Malaysia Guidelines on Risk Governance – An Overview of Summary and Requirements

• By: Staff Editor
• Date: May 27, 2013

• The Board should ensure that the financial institution’s corporate objectives are supported by a sound risk strategy and an effective risk management framework.
• The risk strategy and risk management framework of the financial institution should be appropriate to the nature, scale and complexity of its activities.
• The Board should provide effective oversight of senior management’s actions to ensure consistency with the risk strategy and policies approved by the board, including the risk appetite framework.
• Senior management should ensure that the day-to-day management of the financial institution’s activities is consistent with the risk strategy, including the risk appetite, and the policies approved by the board.

• The risk management framework should enable the identification, measurement, and continuous monitoring of all relevant and material risks on a group- and firm-wide basis.
• The risk management framework should be supported by robust management information systems (MIS) that facilitate the timely and reliable reporting of risks and the integration of information across the institution
• Risk management should be well-integrated throughout the organization and embedded into the culture and business operations of the institution.
• Financial institutions should establish an independent senior risk executive role (chief risk officer or its equivalent) with distinct responsibility for the risk management function and the institution’s risk management framework across the entire organization.
• The senior risk executive should have sufficient stature, authority and seniority within the organization to meaningfully participate in and be able to influence decisions that affect the financial institution’s exposures to risk.
• Financial institutions should establish and maintain an effective risk management function with sufficient authority, stature, independence, resources and access to the board.
• Effective implementation of the risk management framework should be reinforced with an effective compliance function and subjected to an independent internal audit review.
• Financial institutions should have appropriate mechanisms in place for communicating risks across the organization and for reporting risk developments to the board and senior management.
• Executive remuneration should be aligned with prudent risk-taking and should be appropriately adjusted for risks. The board must actively oversee the institution’s remuneration structure and its implementation, and must monitor and review the remuneration structure to ensure that it operates as intended.

• The board and senior management should understand the financial institution’s operational and organizational structure and the risks it poses.
• The financial institution’s operational and organizational structure should not be overly complex or opaque so as to hamper effective risk management by the financial institution.
• The board and senior management should understand the purpose, structure and unique risks of operating through special-purpose structures.
• Appropriate measures should be undertaken to mitigate any risks identified with special-purpose structures.

• The board and senior management of subsidiary financial institutions will be held responsible for effective risk management processes at the subsidiary level
• The board and senior management should have appropriate influence in the design and implementation of risk management in the subsidiary.
• The board and senior management of a parent financial institution with local and overseas operations is responsible for the risk management of the group and must exercise oversight over its subsidiaries with appropriate processes established to monitor the subsidiaries’ compliance to the group’s risk management policies.

Additional Resources

Read the Malaysia Guidelines on Risk Governance in full here.