The responsibility for managing IT risk is spearheaded by the Group Information Security & Governance Division (GISGD). While it is responsible for establishing, maintaining and enforcing IT risk policies and guidelines, it also works closely with the Group IT Division (GITD), especially in identification, assessment, mitigation, monitoring and reporting of IT risk in the Group. In managing IT risk, the Group is taking among others, the following steps: COMPLIANCE MANAGEMENT Financial Crime Compliance (FCC) BIMB addresses and tackles financial crimes by developing typologies and red flags for financial flows, training frontline staff to identify potential suspicious transactions, and participating in public-private partnerships to share intelligence and good practices. BIMB has established comprehensive controls to anticipate, prevent, detect and respond to any money laundering and terrorist financing activities. The AML/CFT policy outlines the roles and responsibilities and clear accountability of the Board of Directors, Senior Management and its employees. We actively contribute to the industry by taking lead in various initiative including preparing a Standard Operating Procedure (SOP) for Law Enforcement Agency (LEA) process. BIMB continues to support the industry combating financial crime by conducting training and providing certification to compliance officers across the industry on financial crime risks and AML topics. To mitigate the risk of financial crime, particularly money laundering, BIMB established several monitoring rules which are designed to identify and investigate transactions of potential crime. In 2021, we adopted technology in addressing financial crime by leveraging the Robotic Process Automation. To further improve the quality of transaction monitoring, FCC Department applied a Standard Deviation approach in AML System aiming to improve the analyst productivity and reduce false positive. Addressing AML risk does not stop at the Bank level only. As part of managing money laundering/terrorist financing risk at subsidiary level, a consultant was assigned to conduct an Institutional Risk Assessment (IRA) at BIMB Investment Management Berhad and at BIMB Securities Sdn Bhd. The team had kicked start a project to implement Fraud and AML System which will be launched in March 2022. i. I mplementing IT risk management strategy that reflects the culture, appetite and tolerance levels of the Group, taking into consideration technology capabilities, budgets and regulatory requirement; ii. D esigning policies and internal controls – policies and internal controls are designed and enforced to reduce technology related risks to an acceptable level and the effectiveness of those controls are monitored; iii. M onitoring process – reviews are conducted to ensure controls are adequately implemented and gaps are highlighted and rectified; iv. P erforming review and risk assessment – frequent review and assessment exercise is performed to identify risk, vulnerabilities and threats as well as its mitigation measures. The areas covered includes but not limited to third party service providers and those related to emerging technologies such as cloud-based project implementation; and v. Reporting – IT and cyber risk related reports are periodically presented to Management committees and the Board for deliberation. INTEGRATED ANNUAL REPORT 202 1 Key Messages Overview Value Creation MD&A Sustainability Leadership Accountability Financial Additional Information 199
RkJQdWJsaXNoZXIy NDgzMzc=