The risk management functions for the Group as the Second Line of Defence are predominantly performed by the Group Risk Management Division, Group Credit Management Division, Group Compliance Division and Group Information Security & Governance Division. Risk Management functions provide oversight on an enterprise-wide level for a holistic risk view within the Group and support the Group in its strategic objectives. The Group’s risk governance approach is premised on the 3-Lines of Defence Approach by placing accountability and ownership of risks to where they arise while maintaining the level of independence among risk taking units, risk control units and independent assurance unit in managing risk. The 3-Lines of Defence is used in implementing the ERM Framework and providing risk management accountability across the Group. * Consists of Group Risk Management Division (including Shariah Risk Management), Group Credit Management Division, Group Compliance Division (including Shariah Compliance) and Group Information Security & Governance Division (GISGD). RISK CULTURE Risk and compliance culture is a vital component in strengthening risk governance and forms a fundamental principle of strong risk management. It is key to the long-term effectiveness of the Group’s risk management strategy. As encapsulated in the Group’s Risk Management Tagline, “Managing Risk is Everyone’s Business”, building a strong risk and compliance culture is the responsibility of the Board, Senior Management and all employees of the Group. To ensure this, the risk management process and approach has been embedded in all the Group’s core business processes, functions and activities. The Group’s risk culture evolves over time and is a reflection, amongst others, of Senior Management actions, effective enforcement of policies and guidelines and communication strategies. Additionally, the Group perceives risk management as an important means of enhancing competitiveness, performance and operational resilience. As part of the risk and compliance culture, the Board, Senior Management and employees of the Group are committed to adhering to the requirements of relevant laws, rules and regulations. Risk and compliance programmes are emplaced and driven by the Board and Senior Management encompassing, among others e-learning, induction programmes and engagement sessions. Responsible for providing Independent assurance to Board and Management that Risk Management Processes and Tools are effectively implemented Responsible for establishing and maintaining Risk Management framework; developing Risk Management Tools; assessing, monitoring, reporting and controlling risk; and promoting risk awareness across the Group Three Lines of Defence Approach Responsible for ongoing oversight of risk and control at day to day work level and promoting strong risk culture within business/support unit Risk Owner or Risk Taking Units Risk Control Units* Internal Audit 1 2 3 247 www . b a n k i s l am. c om 01 02 03 04 05 06 07 ACCOUNTABILITY 08 09
RkJQdWJsaXNoZXIy NDgzMzc=