Risk Management

Risk Management is an important cornerstone of CAO's businesses. CAO has built a strong and effective foundation of risk management infrastructure. We have also continued to reinforce our risk management culture through the motto: "Effective Control, Timely Support and Balanced Growth", which has become an important part of CAO's culture underpinning its strategic vision and mission.

Three-Tier Management Control Infrastructure

The Three-Tier Management – the Risk Management Committee ("RMC") at Board level, the Company Risk Meeting ("CRM") at management level and the Risk Management Department at operational level – forms the core of our risk management infrastructure and acts to further enhance our risk management capability.

The RMC (i) review and approve CAO's new businesses and establish appropriate risk limits; and (ii) identify acceptable levels of market, credit and operational risks that CAO is willing to and able to accept for its day-to-day operations.

The CRM periodically discusses and makes decisions on various risk management matters arising from day-to-day operations based on the scope of RMC's delegations. The CRM also sets appropriate risk limits for every new business activity and oversees CAO's risk management activities.

The CRM further ensures that all decisions of the RMC and policies are implemented and adhered to. The Head of Risk Management Department reports directly to both the CRM and the RMC. This dual reporting line ensures that the CRM plays an important and independent role in CAO's day-to-day risk management.

The Risk Management Department provides on-the-ground vigilance and responsiveness to ensure that CAO's risk management policies and procedures are being adhered to. The Risk Management Department ensures all deals are recorded and monitored daily. The Risk Management Department also ensures that risk reports are sent to the management, Trading Department and Finance Department on a daily basis and to the RMC members on a monthly basis. Any limit breach will be reported to the management and CRM within 24 hours with follow-up actions to address the breach. For effective management of operational risks, CAO has established appropriate work processes from the front to back office. Analyses were performed on issues arising from these processes and appropriate, timely measures and actions were taken to address these issues.

Training and Developing an Effective Risk Management Team

CAO understands that human capital is key to effective risk management. We maximise the organisation's human resources through effective work allocation for each member of the risk management team based on their knowledge, skills and abilities. This is further achieved through our two-prong approach in recruitment: (i) recruiting talents from the external market; and (ii) building up capabilities within the organisation via training programmes. We engage reputable trainers in the industry to customise risk management training programmes for CAO and invite specialists from BP to conduct training sessions for contract management and auditing. We also share best practices with the risk management department of CAO's parent company, China National Aviation Fuel Group Corporation ("CNAF"). These measures have significantly improved the capabilities and skills of our risk management team.

Inculcating a Strong Risk Management Culture

CAO inculcates a strong corporate risk management culture from the Board to the management team and further cascading to all employees. The motto "Effective Control, Timely Support and Balanced Growth" is deeply entrenched in the organisation.

To achieve "Effective Control", CAO has identified key indicators for managing market, credit and operational risks, and set appropriate risk levels for each indicator. CAO's control policies also seek to address non-quantifiable risks such as political and legal risks.

As for "Timely Support", credit and legal reviews for potential trading counterparties are completed ahead of time to support the trading activities. Employees are encouraged to suggest ideas to improve and optimise work processes through an incentive programme. Employees are also regularly tested on their understanding of daily work processes and company policies.

To support "Balanced Growth", the Risk Management Department conducts stress tests and risk assessments for new trading activities. For existing activities, the Risk Management Department gives ample warnings when utilisation is close to the limit and ensures that appropriate stop loss actions are taken. Risk assessments are conducted for new investment projects to consider factors such as alignment with CAO's strategy, capital adequacy and risks reward analysis.