Page 370 - Bank Muamalat_AR24
P. 370
368 BANK MUAMALAT MALAYSIA BERHAD
BASEL II
PILLAR 3 DISCLOSURE
3.0 RISK MANAGEMENT (CONT’D)
Risk Governance (cont’d)
Other management-level risk committees are set up to oversee specific risk areas and its related control functions as
described below: (cont’d)
Table 6: Risk Committees & Functions (cont’d)
Committee Objective
Credit Risk Management To ensure financing activities are in line with the Bank’s credit risk appetite
Committee (“CRMC”) and policies and to deliberate on the effectiveness of the credit risk mitigation.
Information Technology Steering To ensure technology and cyber activities are in line with the regulatory
Committee (“ITSC”) requirements, best practices, the Bank’s Technology Risk Management
framework, Cyber Resilience Framework and risk appetite of technology and
cyber.
To carry out the day-to-day risk management functions, a dedicated Risk Management Department (“RMD”) and
Technology and Cyber Risk Department (“TCRD”) that are independent of profit and volume target, exists to support the
above committees.
The Bank’s risk governance structure is based on the principle that each line of business is responsible for managing the
risk inherent in their undertaken business activities. The line managers are therefore responsible for the identification,
measurement and management of risks within their respective areas of responsibility.
The risk appetite framework is embedded within the Bank’s key decision-making processes and supports the
implementation of its strategy. It sets out the principles and policies that guide the Bank’s behavior and decision-making
for all risk taking activities towards achieving an optimal balance between risk and return. It also provides a clear reference
point to monitor risk taking, to trigger appropriate action as the boundaries are approached or breached, and to minimize
the likelihood of ‘surprises’ when adverse risk events occur.
The risk governance framework is implemented under a “distributed function” approach where risk is being managed
based on the three lines of defense model. The components and their respective roles are as described below:
Table 7: Risk Management Model
Three (3) Lines of Defence Model
All units have a specific responsibility for risk management under the above model
First Line Defense Model • Risks are directly undertaken and assumed in the day-to-day business activities and
Business Units operations.
• As front-liners, responsible for carring out the established processes for identifying,
mitigating and managing risks within their respective environment aligned with the
Bank’s strategic targets.
Second Line Defense Model • Ensures independent oversight and management of all material risks undertaken by
Risk Management & the Bank.
Control Compliance • Provides specialised resources for developing risk frameworks, policies, methodologies
and tools for risk identification, measurement and control.
• Provides the control function, which monitors the risk by using various key indicators
and reports, guided by established risk appetite and tolerance limits.
Third Line Defense Model • Provides independent review and assurance on adequacy of risk management
Internal Audit processes and effectiveness of the first two lines of defence in fufilling their mandates.
