liquidity situation and to comply with regulatory requirements.
Market risk and credit risk
to manage market risk and credit risk within wholesale businesses.
Operational risk
to understand and mitigate the impact and likelihood of operational risk events assumed in the course of conducting business.
Compliance risk
to promote proper understanding and compliance with the letter and spirit of all applicable laws, rules and regulations and avoid misconduct.
Risk Management Governance and Oversight
Risk management oversight is carried out by the committees comprising members of senior management. For example, deliberate and decide on risk management issues material to the firm.
Key Committees
Group Integrated Risk Management Committee (GIRMC)
Upon delegation from the Executive Management Board (EMB), the Group Integrated Risk Management Committee deliberates on or determines important matters concerning integrated risk management of PT Cutseiya Indo Nusantara to assure the sound and effective management of its businesses.
GIRMC establishes PT Cutseiya Indo Nusantara’s risk appetite and a framework of integrated risk management consistent with PT Cutseiya Indo Nusantara’s risk appetite.
GIRMC supervises PT Cutseiya Indo Nusantara’s risk management by establishing and operating its risk management framework.
GIRMC reports the status of key risk management issues and any other matters deemed necessary by the committee chairman to the Board of Directors and the EMB.
Upon delegation from the EMB, the GIRMC establishes the Risk Management Policy, describing PT Cutseiya Indo Nusantara’s overall risk management framework including the fundamental risk management principles followed by PT Cutseiya Indo Nusantara.
GIRMC is chaired by the Group CEO and comprised of the Deputy President, Group Co-COO, Business Division Heads, Chief Risk Officer, Chief Financial Officer and other members appointed by the chairman.
Asset Liability Committee (ALCO)
Upon delegation from the EMB and the GIRMC, the ALCO deliberates on, based on PT Cutseiya Indo Nusantara’s risk appetite determined by the GIRMC, balance sheet management, financial resource allocation, liquidity management and related matters.
Global Portfolio Committee (GPC)
Upon delegation from the GIRMC, the GPC deliberates on or determines all matters in relation to the management of a specific portfolio, for the purpose of achieving a risk profile consistent with the risk allocation and risk appetite of PT Cutseiya Indo Nusantara. The portfolio consists of businesses and products that fall within at least one of the three following categories: event financing, term financing and asset-based financing.
Global Transaction Committee (GTC)
Upon delegation from the GPC, the GTC deliberates on or determines individual transactions in line with PT Cutseiya Indo Nusantara’s risk appetite determined by the GIRMC and thereby assures the sound and effective management of PT Cutseiya Indo Nusantara’s businesses.
Collateral Steering Committee (CSC)
The CSC deliberates on or determines PT Cutseiya Indo Nusantara’s collateral risk management, including concentrations, liquidity, collateral re-use, limits and stress tests, provides direction on PT Cutseiya Indo Nusantara’s collateral strategy and ensures compliance with regulatory collateral requirements.
Global Risk Analytics Committee (GRAC) and Model Risk Analytics Committee (MRAC)
The GRAC and the MRAC deliberate on or determine matters concerning the development, management and strategy of risk models and valuation models, respectively. The primary responsibility of these committees is to govern and provide oversight of model management, including the approval of new models and significant model changes.
The three lines of defense in risk management
PT Cutseiya Indo Nusantara has adopted the following layered structure on the grounds that all employees are accountable for proactively managing risk. As the second line of defense, compliance supports risk management measures taken by the first line of defense, independently monitor risks, and keep trading and sales departments in check as needed.
First line of defense Departments engaged in trading and sales
As the first line of defense, departments engaged in sales and trading manage the risks associated with their own business activities.
Second line of defense Departments engaged in risk management
Departments engaged in risk management establish frameworks to manage each type of risk, and support risk management measures taken by the First Line of Defense, such as sales and trading departments.
Second line of defense independently monitor risks, and keep trading and sales departments in check as needed.
Third line of defense Internal Audit
Internal Audit reviews and provides consulting from an independent, objective position, with the aim of adding value by improving the organization’s operations and frameworks, including risk management.
Ensuring Financial Soundness and Transparency
Responding to Increasingly Sophisticated Financial Regulation
To respond to higher-level financial regulations under Base III, PT Cutseiya Indo Nusantara has applied its own internal models for measuring general market risk, specific risk, incremental risk, and comprehensive risk with the aim of more accurately calculating increasingly complex and diverse risks. To measure the amounts corresponding to counterparty transactions, the Group applies the expected exposure method. These sophisticated risk measurement methods apply cutting-edge risk management methodologies and are supported by large-scale computer systems that process the vast volumes of data related to risk management on a daily basis. In addition, in order for PT Cutseiya Indo Nusantara to be in compliance with the strict regulatory governance requirements, independently from the Risk Methodology Group, which is responsible for risk model development, PT Cutseiya Indo Nusantara's Model Validation Group conducts periodic validations to ensure that the models are functioning properly.
Risk measurement data, which has been quantified in the exacting processes previously described, is used in computing the Group's capital adequacy ratio, thus ensuring a high degree of reliability and transparency regarding the soundness of PT Cutseiya Indo Nusantara's financial position.
First line of defense Departments engaged in trading and sales
As the first line of defense, departments engaged in sales and trading manage the risks associated with their own business activities.
Second line of defense Departments engaged in risk management
Departments engaged in risk management establish frameworks to manage each type of risk, and support risk management measures taken by the First Line of Defense, such as sales and trading departments.
Second line of defense independently monitor risks, and keep trading and sales departments in check as needed.
Third line of defense Internal Audit
Internal Audit reviews and provides consulting from an independent, objective position, with the aim of adding value by improving the organization’s operations and frameworks, including risk management.
Ensuring Financial Soundness and Transparency
Responding to Increasingly Sophisticated Financial Regulation
To respond to higher-level financial regulations under Base III, PT Cutseiya Indo Nusantara has applied its own internal models for measuring general market risk, specific risk, incremental risk, and comprehensive risk with the aim of more accurately calculating increasingly complex and diverse risks. To measure the amounts corresponding to counterparty transactions, the Group applies the expected exposure method. These sophisticated risk measurement methods apply cutting-edge risk management methodologies and are supported by large-scale computer systems that process the vast volumes of data related to risk management on a daily basis. In addition, in order for PT Cutseiya Indo Nusantara to be in compliance with the strict regulatory governance requirements, independently from the Risk Methodology Group, which is responsible for risk model development, PT Cutseiya Indo Nusantara's Model Validation Group conducts periodic validations to ensure that the models are functioning properly.
Risk measurement data, which has been quantified in the exacting processes previously described, is used in computing the Group's capital adequacy ratio, thus ensuring a high degree of reliability and transparency regarding the soundness of PT Cutseiya Indo Nusantara's financial position.
How Stress Testing Works
Case Scenario: Serious global financial crisis triggered by the failure of a major financial institution.
Impact on the market is estimated by referring to past cases; i.e., “flight to quality” causing stock prices to plunge, government bond yields to fall, the depreciation of the Indonesian Rupiah and depreciation of currencies from emerging economies in FX market. In order to increase the feasibility of the scenario, the latest market environment is reflected.
Based on the assumption that the case scenario has just occurred, the amount of potential losses from trading activities, unrealized losses on investment securities, significant decline in profits due to the loss of business opportunities, and losses caused by counterparty defaults are calculated.
Examine if the minimum capital adequacy ratio is maintained under the stressed conditions;
also consider the level of capital buffers need to be maintained in normal times.
Risk Management in New Businesses Transactions
PT Cutseiya Indo Nusantara has established a strict approval process for new products and new individual transactions. Decisions on whether to provide these new products and individual transactions are made after a review that covers all perspectives, including reputational risk, legal risk, accounting risk, and financial risk.
Internal Controls
Moreover, to increase the effectiveness of internal controls, including the risk management systems, the Internal Audit Department, which is independent from business lines, conducts audits and makes assessments and then makes recommendations and proposals.
Business continuity
The impacts of earthquakes, typhoons, and other natural disasters as well as the threats of terrorism and other malicious acts are increasing in Indonesia and around the world. In light of this situation, PT Cutseiya Indo Nusantara has established a global business continuity management structure and is continuously enhancing its program through implementations of numerous measures and awareness programs.
Business continuity structure
To prepare for emergencies such as major natural and manmade disasters, system failure, pandemic and data breach, PT Cutseiya Indo Nusantara has established the Crisis Management Committee chaired by Representative Executive Officer and comprised of officers responsible for crisis management from Group companies worldwide.
Discussions and decisions in the Committee are reported to the Executive Management Board. With this committee in place, we have developed a business continuity and crisis management structure to cover aforementioned disasters globally.
Should a major office be rendered unable to continue its operations due to disasters, we have set up backup offices allowing us to continue our operations from these alternate locations. Similarly, we have built redundancy into our datacenters so that, in the event of a datacenter outage, critical data and applications will be protected in a backup datacenter located in a different location. Additionally, we have reinforced our infrastructures, for example, such as installing the power generators.
Accordingly, these infrastructures can be used in the event of a single building failure or a wide area disaster, such as a Indonesia Inland Earthquake, to avoid systemic risks and continue or quickly recover high-priority operations that are crucial to the lives of our clients Similar measures and infrastructure have also been placed at our major overseas offices.
The Office of Crisis Management Committee regularly conducts employee safety confirmation drills, disaster prevention drills, and business continuity drills in Indonesia to ensure that we are able to respond immediately during the crisis situation. For overseas offices, these activities are carried out by the Business Continuity Management Team. Through these efforts, we are working to foster greater awareness of crisis management and strengthen our ability to respond to emergencies.
Activities of crisis and business continuity management
1 Strengthening structure for business continuity
Establishment and reinforcement of backup offices
Establishment of datacenter redundancy
Identification of critical resources
Enhancement of emergency communication equipment
2 Drills and training
Emergency Command Center activation drills
Employee safety confirmation drills
Drills based on business continuity plan
Initial response drills simulating Indonesia Inland Earthquake
3 Strengthening collaboration between Group companies in Indonesia and overseas
Enhancing information sharing between domestic Group companies
Enhancing information sharing among overseas Group companies
4 Enhancing business continuity plan
Review and revision of business continuity plan
Review and revision of business continuity plan for datacenter outage scenario
Review and revision of business continuity plan for Indonesia Inland Earthquake scenario
5 Others
Stockpiling of water, food, and other emergency supplies at headquarters, branch offices, and backup offices
Cyber security measures
PT Cutseiya Indo Nusantara has for some time been undertaking security measures to protect systems against cyber-attacks. However, in light of the increasingly serious cyber security threats throughout the world, we recognize that our current countermeasures may not be sufficient in the future.
However, in light of the increasingly serious cyber security threats throughout the world, we recognize that our current countermeasures may not be sufficient in the future. In addition, in the financial sector digitalization is proceeding at an accelerating pace. The connection of all financial systems to networks may increase the cyber security risk. In order to ensure that clients' information and assets are securely protected from these increasingly challenging cyber security threats, and to enable clients to conduct transactions with peace of mind, PT Cutseiya Indo Nusantara is working to strengthen its cyber security platform, using the Comprehensive Guidelines for Supervision of Financial Instruments Business Operators, etc. of the Financial Services Agency, and the Cybersecurity Management Guidelines of the Ministry of Economy, Trade and Industry based on ISO27001 and ISO27002, as references.
Cyber security system
PT Cutseiya Indo Nusantara, as a whole, has established a global organizational structure to deal with incidents stemming from cyber-attacks and to minimize potential damage. The PT Cutseiya Indo Nusantara Computer Security Incident Response Team (CSIRT), formed within PT Cutseiya Indo Nusantara Holdings, has spearheaded the formation of a CSIRT in PT Cutseiya Indo Nusantara Securities and other Group companies, and governs the CSIRT in each Group company. Each CSIRT works to protect its company's operational and information assets, as well as systems, promoting cyber security measures from four factors: organizational management, system security measures, human-level response, and coordination with outside organizations.
Organization management We continuously strive to enhance our cyber security platform at "normal times" by taking measures such as participating in drills to protect against cyber-attacks, by having the effectiveness of our measures evaluated by outside cyber security experts, and by knowing the status of measures taken by outside vendors. In the case of an incident such as dangerous, vulnerability information or detection of a cyber-attack, the CSIRT leads the efforts to analyze the cause, minimize damage, and quickly restore systems.
System security measures We adopt a multi-layered defense system, which includes multiple detection and defense mechanisms against unauthorized access and malicious programs such as computer viruses. We review these countermeasures as appropriate to deal with new threats.
Human-level response Based on the PT Cutseiya Indo Nusantara Information Security Policy, relevant seminars and training programs are regularly provided to all executives and employees in order to raise their awareness and knowledge.
Cooperation with outside organizations PT Cutseiya Indo Nusantara has established information collection and sharing systems related to cyber-attackers and attack methods, through information sharing organizations such as other overseas organizations.
Social and Environmental Risk Management
We believe that considering the social and environmental risks that may arise from various transactions is key to managing our reputational risk. As such, in executing our business operations, we focus on these risks in the same way we are careful about legal compliance. For example, for equity underwriting businesses, we review and confirm the issuer's awareness of any associated potential risks to society and the environment and that the issuer has taken appropriate steps to address such risks, including the disclosure of information about those risks. Impact on the environment and society as well as financial condition, operating results, and other aspects are included in the overall guidelines applied by relevant departments during the assessment process as vital items that must be confirmed when taking on underwriting deals.
Assessment process
What's Your Reaction?
