Page 417 - Bank-Muamalat-AR2020
P. 417

415
                 Our Performance   Sustainability Statement  Governance        Our Numbers         Other Information














             9.0   OPErATIONAL rISk MANAGEMENT (“OrM”) DISCLOSurES
                 Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or
                 from external events which includes wide spectrum of risks such as fraud, physical damage, business disruption, transaction
                 failures, legal, regulatory breaches including fiduciary breaches and Shariah non-compliance as well as employee health and
                 safety hazards.

                 The objective of operational risk management is to effectively manage these risks in order to avoid or reduce any possible
                 financial or non-financial losses arising from operational lapses.

                 In relation to operational risk management, the Operational and Shariah Risk Management Section (“OSRMS”), Operational
                 Risk Management Committee (“ORMC”), Internal Audit, Compliance, as well as the business and support units play a
                 significant role in the overall integrated risk management framewok.

                 The management of operational risks is targeted at preventing and managing loss events and potential risks by using operational
                 risk tools, namely, Risk and Control Self Assessment (“RCSA”), Key Risk Indicator (KRI), Incident Management and Data
                 Collection (“IMDC”), Scenario Analysis (“SA”) and Stress Test (“ST”).

                 The risk management processes and controls are established in line with the Bank’s operational risk management framework,
                 internal policies, regulatory requirements and standard operating procedures as guidance.

                 The Muamalat Operational risk Solution (“MOriS”)
                 The MORiS is a web-based application that is used as a tool in risk identification and assessment. It also acts as a centralized
                 loss incidents database by capturing and storing loss-related data and is used to track risk exposures against established key
                 risk indicators (“KRI”) overtime.
                 Its key objective is to improve monitoring and reporting of risk activities in branches and the head office through the Risk &
                 Control Self-Assessment (“RCSA”), Incident Management Data Collection (“IMDC”), and Key Risk Indicator (“KRI”).”
                 Business Continuity Management (“BCM”)

                 The Bank adopts the BNM’s Guidelines on Business Continuity Management, which entails enterprise-wide planning and
                 arrangements of key resources and procedures that would enable the Bank to respond and continue to operate critical business
                 functions across a broad spectrum of interruptions to business, arising from internal or external events.

                 BCM Methodology
                 The Bank develops the Business Continuity Plan (“BCP”) by way of completing the Risk Assessment (“RA”) and Business
                 Impact Analysis (“BIA”). RA is a tool used to identify potential threats for all business functions. A BIA will be carried out to
                 identify critical business functions’ recovery time objective (“RTO”) and maximum tolerable downtime (“MTD”) taking into
                 account the Bank’s resources and infrastructures. The RA and BIA sessions are conducted annually with the business units.
   412   413   414   415   416   417   418   419   420   421   422