Integrated Report 2020

INTEGRATED REPORT 2020 CIM FINANCIAL SERVICES LTD Risk Management Report Assessment of the economic impact on the existing portfolio Cim Group has reviewed our credit portfolio, assessed the impact of the crisis on our portfolio, defined the collection strategy, refined our risk appetite as well as reviewed the tactical and long-term strategies to meet the changes in client demand. Understanding the portfolio impacts has been a joint effort between the business and Risk team to identify stressed sectors and clients, through a combination of expert judgment, early warning signals and public data. The Risk team has conducted a variety of stress testing and scenario-based forecasting to project the expected credit losses under IFRS9 and to ensure we maintain adequate buffers in terms of capital adequacy as well as funding and liquidity ratios, thus preserving our financial soundness against any expected credit losses. The business, together with Risk and Finance, has used the output of the analysis to refine near-term lending capacity and strategy in line with the risk appetite. Strengthening our Cybersecurity Controls The risk posed by cyber-attacks continues to grow locally andworldwide, especially in terms of the sophistication and complexity of these attacks. With an increase of our digital footprint, Cim Group has embarked on various cyber initiatives to reinforce the existing control mechanisms to respond to internal and external threats. One of the key deployments performed was the implementation of a SIEM, allowing for ongoing monitoring of Cim Group’s networks and systems to rapidly detect and respond to threats in a timely and accurate manner, thus fortifying our overall cybersecurity detection capabilities. This was complemented by the implementation of a phishing tool and Cloud Access Security Broker across the enterprise. Cybersecurity awareness training is now a continuous and vital part of our business sustainability. Amongst other mandatory training and other regular awareness bulletins issued by the IT security team, all employees have to undergo a mandatory e-learning module on cybersecurity at least on an annual basis, and are required to undergo assessments to test their knowledge. Further, testing and simulation exercises are also performed to assess employee reactions to potential cyber- attacks, following which relevant solutions are taken to address any issues identified. Strengthened risk management approach An Enterprise Risk Management Framework has been designed with the goal of improving the Group’s risk management. The framework enables the Group to manage enterprise-wide risks within our risk appetite with the objective of maximising risk-adjusted returns. In 2019, the framework was approved by the Board with a comprehensive review of the principal risk types; and we have since then rolled out a process of self-risk assessments by the business owners and elevated the quality of the risk report to the Board Risk Management Committee. Promoting an effective Compliance Programme Some of the core elements of an effective Compliance Programme include having robust written policies and procedures; a designated Compliance Officer and Compliance Committee; effective lines of communication and training/education; internal monitoring and auditing; and prompt response to detected problems through corrective actions. At Cim Group, we have taken several initiatives to establish and maintain an effective risk management culture and a strong control environment to foster compliance with internal policies and regulatory compliance requirements. We now have to move from the structured approach adopted to next level of embedding the compliance culture as an integral part of the company’s culture and values. Key Initiatives and Achievements during the last financial year (Cont’d) 46