Banpu manages regulatory compliance risk through a structured process known as the “Regulatory Compliance Risk Management Cycle,” aligned with ISO 37301:2021. The Cycle consists of 4 elements.
1. Identification: Regulatory compliance risk identification is a deliberate, systematic process designed to identify and document regulatory compliance risk. These include obligations arising from laws, regulations, permits, and other legal requirements.
2. Assessment: Regulatory compliance risk assessment is an essential part of the framework. It enables risk owners to gain a comprehensive understanding of their exposure to compliance risk associated with business activities.
3. Reporting: Regulatory compliance risk reporting allows corporate compliance and local compliance teams to track the Company’s exposure to compliance risks across the group. To make appropriate business decisions, it is therefore essential that the reporting is done in a timely, accurate, and complete manner.
4. Monitoring: Monitoring is an ongoing process that serves both predictive and detective functions. It enables early identification and correction before escalating into non-compliance events. It also verifies that the controls throughout the Cycle are functioning as intended. Monitoring enhances the accuracy, efficiency, and effectiveness of the Cycle by identifying potential or actual control failures.
English 
Thai