Page 85 - Exim iar24_Ebook
P. 85
EXIM BANK MALAYSIA ANNUAL REPORT 2024
6 UPHOLDING ACCOUNTABILITY 83
Management Committees
Management Risk a. Responsible for monitoring and reviewing the management of key and emerging risks of
and Compliance the Bank. These include review the framework, policies, risk appetite as approved by the Board,
Committee (MRCC) procedures, adequacy of internal control and systems as well as the review of new products
or material variation to existing product offering.
b. The MRCC, if deemed appropriate, may recommend to the BRC for review and approval at
the Board.
Management Credit Responsible for reviewing, deliberating and approving new and renewal of loan/financing/credit/
Committee (MCC) insurance related proposals including recovery, restructuring, and rescheduling proposals as well
as recommending for endorsement or approval at higher approving authority as prescribed in the
Approving Authority and Authority Limits.
Assets and Liabilities Responsible to oversee the overall asset and liability (ALM) management including endorsing the
Committee (ALCO) appropriate strategies for ALM management, deliberation on net interest income (NII) performance
and ensuring that all ALM risks remain within the risk appetite set by the Board.
Information a. Responsible in providing oversight in Information Technology (IT) governance and to formulate
Technology Steering the IT strategic plans in ensuring that IT is capable of supporting the Bank’s strategic business
Committee (ITSC) plans.
b. These functions include monitoring and deliberation on any new IT regulations that may have
an operational impact to the Bank. The ITSC, if deemed appropriate, to recommend to the
MRCC and BRC for review and approval at the Board.
In addition, the Board Audit Committee (BAC) and Audit and Compliance Issues Resolution Committee (ACIRC) play a very
important and pivotal role in the overall internal control governance of the Bank. Details of the Roles and Responsibilities of
these Committees are provided in the Statement of Internal Control.
The Three Lines of Defense model adopted by the Bank is as follows:
Line of Defense
First Line Business units and functional lines are responsible and accountable for identification, reporting and
mitigating the risk exposures through agreed monitoring and reporting tools.
Second Line a. Second line of defense shall remain well-defined, effective and independent from business and
operational decisions.
b. Compliance Department (CD) and the Risk Management Division (RMD) as part of the second line
of defense must possess the knowledge and expertise required to effectively perform compliance
and risk management functions. They should provide constructive challenge to business units and
functional lines in managing risk.
c. Appropriate resources and support is provided to enable them to fulfil their risk management and
responsibilities, including unrestricted access to internal system and information.
d. To ensure effective compliance and risk management throughout the Bank, regular communication
with the first line of defense is established.
Third Line a. To ensure the integrity, accuracy, and reasonableness of the Bank’s risk management processes,
as well as to provide assurance overall compliance with applicable laws, regulations, internal
policies, procedures and limits, periodic review are conducted.
b. The Audit and Assurance Department (AAD) shall closely interact with the second line of
defense to escalate the risk issues and ensure effective controls and compliance with risk
management Bank-wide.
c. Part of this process includes to following through and following up on the action plans related
to the risk findings prior to submission to relevant authorities.
