Special Briefing - Governance Structure-Final Islam Malaysia Bhd Datuk Ismee Ismail Group Managing Director Lembaga Tabung Haji Johan Abdullah Group Managing Director BIMB Holdings

STRICTLY PRIVATE & CONFIDENTIAL

SPECIAL BRIEFING : SPECIAL BRIEFING : GOVERNANCE STRUCTUREGOVERNANCE STRUCTURE

Hizamuddin JamalluddinStrategic Planning & Managing Director’s Office

Page 10

TABLE OF CONTENTSTABLE OF CONTENTS

About Bank Islam

Board & Governance Structure

Shariah Governance

Board Risk Committee

Role of Management

Risk Oversight

Effectiveness of Management Oversight Committees

Page 11

A SNAPSHOTA SNAPSHOT

Malaysia’s Pioneer Islamic Bank – 1983

3rd Largest Islamic Bank in Malaysia

Total Assets of about RM30 billion

24th largest Islamic financial institutions in the world

Total customer base of more than 3.5 mil.

Rated A1/P1 with outlook by Rating Agency Malaysia

Rated A2 (Short Term) & BBB (Long term) for foreign currency & BBB‐ for financial strenght by Capital Intelligence

Rated 4th Strongest Bank in Malaysia by The Asian Banker (Part of Financial Times Group)

Ranked 53 – Asia Pacific 500 Strongest Bank by The Asian Banker

Best Islamic Bank in Malaysia 2011 – IFN Award

Page 12

““To be a Global Leader in Islamic BankingTo be a Global Leader in Islamic Banking””

““Global LeaderGlobal Leader”” is defined as being the ultimate guidance is defined as being the ultimate guidance and source of reference for innovative Shariahand source of reference for innovative Shariah‐‐based based

products & servicesproducts & services

VISION STATEMENTVISION STATEMENT

Page 13

To continually develop and innovate universally accepted financial solutions in line with Shariah principles

To provide a reasonable and sustainable return to shareholders

To provide a conducive working environment and to become an Employer of Choice for top talents in the market

To deliver comprehensive financial solutions of global standards using state‐of‐the‐art technology

To be a responsible and prudent corporate citizen

In carrying out this corporate mission, Bank Islam shall be guided by its corporate brand values of being: A Leader, Dynamic, Professional, Caring and Trustworthy

MISSION STATEMENTMISSION STATEMENT

Page 14

STRATEGIC GOALSSTRATEGIC GOALS

An immediate goal is to re‐claim our position as the premier Islamic bank in Malaysia and retain the accolade as the “Most Trusted Brand”

Subsequently, to expand its operations either by internal growth (branch network expansion) or through mergers & acquisitions

A medium‐term goal is to become a major regional player by spreading its wings into neighboring ASEAN countries

A long‐term goal is to ultimately make its presence felt globally

As part of our journey to become a premier Islamic bank, we will continue to compete resolutely and innovate relentlessly to cater to the needs of people of all walks of life.

Page 15

CORPORATE CORE VALUESCORPORATE CORE VALUES

LEADERLEADEROur Islamic products are the benchmark. Reputed as the pioneer in Islamic banking.

Built the Islamic banking industry in Malaysia

DYNAMICDYNAMICProgressive and innovative ‐ constantly moving ahead, technologically advanced, with

new products & services

PROFESSIONALPROFESSIONALFast, efficient and responsive service. Knowledgeable and equipped staff to handle

global business challenges

CARINGCARINGA supportive partner who is approachable, ever ready to provide solutions to your

financial problems

TRUSTWORTHYTRUSTWORTHY100% Shariah‐based products, services and principles

Page 16

BOARD & GOVERNANCE STRUCTUREBOARD & GOVERNANCE STRUCTURE

Page 17

GOVERNANCE PHILOSOPHY GOVERNANCE PHILOSOPHY

We believe that sound oversight function is critical to ensuring commensurate returns for all our financing, investments and risk‐taking activities.

We regularly review our risk governance structure, capabilities and infrastructure to better understand and manage our exposure to risks within our risk appetite.

We regularly review the overall design, set‐up, structure, composition and process of the Management Oversight Committees as well as benchmarking against the practices of other local and foreign financial institutions. This is to ensure:‐

The robustness and appropriateness of the Management Committees and its Terms of Reference;

The effectiveness of the Committees, determined by the quality of its procedures, processes, quality of the reports or papers submitted to make an informed decisions as well as quality of the minutes in capturing grounds and rationale of decisions made.

Fulfillment of Roles and Responsibilities as mandated by the stakeholders.

Page 18

PRINCIPLES OF CORPORATE GOVERNANCEPRINCIPLES OF CORPORATE GOVERNANCE

Principle 1: Every Islamic bank should be headed by an effective board, which assumes specific responsibilities. The vision, strategy and corporate values of the Islamic bank should be clearly specified and understood.

Principle 2: There should be an effective board composition, with a strong independent element where no individual or small group of individuals should be allowed to dominate the board’s decision making.

Principle 3: There should be a clear division of responsibilities at the helm of an Islamic bank, which will ensure a balanced and clear lines of role, responsibility, authority and accountability throughout the Islamic bank.

Principle 4: There should be a formal and transparent process for the appointment of directors to the board and the appointment of Chief Executive Officer.

Principle 5: Directors must be persons of calibre, credibility and integrity with the necessary skills and experience and be able to devote time and commitment

Page 19

PRINCIPLES OF CORPORATE GOVERNANCEPRINCIPLES OF CORPORATE GOVERNANCE……contcont

Principle 6: Board should meet regularly and be duly furnished with complete and timely information.

Principle 7: There should be a formal and an ongoing assessment of the effectiveness of the board as a whole, the directors and the Chief Executive Officer.

Principle 8: There should be a formal and transparent procedure for fixing the remuneration packages of board members, Chief Executive Officer and senior management and the remuneration policies and practices should be in line with the Islamic bank’s ethical values, objectives and culture.

Principle 9: Persons empowered with decision making authority (including directors) should exercise care to avoid situations that may give rise to a conflict of interest situation.

Principle 10: There should be clear separation between shareholders and management so as not to impede sound corporate governance.

Page 20

PRINCIPLES OF CORPORATE GOVERNANCEPRINCIPLES OF CORPORATE GOVERNANCE……contcont

Principle 11: There should be robust auditing requirements and the auditor, board and management need to maintain professional and objective relationships.

Principle 12: Islamic bank should engage in regular, effective and fair communication with shareholders/stakeholders

Principle 13: Conducting corporate governance in a transparent manner can reinforce sound corporate governance.

Principle 14: Board is collectively responsible and accountable for the veracity of disclosures and management of risk.

Page 21

REGULATORY GUIDANCEREGULATORY GUIDANCE

Page 22

GOVERNANCE STRUCTUREGOVERNANCE STRUCTURE

Page 23

BOARD OF DIRECTORSBOARD OF DIRECTORS

Zaiton Mohd HassanChairman, Board Risk Committee

Mohamed Ridza bin Mohamed AbdullaIndependent Director

Zahari @ Mohd Zin IdrisChairman, Audit & Examination CommitteeChairman, Board Financing Review Committee

…INDEPENDENT DIRECTOR

Dato’ Zamani Abdul GhaniChairman

Page 24

BOARD OF DIRECTORSBOARD OF DIRECTORS……contcont

Dato’ Sri Zukri SamatManaging Director

Bank Islam Malaysia Bhd

Datuk Ismee IsmailGroup Managing DirectorLembaga Tabung Haji

Johan AbdullahGroup Managing Director

BIMB Holdings Bhd

… NON INDEPENDENT DIRECTOR

Abdullah AbdulRahman Abdullah Sharafi Board Member

Mohammed Abdul Ghafar HussainBoard Member

Page 25

THE BOARDTHE BOARD

The Board of Directors is the highest authority in the Company.

The Board plays critical role in ensuring sound and prudent policies and practices in the Bank. It provides effective check and balance mechanism in the overall management of the Bank.

The Board carries ultimate responsibility for the proper stewardship of the Bank. It has the responsibility to ensure optimisation of shareholders’ value and safeguard the stakeholders’ interest.

The Board has a fiduciary responsibility to act in the best interest of the Bank.

Page 26

BOARDBOARD’’S AUTHORITYS AUTHORITY

The Board of Directors shall have the authority to deliberate and approve on matters within its primary duties and responsibilities in line with the Authority Limits document or such limits as may be determined by the Board of Directors from time to time. During the discharge of such duties, the Board of Directors shall have:‐

Access to the full company records, properties and personnel.

Independent professional advice and expertise necessary to perform its duties.

Access to advice and services of the Company Secretary.

A director shall at all times act honestly and shall use reasonable diligence in the discharge of his/her duties.

Page 27

BOARDBOARD’’s COMPOSITIONs COMPOSITION

The Board of Directors shall comprise of Executive Directors and Non‐executive Directors.

Pursuant to BNM Guideline on Corporate Governance for Licensed Islamic Bank (BNM/GP1‐i), the number of executive director should not be more than one (1) (except with BNM’s approval) and the number of Independent Directors must be at least one‐third of the total board members.

Currently, Bank Islam has four (4) independent board members that provide an effective check and balance in the function of the Board.

Pursuant to Article 63 of the Articles of Association of the Company, minimum numbers of the Board of Directors is five (5) and maximum is eleven (11).

The Board comprises members from diverse professional background and experience such as banking, finance, accounting and legal. The Board members have vast experience and bring with them invaluable knowledge, expertise and perspective to achieve Bank Islam’s objectives and visions.

Page 28

CODE OF ETHICSCODE OF ETHICS

The Directors continue to adhere to a Code of Ethics based on the Code of Conduct expected of financial institutions’ directors as set out in the BNM/GP7 – Guidelines on the Code of Conduct for Directors, Officers and Employees, the Companies Act 1965 and the Company Directors’ Code of Ethics issued by the Companies Commission of Malaysia.

The Code of Ethics for Company Directors, amongst others, highlighted the following criteria of which a company director should observe in the performance of his/her duties:

He/she should at all times act with utmost good faith towards the company in any transaction and to act honestly and responsibly in the exercise of his/her powers in discharging his/her duties;

He/she should be conscious of the interests of shareholders, employees, creditors and customers of the Bank; and

He/she should ensure that the activities and the operations of the company do not harm the interest and well‐being of society at large.

Page 29

ROLES OF THE BOARDROLES OF THE BOARD

The Board is responsible for the conduct of the business and affairs of the Bank.

In practice, the Board is expected to provide strategic leadership, direction, support and guidance to the Bank. Board members are expected to demonstrate commitment to the Bank’s vision, strategic intent, core values, policies and objectives.

Some of the key tasks of the Board are:‐to oversee the development (and review) of strategies, plans and policies;

to oversee the development (and review) of performance targets, including key financial target;

to ensure that the Bank communicates effectively with stakeholders;

to obtain an understanding of the principal risk of the Bank and ensure there are systems to deal with them; and

to ensure an appropriate control environment

At Bank Islam, Board members are equipped with “Directors’ Handbook”

Page 30

CORPORATE PLANNING AND STRATEGIC MANAGEMENTCORPORATE PLANNING AND STRATEGIC MANAGEMENT

One of the key tasks of the Board is to set strategic direction of the Bank and exercise strategic control. The strategic direction forms the basis for development of a 3 year Corporate Plan.

The Corporate Plan is a key document used to promote continuous improvement in performance. Generally, the planning process involves:‐

An analysis of the operating environment

An articulation (or review) of the Bank’s mission and vision

The development of long term business strategies to achieve the mandate

An articulation of key results areas of the Corporate Plan

The Board’s role is to manage the planning process to:‐Ensure that effective long and medium term planning takes place;

Ensure that the plans are aligned with the Bank objectives;

Consider, challenge, and if necessary change, the plans; and

Review the plans – and performance aginst them – on a regular basis

Page 31

ROLES OF THE CHAIRMAN & MANAGING DIRECTORROLES OF THE CHAIRMAN & MANAGING DIRECTOR

The roles of the Chairman and Managing Director are clearly defined and differentiated. This distinction is to ensure a balance of power and authority for better understanding and distribution of responsibilities and accountabilities.

The Chairman together with the rest of the Board are responsible for setting the policy framework within which the Management is to operate. The role of the Chairman includes the following:

Provide leadership to achieve the overall performance in meeting the corporate goals and objectives of Bank Islam;

Ensure that the responsibilities of the Board, the Board Committees and the individual directors are well understood by the Board and individual directors and are executed effectively; and

Develop an effective working relationship with the Management.

Page 32

ROLES OF THE CHAIRMAN & MANAGING DIRECTORROLES OF THE CHAIRMAN & MANAGING DIRECTOR……contcont

The Managing Director has overall executive responsibility for the day‐to‐day operations of Bank Islam which includes implementing the policies and strategies adopted by the Board, keeping the Board fully informed of all important aspects of the Bank’s operations and ensuring sufficient information is distributed to the Board members.

The Managing Director also carries the primary responsibilities for ensuring management competency including the placement of an effective succession plan to sustain continuity.

Page 33

PRIMARY DUTIES & RESPONSIBILITIES OF THE BOARDPRIMARY DUTIES & RESPONSIBILITIES OF THE BOARD

The terms of reference of the Board specify that the Board plays critical role in ensuring sound and prudent policies and practices in the Bank. It provides effective check and balance mechanism in the overall management of the Bank.

Page 34

PRIMARY DUTIES: FINANCE & OPERATIONSPRIMARY DUTIES: FINANCE & OPERATIONSReview and approve all strategic and policy matters including the objectives, strategic business plan, risk appetite and significant operating policies of the Bank and monitor the Management’s performance in implementing them based on Key Performance Indicators (“KPIs”) approved by the Board;

Review the adequacy and integrity of the Bank’s accounting and financial reporting system and ensure appropriate controls are in place.

Review and approve the following matters, including but not limited to:‐Annual Business Plan and Budget of the Bank;

Management report which includes financial and business performance, update on credit impaired assets, material litigation and important events;

Any write‐off proposal;

Material Litigation;

Investment proposal or ventures on strategic alliance;

Authority Limits documents including discretionary authority vested to any officer of Bank Islam;

Distribution of the Bank’s dividend;

Any purchase and disposal of goods or fixed assets or any purchase or termination of services within limits stipulated in the Authority Limits document; and

Acquisition of and prepayment of any loans or indebtedness of the Bank.

Page 35

PRIMARY DUTIES : FINANCE & OPERATIONSPRIMARY DUTIES : FINANCE & OPERATIONS……contcontReview and approve significant business and operational policies including but not limited to the following:‐

approval for new products or services and review the performance and profitability of such products or services;

Dividend policy;

Depreciation policy;

Procurement policy;

Outsourcing policy; and

IT security and other related IT policies.

Review and approve any appointment of such person, consultants or advisors or establishment of committee or task force to undertake any specific assignments in relation to the Bank’s business and operations within limits stipulated under the Authority Limits document.

Page 36

PRIMARY DUTIES : RISK MANAGEMENTPRIMARY DUTIES : RISK MANAGEMENT

Review and approve risk management policies and ensure that the Bank establishes adequate internal controls and infrastructure.

Review and approve the Bank’s Business Continuity Management Policy in dealing with various extreme internal/ external events and disasters.

Review and approve the entry into, or variation of, any contract, arrangement or commitment with any related party or any dealing involving conflict of interest situation.

Evaluate the effectiveness of the Management in managing the risks of the Bank.

Page 37

PRIMARY DUTIES: HUMAN RESOURCEPRIMARY DUTIES: HUMAN RESOURCE

Review and approve the appointment and removal of the Board of Directors, Shariah Supervisory Council (SSC) members and key senior management personnel holding the function of Managing Director, Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and such other function as determined by the Board of Directors from time to time.

Review and approve the remuneration of the Board of Directors, SSC members and key senior management personnel holding the function of Managing Director, Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and such other function as determined by the Board of Directors from time to time.

Review and approve Human Resource policy including but not limited to the succession planning policy, salary and remuneration schemes, code of conduct, whistle blowing procedures, disciplinary action procedures and grievance procedures.

Page 38

PRIMARY DUTIES : HUMAN RESOURCEPRIMARY DUTIES : HUMAN RESOURCE……contcont

Review and approve succession planning for the Board.

Annually review the performance of individual directors, SSC members and key senior management personnel including the Managing Director and effectiveness of the Board and the SSC as a whole.

Page 39

PRIMARY DUTIES: COMPLIANCEPRIMARY DUTIES: COMPLIANCE

Review relevant reports or proposals to ensure operations of the Bank are in compliance with:‐

The relevant framework of laws including but not limited to the Islamic Banking Act 1983, Companies Act 1965, Anti Money Laundering & Anti Terrorist Financing Act 2001 and any regulations and guidelines under the relevant laws;

The relevant Shariah principles; and

Any established policies and procedures of the Bank.

Perform the oversight function on any regulatory requirements as imposed by relevant regulatory authorities including Bank Negara Malaysia (BNM).

Consider and provide any response, attestation, undertaking or confirmation as required by regulatory authorities in relation to compliance with regulatory requirements.

Page 40

PRIMARY DUTIES : SHARIAH GOVERNANCEPRIMARY DUTIES : SHARIAH GOVERNANCE

Perform the oversight function over the effective functioning of Bank Islam Shariah governance framework and ensure that the framework commensurate with the size, complexity and nature of business.

Review and approve all policies relating to Shariah in relation to the Bank’s business and operations upon consultation with SSC.

Approve any corporate branding exercise affecting the corporate image of Bank Islam including logo, tagline and annual report.

Review and approve any appointment of corporate representatives and power of attorneys to act on behalf of the Bank.

The Board of Directors shall also have the authority to review and approve such other matters as determined by the Board of Directors of the Company, from time to time.

OTHER PRIMARY DUTIESOTHER PRIMARY DUTIES

Page 41

SHARIAH GOVERNANCESHARIAH GOVERNANCE

Page 42

SHARIAH GOVERNANCE FRAMEWORKSHARIAH GOVERNANCE FRAMEWORK

SHARIAH AS OVERARCHING PRINCIPLE IN BANK ISLAM

SHARIAH SUPERVISORY COUNCIL (SSC)

•Oversight accountability on Shariah matters.

BOARD OFDIRECTORS

(Overall oversight on Shariah governance structure & Shariah

compliance) BOARD RISK COMMITTEE

AUDIT & EXAMINATION

COMMITTEE (AEC)

MANAGEMENT•Ensure execution of business & operations are in accordance with Shariah principles.• Provide necessary resources, infrastructure, enablers to the SSC.

Shariah Risk Management Control Function:Identify, measure, monitor, report & control Shariah non‐compliance risk

Shariah Review Function:Review business operation on regular basis to ensure Shariah compliance.

Shariah Research Function:(under Product Development)Conduct in‐depth Shariah research prior to submission to Shariah Committee.

Shariah Audit Function:Provide independent assessment & objective assurance designed to value add & improve Bank Islam adherence to Shariah

Page 43

SHARIAH GOVERNANCE FRAMEWORKSHARIAH GOVERNANCE FRAMEWORK……CONTCONT

SHARIAH SUPERVISORY COUNCIL (SSC)

SHARIAH REVIEW COMMITTEE

SHARIAH DIVISIONPRODUCT DEVELOPMENT DEPT

SHARIAH AUDIT DEPT

Notes:•Chairman of Board Risk Committee and Chairman of Audit & Examination Committee are permanent invitees to SSC•Chairman of SSC and a member of SSC are permanent invitees to Board Risk Committee•Head of Shariah is a member of Management Committee, Management Risk Control Committee, Shariah Compliance Risk Control Committee & Product Development Committee.•Shariah Division is also represented in Financing Committees and Operational Risk Control Committee

Page 44

PRINCIPLES OF SHARIAH GOVERNANCEPRINCIPLES OF SHARIAH GOVERNANCE

Principle 1: It is the duty and responsibility of the Bank to establish a sound and robust Shariah governance framework with emphasis placed on the roles of key functionalities in ensuring effective implementation of the Shariah governance framework.

Principle 2: The Bank shall set out the accountability and responsibility of every key functionary involved in the implementation of Shariah governance framework.

Principle 3: Independence of the Shariah Committee shall be observed at all times in exercising their duties to make objective and informed judgment.

Principle 4: Any person bearing responsibilities outlined in the Shariah governance framework for the Bank shall possess the necessary competency and continuously enhance their knowledge and understanding on the Shariah as well as keep abreast on the latest developments in Islamic finance.

Page 45

Principle 5: Internal and privileged information obtained by the Shariah Committee members in the course of their duties shall be kept confidential at all times and shall not be misused.

Principle 6: Professional ethics, judgment and consistency shall be maintained in ensuring Shariah compliance

Principle 7: There shall be a robust Shariah compliance function, comprising review and audit functions, supported by risk management control process and internal research capacity.

PRINCIPLES OF SHARIAH GOVERNANCEPRINCIPLES OF SHARIAH GOVERNANCE……contcont

Page 46

SHARIAH SUPERVISORY COUNCILSHARIAH SUPERVISORY COUNCIL

Page 47


Page 48


The duties and responsibilities of the Council are principally based on the BNM Guidelines on the Governance of Shariah Committee for Islamic Financial Institutions (“BNM/GPS1”). The duties and responsibilities of the Council are:

Advising the Board and Management on Shariah related matters;

Reviewing and endorsing Shariah related policies and guidelines;

Endorsing and validating relevant documentations in the proposal of new products and services including contracts, agreements or other legal documentations used in executing banking transactions;

Endorsing and validating product guidelines, marketing. advertisements, sales illustrations and brochures related to the Bank’s products, services and activities;

Advising the Bank on the computation and distribution of Zakat;

Assisting and advising related parties such as the Bank’s legal counsels, auditors and consultants on Shariah matters upon request;

Page 49

SHARIAH SUPERVISORY COUNCILSHARIAH SUPERVISORY COUNCIL……contcont

Advising the Bank in consultation with the Shariah Advisory Council of BNM (“SAC”) on any Shariah matters which have not been resolved or endorsed by the SAC;

Recording any opinion given on Shariah related issues.

In particular, the Council shall prepare written Shariah opinions in the following circumstances:i. Where the Bank makes references to the SAC for advice; or

ii. Where the Bank submits applications to BNM for new product approval in accordance with guidelines on product approval issued by BNM;

Assisting the SAC on reference for advice. In such event, the SSC must explain the Shariah issues involved and recommend decision supported by relevant Shariah jurisprudential literature from relevant and established sources; and

Monitoring that all SAC’s decisions are properly implemented by the Bank.

Page 50

RESPONSIBILITIES OF THE BANK TOWARDS SSCRESPONSIBILITIES OF THE BANK TOWARDS SSC

It is the responsibilities of the Bank to perform the following with regard to the Council:

To refer all Shariah issues in its business operations to the Council for decision;

To adopt and take necessary measures for implementation of the Council's decision;

To have a Shariah Compliance Manual and obtain endorsement from the Council;

To provide sufficient resources to the Council including budget allocation, independent expert consultation, reference materials and training;

To ensure that the Council is familiar with the operations and business of the Bank;

To provide to the Council access to all relevant records, transactions, manuals and relevant information, as required by its members in performing their duties; and

To remunerate the members of the Council accordingly which commensurate with and reflect the duties and responsibilities of the Council.

Page 51

RESPONSIBILITIES OF THE BANK TOWARDS SHARIAH COMPLIANCERESPONSIBILITIES OF THE BANK TOWARDS SHARIAH COMPLIANCE

It is the responsibilities of the Bank to perform the following with regard to Shariah compliance:

To comply with all the Council decisions and establish Shariah requirements in its entire products, services, legal documentations and activities;

The Bank shall not change its allegiance and obedience to the Council decisions to suit its convenience. Such a practice could impair the independence of the Council members and have a damaging impact on the integrity and credibility of the Bank, in particular, and on the Islamicbanking industry as a whole; and

While the Council is responsible for forming and expressing decisions on the extent of the Bank’s compliance with the Shariah, the responsibility for compliancetherewith rests with the Management of the Bank.

Page 52

BOARD RISK COMMITTEEBOARD RISK COMMITTEE

Page 53

BOARD RISK COMMITTEEBOARD RISK COMMITTEE

The Board Risk Committee (“BRC” or “the Committee”) is a Committee of the Board of Directors to oversee the Management’s activities in managing credit risk, market risk, liquidity risk, operational risk, legal risk, Shariah risk and any other relevant risk and to ensure that the risk management process is in place and functioning.

The BRC is established to assist the Board in discharging its functions by having a focused forum that deliberates on risk management issues to ensure effective management of risks and enforcement of risk tolerance within Bank Islam

In addition, the Committee is responsible to review and assess the adequacy of the existing risk management framework in addressing various risk factors in Bank Islam.

Page 54

BRCBRC’’s RESPONSIBILITIESs RESPONSIBILITIES

Review and recommend risk management strategies, policies and risk tolerance for the Board’s approval.

Review and assess adequacy of risk management policies and framework in identifying, measuring, monitoring and controlling risk and the extent to which these are operating effectively.

Review the implementation of capital management in line with the Capital Adequacy Framework for Islamic Banks issued by Bank Negara Malaysia (BNM) and approve scenarios for stress test on capital adequacy.

Determine the risk appetite/ tolerance level of the Bank at enterprise and at strategic business unit levels including but not limited to sector limits and counterparty limits.

Review the allocation of risk‐adjusted capital and broad‐based limits across the Bank covering market, credit and operational risk.

Page 55

BRCBRC’’s RESPONSIBILITIESs RESPONSIBILITIES……contcont

Review and if necessary recommend to the Board, the Bank’s Business Continuity Management framework and policy for dealing with various extreme internal/ external events and disasters.

Review the effectiveness of the reporting structure for the overall business activities and risk management functions and the implementation of the appropriate system to manage various types of risks undertaken by the Bank.

Review the risk management processes, systems and internal controls throughout the Bank.

Review regularly the Management’s reports on risk exposure including Shariah compliance risk, risk portfolio composition and risk management activities including the adequacy of tools, systems and resources for the successful execution of risk functions within the Bank.

Page 56


Review and approve risk methodologies for measuring and managing risks arising from the Bank’s overall management of all risks covering market, credit and operational through identified tools.

Review and monitor Compliance initiatives and activities on anti money laundering / counter financing of terrorism (AML/CFT) and other regulatory requirements.

Review, monitor and regularly report to the Board on the following:‐i . credit transactions with connected parties;

ii. aggregate credit exposure to each connected party and their status; and

iii. material concentration.

Approve the engagement of external and independent reviewers for the validation of risk measurement methodologies and outputs.

Review and recommend to the Board any business proposals on the following:‐i. New products and services;

ii. Discretionary power or authority limits in relation to any product programs proposals.

Page 57


Review any business proposals particularly on:‐i. product programs and its performance;

ii. target market and risk acceptance criteria of any products or services; and

iii. product profitability assessment.

Ensure that a comprehensive risk management structure is in place to manage the risk associated with Mudharabah and Musharakah contracts, which include regular review on the performance of Mudharabah and Musharakah financing or investment, establishment of exit strategies including extension and redemption, and regular update to the Board on the exposures of Mudharabah and Musharakah financing or investment.

Review proposals on single or joint discretionary authority to members of Management / Committee and make relevant recommendations to the Board on the same;

Review and approve any new outsourcing proposals and take note of renewal of the outsourcing services, including the appointment and/or renewal of the outsourcing service provider.

Page 58

ROLE OF MANAGEMENT ROLE OF MANAGEMENT

Page 59

ORGANIZATION CHARTORGANIZATION CHART

Page 60

ROLE OF THE MANAGEMENTROLE OF THE MANAGEMENT

The management is led by the Managing Director and primarily responsible for:‐

Overseeing the day‐to‐day operations to ensure the smooth and effective running of the Bank;

Mapping the short‐to‐medium term business plan and implementing the policies and direction from the Board;

Coordinating the development and implementation of business and corporate strategies;

Developing and translating the strategies into a set of priorities and manageable goals;

Ensuring effective risk management controls;

Carrying out the financial management practices at the highest level of integrity and transparency;

Undertaking business and affairs of the Bank in an ethical manner and in full compliance with the relevant laws and regulations;

Providing effective leadership to the organization; and

Ensuring management competency including putting in place an effective succession plan to uphold continuity.

Page 61

OUR STAKEHOLDERSOUR STAKEHOLDERS

Who are the stakeholders?

What are key risk related to the stakeholders ?

What is their expectation with regards to risk management?

… managing a bank is about managing a trust. Banking is about managing risk.

Page 62

RISK OVERSIGHTRISK OVERSIGHT

Page 63

KEY PRINCIPLES KEY PRINCIPLES

Strong and visible commitment from all members of the top management

Central oversight of risk management function across the enterprise

Separation of duties between policy setting, monitoring and control on one hand; and risk origination and risk execution on the other hand

Clearly defined accountability

Risk appetite and strategy clearly defined by top management

Full ownership of risk and risk management at business‐unit level

Business units and risk taking units are formally involved and view risk as a thought partner

Robust risk management process reinforce organization design (e.g. KPI, incentive systems incorporate risk and return consideration

Page 64

INDEPENDENT UNITSINDEPENDENT UNITS

ShariahSupervisory Council

Head of Shariah

Page 65

INDEPENDENT FUNCTIONSINDEPENDENT FUNCTIONS

The Chief Internal Auditor (CIA) and the Chief Risk Officer (CRO) both report functionally to the Audit and Examination Committee (AEC) and the Board Risk Committee (BRC)respectively and administratively to the Managing Director.

The CIA provides regular reports on internal audit and the CRO reports on risks faced by the Bank to BRC and the Board.

The Board has unrestricted access to the CIA and the CRO respectively, and vice versa.

Annual Audit Plan is reviewed and approved by AEC. Risk Management Plan is an integral part of the Bank’s Business Plan, approved by the Board.

Performance and remuneration of CIA and CRO are determined independently by Chairman of AEC and Chairman of BRC respectively

Page 66

RISK MANAGEMENTRISK MANAGEMENT’’s MISSIONs MISSION

The Bank’s mission with respect to risk management is to advance its riskmanagement capabilities, culture and practices so as to be in line with

internationally accepted standards and practices. The main objective is to ensure that the Bank can continue to operate as a viable entity, even during periods of

extreme macro‐economic stress

Page 67

BANK ISLAMBANK ISLAM’’s RISK MANAGEMENT OBJECTIVESs RISK MANAGEMENT OBJECTIVES

Inculcate a risk‐awareness culture throughout the Bank;

Establish a standard approach and methodology in managing credit, market, liquidity, operational and business risks across the Bank;

Clarify functional structures including objectives, roles and responsibilities;

Implement and use a risk management information system that meets the international standards on confidentiality, integrity and its availability;

Develop and use tools, such as economic capital, value at risk and stress testing to support the measurement of risks and enhance risk‐based decisions;

Ensure that risk policies and overall risk appetite are in line with business targets;

Ensure that the Bank’s capital can support current and planned business needs in terms of risk exposures.

Page 68

RISK MANAGEMENT STRUCTURERISK MANAGEMENT STRUCTURE

Bank Islam recognizes that the essence of banking is centered on risk taking. In fact, the Bank strongly believes that its competitive advantage relies on how well it manages the risk related to opportunities available in the market.

As such, the Bank has continued to significantly invest in its risk management capabilities in terms of human resources, processes and information technology systems and tools during the period under review and has re‐defined the roadmap for further enhancement of its risk function.

Going forward, the next phase in further risk management sophistication and integration is the design and implementation of the Internal Capital Adequacy Assessment Process (“ICAAP”) under Basel II pillar 2 based on international best practices and standards.

Page 69

RISK MANAGEMENT PHILOSOPHYRISK MANAGEMENT PHILOSOPHY

The Bank has formulated a Risk Management Framework; a high‐level architecture for the ongoing development and enhancement of the Bank’s integrated risk management infrastructure and capabilities.

Philosophically, this framework is based on the concept of Solah which is the most important constituent of the Muslim Faith and one of the essential elements of Islam, as depicted in the following diagram.

Page 70

RISK GOVERNANCE FRAMEWORKRISK GOVERNANCE FRAMEWORK

Page 71

RISK GOVERNANCE FRAMEWORKRISK GOVERNANCE FRAMEWORK……cont cont

Business units and risk management units are represented at the respective committees/working groups, to reflect the joint ownership of business and risk management responsibilities by both the risk takers and risk managers.

On a functional basis, business units and business risk units form the first line of defense against risks. The Business units manage the risk‐reward trade‐off contained within the policies and guidelines laid down by the Bank. On the other hand, business risk units are principally responsible for monitoring and ensuring that the conduct of their business activities are carried out within the approved policies, product program parameters and business models.

Risk Management forms the second line of defense. Risk Management consists of credit risk management, market risk management and operational risk management and is responsible for assisting the Bank in formulating the risk management framework and policies, developing tools and methodologies for risk identification and measurement, performing independent risk monitoring and reporting to the Risk Management Committees and Board of Directors.

Page 72

RISK GOVERNANCE FRAMEWORKRISK GOVERNANCE FRAMEWORK……cont cont

Internal Audit (“IAD”) forms the third line of defense by providing independent assessments of risk management processes and infrastructure, as well as the adequacy and effectiveness of risk policies and internal controls.

Bank Islam’s IAD undertakes the audit of entities within Bank Islam based on an annual Audit Plan approved by the AEC. The Audit Plan that adopts a risk‐ based approach to audit, covers the review of adequacy of risk management and operational controls, compliance with laws and regulations, quality of assets and management efficacy.

The Internal audits highlight control and process weaknesses and makes appropriate recommendations for improvement to Management. Its authority is provided in the Audit Charter, which formally documents the roles, duties and responsibilities of IAD and relationship with the Board, AEC, Management, external auditors and regulators.

Overall, IAD has assisted in establishing within Bank Islam a sound internal control environment and promoting a compliant culture within the Bank and its subsidiaries.

Page 73

RISK GOVERNANCE DESIGN RISK GOVERNANCE DESIGN

Page 74

ROLES & RESPONSIBILITIES OF RISK MANAGEMENTROLES & RESPONSIBILITIES OF RISK MANAGEMENT

Page 75

MANAGEMENT RISK CONTROL COMMITTEE (MRCC)MANAGEMENT RISK CONTROL COMMITTEE (MRCC)

Monitoring and assessing the overall risks of the Bank including credit risk, market risk, operational risk and Shariah compliance risk.

Reviewing and approving all policies and guidelines proposed by business and support units to be in line with Bank Islam risk management policy, and where necessary make recommendations to the Board Risk Committee (“BRC”).

Approving new products/services, program or campaigns and reviewing existing products/services, program or campaign (that have deviation from RAC or product features) before recommending to the Shariah Supervisory Council (where relevant) and/or BRC and/or the Board, as the case may be in accordance with the Authority Limits.

Reviewing and recommending to BRC and/or the Board, Bank Islam’s Business Continuity Management framework and policy for dealing with various extreme internal/external events and disasters.

Proactive capital management as well as to allocate capital to the respective businesses.

Page 76

MANAGEMENT RISK CONTROL COMMITTEE (MRCC)..contMANAGEMENT RISK CONTROL COMMITTEE (MRCC)..cont

Monitoring and reviewing initiatives and activities under the Risk Management Roadmap through regular reporting on risk exposures, risk portfolio composition and risk management activities including the adequacy of tools, systems and resources for the successful execution of risk functions within the Bank.

Reviewing, monitoring and regularly reporting to BRC credit transactions with connected parties, aggregate credit exposure to each connected party and their status and material concentration.

Reviewing and monitoring Compliance initiatives and activities on anti money laundering and regulatory requirements.

Overseeing the function of MRCC sub‐committees namely Operational Risk Control Committee (ORCC), Recovery Management Committee (RMC) and Shariah Compliance Risk Control Committee (SCRCC).

Undertaking such other duties as may be deemed appropriate as instructed by the Board Committees and/or the Board.

Page 77

ASSET LIABILITY MANAGEMENT COMMITTEE (ALCO)ASSET LIABILITY MANAGEMENT COMMITTEE (ALCO)

Monitoring, reviewing and approving dealing, proprietary trading and asset liability management (ALM) strategies, policies, guidelines and procedures and where necessary making recommendations to the Board Risk Committee and/or the Board.

Approving and reviewing pricing for any product / product program.

Approving and reviewing market risk and ALM measurement models and assumptions.

Recommending proposals with regards to acquisition, allocation and management of funds to be consistent with the regulatory requirements, liquidity needs and market factors, and also other matters which are market and liquidity risk related.

Reviewing economic and market scenarios to assist in the formulation of strategies and directions of the Bank especially with regard to the management of its assets and liabilities.

Page 78

OPERATIONAL RISK CONTROL COMMITTEEOPERATIONAL RISK CONTROL COMMITTEE

Reviewing the adequacy of policy and guideline related to operational risk before recommending to MRCC and BRC for approval.

Reviewing the adequacy of the manuals related to operational risk and approving any new manuals or review of existing manuals related to operational risk; and to take note of new/revised manual submitted by Organisation & Methods on quarterly basis;

Reviewing and approving the Operational Risk Management (ORM) groups set up to address specific areas, the strategic initiatives / plans / the methodologies / measurement tools and where necessary making recommendations to MRCC or BRC.

Reviewing and where necessary making recommendations or approving the awareness program conducted and the effectiveness through the identified tools.

Page 79

OPERATIONAL RISK CONTROL COMMITTEEOPERATIONAL RISK CONTROL COMMITTEE……contcont

Reviewing and/or approving any changes or action plans pertaining to the adequacy and effectiveness of the following areas, including but not limited to:

Existing process weaknesses, internal controls and system defects, that may lead to potential loss events or adversely impact operations;

Business Continuity Management (BCM) which comprises of both Bank’s Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP);

Fraud Reporting and Anti Money Laundering (AMLA) matters;

Management Awareness Self Assessment (MASA), self‐auditing issues and audit findings;

Litigation against the Bank and any significant decision affecting Bank Islam and Islamic Banking;

Loss events arising from fraud or non‐fraud or fidelity claim status;

IT Support issues; and

Customers’ complaint.

Undertaking such other duties as may be deemed appropriate as instructed by the Management Committees and/or Board Committees and/or the Board.

Page 80

SHARIAH COMPLIANCE RISK CONTROL COMMITTEESHARIAH COMPLIANCE RISK CONTROL COMMITTEE

SCRCC is the sub‐committee of MRCC in over sighting the Shariah compliance risk of the Bank and ensure that such risks are managed in effective and efficient manner. The committee makes appropriate recommendations where necessary to MRCC and BRC. In addition, SCRCC from time to time decides on the rectification manner, responsible functions and mechanism in addressing Shariah compliance risk of the Bank

Discussing all Shariah non‐compliances and potential Shariah non‐compliances and recommending its rectification plans;

Reviewing and recommending changes on the Shariah related policies/ guidelines and manuals/ procedures;

Deliberating and reviewing the effectiveness of Shariah compliance programs and initiatives to improve Shariah compliance awareness bank‐wide; and

Page 81

RISK MANAGEMENT 3RISK MANAGEMENT 3‐‐YEAR ROADMAPYEAR ROADMAP

MaximiseEarningsPotential

EarningsStability

ProtectionAgainstUnforeseenLosses

Increased Risk Management Sophistication

‐ Risk Identification‐ Risk Management/Assessment‐ Risk Reporting‐ Processes & Procedures‐ RMS(datamart, credit risk, Basel II)

Loss Minimization/Risk Control Framework

‐ Risk‐based product pricing‐ Linking risks and returns‐ Measuring risk adjusted performance

‐ Integration of market, credit and operational risks

‐ RMS(market, operational)

‐ Economic capital‐ RAROC‐ Bank‐wide VaR‐ Incremental VaR‐ RMS(economic capital, RaRoc, IRB)

‐ Full compliance with Pillar 2

2009 2010 2011

RAPM Framework

Active Portfolio ManagementFramework

Reactive

Active

Proactive

Page 82

OVERALL RISK MANAGEMENT STRATEGY PILLARSOVERALL RISK MANAGEMENT STRATEGY PILLARS

Page 83

ENTERPRISE WIDE RISK MANAGEMENT THROUGH ICAAPENTERPRISE WIDE RISK MANAGEMENT THROUGH ICAAP

Measurement of risk and required capital under BIS2 Integration of risk and capital in strategic

decisions and planningPillar 1 risks Pillar 2 risks External factors

Risk governance and control

Credit risk data issues

Market Risk

Market risk data issues

BIS1

Credit risk

Model risk

Legal risk

Interest rate risk bank book

Liquidity risk

Business risk

Strategic risks

Country & transfer risk

Concentration risk

Operational Risk

Stress tests / scenarios

Macro‐economic risks Risk based pricing

Risk adjusted performance management

Active credit portfolio and capital management

Business planning and budgeting

Risk appetite / capital management

Coherence of risks and results (EL vs LLP)

Roles and responsibilities•Supervisory Board•Executive Committee•Internal audit•Risk Department•Finance Department•Strategic Planning•Investor relations•Branches Risk governance•Committees•Limit system•Reporting•Escalations

Minimum Standards for risk•Independent internal control•Sound risk assessment•Risk disclosure

Risk Issues Finance Issues Corporate Governance

ICAAP

Page 84

RISK CULTURERISK CULTURE

The Bank’s risk culture is the most important factor in determining the long‐term effectiveness of the risk management strategy. Risk culture is defined as “The norms and traditions of behaviour of individuals and of groups within an organization that determine the way in which they identify, understand, discuss and act upon the risks the organization confronts and the risk it takes” (IIF July 2002)

The Bank’s risk culture evolves over time and is a reflection, amongst others, of senior management actions, effective enforcement of policies and guidelines, communication strategies and education

The Bank must continuously measure the effectiveness of its risk culture against the following risk culture spectra:

Regard for risk versus disregard for risk

Strong risk visibility versus a culture of ‘sweeping things under the carpet’

Active risk response versus failure to respond

Cross organizational risk awareness versus ignorance

Page 85

RISK CULTURE RISK CULTURE –– CRITICAL SUCCESS FACTORSCRITICAL SUCCESS FACTORS

Top Management is a Sponsor – Management must promote/live the risk culture

Embedding Risk Appetite in the organization

Risk‐based Business Model – The risk culture must be linked to the overall business model

Risk‐based Reward System – Risk management and culture are embedded in the Key Performance Indicators

Integrated & Consistent Approach – Risk decisions must be balanced on a risk‐reward basis in all business/operating units or all levels of the enterprise

Ensure understanding and buy‐in by all staff

Adequate tools and infrastructure

Continues education, awareness and motivation of the importance of risk culture

Page 86

RISK APPETITERISK APPETITE

Risk Appetite can be broadly defined as the variability in results that an organization and its senior executives are prepared to accept in support of a stated strategy, impacting all businesses from a credit, market and operational risk viewpoint. More specifically the various elements of the Risk Appetite Framework are as follows.

Capacity: The limit of risk that can be taken by the organisation

Appetite: level of risk deemed acceptable by senior management in pursuit of strategy

Tolerance: how much risk the organisation is prepared to take per risk type or Business Unit

Limits: specific thresholds or targets for key risk metrics across risk dimensions and classifications

Page 87

RISK APPETITE FRAMEWORKRISK APPETITE FRAMEWORK

Alignment of risk taking with strategic objectives

Need to ensure that risk taking activities create value

Protection of stakeholders’interests

Desire to create ‘risk‐reward’culture that promotes risk taking within tolerance

Risk AppetiteFramework

Business Drivers Regulatory/Rating Agency Drivers

Risk appetite and tolerance are core concepts within rating agencies’expectations with respect to ERM

BNM requires the bank to understand its risk appetite and tolerance for each relevant risk category

By complying with PIDM risk criteria, the Bank will pay lower deposit premiums

Page 88

RISK ASSESSMENT APPROACHRISK ASSESSMENT APPROACH

Every risk element must be identified, assessed, categorized and measured. Risk identification requires a thorough analysis of the Bank’s activities, its business units, regulatory and market environment and historical and/or scenario based analyses. Risk identification is carried out using both the top‐down approach (also known as the Library Approach) and the bottom‐up approach (or the questionnaire approach).

Risk assessment is done using the 4M approach:Assess whether or not the risk is Material

Assess how risks are being Managed

Assess how risks are being Measured

Assess how risks are Mitigated

Each risk will then be mapped and categorized in so called risk maps which in turn will be compiled into a risk library

Page 89

EFFECTIVENESS OF MANAGEMENT OVERSIGHT EFFECTIVENESS OF MANAGEMENT OVERSIGHT COMMITTEESCOMMITTEES

Page 90

REVIEW OF THE EFFECTIVENESS OF MANAGEMENT OVERSIGHT REVIEW OF THE EFFECTIVENESS OF MANAGEMENT OVERSIGHT

Page 91

FUNCTIONAL MAPPING OF MANAGEMENT OVERSIGHT COMMITTEESFUNCTIONAL MAPPING OF MANAGEMENT OVERSIGHT COMMITTEES

Page 92

FUNCTIONAL MAPPING OF MANAGEMENT OVERSIGHT FUNCTIONAL MAPPING OF MANAGEMENT OVERSIGHT ……contcont

Page 93


Page 94


Page 95


Page 96


Page 97


Page 98

BENCHMARKINGBENCHMARKING

Page 99

Q & A SESSIONSQ & A SESSIONS

Page 100

شكراشكراوالسالوالسالجزيالجزيال

ممDisclaimer: This presentation material has been prepared by Bank Islam Malaysia Berhad (the Bank”) for information purposes only and does not purport to contain all the information that may be required to evaluate the Bank or its financial position. No representation or warranty, express r implied, is given by or on behalf of the Bank as to the accuracy of the information or opinions contained in this presentation. The presentation does not constitute or form part of an offer, solicitation or invitation of any offer, to buy or subscribe for any securities , nor should it or any part of it form the basis of, or be relied in any connection with, any contract, investment decision or commitment whatsoever. The Bank does not accept any liability whatsoever for any loss howsoever arising from any use of this presentation or their contents or otherwise arising in connection therewith.

BANK ISLAM MALAYSIA BERHAD11th Floor, Wisma Bank IslamJalan Dungun, Bukit Damansara50490 Kuala LumpurTel: 603 2088 8222

www.bankislam.com.my

Hizamuddin JamalluddinGeneral Manager, Strategic PlanningManaging Director’s OfficeContact: 602 2088 8077Email: [email protected]

Documents

Special Briefing - Governance Structure-Final Islam Malaysia Bhd Datuk Ismee Ismail Group Managing Director Lembaga Tabung Haji Johan Abdullah Group Managing Director BIMB Holdings