KENANGA ANNUAL REPORT 2017

Approach Concept Compliance Risk Monitoring Compliance risk monitoring primarily serves to monitor and test that compliance risk mitigation is working properly. This would also help to identify new or changed risks for possible reassessment to the compliance risk mitigation. GRCS would establish plans and programmes to address the objective of monitoring and testing requirements of KIBB Group’s compliance. Where monitoring is the direct responsibility of the business or operational function, GRCS would provide advice on the required compliance plans or programmes to suit their activities. Compliance risk monitoring forms the basis for development and conduct of review, testing and monitoring programmes by GRCS across the Group. Compliance Risk Reporting Business and operational functions are required to submit cyclical and incident reports on compliance risk related matters. The reports should highlight newly identified and provide update to existing compliance risks involving their business or operational activities. Compliance risk reporting would allow the Senior Management to gauge whether the business and operations of the Group are within tolerable compliance risk level. It also provides an avenue for communication and discussion of potential risk issues. Compliance Risk Advisory In carrying out one of its core functions, GRCS would provide advisory and support to the Board, Senior Management and all employees of the Group on compliance risks, obligations, responsibilities, concerns and other ad-hoc compliance issues. This involves continuous engagements and discussions with business and operational functions in a transparent and comprehensive disclosure so as to obtain an objective and holistic solution or recommendation. Compliance Scorecard Compliance scorecard is a tool to evaluate compliance level of business and operational functions. Performance of a particular department or division is rated taking into consideration achievements in compliance risk management in their respective areas. This would not only serve to ensure high compliance level of the Group, but sought to instil compliance culture within the business and operational functions, and eventually an individual employee. Accountability to compliance and governance is now made clear and transparent across the Group. Identify critical and high compliance risks Implementation of Group’s policies and procedures Identify key compliance risk mitigation activities Compliance Plans/Programmes Identify routine business transaction associated to compliance obligations Compliance with legal and regulatory requirements Kenanga Investment Bank Berhad 52 ethics and compliance statement