KENANGA ANNUAL REPORT 2017

OUR PHILOSOPHY Kenanga Investment Bank Berhad (“ KIBB ”) and its Group of Companies believes that integrating a strong ethics and compliance culture into our daily management of business and strategic planning creates a competitive advantage. It would not only help to minimise the risk of regulatory scrutiny, prosecution and penalties, but would also preserve good reputation and enhance business opportunities. Premised on this, Group Regulatory and Corporate Services as the caretaker of regulatory compliance and corporate governance matters continuously reassess the Group’s policies, procedures and control measures in ensuring the implementation of high standard ethical and compliance business conduct. • Group Regulatory and Corporate Services (“GRCS”) Being the catalyst for ethics and compliance culture for the Group, GRCS grouped five (5) different control functions that serve to advise and guide the Group’s business and operational functions to adhere to the applicable laws, regulations and guidelines issued by regulators, and policies, procedures and controls adopted internally. – Group Compliance; – Group Corporate Crime Prevention; – Group Prudential Supervision and Regulatory Affairs; – Group Legal; and – Group Company Secretarial. Due to the roles and responsibilities entail, it is only natural that GRCS independently reports directly to the Board of Directors (“ Board ”) of KIBB. OUR APPROACH Corresponding to the policy document issued by Bank Negara Malaysia’s (“ BNM ”) on “Compliance”, which took effect on 1 January 2017, GRCS has refined the roles and responsibilities of the different business and operational functions in the Group in respect of compliance risk management. The refinements serve to reinforce the stand of the Board and Senior Management on the importance of collective responsibility in managing compliance risk across the Group. Approach Concept Compliance Risk Mitigation Compliance risk mitigation involves the process of developing and implementing controls such as policies, procedures and practices to prevent or minimise compliance risks. In essence, all parties in the Group hold responsibility in compliance risk management. While GRCS establishes compliance risk mitigation plan, the business and operational functions would ensure adoption of the same in their respective operational processes and practices for compliance purposes. Identify Educate and Train Measure Compliance Risk Mitigation Implement Assess Annual Report 2017 51 ETHICS AND COMPLIANCE STATEMENT