GOVERNANCE

83

Bursa Malaysia •

Annual Report 2015

The Board of Bursa Malaysia is committed to maintaining a sound internal

control and risk management system. Each business unit/functional group

has implemented its own control processes under the leadership of the Chief

Executive Officer (“CEO”), who is responsible for good business and regulatory

governance. The following statement outlines the nature and scope of the

Group’s internal control and risk management in 2015.

STATEMENT ON INTERNAL CONTROL

AND RISK MANAGEMENT

BOARD’S RESPONSIBILITY

The Board affirms its overall responsibility for the Group’s system of

internal control and risk management and for reviewing the adequacy and

integrity of the system. The system of internal control covers governance,

risk management, financial, strategy, organisational, operational, regulatory

and compliance control matters. The Board recognises that this system is

designed to manage, rather than eliminate, the risks of not adhering to

the Group’s policies, and achieving goals and objectives within the risk

tolerance established by the Board and Management. Therefore, the system

provides reasonable, but not absolute, assurance against the occurrence of

any material misstatement, loss or fraud.

In 2015, the adequacy and effectiveness of internal controls were reviewed

by the Audit Committee (“AC”) in relation to the internal audits conducted

by the Group Internal Audit (“GIA”) during the year. Audit issues and actions

taken by Management to address the issues tabled by GIA were deliberated

on during the AC meetings. Minutes of the AC meetings which recorded

these deliberations were presented to the Board.

The Risk Management Committee (“RMC”) provides oversight on risk

management matters relating to the activities of Bursa Malaysia as an

exchange holding company and of its subsidiaries in accordance with

Section 22 of the Capital Markets and Services Act 2007 (“CMSA”), to

ensure prudent risk management over Bursa Malaysia’s business and

operations. At its scheduled meetings in 2015, the RMC had reviewed,

appraised and assessed the efficacy of the controls and progress of action

plans taken to mitigate, monitor and manage the overall risk exposure of

the Group. The RMC also reviewed proposals for new products, monitored

the progress and status of risk management activities, as well as raised

issues of concern and provided feedback for Management’s action.

Internal control and risk-related matters which warranted the attention

of the Board were recommended by the AC and RMC to the Board for its

deliberation and approval and matters or decisions made within the AC’s

and RMC’s purview were escalated to the Board for its notation.

KEY INTERNAL CONTROL PROCESSES

The Group’s internal control system comprises the following key processes:

1. Separation of Commercial and Regulatory Functions

a. The Group’s commercial and regulatory functions are segregated

to ensure the proper discharge of Bursa Malaysia’s regulatory

duties. Both these functions operate independently of each other

to ensure that business units are not in a position to unduly

influence any regulatory decision made by the Regulation unit.

It is Bursa Malaysia’s statutory duty to always act in the public

interest, with particular regard for the need to protect investors.

As such, the Board of Bursa Malaysia, which includes Public

Interest Directors, is responsible for upholding public interest in

its decision making.

To this end, Regulatory Committees have been set up to deliberate

on and decide regulatory matters to ensure Bursa Malaysia

upholds its obligation to safeguard the public interest. These

committees, apart from Board members, comprise independent

individuals with significant and relevant industry experience.

b. Processes are established and set out in the Guidelines for

Handling Conflict of Interest (“COI”) to deal with any possible COI

which may arise in the course of Bursa Malaysia performing its

commercial or regulatory role.

2. Authority and Responsibility

a. Certain responsibilities are delegated to Board Committees

through clearly defined Terms of Reference (“TOR”) which are

reviewed annually.