In 2023, GIU has concluded the three-year cycle of the CRM Review plan, which was approved by BAEC in January 2021. As part of the three-year CRM Review Plan, 15 high-risk stakeholders underwent review in the first year, followed by 10 medium-risk stakeholders, and 14 low-risk stakeholders in the third year. Ratings are also assigned to stakeholders upon completion of CRM review. The current controls were attested to give reasonable assurance in mitigating the identified corruption risk. Key Objectives of CRM Review To validate the current controls and their effectiveness as identified by each stakeholder ¹ Adequate Procedures refers to the statutory defence against corporate liability prosecution as accorded under Section 17A (4) of the MACC Act 2009. CORRUPTION RISK MANAGEMENT (CRM) Based on the initial CRM exercise conducted in FY2020, the Group identified no critical risks, and the residual corruption risks were deemed satisfactory overall, with no significant concerns raised. Following the conclusion of the CRM exercise, the Group has formalised a comprehensive framework into a cohesive policy known as the Group Corruption Risk Management Policy (GCRMP). The GCRMP advocates for a proactive approach through Corruption Risk Assessment (CRA) exercise to identify and mitigate corruption risks, engaging all divisions and stakeholders in the detection of risks and the formulation of preventive strategies. These efforts are seamlessly integrated into our governance framework, thereby reinforcing our commitment to prevent corruption and nurturing an ethical business environment. The GCRMP is designed to comply with the ISO 37001 ABMS standards, requiring the Group to assess both internal and external factors, along with the needs and expectations of stakeholders. These considerations are essential to maintain the Group’s integrity and preventing instances of bribery and corruption, thus ensuring a fair business environment. CRM Review The Group, through the Governance & Integrity Unit (GIU) of the Integrity & Governance Department (IGD), Group Compliance Division, has embarked on CRM Review to meet the need for Adequate Procedures¹ – Principle IV: Systematic Review, Monitoring, and Enforcement. To assess for gaps in controls 243 1 2 3 4 5 6 7 8 9 www.bankislam.com ACCOUNTABILITY
RkJQdWJsaXNoZXIy NDgzMzc=