Enhancing Risk Management, Surveillance and Supervision

Against a backdrop of a challenging macroeconomic environment, tightening of financial conditions and concerns arising from geopolitical conflicts, the SC remained vigilant of emerging risks and vulnerabilities that may pose a threat to the systemic stability of the domestic capital market.

Mitigating Systemic Risks And Promoting Financial Stability

Monitoring and Management of Systemic Risks

Robust risk governance framework
In 2022, the SC enhanced its enterprise-wide risk governance framework aimed at further enhancing the effectiveness, including predictability, of its risk surveillance approach. Under the SC’s risk governance framework, the Systemic Risk Oversight Committee (SROC) is supported by the Market Risk Committee (MRC) and Technology and Cybersecurity Risk Committee (TCRC) to monitor, mitigate, and manage systemic risk arising from various segments within the capital market (Figure 1).¹ This risk governance framework embeds capital market risk surveillance and monitoring within business functions to enable robust management of risks impacting the Malaysian capital market.
The SC also strengthened its framework for managing market crisis through the Capital Market Crisis Management Framework (CMCM Framework) which provides clear operational processes and guidance aimed at better co-ordination within the SC.
Enhanced engagements and inter-agency discussions
The SC held frequent discussions and engagements including with regulatory agencies such as Bank Negara Malaysia (BNM) and Labuan Financial Services Authority (Labuan FSA), to identify financial stability and systemic risk concerns within the Malaysian financial and capital markets. Geopolitical tensions, cyber vulnerabilities, digital assets and ESG risks were discussed to ascertain possible impact on the capital market and ensure prompt response and better co-ordination. Domestic equity and bond markets, foreign fund flows and trade participation were also monitored for potential stress points.
Risk assessments outlining capital market resilience
In 2022, the SC conducted risk assessments on various components of the capital market. The assessments cover the following components namely equity market and infrastructure, bond market, digital assets, investment flows, investment management, stockbroking intermediaries and PLCs.

The SC is also working on its inaugural Capital Market Systemic Stability Review, to be published in Q1 2023. This report will outline overall risk assessments of the Malaysian capital market and discuss relevant systemic risk drivers.

Read more on the Capital Market Systemic Stability Review on the website.

Surveillance of the Capital Market

Preserving market integrity through proactive surveillance of trading activities
Proactive surveillance of trading activities by the SC as well as Bursa Malaysia ensures that anomalies are promptly addressed by market participants with the common goal of preventing irregular or manipulative trading activities and ensuring a fair and orderly capital market. To this end, regular engagements were conducted with Bursa Malaysia towards ensuring timely and effective action including co-ordinated responses commensurate with the risks and gravity of surveillance concerns. In addition, the SC and Bursa Malaysia place emphasis on engagements with market intermediaries towards facilitating better and greater understanding as well as collaboration, thus ensuring that the desired outcome of shared accountabilities and objective of a fair and orderly market are achieved.
Prioritising areas of concern towards greater regulatory efficiency
The SC’s surveillance of trading activities continued to focus on prevailing areas of concern and emerging trends relating to market manipulation and insider trading. Where elements of possible trading offences were established, informed decisions were made on strategic enforcement approaches that seek to achieve the highest level of regulatory efficiency and investor protection outcomes.
Utilising data analytics to enhance surveillance analysis and decision-making
Arising from increasingly complex market abuse techniques involving a large number of participants and datasets, the SC remains committed to initiatives that enhance the quality and efficiency of its surveillance analysis capabilities through the use of technology.

In-house data analytics tools based on quantitative models to support its analyses of voluminous trade data were developed, complementing the SC’s core trade surveillance system. This enabled additional insights to be gleaned from the data such as indistinct trading patterns among market participants. As a result, certain aspects of surveillance analysis can now be carried out more objectively and efficiently, leading to speedier operational decision-making.
Heightened monitoring of crude palm oil futures trading precipitated by volatile commodity prices
During a tumultuous period of high volatility in global commodity prices, the SC heightened its surveillance on crude palm oil futures (FCPO) contract trading activities.

Trading disruptions on the London Metal Exchange, precipitated by the extreme and sudden volatility in nickel prices, increased the urgency for the SC to preserve the integrity and stability of the FCPO market in the event of similar market shocks affecting the commodity.

Key areas of focus included the effectiveness of risk mitigation controls of Bursa Malaysia Derivatives Clearing Bhd (BMDC) as the central counterparty and financial resilience of market intermediaries. BMDC and market intermediaries were found to have in place adequate risk management measures to mitigate potential default events caused by significant volatile market conditions.
Reinforcing fair and orderly trading on digital asset exchanges
Digital asset exchanges (DAX) have shared accountability in ensuring that the market operates in a fair and orderly manner. The SC proactively engages with registered DAXs on the effectiveness of their market surveillance functions and trading anomalies detected by the SC. Such engagements reinforce the importance of having adequate control measures that are effective in detecting trading irregularities that pose potential risks to the integrity of the market.

Guidance was provided during engagements with the DAXs, particularly those with nascent operations, to enhance their understanding of the SC’s expectations on DAXs’ surveillance responsibilities. This is in line with the SC’s commitment to enhance regulatory transparency and provide regulated entities with greater clarity on regulatory expectations. As a result, effective remediation actions were taken on a timely basis to prevent recurrence of trading anomalies.
Enhanced monitoring of the corporate bond and sukuk market to support market integrity
Domestic bond yields trended upwards in 2022 in tandem with rising global bond yields, aggressive tightening of monetary policies by central banks, the Ukraine-Russia war and accelerating inflation coupled with recessionary fears. From the SC’s observations, these events did not have any major impact on domestic corporate bond issuers’ ability to service their bond financial obligations promptly.

Adopting enhanced tools to supervise the corporate bond and sukuk market, issuers from identified business sectors that were impacted due to the COVID-19 pandemic were closely monitored. These sectors included, among others, property, infrastructure, and utilities as well as oil and gas. Several corporate bond issuers had requested investors’ indulgence for exemptions in either payment of coupon, profit or principal, or extension of time to meet agreed-upon financial ratios as well as other forms of refinancing. These corporate bond issuers, however, make up a very small portion of the corporate bond and sukuk market.

The corporate bond and sukuk market had three issuer defaults in 2022, amounting to RM1,440 million or 0.17% of total outstanding corporate bonds and sukuk. Seven rating downgrades were also observed in 2022, compared to 10 in 2021. The seven rating downgrades were three from the infrastructure and utilities sector, two from property sector, one from trading and services sector, and one from mining and petroleum sector. As for the rating outlook, there were six downward revisions in the corporate bond rating outlook in 2022 compared to 10 in 2021.

Surveillance of Public-Listed Companies

Promoting trust and confidence through a dynamic and active approach
A key component to promoting integrity and market confidence is by ensuring PLCs provide full, accurate and timely disclosure of financial results, risk and other information which are material to investors’ decisions. This continued to be achieved through proactive surveillance and monitoring of corporate disclosures and practices, and financial reporting of PLCs. Towards ensuring that the SC’s surveillance activities remain relevant and effective, in 2022, the SC continuously reviewed and where appropriate, enhanced and refined its approaches taking into consideration, among others, emerging market trends as well as concerns in respect of corporate behaviour and conduct.

Surveillance activities throughout 2022 involved the review and assessment of 442 matters triggered via announcements and news articles, as well as complaints received by the SC in relation to 277 PLCs for possible violations of securities laws. The SC, in the course of its reviews, engaged with the directors, officers, statutory auditors and other professionals involved in the affairs of 23 PLCs. Thematic reviews were carried out to identify emerging risk areas that may impact the capital market. Due to the spill-over effects of the COVID-19 pandemic, the SC assessed PLCs’ financial health for potential increase in credit risks and corresponding impact on the capital market. Credit risk modelling, pertinent financial data and ratios were applied to determine vulnerable sectors and PLCs with high credit risk as triggers for further assessment. Further, an in-depth review was also conducted on PLCs with low credit risk but large debts. Overall, while there did not appear to be an alarming sign of deteriorating credit health in PLCs, it was observed that escalating external challenges affecting the capital market, such as the strengthening US dollar, prolonged geopolitical tensions, disrupted global supply chain as well as the rising cost of inputs may put pressure on the liquidity risk for companies with large debt. This situation will continue to be monitored to manage and mitigate any potential risk or impact on the capital market.

Following the introduction of the temporary relief measures which had allowed PLCs to increase the general mandate limit under the Bursa Listing Requirements², matters of concern were identified and corporate surveillance activities in 2022 were accordingly focused on:
New share issuances by PLCs particularly via private placement exercises; and
The granting of substantial options under employee share option schemes (ESOS) which resulted in significant issuance of new securities. The surveillance reviews undertaken highlighted some concerns including the utilisation of funds raised via share issuances and related disclosures made by PLCs. Where irregularities or possible securities law breaches were detected, such matters were escalated for further investigation and/or enforcement action. Bursa Malaysia was also engaged in matters requiring closer scrutiny on their part as the frontline regulator.

Supervision of Institutions and Intermediaries

Oversight of Bursa Malaysia
The SC supervises and monitors Bursa Malaysia and its subsidiaries towards ensuring proper discharge of the relevant entities regulatory and market functions, for a fair and orderly market for securities and derivatives traded through their facilities. To ensure this is done effectively, a proactive and comprehensive supervisory approach is undertaken through annual regulatory assessments, imposition of reporting requirements, and engagements with Bursa Malaysia’s board and senior management.

In 2022, the SC intensified its supervisory monitoring efforts over Bursa Malaysia Securities Clearing Sdn Bhd (BMSC) and BMDC through frequent engagements and robust challenge processes to address associated risks arising from heightened uncertainty in the market as a result of geopolitical tension and global supply chain disruptions in 2022.

The SC also continued to monitor the operations and performance of BMSC’s and BMDC’s risk mitigation measures in accordance with the SC’s Guidelines on Financial Market Infrastructures requirements through periodic data/report submissions and engagements with the Risk and Compliance Division of Bursa Malaysia.

With aligned interests to promote greater foreign participation in the Malaysian capital market, the SC facilitated BMDC’s application to the European Securities and Markets Authority (ESMA) to be recognised as one of the Third-Country Central Counterparties (TCCCP) in the European Union.

As part of the fulfilment of the requirements for BMDC to be recognised as one of the TCCCP, an equivalence decision regarding the legal and supervisory framework for Central Counterparties in Malaysia was obtained from the European Commission on 8 June 2022. Following that, the SC and ESMA had successfully established cooperation arrangements via the signing of a Memorandum of Understanding (MOU) between the Chairmen of the SC and ESMA on 5 August 2022. Presently, BMDC has fulfilled the required conditions for the application to be recognised as one of the TCCCP and the application are under ESMA’s assessment.
Assessment on Bursa Malaysia Islamic Commodity Trading Platform
As part of the SC’s oversight on Bursa Malaysia and its other businesses, the SC focused its regulatory assessment in 2022 on Bursa Malaysia Islamic Services Sdn Bhd (BMIS)³.

The assessment included a review and evaluation of processes and procedures during the onboarding of participants, adequacy and effectiveness of controls to monitor its participants to continuously adhere to the rules and other applicable Shariah requirements.
Oversight on the Federation of Investment Managers Malaysia
In August 2022, the SC completed its regulatory assessment on the Federation of Investment Managers Malaysia’s (FIMM) Regulatory Services Division with the objective of determining the effectiveness and efficiency of FIMM’s registration, supervision and enforcement framework.

Following this exercise, areas for improvement were identified to allow for a more effective discharge of FIMM’s self-regulatory organisation (SRO) duties, including:

Validation process in ensuring that only qualified companies/individuals are registered with FIMM;
Supervisory effectiveness in ensuring proportionality on its supervision of distributors and consultants; and
Strengthening the human resource management for timely and proper discharge of the enforcement function.

It was also noted that FIMM has implemented recommendations from the previous regulatory assessment to strengthen its efforts to build and promote better compliance culture.
Supervision on recognised market operators
The SC regulates recognised market operators (RMOs) based on the principles of transparency and proportionality that commensurate with the risks posed within the recognised market. In line with this, ongoing supervision by the SC is adopted to ensure fair, responsible and proper conduct of the operators facilitating fundraising/ trading activities via alternative venues, as well as to protect the rights and interests of investors.

The SC’s oversight of the RMOs include among others, periodic engagements with the operators, continuous monitoring via the reviews of reporting submissions and handling of complaints received with respect to areas such as governance, risk management, client/issuer onboarding and due diligence, cyber security and systems integrity.

Considering the growth of the alternative fundraising and trading platforms with increased participation of issuers and investors, the SC has also elevated its supervisory efforts. In 2022, six thematic regulatory assessments were carried out on ECF and P2P financing operators to assess their compliance with the SC’s guidelines in the following areas:
The SC observed several gaps and a few non-compliant practices with regard to the areas under assessments that required the operators’ attention and corrective measures, which include:
As part of ongoing supervision, the SC continued to monitor the progress of the remediation plans implemented by the operators to address the SC’s findings.
Supervising intermediaries
In addition to the SC’s scheduled assessment of compliance and risks, oversight function over intermediaries was further strengthened and focus was placed on threats and systemic concerns that pose the greatest risks to investors and the markets. Enhancements to the use of data and information systems within the SC have also facilitated a more effective and efficient supervisory approach and regulatory outcome. This has contributed towards the SC’s objective of promoting good culture and conduct among capital market intermediaries, to advocate self-regulation and to improve the standards of corporate governance, professionalism and ethical behaviour.

To further encourage good culture and conduct, a survey focusing on remuneration practices of licensed SBCs against the Principles for Sound Compensation Practices issued by the Financial Stability Board was conducted. The findings will be used to better understand the Board’s role in setting remuneration policies, compensation practices, risks, and co-ordinate responses to address areas of common concerns. The information obtained would also provide support in the planned development of guidance to capital market intermediaries on drivers of good culture and conduct.

In 2022, notable supervisory efforts include the carrying out of 41 pre-emptive planned assessments on identified risks areas for each intermediary such as governance frameworks, compliance monitoring and safeguarding of clients’ assets. Additionally, 87 for-cause assessments were undertaken arising from complaints and referrals received relating to misconduct. Swift intervention was initiated where lapses were noted in intermediaries’ controls and procedures.

The SC also embarked on an initiative to further enhance its use of supervisory technology including greater application of advanced analytics for data consolidation and predictive insights. This is expected to improve the SC’s ability to identify risk areas for review and support a more efficient and systematic supervisory function.

GUIDANCE NOTE ON MANAGING ENVIRONMENTAL, SOCIAL AND GOVERNANCE RISKS FOR FUND MANAGEMENT COMPANIES

SURVEY ON REMUNERATION PRACTICES OF STOCKBROKING COMPANIES

Strengthening Technology Resilience

The SC noted a significant increase in cyber-attacks globally in 2022, corresponding with the rise of remote working practices and growth in the adoption of digital technology. These cyber-attacks have also shown that any firm can be compromised, regardless of size or scale.

To strengthen the management of technology and cyber risks for the capital markets, the SC released a consultation paper on the regulatory framework for Technology Risk Management (TRM). Preventive measures were also undertaken to support capital market entities in becoming more proactive in managing cyber security incidents. Various programmes were held to improve cyber risk awareness and hygiene in the capital market. Two major events that took place in 2022 were the Capital Market Cyber Simulation (CMCS) and Capital Market Cyber Incident Tabletop Exercise (CMCIT Exercise). Both serve the purpose of ensuring that cyber risk standards are upheld within the capital market. CMCS was targeted for entities which have higher dependencies on technology in their daily business operation while the CMCT Exercise aided less technology-dependent companies to initiate planning and be more prepared for cyber-attacks.

Building Resilience to Cyber Risks

Cyber threat landscape report for the capital market
In 2022, the SC worked with a threat intelligence partner to provide insights on the cyber threat landscape observed globally and in Malaysia. Globally, the top three cyber incidents observed were ransomware, malware stealer and vulnerability exploitation. In contrast, the top three cyber incidents in Malaysia over the same period were stolen credentials, ransomware and phishing attacks. The SC developed a report on the cyber threat landscape based on an analysis of key financial sector-related cyber incidents reported to the SC via the Vault platform4. The threat report provided:

Insights and awareness to capital market entities on the current and past cyber threats, including a summary of advisories released by the SC through the Vault platform; and
Outlook of cyber threats, along with fundamentals for incident handling. Both serve to raise capital market entities awareness on taking proactive measures to address the nature of the potential cyber threats.
Technology supervision
The SC also performed technology and cyber assessment for multiple licensed entities, new applicants as well as third-party service providers to ensure their ability to manage technology and cyber risk. The assessment enabled the SC to determine the operational readiness of capital market entities from a technological and cyber security aspect. This includes the level of cyber governance, risk management, operation management, cyber security management as well as data management of the entities. Following observations for improvement, the SC will continue to supervise the technology and cyber risk of all capital market entities to minimise any technological risk gap.
Regulatory Framework on Technology Risk Management Consultation Paper
On 1 August 2022, the SC issued a public consultation paper on a Proposed Regulatory Framework on Technology Risk Management (TRM Framework). The TRM Framework aims to provide principle-based guidelines to support capital market entities to have a robust and sound technology risk framework and ultimately, for the capital market to be cyber resilient. Responses to the comments (which closed on 19 September 2022) will be taken into consideration prior to the release of a finalised guideline.

Read more on the Consultation Paper on TRM Framework.

The MRC considers emergence of risks from various segments within the capital market whereas the TCRC considers technology and cyber risks for both the SC and the capital market.
Bursa Listing Requirement’s temporary relief measures had allowed listed companies to increase the general mandate limit under the Bursa Listing Requirements to not more than 20% of the total number of issued shares. Such a measure had provided greater flexibility for PLCs to raise funds from the capital market to manage the impact arising from COVID-19 on their business operations.
BMIS facilitates commodity-based Islamic financing and liquidity management according to the Shariah principles of murabahah and tawarruq.
The Vault is a case management system which allows intermediaries to report on, and facilitates the SC’s tracking of, any cyber or technology incidents that occurred within the intermediary. It also functions as a communication platform where advisories or alerts are released by the SC to intermediaries registered on the Vault platform.

Mitigating Systemic Risks And Promoting Financial Stability

Enhanced Risk Governance Framework

In 2021, the SC-wide risk governance framework was enhanced as part of an overall initiative to have an effective integrated and predictive risk surveillance to maintain regulatory agility.

The structured risk governance framework integrated the wider spectrum of risks such as technology, cyber and conduct risk at the SC’s Systemic Risk Oversight Committee (SROC) and Accounting, Market and Corporate Surveillance Committee (ACMS).

Intensified surveillance

The SC continued to intensify its surveillance of systemic risk to maintain market resilience and stability. Regular SROC engagements were held to deliberate concerns emanating from various segments across the capital market. Domestic equity and bond market, foreign fund flows and trade participation continued to be monitored closely for potential stress points.

In addition, measures and economic stimulus packages introduced by the government to weather the impact of COVID-19, market trading conduct and the financial position of listed companies were among the focus areas for discussion.

Thematic assessments

The SC also conducted thematic assessments covering investors’ fund flows, the position of firms, and policy decisions to ascertain the possible impact on the capital market. In 2021, the SC reviewed and enhanced its crisis indicators on potential emerging risks in the
capital market.

The enhanced crisis indicators provided a reference point for escalation to SROC when the identified indicators and triggers materialised and ensured prompt response to manage and prevent any issues of concern that might lead to a systemic crisis.

Joint regulatory discussions

In 2021, the SC conducted frequent joint regulatory discussions with other authorities such as Bank Negara Malaysia (BNM) and Labuan Financial Services Authority (Labuan FSA) to identify systemic risk concern areas within the financial and capital markets in Malaysia.

Monitoring of various components of the capital market

The SC continued its efforts to undertake a methodological and integrated approach to ensure any potential systemic risk was being monitored, mitigated, or managed. Figure 1 highlights the findings from the following risk assessments on the various components of the capital market.