Bank Islam Integrated Annual Report 2022

MITIGATION • Establish internal process and controls, which include among others, proper systems development and project management approach and methodology, change management, security tool implementation, proactive security monitoring and system backup & recovery. • Continuous assessment and review of security vulnerabilities and security control effectiveness. • Enhanced monitoring of cybersecurity arising from challenges posed by the COVID-19 pandemic. • Close monitoring of rectification progress by the relevant working-level and management committees. • Where relevant, IT-related issues and incidents are escalated to the Board Risk Committee or Board IT Committee. MITIGATION • Ensure the soundness of Shariah governance framework through four dedicated functions - Shariah Research & Advisory, Shariah Risk Management, Shariah Compliance and Shariah Audit – as required under BNM Shariah Governance Framework. • All policies, products, services and processes are subject to Shariah assessment. • Operational risk management tools such as Risk Control Self-Assessment (including validation), Key Risk Indicators and Loss Event Management are extended and enhanced for the management of SNC risk. • All SNC issues and incidences are reported to the Management, Board and Shariah Committee with detailed root cause analysis and action plans. 5 6 INFORMATION TECHNOLOGY (IT) RISK SHARIAH NON-COMPLIANCE (SNC) RISK DEFINITION Any potential adverse outcome, damage, loss, violation, failure, disruption, theft or breach arising from the use of or reliance on computer hardware, software, electronic devices, systems, applications and networks or the existence of vulnerabilities such as software defects, capacity inadequacies, network vulnerabilities and control weaknesses. DEFINITION Risk of legal or regulatory sanctions, financial loss or non-financial implications, including reputational damage, which the Group may suffer arising from failure to comply with the rulings of Bank Negara Malaysia’s Shariah Advisory Council (SAC), standards on Shariah matters, or decisions or advice of the Group’s Shariah Supervisory Council. Integrated Report 2022 50 STRATEGIC REVIEW Key Risks and Mitigations

RkJQdWJsaXNoZXIy NDgzMzc=