Page 323 - Full Book_24.4.2021
P. 323
NOTES TO THE
FINANCIAL STATEMENTS in retrospect
|
for the financial year ended 31 december 2020 (continUed)
the Will to Suceed
|
49 FINANCIAL RISk MANAGEMENT POLICIES (CONTINUED)
49.6 Operational risk
Banking achieving a leading repute
Overview
operational risk is defined as the risk of loss arising from inadequate or failed internal processes, people and systems and |
external events, which includes legal risk and Shariah compliance risk but excludes strategic and reputational risk.
Management of operational risk
the bank recognises and emphasises the importance of operational risk management (“orm”) and manages this risk Paving the Way for a Sustainable future
through a control-based environment where processes are documented, authorisation is independent, transactions are
reconciled and monitored and business activities are carried out within the established guidelines, procedures and limits.
the bank’s overall governance approach in managing operational risk is premised on the three lines of defence approach:
st
• 1 line of defence – the risk owner or risk taking unit i.e. business or Support Unit is accountable for putting in place
a robust control environment within their respective units. they are responsible for the day to day management of
operational risk. to reinforce accountability and ownership of risk and control, a risk controller for each risk taking 317
unit is appointed to assist in driving the risk and control programme for the bank.
in addition, an embedded risk & compliance Unit (“erU”) has been established within the significant business
and support units (“bU/SU”). the erU would assist in implementing and monitoring the orm activities within the
bU/SU. the erU’s relationship and knowledge of the business allow for a more focused implementation and effective
oversight of orm within the bU/SU.
• 2 line of defence – operational risk management department (“ormd”) is responsible for establishing and adhering to the best Governance Practices
nd
maintaining the orm framework, developing various orm tools to facilitate the management of operational risk,
monitoring the effectiveness of orm, assessing operational risk issues from the risk owner and escalating the issues
to the relevant governance level with recommendations on appropriate risk mitigation strategies. in creating a strong
risk culture, ormd is also responsible to promote risk awareness across the bank.
|
Shariah risk management department (“Srm”), compliance division and chief information Security officer (“ciSo”)
office complement the role of ormd as the second line of defence. Srm is responsible for managing the Shariah
compliance risk (“Scr”) by establishing and maintaining appropriate Srm guidelines, facilitating the process of
identifying, assessing, controlling and monitoring Scr and promoting Scr awareness.
compliance division is responsible for ensuring effective oversight on compliance-related risks such as regulatory Laying the Foundation for Financial Growth
compliance risk, compliance risk as well as money laundering and terrorism financing risks through proper classification
of risks and develops, reviewing and enhancing compliance-related training programmes as well as conducting training
that promotes awareness creation.
ciSo office is responsible in managing technology risk by establishing, maintaining and enforcing technology risk |
additional information & disclosure Summary
policies and guidelines, as well as promoting bank wide awareness on technology risk. it also works closely with
information technology division (“itd”) in identifying, assessing, mitigating and monitoring technology risk in the
bank.
• 3 line of defence – internal audit provides independent assurance to the board and senior management on the
rd
effectiveness of the orm process.
|
24 th aGm information
