PBCOM’s enterprise risk management system is built on the concepts of an internationally-accepted model and a range of best practices to ensure continued business growth through an objective approach to risk-taking. The Bank applies risk management across the entire organization — from the Board of Directors, Senior Management, Business Segments and Groups, Business Centers, support units, and to individual employees; as well as in specific functions, programs, projects and activities. The implementation of the Enterprise Risk Management Framework contributes to strengthening the Bank’s management practices, decision making and resource allocation, and increasing shareholder value; while protecting the interest of its clients, maintaining trust and confidence, and ensuring compliance with regulations. The Framework is composed of Risk Governance, Enterprise Risk Management Process and the Bank’s Risk Culture.

GRC is the general term encompassing PBCOM’s approach to corporate governance, enterprise risk management and corporate compliance with applicable laws and regulations.  

• Corporate Governance – The system whereby shareholders, creditors, and other stakeholders of PBCOM ensure that Management enhances the value of the Bank as it competes in an increasingly global market place. It is the framework of rules, systems and processes in and of PBCOM that governs the performance by the Board of Directors and Management of their respective duties and responsibilities to the stakeholders.
• Risk Management – The process, effected by PBCOM’s Board of Directors, Management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the Bank, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of the Bank’s objectives. It also refers to the architecture that is used to manage risk; that includes risk management principles, a risk management framework and a risk management process.
• Compliance – Adherence to applicable laws, regulations, directives, rules of professional conduct and related or similar matters. 

The interrelated functions primarily involved in the implementation of the PBCOM’s Governance, Risk and Control system are Compliance Group, Internal Audit Group and Enterprise Risk Management Group. 

• Identify, measure, manage and control risks inherent in PBCOM's activities or embedded in its portfolio.
• Define and disseminate risk management philosophy and policies.
• Assist risk-taking business and operating units in understanding and measuring risk/return profiles.
• Develop a risk management infrastructure that includes policies and procedures, organization, limits and approval authorities, MIS and reporting, systems and risk models.
• Promote a risk awareness and strong "control culture" in PBCOM.

PBCOM’s ERM structure starts from the tone-setting Board of Directors, through its Risk Oversight Committee (ROC), and down to the business lines. The Enterprise Risk Management Group (ERMG) is the arm of the ROC which facilitates the design and implementation of the risk management system. The ERMG itself is organized into units, supported by risk management sub-frameworks, which coordinate with all banking units through its main operating segments.

The Risk Oversight Committee (ROC) assists the Board of Directors in the effective discharge of its function in overseeing the enterprise risk management program of the Bank.
The Risk Oversight Committee has the responsibility to:
A. Review and recommend for approval by the Board of Directors PBCOM's written enterprise risk management program to identify, measure, monitor and control its risks. 
B. Review reports on risk exposures, recommend necessary actions and communicate enterprise risk management plans to concerned segments and groups to address or reduce the risks;
C. Report to the Board of Directors significant matters concerning PBCOM’s risk exposures including any BSP examination findings on unsafe and unsound banking practices; and actions taken to manage those risks;
D. Recommend a system of risk limits and authorities for approval by the Board, and any necessary changes to these limits and authorities;
E. Establish a monitoring system to ensure that limits set are observed and that immediate corrective actions are taken whenever limits are breached;
F. Evaluate the magnitude, direction and distribution of risks across the Bank and its subsidiary;
G. Ensure that business units provide for ongoing review and validation of the adequacy and soundness of risk management policies and practices;
H. Create and promote an enterprise risk culture that requires and encourages the highest standards of ethical behavior by risk managers and risk-taking personnel.