7. NON-FINANCIAL RISK 7.1 Overview Non-Financial Risk (NFR) is defined as the risk of loss arising from inadequate or failed internal processes, people and systems and external events, which includes legal risk and Shariah non-compliance risk but excludes strategic and reputational risk. In BIMB, operational risk management has evolved to cover a broader spectrum of non-financial risks such as business continuity management, outsourcing risk, technology risk and cyber risk. 7.2 Non-Financial Risk Governance The management of non-financial risk is principally carried out by using the Group NFR Framework, which comprises a suite of policies and guidelines designed to ensure NFRs are systematically identified, assessed, mitigated/controlled, monitored, and reported throughout the Group. The non-financial risk related policies and guidelines are approved by the MRCC, and/or BRC, guided by the Board-approved Risk Appetite Statement. The MRCC is responsible under the authority delegated by the BRC for managing non-financial risk at a strategic level. The ORCC is established as a sub-committee of the MRCC to assist the MRCC in ensuring effective implementation of the non-financial risk management across the Group. 7.3 Management of Non-Financial Risk The Group’s NFR management is premised on the Three Lines of Defence concept: • 1st line of defence – The risk-taking units i.e. Business or Support Unit (BU/SU) is accountable for the day-to-day management of non-financial risks within their business operations. To reinforce accountability and ownership of risk within the first line of defence, each risk-taking unit appoints a Risk Controller or has an embedded Risk and Compliance Unit to drive the risk culture and effective oversight of NFR within the BU/SU. • 2nd line of defence – Independent risk management and compliance functions (including shariah-related functions) are responsible for establishing the Group’s NFR Frameworks, development and implementation of NFR tools and methodologies to identify, assess, control, mitigate and monitor NFR. • 3rd line of defence – the Group Internal Audit provides independent assurance on the adequacy and overall effectiveness of the NFR management processes and internal controls. 483 w w w . b a n k i s l a m. c o m 01 02 03 04 05 06 07 08 FINANCIAL STATEMENTS 09
RkJQdWJsaXNoZXIy NDgzMzc=