��������Ƶ

An Enterprise Risk Management Framework guides Filipino organizations in identifying, assessing, and controlling business risks systematically. It aligns with BSP Circular 900's requirements for financial institutions and helps companies protect their assets, reputation, and stakeholders while meeting regulatory compliance standards.

The framework typically includes risk appetite statements, governance structures, and specific processes for managing different risk types - from operational and financial risks to cybersecurity threats. Companies like SM Investments and Ayala Corporation use these frameworks to make better decisions, allocate resources effectively, and create more resilient business operations that satisfy both local regulators and international best practices.

Organizations need an Enterprise Risk Management Framework when expanding operations, entering new markets, or facing increased regulatory scrutiny in the Philippines. It's particularly crucial for financial institutions adhering to BSP regulations, companies planning IPOs, or businesses managing complex supply chains across multiple regions.

This framework becomes essential during major organizational changes, such as mergers, new product launches, or digital transformation projects. Philippine companies like banks, insurance firms, and publicly listed corporations implement these frameworks to protect against financial losses, maintain regulatory compliance, and build investor confidence. It's especially valuable when coordinating risk responses across different departments or subsidiaries.

• Basic Control Framework: Focuses on essential risk controls and compliance with BSP regulations, ideal for small to medium enterprises and local businesses
• Comprehensive Enterprise Framework: Covers all risk categories including operational, financial, and strategic risks, suited for large corporations and conglomerates
• Financial Institution Framework: Specifically designed for banks and financial companies, emphasizing credit and market risk management per BSP guidelines
• Industry-Specific Framework: Tailored for sectors like manufacturing, real estate, or retail, addressing unique operational and compliance risks
• International Standards Framework: Aligns with ISO 31000 and global best practices while maintaining Philippine regulatory compliance

• Board of Directors: Approves and oversees the Enterprise Risk Management Framework, setting risk appetite and ensuring alignment with corporate strategy
• Risk Management Committee: Develops and maintains the framework, monitors implementation, and reports to the board regularly
• Chief Risk Officer: Leads daily framework implementation, coordinates with department heads, and ensures BSP compliance
• Department Managers: Apply framework guidelines within their units and report risks to the Risk Management Committee
• Internal Auditors: Evaluate framework effectiveness and compliance across the organization
• External Stakeholders: Include regulators like BSP, SEC, and investors who rely on framework documentation

• Risk Assessment: Document all potential risks across operations, finance, compliance, and strategic areas specific to your Philippine business context
• Regulatory Review: Compile relevant BSP circulars, SEC guidelines, and industry-specific regulations affecting your organization
• Stakeholder Input: Gather feedback from department heads, board members, and key personnel about risk concerns and control measures
• Current Controls: Map existing risk management processes, policies, and procedures already in place
• Resource Evaluation: Assess available technology, staff capabilities, and budget for framework implementation
• Documentation Structure: Outline governance mechanisms, reporting lines, and escalation procedures clearly

• Risk Governance Structure: Clear outline of board oversight, risk committee roles, and reporting lines per BSP guidelines
• Risk Appetite Statement: Defined risk tolerance levels and limits across different risk categories
• Risk Assessment Methodology: Standardized processes for identifying, measuring, and prioritizing risks
• Control Mechanisms: Specific procedures and policies for risk mitigation and management
• Reporting Framework: Documentation requirements, frequency of reports, and escalation protocols
• Review and Update Process: Procedures for periodic framework assessment and revision
• Compliance References: Citations of relevant BSP circulars and SEC regulations

An Enterprise Risk Management Framework differs significantly from a Risk Management Policy in both scope and application. While both documents address organizational risks, they serve distinct purposes in Philippine business operations.

• Scope and Structure: The Framework provides a comprehensive system for managing all organizational risks, while the Policy focuses on specific risk areas and detailed procedures
• Hierarchy: The Framework acts as an overarching structure that guides multiple policies, whereas the Policy implements specific parts of the framework
• Implementation Level: Frameworks operate at a strategic level, setting broad principles and governance structures, while Policies work at an operational level with specific guidelines
• Regulatory Alignment: The Framework must align with BSP's enterprise-wide risk management requirements, while Policies can be more focused on departmental or specific risk type compliance
• Review Cycle: Frameworks typically undergo less frequent reviews (annually or bi-annually), while Policies require more regular updates to address changing operational needs