G O VER N A N C E

8.2 Operational Risk in 2014

The฀total฀value฀of฀operational฀risk฀losses฀in฀2014฀was฀0.13฀of฀the฀DBS’฀total฀operating฀income,฀compared฀to฀0.20฀in฀2013.฀The฀loss฀ proile฀net฀loss฀greater฀than฀SGD฀10,000฀and฀based฀on฀the฀date฀of฀detection฀of฀the฀operational฀risk฀event,฀was฀mainly฀categorised฀฀ into฀the฀following฀four฀Basel฀risk฀event฀categories:฀i฀internal฀fraud;฀ii฀external฀fraud;฀iii฀clients,฀products฀and฀business฀practices฀฀ and฀iv฀execution,฀delivery฀and฀process฀management. 2013 2014 Internal฀Fraud External฀Fraud Clients,฀Products฀฀ ฀Business฀Practices Execution,฀Delivery฀฀ ฀Process฀Management Others 15 23 3 59 13 9 8 70 Note: Others include: v employment practices and workplace safety; vi damage to physical assets and vii business distruption, system failure Save฀for฀an฀isolated฀incident,฀external฀fraud฀losses฀comprised฀mainly฀credit฀card฀fraud,฀in฀particular,฀Card฀Not฀Present฀CNP฀fraud฀which฀ accounted฀for฀approximately฀70฀of฀the฀losses฀in฀this฀category.฀This฀is฀in฀line฀with฀industry฀trend฀that฀CNP฀fraud฀is฀the฀fastest฀growing฀area฀ due฀to฀the฀meteoric฀growth฀of฀e-commerce฀in฀the฀Asia-Paciic฀region.฀CNP฀fraud฀losses฀are฀generally฀recoverable฀subject฀to฀card฀association฀ rules.฀We฀have฀continued฀to฀increase฀our฀vigilance฀and฀implemented฀mitigating฀measures฀such฀as฀adjustment฀of฀fraud฀parameters,฀random฀ generation฀of฀card฀numbers฀and฀review฀of฀the฀setting฀of฀alert฀thresholds฀for฀sending฀short฀messaging฀system฀SMS. In฀addition,฀reduction฀in฀losses฀was฀also฀noted฀for฀execution,฀delivery฀and฀process฀management฀due฀to฀continuing฀efforts฀to฀manage฀฀ and฀mitigate฀operational฀risk฀including฀automating฀manual฀processes,฀enhancing฀risk฀and฀control฀training฀and฀established฀internal฀deals฀ governance฀and฀control฀frameworkcontrols.฀We฀also฀embarked฀on฀a฀transition฀from฀control฀self฀assessment฀to฀risk฀and฀control฀self฀ assessment฀to฀help฀the฀units฀better฀identify฀and฀manage฀operational฀risk. 9 REPUTATIONAL RISK We฀view฀reputational฀risk฀as฀a฀typical฀outcome฀of฀any฀failure฀to฀manage฀the฀risks฀in฀our฀day-to-day฀activitiesdecisions฀as฀well฀as฀from฀ changes฀in฀the฀operating฀environment.฀These฀risks฀include: a.฀ Financial฀risk฀credit,฀market฀and฀liquidity฀risks,฀and b.฀ Inherent฀risk฀operational฀and฀business฀strategic฀risks฀ Units฀are฀responsible฀for฀the฀day-to-day฀management฀of฀operational฀risk฀in฀their฀products,฀processes,฀systems฀and฀activities฀in฀accordance฀ with฀the฀various฀frameworks฀and฀policies.฀RMG฀Operational฀Risk฀and฀other฀corporate฀oversight฀functions฀provide฀oversight฀and฀monitor฀ the฀effectiveness฀of฀operational฀risk฀management,฀assess฀key฀operational฀risk฀issues฀with฀the฀units฀to฀determine฀the฀impact฀across฀DBS,฀ report฀andor฀escalate฀key฀operational฀risks฀to฀relevant฀senior฀management฀and฀Board-level฀committees฀with฀recommendations฀on฀ appropriate฀risk฀mitigation฀strategies. POLICIES RISK METHODOLOGIES PROCESSES, SYSTEMS AND REPORTS POLICIES We฀adopt฀a฀four-step฀approach฀i.e.฀prevent,฀detect,฀escalate฀฀ and฀respond฀to฀reputational฀risk฀events.฀As฀reputational฀risk฀is฀฀ a฀consequence฀from฀the฀failure฀to฀manage฀other฀risk฀types,฀the฀ deinitions฀and฀framework฀for฀managing฀such฀risks฀are฀articulated฀฀ in฀the฀respective฀risk฀frameworks฀and฀policies.฀These฀are฀reinforced฀ by฀sound฀corporate฀values฀that฀embed฀ethical฀behaviours฀and฀ practices฀throughout฀DBS. Policies฀are฀in฀place฀to฀protect฀consistency฀of฀the฀DBS฀brand฀and฀฀ to฀assist฀in฀safeguarding฀our฀corporate฀identity฀and฀reputation. RISK METHODOLOGIES Under฀the฀various฀risk฀frameworks฀policies,฀DBS฀has฀established฀a฀ number฀of฀mechanisms฀for฀ongoing฀risk฀monitoring฀for฀the฀various฀ risk฀types.฀These฀take฀the฀form฀of฀risk฀limits,฀key฀risk฀indicators฀and฀ other฀operating฀metrics,฀as฀well฀as฀the฀periodic฀risk฀and฀control฀ self-assessment฀process.฀Apart฀from฀observations฀derived฀from฀ internal฀sources,฀alerts฀from฀external฀partiesstakeholders฀also฀serve฀ as฀an฀important฀source฀for฀detection฀of฀potential฀risk฀reputational฀ risk฀events.฀In฀addition,฀there฀are฀policies฀relating฀to฀media฀ communications,฀social฀media฀and฀corporate฀social฀responsibility฀฀ to฀protect฀DBS’฀reputation.฀There฀are฀also฀escalation฀and฀response฀ mechanisms฀in฀place฀for฀managing฀reputational฀risk.฀ While฀the฀respective฀risk฀frameworks฀address฀the฀individual฀฀ risk฀types,฀the฀Reputational฀Risk฀Policy฀focuses฀speciically฀on฀ stakeholders’฀perception฀of฀how฀well฀DBS฀manages฀its฀reputational฀ risks.฀Stakeholders฀include฀customers,฀government฀agencies฀and฀ regulators,฀investors,฀rating฀agencies,฀business฀alliances,฀vendors,฀ trade฀unions,฀media฀the฀general฀public,฀Board฀฀senior฀management฀ and฀employees.฀DBS฀recognises฀that฀creating฀a฀sense฀of฀shared฀value฀ through฀engagement฀with฀key฀stakeholder฀groups฀is฀imperative฀for฀ its฀brand฀and฀reputation. PROCESSES, SYSTEMS AND REPORTS Units฀are฀responsible฀for฀the฀day-to-day฀management฀of฀ reputational฀risk฀by฀ensuring฀that฀processes฀and฀procedures฀are฀in฀ place฀to฀identify,฀assess฀and฀respond฀to฀reputational฀risk.฀Events฀of฀ reputational฀risk฀impact฀are฀also฀featured฀in฀the฀reporting฀of฀risk฀ proiles฀to฀senior฀management฀and฀Board-level฀committees.

9.2 Reputational Risk in 2014