Page 150 - Bank-Muamalat-AR2020
P. 150
148 BANK MUAMALAT MALAYSIA BERHAD About Us Our Leadership Our Strategy
About Us
ANNUAL REPORT FY2020
STATEMENT ON RISK MANAGEMENT AND
INTERNAL CONTROL
Shariah non-compliance risk is defined as the risk that arises The effects and aftermath of the COVID-19 pandemic have
from failure to comply with the Shariah rules and principles resulted in:
as determined by the Shariah Committee (“SC”) of Bank
Muamalat and other relevant Shariah regulatory councils or • Increase in customer interaction via digital platforms –
committees. primary option for carrying out transactions. Increased
reliance on digital channels.
RMD’s Shariah risk management function plays an important
role in the Bank’s integrated risk management framework • Increased adoption of digital solutions which has put
and is aligned with the principles outlined in the BNM’s tremendous pressure on technology infrastructure and
Policy Document on Shariah Governance. resources.
The main responsibilities include formulation of policies • Disruption in the activity of key job functions which
and guidelines on Shariah risk management and executing require technology and systems that are only available
the required governance and oversight processes. These on-premise which may impact employee productivity
include the approaches for identification and assessment • Remote working conditions and adoption of digital
of Shariah non-compliance risks in business activities, channels have expanded the attack surface of banks’ IT
products and services, and assessment of the effectiveness of network with cyber threats trying to exploit any remote
existing controls and mitigation plan. The unit also performs access weaknesses.
assessment of products, services and operating procedures
from Shariah risk perspective and conducts training and Technology risk refers to risk arising from the use of
awareness programmes on Shariah risk to promote a Shariah information technology. These risks arise from failure of
compliance risk culture. IT systems, applications, platforms or infrastructure which
could result in financial loss, disruptions to the technical
The synergy within all other Shariah Risk organs continued infrastructure and operations, or reputational harm to a
to be enhanced during the year to effectively manage bank. Cybersecurity risk is the probability of exposure or loss
Shariah non-compliance risk. Two (2) main enhancements resulting from a cyber attack or data breach to a bank.
made during the year were to include Shariah Risk key risk
indicators (“KRIs”) as part of the bank-wide KRIs and to The Bank is committed to ensure that the BNM’s Risk
perform periodic Shariah risk profiling to increase robustness Management in Technology (“RMiT”) Guideline is adhered
in tracking of Shariah risk exposures across the Bank and its to. During the year, the establishment and operationalisation
subsidiaries. of Technology Risk Management Framework and Cyber
Resilience Framework for the Bank has helped to drive
Technology and Cyber Risk Management
a practical and consistent operating model across all IT
Technology enables virtually every activity in a bank domains to identify, manage, and address risks. Other
and consumes a huge portion of capital investments and initiatives include the aim to improve its cyber resilience
operational expenses. A bank’s performance depends on maturity level and ensure sustainability of its cyber security
the reliability and security of its technology. The changing controls posture.
technology landscape requires banks to make strategic
decisions on which technologies to adopt, and which to
avoid. Banks face risk from misalignment between business
and IT strategies, management decisions that increase the
cost and complexity of the IT environment, and insufficient
capabilities.
