Page 420 - Bank-Muamalat-Annual-Report-2021
P. 420
418 BANK MUAMALAT MALAYSIA BERHAD
ABOUT US
ABOUT US OUR LEADERSHIP OUR STRA TEGY OUR PERFORMANCE
OUR STRATEGY
OUR PERFORMANCE
OUR LEADERSHIP
BASEL II
PILLAR 3 DISCLOSURE
9.0 oPerATIonAl rIsK MAnAgeMenT (“orM”) DIsclosures
Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or
from external events which includes wide spectrum of risks such as fraud, physical damage, business disruption, transaction
failures, legal, regulatory breaches including fiduciary breaches and Shariah non-compliance as well as employee health and
safety hazards.
The objective of operational risk management is to effectively manage these risks in order to avoid or reduce any possible
financial or non-financial losses arising from operational lapses.
In relation to operational risk management, the Operational and Shariah Risk Management Section (“OSRMS”), Operational
Risk Management Committee (“ORMC”), Internal Audit, Compliance, as well as the business and support units play a
significant role in the overall integrated risk management framewok.
The management of operational risks is targeted at preventing and managing loss events and potential risks by using
operational risk tools, namely, Risk and Control Self Assessment (“RCSA”), Key Risk Indicator (KRI), Incident Management and
Data Collection (“IMDC”), Scenario Analysis (“SA”) and Stress Test (“ST”).
The risk management processes and controls are established in line with the Bank’s operational risk management framework,
internal policies, regulatory requirements and standard operating procedures as guidance.
The Muamalat operational risk solution (“Moris”)
The MORiS is a web-based application that is used as a tool in risk identification and assessment. It also acts as a centralised
loss incidents database by capturing and storing loss-related data and is used to track risk exposures against established key
risk indicators (“KRI”) overtime.
Its key objective is to improve monitoring and reporting of risk activities in branches and the head office through the Risk &
Control Self-Assessment (“RCSA”), Incident Management Data Collection (“IMDC”), and Key Risk Indicator (“KRI”).”
Business continuity Management (“BcM”)
The Bank adopts the BNM’s Guidelines on Business Continuity Management, which entails enterprise-wide planning and
arrangements of key resources and procedures that would enable the Bank to respond and continue to operate critical
business functions across a broad spectrum of interruptions to business, arising from internal or external events.
BcM Methodology
The Bank develops the Business Continuity Plan (“BCP”) by way of completing the Risk Assessment (“RA”) and Business
Impact Analysis (“BIA”). RA is a tool used to identify potential threats for all business functions. A BIA will be carried out to
identify critical business functions’ recovery time objective (“RTO”) and maximum tolerable downtime (“MTD”) taking into
account the Bank’s resources and infrastructures. The RA and BIA sessions are conducted annually with the business units.
