Page 74 - EXIM_AR2021
P. 74
72 ENHANCING EXIM BANK MALAYSIA
GOVERNANCE
STATEMENT OF
RISK MANAGEMENT
Management Committees
Management Audit, Risk a. Responsible for monitoring and reviewing the management of key and emerging risk of
and Compliance Committee the Bank. This includes review the framework, policies, risk appetite as approved by the
(MARCC) Board, procedures, adequacy of internal control and systems as well as review the new
product or material variation to existing product offering.
b. The MARCC, if deemed appropriate, to recommend to the BRC for review and subsequent
approval at the Board.
Management Credit Committee Responsible to review, deliberate and approve the new and renewal of loan/financing/credit/
(MCC) insurance related proposals including recovery, restructuring, and rescheduling proposals as
prescribed in the Approving Authority and Authority Limits.
Assets and Liabilities Responsible to oversee the overall asset and liability management (ALM) including endorsing
Committee (ALCO) the appropriate strategies for ALM, deliberation on net interest income (NII) performance and
ensuring that all ALM risks remain within the risk appetite set by the Board.
Information Technology a. Responsible to provide oversight on Information Technology (IT) governance and to
Steering Committee (ITSC) formulate the IT strategic plans in ensuring that IT is capable in supporting the Bank’s
strategic business plans.
b. This includes monitoring and deliberation on any new IT regulations that may have an
operational impact to the Bank. The ITSC, if deemed appropriate, to recommend to the
MARCC and BRC for review and further approval at the Board.
The Three Lines of Defense model is adopted by the Bank as follows:
Line of Defense
First Line Business units and functional lines are responsible and accountable for identification, reporting and mitigating
the risk exposures through agreed monitoring and reporting tools.
Second Line a. Second line of defense shall remain well-defined, effective and independent from business and operational
decisions.
b. Compliance Department (CD) and the Risk Management Division (RMD) within the second line of defense
shall be knowledgeable and competent in performing the compliance and risk management functions. They
provide constructive challenge to the business units and functional lines in the way the risks are managed.
c. They shall be equipped with adequate resources and support to perform the risk management roles with
unlimited access to internal system and information.
d. Regular communication with the first line of defense is in place for effective compliance and risk management
across the Bank.
Third Line a. Conduct the periodic review of its risk management processes to ensure its integrity, accuracy, and
reasonableness as well as to provide assurance on the Bank’s overall compliance to the applicable laws,
regulations, internal policies, procedures, and limits.
b. Close interaction of the Audit and Assurance Department (AAD) with the second line of defense in escalating
the risk issue and effective controls and compliance to the risk management Bank-wide.
c. This includes to follow through and follow up on the action plans on risk findings prior to the submission to
the relevant authorities.
