Page 76 - EXIM_AR2021
P. 76

74    ENHANCING      EXIM BANK MALAYSIA
                GOVERNANCE

          STATEMENT OF

          RISK MANAGEMENT





          RISK AND COMPLIANCE CULTURE

          The Bank has implemented the Designated Compliance and Operational Risk Officer (DCORO) programme for effective compliance
          and risk management activities by departments/divisions to cultivate positive risk and compliance culture across the Bank.

          The DCOROs identify, document, and assess the compliance risk as well as to review the operational and Shariah non-compliance
          risk exposures which may arise from the Bank’s product, people, processes, and system.

          They also facilitate the effective management of information disclosure from the regulatory authorities for onward submission to the
          Chief Compliance Officer and the Business Continuity Management (BCM) related activities.

          DCOROs are also responsible for reporting on the compliance and operational risk matters periodically, as well as on the loss event
          as and when required as per the Guidelines on Operational Risk Integrated Online Network (ORION) and Guidelines on Managing
          Shariah Non-Compliance (SNC) Risk.

          COMPLIANCE RISK MANAGEMENT

          The compliance function performs the identification and assessment through the qualitative or quantitative indicators in evaluating
          the adequacy of internal controls in place to manage compliance risk.

          The compliance function report for Board oversight on the assessment and findings analysis of compliance risk which highlight the
          key changes in the compliance risk profile for further attention as well as to report any identified deficiencies and action plans to
          address such deficiencies within stipulated timeframe.

          The compliance function also performs the advisory role to the Board and the Bank’s staff in keeping them informed on the
          developments affecting legal and regulatory requirements and the implications on the Bank’s compliance risk profile and capacity to
          manage compliance risk going forward.

          TECHNOLOGY RISK MANAGEMENT

          The technology risk management function is responsible for the establishment of Board-approved Technology Risk Management
          Framework (TRMF) and Cyber Resilience Framework (CRF) as well as the specific policies and procedures that are consistent with
          the regulatory requirements.
          These specific policies and procedures include the Bank’s technology processes and services as well as proper cyber-resilience
          capabilities with continuous validation of controls and as the overseeing party of the information technology and cyber risks.

          The technology risk management function also provides independent advice on critical technology projects and ensuring critical
          issues that may have an impact on the Bank’s risk appetite are adequately deliberated or escalated in a timely manner.

          RISK APPETITE

                                                         Risk Appetite




              Specific risk metrics which are     Reflects the long-term view of     The amount and type of risks the
                acceptable to EXIM Bank in        the Bank’s meeting its financial   Bank is willing to undertake and
              executing the business strategy     capacity and continuing ability    implemented given the relevant
                                                   to meet obligations towards         controls for measuring and
                                                         stakeholders                 managing the risks identified
   71   72   73   74   75   76   77   78   79   80   81