Page 72 - EXIM-BANK-AR20
P. 72
70 EXIM BANK MALAYSIA
Annual Report 2020
STATEMENT OF RISK MANAGEMENT
RISK MANAGEMENT PROCESSES
Risk Identification • Identify all enterprise risk exposures, including credit risk, operational risk, Shariah
non-compliance risk, market risk, liquidity risk, information and cyber security risk
and compliance risk, as well as any emerging risks that may potentially impact the
Bank significantly.
• Classify the risk exposures in accordance to its risk characteristics, i.e. impact
(example: internal or external, material or non-material, financial or non-financial
impact, impact on current or future position) and likelihood of the risk materialising.
Risk Assessment • Continuous assessment on the risks together with the measurement for potential
impact of the risk exposure, such as the estimated credit loss computation using the
Probability of Default (PD), the Loss Given Default (LGD) and the Exposure at Default
(EAD) on the Bank’s credit exposures and the assessment for loss event of the Bank’s
exposures to operational risk and the effectiveness of the internal controls.
• Regular assessment on the effectiveness of the Bank’s management of risk.
• Periodic assessment through the agreed risk methodology and relevant tools, such as
Risk and Control Self-Assessment (RCSA), Key Risk Indicator (KRI) and Key Control
Testing (KCT).
Risk Measurement, • Establishment of proper controls and limits.
Treatment and Control • Proper coordination and communication for effective risk management between the
business and functional lines.
• Evaluation for the effectiveness of the risk mitigation plan or strategy provided.
• Constructively challenge the assessments produced by the business lines.
• Ensure risk information is captured timely and relevant for further escalation and
reporting for management and Board’s oversight and decision.
Risk Monitoring and • Identify and specify the internal and external requirements of monitoring and reporting.
Reporting • Monitor and escalate any breaches of risk limits and ensure the proposed risk
mitigation implemented are effective in managing the risk exposures and breaches
within the risk limit and specific time frame.
• Ensure that the risk reporting systems are accurate, dynamic and comprehensive.
RISK AND COMPLIANCE CULTURE
In cultivating such a culture, EXIM Bank has implemented the Designated Compliance and Operational Risk Officer (DCORO)
programme for effective compliance and risk management activities by departments/divisions.
The DCOROs identify, document and assess the compliance risk, as well as to review the operational and Shariah non-compliance
risk exposures, which may arise from the Bank’s product, people, processes and system.
They also facilitate the effective management of information disclosure from the regulatory authorities for onward submission to the
Chief Compliance Officer and Business Continuity Management (BCM) related activities.
DCOROs are also responsible for reporting on the compliance and operational risk matters periodically, as well as on the loss event,
as and when required, as per the Guidelines on Operational Risk Integrated Online Network (ORION) and Guidelines on Managing
Shariah Non-Compliance (SNC) Risk.
