PART 5 ORGANISATION INFORMATION
 At the ERMC, the SC’s senior management deliberates key risks at an enterprise level and offers strategic guidance to the line departments for addressing these risks, which are also assessed in accordance with three critical impact areas: strategic, organisational resiliency as well as legal and compliance. Key risks are actively managed to minimise their impact on these critical areas. In 2023, a total of 23 meetings were held to deliberate various key issues. These include five ERMC meetings, four ORC meetings, six FRC meetings, four TCRC meetings and four meetings for SHC matters.
FIGURE 2
Critical Impact Areas
STRATEGIC ORGANISATION RESILIENCY LEGAL AND COMPLIANCE
     Risks of not achieving the SC’s business plans’ objectives and protecting the SC’s reputation and credibility with its stakeholders with the rise of scams and complaints lodged to the SC.
  Risks of not being able to carry out day-to-day operations effectively due to various risks such as human capital management, health and safety, technology, knowledge management, business process and finance.
        Risks of non-compliance by the SC to the relevant laws and regulations, applicable standards, or responsible business ethics.
           164
SECURITIES COMMISSION MALAYSIA ANNUAL REPORT 2023
Business Continuity Management
Organisational resilience is described as an organisation’s ability to anticipate, prepare for, and swiftly respond to business disruptions, enabling it to navigate paradigm shifts in an orderly manner. The SC has established a Business Continuity Management Policy and Framework, aligned with the ISO 22301:2019 Security and Resilience – Business Continuity Management System (BCMS) requirements, to ensure its resilience and preparedness for any disruption to its critical operations. The SC continuously enhances its business continuity processes, encompassing business resumption, disaster recovery, crisis management and business impact analysis.
Furthermore, to ensure smooth and effective business continuity management, the SC conducts various scenario-based simulations and tests. These include quarterly Information Technology (IT) component testing, annual building evacuation drill, operational simulations, as well as thematic tests designed to assess the organisation’s preparedness for specific and critical scenarios. The BCM policy and framework undergo an annual review to incorporate necessary updates and ensure its relevance and alignment to strategic objectives.
Moreover, business process recovery and operational resiliency are integral aspects of the SC’s strategy to ensure uninterrupted operations, safeguard the SC’s ability to provide essential services and sustain its commitment to operational excellence in any plausible circumstances.
Emerging Risks
In today’s dynamic environment, as the SC increasingly depends on innovative solutions and remain closely connected to external factors, the organisation encounters potential challenges from newly recognised hazards. Emerging risks are often uncertain in terms of their likelihood and potential impact on business functions and operations. The SC is diligently monitoring these emerging risks, even though they may not materialise immediately, in a forward-looking approach to ensure continued resilience.
The SC has established an internal process to identify emerging risks on an annual basis. This methodology includes the analysis of risk data points derived from leading and lagging key risk indicators, engagement