KENANGA INVESTMENT BANK BERHAD INTEGRATED ANNUAL REPORT 2024 WE ARE KENANGA OUR SUSTAINABILITY APPROACH LEADERSHIP STATEMENT HOW WE ARE GOVERNED FINANCIAL STATEMENTS SHAREHOLDERS’ INFORMATION ADDITIONAL INFORMATION OUR VALUE CREATION APPROACH 129 128 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL Management Committees (“MC”) are established to oversee specific responsibilities based on defined terms of references. MC meetings are held regularly to ensure that business operations are executed in accordance with approved strategies, policies and business directions. The MCs are responsible for, amongst others: Reviewing the actual performance against expectations and budget; 1 Addressing any matters arising from the meetings of the Board, AC, GBRC, GBDITC, GNC and the ESSC; and ensuring that actions are taken in relation to these matters. 3 Addressing any internal control issues with the AC, GBRC, GBDITC, GNC, Employees’ Share Scheme Committee (“ESSC”), GIA, regulators and the external auditors; and 2 Risk Management Process and Infrastructure The risk management process is a combination of both bottomup and top-down approaches to facilitate decision-making based on available information known at the time and creating opportunities to refine inputs when new information is available. In addition to establishment of risk policies, tools and methodologies to identify, quantify and manage the risks, Group Risk Management is also responsible for establishing the risk measurement and monitoring process to ensure that the Group’s risk profile and portfolio concentration are reported to the various risk committees on a regular basis. Internal Policies and Procedures Policies and procedures which set out standard day-to-day operations and managing risks are formulated based on current regulatory requirements and industry best practices. The adequacy and compliance with regulatory requirements of the policies and procedures are assessed by independent control functions such as risk management, compliance and audit, prior to obtaining approval from the Board or relevant MC. Existing policies and procedures are reviewed regularly to ensure improvements and in consideration of emerging or changing risk profiles, new products or services as well as new or updated regulatory requirements. Annual Business Plans and Budgets The Board reviews and approves the business plans and budgets which are developed in line with the Group’s strategies and risk appetite. Actual performances against the approved budgets are escalated to the Management and Board on a monthly basis allowing responses and corrective actions to be taken. Human Capital Management The organisational structure, which is aligned to business and operational requirements is led by Heads of Divisions or Chief Executive Officers of Subsidiary Companies with accountability in place. Policies and procedures on human resource are reviewed regularly to ensure they remain relevant to manage operational and people related risks. There are regular training and updates for employees on the requirements and guidelines set by regulatory bodies such as BNM, SC and Bursa Malaysia, as well as on the importance of corporate governance, risk management and internal control. Various awareness programmes that address the operational risks, ethics and fraud are also conducted regularly. Comprehensive background screenings of employees are carried out during the hiring process and repeated annually, with appropriate actions taken in response to any adverse findings or risks identified. Key Performance Indicators are cascaded to each employee annually in alignment with the Group and Division goals and objectives, and performance appraisals are conducted based on the achievement of the set targets. Management’s Compensation and Rewards is based on Pay for Performance principle. Compensation of Material Risk Takers and Other Material Risk Takers are reviewed annually by the GNC and Board. Employee misconduct is managed through the established Consequence Management Framework and Group Disciplinary Policy and Procedure. Business Continuity Management Business Continuity Plans and Disaster Recovery Plans are established to ensure non-disruption of business or efficient business resumption. Regular testing or drills are also conducted for the purpose of staff preparedness, readiness of disaster recovery site, effectiveness of communication, escalation and recovery procedures. For effective business continuity management (“BCM”), awareness training is held annually for BCM coordinators and key persons. Information Technology Security The use of IT is essential and central to the Group’s business. In order to ensure the reliability and resiliency of the business operations to meet the expectations of customers and all stakeholders, and in line with the guidelines of regulators such as BNM’s Policy Document on Risk Management in Technology and SC’s Guidelines on Technology Risk Management, the Group has established the corporate Cyber Security Policy and implemented the necessary security procedures to protect the confidentiality, integrity and availability of information systems and data. With the increase in the adoption of digitalisation and service delivery via cyberspace, the Group will continue to reinforce its IT security efforts and initiatives to be aligned with the Group’s current and envisaged operations, strategies and business environments. The IT security posture of the Group is also continuously reviewed and enhanced to mitigate the risks arising from new and emerging threats. In-house IT security training and security updates on the latest threats are constantly provided to all staff to ensure their awareness on the importance of IT security. Climate Change Risk Management Managing ‘Climate Change Risk’ is core to our sustainability journey. We take a wholesome and integrated risk-based approach in addressing the multi-dimensional implications of climate change risk, including incorporating climate change risk drivers across credit, market, liquidity, operational and reputational risks. Considering the wide-ranging and significant implications of climate change risk on our business operations and, in line with BNM’s guidelines such as Climate Risk Management & Scenario Analysis and Climate Change and Principle-Based Taxonomy, we developed our Climate Change Risk Management Framework to provide strategic guidance to the Group in respect of climate change risk governance. This includes risk management practices, transition pathway and corporate direction in aligning its strategies and business operations with the applicable regulatory policies on climate change risk. Climate change risk management related matters, where relevant, are deliberated at Management’s level by the GRC and/or Group Sustainability Management Committee and at the Board’s level by the GBRC and/or GNC. Compliance Function The Board is unreservedly committed and always strives to adopt the principles and recommendations of the MCCG issued by the SC, as well as other relevant regulatory requirements relating to corporate governance. Compliance reviews and monitoring are undertaken by Group Regulatory using various tools and approaches based on the framework set by Group Compliance, a department of Group Regulatory. These reviews and monitoring are performed to assess the level of compliance with the relevant regulatory requirements and the respective companies’ internal policies and procedures. Any regulatory deviation or compliance breaches will be reported to the respective Boards of operating entities within the Group and the relevant regulators. Pursuant to this, appropriate corrective actions including disciplinary actions will be taken to address the breach with a view to pre-empt and prevent the occurrence of a similar breach. Aside from Group Compliance, the four (4) other departments of Group Regulatory undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Compliance, Group Prudential Supervision & Regulatory Affairs, Group Business Ethics & Integrity and Group Legal provide timely, structured and comprehensive advice and support to the Group in matters relating to the laws, rules and regulations applicable to the Group. Group Regulatory has also implemented self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group are documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of Group Regulatory.
RkJQdWJsaXNoZXIy NDgzMzc=