Background Image
Table of Contents Table of Contents
Previous Page  42 / 178 Next Page
Information
Show Menu
Previous Page 42 / 178 Next Page
Page Background

40

GHL Systems Berhad

(293040-D)

Annual report 2015

5. Risk Management (Cont’d)

b. Risk Department

The Group Risk Department currently monitors the merchant performance risks of its two active

Transaction Payment Acquisition (“TPA”) businesses in Malaysia and Thailand. The Group Risk

Department performs this function by firstly determining the risk acceptance criteria, followed by

measuring, classifying and monitoring merchant activities at a transactional level using predetermined

risk rules and finally instituting remedial and exit procedures for errant merchants. This approach is

embodied in the Group’s Credit Policy manual and is heavily automated in the Group’s M-Cube Risk

Management system.

During the year, the Group Risk Department exited certain high risk merchants as a result of its review of

transaction exceptions, evidencing the veracity of the M-Cube Risk Management system in detecting

errant merchant behaviour. Management has continuously kept abreast of these reviews and findings

via the monthly Business Reviews. The Group Risk Department also continues to fine tune its policies and

procedures to stay in line with changes in the marketplace and business objectives and plans.

6. Information Technology Controls and Security

a. Disaster Recovery Backup Plan

A Disaster recovery (“DR”) backup policy and procedure has been established group wide in order

to ensure continuity of the business operations in the event of IT-disabling disaster strikes. DR drills are

conducted at least once a year with the technology divisions continued effort to enhance the DR

capability to cover all key aspects of the businesses.

b. Payment Card Industry Data Security Standard (“PCIDSS”)

PCI DSS is an actionable framework established by Payment Card Industry Security Standards Council

(“PCISSC”) to ensure the safe handling of cardholder information at every step. PCI DSS covers systems,

policies and procedures around the following:

Building and maintaining a secure network and systems

Protect cardholder data

Maintaining a vulnerability management program

Implementation of strong access control measures

Regularly monitor and test networks

Maintain an information security policy

The Malaysian operations obtained its first Certificate of PCIDSS compliance in 2012 by meeting all

the requirements set by the standards. During the year, the Company was reassessed by a qualified

security assessor from PCISSC; as part of the annual certification exercises and continues to be PCIDSS

compliant on the latest 3.1 version. During the year, theCompany’s overseas subsidiaries in thePhilippines

and Thailand were both certified PCIDSS version 3.1 compliant. The Company acknowledges that

maintaining high information technology security controls is indispensable to its business operations

and will continue implement best practices embedded within the security standard.

7. Human Capital

a. Performance appraisal & employee trainings

Annual appraisal systems are implemented for the employees at all levels within the Group, enforcing

dialogue between management and subordinates for continuous improvement on employees’

performance. Arising from this appraisal, training need analysis is performed to identify the required

training for employees to address the areas of improvement identified.

Statement on Risk Management and

Internal Control

1 37 38 39 40 41 42 43 44 45 46 47 48 178  FlippingBook