| CIM FINANCE. INTEGRATED REPORT 2022 66 RISK MANAGEMENT REPORT 2. MATERIAL RISK TYPES (continued) MAIN RISK TYPE GOVERNANCE KEY CONTROLS & RISK MITIGATION INTEREST RATE RISK The risk arising from changes in interest rates or the prices of interest rate-related securities, with the potential to impact CFSL’s earnings. The management of interest rate risk is a critical component of market risk management at CFSL. Governing Policies • Treasury Policy Key Board / Management Committees • Asset and Liability Committee • Risk Management Committee • Approval of policy and prudential limits. • Appropriate pricing for risk. • Monitoring of any gap or mismatch between risks arising from holding assets and liabilities. • Monitoring of net interest earnings at risk. • Reporting to ALCO and Risk Management Committee. OPERATIONAL RISK Operational risk is the risk of loss arising from inadequate or failed internal processes, people, and systems or from external events. CFSL is exposed to operational risk primarily through: • Technology risks • Cybersecurity risks • Internal and external fraud risks • Model risks • People risks • Process risks • Business disruption • Third-party risks • Physical security • Legal risks Governing Policies • Operational Risk Policy • Business Continuity Management Policy • IT Security Policy Key Board / Management Committees • Operational Risk Forum • Fraud Response Committee • Service Quality Forum • IT Risk Exception Sub Forum • Risk Management Committee • Corporate Governance and Conduct Review Committee • An effective operational risk management programme, which includes the three lines of defence. • The Operational Risk Framework consisting of policies, processes and standards, aims to embed effective risk management practices. • Risk and Control Self Assessment (RCSA) to assess key risks and controls. • Processes are in place to support the reporting, investigation, resolution and remediation of incidents. • Key risk indicators to monitor changes in risks and take appropriate actions in a timely manner. • Training and awareness. • Due diligence and clear contracts in place for third party engagement. • Regular internal audits and testing carried out to ensure adequacy of controls. • Business Continuity Management and Crisis Management Framework enable resilience, and swift response and recovery from external events. • IT security function to protect CFSL’s infrastructure against cyber attacks.
RkJQdWJsaXNoZXIy MzQ3MjQ5