Operational risk is the risk of loss resulting from inadequate of failed internal processes, people and systems or from external events. Through Operating Risk Event (ORE) reporting KWAP is able to capture and record on loss events or near misses that occur within KWAP business operations. It also serves as an avenue whereby relevant departments cooperatively work towards addressing risk issues pertinent to the reported events facilitated by RMCD.

In addressing the reported OREs, proactive measures were taken such as conducting a review on key processes to include new controls or ensuring a more clearly defined roles and responsibilities for parties involved.

​Business Continuity Management (BCM)


Business Continuity Management (BCM)

Business Continuity Management (BCM) has always been one of KWAP priorities. KWAP continued with the implementation of BCM framework and identified areas where improvement can be made to internal capabilities and competencies to mitigate the risk of severe operational disruptions.

One of the key activities was Disaster Recovery Exercise (DRE) where KWAP is tested on its ability to recover critical functions within a set timeline and thus ensure operational continuity despite the disruption.






The compliance function in the organization has gained prominence in recent years due to the nature and size of financial losses and loss of reputation that arise from compliance breaches. Compliance serves as an independent function that identifies, assesses, advises on, monitors and reports on the compliance risk.


The main objectives of compliance is to preserve KWAP's reputation so that our competitive standing, reputation and shared value are not only maintained, but also enhanced. To achieve this objective, the KWAP's underlying mission is to effectively measure and manage the compliance risk of the organization to meet the expectations of all stake holders. Compliance Risk within KWAP is defined as the risk of impairment to the organization's business model, reputation and financial condition from a failure to meet laws and regulations, internal policies and the expectation of the stakeholders. Providing the foundation to this aspiration is the Compliance Framework which was implemented in 2010; from which the building blocks of the compliance functions are shaped. In managing the roll-out of Compliance Framework, Compliance has adopted the Three Lines of Defense Model in managing the compliance risk in KWAP.


The three lines of defense model is adopted by KWAP for the internal control framework in the context of risk management, corporate governance and risk oversight. On a functional basis, top management and front liners form the first line of defense against compliance risk. On the other hand, they are principally responsible for monitoring and ensuring that the conduct of their business activities are carried out within the approved policies. Aside from that, Compliance Liaison Officer is appointed in each department to act as reference point in any non-compliance issues and ensure that their departments are kept abreast in any implementation of new policies and guidelines. Risk Management and Compliance Department (RMCD) forms the second line of defense. Compliance function has a key role in their control structure. This includes helping the business to anticipate the regulatory/ internal policy requirements, thoroughly assess the potential compliance risks and ensure that the business knows how to meet its obligations on a day-to-day basis. The third line of defense is internal audit which undertakes independent and regular ex-post reviews of the overall organization internal controls, and the risk and compliance to regulatory requirements.


Scope of Compliance


a)      Regulatory Compliance

This covers the external regulations and guidelines which KWAP is bound to comply with such as the relevant Act of Parliament, Minister of Finance's Decree and relevant guidelines by regulatory bodies such as Bank Negara Malaysia, Securities Commission and Bursa Malaysia. The ownership of the regulatory compliance is with the relevant operating unit at transactional or operating level, where any potential breaches shall be identified upfront before the event. A proactive approach has been adopted as non-compliance to the regulatory compliance is not an option.


b)      Internal Compliance

This covers the compliance to the internal policies and guidelines, as example, Investment Policy and Guidelines, Discretionary Authority Limits and Standard Operating Procedures. RMCD approach in ensuring the internal compliance are sustained through the risk limit control in the investment system and operational process controls are embedded in the Standard Operating Procedures.


Compliance Process


Compliance activities are closely intertwined with compliance developments on the global front, existing legal requirements as well as the KWAP's policies and procedures. The following diagram illustrate the compliance process and general approach taken in managing the compliance risk.


Value of Compliance


As business models change, new technologies emerge and new investment asset classes increase amidst the intense focus on operational efficiencies, KWAP has never been more exposed to such a myriad of risks. In this regard, Board and Senior Management of KWAP have extended their fullest support and cooperation in moving the compliance to the front-line. They have done this by establishing the tone from the top, which is quite simply, to comply with all rules and regulations and employ ethical behavior. All staff are aware that the Board and Senior Management must take uncompromising stance if such trust is breached. The Compliance unit is increasingly becoming a point-of-reference and advisor for key strategies initiatives that KWAP embarks on.


The effective penetration of a proper compliance culture into all business and operating units has enhanced our public domain presence and facilitated early detection of compliance risk. This has resulted in quicker compliance risk mitigation actions being undertaken. KWAP recognizes that a strong compliance culture is the foundation for good compliance practices and it is imperative that this becomes and intrinsic trait of the organization.


Chinese Wall Policy


KWAP developed and implemented its Chinese Wall Policy in 2014. KWAP's Chinese Wall Policy was introduced to establish procedures to control the flow of material non-public and price sensitive information within KWAP to minimize the risk of insider trading and potential breach of laws and regulations. It also helps to ensure that the possession of material non-public and price sensitive information does not give rise to the risk or perceived risk of a conflict between the public interest, KWAP interest and the staff's personal interest. The governance prescribed in this Policy sets out the means to avoid possible leaks of information thus avoiding unfair advantage to profit from or reduce losses ahead of the general public obtaining the said information.​