Page 179 - Bank-Muamalat_Annual-Report-2023
P. 179

ANNUAL REPORT 2023
                                                                                                         GOVERNANCE














            BUSINESS CONTINUITY MANAGEMENT (BCM)
            The Bank’s BCM, which entails enterprise-wide planning, coordination and mobilisation of key resources and processes under
            a  broad  spectrum  of  business  disruption  scenarios,  arising  from  both  internal  and  external  events,  has  enabled  the  Bank  to
            respond and continue to operate critical business functions under various prolonged adverse conditions.
            The business continuity plan is reviewed annually based on detailed risk assessments and business impact analyses performed
            on  identified  potential  threats  to  business  functions.    Business  impact  analyses  are  used  to  identify  critical  business  functions
            and  systems  and  to  formulate  corresponding  business  continuity  plan  and  management  action.  This  includes  assessment
            and analysis on the materiality of outsourcing services by third party service providers.

            SHARIAH RISK MANAGEMENT

            Shariah  non-compliance  risk  is  defined  as  the  risk  that  arises  from  failure  to  comply  with  the  Shariah  rules  and  principles
            as determined by the Shariah Committee of the Bank and other relevant Shariah regulatory councils or committees.
            Management  of  Shariah  non-compliance  risk  is  guided  via  established  policies  and  guidelines  on  Shariah  risk  management
            as  well  as  governance  and  oversight  processes.  These  include  the  approaches  for  identification  and  assessment  of  Shariah
            non-compliance  risks  in  business  activities,  products  and  services,  and  assessment  of  the  effectiveness  of  existing  controls
            and  mitigation  plan.    Assessment  of  products,  services  and  operating  procedures  are  continuously  performed  from  Shariah
            risk perspective. Continuous training and awareness programme on Shariah risk are conducted to promote a cohesive Shariah
            compliance risk culture.


            TECHNOLOGY AND CYBER RISK MANAGEMENT
            Risk  arising  from  technology  vulnerabilities  could  result  in  financial  loss,  disruptions  to  infrastructure  and  operations,
            and  reputational  harm  while  cybersecurity  risk  is  the  probability  of  loss  of  customer  information  and  banking  records  due  to
            cyber threat or attack.
            The  Bank  continuously  ensures  that  BNM’s  policy  on  Risk  Management  in  Technology  (RMiT)  is  adhered  to  along  with
            various  other  regulatory  requirements  on  technology  and  cybersecurity.  The  Bank  has  established  and  operationalised
            its  Technology  Risk  Management  Framework  and  Cyber  Resilience  Framework  to  ensure  confidentiality,  integrity  and
            availability  of  information  are  aligned  with  the  risk  profile  through  the  Cybersecurity  Strategic  Plan  that  was  developed  align
            with BNM’s Cyber Resilience Maturity Assessment (CRMA) controls.
            In  addition,  the  Bank  has  made  effort  to  safeguard  the  infrastructure  and  information,  whether  it  is  in  digital  or  physical
            form.  This  entail  putting  controls  in  place  through  policies  and  procedures  that  comply  with  BNM’s  RMIT,  PayNet’s
            requirements and international best practices. These controls are constantly reviewed to ensure its continuous relevance.
























                                                                                                                  177
   174   175   176   177   178   179   180   181   182   183   184