Hap2py Risk Management Policy and Appetite Statement
Risk can be defined as an uncertainty to achieving objectives and might pose itself as a threat or an opportunity. A threat might materialise into a possible future event or action which will undermine Hap2py’s ability to achieve its goals, priorities and objectives as well as to successfully deliver approved strategies. Meanwhile, an opportunity is an event or action which will benefit Hap2py’s growth and development in terms of helping Hap2py to achieve its goals, priorities and to successfully deliver the promised returns to our investors.
As per the norm of the investment market, we will come across risks in literally every decision we make on a daily basis. Thus, managing and mitigating risks are essential parts of what we do everyday in order to deliver the promised investment returns to our fellow clients. It is beyond doubt that some risks will always exist but risk identification allows us to anticipate possible risks and be better prepared to mitigate and respond to them in the event that they materialise, especially in this increasingly volatile market environment.
Hap2py is not subject to any governmental or financial institution supervision and regulations. The risk management systems and procedures are reviewed and refined on an ongoing basis to comply with the relevant market standards, recommendations, and best practices.
The objectives of Hap2py are to:
1) Uplift the SME communities by creating financial opportunities for everyone.
2) Narrow down the SME financial gap, while providing both short-term and long-term investment options for individuals and businesses.
3) Offer a fair and safe investment environment where risk factors are being controlled.
4) Put investor money into good use for them in mind.
3.0 Risk Culture
The risk culture at Hap2py is made up of several key elements which include norms, attitudes and behaviour related to risk awareness, risk-taking, risk management as well as the controls that affect decisions on risks. Here at Hap2py, the sound risk culture was formed by all members of the staff ranging from the Senior Management to the ordinary staff who contribute actively to the creation of Hap2py’s risk culture. A sound risk culture can only be successfully created with the presence of a clear governance structure, policies and procedures. Apart from that, the daily actions and the way decisions are made and communicated within Hap2py are the elements that influence and shape the risk culture of the organisation. Furthermore, a sound risk culture is also determined and influenced by the presence of cooperation and constructive dialogues between staff of Hap2py which fosters a healthy working environment where staff can work towards a common goal in close collaboration with each other.
With a sound risk culture, Hap2py is able to ensure that the right responses towards different risks are carried out appropriately through a set of procedures aimed at identifying and neutralising different risks effectively. Integrity and the adherence to high ethical standards have always been the culture and principle of Hap2py. As we aim to achieve a high level of competence, Hap2py constantly encourages our employees to share information, skills and experiences with one another.
As an organisation with a high level of risk awareness, it has been our routine to regularly review and challenge existing practices. In order to better prepare ourselves for the unexpected risks, we have always been encouraging constructive challenges within Hap2py as a way to improve our risk-taking, risk culture and risk awareness. While strictly abiding by internal policies, regulations and procedures, we expect all individuals to contribute and promote a sound risk culture.
4.0 Risk Management and Internal Control
Hap2py’s approach to risk management and internal control are determined by the 4 goals as outlined below:
Goal 1: Risk Governance: Risk management as an integral part of the ethos, culture, policies and practices of Hap2py.
In order to achieve Hap2py’s desired goals and priorities, it is fundamental to respond to existing and new threats in the most effective manner possible. With that in mind, it is also equally important to identify and seize new opportunities. As an organisation which is firmly established on the basis of transparency and good governance, Hap2py only makes decisions based on evidence according to the different set of challenges at the time which requires high standards of corporate governance. Based on this key principle, Hap2py’s sound corporate governance and control environment are shaped by our well-above-average risk management procedures
In order to better achieve our goals and priority as well as to ensure a transparent decision-making process which in turn ensures the efficient usage of public resources, risk management plays a key role in the daily operation of the organisation. More importantly, a sound risk management system allows Hap2py to better prepare for unforeseen events.
We follow the actions below to help us achieve goal 1:
Action: The risk management of Hap2py will always be reviewed from time to time to adapt it to the various changes in the external market environment. By doing so, our risk management plays a key role as a guideline for our senior management and employees to formulate an adequate response towards any crises or risks when the need arises.
Action: The culture of risk management is inculcated into every aspect of Hap2py’s daily routines ranging from our daily investment business to our performance management. This is to ensure that every staff member will have a clear understanding of what to do in the event of an emergency.
Goal 2: Thanks to our organisational culture, our staff are empowered to undertake well-managed risk taking and are able to escalate risks and concerns should the need arise.
The strong risk culture which has been inculcated into our organisational culture enables our staff to react swiftly to events of emergency. Besides that, we also ensure that the risk taking among our employees is aligned with the risk management and culture of Hap2py.
We follow the actions below to help us achieve goal 2:
Action: To create a working environment where risks are carefully considered in every single decision we make, the senior management of Hap2py is obliged to lead the entire organisation by example through a combination of key values such as positive attitudes and behaviours.
Action: Other than displaying a set of positive behaviours and attitudes, the senior management of Hap2py also leads the entire team by example by taking ownership of the various risks that are inherent in each of the senior level staff’s respective levels to ensure that these risks are effectively managed and mitigated.
Action: We constantly encourage our staff to embrace a continuous improvement mindset particularly in the field of risk management in order to assess and evaluate past risk consideration and mitigation strategies to identify the aspects which can be further improved so that past mistakes won’t be repeated.
Action: We sought to create an environment where transparent and constructive discussions and dialogues regarding the various sets of existing and expected risks can be held. We will also ensure that all these discussions are held in a no-blame risk environment.
Action: The conveyance of messages among our staff from top to bottom and vice versa is conducted in an effective and transparent manner to ensure the clarity of the messages conveyed so that each member of the staff understands their respective roles and responsibilities in identifying the risks and opportunities that our line of work comes across everyday.
Goal 3: Risk skills: We constantly strive to nurture the skills and knowledge that are required to fulfil risk management responsibilities among our staff members.
As an organisation that seeks constant improvement, educating and upskilling our staff have always been the centrepiece of our risk management culture in order to ensure that their skills and knowledge are up to date to respond to the latest type of risks in the investment market.
We follow the actions below to achieve goal 3:
Action: As an organisation that emphasises the upskilling of employees, Hap2py has been constantly providing provisions that are necessary for fellow employees to adapt their risk management skills to the evolving risk environment in the investment market. These provisions include training, templates, guidance as well as allocating a specific amount of time for the discussion of risks during staff meetings.
Action: Employees are encouraged to proactively identify and mitigate risks that they and their colleagues come across. Discussions among staff regarding the identified risks are also highly encouraged.
Action: Whenever opportunities arise, group learning on risk management will be held among the senior management and employees of Hap2py not only to equip them with the essential knowledge and skills but also to foster a closer intra organisational relationship across different levels of management.
Goal 4: Hap2py’s Approach to Risk Management: Manage risks and opportunities at all levels – strategic, operational, programme, project and in collaboration activity in order to achieve our goals and priorities.
There has always been close collaboration between Hap2py’s senior management, employees and key partners in order to better identify, assess, own, manage and communicate key risks to the investment market.
We follow the actions below to achieve goal 4:
Action: A set of risk management procedures, which are highly consistent in nature and clearly set out the roles, responsibilities and reporting lines within the organisation, is adopted by Hap2py to ensure that responses to crises can be carried out smoothly.
Action: The management of risks is innovatively amalgamated into the daily operations of the organisation which include regulatory, finance, planning, performance management, key decision-making processes, project and programme, management and major change initiatives.
Action: In order to ensure that key risks remain visible and are actively addressed by the right level of the organisation, we maintain a risk register which is regularly updated with additional information regarding emerging risks.
Action: With the aim of constantly improving our risk management practices, Hap2py has always been actively engaging in numerous forums and benchmarking exercises where other organisations exchange information with each other regarding the best practices in risk management. On top of that, we also refer to national guidelines on risk management while reviewing our risk management practices.
5.0 Internal Control and Risk Management
In order to enable Hap2py to respond to various operational risks in an effective manner, the system of internal control is combined with key elements of risk management.
These elements include:
- Policies and procedures: There is a comprehensive set of policies and procedures which set out the appropriate responses toward different types of risk. The senior management is in charge of formulating, approving and disseminating these policies and procedures to the rest of the staff within the organisation. To ensure the effectiveness of the risk management and procedures in the long run, additional procedures will be drafted and added into the existing set of framework where necessary from time to time.
- Planning and performance management: Through the integration of risk management and Hap2py’s strategic, regulatory and financial planning among many other aspects which also include performance and budgeting management processes, we are able to more effectively identify the risks that are inherent in each investment platforms before formulating the right mitigation strategy to neutralise the risks.
- Horizon scanning: This strategy involves the evaluation of Hap2py’s business and investment processes, strategic planning and threat assessment on a regular basis, all of which allow the organisation to remain alert towards any emerging risks in the financial market.
- Reporting and Annual Report: Key risks and their control are closely monitored on a regular basis through the comprehensive bi-monthly reporting. Problems that are identified during this process will be rectified by a set of measures that are drafted and agreed upon at regular meetings within the senior management.
- Strategic Threat Assessment (STA): The STA is specially designed to guide Hap2py’s decision makers in prioritising and directing the organisation’s resources, relationships and regulatory efforts. Thanks to the STA, members of our staff are able to swiftly identify risks and share them within the organisation.
- Business continuity: Hap2py’s risk management system is comprehensively applied to the entire organisation through the business continuity process in order to ensure the organisation’s ability to continue operating and providing its services provision in the field of market investments after a catastrophic event. To safeguard Hap2py’s client capitals and business presence post-crisis, a complimentary Business Continuity Policy to Risk Management has also been developed alongside its corporate Business Continuity Plan.
- Anti-Fraud: In order to guide our employees to respond toward frauds in a professional and ethical way, Hap2py has also developed a complete set of fraud response guidelines which will be referred to by employees when responding to frauds.
- Whistleblowing: As an organisation which values and upholds the highest standards of openness, probity and accountability, employees of Hap2py are encouraged to speak up to their immediate superiors if they realise something is not right within the organisation. Hap2py’s whistleblowing policy will ensure that the identity of those who report on wrongdoings within the organisation will be protected and kept confidential.
- Audit and Accreditation Reports: All information and recommendations that are gathered from the works of internal and external auditors, government agencies, professional bodies and accreditation bodies are carefully referred to and taken into consideration to improve our standards at all levels.
6.0 Risk Appetite Statement of Hap2py
Through this risk appetite statement, Hap2py outlines the methodology applied by the organisation to balance threats and opportunities with the aim of facilitating the achievement of its objectives and goals. As an organisation which is governed by a risk management framework which complies with international standards, Hap2py has set out a clear risk appetite level which displays the organisation’s deep understanding and commitment toward risk management.
Apart from enabling Hap2py to respond to risks in a consistent manner, a well-established risk appetite statement also helps the organisation to be better prepared for any unforeseen events in the increasingly unpredictable financial market. As risks can be found literally in every daily aspect such as legal compliance and the choices we make in terms of investments and financial projects, Hap2py is always prepared to respond towards any event of emergency.
In general, the investment and business framework of Hap2py was formed on the basis of the risk appetite statement which was carefully drafted and approved by all members of the senior management. As stipulated in the framework, the senior management will directly deal with issues such as the breach of the appetite statement or tensions that resulted from implementation of the risk management framework.
Taking into consideration the constantly evolving business environment and investment platforms, it is also agreed that the risk appetite statement is subject to change from time to time. Therefore, this statement will be reviewed by the senior management of Hap2py on a regular basis and is subject to amendments at least once a year.
Based on this risk appetite statement, the risks are classified into two different categories namely, internal risks which are fully under our control as well as external risks which are beyond our control but still necessitate Hap2py’s attention and concern to neutralise them. Hence, several contingency plans were also formulated for employees to refer to while addressing the identified risk factors.
7.0 Overarching Risk Appetite Statement
As a reputable investment organisation with financial interests which covers a wide array of economic sectors across the country and beyond, Hap2py has a number of risk appetites instead of a single one. Thus, while pursuing to achieve its various goals and objectives in investment, Hap2py may choose to accept varying levels of risks in different areas according to its expertise and experience. Nonetheless, before choosing to venture into projects that are known to have higher risk, the potential benefits and threats that could result from such a venture will be studied thoroughly beforehand. Besides that, risk mitigation measures will also be set up first before venturing into investment areas of higher risks.
8.0 Risk Appetite Definitions
The table below outlines Hap2py’s risk appetite definitions:
|Hungry||Emphasises on engaging in activities or projects which offers numerous opportunities and high rewards despite the high residual risks which comes along with these ventures.|
|Open||Partake in activities which sought to strike a balance between the high possibility of a successful delivery and a high degree of reward and value for money.|
|Cautious||Eager to engage in projects that possess a certain degree of risk with prior knowledge that the said project(s) might carry significant reward. This also includes projects with high residual risks that are assessed as controllable by the company.|
|Minimalist||Restrict the participation of projects within the limits of those that can safely deliver financial returns with low risk. The availability of opportunity and level of rewards are not taken into consideration under this risk appetite.|
|Averse||Only pursue projects that do not carry inherent risks and are known to bring steady returns.|
9.0 Business Area Risk Appetite Levels
The following list elaborates Hap2py’s risk appetites across a range of activities and projects
- Legal (Compliance): We maintain an averse risk appetite towards behaving illegally, unrealistically, irrationally or other ways which might undermine the works and reputation of our organisation
- Information Governance: As an organisation which holds sensitive databases of our clients and relies heavily on information and data analysis of the latest global market outlook, we are fully committed towards guarding these data to avoid wrongful disclosure which will eventually harm our reputation as an organisation. Therefore, our appetite for such risk is minimal in all business ventures that we pursue.
- Investments: As we sought to bring higher levels of financial returns to our clients to boost their investment capital, we are driven to adopt an open risk appetite when it comes to venturing into new investment platforms which promise higher returns.
- Anti-fraud and financial controls: As fraudulent behaviours and other acts of fraud will not only undermine our reputation but also hinder the ability of Hap2py to function normally, we are averse to all fraudulent activities both within and outside of the organisation. To detect fraudulent activities, an early detection mechanism is set up to identify and mitigate any known suspicious activity.
- Security: Due to the increasing level of cybersecurity and physical risk that Hap2py faces which is similar to many other corporate organisations, Hap2py maintains an averse risk appetite towards cybersecurity threats which will incur irreparable harm to the reputation and daily operations of the organisation.
- Organisational controls and compliance: As the range of services we offer continues to grow and expand over the years, we maintain a cautious appetite towards the upkeep and enhancement of the processes, systems and provisions that support our daily operations.
- Reputational: As an organisation which builds its name on its reputation among its client base across the region, shaping a positive reputation of Hap2py by ensuring the exceptional quality of our services has always been our main priority. We remain cautious towards any internal or external factors which might harm our reputation.
- Staff recruitment, retention and development: Having placed much emphasis on enhancing the skills and knowledge of our staff, Hap2py has been constantly seeking for ways to upskill our employees which will in turn improve the quality of the services we provide. Hence, when we identify poor performance among our staff, we will act with caution to provide the identified staff with training and other provisions to help them improve their performance.
- Staff misconduct: Considering the detrimental effects that staff misconduct can potentially have on the reputation of the organisation, we remain averse towards any sort of staff misconduct which we will tackle in order to maintain the professionalism of our staff.
- Investment guidance and strategy: In order to achieve our strategic investment goals, we are open towards taking proportionate risks that are able to provide us with other advantageous opportunities.
- Innovation: Well-managed risks are something that we are willing to take if it is able to create opportunities in return for us to expand into a wider financial market. Hence, we remain open towards taking proportionate risks as long as the benefits outweigh the inherent risks.
- Infrastructure and resources: We strive to constantly improve on our existing infrastructures and manpower in order to deliver services that are of exceptional quality. Thus, we have an open risk appetite in this area as we seek new opportunities to improve on our IT, accommodation, budgeting, staffing resources and similar infrastructure and resources.
10.0 Risk Capacity
By analysing and comprehending its risk environment as outlined below, Hap2py is able to determine its risk capacity:
- Reputation: can Hap2py withstand pressures that result from the numerous financial ventures which it engages in
- Financial: Is there a sound financial contingency for the ventures
- Infrastructure: Is the current risk management infrastructure sufficient to manage risk
- Human resources: Is there sufficient manpower who is skilled enough to manage risks
- Knowledge: Does the organisation have access to sufficient knowledge necessary for the mitigation of risks
11.0 Risk Tolerance and Thresholds
The risk appetite sets out the amount of risk Hap2py is willing to take in order to achieve its strategic goals whereas risk tolerance can be defined as the level of risk taking that the organisation can afford in pursuit of its objectives. To better evaluate the level of risk that can be tolerated by the organisation, the risk tolerance of Hap2py is evaluated through a set of qualitative measurements.
By formulating a sound risk tolerance measure, Hap2py will be better prepared when it comes to mitigating, accepting and pursuing specific types of risk. Moreover, a clear boundary and threshold is set to determine the level of risk taking that is deemed acceptable by Hap2py. Last but not least, it also functions as a guideline for employees to refer to in the event when certain risks that are beyond the accepted level of risk tolerance start to emerge as a consequence of certain decisions that are made.
In order to ensure that our employees fully understand our risk tolerance level, Hap2py has laid out a clear set of tolerance levels for different organisational projects and activities. More significantly, a risk contingency plan is also established by Hap2py which will be activated by the senior management when a risk level which exceeds way beyond the approved threshold emerges