Page 87 - Exim iar24_Ebook
P. 87
EXIM BANK MALAYSIA ANNUAL REPORT 2024
6 UPHOLDING ACCOUNTABILITY 85
RISK AND COMPLIANCE CULTURE
The Bank aims to strengthen the Designated Compliance and Operational Risk Officer (DCORO) programme to promote effective
compliance and risk management practices by business units and functional lines, and to cultivate positive risk and compliance
culture across the Bank.
The DCOROs are responsible for identifying, documenting, and assessing the compliance risk as well as to review the
operational and Shariah non-compliance risk that may arise from the Bank’s product, people, processes, and system. In addition,
they facilitate the effective management of information disclosure from regulatory authorities forwarding submission to the
Chief Compliance Officer (CCO) for compliance related issues and the Acting Chief Risk Officer (Acting CRO) for operating risk
related matters.
Additionally, the DCOROs are responsible for periodically reporting on compliance and operational risk matters, as well as reporting
on loss event as required by the Operational Risk Integrated Online Network (ORION) Reporting Procedures and Procedures on
Managing Shariah Non-Compliance (SNC) Risk.
COMPLIANCE RISK MANAGEMENT
The compliance function uses both the qualitative or quantitative indicators to identify and assess the adequacy of internal controls
in managing compliance risk.
The compliance function reports to the Board oversight on the assessment and analysis of compliance risk highlighting
key changes in the compliance risk profile that require further attention. Additionally, the compliance function reports any
identified deficiencies and provides action plans to address them within stipulated a timeframe.
The compliance function also serves as an advisory resource to the Board and the Bank’s staff providing updates on
the developments affecting legal and regulatory requirements and accessing their implications on the Bank’s compliance risk
profile and capacity to manage compliance risk in the future.
TECHNOLOGY RISK MANAGEMENT
The technology risk management function is responsible for the establishment of board-approved Framework on Technology
Risk Management and Framework on Cyber Resilience as well as the specific policies and procedures that are consistent with
the regulatory requirements.
These specific policies and procedures include the Bank’s technology processes and services as well as proper cyber-resilience
capabilities with continuous validation of controls and as the overseeing party of the information technology and cyber risks.
The technology risk management function also provides independent advice on critical technology projects and ensuring critical
issues that may have an impact on the Bank’s risk appetite are adequately deliberated or escalated in a timely manner.
RISK APPETITE
Risk Appetite
The amount and type of risk the Reflects the long-term view of the Specific risk metrics which are
Bank is willing to undertake and Bank’s meeting its financial capacity acceptable to EXIM Bank in executing
implemented given the relevant and continuing ability to meet the business strategy.
controls for measuring and managing obligations towards stakeholders.
the risks identified.
