Page 79 - EXIM_AR2021
P. 79
ANNUAL REPORT 2021 77
No Primary Enterprise Risk Definition
3. Operational Risk Operational risk is the risk of loss resulting from inadequate or failed internal operational or
financial processes and systems, the actions of people or from external events.
4. Market Risk Market risk refers to the potential loss arising from adverse movements in the market prices.
5. Liquidity Risk Liquidity risk is the risk of Bank’s inability to fund increases in assets and meet cash flow
obligations as they come due, without incurring unacceptable losses.
6. Technology Risk Information and cyber security risk are the risks emanating from the use of information
technology (IT) and the Internet. These risks arise from failures or breaches of IT systems,
applications, platforms or infrastructure, which could result in financial loss, disruptions in
financial services or operations, or reputational harm to the Bank.
7. Compliance Risk Compliance risk is the risk of legal or regulatory sanctions, financial loss or reputational
damage which the Bank may suffer as a result of its failure to comply with legal and regulatory
requirements applicable to its activities.
PRIMARY ENTERPRISE RISK MITIGATION
No Primary Enterprise Risk Mitigations
1. Credit Risk • Perform independent credit evaluation as well as periodic review of the Portfolio Risk
Rating (PRR), Target Market and Risk Acceptance Criteria (TMRAC), product programmes,
Underwriting Standards and all other matters pertaining to credit risks.
• Proactive account management through identification of Significant Increase in Credit
Risk (SICR) events for timely account classification and re-classification with appropriate
expected credit loss provisioning and effective credit risk mitigation.
• Maintain comprehensive credit policy and limits within the Board approved Risk Appetite.
• All exposures and non-compliances including emerging risks are assessed and escalated
to the Management & Board Committees with action plan and monitoring status.
2. Operational Risk • Embedded risk function through the establishment of the Designated Compliance and
Operational Risk Officer (DCORO) functions in every division for active monitoring of
operational risks and reporting matters.
• All operational risk issues and incidents with detailed analysis and action plan are promptly
reported to Management & Board Committees.
3. Shariah • Ascertain the soundness of Shariah governance framework through four dedicated
Non-Compliance functions - Shariah Research & Advisory, Shariah Risk Management, Shariah Review and
(SNC) Risk Shariah Audit - as required under BNM Shariah Governance Framework.
• Embedded risk function through the establishment of the Designated Compliance and
Operational Risk Officer (DCORO) functions in every division for active monitoring of SNC
risks and reporting matter.
• All SNC risk issues and incidents with detailed analysis and action plan are timely reported
to the Management & Board and Shariah Committee.
