Sustainability
Go to Corporate Site
EN / TH

Risk Management

Our Commitment

JMT Network Services Public Company Limited recognizes the importance of risk management as a critical tool to support sustainable and stable business growth. Business risks may arise from various factors, including rapidly changing economic conditions, shifts in regulations and laws, industry competition, and internal organizational factors such as process vulnerabilities or operational errors. If not properly managed, these risks can lead to severe negative impacts on operations and the company’s reputation.

To address these challenges, the Board of Directors and management have integrated risk management into corporate strategy and good governance practices. Comprehensive policies and procedures have been established, covering risk identification, impact assessment, risk prioritization, and the implementation of measures to mitigate or control risks to an acceptable level.

The company also fosters a culture of risk management by raising awareness and understanding among employees at all levels through training, meetings, and regular communication. Employees are encouraged to participate in identifying risks and collaboratively developing appropriate preventive measures. This commitment strengthens collective responsibility within the organization and promotes proactive efforts to minimize future risks.

Effective risk management reinforces stakeholders' confidence—including investors, partners, customers, and business associates—that the company can handle uncertainties in the business environment efficiently. It lays a solid foundation for long-term growth.

JMT Network Services Public Company Limited is committed to prudent and sustainable risk management principles to maintain organizational stability and create value for all stakeholders across all dimensions of its operations.

Stakeholders Directly Impacted

Employees
Customers and Consumers
Shareholders and Investors
Partners and Business Associates
Communities and Society
Government agencies and regulators

Supporting the SDGs Goals

SDG 8
Decent Work and Economic Growth
SDG 12
Responsible Consumption and Production
SDG 16
Peace, Justice and Strong Institutions
ESG Performance Data
Driving Sustainability with Outstanding Performance Metrics
Explore More

Management Approach

JMT Network Services Public Company Limited is committed to promoting and advancing good corporate governance across all dimensions of its business operations. The company has adopted the principles of Enterprise Risk Management (ERM), a widely recognized international standard, as a key framework for managing risks within the organization and its subsidiaries.

This approach is based on the risk management framework developed by COSO (The Committee of Sponsoring Organizations of the Treadway Commission), a comprehensive and globally proven standard for managing organizational risks. To ensure the success of the company’s risk management efforts, both in terms of efficiency and effectiveness, the Board of Directors, management, and employees at all levels are required to strictly adhere to the established risk management policies.

Compliance with these policies is not merely a business requirement but is also an integral part of fostering an organizational culture that prioritizes sustainable risk management practices.

Risk Management Structure

The company recognizes the importance of enterprise risk management, which plays a critical role in enabling the company to achieve its strategies, objectives, or goals. It also supports good corporate governance and sustainable growth. Therefore, the company has established a risk management policy to serve as a guideline and operational framework for all departments within the company and its subsidiaries.

Risk Management Structure
Click to Enlarge
  • The Board of Directors is responsible for supporting, promoting, and overseeing the management of risks that may have a significant impact on the company.
  • The Audit Committee is responsible for overseeing and independently monitoring risk management, reviewing the internal control system, communicating with the Executive Committee, and reporting to the Board of Directors regarding risks.
  • The Executive Committee is responsible for approving risk management policies, monitoring the development of processes, and evaluating risks. Additionally, they communicate and coordinate with the Audit Committee regarding significant risks.
  • The Chief Executive Officer is responsible for creating and reviewing risk management policies to align with changing circumstances, ensuring that the company has adequate and appropriate risk management plans in place.
  • The Legal Officer / Regulatory Authority is responsible for establishing frameworks, plans, and processes for risk management within the department, presenting them to the Executive Committee for approval, and supporting and monitoring the department's risk management within their area of responsibility.
  • The Internal Auditor is responsible for reviewing the internal control systems and the risk management operations.
  • Supervisors and employees are responsible for identifying, measuring, controlling, monitoring, and reporting risks, as well as collaborating in the development and implementation of risk management plans.

Risk Management Process

The company continuously evaluates and monitors risk issues, taking into account both internal and external factors that may impact its operations across all dimensions. The company’s risk management process is systematically and comprehensively designed to effectively identify, analyze, and manage risks, focusing on maintaining risks at an acceptable level.

The company recognizes the importance of appropriate risk management to support business operations in alignment with its strategies, objectives, and goals, while also enhancing long-term stability and sustainability. The process consists of the following 8 steps:

  • 1

    Strategy and Objective Setting

    Define strategies and objectives for the operations of all departments, and ensure that employees establish clear business strategies, objectives, or work goals that align with policies, targets, strategies, and acceptable risks.

  • 2

    Identifies Risks

    The responsible department heads and employees should understand the risks, risk factors, and identify potential risks that may arise from both internal and external factors, which could result in both positive and negative events affecting the achievement of objectives.

  • 3

    Assesses Severity of Risk

    The responsible department heads and employees should assess the risk based on the likelihood of an event occurring and the severity of its impact if the event were to occur.

  • 4

    Prioritizes Risks

    The responsible department heads and employees should prioritize and address the urgency of managing risks. Activities with high risks and significant importance to achieving the strategy and objectives should be managed as a top priority. Activities with high risks but lower significance should be managed as the next priority.

  • 5

    Implements Risk Responses

    The responsible department heads and employees should consider effective and efficient risk management methods, taking into account the acceptable level of risk, the costs involved, and the benefits to be gained. The risk response may involve choosing one method or a combination of several methods to reduce the likelihood or probability of an event occurring and the severity of its potential impact.

  • 6

    Develops Portfolio View

    The responsible department heads and employees should develop risk management by integrating risk factors and the interrelationships between different departments, creating a shared risk management database for collaborative risk management.

  • 7

    Review and Revision

    The responsible department heads and employees should ensure the monitoring of risks and review the results of risk management, making necessary adjustments to improve the process. This is to ensure that risk management is appropriately applied at all levels of the company, and that risks with significant impacts on achieving the company's objectives are reported to the responsible parties.

  • 8

    Monitoring

    The responsible department heads and employees should ensure the continuous monitoring and review of risk management, communicate risk-related information, and report the results of risk management to the management committee regularly.

This is to focus on improving the corporate governance system to align with best practices in governance, as well as regulations and requirements from authorities and supervisory agencies. To keep the risk management policy current and suitable for the situation and changes, the company has established a requirement to review the risk management policy at least once a year.

Business Continuity Plan

The Business Continuity Plan (BCP) is designed to enable various departments within the company to respond and continue operations during crises or emergencies, whether they result from natural disasters, accidents, or malicious acts. The goal is to ensure that these crises or emergencies do not disrupt business operations or prevent continuity. If an organization lacks a response process during such times, it may impact various stakeholders in terms of economics, service delivery, society, communities, the environment, and even the lives and property of the public.

Therefore, developing a business continuity plan is crucial for enabling the organization to cope with unexpected emergencies, ensuring that critical business processes can resume operation at normal levels or within the defined service levels. This helps minimize the severity of impacts on the organization.

To address the uncertainty of such situations, businesses need to continuously analyze risks, prioritize them, and implement systematic risk management plans. Additionally, the business continuity plan should be practiced in simulated events to identify improvements and refine the plan, while also evaluating staff capability and plan effectiveness in responding to crises. This process involves the following management steps.

Assessing the impact of a crisis: This involves preparing plans in advance and being ready to handle any situation that may arise, ensuring that departments can continue their operations without interruption.

  • 1

    Establish a Business Continuity Management Team

    To ensure the effective implementation of the Business Continuity Plan (BCP), with clearly defined responsibilities, reducing redundancy in addressing situations.

  • 2

    Analyze Business Impact

    Prioritize impacts in both qualitative terms and workflows that need immediate attention, ensuring that the company can recover and return to normal operations as quickly as possible.

  • 3

    Emergency Notification Process (Call Tree)

    Notify members of the Business Continuity Management Team (BCP Team) with accurate and consistent information, so each member can prepare their response plan systematically, based on the shared understanding of the event and their clear responsibilities.

  • 4

    Business Continuity and Recovery Plan

    Carry out actions to restore the situation and bring it back to normal as quickly as possible.

  • 5

    Review and Update the Business Continuity Plan

    Require management to regularly update the "Business Continuity Plan (BCP)" to enhance its effectiveness and ensure it aligns with the current situation, reviewing it annually.

Business Continuity Plan : BCP
Download

Crisis or Emergency Management

The Business Continuity Plan (BCP) is used to ensure preparedness in case of a crisis or emergency situation at the office or within any department. The company must prepare a plan in advance and be ready to respond to any potential situations to ensure that operations can continue uninterrupted. The company has considered the potential impacts that may arise, as follows:

1
Flood event
2
Fire event
3
Power outage
4
Protest / Riot event
5
Terrorist event
6
Pandemic / Severe infectious disease event
Emergency situation
Click to Enlarge

Key Business Functions Management

To effectively respond to emergencies and potential disasters that may occur at any time, the Company has established strategic guidelines for managing its key business functions. These guidelines ensure the continuity of business operations under changing circumstances in a professional, timely, and highly efficient manner. The measures are outlined as follows:

  • 1

    Customer Management System

    1.1 Back up the customer database on a high-standard cloud platform or secondary server, with regularly scheduled data backups at appropriate intervals.

    1.2 Prepare an additional backup method for customer data using Excel files, to ensure access in case of internet network disruptions.

    1.3 Restrict customer data access only to authorized departments to prevent data breaches during emergency situations.

  • 2

    Debt Collection Telephone System

    2.1 Regularly inspect and maintain the functionality and performance of debt collection phones to ensure optimal readiness.

    2.2 Establish official online communication channels between staff and customers and notify customers of these alternatives in advance, in case the telephone system becomes unavailable during emergencies.

  • 3

    Debt Payment and Collection Recording System

    3.1 Communicate the Company’s official payment channels to customers regularly to prevent fraud or impersonation attempts during emergencies.

    3.2 Develop a temporary debt collection record form using Google Sheets to allow for continuous internal communication and coordination in the event that the primary debt collection system is unavailable.

  • 4

    Customer Service and Help Desk

    4.1 Headquarters and branch-based debt collection officers must continuously communicate and monitor emergency situations to ensure accurate and consistent awareness, enabling prompt and precise communication with customers.

    4.2 Assign staff with strong listening and professional communication skills to handle customer inquiries effectively and minimize potential misunderstandings.

  • 5

    Human Resources Management System

    5.1 Prepare a plan for recording employee working hours during emergency situations.

    5.2 Develop a system for regularly checking employee headcount and status to ensure their safety and to enable swift support in urgent situations.

    5.3 Establish an additional backup method for monthly salary disbursement in case the standard payment method becomes temporarily unavailable.

Sustainability Risk Management

In today's world filled with volatility — arising from rapidly changing economic conditions, persistently high household debt levels, evolving regulatory requirements, technological advancements, and increasingly sophisticated cyber threats — non-performing loan and non-performing asset (NPL/NPA) management businesses inevitably face risks that are diverse and interconnected across multiple dimensions. Risk management is therefore not merely a tool for loss reduction, but a critical mechanism of good corporate governance that reflects transparency, accountability, and long-term sustainability. For JMT, risk management forms an integral part of the corporate strategy formulation process, as significant risks may directly affect asset portfolio quality, debt collection efficiency, stakeholder confidence levels, and the organization's financial stability. Risk management must therefore be conducted systematically, comprehensively, and with a proactive focus, taking into account the impacts on all stakeholder groups.

The Company conducts risk management under the Enterprise Risk Management (ERM) approach in accordance with the COSO Framework, covering strategic, financial, operational, legal, and information technology risks, as well as sustainability risks such as climate change risks, personal data protection, and human rights issues related to debt collection processes. The Company integrates risk management into its corporate governance system, with a dedicated board committee overseeing risk matters, establishing policies, practices, and continuous monitoring and evaluation mechanisms, to ensure that the Company is able to appropriately respond to challenges arising from economic, social, and environmental factors, and to support the sustainable achievement of strategic objectives

Risk of Personal Data Breach and Non-Compliance with the PDPA

JMT faces risks of personal data breaches and non-compliance with the Personal Data Protection Act (PDPA), as the non-performing loan and non-performing asset (NPL/NPA) management business requires the collection, use, and processing of large volumes of debtor and related party data — including financial information and sensitive data — across multiple systems and departments. Risks may arise from inadequate access controls, employee errors, use of external service providers, cyber threats, or practices that are inconsistent with legal requirements, which may lead to data leakage or use of data beyond its intended purpose, affecting reputation and confidence, and giving rise to legal risks and financial penalties.

Risk Management Approach

  • Establish a personal data governance framework covering policies, roles and responsibilities, and data usage criteria.
  • Enhance access controls and information system security.
  • Oversee service providers and partners to ensure strict compliance with the PDPA.
  • Strengthen employee awareness and preparedness for data breach incidents.
Risk of Shortage of Personnel with Specialized Skills and Experience

JMT faces risks from the shortage and retention of personnel with specialized expertise that is critical to the non-performing loan and non-performing asset (NPL/NPA) management business, such as expertise in debt portfolio analysis, asset valuation, debt restructuring negotiation, relevant laws, and information technology.

Competition in the labor market, regulatory changes, and rapid technological developments make the recruitment and development of personnel challenging, while resignations in key positions or over-reliance on key personnel may affect operational continuity, decision-making quality, and knowledge transfer, impacting the operational efficiency of the business, personnel costs, and the Company's growth capability.

Risk Management Approach

  • Formulate a human resources strategy, defining critical skills and workforce plans aligned with business direction.
  • Enhance personnel development and retention through Upskilling/Reskilling and succession plans for key positions.
  • Strengthen motivation and improve work processes through technology to increase efficiency and reduce reliance on key personnel.
Climate Change Risk

JMT faces risks from climate change in both the dimensions of physical impacts (Physical Risk) and risks from the transition to a low-carbon economy (Transition Risk). Although the Company's core business is non-performing loan and non-performing asset (NPL/NPA) management, which is not an activity that directly generates high levels of greenhouse gas emissions, climate risks may indirectly affect the debtor base, managed assets, and the Company's operational continuity. In terms of physical impacts, extreme weather events such as floods, heatwaves, or storms may affect operational premises, information technology systems, and non-performing assets held for sale.

This also affects the debt repayment capacity of debtors impacted by disasters, which may increase risks to the Company's asset portfolio quality and cash flows. Additionally, risks arising from the transition to a low-carbon economy and increasingly stringent climate governance may affect ESG disclosure requirements, risk management in accordance with international standards, and the expectations of investors and stakeholders. Should the Company be unable to develop its data systems, strategies, and management processes in alignment with such trends, this may affect its reputation, confidence, financing costs, and long-term competitive capability.

Risk Management Approach

  • Regularly monitor and assess climate risks, covering physical impacts, transition to a low-carbon economy, and legal requirements, and apply assessment findings to adjust strategies and business plans appropriately.
  • Formulate and review business continuity plans, strengthen assets and infrastructure, and improve energy and resource efficiency to reduce long-term operational impacts and costs.
  • Integrate climate issues into strategic decision-making and investment, develop data systems, governance, and disclosures in alignment with relevant standards and requirements, and communicate progress transparently to stakeholders.
Human Rights Risk

JMT faces human rights risks arising from the nature of its non-performing loan and non-performing asset (NPL/NPA) management business, which involves direct interactions with debtors, employees, and partners — particularly in debt collection processes, debt restructuring negotiations, and personal data management. If conducted inappropriately, these activities may affect the human dignity, privacy, and fair treatment of debtors. Such risks also extend to the treatment of employees and the oversight of partners involved in debt collection. If not conducted in accordance with human rights principles and relevant laws, this may affect the Company's reputation, stakeholder confidence, and give rise to long-term legal risks.

Risk Management Approach

  • Establish group-level human rights policies and commitments in alignment with international principles, and communicate these to employees and partners throughout the value chain.
  • Conduct a systematic Human Rights Due Diligence (HRDD) process to identify, prevent, and mitigate potential impacts arising from the operations of the organization and its partners.
  • Provide accessible complaint and remedy mechanisms, and promote human rights knowledge and awareness within the organization.
Corruption Risk

JMT faces corruption risks arising from its non-performing loan and non-performing asset (NPL/NPA) management business, which involves the acquisition of debt portfolios, asset disposal, and collaboration with partners and external service providers. Risks may arise from the receipt or giving of bribes, conflicts of interest, or abuse of authority, which may affect transparency and reputation, and give rise to legal and financial damage if internal controls are insufficient.

Risk Management Approach

  • Establish group-level anti-corruption policies and frameworks covering executives, employees, and partners.
  • Strengthen internal controls, approval processes, and auditing, and appropriately manage partner-related risks.
  • Promote an organizational culture of integrity and provide complaint-receiving mechanisms with whistleblower protection.
Responsible Lending and Financial Fairness Risk

JMT operates a non-performing loan and non-performing asset (NPL/NPA) management business, which is directly involved in financial service access and the management of customers' debt burdens. Risks relating to responsible lending and financial fairness arise from the determination of repayment conditions, debt restructuring negotiations, debt collection processes, and communications with debtors that may not be consistent with principles of fairness, transparency, and customers' actual repayment capacity. If operations are conducted inappropriately, this may result in complaints, scrutiny from regulatory authorities, reputational damage, and financial impacts on the Company — particularly with respect to financially vulnerable customer groups, who must be served strictly under the principles of responsible lending and debt management.

Such risks are influenced by external factors, including economic conditions, regulations, and household debt structures. Persistently high household debt levels and weak purchasing power have left a large number of debtors with multiple debt obligations and diminished repayment capacity, increasing the likelihood of default and the complexity of debt restructuring. At the same time, increasingly stringent oversight from government authorities, together with amendments to consumer protection and debt collection laws, require the Company to exercise greater care in determining repayment conditions and debt collection processes to ensure compliance with laws and principles of good governance. As a debt management business operator, JMT therefore plays an important role in appropriately managing such risks by striking a balance between business efficiency and fairness to debtors, in order to maintain stakeholder confidence and the long-term stability of the organization.

Risk Management Approach

  • The JMART Group establishes a financial fairness governance framework and conducts regular oversight to ensure that subsidiaries conduct business transparently, fairly, and in compliance with relevant laws and requirements.
  • Establish consumer protection and business ethics policies, oversee compliance with relevant laws and regulatory requirements, provide a group-level complaint-receiving and follow-up system, and regularly report risk status to the Board of Directors.
  • Monitor complaint-related indicators and the satisfaction of relevant stakeholders.
  • Establish debt collection practices in compliance with laws and ethical principles, promote debt restructuring appropriate to debtors' capacity, systematically monitor and analyze complaints, and provide continuous training for officers.

Emerging Risk Management

Risk of adopting artificial intelligence (AI) technology without a sufficient governance framework.

JMT faces risks from the adoption of artificial intelligence (AI) technology across multiple processes of its non-performing loan and non-performing asset (NPL/NPA) management business, including debt portfolio analysis, repayment capacity assessment, debtor behavior prediction, debt collection prioritization, as well as the use of automated calling systems to contact debtors in cases that are difficult to reach or require multiple call attempts, in order to enhance debt collection efficiency.

Although the use of AI can improve accuracy and efficiency in data-driven decision-making, the absence of a clear governance framework may give rise to risks relating to the accuracy, fairness, and transparency of outcomes.

This includes the appropriateness of the format and frequency of communications with debtors. The use of large volumes of personal data and financial data in AI systems, if not subject to sufficient control measures, may lead to risks of violations of the Personal Data Protection Act (PDPA), algorithmic bias, or decision-making that is inconsistent with ethical principles and societal expectations. The uncertainty of the legal framework and AI practices that are still under development further increases governance and reputational risks to the organization over the long term.

Risk Management Approach

  • Establish a group-level AI governance framework to define principles, scope, and responsibilities for usage in alignment with laws, ethics, and organizational strategy.
  • Manage data and privacy risks by establishing control measures for the use of data with AI systems in compliance with relevant laws and standards.
  • Control the quality and transparency of AI usage, particularly in decision-making processes that affect stakeholders, to ensure accuracy, fairness, and explainability.
  • Promote knowledge and responsible use of AI, and monitor and update approaches in accordance with evolving regulations.
Geopolitical risks and global economic uncertainty

JMT faces risks from volatility in geopolitical conditions and global economic uncertainty, which may affect the direction of interest rates, inflation, liquidity within the financial system, and the Company's financing costs. Such risks are macroeconomic risks that may affect the purchasing power of the population, the debt repayment capacity of debtors, and the level of credit risk in the overall economy.

An economic slowdown or highly volatile conditions may increase default rates, affecting asset portfolio quality, debt recovery rates, and the Company's cash flows. At the same time, volatility in interest rates and money markets may increase financing costs and affect the ability to invest in new debt portfolio acquisitions or manage the capital structure effectively. Geopolitical and global economic risks therefore have an effect on JMT's financial stability, asset portfolio management, and ability to achieve its long-term growth objectives.

Risk Management Approach

  • Regularly monitor and assess macroeconomic risks, considering the direction of interest rates, inflation, purchasing power, and debt quality, in order to adjust strategies and business plans appropriately.
  • Prudently manage liquidity and capital structure to accommodate financing cost volatility and support operations under conditions of economic uncertainty.
  • Review investments and business expansion with due consideration of acceptable risk levels, while closely managing credit, debtor, and partner risks.
  • Enhance operational efficiency and control costs to maintain profitability amid economic volatility.

Related Documents

Business Continuity Plan : BCP
Download
Risk Management Policy
Download