Page 87 - EXIM-Bank_Annual-Report-2023
P. 87
Management Discussion and Analysis Ensuring Sustainability Commitment to Lead Upholding Accountability Financial Statements 85
RISK AnD CoMPLIAnCE CuLtuRE
The Bank aims to strengthen the Designated Compliance and Operational Risk Officer (DCORO) programme to promote effective
compliance and risk management practices by business units and functional lines, and to cultivate positive risk and compliance
culture across the Bank.
The DCOROs are responsible for identifying, documenting and assessing the compliance risks as well as to review the operational
and Shariah non-compliance risk that may arise from the Bank’s product, people, processes and system. In addition, they facilitate
the effective management of information disclosure from regulatory authorities forwarding submission to the Chief Compliance
Officer (CCO) for compliance related issues and the Chief Risk Officer (CRO) for operating risk related matters.
Additionally, the DCOROs are responsible for periodically reporting on compliance and operational risk matters, as well as reporting
on loss event as required by the Operational Risk Integrated Online Network (ORION) Reporting Procedures and Procedures on
Managing Shariah Non-Compliance (SNC) Risk.
CoMPLIAnCE RISK MAnAGEMEnt
The compliance function uses both the qualitative or quantitative indicators to identify and assess the adequacy of internal controls
in managing compliance risk.
The compliance function reports to the Board oversight on the assessment and analysis of compliance risk highlighting key changes
in the compliance risk profile that require further attention. Additionally, the compliance function reports any identified deficiencies
and provides action plans to address them within a stipulated timeframe.
The compliance function also serves as an advisory resource to the Board and the Bank’s staff providing updates on the developments
affecting legal and regulatory requirements and accessing their implications on the Bank’s compliance risk profile and capacity to
manage compliance risk in the future.
tECHnoLoGY RISK MAnAGEMEnt
The technology risk management function is responsible for the establishment of Board-approved Technology Risk Management
Framework (TRMF) and Cyber Resilience Framework (CRF), as well as the specific policies and procedures that are consistent with
the regulatory requirements.
These specific policies and procedures include the Bank’s technology processes and services, as well as proper cyber-resilience
capabilities with continuous validation of controls and as the overseeing party of the information technology and cyber risks.
The technology risk management function also provides independent advice on critical technology projects and ensuring critical
issues that may have an impact on the Bank’s risk appetite are adequately deliberated or escalated in a timely manner.
RISK APPEtItE
Risk Appetite
The amount and type of Reflects the long-term view of Specific risk metrics that are
risk the Bank is willing to the Bank’s meeting its financial acceptable to EXIM Bank
undertake and implement capacity and continuing ability in executing the business
given the relevant controls to meet obligations towards strategy.
for measuring and managing stakeholders.
the risks identified.
