Page 86 - EXIM-Bank_Annual-Report-2023
P. 86
EXIM BANK MALAYSIA
84 A Vision to Serve Empowering Growth Management Discussion and Analysis
ANNUAL REPORT 2023
STATEMENT OF RISK MANAGEMENT
RISK MAnAGEMEnt PRoCESSES
The following is a summary of the Risk Management Processes:
01 02 03 04
Risk Measurement,
Risk Risk Risk Monitoring
treatment and
Identification Assessment and Reporting
Control
Risk Management Processes
Risk Identification a. Identify the key primary enterprise risk exposures, including credit risk, operational risk,
Shariah non- compliance risk, market risk, liquidity risk, information and cyber security risk
and compliance risk, as well as any emerging risks that may potentially impact the Bank
significantly including climate risk.
b. Classify the risk exposures in accordance to its risk characteristics, i.e. impact (example:
internal or external, material or non-material, financial or non-financial impact, impact on
current or future position) and likelihood of the risk materialising.
Risk Assessment a. Regular assessment on the effectiveness of the Bank’s management of risk.
b. Continuous assessment on the risks together with the measurement of the potential impact
of the risk exposure, such as the estimated credit loss computation using the Probability of
Default (PD), the Loss Given Default (LGD) and the Exposure at Default (EAD) on the Bank’s
credit exposures and the assessment for loss event of the Bank’s exposures to operational
risk and the effectiveness of the internal controls.
c. Periodic assessment through the agreed risk methodology and relevant tools, such as Risk
and Control Self-Assessment (RCSA), Key Risk Indicator (KRI), Key Control Testing (KCT) and
Risk Assessment and Business Impact Analysis (RABIA).
Risk Measurement, a. Establishment of proper controls and limits.
treatment and Control b. Proper coordination and communication for effective risk management between the business
and functional lines.
c. Evaluation for the effectiveness of the risk mitigation plan or strategy provided.
d. Constructively challenge the assessments produced by the business lines.
e. Ensure the risk information is captured timely and relevant for further escalation and
reporting for management and Board’s oversight and decision.
Risk Monitoring and a. Identify and specify the internal and external requirements of monitoring and reporting.
Reporting b. Monitor and escalate any breaches of risk limits and ensure the proposed risk mitigation
implemented are effective in managing the risk exposures back within the risk limit and
within specific time frame.
c. The risk reporting systems shall be accurate, dynamic and comprehensive.
