ifast corporation logo

Corporate Governance & Risk Management

Corporate Governance

iFAST Corp recognises the importance of maintaining good corporate governance and is committed to the highest standards of accountability to protect and enhance the interests of our shareholders.

The Group’s Corporate Governance Report sets out iFAST Corp’s key corporate governance practices, and adheres to the core principles of the Code of Corporate Governance 2018. To the extent that the Group’s practices may vary from the provisions of the Code, iFAST Corp has explained how its practices are consistent with the intent of the relevant principles of the Code.

The Group’s Corporate Governance Report is updated annually. Unless otherwise stated in the Corporate Governance Report, the practices were in place for the financial year ended 31 December 2020.

View our latest Corporate Governance Report

Risk Management

Risk management is critical to iFAST Corp’s ability to provide long-term value to its clients and stakeholders. As iFAST Corp and its subsidiaries (collectively, the “Group”) operate in a highly regulated industry, the Group has established risk management policies and frameworks to assess and resolve pre-identified risk factors, while remaining vigilant in identifying issues which may become potential risks and formulating pre-emptive measures against them.

Our Risk Management Approach

iFAST Corp’s Risk Management Framework analyses risk management strategically from the perspectives of the entire organisation. It comprises both top-down and bottom-up approaches to tackle risk:

  • Top-Down: Identification of material risks that have a high probability of impacting business objectives and strategy

  • Bottom-Up: Zooming in on details such as the operational processes, mitigating measures and controls that are developed and implemented to reduce the Group’s risk exposure to an acceptable level within its risk appetite

Risk Management Framework
The Group’s Risk Management Framework is depicted below:

Developing a risk-aware culture is the foundation upon which an effective risk management framework is built upon. iFAST Corp acknowledges that developing a risk-aware culture amongst its employees is a continual and incremental effort, and does so through active communication. iFAST Corp also promotes a “blame-less” culture to encourage its employees to sound out promptly when issues arise so that they can be quickly resolved and measures put in place to mitigate future occurrence.

Under the framework, the various risk and control oversight functions work with the business and support units to identify and assess the risks inherent in their processes. The business and support units would implement automated and/or manual controls to mitigate or eliminate their risk exposures. Such control is monitored by the risk and control oversight functions to ensure that the risks are managed within the risk appetite determined by the senior management and approved by the Board of Directors (the “Board”). In the event where risk events occur, these would be reported and escalated to the appropriate authority for prompt remediation. Risk reports are submitted to Senior Management and the Board on a regular basis to keep them apprised of the Group’s risk profile.

Risk policies are developed to convey the fundamental principles of how risks in the various risk categories (e.g. regulatory risk, technology risk, operational risk) are treated. The effectiveness of risk policies, procedures, framework, strategies and appetite are reviewed periodically and where necessary, are improved, to ensure that they remain sound and relevant.

Risk Governance

The Group’s responsibility for risk management begins with the Board overseeing a governance structure that is designed to ensure that the risks are:

  1. Consistent with the corporate strategy and within the established risk appetites;

  2. Well-understood and supported by robust risk management process;

  3. Diligently identified, assessed, reported, measured, managed, and monitored within bespoke limits; and

  4. Supervised by control function with adequate resources, authority and expertise.

The below committees and functions are formed to assist the Board to ensure that the risk management framework is implemented:

  1. Board Risk Committee (BRC): The BRC is the delegate committee for the Board of Directors, which oversees the establishment of enterprise-wide risk management policies and processes, and advises the Board on the current risk exposures and future risk strategy of the company.

  2. Management Risk Committee (MRC): The MRC reviews and monitors the Group’s risk management strategy and its risk appetite and profile, and makes recommendations on risk management strategy, resources allocation, and risk appetite/profile to the BRC.

  3. Risk Department: Comprising the Compliance, Risk Management and Technology Risk teams, the Risk Department is responsible for the monitoring and reporting of the controls in the various risk areas, and conducts periodical testing to assess the effectiveness of the controls in place.

The Group adopts the Three Lines of Defence model in its governance of risk to ensure that appropriate checks and balances are in place:

First Line of Defence – Risk Owner
As the primary functions executing its processes, the Business and Support Units are the risk owners of their processes and are responsible for the implementation of controls to mitigate the risks identified.

Second Line of Defence – Risk Oversight
The Risk Department, led by the Group’s Chief Risk Officer, serves as the second line of defence to monitor and ensure that the first line has implemented their risk controls, and conduct audits to evaluate the effectiveness of the risk controls in mitigating the risks. The independence of the second line from the first line of defence ensures that the appropriate checks and balances are in place.

Third Line of Defence – Independent Audit
The Independent Audit, comprising both the Internal Audit department and External Audit firms, provides independent assurance to the Board and Senior Management on the effectiveness of the risk management frameworks in place.

Risk Appetite

iFAST Corp’s risk appetite defines the level and nature of risks that the Group is willing to take on in pursuit of its business objective, taking into consideration the interests of key stakeholders. The purpose of developing risk appetite is to provide governance to ensure that the Group’s activities are operated within the risk boundary.

The Group’s risk appetite takes into account a spectrum of risk types including but not limited to financial risk, regulatory risk, technology risk and operational risk. Quantifiable risk types are controlled using risk thresholds and limits, and are implemented using formal frameworks, policies and procedures. As for non-quantifiable risk types, these are controlled using qualitative principles.

The Group’s risk-taking approach is focused on activities and businesses that are well understood and where there is sufficient expertise, resources, and infrastructure to effectively measure and manage the risk involved. The Group has a low appetite for reputational, legal and regulatory risks. All employees are responsible for understanding the limits and other boundaries that apply to the activities in their areas of responsibility.

Material Risks

Through the risk management processes, material risks which have a significant impact on the Group are identified. Policies and guidelines have been developed to better assess and mitigate such risks. The material risks are listed in the table below:

Risk Description
Technology Risk Potential risk arising from technology failures that may disrupt business operations, including information security incidents or service outages.
Regulatory Risk The risk that arises from violations of laws, rules or regulations, or from non-compliance with internal policies or procedures, or with the organisation's business standards.
Financial Risk The risk of loss in the Group’s investment activities. This includes, amongst others, market risk, credit risk and liquidity risk.
Operational Risk The risk of loss resulting from inadequate or failed internal processes, people, systems, or external events that can disrupt the flow of business operations. Potential loss may be in the form of financial loss or other damage.
Business and Strategic Risk The risk arising from events or decisions that could potentially stop an organisation from achieving its goals. For example, Business Obsolescence Risk, Keyman Risk, Macroeconomic/ Geopolitical Risk etc.
Environmental, Social and Governance (ESG) Risk The risk brought about by environmental, social and governance issues that could negatively impact the sustainability of the Group’s business operation.

Policies and Guidelines

Board Diversity

iFAST Corp’s Board Diversity Policy recognises diversity as essential to providing better support to the Group to achieve its strategic objectives for long term sustainable development. The Group believes that having a diverse Board will enhance the decision making process of the Board through perspectives derived from the various skills, industry and business experiences, gender, age, tenures of service and other distinctive qualities of the Directors. The Board is able to exercise independent judgement on corporate affairs and provide Management with a diverse and objective perspective on issues. Each Board member brings independent judgement, diversified skills, knowledge and experience when dealing with issues of strategy, performance and standards of conduct. They also provide core competencies of accounting, finance, legal, business and management experience, industry knowledge, strategic planning experience, and customer-based experience or knowledge with their pattern-recognition skills. This is beneficial to the Group and Management as decisions by the Board would be enriched by a broad range of views, perspectives and experiences of the Directors.

The Board is of the view that an effective blend of skills, experiences and knowledge in areas identified by the Board should remain a priority. While the Group aims to ensure that women have at least one seat on the Board, it will not compromise on qualifications, experience and capabilities. The final selection will be made in a fair and non-discriminatory manner.

Code of Conduct

iFAST Corp expects a high standard of behaviour and conduct from its employees at all times to safeguard the Company’s reputation and interests. In line with this expectation, the Group has adopted a Code of Conduct that applies to all its employees to ensure that they carry out their duties and responsibilities to the highest possible standards of personal and corporate integrity.

The Group understands that ethical business conduct requires clear and direct communication of behavioural expectations. Therefore, the Code comprises of principles and values that will guide employees on areas such as professional integrity, duty of confidentiality, mitigating conflicts of interest and how to carry out fair dealing.

Our principles and standards will apply to all employees including temporary and part time employees. It is the responsibility of every employee to comply with the Code and no waiver of any provision shall be granted to any employee. Failure to comply can result in disciplinary action, including termination of employment.

Anti-Corruption & Bribery

As an organisation fully committed to the prevention of financial crimes, iFAST Corp has zero tolerance to all forms of bribery and corruption, and strives to conduct its business activities ethically and with high standards of integrity.

In line with this commitment, iFAST Corp has established policies and procedures, which key aspects include, amongst others, controls and monitoring, due diligence, gift and entertainment and reporting requirements. All employees are required to comply with the Code of Conduct embedded in the Employee Handbook, which includes anti-bribery and anti-corruption provisions. iFAST Corp regards bribery and corruption as a serious matter, and any non-compliance may lead to disciplinary action, up to and including termination of employment.

Anti-Money Laundering/Countering the Financing of Terrorism

iFAST Corp places great emphasis on integrity and good governance and is committed to the highest standards of Anti-Money Laundering and Countering the Financing of Terrorism in order to maintain the Company’s integrity against financial crime.

iFAST Corp has in place policies, procedures and controls to combat attempts and mitigate risks associated with money laundering and terrorists financing or circumvention of sanctions and predicate offences. These policies, procedures and controls form part of the workflow of various business units, and the Compliance team is to govern and monitor the effectiveness of these implementations.

The Group is committed to review the measures it has put in place annually, or upon trigger events, to ensure that they remain relevant and up-to-date.


iFAST Corp takes a holistic and proactive approach towards cybersecurity, and is committed to a culture of security to protect the interests of its stakeholders, including customers, employees, business partners and the Company.

iFAST Corp has established a Technology Risk Framework to monitor emerging risk and ensure control measures are implemented adequately and effectively. The Group understands the importance of adopting and integrating cybersecurity best practices developed by organisations such as the International Standardisation Organisation and the National Institute of Standards and Technology. The Group’s cybersecurity measures and controls are regularly audited by internal teams and external agencies to ensure that audit observations are promptly addressed.

The Group has invested time and resources as well as creative talent to combat the ever-evolving, increasingly sophisticated cyber threat landscape. iFAST Corp continues to work closely with its partners to evaluate and bring on board new security technologies to harden its security and cyber defenses.

The Group takes a proactive stand when it comes to the provision of technological risk training, and regularly sends members from its IT security operations and technology risk team for cybersecurity-related conferences and training courses. iFAST Corp’s cybersecurity team members have attained globally recognised cybersecurity certifications and are required to meet 40 hours of continuing professional education annually. The Group has also established a comprehensive cybersecurity programme to strengthen employees’ knowledge and awareness on cybersecurity related issues through providing regular updates and guides on how to deal with emerging and prevailing cyber threats.

Fair Dealing

iFAST Corp is committed to sustainable business practices that are supported by a range of initiatives. Fair dealing is about conducting our business in a transparent and ethical way that enhances value for all of our stakeholders and delivers fair dealing outcomes to our customers.

Fair dealing is central to the Group, its senior management and its board of directors. They are committed to aligning the direction of iFAST Corp with fair dealing outcomes to all stakeholders. We recognise that this is a journey and best practice is continuously evolving.

Preventing Fraud

iFAST Corp is committed to the prevention of scams and frauds to safeguard both its employees’ and clients’ privacy and safety. The Group is cognisant of the importance of educating its employees and clients on the potential risks of scam and fraud, and providing guidance on dealing with any irregularity or suspected irregularity.

In light of the rise in online scams and frauds globally in recent times, iFAST Corp is dedicated to regularly educate and update its clients on investment scams, while reminding them to stay vigilant and exercise caution when approached with investment opportunities that claim to be from the Company.

View our Security Advisory


iFAST Corp has established whistle-blowing policies as avenue for employees and external parties to raise concerns about possible improprieties in matters of financial reporting or other matters. The policies encourage employees and external parties to raise concerns, in confidence, whether anonymously or otherwise, about possible irregularities.

Employees’ whistle-blowing policy and procedures are disclosed and clearly communicated to all employees of the Group. Employees’ complaints should be made to the Lead Independent Director, Chairman of AC or CEO directly, in which case the CEO will report the complaints received to the Lead Independent Director and Chairman of AC without delay. iFAST Corp has a well-defined process which ensures independent investigation of such matters and the assurance that employees will be protected from reprisals, within the limits of the law. The Lead Independent Director, Chairman of AC or CEO will forward the complaints to the Company Secretary for record purposes.

Complaints from external parties are received through a dedicated email address as detailed in the External Whistle-Blowing Policy published on the Group’s website. Complaints and reports received in the dedicated email address are directed to Internal Audit Department for review and follow-up actions. The Group recommends the whistle-blower to be detailed in setting out the background and history of events and reasons for concern to ensure disclosure and complaints may be properly handled and investigated. Investigation findings are reported to Audit Committee.

Investor Relations

iFAST Corp is committed at all times to disclose and distribute all information to the public in full and in a timely and accurate manner, in accordance with the listing rules stipulated by the Singapore Exchange Securities Trading Limited and the Singapore Code of Corporate Governance 2018.

The Group’s Investor Relations policy aims to ensure all investors are able to access information of the Company, including Company's business strategies and updates, stock and financial performance, corporate management and governance and etc., in a timely manner, as well as in clear and plain language.

View our Investor Relations Policy