Affin Bank Berhad | Annual Report 2020

203 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL AFFIN BANK BERHAD 197501003274 (25046-T) | ANNUAL REPORT 2020 a. The Technology Risk Management Framework (“TRMF”) sets out the Group’s expectations in managing technology risks and enhance technology resilience. The mission of TRMF is “to provide a framework that ensures the confidentiality, integrity and availability of the Group’s information infrastructure and the underlying data”. b. The TRMF covers the control objectives and minimum standards to guide the Group and entities’ IT department, third party service providers and other technology related services / functions / departments in managing the technology risk involved in daily operations. It is imperative that employees at all levels understand their roles and responsibilities in managing technology risk, that is, the risk associated with the operation and use of information systems to support the missions and business functions of the Group. c. Technology Risk Management Department plays an advisory role in fostering an organisational climate where technology risk is considered within the context of the design of business process, enterprise system architecture and system development life cycle. TECHNOLOGY RISK MANAGEMENT FRAMEWORK The respective significant operating entities have put in place a Compliance Framework. The compliance main function is to facilitate, educate and monitor the management of business and support units/entities’ activities to act in accordance with relevant laws, regulations and guidelines. In line with good governance, Compliance Division reports independently to Group Board Compliance Committee (“GBCC”). GROUP COMPLIANCE FRAMEWORK a. Policies and Procedures Policies and Procedures are reviewed on a periodic basis or as and when required to reflect the changes in applicable legal/ regulatory requirements and business practices. b. Compliance Culture The compliance culture is driven with a strong tone from the top, complemented by the tone from the middle, to embed the expected values and principles of conduct that shape the behavior and attitude of employees at all level of business and activities across the Group. c. Compliance Program The Compliance Program consist of planned activities which include implementation of policies, compliance risk assessment, compliance testing as well as compliance review plan. This program will be regularly reviewed and continuously improved to incorporate regulatory and industry changes. d. Compliance Risk Management System and tools established as enabler to support and monitor the effectiveness of the compliance risk management processes. e. Training Scheduled trainings are regularly conducted to create compliance awareness amongst the staff. f. Anti-Money Laundering/Counter Financing Terrorism (“AML/CFT”) AFFIN Group continues to strengthen its enterprise wide AML/CFT program by enhancing its risk-based approach to ensure that the key measures emplaced to prevent and mitigate money laundering and terrorist financing commensurate with the business and compliance risks that have been identified and assessed. AFFIN Bank Group will remain vigilant over the level of compliance at the business segments with regards to AML/CFT requirement and measures. Thematic audits will continue to be carried out on branches and subsidiaries for AML/CFT compliance, on a regular basis.