1. Home
  2. Insights
  3. Alerts
  4. January 2024

Bank Negara issues policy document on Responsibility Mapping

15 January 2024

Bank Negara Malaysia (“BNM”) issued a policy document on Responsibility Mapping (“policy document”) on 29 December 2023.
 
Application
 
The policy document comes into effect on 1 January 2026 and applies to: 
  • licensed banks under the Financial Services Act 2013 (“FSA”);
  • licensed investment banks under the FSA;
  • licensed Islamic banks under the Islamic Financial Services Act 2013 (“IFSA”);
  • licensed insurers under the FSA;
  • licensed takaful operators under the IFSA;
  • prescribed development financial institutions under the Development Financial Institutions Act 2002; and
  • financial holding companies under the FSA and the IFSA, 
(severally an “FI” and collectively “FIs”).
 
In this article, we will summarise some of the key requirements of the policy document.
 
Objectives
 
The policy document seeks to: 
  • ensure that responsibilities for all functions of an FI are clearly allocated to members of senior management within the FI;
  • clarify and strengthen the accountability of members of senior management to whom responsibilities are allocated, in particular where there are shared responsibilities, collective decision-making as well as centralised functions and matrix reporting structures within groups; and
  • encourage an FI to carefully consider whether the allocation of responsibilities to members of senior management is compatible with effective risk management practices, taking into account the size, scale and complexity of the FI’s operations. 
The policy document clarifies that responsibility mapping is intended to exist in parallel with existing governance arrangements where decisions are made at designated collective decision-making forums.
 
Responsibilities
 
The responsibilities referred to in the policy document are those held in relation to a business, operational or control function, which must, at the minimum, include the nine responsibilities listed in Appendix 1 which are to be allocated to members of senior management, as well as additional responsibilities identified by an FI. Among others, Appendix 1 includes the responsibility for: 
  • the management of credit, liquidity, market and operational risks including climate-related risks;
  • the formulation of the FI’s recovery plan, recovery planning process and the implementation of the recovery plan;
  • the implementation of the FI’s operational resilience framework;
  • the integrity of all regulatory reporting;
  • the policies on the fair treatment of financial consumers;
  • the management of capital, including the Internal Capital Adequacy Assessment Process (ICAAP) and stress testing; and
  • the policies, processes and procedures for anti-money laundering, countering financing of terrorism and proliferation financing. 
Senior management
 
For the purposes of the policy document, “senior management” refers to the chief executive officer (“CEO”) and senior officers, who are employed by an FI or its affiliate1, which must include, at the minimum, the senior management roles listed in Appendix 2; and “senior officer” refers to a person, other than the CEO, who is employed by an FI or its affiliate, and has authority and responsibility for planning, directing or controlling the activities of the FI.
 
Appendix 2 identifies 11 senior management positions and outlines the primary responsibility of the individuals holding such positions. For example, the “Chief Risk Officer” is primarily responsible for the risk management function and risk management framework of the FI whilst the “Appointed Actuary” is primarily responsible for ensuring the valuation of actuarial and other policy liabilities is in accordance with accepted actuarial principles, practices and applicable requirements. Another example is the “Head of business function”, who is primarily responsible for the management and conduct of a business activity of the FI, such as for either retail or corporate banking within a banking business.
 
Principles
 
The policy document sets out four principles of responsibility mapping.
 
Principle 1 : FIs shall adopt and implement an effective process for identifying and allocating responsibilities to members of senior management as part of internal governance arrangements that promote sound management and decision making.
 
The board of directors is responsible for overseeing the adoption and implementation of the FI’s responsibility mapping framework. Among others, it must be satisfied that the FI adopts and implements an effective process for: 
  • identifying responsibilities to avoid any organisational blind spots;
  • identifying and assigning a member of senior management to be accountable for the relevant responsibility;
  • assessing the fitness and propriety of each member of senior management vis-à-vis their allocated responsibilities, prior to appointment and on an ongoing basis throughout their tenure of appointment; and
  • documenting the responsibilities of each member of senior management, including timely updates where there are material changes. 
The CEO must ensure the responsibilities are comprehensively identified. In doing so, the CEO shall have regard to the following: 
  • the distribution of responsibilities to members of senior management, taking into account the FI’s size, scale, risk profile and complexity;
  • identify the responsibilities with the appropriate level of granularity so that there is clarity as to where accountability lies in respect of any aspect of the FI’s business, operations or control functions; and
  • the governance structures surrounding areas where there are shared responsibilities, collective decision-making, matrix reporting and centralised functions. 
Principle 2 :  The CEO shall ensure that all identified responsibilities are allocated to senior officers who are fit and proper for their roles.
 
The CEO must, among others, ensure that: 
  • all identified responsibilities are allocated to senior officers who are to be primarily responsible for: (a) the planning, directing or controlling of the business, operational or control function; and (b) reporting matters pertaining to the relevant function to the CEO or the board, as the case may be;
  • the FI conducts the necessary due diligence to ensure that senior officers to whom responsibilities are allocated have the professional competence, authority and capabilities to fulfil their responsibilities; and
  • where a responsibility is allocated to a senior officer who is an employee of the FI’s affiliate: (a) the affiliate is either a financial institution supervised by BNM, or an entity supervised by a financial regulatory authority which has an effective supervisory cooperation arrangement with BNM; and (b) the CEO has the ability to influence the performance assessment and remuneration of the senior officer of the affiliate. 
Principle 3 : Members of senior management to whom responsibilities are allocated shall be accountable for the management and conduct of the responsibilities, including the staff under their purview.
 
The responsibilities of members of senior management are set out in paragraphs 7.9 to 7.12 of the policy document. Among others, these include: 
  • acting with honesty and integrity;
  • exercise due care, skill and diligence;
  • taking reasonable steps to ensure that delegation of responsibilities is appropriate and properly overseen;
  • establishing appropriate governance and risk management controls and dealing with risk and control issues in a timely and appropriate manner; and
  • ensuring that responsibilities are adequately resourced with the right talent and necessary infrastructure. 
Where a member of senior management delegates his/her responsibilities, such member shall continue to remain accountable for the responsibilities.
 
Where responsibilities are shared by more than one member of senior management, the FI shall ensure that all individuals are jointly and severally accountable for such responsibilities.

Principle 4 : FIs shall maintain a complete and up-to-date documentation of responsibilities for each member of senior management (“documentation of responsibilities”).
 
The documentation of responsibilities must, among others: 
  • be clear and comprehensive;
  • articulate the responsibilities of a member of senior management;
  • be prepared with appropriate involvement of the member of senior management concerned; and
  • include the information described in paragraph 7.16 of the policy document. 
The documentation of responsibilities must be made available to BNM upon request.
 
Article by Francine Ariel Paul (Senior Associate) and Faith Chan (Associate) of the Corporate Practice of Skrine.
 
 
1 The policy document defines “affiliate” as, in relation to an entity, referring to any corporation that controls, is  controlled by, or is under common control with, the entity

This alert contains general information only. It does not constitute legal advice nor an expression of legal opinion and should not be relied upon as such. For further information, kindly contact skrine@skrine.com.

  • Proud to be a member of
  • connect with us
  •  
  •