The meeting resolution is valid and binding if attended and/or represented by more than ½ (one half) of the members of the Committee with the provisions that include at least more than ½ (one half) of the numbers of Directors.
Duties and Responsibilities
The Operation risk Management Committee has the responsibilities to:
1. Approve the operational risk framework and policy to ensure its suitability to the size and complexity of the Bank’s operation today and in the future.
2. review the Bank’s operational material risks, as well as monitor the management responses/
actions in order to actively managing the Bank’s operational risk.
3. Oversee the overall Bank’s operational risk control environment by:
a. reviewing the risk reports from all directorates;
b. requesting and reviewing the thematic reports.
4. review and approve the Bank’s operational policies and its amendments to be escalated to the OrC as required.
5. Other important or critical matters, which required the Committee’s decision.
2015 Work Programs
In 2015, the OrC reviewed and approved the operational risk development framework and few other related policies, as well as ensured that the framework and the policies have been carried out adequately.
The OrC also continued monitoring the Bank’s performance in managing operational risk by using various operational risk management tools (OrM Tools), as well as reviewed the risk assessment submitted by each business/supporting unit, both conventional and Sharia, including subsidiaries, to provide direction and decision on control environment improvement and development of the required system.
The OrC strived to improve the monitoring function primarily on material operational risk and thematic risk to ensure mitigation measures have been implemented.
Simultaneously to also evaluate the operational risk management process by ensuring the effectiveness of Three Lines of Defense function implementation.
Other OrC program is to review and monitor the progress of projects and initiatives that supporting the operational risk management, as well as to ensure that monitoring of the preparation of the integrated system development implementation (1 Platform System Implementation) is in place.
2015 Work Realization
1. The OrC approved a number of policies related to operational risk management in the form of new policies and improvements on existing policies such as:
Policy Refinement:
a. Operational risk Incident Management and Data Losses Policy that govern the escalation of operational risk incident which have significant impact on the Bank to the Directors, Operational risk Management, Internal Audit and other related units and ensure the proper management of incident to minimise the impact.
b. risk and Control Self-Assessment Policy includes the modifications of rCSA mechanism into workshop method as well as additional of control effectiveness testing hence to carry out comprehensive risk identification and controls in each unit.
c. New Products and Activities Policy includes reinforcement of rules on establishment of new products and activities, as well as improvement of review process on new products and activities hence to implement comprehensive risk management of new product and activities issuance.
d. The framework of three lines of defence includes adding the Anti-Fraud Management as part of second line of defence as well as the establishment of risk and Control Unit in the first line of defence, which serves to manage the operational risk and compliance aspects as per scope of each working unit.
e. Operational risk reserve policy that governs the provisioning of funds for operational risk, as a form of anticipation of losses that could potentially disrupt cash flow of the Bank’s financial.
Executive Committee
New Policy
a. Control Issue Management Policy that governs the supervision of control potential failure, inaccuracy in the control drafts, as well as ineffective control including the supervision of the follow up of control improvement. This is aimed to ensure that control issues are identified and addressed through adequate governance in accordance with the Bank regulations and standards.
2. reviewed risk assessment presented by each business/supporting unit both conventional and Sharia, including subsidiaries, and provided direction and decision for control environment improvement as well as system development.
3. Status progress monitoring on risk & Control Unit establishment as part of three lines of defence framework.
4. reviewed and provided guidance on cybercrime incidents in 2015, which among others related to malware and social engineering, in order to take the necessary preventive actions.
5. Discussed the operational risk incidents, which have material impact and fraud cases and ensured that the root cause analysis has been done with mitigation and corrective process to prevent reoccurrence.
6. Approved the regulatory revision related to agreement signing authority.
7. reviewed the balance account and transitory/
collection account statements to ensure that preventive and correction actions have been implemented to prevent misuse.
8. Monitored the corrective actions on monitoring activities and the fulfilment of document to be obtained and exception report associated to loan.
9. Evaluation of 2015 Business Continuity Management (BCM) achievement and approved the Crisis Management Committee and Crisis Coordination Team structure changes in order to make accurate and prompt decision when Bank is on crisis.
10. Approved the revision of System Criticality Categorization Assessment (SCCA) framework and SCCA result in 2015 to ensure the sufficient infrastructure and Disaster recovery Plan on critical application systems.
11. reviewed and monitored the Bank’s preparation on the integrated system development implementation (1 Platform System Implementation).
Compliance unit is chaired by Liston Siahaan.