Page 38 - KWAP_Integrated-Report_2023
P. 38

ENRICHING tHE FUtURE  ENRICHING NAtIoNAL PRoGRESS  ENRICHING STAKEHOLDER VALUE   ENRICHING SUStAINABLE IMPACt



         PRINCIPAL RISKS (CONtINuED)





           R7         Cyber Security Risk

              Cyber Security risk is potential threats or   Our response:
              vulnerabilities that can compromise the   •   Implements  a  robust  Cyber  Security  Framework  and
              confidentiality, integrity and availability of   Programme to effectively manage risk of cyberattacks
              an organisation’s digital assets, information   and strengthen the monitoring of security controls.
              systems and data. The growing reliance on   •   Establish  Cyber  Security  Incident  Response  Plan
              technology and digital infrastructure in an   and perform Cyber Security Incident simulation on
              increasingly digital world has increased the risk   ransomware attack to test the readiness of KWAP in
              of cyberattacks. With technology continuing   responding to cyber security threats.
              to evolve, the risks associated with cyber   •   Conduct  regular  security  awareness  programmes  for
              security are likely to increase, resulting in   employees such as Security Awareness Training (SAT)
              increasing losses due to cyber theft or cyber   modules and simulated phishing exercises.
              terrorism including loss of productivity due to   •   Deployment of network detection and response tools to
              increased cybercrimes. In addition, the artificial   respond to cyberattacks.
              intelligence  (AI)  is  expected  to  be  widely   •   Implement Local Administrator Password Solution (LAPS)
              adopted by both cybercriminals and those in   measure to restrict cyber security threat exposure.
              cyber security and accelerating change in this
              sector.

              Risk Category: Emerging Risk

           R8         Compliance Risk

              Compliance risk is the risk of legal or regulatory   Our response:
              sanction, financial loss or loss to reputation   •   Establish  a  Compliance  Framework  which  forms  the
              that an organisation may suffer as a result of   building blocks of our compliance function.
              its failure to comply with all applicable laws,   •   Robust compliance process which includes Identification,
              regulations, codes of conduct and standards or   Assessment, Attestation, Monitoring and Reporting as
              good practice.                               well as Validation.
                                                        •   Tone-from-the-top   uncompromising   stance   on
              Risk Category: Traditional Risk              compliance which expands to all our external fund
                                                           managers.
                                                        •   Implement  compliance  controls  such  as  Chinese
                                                           Wall Policy, Automated Self-Compliance Checklist,
                                                           Compliance Review Exercises, Risk and Compliance
                                                           Visits to EFMs as well as Know Your Counterparty (KYC)
                                                           Screening.















          36  KUMPULAN WANG PERSARAAN (DIPERBADANKAN)  i  INtEGRAtED REPoRt 2023
   33   34   35   36   37   38   39   40   41   42   43