Page 436 - Bank-Muamalat_Annual-Report-2023
P. 436

BANK MUAMALAT MALAYSIA BERHAD




          BASEL II
          PILLAR 3 DISCLOSURE







          9.0   OPERATIONAL RISK MANAGEMENT (“ORM”) DISCLOSURES
              Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems
              or from external events which includes wide spectrum of risks such as fraud, physical damage, business disruption,
              transaction  failures,  legal,  regulatory  breaches  including  fiduciary  breaches  and  Shariah  non-compliance  as  well  as
              employee health and safety hazards.

              The  objective  of  operational  risk  management  is  to  effectively  manage  these  risks  in  order  to  avoid  or  reduce  any
              possible financial or non-financial losses arising from operational lapses.

              In relation to operational risk management, the Operational and Shariah Risk Management Section (“OSRMS”),
              Operational Risk Management Committee (“ORMC”), Internal Audit, Compliance, as well as the business and support
              units play a significant role in the overall integrated risk management framewok.

              The management of operational risks is targeted at preventing and managing loss events and potential risks by
              using operational risk tools, namely, Risk and Control Self Assessment (“RCSA”), Key Risk Indicator (KRI), Incident
              Management and Data Collection (“IMDC”), Scenario Analysis (“SA”), Control Self Test (“CST”) and Stress Test (“ST”).

              The risk management processes and controls are established in line with the Bank’s operational risk management
              framework, internal policies, regulatory requirements and standard operating procedures as guidance.

              The Muamalat Operational Risk Solution (“MORiS”)
              The  MORiS  is  a  web-based  application  that  is  used  as  a  tool  in  risk  identification  and  assessment.  It  also  acts  as  a
              centralised loss incidents database by capturing and storing loss-related data and is used to track risk exposures against
              established key risk indicators (“KRI”) overtime.
              Its key objective is to improve monitoring and reporting of risk activities in branches and the head office through the Risk &
              Control Self-Assessment (“RCSA”), Incident Management Data Collection (“IMDC”), and Key Risk Indicator (“KRI”).
              Business Continuity Management (“BCM”)

              The Bank adopts the BNM’s Guidelines on Business Continuity Management, which entails enterprise-wide planning and
              arrangements of key resources and procedures that would enable the Bank to respond and continue to operate critical
              business functions across a broad spectrum of interruptions to business, arising from internal or external events.

              BCM Methodology
              The Bank develops the Business Continuity Plan (“BCP”) by way of completing the Risk Assessment (“RA”) and Business
              Impact Analysis (“BIA”). RA is a tool used to identify potential threats for all business functions. A BIA will be carried out
              to identify critical business functions’ recovery time objective (“RTO”) and maximum tolerable downtime (“MTD”) taking
              into account the Bank’s resources and infrastructures. The RA and BIA sessions are conducted annually with the
              business units.




















          434
   431   432   433   434   435   436   437   438   439   440   441