114 WE ARE KENANGA LEADERSHIP MESSAGE VALUE CREATION MODEL KENANGA INVESTMENT BANK BERHAD ANNUAL REPORT 2023 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Information Technology Security The use of IT is essential and central to the Group’s business. In order to ensure the reliability and resiliency of the business operations to meet the expectations of customers and all stakeholders, and in line with the guidelines of regulators such as BNM’s Policy Document on Risk Management in Technology, the Group has established the corporate Cyber Security Policy and implemented the necessary security procedures to protect the confidentiality, integrity and availability of information systems and data. With the increase in the adoption of digitalization and service delivery via cyberspace, the Group will continue to reinforce its IT security efforts and initiatives to be aligned with the Group’s current and envisaged operations, strategies and business environments. The IT security posture of the Group is also continuously reviewed and enhanced to mitigate the risks arising from new and emerging threats. In-house IT security training and security updates on the latest threats are constantly provided to all staff to ensure their awareness on the importance of IT security. Climate Change Risk Management Managing ‘Climate Change Risk’ is core to our sustainability journey. We take a wholesome and integrated risk-based approach in addressing the multi-dimensional implications of climate change risk, including incorporating climate change risk drivers across credit, market, liquidity, operational and reputational risks. Considering the wide-ranging and significant implications of climate change risk on our business operations and, in line with BNM’s guidelines such as Climate Risk Management & Scenario Analysis and Climate Change and Principle-Based Taxonomy, we developed our Climate Change Risk Management Framework to provide strategic guidance to the Group in respect of climate change risk governance. This includes risk management practices, transition pathway and corporate direction in aligning its strategies and business operations with the applicable regulatory policies on climate change risk. Compliance Function The Board is unreservedly committed and always strives to adopt the principles and recommendations of the MCCG issued by the SC, as well as, other relevant regulatory requirements relating to corporate governance. Compliance reviews and monitoring are undertaken by Group Regulatory using various tools and approaches based on the framework set by Group Compliance, a department of Group Regulatory. These reviews and monitoring are performed to assess the level of compliance with the relevant regulatory requirements and the respective companies’ internal policies and procedures. Any regulatory deviation or compliance breaches will be reported to the respective Boards of operating entities within the Group and the relevant regulators. Pursuant to this, appropriate corrective actions including disciplinary actions will be taken to address the breach with a view to pre-empt and prevent the occurrence of a similar breach. Aside from Group Compliance, the five (5) other departments of Group Regulatory undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Compliance, Group Prudential Supervision & Regulatory Affairs, Group Business Ethics & Integrity, Group Legal and Group Company Secretarial provide timely, structured and comprehensive advice and support to the Group in matters relating to the laws, rules and regulations applicable to the Group. Group Regulatory has also implemented self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group are documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of Group Regulatory. Internal Audit GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, GIA reports independently to the AC of KIBB and has no responsibilities or authority over any of the activities it reviews. GIA’s scope of work and activities are guided by the Internal Audit Charter, mandatory elements of The Institute of Internal Auditors’ International Professional Practices Framework and relevant regulatory guidelines. An Annual Audit Plan based on the appropriate risk-based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA resources are presented to the AC for review. Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans.
RkJQdWJsaXNoZXIy NDgzMzc=