61 I N T E G R A T E D R E P O R T 2 0 2 1 PRINCIPAL RISK DESCRIPTION RISK RESPONSE OPERATIONAL RISK Movement during the year: Cim Finance has an effective operational risk management program, which includes the three lines of defence (business units as the first line, risk and compliance as the second line and internal audit as the third line of defence), written operational risk policies and procedures, and risk identification, assessment, monitoring and reporting processes. Risk Control Self Assessment is now an integral part of the operational risk management process, which serves to identify and assess operational risks in an efficient and systematic manner. We have improved the quality of information presented in our Risk Report and the key operational risks are regularly reported to the Operational Risk Forum and to the Board’s Risk Management Committee. IT & CYBERSECURITY RISK Movement during the year: In the context of our digitalisation strategy, we are conscious of the risk posed by cyber attacks. We have deployed a cybersecurity program to enhance our resilience to threats and vulnerabilities. Continuous training is conducted on cyber security awareness and is a vital part of the sustainability of our business. We have implemented SIEM (Security Incident Event Management), which monitors our networks on an ongoing basis. This is complemented with the implementation of Advanced Threat Protection tools for enhancing cyber security monitoring, a Cloud Access Security Broker for cloud-hosted applications, and Mobile Device Management, amongst others, which are managed by a dedicated IT Security team. Testing and simulation exercises are conducted to assess employee reactions to potential attacks or system failures, following which we develop relevant solutions to address the identified issues and ensure business continuity. Cim Finance also has a cyber-liability insurance cover, which provides additional safeguards in protecting infrastructure and data assets. COMPLIANCE RISK Movement during the year: We have an effective compliance program which includes robust written policies and procedures, a designated compliance officer and compliance committee, effective lines of communication, training/ education, internal monitoring and auditing and a prompt response to detected problems through corrective actions. During the year, an exhaustive review of Cim Finance’s core processes was conducted with a view to update operational processes and procedures in line with regulatory requirements. Moreover, several initiatives were taken to enhance our ongoing screening capabilities through RPA solutions and the procurement of international sanction lists. R I S K M A N A G E M E N T
RkJQdWJsaXNoZXIy MzQ3MjQ5