Popular
BlogNEW
CompaniesNEW
Finance
Technology
Banking
Information Technology
Oil and Energy
Internet
Mining and Metals
Communications
Real Estate
Biotechnology
Automotive
Medical
Retail
Energy
Investor Presentaiton slide image

Investor Presentaiton

MORGAN STANLEY BANK ASIA LIMITED NOTES TO THE FINANCIAL STATEMENTS Year ended 31 December 2020 26. OPERATIONAL RISK (CONTINUED) The Operational Risk Department provides independent oversight of operational risk and assesses measures and monitors operational risk against tolerance. The Operational Risk Department works with the business divisions and control groups to help ensure a transparent, consistent and comprehensive framework for managing operational risk within each area and across the Company. The Operational Risk Department scope includes oversight of technology risk, cybersecurity risk, information security risk and data risk management programme (e.g., cybersecurity), the fraud risk management and prevention programme and third party risk management (supplier and affiliate risk oversight and assessment) programme. Furthermore, the Operational Risk Department supports the collection and reporting of operational risk incidents and the execution of operational risk assessments; provides the infrastructure needed for risk measurement and risk management; and ensures ongoing validation and verification of the Company's advanced measurement approach for operational risk capital. The Fusion Resilience Centre's mission is to understand, prepare for, respond to, recover and learn from operational threats and incidents that impact the Morgan Stanley Group, from cyber and fraud to technology incidents, weather events, terror attacks, geopolitical unrest and pandemics. Programmes for Business Continuity and Disaster recovery are designed to mitigate risk and enable recovery from business continuity incidents impacting the Company's people, technology, suppliers and/or facilities. Business divisions within the Morgan Stanley Group and control groups maintain business continuity plans, including identifying processes and strategies to continue business critical processes during a business continuity incident, the business unit will be able to continue its critical processes and limit the impact of the incident to the Morgan Stanley Group and its clients. Technical recovery plans are maintained for critical technology assets and detail the steps to be implemented to recover from a disruption. Business units also test the documented preparation to provide a reasonable expectation that, during a business continuity events. Disaster recovery testing is performed to validate the recovery capability of these critical technology assets. The Company maintains a programme that oversees its cyber and information security risks. The Company's cybersecurity and information security policies, procedures and technologies are designed to protect the Company's information assets against unauthorised disclosure, modification or misuse and are also designed to address regulatory requirements. These policies and procedures cover a broad range of areas, including: identification of internal and external threats, access control, data security, protective controls, detection of malicious or unauthorised activity, incident response and recovery planning. In connection with its ongoing operations, the Company utilises third-party suppliers, which it anticipates that such usage will continue and may increase in the future. These services include, for example, outsourced processing and support functions and consulting and other professional services. The Company's risk-based approach to managing exposure to these services includes the performance of due diligence, implementation of service level and other contractual agreements, consideration of operational risk and ongoing monitoring of third-party suppliers' performance. The Company maintains a third-party risk programme which is designed to align with our risk tolerance and meet regulatory requirements. The program includes appropriate governance, policies, procedures, and enabling. The third-party risk programme includes the adoption of appropriate risk management controls and practices throughout the third-party management lifecycle to manage risk of service failure, risk of data loss and reputational risk, among others. 49 49
View entire presentation

Product

HomeSearchAccount

Categories

Finance PresentationsTechnology PresentationsBanking PresentationsInformation Technology PresentationsOil and Energy PresentationsInternet PresentationsMining and Metals PresentationsCommunications PresentationsReal Estate PresentationsBiotechnology PresentationsAutomotive PresentationsMedical PresentationsRetail PresentationsEnergy Presentations

Company

InsightsContactSupport

Legal

Terms of ServicePrivacy Policy

Connect

TwitterLinkedInInstagramYouTube