Risk Management Statement

• Key corporate risks and exposures;
• ERM activities;
• Business and system related problems and incidents; and
• Risk assessment of strategic initiatives.

1. Business interruption risk

1. We recognise the challenge to ensure business resilience and continuity, not only in volatile market conditions, but also in the face of system and infrastructural deficiency/failure and, in recent times, cyber-threat.
   
   Bursa Malaysia participated in a vulnerability assessment study, to identify and address vulnerabilities in our critical infrastructure, if any, and to mitigate the risk of cyber-threats/attacks. We also participated in the X-MAYA 3, a national cyber drill coordinated by National Security Council. Both initiatives were part of the national agenda to prepare and protect critical national information infrastructures against cyber attacks. The next step will be the development of a cyber crisis management plan for Bursa Malaysia and market participants.
   
   In 2010, Bursa Malaysia Derivatives migrated its derivatives products onto the CME Globex® electronic trading platform (hosted in the US). This includes the implementation of a new order management system, Bursa Messaging Gateway and Market Data Gateway, collectively referred to as the 'ASP' system. As part of the ASP implementation, the requisite business continuity disaster recovery tests were conducted and our capability to cross over to our Disaster Recovery Centre and resume operations there was confirmed.
   
   A full physical BCP test with securities market participants was conducted on 13 November 2010. A separate BCP test will be conducted for the derivatives market in view of the different time zones, as the Globex® trading host is located in US.
   
   Other BCP requisites such as the review and updating of documentation, awareness briefings and training for staff and recovery organisation have also been conducted.
   
   Following the completion of Phase 1 of the BIA in 2009, which looked at mission critical functions, Phase 2 was undertaken in 2010 covering the remaining business and support functions enterprisewide. The BIA provides a basis for developing our recovery strategies and business continuity capabilities.
   
   

2. Regulatory risks

1. Bursa Malaysia continues to maintain a dynamic and balanced regulatory approach to ensure a fair and orderly market. The most effective forms of regulation are those that target the areas of greatest risk. These matters are fully described in the Regulatory Report pages 50 to 53 of this Annual Report, but the principle focus was on safe-guarding market orderliness, protecting investors' interests and promoting high standards of business conduct amongst participants.
   
   Bursa Malaysia will also continue to review its overall operations and the manner in which we deal with our regulatory responsibilities to ensure that we become more effective, timely and efficient in discharging our regulatory responsibilities.
   
   

3. Counterparty credit risk

1. In managing counterparty/settlement risks where Bursa Malaysia Securities Clearing and Bursa Malaysia Derivatives Clearing act as the Clearing Houses for equities and derivatives trades respectively, and to prevent any systemic impact on the market, Bursa Malaysia continues to employ a robust risk management process comprising:
   
   

1. Daily mark-to-market positions, initial and variation margin requirements and collateral management;
2. Capital requirements and adequacy;
3. Managing credit exposures via price/trading/single client/ equity/position limits and the provision of a bridging facility;
4. Monitoring the financial health of the Clearing Settlement Banks via the RWCR and credit ratings. The concentration risk is also monitored based on the TCP's total trade settlement with the relevant Clearing Settlement Banks; and
5. Maintenance of the CGF and the Clearing Fund for equities and derivatives trading respectively. Neither fund was called upon in FY2010.