7. OPERATIONAL RISK 7.1 Overview Operational Risk is defined as the “risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, which includes legal risk and Shariah non-compliance risk but excludes strategic and reputational risk”. It is inherent in all banking products, activities, processes and systems and the effective management of operational risk has always been a fundamental element of a bank’s risk management programme. 7.2 Operational Risk Governance The Group’s operational risk management (“ORM”) is guided by its ORM Policy, Guideline and Enterprise-Wide Risk Management Policy, as well as its Group Risk Appetite Statement Policy which are designed to provide a sound and well-controlled operational environment within the Group. BRC is a committee of Board to oversee the Management’s activities in managing risks for the Group, including operational risk. Its roles, with regard to ORM, include reviewing and recommending ORM Policy, strategies and risk appetite for Board’s approval. MRCC, under the authority delegated by BRC is responsible to perform the oversight function and to ensure effective management of issues relating to operational risk at strategic level. Operational Risk Control Committee (“ORCC”) which is a sub-committee of MRCC is primarily responsible in ensuring effective implementation and maintenance of policies, processes, and systems for managing operational risk for the Group. Notwithstanding the above, the various Business & Support Units (“BU/SU”) are responsible for managing operational risk within their respective domains on a day-to-day basis and ensuring that their business & operational activities are carried out within the established ORM policies, guidelines, procedures and limits. To reinforce accountability and ownership of risk & control at BU/SU level, a Risk Controller (“RC”) for each BU/SU is appointed and Embedded Risk and Compliance Unit (“ERU”) is established at selected BU/SU to assist in driving the risk & control programme for the Group. Ultimately, all staff of the Group are to ensure they properly discharge their day-to-day responsibilities and are well-equipped with the necessary knowledge including the policies and procedures in executing their job functions. This is in line with our Risk Management Tagline, i.e., “Managing Risk is Everyone’s Business”. PILLAR 3 DISCLOSURE as at 31 December 2021 BANK I SLAM MALAYS IA BERHAD 426
RkJQdWJsaXNoZXIy NDgzMzc=