Framework & Governance
Framework & Governance
Our ever-evolving business landscape presents a set of risks to our business and financial performance. In this respect, the Risk & Compliance Division makes regular assessments for each key risks relevant to our business and reports these to the Management Committee, Risk Management Committee and the Board to ensure an enterprise-wide understanding of the risks and how we mitigate their potential impact to our business performance.
The Enterprise Risk Management Framework was then developed in reference to ISO 31000 (Risk Management) to facilitate the risk management process. One of the key features of the risk management framework is the implementation of the three lines of defense comprising of established and clear functional responsibilities and accountabilities for the management of risk.
The following diagram depicts the 3 lines of defense adopted by Bursa in carrying out our roles and responsibilities:
In the first line of defense, the Senior Management, which includes Management Committee members and Divisional Heads, are accountable for all risks assigned under their respective areas of responsibility based on the Enterprise Risk Management Framework (ERMF).
This group of personnel is also responsible for the continuous development of the risk management capabilities of employees and ensures that risk management is embedded in all key processes and activities.
The second line of defense comprises of the Risk & Compliance (RC) team with oversight from the Risk Management Committee (RMC). The RC team is responsible for the overall monitoring of the key risks identified for Bursa Malaysia and to facilitate and provide guidance to the business units with regards to risk management processes.
The third line of defense is provided by Internal Audit and Audit Committee; and they are responsible for providing objective and independent assurance on the adequacy and effectiveness of the enterprise risk governance framework.
OVERVIEW OF RISK & COMPLIANCE DIVISION
The Risk & Compliance Division comprises of six departments under its purview, namely Financial Risk Management (FRM), Operational Risk Management (ORM), Strategic Risk Management (SRM), Compliance, Assurance & Risk Analytics (ARA), and Governance & Strategy Development (GSD) to provide a holistic and enterprise-wide view of the risk, compliance and corporate integrity management within the Group.