Shariah Non-Compliance can erode customer trust and damage the Group’s credibility and reputation in delivering Shariah-compliant financial products. How Does This Impact Us? Threats and vulnerabilities to the Group’s IT environment which could result in disruption to the provision of essential financial services in a resilient and secure manner to its customers, financial loss, reputational damage as well as loss of stakeholders’ trust in the Group. How Does This Impact Us? SHARIAH NON-COMPLIANCE RISK TECHNOLOGY AND CYBER RISK Outlook The SNC risk landscape remains stable as the necessary tools and controls are already in place and well embedded. Nevertheless, the Group strives to uphold robust internal controls that commensurate with the complexity of financial products and services offered to deliver enhanced value for its customers. Outlook As the industry embraces the digitalisation of products and services alongside the increased adoption of cloud technology and generative AI, the Group’s business operations are exposed to an increasingly complex risk environment, including heightened cyber threats. The Group remains dedicated to safeguard the integrity of its systems and protecting its stakeholders and customers’ interest. The Group continues to strengthen governance frameworks, processes, and systems to ensure it remains resilient, adaptable, and equipped to navigate the increasing complexities of a rapidly evolving threat landscape. Description The risk of legal or regulatory sanctions, financial loss or non-financial implications including reputational damage, which an Islamic Financial Institution (IFI) may suffer arising from failure to comply with the rulings of the Shariah Advisory Council (SAC) of BNM and Securities Commission (SC), standards on Shariah matters issued by BNM pursuant to section 29(1) of the Islamic Financial Services Act (IFSA) or decisions or advice of the Group’s Shariah Supervisory Council. Description Risk of financial loss or negative consequences (such as regulatory breaches, disruptions, or reputational damage) arising from the use of technology due to the inadequacy or failures in people, processes, technology, or external events. Response and Mitigating Actions • Empowering the Shariah functions as stipulated under BNM’s Shariah Governance Policy Document (SGPD) to achieve a holistic Shariah compliance culture within the Group. • Develop and operationalise Shariah requirement through all documentations to ensure alignment with Shariah principles. • Develop and integrate mechanisms to identify, measure, control and monitor SNC risks across the Group’s activities and operations. • Leverage on NFRM tools such as Risk and Control Self-Assessment, Key Risk Indicators, Incident Reporting and Scenario Analysis for the effective identification and management of SNC risks. • Deliver Shariah risk awareness training to inculcate Shariah compliance culture. • Promptly and accurately report all non-compliance incidences to Management and Board Committees. Response and Mitigating Actions • The Group has in place a Technology Risk Management Framework and Cyber Resilience Framework, which are integrated within the Group ERMP to provide a holistic and structured approach to managing technology and cyber risks, including data protection. • Establish a suite of processes and controls that address technology and cyber risks in a proactive, secure, and robust manner. • Ensure IT and cybersecurity strategic plans complement business continuity strategies to create a secure, resilient and adaptable organisation capable of withstanding disruptions and emerging risks. • Continuous assessment of the effectiveness of security controls as part of cyber hygiene practices to strengthen resilience against a rapidly evolving threat landscape. • Cultivate a strong culture of security through targeted and regular training and awareness initiatives. • Proactive trend analysis, monitoring, reporting and escalation of technology and cyber related issues and incidents to Management and Board Committees. Opportunities Arising From This Risk • Supporting the innovation of Shariah-compliant products and services to strengthen the Group positioning in the industry. • Continue to ensure a robust Shariah governance structure and risk management strategies to streamline operations and reduce risk of SNC. Opportunities Arising From This Risk • Harness the power of technology to anticipate, navigate, adapt, thrive and achieve operational resilience and success in the face of evolving challenges and threats. • Enhance customer experience through accessibility of products and services while safeguarding the integrity of the Group’s IT environment. • Adoption of new and emerging technologies to drive continuous innovation and boost digital agility across workforce. SNC TCR 61 w w w . b a n k i s l a m. c o m 01 02 03 04 MD&A – STRATEGIC REVIEW 05 06 07 08 09
RkJQdWJsaXNoZXIy NDgzMzc=