Page 73 - EXIM-BANK-AR20
P. 73

Section 05  Upholding Accountability
                                                                                                                     71














            COMPLIANCE RISK MANAGEMENT
            In EXIM Bank, the compliance function performs the identification and assessment through the qualitative or quantitative indicators
            in evaluating the adequacy of internal controls in place to manage compliance risk.
            It  also  reports  to  the Board  for  oversight  on  the assessment and  findings  analysis  of  compliance  risk  that  highlights  the
            key changes in the compliance risk profile for further attention, as well as to report any identified deficiencies and action plans to
            address such deficiencies within a stipulated timeframe.

            The  compliance  function  also  performs  the  advisory  role  to  the  Board  and  the  Bank’s  staff  in  keeping them  informed  on  the
            developments related to legal and regulatory requirements and the implications on the Bank’s compliance risk profile and capacity to
            manage compliance risk going forward.
            TECHNOLOGY RISK MANAGEMENT

            Here,  the  technology  risk  management  function  is  responsible  for  the  establishment  of  Board-approved  Technology  Risk
            Management Framework (TRMF) and Cyber Resilience Framework (CRF), as well as the specific policies and procedures that are
            consistent with the regulatory requirements.
            These specific policies and procedures include the Bank’s technology processes and services, as well as proper cyber-resilience
            capabilities with continuous validation of controls and as the overseeing party of the information technology and cyber risks.

            It  also  provides  independent  advice  on critical  technology  projects  by ensuring  critical  issues  that  may have  an  impact  on the
            Bank’s risk appetite are adequately deliberated or escalated in a timely manner.

            RISK APPETITE
            EXIM Bank’s Risk Appetite Framework (RAF) governs the overall approach, including policies, processes, controls and systems,
            through which the risk appetite is established, communicated and monitored.
            Risk appetite is the amount and type of risk the Bank is willing to undertake and implement, given the relevant controls for measuring
            and managing the risks identified.
            The RAF generally has three main components, i.e. Risk Appetite Statement (RAS), risk appetite metrices along with the limits,
            as well as the roles and responsibilities of those overseeing the implementation and monitoring of the RAF.
            Defining and analysing RAS is amongst the fundamental tool to maintain acceptable returns, while exploiting potential competitive
            advantages linked to the business models and portfolio compositions of the Bank.

            Reviewing the RAS on a regular basis and/or when deemed necessary, ensures it remains aligned to the Bank’s strategic objectives,
            business performance, emerging risks and changes in the external environment.
   68   69   70   71   72   73   74   75   76   77   78