EXIM BANK MALAYSIA
          90

          STATEMENT OF
          RISK MANAGEMENT






          MILESTONE AND ACHIEVEMENTS IN 2024

          In line with the Bank’s Corporate Strategic Plan, the Bank is strengthening sound risk management practices and promoting good
          governance.
          In 2024, the RMD achieved the following major milestones and implemented the following initiatives:

          1.  Review of Approving Authorities and Authority Limits
             The  Approving  Authorities  and  Authority  Limits  (AA)  is  a  compilation  of  authorised  approving  authorities,  signatories  and
             their respective limits approving financial and non-financial transactions as well as expenditures or activities within the Bank.
             The review considers the latest organisational structure of the Bank which prioritises operational efficiency of the Bank’s AA
             and activities, as well as the associated risk factors and control measures including the recommending party and approval
             authority. Additionally, the review addresses best governance practices to ensure compliance with regulatory requirements.
          2.  Review of Framework on Risk Management

             The Framework on Risk Management (the Framework) is an overarching risk management document for the Bank based on
             its mandated role as a government-owned Development Financial Institution (DFI) to promote reverse investment and export
             of  strategic  sectors  such  as  capital  goods,  infrastructure  projects,  shipping,  value  added  manufactured  products  and  to
             facilitate the entry of Malaysian companies to new markets, particularly to the non-traditional markets.
             The  Framework  addressed  the  requirements  of  BNM’s  Climate  Risk  Management  and  Scenario  Analysis  (CRMSA)  and
             governance of the climate risk stress test for year 2024.

          3.  Review of Framework for Technology Risk Management
             The Framework for Technology Risk Management (Framework) is an ongoing iterative process of identifying risk associated
             with the use, ownership, operation and adoption of technology within EXIM Bank, weighing its impact on the business and
             addressing the risk to bring it to an acceptable level.
             The  Framework  set  the  underlying  approach  of  managing  technology  risk  within  the  scope  of  EXIM  Bank’s  infrastructure
             and  technology  environment.  The  Framework  forms  part  of  EXIM  Bank  overall  risk  management,  internal  control  and
             governance arrangements.
          4.  Review of Framework for Cyber Resilience

             Cyber resilience is key to data and application availability. It is also a key component of the digital transformation journey.
             With proper cyber-resilience capabilities, EXIM Bank will reduce cyber threats and technology risk with continuous validation
             of controls.
             The cyber resilience practice is also more than mere malware detection and response, data backup, or Disaster Recovery (DR)
             capabilities.  It  extends  to  the  capabilities  to  prepare  for  and  adapt  to  changing  cyber  threat  conditions,  so  EXIM  Bank
             can withstand  and recover rapidly from disruptions.  Achieving cyber  resilience  depends  on  the ongoing  cycle  of
             interconnected  set  of  policy  and  guidelines  which  span  the  comprehensive  approach  required  to  address  the  breadth  of
             cyberthreats on both onpremises and cloud infrastructures.

             The document  set the high-level guidelines  comprising  of necessary  components  in cyber  security principles  to support
             EXIM  Bank  in  improving  the  security  posture,  adapt  and  recover  from  cyber-attacks  and  comply  with  regulatory
             requirements in respect of cybersecurity and cyber resilience.