Robust, independent, efficient
The Bank develops and maintains a robust internal control framework comprising the following internal control functions:
- Information Security
- Internal Audit
- Risk Management
The above functions are independent from the operational functions and also have sufficient authority, stature, resources and access to the Board.
Each internal control function establishes relevant policies in relation to its operation, which are subject to approval by the Board.
The policies include, among others, the following parameters:
- Independence of the internal control functions
Independence criteria for internal control functions are applied and specifically the internal control functions are independent of the business and support units they monitor and control as well as being organisationally independent from each other.
- Heads of internal control functions
The Heads of the internal control functions are assigned specific responsibilities. They have unlimited access to information and data in order to execute their duties as per legal, regulatory and ethical requirements.
- Relationship between internal control functions
The allocation and division of responsibilities of the internal control functions, especially as regards the responsibility for measuring risks as well as identification, verification and assessment of the adequacy of related internal control procedures and regulations, are clearly defined. Additionally, internal control functions communicate between them any findings relating to their operation.
Further to the internal control functions’ policies, which are high level documents, other more detailed manuals and procedures are adopted to further analyse the principles included in the policies.
- Establishment of an appropriate compliance framework ensuring ongoing Compliance
- Monitoring the effectiveness of internal procedures and controls to manage and minimize Compliance Risks
- Identification of new laws and regulations that affect the Bank’s operation
- Providing opinion prior to entering in new markets, introducing new products and services
- Acting as a liaison with the regulatory authorities regarding Compliance
- Training of management and staff on Compliance
- Development and implementation of the information security framework, in the form of security policies, standards, guidelines, procedures and processes
- Advice and recommendation to senior management and the Board through its Risk Committee, on the development and implementation of the Bank’s information security programme
- Development and implementation of an education and training program on information security and privacy matters for staff
- Participation in the activities required for the implementation of effective security controls in the Bank’s information technology infrastructure and guidance to information technology unit
- Cooperation with the Bank’s business and support units and other control functions, for the effective implementation of security principles
- Implementation of an efficient internal audit program, based on the Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors, as well as other professional organisations, and covers the entire operations of the Bank, including any outsourced activities
- Assessment of effectiveness and efficiency of the internal control, risk management and corporate governance and other matters of regulatory interest
- Reporting to the Board, through the Audit Committee, at least on a quarterly basis, including on significant risk exposures, control issues and any other matters that are deemed necessary or requested by the Board and Senior Management
- Providing of independent assurance and performing consulting assessments on the adequacy and effectiveness of management and IT control frameworks and governance processes of all units of the Bank, aiming at adding value and assisting the bank in achieving its strategic objectives
- Establishment of an appropriate framework for the treatment of bank-wide risk
- Ensuring that all material risks are identified, measured and reported
- Assistance of the Board through the Risk Committee in setting the Bank’s strategy and risk appetite framework by providing analysis and expert judgement on risk exposures
- Establishment of policies and procedures that adhere to the Bank’s strategy and risk appetite framework
- Ensuring that internal systems adequately represent the Bank’s risk profile and recommending of remedial actions in times where risk limits are breached
- Preparation of quarterly and annual reports to the Risk Committee elaborating, as a minimum, on internal assessments and measurement of risks faced by the Bank, stress test results, capital adequacy and market trends that might affect the Bank’s risk profile. Annual reports are also submitted to the Central Bank of Cyprus outlining material developments within the Bank and the analysis of core risk areas