Page 76 - EXIM-BANK-AR20
P. 76
74 EXIM BANK MALAYSIA
Annual Report 2020
STATEMENT OF RISK MANAGEMENT
No. Key Primary Risks Definition Mitigation Measures
6. Technology Risk Information and cyber security risk • Establish adequate internal processes and controls,
are the risks emanating from the including systems backup and recovery.
use of information technology (IT) • Maintain listing of IT-related issues and incidents
and the Internet. These risks arise with close monitoring of rectification progress by
from failures or breaches of IT the working level committees, for escalation to the
systems, applications, platforms Management and Board Committees.
or infrastructure, which could
result in financial loss, disruptions
in financial services or operations,
or reputational harm to the Bank.
7. Compliance Risk Compliance risk is the risk of legal • Maintain a set of comprehensive compliance
or regulatory sanctions, financial framework, policies and procedures.
loss or reputational damage that • Embed compliance monitoring through the
the Bank may suffer as a result establishment of the DCORO functions in every division
of its failure to comply with legal for active monitoring and reporting of compliance
and regulatory requirements matters.
applicable to the Bank’s activities.
• Assessment of High-Risk Customers
• Compliance issues are highlighted and presented for
deliberation at the Management and Board Committees.
MILESTONE AND ACHIEVEMENTS IN 2020
Top 3 Achievements in 2020
1 3
Revision of the Credit Risk Policy (CRP) to ensure comprehensive Review appointment of Designated Operational
policies governing the credit risk management is in accordance Risk Officer (DOO) to the Designated Compliance
to the Basel and Bank Negara Malaysia requirements. The new and Operational Risk Officer (DCORO) to ensure
CRP addresses the credit risk governance, alignment of credit risk broad coverage of compliance risk, operational
management with the Board-approved credit risk appetite, the Bank’s and Shariah non-compliance risk identification and
Risk Appetite Statements and its respective credit components. The assessment that may arise from the Bank’s product,
CRP also introduced the Target Market and Risk Acceptance Criteria people, processes and system. The DCOROs also
and the Credit Risk Rating through the Credit Risk Management facilitate for effective management of information
System (CRMS). disclosure from the regulatory authorities for onward
submission to the Chief Compliance Officer, participate
2 in the Business Continuity Management (BCM) related
activities, as well as report the loss event as and when
Establishment of Shariah RCSA, KRI & KCT to inculcate the required, as per the Guidelines on Operational Risk
self-assessment risk awareness and culture among the process and Integrated Online Network (ORION) and Guidelines
risk owners, which includes the identification, assessment, mitigation on Managing Shariah Non-Compliance (SNC) Risk
and monitoring of the Bank’s SNC risk exposures. requirements.
A number of Risk initiatives were initiated in 2020 including Credit Risk Management System and Group Risk Compliance Solution
with targeted implementation in 2021.
