41. FINANCIAL RISK MANAGEMENT (CONTINUED) (e) Operational Risk Overview Operational risk is defined as the risk of loss arising from inadequate or failed internal processes, people and systems and external events, which includes legal risk and Shariah compliance risk but excludes strategic and reputational risk. Management of operational risk The Group and the Bank recognises and emphasises the importance of operational risk management (“ORM”) and manages this risk through a control-based environment where processes are documented, authorisation is independent, transactions are reconciled and monitored and business activities are carried out within the established guidelines, procedures and limits. The Group’s and the Bank’s overall governance approach in managing operational risk is premised on the Three Lines of Defence Approach: • 1st line of defence – The risk owner or risk taking unit i.e. Business or Support Unit is accountable for putting in place a robust control environment within their respective units. They are responsible for the day-to-day management of operational risk. Head of Division/Department (“HOD”) are accountable for effective management of operational risk within their respective divisions. To reinforce accountability and ownership of risk and control, a Risk Controller for each risk taking unit is appointed to assist in driving the risk and control programme for the Group and the Bank. In addition, an Embedded Risk & Compliance Unit (“ERU”) has been established within the significant business and support units (“BU/SU”). The ERU would assist in implementing and monitoring the ORM activities within the BU/SU. The ERU’s relationship and knowledge of the business allow for a more focused implementation and effective oversight of ORM within the BU/SU. • 2nd line of defence – Operational Risk Management Department (“ORMD”) is responsible for establishing and maintaining the ORM Framework, developing various ORM tools to facilitate the management of operational risk, monitoring the effectiveness of ORM via an integrated operational risk management system, assessing operational risk issues from the risk owner and escalating the issues to the relevant governance level with recommendations on appropriate risk mitigation strategies. In creating a strong risk culture, ORMD is also responsible to promote risk awareness across the Group and the Bank. • 2nd line of defence – Shariah Risk Management (“SRM”) Unit of ORMD, Group Compliance Division which includes Shariah Compliance Department (“SCD”) and Group Information Security Governance (“GISGD”) complement the role of ORMD as the second line of defence. SRM is responsible for managing the Shariah compliance risk (“SCR”) by establishing and maintaining appropriate SRM guidelines, facilitating the process of identifying, assessing, controlling and monitoring SCR and promoting SCR awareness. Business Continuity Management (“BCM”) Unit of ORMD role is crucial for maintaining organisational resilience, protecting assets, and ensuring the continuity of critical business functions during unexpected events. This is done by minimising the impact of disruptions through rapid recovery, thereby safeguarding long-term viability. 390 Notes to the Financial Statements for the financial year ended 31 December 2023 Bank Islam Malaysia Berhad ◆ Integrated Annual Report 2023
RkJQdWJsaXNoZXIy NDgzMzc=