Page 146 - Bank-Muamalat-AR2020
P. 146
144 BANK MUAMALAT MALAYSIA BERHAD About Us Our Leadership Our Strategy
About Us
ANNUAL REPORT FY2020
STATEMENT ON RISK MANAGEMENT AND
INTERNAL CONTROL
The Board and Management are
supported by functional and risk control Three (3) Lines of Defence Model
units, which are guided and managed
under a formal reporting hierarchy.
Management-level risk committees are All units have a specific responsibility for risk management under the above model.
set up to oversee specific risks and
perform risk control functions in the First Line Defence Model
areas of asset and liability management, Business Units
credit evaluation and investment, and • Risks are directly undertaken and assumed in the day-to-day business activities
operational risk. Risk Management and operations.
Department (“RMD”) supports • As frontliners, responsible for carrying out the established processes for identifying,
the above-mentioned Committees mitigating and managing risks within their respective environment aligned with
by performing the day-to-day risk the Bank’s strategic targets.
management functions which are kept
independent of business targets. Second Line Defence Model
Risk Management Control & Compliance
In FY2020, the Risk Management
organisation structure was enhanced • Ensures independent oversight and management of all material risks undertaken
by the Bank.
with the appointments of a Chief • Provides specialised resources for developing risk frameworks, policies,
Credit Officer to specifically focus on methodologies and tools for risk identification, measurement and control.
the credit portfolios of the Bank and • Provides the control function, which monitors the risks by using various key
a Chief Information Security Officer indicators and reports, guided by established risk appetite and tolerance limits.
(“CISO”) to oversee the overall policies
and practices in relation to IT security.
The CISO, who reports to the Chief Third Line Defence Model
Risk Officer (“CRO”), also supports Internal Audit
in the oversight and management of • Provides independent review and assurance on adequacy of risk management
technology-related risks. processes and effectiveness of the first two (2) lines of defence in fulfilling their
mandates.
The approach
To operationalise and integrate the risk Risk Culture
governance and management structure
at the bank-wide level, the Bank As the Bank continues to enhance and strengthen its risk management practices, it
adopts a distributed function approach reinforces and embeds a strong risk culture throughout the organisation. Continuous
towards managing risk as depicted in tone from the top messaging and communication on risk management have been
the Three (3) Lines of Defence model implemented in order to promote a consistent and coherent risk culture. Focus has
as follows: been on strengthening the first line of defence and having constant engagements
with risk owners to ensure a uniform understanding and approach for managing
risks, not just in handling business and conduct risks but also on the intricacies of
credit, market, liquidity, operational, Shariah, technology and cyber risks.
Risk Appetite
The Bank’s risk appetite framework constitutes a formal governance structure and
review process for the establishment of the risk appetite statements (“RAS”) and
tolerance limits. It provides a common framework and comparable set of measures
for the Board and Management to clearly indicate the level of risk the Bank is
willing to accept and ensures that the Bank maintains an acceptable risk profile. It
also serves as a foundation and reference for the Bank’s risk culture and provides
guidance for business and risk-taking activities and decision making.
