KENANGA ANNUAL REPORT 2019

K E N A N G A I N V E S T M E N T B A N K B E R H A D A n n u a l R e p o r t 2 0 1 9 72 Compliance Function The Board is unreservedly committed and always strives to adopt the principles and recommendations of the Malaysian Code on Corporate Governance issued by the SC, as well as, other relevant regulatory requirements relating to corporate governance. Compliance reviews and monitoring are undertaken by GRCS using various tools and approaches based on the framework set by Group Compliance, a department under GRCS. These reviews and monitoring are performed to assess the level of compliance with the relevant regulatory requirements and the respective companies’ internal policies and procedures. Any regulatory deviation or compliance breaches will be reported to the respective Boards of operating entities within the Group and the relevant regulators. Pursuant to this, appropriate corrective actions including disciplinary actions will be taken to address the breach with a view to pre-empt and prevent the occurrence of a similar breach. Aside from Group Compliance, the other five (5) departments under GRCS undertake functions to review and monitor compliance in their respective areas. In this respect, the Group Financial Crime Intelligence, Group Prudential Supervision and Regulatory Affairs, Group Business Ethics and Integrity, Group Legal and Group Company Secretarial provide timely, structured and comprehensive advice and support to the Group in matters relating to the laws, rules and regulations applicable to the Group. GRCS has also implemented self-assessment framework to facilitate and promote regulatory compliance by the business within the Group. For this purpose, a list of identified laws, regulations and other regulatory instruments applicable to the Group is documented and maintained to facilitate compliance. Please refer to the ‘Ethics and Compliance Statement’ for more details on functions, roles and responsibilities of GRCS. Internal Audit GIA provides independent and objective assurance to the Board that the established internal controls, risk management and governance processes are adequate and are operating effectively and efficiently. To ensure independence and objectivity, the GIA reports independently to the AC of KIBB and has no responsibilities or authority over any of the activities it reviews. An Annual Audit Plan based on the appropriate risk based methodology has been developed and approved by the AC. On a quarterly basis, audit reports and status of internal audit activities including the sufficiency of GIA’s resources are presented to the AC for review. Periodic follow up reviews are conducted to ensure adequate and timely implementation of Management’s action plans. Associate and Joint Venture Companies The Board does not regularly review the internal control systems of associate companies and joint venture company as the Board does not have any direct control over their operations. Notwithstanding this, the Group’s interests are served through representation on the boards of the respective companies via receipt and review of management accounts, periodical reports, as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of these associate companies and joint venture company. Conclusion The Board, through the AC and GBRC, confirms it has reviewed and considered the effectiveness of the Group’s risk management and internal control system as adequate during the financial year and has taken into consideration any material developments up to the date of approval of the Annual Report and Audited Financial Statements for the Financial Year Ended 31 December 2019. The main risk areas faced by the Group and the guidelines and policies adopted to manage them are provided in detail under Note 50 of the Audited Financial Statements of the Company for the Financial Year Ended 31 December 2019. The Board is satisfied that there is an effective on-going process for identification, evaluation and management of risks and there are regular reviews to ensure controls are efficient and effective. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL