Page 75 - EXIM_AR2021
P. 75

ANNUAL REPORT 2021   73












            RISK MANAGEMENT PROCESSES

            The following is a summary of the Risk Management Processes:



                                                                             Risk
                         Risk                      Risk                 Measurement,                  Risk
                     Identification            Assessment              Treatment and             Monitoring and
                                                                                                    Reporting
                                                                           Control



                                                     Risk Management Processes

             Risk           a.  Identify the key primary enterprise risk exposures including credit risk, operational risk, Shariah
             Identification    non-compliance risk, market risk, liquidity risk, information and cyber security risk and compliance risk as
                               well as any emerging risks that may potentially impact the Bank significantly.
                            b.  Classify the risk exposures in accordance to its risk characteristics i.e impact (example: internal or external,
                               material or non-material, financial or non-financial impact, impact on current or future position) and
                               likelihood of the risk materialising.
             Risk           a.  Regular assessment on the effectiveness of the Bank’s management of risk.
             Assessment     b.  Continuous assessment on the risks together with the measurement for potential impact of the risk
                               exposure such as the estimated credit loss computation using the Probability of Default (PD), the Loss Given
                               Default (LGD) and the Exposure at Default (EAD) on the Bank’s credit exposures and the assessment for loss
                               event of the Bank’s exposures to operational risk and the effectiveness of the internal controls.
                            c.  Periodic assessment through the agreed risk methodology and relevant tools such as Risk and Control
                               Self-Assessment (RCSA), Key Risk Indicator (KRI) and Key Control Testing (KCT).
             Risk           a.  Establishment of proper controls and limits.
             Measurement,   b.  Proper coordination and communication for effective risk management between the business and functional
             Treatment and     lines.
             Control
                            c.  Evaluation for the effectiveness of the risk mitigation plan or strategy provided.
                            d.  Constructively challenge the assessments produced by the business lines.
                            e.  Ensure the risk information is captured timely and relevant for further escalation and reporting for
                               management and Board’s oversight and decision.
             Risk           a.  Identify and specify the internal and external requirements of monitoring and reporting.
             Monitoring     b.  Monitor and escalate any breaches of risk limits and ensure the proposed risk mitigation implemented are
             and Reporting     effective in managing the risk exposures back within the risk limit and specific time frame.

                            c.  The risk reporting systems shall be accurate, dynamic and comprehensive.
   70   71   72   73   74   75   76   77   78   79   80