GHL System Berhad Annual Report 2020

55 A N N U A L R E P O R T 2 0 2 0 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D GROUP RISK MANAGEMENT SYSTEM (Cont’d) 1. Risk Management Committee (“RMC”) (Cont’d) The salient features of the RMC process are as follow: t $PVOUSZ )FBET $&0 PG 4VCTJEJBSJFT BOE )FBE PG Departments are tasked to update their respective risk profiles on a half yearly basis and report to the Risk Department confirming that reviewed had been conducted and risk related to their areas had been accessed; and to include action plans which are to be implemented in order to manage the risks that had been identified; t 5IF SJTLT UIBU IBE CFFO identified are consolidated and tabled to the RMC for its deliberation and monitoring; t )FBE PG *OUFSOBM "VEJU XBT JOWJUFE UP BUUFOE UIF 3.$ meetings as an independent assessment of the adequacy and reliability of the risk management processes and compliance with risk policies; t 5IF 3.$ shall meet at least twice a year to review significant risks and the implementation progress; t " DPQZ PG UIF RMC meeting minutes is submitted to the ARC for review and deliberation; t )BMG ZFBSMZ UIF 3.$ NFNCFST J F (SPVQ $&0 Group CFO, and Group CRO are invited to the ARC meeting to brief the ARC on any risk related events and/or new risks faced by the Group with the corresponding action plans taken to mitigate the risks. 2. Risk Identification, Evaluation and Ranking The Management of each Business Unit, in establishing its business objectives, is required to identify and document all possible risks that can affect their achievement, taking into consideration of the effectiveness of controls that are capable of mitigating such risks. Country Heads or Heads of Departments are responsible to identify risks that may have impact in meeting their unit’s business objectives. Risk identification process shall also take into consideration of the following: t 3JTL TQFDJmD UP UIF BDIJFWFNFOU PG CVTJOFTT PCKFDUJWFT BOE t 3JTLT that have the potential impact on the success and continuity of the business. Thereafter, identified risks are evaluated as follow: t 1SPCBCJMJUZ PS MJLFMJIPPE PG PDDVSSFODF t 4JHOJmDBODF PG UIF SJTL BOE t 3FWJFX and assess adequacy of risk management policies and framework in identifying, measuring, monitoring, and controlling risks. 3. Risk Reporting and Monitoring Each Business Units and Projects identified risks together with the controls and processes used to manage risks are tabulated in a risk assessment report. Significant risks of Business Units and Projects are presented to the RMC for their deliberation. Risk monitoring is an ongoing process in which the RMC monitors the Group’s business risks as part of their annual assessment for proper disclosure in the Annual Report. 4. Merchant Risk The Group Risk Department currently monitors merchants’ performance risks of its active Transaction Payment Acquisition (“TPA”) businesses in Malaysia, Thailand, and Philippines. The Group Risk Department performs this function by firstly determining the risk acceptance criteria; followed by measuring, classifying, and monitoring merchant activities at a transactional level using predetermined risk rules; and finally instituting remedial and exit procedures for errant merchants. This approach is embodied in the Group’s Credit Policy manual and is heavily automated in the Group’s M-Cube Risk Management system. During the year, the Group Risk Department exited certain high risk merchants as a result of its review of transaction exceptions, evidencing the veracity of the M-Cube Risk Management system in detecting errant merchant behaviour. Management has continuously kept abreast of these reviews and findings via the monthly Business Reviews. The Group Risk Department also continues to fine tune its policies and procedures to stay in line with changes in the marketplace and business objectives and plans.