Risk Management Process A standard risk management process has been adopted by the Group to ensure that Group-wide risks are properly identified and managed across all products and activities are undertaken in a structured, systematic and consistent manner. The risk management process is as follows: Under this approach, active involvement of the Board, Senior Management and staff of all levels are required in the risk management process to ensure a uniform view of risks across the Group. Risk Culture Risk culture is a vital component in strengthening risk governance and forms a fundamental principle of strong risk management. It is key to the long-term effectiveness of the Group’s risk management strategy. As encapsulated in the Group’s Risk Management Tagline, “Managing Risk is Everyone’s Business”, building a strong risk culture is the responsibility of the Board, Senior Management and all employees of the Group. To ensure this, the risk management process and approach has been embedded in all the Group’s core business processes, functions and activities. The Group’s risk culture has evolved over time and is a reflection, amongst others, of Senior Management actions, effective enforcement of policies and guidelines and communication strategies. Additionally, the Group perceives risk management as an important means of enhancing competitiveness, performance and operational resilience. Shariah Non-Compliance Risk Shariah Non-Compliance Risk (SNCR) is part of operational risk and is defined as “the risk of legal or regulatory sanctions, financial loss or non-financial implications including reputational damage, which the Group may suffer arising from failure to comply with the rulings of the Shariah Advisory Council of Bank Negara Malaysia (SAC), standards on Shariah matters issued by BNM or decisions or advice of the Group’s Shariah Supervisory Council. The responsibility of managing SNCR is spearheaded by the Group’s Shariah Risk Management Unit that is guided by the Risk Management framework and Operational Risk Management (ORM) Guideline. The documents detail out the Shariah risk management processes and tools in order to provide a consistent framework for managing SNCR across the Group. Shariah risk management is a discipline that systematically identifies, measures, monitors and controls SNCR to mitigate the occurrence of SNC events within the Group. Being part of operational risk, it leverages on the same principles, processes and tools of operational risk. However, the tools are modified to suit the regulatory requirements on Shariah governance in order to provide a robust and consistent approach in managing SNCR. Information Technology Risk Information Technology (IT) risk (including cyber risk) is the business risk associated with the use, ownership, operation, influence, involvement and adoption of technology within the Group. It also consists of technology related events that could potentially impact the business. Banking industry heavily relies on technology and BIMB is no exception. Such reliance exposes the Group to IT related risks such as cyberattacks and system disruptions. To mitigate this, BIMB has established the relevant framework and policy and has also put in place appropriate control measures and processes that are continuously being reviewed and enhanced. The Group also continues to invest in the latest IT infrastructure and tools as well as human capital development. Risk Management Process Step 1: Risk Identification Step 2: Risk Assessment Step 3: Risk Control & Mitigation Step 4: Risk Monitoring & Reporting STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL BANK I SLAM MALAYS IA BERHAD 198
RkJQdWJsaXNoZXIy NDgzMzc=