Risk Management


Enterprise Risk Management (“ERM”) is defined as the process of planning, organizing, leading, and controlling the activities of the organization in order to minimize the effects of risk on an organization’s capital and earnings. ERM covers credit, financial (liquidity and financing), operational, regulatory, strategic/business, other risks that the Company faces in its day-to day activities. 

BFI employs this holistic approach to manage the risks it faces and their potential impact to financial results. Risk control is conducted by identifying and evaluating the key risks faced by the Company, developing strategies and mitigating controls to manage the risk, and measuring the residual risk after the control is implemented. 

The implementation of comprehensive risk management system will enable the Company to effectively manage risk exposures in order to achieve predictable portfolio and process performance and maximize profits. 


In the midst of an increasingly competitive marketplace, effective calculated and well-documented risk management practices are the main pillar in the decision-making process. The Company operates in an extremely dynamic environment where business competition is intense, customer demographic is continuously evolving, regulations are changing, and macroeconomic conditions continue to be challenging. It is Senior Management’s responsibility to effectively monitor and manage the risks faced by the Company in order to anticipate potential impacts and implement remedial actions. This in turn will ensure stable and healthy profit growth. 

The ERM framework is based on the Three Lines of Defense approach; which consists of risk oversight, control, and management.

First Line of Defense

Business and operating units serve as the first line of defense and are responsible for identifying, evaluating, overseeing, and mitigating risks. Its primary responsibility is to manage risk exposure on day-to-day basis in accordance with the approved target market, policies, and procedures. 

Second Line of Defense    

The ERM Division, Financial Control Department, as well as the Legal and Litigation Department, constitute the second line of defense by performing an independent oversight function. The ERM Division is responsible for reviewing and approving risk appetite and strategy, as well as working with business and operating units of the Company to ensure that risks can be identified, measure, and managed within the established limits.

The Legal and Litigation Department manages compliance risk and is responsible for ensuring that all prevailing regulations have been disseminated and adhered to by all units.

Third Line of Defense

The Internal Audit Department independently performs audit and assessments of the processes executed by the business and operating units. These reviews aim to ensure that the units carry out their duties and responsibilities in accordance with the determined policies and procedures.

Enterprise Risk Management Structure