Internal Control Functions
The Bank develops and maintains a robust internal control framework comprising the following internal control functions:
- ICT and Security Risk Management
- Internal Audit
- Risk Management
The above functions are independent from the operational functions and also have sufficient authority, stature, resources and access to the Board.
Each internal control function establishes relevant policies in relation to its operation, which are subject to approval by the Board.
The policies include, among others, the following parameters:
Independence of the internal control functions
Heads of internal control functions
Relationship between internal control functions
The Board inspires a strong compliance culture that is disseminated at all hierarchical levels and is based on a sound understanding of laws, regulations and best practices. The Bank has designed, developed and implemented an integrated compliance framework set by a compliance policy and supported by compliance plans, processes and assurance.
In light of the above, the Bank establishes an independent Compliance function, which reports directly to the Board through the Audit Committee.
The roles and responsibilities of the Compliance function include the following:
- Establishment of an appropriate compliance framework ensuring ongoing Compliance
- Monitoring the effectiveness of internal procedures and controls to manage and minimize Compliance Risks
- Identification of new laws and regulations that affect the Bank’s operation
- Providing opinion prior to entering in new markets, introducing new products and services
- Acting as a liaison with the regulatory authorities regarding Compliance
- Training of management and staff on Compliance
ICT and Security Risk Management Function
The Board ensures the implementation of appropriate ICT and security risk management policies, standards and procedures aiming for the establishment of an appropriate ICT and Security Risk Management framework that will protect the Bank’s confidential and proprietary information.
In this regard, the Bank has established an independent ICT and Security Risk Management Function, which reports and has direct access to the Bank’s Board through the Risk Committee.
The roles and responsibilities of the ICT and Security Risk Management Function include the following:
- Development and implementation of the ICT and Security Risk Management framework, in the form of policies, standards, guidelines, procedures and processes
- Advice and recommendation to senior management and the Board through its Risk Committee, on the development and implementation of the Bank’s ICT and Security Risk Management framework
- Development and implementation of an education and training program on ICT and security risks and privacy matters for staff
- Participation in the activities required for the implementation of effective ICT and security controls in the Bank’s ICT infrastructure and guidance to ICT operations units
- Cooperation with the Bank’s business and support units and other control functions, for the effective implementation of ICT and Security Risk Management principles
Internal Audit Function
Audit assignments are essential in order to provide independent assurance to the Board for the appropriateness, adequacy and effectiveness of the procedures, measures, means and frameworks applied by the Bank.
In this regard, the Bank establishes an independent Internal Audit function, which reports directly to the Board through the Audit Committee. The overall objective of the Internal Audit function is to assist the Board and all levels of management to discharge their responsibilities in maintaining the Bank as a well-controlled, economic efficient and effective organization that complies with statutory obligations.
The roles and responsibilities of the Internal Audit function include the following:
- Implementation of an efficient internal audit program, based on the Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors, as well as other professional organisations, and covers the entire operations of the Bank, including any outsourced activities
- Assessment of effectiveness and efficiency of the internal control, risk management and corporate governance and other matters of regulatory interest
- Reporting to the Board, through the Audit Committee, at least on a quarterly basis, including on significant risk exposures, control issues and any other matters that are deemed necessary or requested by the Board and Senior Management
- Providing of independent assurance and performing consulting assessments on the adequacy and effectiveness of management and IT control frameworks and governance processes of all units of the Bank, aiming at adding value and assisting the bank in achieving its strategic objectives
Risk Management Function
The Bank has developed an integrated risk culture based on a full understanding of the risks and the risk management, which is disseminated at all hierarchical levels such that each member of the staff understands the nature of risks.
Therefore, the Bank is ensuring that an appropriate holistic risk management framework is in place and establishes an independent Risk Management function, which reports directly to the Board through the Risk Committee.
The roles and responsibilities of the Risk Management function include the following:
- Establishment of an appropriate framework for the treatment of bank-wide risk
- Ensuring that all material risks are identified, measured and reported
- Assistance of the Board through the Risk Committee in setting the Bank’s strategy and risk appetite framework by providing analysis and expert judgement on risk exposures
- Establishment of policies and procedures that adhere to the Bank’s strategy and risk appetite framework
- Ensuring that internal systems adequately represent the Bank’s risk profile and recommending of remedial actions in times where risk limits are breached
- Preparation of quarterly and annual reports to the Risk Committee elaborating, as a minimum, on internal assessments and measurement of risks faced by the Bank, stress test results, capital adequacy and market trends that might affect the Bank’s risk profile. Annual reports are also submitted to the Central Bank of Cyprus outlining material developments within the Bank and the analysis of core risk areas