BIMB Integrated Annual Report 2019

48 FINANCIAL RISK MANAGEMENT POLICIES (CONTINUED) 48.6 Operational risk (continued) Banking (continued) Management of operational risk (continued) • 2nd line of defence – Operational Risk Management Department (“ORMD”) is responsible for establishing and maintaining the ORM Framework, developing various ORM tools to facilitate the management of operational risk, monitoring the effectiveness of ORM, assessing operational risk issues from the risk owner and escalating the issues to the relevant governance level with recommendations on appropriate risk mitigation strategies. In creating a strong risk culture, ORMD is also responsible to promote risk awareness across the Bank. Shariah Risk Management Department (“SRM”), Compliance Division and Chief Information Security Officer (“CISO”) Office complement the role of ORMD as the second line of defence. SRM is responsible for managing the Shariah compliance risk (“SCR”) by establishing and maintaining appropriate SRM guidelines, facilitating the process of identifying, assessing, controlling and monitoring SCR and promoting SCR awareness. Compliance Division is responsible for ensuring effective oversight on compliance-related risks such as regulatory compliance risk, compliance risk as well as money laundering and terrorism financing risks through proper classification of risks and develops, reviewing and enhancing compliance-related training programmes as well as conducting training that promotes awareness creation. CISO Office is responsible in managing technology risk by establishing, maintaining and enforcing technology risk policies and guidelines, as well as promoting bank wide awareness on technology risk. It also works closely with Information Technology Division (“ITD”) in identifying, assessing, mitigating and monitoring technology risk in the Bank. • 3rd line of defence – Internal Audit provides independent assurance to the Board and senior management on the effectiveness of the ORM process. 49 TAKAFUL RISK MANAGEMENT (a) Family Takaful Fund The Family Takaful contracts consist of: (i) Family Takaful non-investment-linked contracts The Family Takaful non-investment-linked contracts are mainly credit related takaful products, group takaful schemes, yearly renewable individual ordinary medical plans, regular contribution individual ordinary plans and annuity plans. The main product types are Mortgage Reducing Term Takaful (MRTT), Group Credit Takaful, Group Term Takaful and Group Medical Takaful. (ii) Family Takaful investment-linked contracts The Family Takaful investment-linked contracts are mainly made up of regular contribution investment-linked products. The main products are Takaful myInvest and Takaful myGenLife. NOTES TO THE FINANCIAL STATEMENTS FOR THE FINANCIAL YEAR ENDED 31 DECEMBER 2019 (CONTINUED) 302 Integrated Annual Report 2019 Group Overview Sustaining The Group Management Discussion & Analysis Group Governance