STRESS TESTING The Group undertakes periodical stress tests across its entire portfolio of credit, market, liquidity and non-financial risk in order to ensure that the Group remains viable even under severe, i.e., exceptional but plausible stress conditions. Under specific circumstances, ad-hoc stress tests may also be conducted to assess the impact of observed deterioration in its business environment which the Group has not taken into account. The Group also considers emerging risks and other stress events that could materialise over the next one (1) to three (3) years (if any). The Group will then assess the potential impact of such events at various levels of severity and deliberate the outcome at Management and Board committees. The Group is developing its climate risk stress testing capabilities in preparation for the BNM’s Climate Risk Stress Testing Exercise. SHARIAH NON-COMPLIANCE RISK MANAGEMENT Shariah non-compliance risk (SNCR) is part of non-financial risk and is defined as “risk of legal or regulatory sanctions, financial loss or non-financial implications, including reputational damage arising from failure to comply with the rulings of BNM Shariah Advisory Council (SAC), standards or decisions or advice of the Bank’s Shariah Supervisory Council”. The responsibility of managing SNCR is spearheaded by the Group’s Shariah Risk Management Unit that is guided by the Group’s Operational Risk Management (ORM) Policy and ORM Guideline. The documents detail out the Shariah risk management processes and tools in order to provide a consistent framework for managing SNCR across the Group. The framework was developed in compliance with BNM Shariah Governance Policy Document. Shariah risk management is a discipline that systematically identifies, measures, monitors and controls SNCR to mitigate the occurrence of SNC events within the Group. Being part of non-financial risk, it leverages on the same principles, processes and tools of operational risk. However, the tools are modified to suit the regulatory requirements on Shariah governance in order to provide a robust and consistent approach in managing SNCR. TECHNOLOGY AND CYBER RISK MANAGEMENT The Group Information Security & Governance Division (GISGD) is responsible for overseeing the management of technology, cyber and data risk. It operates as an independent function within the second line of defence in the three (3) lines of defence model. GISGD’s Group Technology Risk Management Framework (GTRMF) addresses both business and technology drivers, with a focus on controls from a holistic perspective that includes people, process and technology control layers. GTRMF is aligned with the Group Operational Risk Management Policy and supports overall enterprise risk management by ensuring that technology risks are properly identified, assessed, mitigated, monitored and reported in a structured and consistent manner. Given the rapid evolution of the risk landscape, GISGD has established multiple frameworks in support of the GTRMF such as Group Cyber Resilience Framework and Group Data Governance Framework. These frameworks will be continuously enhanced in accordance with international standards and guidance issued by regulatory bodies. GISGD is responsible for ensuring enterprise-wide implementation of these frameworks, while ensuring compliance with relevant regulatory requirements and guidelines. While discharging the above responsibilities, GISGD will continuously engage and collaborate with the First Line of Defence to perform its oversight duties through the following initiatives:- I. Technology Risk Management Strategy • Implementing technology risk management strategy and approaches that reflects the culture, appetite and tolerance levels of the Group, while taking into consideration technology, budgets and regulatory requirements. 249 www . b a n k i s l am. c om 01 02 03 04 05 06 07 ACCOUNTABILITY 08 09
RkJQdWJsaXNoZXIy NDgzMzc=