Page 80 - EXIM-Bank_Annual-Report-2022
P. 80
A VISION COMMITMENT EMPOWERING ENSURING ENHANCINg FINANCIAL
78 EXIM BANK MALAYSIA ANNUAL REPORT 2022 TO SERVE TO LEAD GROWTH SUSTAINABILITY gOVERNANCE STATEMENTS 79
STATEMENT OF RISK MANAGEMENT
RISK MANAgEMENT PROCESSES
The following is a summary of the Risk Management Processes:
Risk Risk
Risk Risk Measurement,
Identification Assessment Treatment and Monitoring
and Reporting
Control
Risk Management Processes
Risk Identification a. Identify the key primary enterprise risk exposures including credit risk, operational risk,
Shariah non-compliance risk, market risk, liquidity risk, information and cyber security risk and
compliance risk as well as any emerging risks that may potentially impact the Bank significantly.
b. Classify the risk exposures in accordance to its risk characteristics i.e impact (example: internal or
external, material or non-material, financial or non-financial impact, impact on current or future
position) and likelihood of the risk materialising.
Risk Assessment a. Regular assessment on the effectiveness of the Bank’s management of risk.
b. Continuous assessment on the risks together with the measurement of the potential impact of the
risk exposure such as the estimated credit loss computation using the Probability of Default (PD),
the Loss Given Default (LGD) and the Exposure at Default (EAD) on the Bank’s credit exposures
and the assessment for loss event of the Bank’s exposures to operational risk and the effectiveness
of the internal controls.
c. Periodic assessment through the agreed risk methodology and relevant tools such as Risk and
Control Self-Assessment (RCSA), key Risk Indicator (kRI), key Control Testing (kCT) and
Risk Assessment and Business Impact Analysis (RABIA).
Risk Measurement, a. Establishment of proper controls and limits.
Treatment and b. Proper coordination and communication for effective risk management between the business
Control and functional lines.
c. Evaluation for the effectiveness of the risk mitigation plan or strategy provided.
d. Constructively challenge the assessments produced by the business lines.
e. Ensure the risk information is captured timely and relevant for further escalation and reporting for
management and Board’s oversight and decision.
Risk Monitoring and a. Identify and specify the internal and external requirements of monitoring and reporting.
Reporting b. Monitor and escalate any breaches of risk limits and ensure the proposed risk mitigation implemented
are effective in managing the risk exposures back within the risk limit within specific time frame.
c. The risk reporting systems shall be accurate, dynamic and comprehensive.
