Group Nomination and Remuneration Committee (GNRC)

The Group Nomination and Remuneration Committee (GNRC) is primarily responsible in evaluating and making decisions pertaining to remuneration, compensations and benefits of the Board Members and the Senior Management (Directors and above) of the Company. This would include the principles and criteria used for evaluation of performance upon request of the Group Chief Executive Officer.

The GNRC shall have a minimum of 3 members of the Board of which a majority comprise of Independent Directors, with at least one (1) BNM Nominated Director or one (1) Bank Nominated Director. The GNRC shall be chaired by an Independent Director.

Under responsibilities of GNRC:

  • Assess the performance of Management (Direct Reports to the GCEO) of the Company; and
  • Assess the performance of the GCEO for recommendation to the Board.

Group Audit Committee (GAC)

The GAC oversees matter relating to audit, financial reporting and internal financial controls of PayNet. The GAC coordinates with management and auditors (interna, external and BNM) to monitor the accounting policies and principles used and ensuring compliance with applicable laws and regulations.

The GAC shall have a minimum of 3 members of the Board, of which a majority shall comprise of Independent Directors. The GAC shall be chaired by an Independent Director.

The responsibilities of the GAC are as follows:-


  • Oversee the Group’s relations with the internal auditors and external auditors including making recommendations to the Board on their appointment, reappointment or removal.
  • Review and endorse the terms of engagement and the fees to be paid to the External Auditors in respect of audit and non-audit services.
  • Ensure the effectiveness of the internal audit, external audit functions and the audit processes within the Group.
  • Review the findings of the external auditors, Bank Negara Malaysia (BNM) auditors and other relevant parties including any other major issues that may arise during the course of the audit.
  • Review and agree in advance the annual internal audit plan and the resources dedicated to the internal audit function of the Group. This would also include the assessment of the performance of the internal auditors.
  • Review and oversight of periodic reports on the results of the Internal Auditors’ work, considering the material findings, Management's responses and closure of corrective actions on findings within the Group
  • To carry out such other responsibilities as may be delegated by the Board from time to time.

Financial Reporting

  • Review the Group’s interim and year-end consolidated financial statements, together with the associated narrative reports or any other documents containing financial information proposed for issue by the Group (collectively “financial information”) before submission to the Board.
  • Monitor the integrity and reliability of the financial information.
  • Review reports and discuss any issues arising from the interim reviews or year-end audit, and any other matters the External Auditors may wish to raise.

Group Risk Committee (GRC)

The GRC plays a key role in overseeing and advising the Board on matters relating to current and potential risk exposures, risk appetite and tolerance, future risk strategies and promotion of risk awareness culture in PayNet.

The GRC shall have a minimum of 3 members of the Board, of which a majority shall comprise Independent Directors. The GRC shall be chaired by an Independent Director.

The responsibilities of the GRC are as follows:-

Risk Management and CISO Office

  • Review and recommend to the Board the design and implementation of and improvements to the Group’s Enterprise Risk and Business Continuity Management Framework and Policies and other risk related matters, framework and policies to ensure alignment to regulatory requirements and industry’s best practices.
  • Oversee the Group’s risk exposures and ensure that the business and operational strategy and decisions are within the risk appetite set by the Board, which will include amongst others, matters relating to technology, people and process risks.
  • Review the risk profile and dashboard for the Group covering any new external, emerging, cyber risks, key incidents including approval of the Group’s adoption of cloud services for critical systems.
  • Review the adequacy of the Group’s risk management practices including approving the necessary key controls to mitigate the risks identified.
  • Oversee the adequacy of IT and cybersecurity strategic plans, and implementation of technology risk management framework and cyber resilience framework as per guidelines issued by Bank Negara Malaysia (BNM) and/or if required, other relevant regulators.
  • Set the tone and ensure a strong risk culture that is pervasive, well-integrated and embedded into the business operations throughout the Group.

Integrity Unit

  • Oversee the integrity related programs and activities carried out by the Integrity Unit under Compliance Department to be in line with the procedures espoused by Malaysian Anti-Corruption Commission (MACC) and MACC Act.
  • To oversee issues of corruption, integrity and whistleblowing within the Group.
  • To assist the Board to effectively discharge its responsibility on anti-corruption, institutional integrity and good governance for the Group.
  • Review and recommend to the Board improvements to PayNet’s whistle blowing policy and other integrity related policy documents to ensure alignment to MACC requirements and industry best practices.
  • Review and deliberate integrity related reports including corruption risk assessments, investigation reports arising from whistle blowing activity, etc.


  • Ensure that the personnel in charge of risk management, CISO Office and Integrity Unit in the Group has sufficient authority, stature, independence and access to the Board and Board Committees.
  • To carry out such other responsibilities as may be delegated by the Board from time to time.

Group Board Rules Committee

The Group Board Rules Committee (GBRC) evaluates and makes decisions pertaining to the rules and service standards that govern the payments eco-systems and financial market infastructures operated by the PayNet. The GBRC plays a pivotal role in ensuring that PayNet’s payments, cash and securities services are offered consistently, reliably and in accordance with stipulated service standards across all participating financial institutions and payment institutions.

The GBRC has three (3) members of the Board of Directors of which a majority is appointed from among the Independent Non-Executive Directors. The Chairman of the GBRC is a Non-Executive Director from Bank Negara Malaysia.

The responsibilities of the GBRC are as follows:

Approve Issuance of Rules

  • Review and approve issuance of Rules for services provided by PayNet Group, and amendments to such Rules, excluding the following areas where authority for approval has been granted to PayNet Group Management Committee (“PGMC”) as follows:
    • Revisions to Rules to correct grammatical, formatting, and typographical errors; and
    • Consequential changes to Rules of an operational nature that are necessary due to new Rules or revision of existing Rules approved by BRC.
  • Review notifications regarding revision to Rules approved by PGMC in situations where authority has been delegated to PGMC.
  • (c) Endorse for the Board’s approval Rules that affect PayNet Group’s risk appetite as well as Rules that materially affect PayNet Group’s risk exposure or financial position

Approve Governance Framework for Rules and Compliance

  • Approve policies and framework that govern issuance of Rules, enforcement of Rules as well as compliance to Rules.
  • Ratification of exceptions to Rules and to note penalty waivers approved by PGMC based on the guiding principles set out by the BRC.

Monitor Compliance to Rules

Review and monitor both participants and PayNet’s compliance to Rules where applicable, imposition of penalties for non-compliance.

PayNet Group Management Committee

The PayNet Group Management Committee (PGMC) is the decision making body of the Company. PGMC is responsible for formulating procedural policies and making decision for day-to-day operations, management and administrative issues based on delegation of all powers, authorities and discretion by the Board.

PGMC consists of the following officers, or as may be determined by the Group Chief Executive Officer:

  • Group Chief Executive Officer
  • Group Chief Operating Officer
  • Director, Retail Payments Services
  • Director, Information Services
  • Director, Card Services
  • Director, Corporate Services
  • Director, Human Capital Management

  • Director, Risk & Compliance
  • Director, Finance & Administration
  • Director, Stakeholder Engagement
  • Director, Cash Services
  • Permanent Attendees:
    Head of Legal, Rules & Secretarial
    Director, Internal Audit

The PGMC’s responsibilities shall include but is not limited to the following:

  • Assist the Group Chief Executive Officer in overseeing the management and operations of the Company.
  • Develop the Company’s business within the strategic framework approved by the Board.
  • Review the business, operations and investments of the Company including investment policies and any significant acquisitions or partnerships.
  • Review monthly management accounts of the Company, identify issues and implement approved improvement measures.
  • Approve and review implementation of change management initiatives.
  • Review human capital management policies including manpower planning, training, and career development program and succession plans.
  • Review annual business planning, budgeting exercise and annual corporate business plans including business and marketing plan, IT strategy, human capital management strategy and financial budget.
  • Make recommendations for approval of the corporate business plan and the Company’s policies and strategies to the Board and the Board Committees.
  • Review significant risks and exposures that exist and implement mitigation steps to minimize risk exposure to the Company.
  • Review business and operational issues to approve remedial action plans or make recommendations to the Board Committees or the Board for onward approval.
  • Review and approve development projects and initiatives including capital and operational expenditure within the authority limits approved by the Board.
  • Conduct periodical reviews on the business plans, policies and procedures, projects, financial performance, risks and other relevant areas and activities of the Company.
  • Provide guidance and direction to the project teams on all related issues.
  • Ensure all key decisions of the Board, Board Committees and PGMC are clearly communicated to the relevant staff of the Company.
  • Make decisions in the best interest and to the long term sustainability of the Company; which serves the purpose and direction of the Company’s strategic and financial plan.