Risk management is an integral part of Bursa Malaysia's business, operations and financial
performance.
The RMC is established pursuant to Section 22 of the CMSA. It is chaired
by a PID and the four other members are independent directors. The
composition of the RMC is set out on page 81 of the Annual Report.
Four meetings of the RMC were held in 2010. The RMC examined,
reviewed, discussed and provided advice on a broad range of risk issues
relating to Bursa Malaysia's business strategy, operations and initiatives.
These encompass:
Key corporate risks and exposures;
ERM activities;
Business and system related problems and incidents; and
Risk assessment of strategic initiatives.
Risk Management Framework
The Board assumes overall responsibility for risk and has put in place an
integrated ERM framework.
The management, which includes the Leadership Team members
and Divisional Heads are the first line of defence in Bursa Malaysia's
management of risk. They are responsible for exercising business
judgement and ensuring that policies, processes and internal controls are
in place for managing risks in day to day operations.
The second line of defence in the management of risk is provided by
the RMC assisted by CRM. It is responsible for overseeing the risk
management activities of the Group and ensuring compliance and
effective implementation of risk policy and objectives.
The third line of defence is the AC assisted by Group IA. It provides
independent assurance of the adequacy and reliability of the risk
management processes and system of internal controls, and compliance
with risk-related regulatory requirements.
We have also established a comprehensive risk management process to
identify, assess and prioritise key corporate risks, consider the likelihood
and potential impact of each risk event, and develop strategies and action
plans to manage and mitigate each identified key corporate risk.
Managing Significant Risks
Business interruption risk
We recognise the challenge to ensure business resilience and
continuity, not only in volatile market conditions, but also in the face
of system and infrastructural deficiency/failure and, in recent times,
cyber-threat.
Bursa Malaysia participated in a vulnerability assessment study, to
identify and address vulnerabilities in our critical infrastructure, if any,
and to mitigate the risk of cyber-threats/attacks. We also participated
in the X-MAYA 3, a national cyber drill coordinated by National Security
Council. Both initiatives were part of the national agenda to prepare
and protect critical national information infrastructures against cyber
attacks. The next step will be the development of a cyber crisis
management plan for Bursa Malaysia and market participants.
In 2010, Bursa Malaysia Derivatives migrated its derivatives products
onto the CME Globex® electronic trading platform (hosted in the
US). This includes the implementation of a new order management
system, Bursa Messaging Gateway and Market Data Gateway,
collectively referred to as the 'ASP' system. As part of the ASP
implementation, the requisite business continuity disaster recovery
tests were conducted and our capability to cross over to our Disaster
Recovery Centre and resume operations there was confirmed.
A full physical BCP test with securities market participants was
conducted on 13 November 2010. A separate BCP test will be
conducted for the derivatives market in view of the different time
zones, as the Globex® trading host is located in US.
Other BCP requisites such as the review and updating of
documentation, awareness briefings and training for staff and
recovery organisation have also been conducted.
Following the completion of Phase 1 of the BIA in 2009, which
looked at mission critical functions, Phase 2 was undertaken in 2010
covering the remaining business and support functions enterprisewide.
The BIA provides a basis for developing our recovery strategies
and business continuity capabilities.
Regulatory risks
Bursa Malaysia continues to maintain a dynamic and balanced
regulatory approach to ensure a fair and orderly market. The most
effective forms of regulation are those that target the areas of
greatest risk. These matters are fully described in the Regulatory
Report pages 50 to 53 of this Annual Report, but the principle focus
was on safe-guarding market orderliness, protecting investors'
interests and promoting high standards of business conduct amongst
participants.
Bursa Malaysia will also continue to review its overall operations
and the manner in which we deal with our regulatory responsibilities
to ensure that we become more effective, timely and efficient in
discharging our regulatory responsibilities.
Counterparty credit risk
In managing counterparty/settlement risks where Bursa Malaysia
Securities Clearing and Bursa Malaysia Derivatives Clearing act as
the Clearing Houses for equities and derivatives trades respectively,
and to prevent any systemic impact on the market, Bursa Malaysia
continues to employ a robust risk management process comprising:
Daily mark-to-market positions, initial and variation margin
requirements and collateral management;
Capital requirements and adequacy;
Managing credit exposures via price/trading/single client/
equity/position limits and the provision of a bridging facility;
Monitoring the financial health of the Clearing Settlement Banks
via the RWCR and credit ratings. The concentration risk is also
monitored based on the TCP's total trade settlement with the
relevant Clearing Settlement Banks; and
Maintenance of the CGF and the Clearing Fund for equities and
derivatives trading respectively. Neither fund was called upon
in FY2010.
Looking Ahead
The significant risks described here are not the only risks facing Bursa
Malaysia. There may be additional risks and uncertainties of which we are
currently unaware, or that we presently believe to be insignificant, which
may adversely affect our business. Through the RMC, the Board continues
to closely monitor the effectiveness of risk management practices across
the enterprise to ensure they are sufficiently robust to react to the everchanging
business environment, as well as to avoid losses.