Operational risks The Bank identified the following operational risks with the respective severity and frequency ratings: $1.$Regulatory constraints $(3$;$3)2.$Threats posed by emerging technology companies $(4$;$4)3.$Psychological effects of Covid$-19(2$;$2)4.$Fraud via digital channels $(3$;$3)5.$Inadequate procedures to detect internal fraud and staff defalcations $(3$;$2)6.$Resourcing for ESG risk management $(3$;$3)7.$Technology instability $(4$;$3)8.$Unawareness of customers regarding digital fraud $(3$;$4)9.$Resourcing skilled staff for risk management $(4$;$5)10.$Operational dependence on third parties $(4$;$2)11.$Back$-$to$-$back extreme weather events $(5$;$3)12.$Ransomware attacks $(5$;$5)$ The Bank approved the following rating scales for impact and frequency for a risk and control self$-$assessment: Severity $12345$ Insignificant Minor Moderate Major Severe Frequency $12345$ Rare Unlikely Likely Almost certain Certain The following risk$-$mitigating actions were identified for some of the operational risks: Supporting programmes for employees to deal with post$-$pandemic stress. Staff wellbeing initiatives. Development of internal fraud detection processes and prevention tools. Improvement of business resilience capability and regular disaster recovery testing. Awareness programmes for customers to educate them on digital fraud $($e$.$g$.,$ Cyberattacks$).$ Intensive market research for skilled staff and appointments. Intensive training programmes for staff upskilling in terms of technology management. Monitoring of regulatory requirements. Updated policy on climate$-$change management. The increased Board focuses on ESG$-$related issues, such as climate change and the potential influences of floods and drought. Regular business continuity management exercises and disaster recovery testing. Monitoring of service agreements with third parties. Continuous collection and analysis of information on third parties to identify risk exposures. Continuous monitoring of systems to proactively detect fraud via digital channels. Proactive engagement and collaboration with regulators on existing and new technologies and regulations. Proactive policy support to deal with threats from emerging technology companies. Ensuring adequate natural disaster insurance. Updated and regularly tested business continuity management plans. Procedures to ensure continuous environmental risk research and analysis for effective resourcing of ESG risks. Governance The Bank is governed by various committees, which include the Board Audit Committee and the Board Risk Management Committee. The Board mandates these committees, and members have the requisite skills and expertise to manage risks and serve on these committees. The functions of the committees are structured and aligned with the three levels of risk management. Risk appetite Regarding operational risks, the Bank has zero tolerance for unfair and fraudulent outcomes due to inappropriate behaviour, wilful breaches of regulatory requirements, and internal fraud. Risk management culture The Bank endeavours to embed a strong risk management culture by performing operations correctly. Staff is educated on the principles, standards, values and ethics related to effective risk management. Risk reporting Identified risk exposures are reported regularly to the appropriate management levels and escalated to the responsible board committees where necessary. The operational risk report is aimed at the Bank's stakeholders and the regulatory bodies. Use the severity and frequency ratings of the risks to draft a risk map indicating the risks and calculate the probability of the six key risks.