Jaymart Public Company Limited Sustainability
EN
TH

Risk Management

Risk <span class="page-header__title-highlight">Management</span>

Our Commitment

Jaymart Group Holdings Public Company Limited recognizes the importance of risk management as a cornerstone in supporting the stability and sustainability of its business across all dimensions. This is particularly critical in the context of rapidly evolving business environments influenced by economic, technological, and regulatory factors, as well as changing consumer behaviors. If not effectively managed, these risks can present challenges that impact the company’s operations, growth, and reputation.

To prepare for such uncertainties, the Board of Directors and management have established a comprehensive and effective risk management framework. This framework integrates risk management into good corporate governance practices and strategic planning for both the short and long term. The company's risk management processes include identifying and assessing risks, prioritizing them, and implementing appropriate measures to control or mitigate risks to acceptable levels. These measures address both internal factors, such as human resource management, systems, and internal processes, as well as external factors, such as global economic conditions, industry competition, and regulatory changes.

Moreover, the company promotes a thorough understanding of the role of risk management among employees at all levels, encouraging active participation in mitigating risks relevant to their responsibilities. This is achieved through training programs, advisory support, and open communication to raise awareness about risks and appropriate management strategies. In addition, the company places a high emphasis on leveraging technology and innovation to enhance its capability to monitor and manage risks across all areas effectively.

High-quality risk management also strengthens the confidence of stakeholders, including investors, partners, customers, and business allies, ensuring that the company is well-prepared to handle potential scenarios and effectively address uncertainties. This enables the company to continue its operations seamlessly and maintain its competitive edge in the market.

With this commitment, Jaymart Group Holdings Public Company Limited integrates risk management as part of its organizational culture to build trust and confidence among its stakeholders. This approach ensures the company’s operations remain efficient, transparent, and sustainable in the long term.

Supporting The SDGs Goal

Advancing global sustainability through alignment with the UN SDGs.

SDGs 8
SDGs 12
SDGs 16
Stakeholders Directly Impacted
Employees
Employees
Customers and Consumers
Customers and Consumers
Shareholders and Investors
Shareholders and Investors
Partners and Business Affiliates
Partners and Business Affiliates
Communities and Society
Communities and Society
Government Agencies and Regulators
Government Agencies and Regulators

Management Approach

The company places great importance on managing risks, particularly new risks related to its business operations. The company implements risk management policies throughout the organization (Enterprise Risk Management: ERM) based on international standards set by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Risk assessments are conducted annually to ensure that the business grows on a foundation of sustainability.

The company also adopts a Business Continuity Management Policy and a Corporate Investment Policy to proactively plan for potential crises, reducing the impact of business disruptions. The company analyzes and considers risk factors in three dimensions: Economic, Social, and Environmental (ESG), which helps ensure that business operations and investments are effective and sustainable within the established risk management framework. This framework is connected to the organization’s internal controls and audits in a systematic manner.

The company evaluates both normal and emerging risks across the organization to prepare for changes in factors that could affect the company’s business objectives. These changes may result in new business models that could impact existing products or services. Additionally, the company is committed to engaging employees in risk management to foster an organizational culture that is vigilant about potential risks. The results from risk assessments and management are used to set strategies, goals, and business development plans for both the short and long term.

Risk Management Structure

The company recognizes the importance of enterprise risk management, which plays a key role in helping the company achieve its strategic goals, objectives, or targets, as well as supporting good corporate governance and stable, sustainable growth. Therefore, the company has established a risk management policy to serve as a guideline and framework for all departments within the company and its subsidiaries.

Risk Management Structure
Click to Enlarge
  • The Board of Directors is responsible for supporting, promoting, and overseeing the management of risks that may have a significant impact on the company.
  • The Audit Committee is responsible for overseeing and independently monitoring risk management, reviewing the internal control system, communicating with the Executive Committee, and reporting to the Board of Directors regarding risks.
  • The Executive Committee is responsible for approving risk management policies, monitoring the development of processes, and evaluating risks. Additionally, they communicate and coordinate with the Audit Committee regarding significant risks.
  • The Chief Executive Officer is responsible for creating and reviewing risk management policies to align with changing circumstances, ensuring that the company has adequate and appropriate risk management plans in place.
  • The Legal Officer / Regulatory Authority is responsible for establishing frameworks, plans, and processes for risk management within the department, presenting them to the Executive Committee for approval, and supporting and monitoring the department's risk management within their area of responsibility.
  • The Internal Auditor is responsible for reviewing the internal control systems and the risk management operations.
  • Supervisors and employees are responsible for identifying, measuring, controlling, monitoring, and reporting risks, as well as collaborating in the development and implementation of risk management plans.
Risk Management Structure and Responsibility

Management and all employees of the group companies are the owners of risks, with shared responsibility for identifying and assessing risks within their respective departments. This includes determining appropriate measures to manage the risks. The company will manage risks to an acceptable level (Risk Appetite) or will deviate no more than the level the company deems acceptable (Risk Tolerances). To foster this mindset, the company must promote a Risk Management Culture to create an understanding of awareness and shared responsibility regarding risks among both management and employees.

Risk Management Process

The company continuously evaluates and monitors risk issues, considering both internal and external factors that may impact the company's operations in all aspects. The company's risk management process is designed to be systematic and comprehensive to effectively identify, analyze, and manage risks, aiming to keep risks at an acceptable level.

The company recognizes the importance of appropriate risk management to support business operations in alignment with the company's strategy, objectives, and goals, while also promoting long-term stability and sustainability. This process consists of 8 steps, as follows:

1. Strategy and Objective Setting

Define strategies and objectives for the operations of all departments, and ensure that employees set clear business strategies, objectives, or work goals that align with policies, targets, strategies, and acceptable risks.

2. Identifies Risks

Responsible department heads and employees should understand the risks, identify potential risks arising from both internal and external factors, which could be events that have either positive or negative impacts on achieving objectives.

3. Assesses Severity of Risk

Department heads and employees should assess the risks based on the likelihood of an event occurring and the severity of the impact that the event may have.

4. Prioritizes Risks

Department heads and employees should prioritize and manage risks based on urgency. High-risk activities critical to achieving strategies and objectives should be addressed first, followed by high-risk activities of secondary importance.

5. Implements Risk Responses

Department heads and employees should consider effective and efficient risk management methods, taking into account acceptable risk levels, costs, and benefits. Risk responses may involve using one or more strategies to reduce the likelihood or severity of potential events.

6. Develops Portfolio View

Department heads and employees should develop risk management by integrating risk factors and relationships across departments, creating a shared risk management database.

7. Review and Revision

Department heads and employees should ensure ongoing risk monitoring and review of risk management performance. Any necessary adjustments should be made to ensure effective risk management across all levels of the company. Risks that significantly impact the achievement of company objectives should be reported to responsible parties.

8. Monitoring and Evaluation

Department heads and employees should establish regular monitoring and review of risk management, communicate risk information collaboratively, and report on risk management to the executive committee.

This is to ensure that the corporate governance system aligns with best practices, regulations, and oversight requirements. To keep the risk management policy up-to-date and suitable for current situations, the policy should be reviewed at least annually.

Business Continuity Plan (BCP)

The Business Continuity Plan (BCP) is designed to enable various departments in the company to respond and operate effectively during crises or emergencies, whether caused by natural disasters, accidents, or malicious activities targeting the organization. The goal is to ensure that these crises do not disrupt business operations or prevent the company from continuing its activities. If the organization lacks a response process during a crisis or emergency, it could negatively impact departments and stakeholders in various aspects such as economics, service delivery, society, community, environment, as well as public safety and property.

Therefore, developing a Business Continuity Plan is essential for helping the organization cope with unexpected emergencies and ensuring that critical business processes can resume to normal or predetermined service levels. This will help minimize the severity of the impact on the organization.

To address the uncertainty of such situations and maintain business continuity, the company conducts risk analysis, prioritizes risk issues, and systematically plans for risk management. Additionally, the BCP is tested through simulation events to gather results for plan improvement, review personnel capabilities, and assess the plan's effectiveness in responding to crises.

The management process includes the following steps:
  • 1
    Assessing the impact of a crisis: Preparing for and being ready to respond to any potential situation, ensuring that business operations can continue uninterrupted.
  • 2
    Establishing a Business Continuity Management Team: To ensure the BCP is executed effectively with clear responsibilities, minimizing duplication in addressing crises.
  • 3
    Analyzing business impacts: Prioritizing the impacts and identifying critical processes that need immediate attention to restore normal operations as quickly as possible.
  • 4
    Emergency notification process (Call Tree): Notifying the BCP team members to ensure accurate and consistent information, allowing each member to prepare and respond to crises systematically with clear responsibilities.
  • 5
    Business continuity and recovery plan: Restoring the situation to normal or pre-crisis conditions as quickly as possible.
  • 6
    Review and improvement of the BCP: Management is responsible for updating the Business Continuity Plan annually to improve its effectiveness and ensure it stays relevant to current circumstances.
Crisis or Emergency Management

The Business Continuity Plan (BCP) is designed to address situations of crises or emergencies that may occur within office areas or departments. The company must prepare plans in advance to be ready to respond to any potential scenario at all times, ensuring that departments can continue their business operations. The company has considered the following potential impacts:

Flooding
Flooding
Fire Incidents
Fire Incidents
Power Outages
Power Outages
Protests / Riots
Protests / Riots
Terrorist Activities
Terrorist Activities
Pandemics / Severe Contagious Diseases
Pandemics / Severe Contagious Diseases
Crisis or Emergency Management
Click to Enlarge
Key Business Functions Management

To effectively respond to emergency situations and potential disasters, the Company has established a set of guidelines for managing key business functions. These guidelines aim to ensure continuous business operations in a professional, timely, and efficient manner, even in changing or unforeseen circumstances. The Company has outlined the following key measures:

1. Point of Sale (POS) System

The POS system is a critical business process as it serves as the primary tool for receiving payments for goods.

  1. 1.1 Provide staff training on manual sales and payment processing procedures in situations where the POS system is unavailable.
  2. 1.2 Backup POS sales data to a secondary server.
  3. 1.3 Develop a daily sales summary form in Excel format to collect and manage sales data systematically, enabling effective retrospective review.
2. Inventory Management System

This includes the product planning process, procurement, warehousing, and logistics.

  1. 2.1 The Sales and Product teams must plan weekly product demand forecasts and manage inventory levels according to designated minimum and maximum stock thresholds. This ensures product availability and prepares for temporary supply chain disruptions during emergencies.
  2. 2.2 Branch staff must record transactions on stock cards to monitor inventory inflows and outflows, especially when the POS system is unavailable, in order to prevent product loss.
  3. 2.3 The Product team must identify and prepare 1–2 backup warehouses and logistics providers in addition to existing partners, to mitigate risk from logistics disruptions.
3. Sales Channels
  1. 3.1 Maintain a consistent presence and readiness of online sales channels to ensure continued product availability to customers if physical branches are unable to operate.
4. Accounting and Finance System
  1. 4.1 Establish a plan to back up financial and accounting data on the cloud or secondary servers to prevent data loss.
  2. 4.2 Create contingency plans for managing payments to suppliers during emergencies.
  3. 4.3 The Accounting and Finance team must be prepared to advise branch staff on alternative payment procedures for products and services when standard processes cannot be followed during emergencies.
5. Customer Service and Help Desk
  1. 5.1 Headquarters and branch staff must communicate and monitor emergency situations closely to ensure accurate and consistent updates, enabling them to promptly and correctly inform customers.
  2. 5.2 Prepare skilled personnel with professional communication and listening abilities to effectively address customer inquiries and reduce potential misunderstandings.
6. Human Resources Management System
  1. 6.1 Develop a time-recording plan for staff during emergency situations.
  2. 6.2 Maintain a routine check of staff numbers and statuses to ensure employee safety and readiness for immediate support during critical events.
  3. 6.2 Establish an additional backup payroll disbursement method in case the standard payroll system is temporarily unavailable.

Sustainability Risk Management

In today's world filled with volatility — whether rapid economic changes, climate uncertainty, technological advancements, or increasingly severe cyber threats — organizations must face risks that are more diverse and complex than ever before. Risk management is therefore not merely a tool for mitigating potential risks, but also a critical component of good corporate governance that reflects an organizational culture committed to transparency, accountability, and long-term sustainability. Risk management in the modern era must be comprehensive, systematic, and accountable — not only responding to potential events, but also emphasizing anticipation and proactive management, while considering impacts on stakeholders across all dimensions. Organizations with strong governance view "risk" as a strategic decision-making tool to build confidence and shared value.

JMART integrates the principles of good corporate governance and sustainable business operations with risk management. The organization manages risk under the Enterprise Risk Management (ERM) approach in accordance with the COSO Framework, covering relevant risks across strategic, financial, operational, and legal dimensions, as well as sustainability risks and emerging challenges — such as climate change, global regional security situations, technology, and increasingly severe cyber threats. The Company places importance on appropriate risk assessment to enable it to comply with its policies and vision in driving the organization toward achieving its strategic goals. The Company has integrated risk management into its corporate governance system by establishing dedicated risk oversight committees, along with defining clear policies and practices to address challenges arising from economic, social, and environmental factors that the organization may encounter in its business operations.

Risk of Personal Data Breach and Non-Compliance with PDPA

JMART Group faces risks from personal data breaches and non-compliance with PDPA legislation, as it collects, uses, discloses, and processes large volumes of data belonging to customers, debtors, members, tenants, service users, and employees across multiple systems and business units — increasing the complexity of access control and data management. Internal data sharing within the Group without clear guidelines, reliance on external service providers, employee errors, cyber threats, and changes in legal requirements may lead to data leakage, use of data beyond its intended purpose, or non-compliance with regulations, resulting in reputational damage, loss of confidence, and exposing the Group to legal risks and financial penalties.

Risk Management Approach

  • Establishing a Group-level personal data governance framework covering policies, roles and responsibilities, and data usage guidelines
  • Enhancing access control and information system security
  • Overseeing service providers and business partners to ensure strict PDPA compliance
  • Strengthening employee awareness and preparing for data breach incidents
Risk of Shortage of Personnel with Specialized Skills and Experience

JMART Group faces risks from the shortage and retention of highly skilled personnel essential for business operations and long-term strategy execution, particularly in positions requiring specialized expertise. Competition in the labor market and rapid technological and regulatory changes make the recruitment, development, and retention of personnel increasingly challenging.

Meanwhile, resignations in key positions or over-reliance on key personnel may affect work continuity and knowledge transfer. Additionally, the business diversity across companies within the Group leads to inconsistent skill levels and work standards, which may impact operational efficiency, personnel costs, and the Group's capacity for sustainable growth.

Risk Management Approach

  • Developing a Group-level human resources strategy, defining critical skills and workforce plans aligned with business direction
  • Enhancing personnel development and retention through Upskilling/Reskilling and succession planning for key positions
  • Strengthening motivation and improving work processes through technology to increase efficiency and reduce reliance on key personnel
Climate Change Risk

JMART Group faces risks from climate change across physical impacts, the transition to a low-carbon economy, and related changes in laws and regulations. Extreme weather events and increasing variability — such as flooding, heatwaves, and storms — may affect assets, business premises, the safety of employees and service users, as well as operational continuity. Meanwhile, the transition to a low-carbon economy and increasingly stringent climate requirements may affect cost structures, investment, data collection and disclosure, and competitiveness.

And the organization's reputation. Policy uncertainty, regulatory measures, and the expectations of investors and stakeholders further increase the complexity of business planning and long-term risk management. If the Group is unable to adapt its strategies, systems, and operations in alignment with the changing context in a timely manner, this may impact revenue, increase the burden of expenses, and affect the Group's capacity for sustainable growth.

Risk Management Approach

  • Regularly monitoring and assessing climate change risks — covering physical impacts, the transition to a low-carbon economy, and legal requirements — and incorporating assessment results to appropriately adjust strategies and business plans
  • Developing and reviewing business continuity plans, strengthening assets and infrastructure, and improving energy and resource efficiency to reduce long-term operational impacts and costs
  • Integrating climate issues into strategic decision-making and investment, developing data systems, governance, and disclosures in alignment with relevant standards and requirements, while transparently communicating progress to stakeholders
Human Rights Risk

JMART Group faces human rights risks arising from business operations involving employees, customers, business partners, and stakeholders throughout the value chain. These may stem from unfair practices, violations of labor rights, privacy rights, or supplier operations that are inconsistent with human rights principles. Such risks may affect reputation, stakeholder confidence, and give rise to legal and operational risks in the long term.

Risk Management Approach

  • Establishing Group-level human rights policies and commitments in alignment with international principles, and communicating these to employees and business partners throughout the value chain
  • Systematically conducting Human Rights Due Diligence (HRDD) processes to identify, prevent, and mitigate potential impacts arising from the organization's and suppliers' operations
  • Providing accessible complaint and remedy mechanisms, while promoting human rights knowledge and awareness within the organization
Corruption Risk

JMART Group faces corruption risks arising from business operations involving suppliers, agents, and multiple internal units, which may give rise to bribery, conflicts of interest, or abuse of authority. Such risks may affect the organization's transparency, reputation, and credibility, as well as cause financial damage and legal risks if internal control and governance systems are insufficient.

Risk Management Approach

  • Establishing Group-level anti-corruption policies and frameworks covering executives, employees, and business partners
  • Strengthening internal control, approval, and audit systems, while appropriately managing supplier-related risks
  • Promoting an ethics-based organizational culture and providing complaint mechanisms with whistleblower protection
Risk of Responsible Lending and Financial Fairness

JMART Group operates businesses related to financial service access, product installment payments, non-performing debt management, and commercial real estate development linked to consumers and small business operators. The risk of responsible lending and financial fairness arises from credit consideration processes, terms and conditions, interest rates, fees, or debt collection processes that may not be consistent with the principles of fairness, transparency, and customers' repayment capacity. Such risks may give rise to legal, reputational, and financial impacts on the Company, as well as affecting financially vulnerable customer groups — particularly in the current context where Thailand has high household debt levels and the economy has not yet fully recovered — making it essential to operate strictly under the principles of responsible lending.

The risk of responsible lending and financial fairness arises from environmental factors across economic, regulatory, and business competition dimensions. High household debt levels and weak purchasing power leave customers with multiple debt obligations and reduced repayment capacity, increasing the likelihood of defaults. Meanwhile, increasingly stringent oversight from government agencies and improvements to consumer protection laws may affect business operating conditions and increase compliance burdens. In the mobile phone and technology product retail business involving installment payments, risks arise from presenting installment programs that customers do not fully understand, inadequate assessment of repayment capacity, and promotional communications that may create misunderstandings. If customers become overburdened with debt, this may affect brand reputation and confidence.

Risk Management Approach

  • The JMART Group establishes a financial fairness governance framework and conducts regular oversight to ensure that subsidiaries operate transparently, fairly, and in compliance with relevant laws and regulations
  • Establishing policies on consumer protection and business ethics, overseeing compliance with relevant regulatory laws and requirements, providing a Group-level complaint handling and follow-up system, and regularly reporting risk status to the Board of Directors
  • Monitoring complaint indicators and customer satisfaction metrics
  • Establishing processes for transparent presentation of financial terms, reviewing the appropriateness of responsible lending, training employees on fair communication, and preparing summary documents of key terms and conditions for communication to relevant parties

Emerging Risk Management

Risk of Adopting Artificial Intelligence (AI) Technology Without Adequate Governance Framework

JMART Group faces risks from the adoption of Artificial Intelligence (AI) technology in business operations without a clear and systematic governance framework, which may give rise to risks related to data governance, privacy, accuracy and fairness of AI-generated outcomes, as well as accountability for decisions made through the use of such technology. These risks may impact compliance with relevant laws and regulations, customer and stakeholder confidence, and the Group's long-term reputation.

The development and deployment of AI is rapidly increasing across multiple processes within JMART Group, spanning data analysis, marketing, customer service, and business decision support. Without clear policies and practices, fragmented and inconsistent AI usage across different business units may occur. Furthermore, the risk of using personal or sensitive data in AI systems without adequate controls may lead to violations of personal data protection laws. Inaccuracies or biases in AI-generated outcomes may also result in unfair decisions or outcomes that are inconsistent with ethical principles and societal expectations. Meanwhile, AI legal frameworks and practices that are still under development in many countries create uncertainty around regulatory compliance and organizational reputational risks.

Risk Management Approach

  • Establishing a Group-level AI governance framework to define principles, scope, and responsibilities for usage in alignment with laws, ethics, and organizational strategy
  • Managing data and privacy risks by establishing control measures for data usage within AI systems in compliance with relevant laws and standards
  • Controlling the quality and transparency of AI usage — particularly in decision-making processes that affect stakeholders — to ensure accuracy, fairness, and explainability
  • Promoting knowledge and responsible AI usage, while monitoring and updating guidelines in accordance with evolving regulations
Geopolitical Risk and Global Economic Uncertainty

The JMART Group faces risks from geopolitical volatility and global economic uncertainty, which may cause rapid changes in interest rates, inflation, exchange rates, and financial costs, as well as affecting consumer, investor, and overall business confidence. Such risks are macroeconomic in nature, with cascading effects on purchasing power, consumer behavior, cost of capital, liquidity, and credit risks of debtors, business partners, and tenants — potentially impacting investment, portfolio management, cash flow management, and the Group's ability to achieve its growth targets.

An economic slowdown may lead to declining sales of goods and services — particularly high-value products — while rising capital costs and financial market volatility may increase financial burdens and impact investment plans. Furthermore, economic system fragility may heighten default risks, affecting portfolio management efficiency and liquidity, as well as supply chain volatility and the financial health of tenants, which may impact profitability and business expansion decisions going forward.

Risk Management Approach

  • Regularly monitoring and assessing macroeconomic risks by considering interest rate trends, inflation, purchasing power, and debt quality, to adjust strategies and business plans accordingly
  • Prudently managing liquidity and capital structure to accommodate financial cost volatility and support operations during periods of economic uncertainty
  • Reviewing investments and business expansion with consideration of acceptable risk levels, while closely managing credit, debtor, and business partner risks
  • Improving operational efficiency and controlling costs to maintain profitability amid economic volatility
Discover the latest in ESG practices shaping a brighter future.
See latest sustainability report