Page 90 - EXIM-Bank_Annual-Report-2023
P. 90
EXIM BANK MALAYSIA
88 A Vision to Serve Empowering Growth Management Discussion and Analysis
ANNUAL REPORT 2023
STATEMENT OF RISK MANAGEMENT
no. Primary Enterprise Risk Definition
6. technology Risk Information and cyber security risk are the risks emanating from the use of information
technology (IT) and the Internet. These risks arise from failures or breaches of IT systems,
applications, platforms or infrastructure, which could result in financial loss, disruptions in
financial services or operations, or reputational harm to the Bank.
7. Compliance Risk Compliance risk is the risk of legal or regulatory sanctions, financial loss or reputational
damage which the Bank may suffer as a result of its failure to comply with legal and
regulatory requirements applicable to its activities.
8. Environmental, Social and Risk that may have an impact on the internal and external environment of the Bank’s
Governance Risk operating and banking activities, reputation, financial and going concern as a result of
climate change affecting natural and human systems.
PRIMARY EntERPRISE RISK MItIGAtIon
no. Primary Enterprise Risk Mitigations
1. Credit Risk • Perform independent credit evaluation, as well as periodic review of the Portfolio
Risk Rating (PRR), Target Market and Risk Acceptance Criteria (TMRAC), product
programmes, Underwriting Standards and all other matters pertaining to credit risks.
• Proactive account management, through identification of Significant Increase in
Credit Risk (SICR) events, for timely account classification and re-classification with
appropriate expected credit loss provisioning and effective credit risk mitigation.
• Maintain comprehensive credit policy and limits within the Board-approved Risk
Appetite.
• All exposures and non-compliances, including emerging risks, are assessed and
escalated to the Management and Board Committees with action plan and monitoring
status.
2. operational Risk • Embedded risk function through the establishment of the Designated Compliance and
Operational Risk Officer (DCORO) functions in every division for active monitoring of
operational risks and reporting matters.
• All operational risk issues and incidents with detailed analysis and action plan are
promptly reported to Management and Board Committees.
3. Shariah non-Compliance • Ascertain the soundness of Shariah governance framework through four dedicated
(SnC) Risk functions - Shariah Research & Advisory, Shariah Risk Management, Shariah Review
and Shariah Audit - as required under BNM Shariah Governance Framework.
• Embedded risk function through the establishment of the Designated Compliance and
Operational Risk Officer (DCORO) functions in every division for active monitoring of
SNC risks and reporting matter.
• All SNC risk issues and incidents with detailed analysis and action plan are timely
reported to the Management, Board and Shariah Committee.
