KENANGA ANNUAL REPORT 2018

64 KENANGA INVESTMENT BANK BERHAD 7. Establishment of risk policies, tools and methodologies to identify, quantify and manage risks. GRM is also responsible for establishing the risk measurement and monitoring process to ensure that the Group’s risk profile and portfolio concentration are reported to the various risk committees on a regular basis; 8. The risk management philosophy adopted by the Group is based on the three (3) lines of defence approach. The line management is the first (1 st ) line of defence and is primarily responsible for the day- to-day risk management by identifying the risks, assessing impact and taking appropriate actions to manage and mitigate risks. The second (2 nd ) line of defence is the oversight functions comprising GRM and Group Compliance. They perform independent monitoring of business units, reporting to Management to ensure that the Group is conducting business and operations within internal guidelines and is regulatory compliant. The third (3 rd ) line of defence is Group Internal Audit (“ GIA ”) which provides independent assurance to the Board on the effectiveness and efficiency of system of internal controls, risk management and governance processes; 9. Establishment of a Group Approving Authority Framework to ensure that approving authorities are granted to appropriate individuals or committee and there is no significant concentration of authority given to a single person or committee; 10. Comprehensive internal credit analysis and evaluations, based on a number of factors and sources of information such as due diligence investigation, credit checks, bankruptcy searches, evaluation of business financial performance and industry risk review, are conducted to mitigate credit risks; 11. Under operational risk management, the Risk Control Self-Assessment is used as a tool for each business unit to undertake regular self-assessment to identify and assess the effectiveness of the controls put in place for all material products, activities, processes and systems to manage the risks identified. This tool serves as an early warning signal to drive appropriate management actions before risks materialise into losses; 12. Establishment of a Group New Product Development Framework for any new product or service that the Group intends to launch, to ensure that all material risks associated with the new product or service are identified, assessed and managed via appropriate risk management controls; 13. Compliance reviews and monitoring are undertaken by Group Regulatory & Corporate Services (“ GRCS ”) using various tools and framework set by GRCS. These reviews and monitoring are performed by Group Compliance, a department of GRCS to assess the level of compliance with the relevant regulatory requirements and the respective companies’ internal policies and procedures. Any regulatory deviation or compliance breaches will be reported to the Board of Kenanga Investment Bank Berhad (“ KIBB ” or “ the Company ”), as well as, the Boards of the respective subsidiaries and the relevant regulators. Appropriate corrective actions including disciplinary actions will be taken to address the breach with a view to pre-empt and prevent the occurrence of a similar breach. A list of identified laws, regulations and other regulatory instruments applicable to the Group is documented and maintained to facilitate compliance. GRCS also provides timely, structured and comprehensive advice and support to the Group in matters relating to the laws and rules applicable to the Group. The Group also has a self-assessment framework in place to facilitate and promote regulatory compliance by the business within the Group. The Board is unreservedly committed and always strives to adopt the principles and recommendations of the Malaysian Code on Corporate Governance issued by the SC, as well as, other relevant regulatory requirements relating to corporate governance; 14. GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, GIA reports independently to the Audit Committee (“ AC ”) of KIBB and has no responsibilities or authority over any of the activities it reviews. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL