VI. Technology Risk Culture • In 2023, GISGD improved communication and education on IT risks by tailoring engagements to stakeholders across many channels. These initiatives aim to keep stakeholders vigilant while undertaking their day-to-day activities. • To strengthen technology risk and compliance culture, various security and awareness initiatives were put in place such as a series of infographics, phishing campaign and training were rolled out to heighten awareness of escalating cyber risk attacks/incidences amidst the fast digitalisation pace. • Project kick-off awareness was conducted to continually remind the project team of the importance of safeguarding the Group’s information assets throughout the project phase. In managing increased volume of digital transactions, the adoption of new technology such as cloud services, and the transition to a predominantly hybrid working arrangement, the Group continuously prioritises, upgrades and monitors the IT infrastructure to maintain system resiliency, availability and ensure service levels to customers. The Group remained vigilant against possible disruptions arising from cyber-related incidents and recognises the importance of effective cyber risk management in minimising the impact on customers as well as any financial, operational, legal and regulatory impact to the Group. The Group will continue to invest in cyber defence capabilities to secure internal assets from emerging cyber threats and strengthen the ability to detect and respond. In 2023, GISGD adopt a Bank-wide approach to manage technology, cybersecurity and data related risks for the Group, which comprises enhancements and intensification of the following:- a) Enhancement and introduction of technology, cybersecurity and data related policies and frameworks; b) Launch of technology, cybersecurity and data related programmes across the Group; c) Employ multiple techniques of cybersecurity testing programmes such as vulnerability assessment, penetration testing, threat hunting and compromise assessment; d) Enhancement of cyber incident response plan to effectively detect, respond to, and mitigate cybersecurity incidents in timely manner and to ensure there will be no business disruption and the business-critical functions can remain resilience amid the cyber attack; e) Deployment of several key measures to safeguard information assets includes the use of technology to detect and prevent information leakages; and f) Establish and drive proper data governance/information security practices of the Group. We believe that our people are an integral part of our success, and we continue to step up our efforts to ensure the staff obtain continuous upskilling in understanding new technology and business risk and this remains as one of the GISGD’s forefront initiatives. GISGD efforts will continue across all divisions/group in 2024 as we strive to become the Bank that advances prosperity for all and provides value-added solutions. COMPLIANCE MANAGEMENT Financial Crime Compliance (FCC) Group Compliance as the second line of defence adds value by safeguarding the Bank against regulatory fines and administrative actions through our compliance programmes. The Bank addresses and tackles financial crimes by developing typologies and red flags for financial flows, training frontline staff to identify potential suspicious transactions, and participating in public-private partnerships to share intelligence and good practices. The Bank supports the industry in combating financial crime by conducting training and providing certification to compliance officers across the industry on financial crime risks and Anti-Money Laundering (AML) topics. As part of its strong commitment in managing financial crime risks, the Bank has implemented comprehensive controls to anticipate, prevent, detect, and respond to money laundering and terrorist financing activities. Through AML/Countering Financing of Terrorism (CFT) policy and relevant guidelines, clear roles and responsibilities for the Board of Directors, Management, and employees are delineated, emphasising the crucial roles each entity plays in ensuring effective management of financial crime risks at Bank-wide level. The controls also include institutionalising several monitoring and detection rules that are specifically designed to detect and provide a platform to investigate and further establish potential crimes. Addressing Financial Crime risk extends beyond the Bank level. Echoing the same commitment from the Bank level to subsidiary level, Institutional Risk Assessments (IRAs) were also performed at BIMB Investment Management Berhad, BIMB Securities Sdn Bhd, and Bank Islam Trust Company (Labuan) Ltd as to ensure that residual risks are effectively managed. 237 1 2 3 4 5 6 7 8 9 www.bankislam.com ACCOUNTABILITY
RkJQdWJsaXNoZXIy NDgzMzc=