Page 173 - Bank Muamalat_AR24
P. 173
ANNUAL REPORT 2024 1 2 3 4 5 6 Governance 7 8 171
STATEMENT ON COMPLIANCE
The ever-changing nature of the operating environment led to could negatively impact the Bank. Gap analysis assessment
a consistent progression of legal and regulatory requirements is a vital process that helps the Bank to assess the
in which non-compliance may have greater adverse effects to adherence to the specific law, regulations, and standards
the trust, reputation and stability of the financial institutions as well as to identify areas of improvement or potential
and the industry as a whole. Recognising this, the Bank has put compliance risk that may affect the Bank’s product,
in place a robust compliance risk management programme to activities, and initiatives. Through gap analysis, the Bank
ensure continuous adherence to applicable laws, regulations is able to identify and prioritise processes that must be
and at par with industry best practices with the objective improved and assist the Board and senior management
to protect the interest of stakeholders, customers, and the in making a decision by allocating the resources, budget
broader society. and priority accordingly.
The Board has established an adequate tone at the top and ii. Risk Control
maintain overall oversight responsibility including defining
the appropriate governance structure and setting risk appetite. Based on the risk assessment, the Bank has established
The Board is assisted by Board Risk & Compliance Committee comprehensive policies, procedures and manuals
(BRCC) and Board Audit Committee (BAC) to oversee matters that outline the Bank’s compliance expectations and
relating to management of compliance risk and implementation requirements. These documents are regularly reviewed,
of its controls mechanism. At management level, Executive updated, and communicated to relevant stakeholders
Risk Management Committee is responsible to oversee the to ensure that the controls established are effective to
implementation of risk management programme. minimise the risk and able to prevent new or emerging
risks from occurring.
BMMB Compliance Risk Management Programme
adopts the three lines of defence mechanism, designed to The Bank continuously enhances and develops products,
ensure effective controls in managing compliance risk and services and initiated various projects to offer a better
uphold the compliance responsibility of all officers within range of products and services to enhance customers’
BMMB. In this method, the primary responsibilities in experience. These initiatives are well supported by the
managing the compliance risk are with the first line of defence regulatory advisory function as a control measure to
which implements the management controls to ensure ensure all regulatory requirements and expectations are
compliance in day-to-day operations. The second line of met and compliance risk are proactively managed by the
defence which is independent from the first line is responsible Bank.
to establish appropriate policies, procedures, and control
mechanism with the objective to ensure continuous compliance The Bank acknowledged that having staff with good
with the regulatory requirements. The third line of defence is compliance culture is paramount in managing compliance
the Internal Audit Function which is independent from the risk. Thus, the Bank continuously provides regular training
first line and second line where the role is to provides and awareness programmes to employees at all levels
independent assessment and validation of the adequacy and within the organisation to ensure they understand their
effectiveness of overall compliance programme. compliance responsibilities and obligations. Training is
tailored to matters relevant to their roles, helping them
to understand their responsibilities and keep up-to-date
COMPLIANCE RISK MANAGEMENT PROGRAMME on regulatory requirements.
The Bank has put in place a systematic Compliance Risk iii. Risk monitoring
Management Programme that designed to ensure adherence
to specific regulations, standards, and internal policies. It is a Monitoring mechanisms are in place to assess and assure
continuous methodical process comprise of risk assessment, that the Bank’s operations, activities, and practices
control, monitoring, and reporting of compliance risk comply with the regulatory requirements and industry
exposures within the Bank. standards. Compliance review function is conducted
based on systematic identification of compliance risk
i. Risk assessment areas which form a basis for Annual Review Plan. The
main objective is to provide reasonable assurance to
The Bank conducts compliance risk assessment to Board and senior management on the adherence to
identify, evaluate, prioritise, and manage risks inherent the compliance programme, identify areas of non-
in the Bank’s products, initiatives and business compliance or potential risk and take corrective actions
operations as well as emerging risks that may lead to to mitigate those risks. The review coverage includes
non-compliance to regulations or Anti Money regulatory compliance, Anti Money Laundering/Counter
Laundering/Counter Terrorist Financing measures that Terrorist Financing programme and Shariah compliance.
