Annual Report 2012
Risk Management Statement

RISK MANAGEMENT STATEMENT

 
In accordance with Section 22 of the Capital Markets and Services Act 2007 (CMSA), Bursa Malaysia has established and maintained a Risk Management Committee (RMC) to provide risk oversight and to ensure prudent risk management of its business and operations.
 
The RMC is a Board Committee comprising five independent Directors, including the RMC Chairman, a Public Interest Director (PID) who also satisfies the test of independence under the Main Market Listing Requirements. The RMC members and their attendance records are provided in the Corporate Governance Statement of this Annual Report.

In 2012, the RMC held four meetings at which it reviewed, deliberated and provided advice on matters pertaining to:

  1. developments and/or emerging concerns on key corporate risks and the actions taken, or being taken, by Management to mitigate these risks;

  2. risk assessment of priority projects and programmes;

  3. pertinent operational risks and mitigation measures; and

  4. progress and status of requisites with regard to Enterprise Risk Management (ERM) activities undertaken throughout the Group.

Minutes of RMC meetings were tabled for confirmation at the following RMC meeting, and subsequently presented to the Board for notation. In 2012, the RMC was apprised of the continuous risk management efforts by the Management and assessed the progress and efficacy of such actions taken in monitoring the risk management exposure of the Group.

In discharging its risk oversight function, the RMC also assessed the key corporate risks at its quarterly meetings and adjusted the risk severity, where merited, to timely flag concerns for the Management's attention, and further conveyed to the Board any issues of concern. The RMC at its 4th meeting held on 19 November 2012 reviewed the 2013 Corporate Risk Profile and recommended the same for the Board's approval on 28 November 2012.

RISK GOVERNANCE FRAMEWORK

Bursa Malaysia has in place an enterprise risk governance framework for which the Board assumes overall responsibility with established and clear functional responsibilities and accountabilities under three lines of defence for the management of risk.

Senior Management, which includes Management Committee members and Divisional Heads, is the first line of defence accountable for all risks assumed under their respective areas of responsibility as well as for the execution of appropriate risk management discipline in line with the Risk Management Policy approved by the Board, aided by supporting guidelines, procedures and standards. This group is also responsible for creating a risk-awareness culture to ensure greater understanding of the importance of risk management and that its principles are embedded in key operational processes and all projects.

The second line of defence in the management of risk is provided by the RMC, assisted by the Corporate Risk Management (CRM) team which is collectively responsible for overseeing the risk management activities of the Group and ensuring compliance with, and effective implementation of, risk policies and objectives.

The third line of defence is the Audit Committee (AC), assisted by Group Internal Audit (GIA). It provides independent assurance of the adequacy and reliability of the risk management processes and system of internal control as well as compliance with risk-related regulatory requirements.

Within the framework, we have an established and structured process for the identification, assessment, communication, monitoring and review of risks and effectiveness of risk mitigation strategies and controls at the divisional and corporate levels. An automated system has also been implemented to facilitate the risk documentation and reporting process in regard to divisional risks.

In 2012, we embarked on a programme to refresh our enterprise risk management framework to ensure that the risk organisation structure and related risk policies and processes are in line with the latest risk management practices and remain appropriate and effective for managing risks faced by the Group in the present and future. Areas for improvement have been identified and relevant revisions are being formalised for implementation by the Group.
 
MANAGING SIGNIFICANT CORPORATE RISKS

Competition risk

To build and enhance our competitive position, we have instituted various programmes and initiatives in 2012 to boost participation and increase liquidity in our markets, expand the range of products and services offered by the Group, improve our market framework and efficiency, facilitate fund raising, also to create and raise awareness of the Group and its products and services.

Business interruption risk

On 16 May 2012, Bursa Malaysia successfully conducted a joint exercise of a fire drill and Business Continuity Plan (BCP) simulation, simulating the fire evacuation and relevant business continuity activation processes. These included the integrated activation of external agencies (Bomba, Police and St. John Ambulance) with Bursa Malaysia's Disaster Recovery Management Team (DRMT), and the evacuation of occupants of the Exchange Square building.

On 24 November 2012, Bursa Malaysia successfully conducted the BCP Test primarily involving the securities, Islamic, bond and Labuan International Financial Exchange (LFX) markets. All 34 Participating Organisations (POs) of securities market participated in this test. Overall, we achieved the target recovery time set for all critical functions/systems.

In 2012, Bursa Malaysia did not face any major business interruption with the exception of our website being under a Distributed Denial of Service (DDoS) attack on 13 February 2012. Nevertheless, securities and derivatives trading were not affected and the impact was minimal.

For our derivatives market which operates on the Globex® platform, the team successfully conducted two BCP tests with its market participants and CME Group Inc. (CME), on 30 June 2012 and 4 August 2012 simulating the recovery and resumption of the derivatives critical functions/systems following the pre-trading failure scenario of the derivatives systems.

Talent management risk

2012 saw Bursa Malaysia launch and implement comprehensive human resources initiatives aimed at ensuring accelerated growth of competency development among staff while emphasising efforts to attract, retain and motivate key talent in the organisation. The initiatives include:

  1. Review of the Job Grading Framework to create a strong job management system in Bursa Malaysia to ensure consistency and internal equity. This helps Bursa Malaysia to promote a market-driven reward structure that is competitive as well as integrated with other strategic Human Resources (HR) initiatives such as career and succession planning to attract, develop, engage and retain talent.

  2. Execution of Individual Development Plans to facilitate the achievement of career aspirations by employees in alignment with Bursa Malaysia's Strategic Intents via continuous development, strengthening and uplifting of key technical and non-technical competency levels.

  3. Enhancement of the technical competencies to address Bursa Malaysia's long-term goals of increasing productivity and capacity-building.

  4. Revision and enhancement of the Balanced Scorecard for better alignment and effective cascading of Bursa Malaysia's strategies and goals towards achieving the aim of becoming ASEAN's multinational marketplace.

  5. Succession Planning aimed at strengthening Bursa Malaysia's bench strength and leadership pipeline at key management and critical positions.

  6. Strategic advertising targeting university career fairs and professional bodies while also utilising job portals.


Recruitment, development and retention are critical to creating an effective human resources management and are carried out within the context of other human resources functions such as training and development, talent management, succession planning, workforce planning and strategic HR planning. Outcomes of these initiatives are monitored closely and evaluated to establish their effectiveness and adequacy to tackle any areas of risk.

Regulatory risk

The discharge of our regulatory function is to ensure that our markets continue to operate in an orderly, fair and transparent manner. In this respect, our areas of focus are guided by events that may undermine the operation of an orderly and fair market.

We will continue to review our focus areas to ensure that key risks are identified, monitored and managed effectively.

Counterparty credit risk

In managing counterparty/settlement risks where Bursa Malaysia Securities Clearing Sdn Bhd and Bursa Malaysia Derivatives Clearing Berhad act as the clearing houses for securities and derivatives trades respectively, and in preventing any systemic impact on the market, Bursa Malaysia continues to employ robust risk management processes comprising:

  1. Daily mark-to-market positions, initial and variation margin requirements and collateral management. In 2012, Bursa Malaysia Derivatives Clearing Berhad migrated to the Chicago Mercantile Exchange Standard Portfolio Analysis of Risk (CME SPAN), which is a risk-based margining system;

  2. Capital requirements and adequacy;

  3. Managing of credit exposures via price, trading, single client, equity, position limits and the provision of a bridging facility;

  4. Monitoring of the financial health of the clearing settlement banks via the risk weighted capital ratio (RWCR) and credit ratings. The concentration risk is also monitored based on the Trading Clearing Participants' (TCP) total trade settlement with the relevant clearing settlement banks; and

  5. Maintenance of the Clearing Guarantee Fund (CGF) and the Clearing Fund for securities and derivatives trading respectively.


In 2012, there was no settlement default by any TCP and neither the CGF nor the Clearing Fund was called upon.
 
CONCLUSION AND LOOKING AHEAD

Throughout 2012, the business and operational risks of the Group were adequately and satisfactorily managed.

In the upcoming period, the Group will remain attuned to changes in our risk environment and will seek to implement responses as appropriate to limit potential negative impact while capturing any possible upside opportunities.