Page 85 - EXIM-Bank_Annual-Report-2023
P. 85
Management Discussion and Analysis Ensuring Sustainability Commitment to Lead Upholding Accountability Financial Statements 83
Management Committees:
Management Risk and a. Responsible for monitoring and reviewing the management of key and emerging risks of
Compliance Committee the Bank. These include reviewing the framework, policies, risk appetite as approved by the
(MRCC) Board, procedures, adequacy of internal control and systems, as well as the reviewing of new
products or material variation to existing product offering.
b. The MRCC, if deemed appropriate, may recommend to the BRC for review and approval at
the Board.
Management Credit Responsible for reviewing, deliberating and approving new and renewal of loan/financing/
Committee (MCC) credit/insurance related proposals, including recovery, restructuring and rescheduling proposals,
as prescribed in the Approving Authority and Authority Limits.
Assets and Liabilities Responsible to oversee the overall asset and liability (ALM) management, including endorsing
Committee (ALCo) the appropriate strategies for ALM management, deliberation on net interest income (NII)
performance and ensuring that all ALM risks remain within the risk appetite set by the Board.
Information technology a. Responsible in providing oversight in Information Technology (IT) governance and to
Steering Committee formulate the IT strategic plans in ensuring that IT is capable of supporting the Bank’s
(ItSC) strategic business plans.
b. These functions include monitoring and deliberation on any new IT regulations that may
have an operational impact to the Bank. The ITSC, if deemed appropriate, to recommend to
the MRCC and BRC for review and approval at the Board.
In addition, the Board Audit Committee (BAC) and Audit and Compliance Issues Resolution Committee (ACIRC) play a very
important and pivotal role in the overall internal control governance of the Bank. Details of the Roles and Responsibilities of these
Committees are provided in the Statement of Internal Control.
The Three Lines of Defense model adopted by the Bank is as follows:
Line of Defense:
First Line Business units and functional lines are responsible and accountable for identification, reporting
and mitigating the risk exposures through agreed monitoring and reporting tools.
Second Line a. Second line of defense shall remain well-defined, effective and independent from business
and operational decisions.
b. Compliance Department (CD) and the Risk Management Division (RMD) as part of the second
line of defense, must possess the knowledge and expertise required to effectively perform
compliance and risk management functions. They should provide constructive challenge to
business units and functional lines in managing risk.
c. Appropriate resources and support are provided to enable them to fulfil their risk management
and responsibilities, including unrestricted access to internal system and information.
d. To ensure effective compliance and risk management throughout the Bank, regular
communication with the first line of defense is established.
third Line a. To ensure the integrity, accuracy and reasonableness of the Bank’s risk management
processes, as well as to provide assurance of overall compliance with applicable laws,
regulations, internal policies, procedures and limits; periodic reviews are conducted.
b. The Audit and Assurance Department (AAD) shall closely interact with the second line of
defense to escalate the risk issues and ensure effective controls and compliance with risk
management Bank-wide.
c. Part of this process includes following through and following up on the action plans related
to the risk findings prior to submission to relevant authorities.
