RISK MITIGATION D. COMPLIANCE Non-Compliance with Regulatory Requirements Non-Compliance and breach of local laws, regulations, industry guidelines, and consumer authority requirements of multiple jurisdictions could lead to license and operational revocations. The Group mitigates this risk by maintaining a high level of engagement with the regulators of each jurisdiction so that all regulatory requirements are adhered to constantly. Furthermore, the Group monitors all local regulatory landscapes for new or amended regulations that affect the Group. Data Security and Privacy Violation of data privacy laws and regulations that could cause potential litigation and loss of customer confidence. The Group mitigates this risk by establishing a data governance framework with data security and privacy working group that reviews existing policies and procedures to ensure complete compliance with the required laws, regulations and best practices. Anti-Bribery and Anti-Corruption Regulatory Requirements This had been an Act by the Malaysian Anti-Corruption Commission (MACC) that was enacted in 2008 and then amended in 2018. This amendment had incorporated Section 17A that puts all Management and the Board of Directors to be held accountable and responsible for any act of bribery and corruption with the organisation in any jurisdiction that it has business operations. The Group mitigates this risk by adopting a zero tolerance policy on bribery and corruption. This policy has been disseminated to all internal personnel and external parties that conduct business transactions with the Group. All internal personnel are required to acknowledge their awareness of this policy. INTERNAL CONTROL FRAMEWORK The following key internal control structures (including the AC and the GIAD disclosed above) are in place to assist the Board to maintain a proper internal control system: Board Governance The Board has oversight of the Group’s operations and is kept updated on activities in a timely and regular basis through Board meetings with formal agenda on matters for discussion. The Board of Capital A has established four (4) committees, namely the AC, RMC, Nomination and Remuneration Committee and SRB to assist it in executing its governance responsibilities. Further information on the various Board Committees is provided in the Corporate Governance Overview Statement from pages 164 to 173 of this Annual Report. Senior Management Responsibilities Regular management and operations meetings are conducted by Senior Management, which comprises the Chief Executive Officer (“CEO”), President (Aviation), President (Commercial), President (Ventures), Chief Financial Officer (“CFO”) of the Group, CEOs of various airline and non-airline operating companies, and Heads of Department. The Boards of our associated companies include our representatives. Information on the financial performance of our associated companies is provided regularly to the Management and Board of the Company via regular management reports and presentations at Board meetings. In respect to the joint ventures entered into by the Group, the Management of the joint ventures, which consist of representatives from the Group and other joint venture partners, are responsible to oversee the administration, operation and performance of the joint ventures. Financial and operational reports on the joint ventures are provided regularly to the Management of the Company. Segregation of Duties Segregation of duties is embedded in the key business processes. The Group has in place a system to ensure there are adequate risk management, financial and operational policies and procedures. 1 8 2 C A P I T A L A B E R H A D Statement on Risk Management & Internal Control (cont’d.)
RkJQdWJsaXNoZXIy ODU0MjU5