Page 86 - Exim iar24_Ebook
P. 86

EXIM BANK MALAYSIA
          84

          STATEMENT OF
          RISK MANAGEMENT






          RISK MANAGEMENT PROCESSES

          The following is a summary of the Risk Management Processes:



                   01                     02                      03                      04
                                                                        Risk
                         Risk                   Risk                Measurement,               Risk
                     Identification          Assessment             Treatment and          Monitoring and
                                                                                             Reporting
                                                                       Control






                                                  Risk Management Processes
           Risk Identification  a.  Identify  the  key  primary  enterprise  risk  exposures  including  credit  risk,  operational  risk,
                                  Shariah non-compliance risk, market risk, liquidity risk, information and cyber security risk and
                                  compliance risk as well as any emerging risks that may potentially impact the Bank significantly
                                  including climate risk.
                               b.  Classify the risk exposures in accordance to its risk characteristics i.e. impact (example: internal
                                  or  external,  material  or  non-material,  financial  or  non-financial  impact,  impact  on  current  or
                                  future position) and likelihood of the risk materialising.
           Risk Assessment     a.  Regular assessment on the effectiveness of the Bank’s management of risk.
                               b.  Continuous assessment on the risks together with the measurement of the potential impact of
                                  the risk  exposure such  as  the estimated credit loss computation  using the Probability of
                                  Default  (PD),  the  Loss  Given  Default  (LGD)  and  the  Exposure  at  Default  (EAD)  on  the  Bank’s
                                  credit exposures and the assessment for loss event of the Bank’s exposures to operational risk
                                  and the effectiveness of the internal controls.
                               c.  Periodic  assessment through the agreed risk  methodology  and relevant  tools such as  Risk
                                  and  Control  Self-Assessment  (RCSA),  Key  Risk  Indicator  (KRI),  Key  Control  Testing  (KCT)  and
                                  Risk Assessment and Business Impact Analysis (RABIA).

           Risk Measurement,   a.  Establishment of proper controls and limits.
           Treatment and       b.  Proper coordination and communication for effective risk management between the business and
           Control                functional lines.
                               c.  Evaluation for the effectiveness of the risk mitigation plan or strategy provided.
                               d.  Constructively challenge the assessments produced by the business lines.
                               e.  Ensure the risk information is captured timely and relevant for further escalation and reporting for
                                  management and Board’s oversight and decision.
           Risk Monitoring     a.  Identify and specify the internal and external requirements of monitoring and reporting.
           and Reporting       b.  Monitor and escalate any breaches  of risk  limits  and ensure the proposed  risk  mitigation
                                  implemented are effective in managing the risk exposures back within the risk limit within specific
                                  time frame.
                               c.  The risk reporting systems shall be accurate, dynamic and comprehensive.
   81   82   83   84   85   86   87   88   89   90   91