GOVERNANCE

Internal Control Framework

Robust, independent, efficient

Internal Control Functions

The Bank develops and maintains a robust internal control framework comprising the following internal control functions:

  • Compliance
  • ICT and Security Risk Management
  • Internal Audit
  • Risk Management

The above functions are independent from the operational functions and also have sufficient authority, stature, resources and access to the Board.

Each internal control function establishes relevant policies in relation to its operation, which are subject to approval by the Board.

The policies include, among others, the following parameters:

Independence of the internal control functions

Independence criteria for internal control functions are applied and specifically the internal control functions are independent of the business and support units they monitor and control as well as being organisationally independent from each other.

Heads of internal control functions

The Heads of the internal control functions are assigned specific responsibilities. They have unlimited access to information and data in order to execute their duties as per legal, regulatory and ethical requirements.

Relationship between internal control functions

The allocation and division of responsibilities of the internal control functions, especially as regards the responsibility for measuring risks as well as identification, verification and assessment of the adequacy of related internal control procedures and regulations, are clearly defined. Additionally, internal control functions communicate between them any findings relating to their operation.
Further to the internal control functions’ policies, which are high level documents, other more detailed manuals and procedures are adopted to further analyse the principles included in the policies.

Compliance Function

The Board inspires a strong compliance culture that is disseminated at all hierarchical levels and is based on a sound understanding of laws, regulations and best practices. The Bank has designed, developed and implemented an integrated compliance framework set by a compliance policy and supported by compliance plans, processes and assurance.

In light of the above, the Bank establishes an independent Compliance function, which reports directly to the Board through the Audit Committee.

The roles and responsibilities of the Compliance function include the following:

  • Establishment of an appropriate compliance framework ensuring ongoing Compliance
  • Monitoring the effectiveness of internal procedures and controls to manage and minimize Compliance Risks
  • Identification of new laws and regulations that affect the Bank’s operation
  • Providing opinion prior to entering in new markets, introducing new products and services
  • Acting as a liaison with the regulatory authorities regarding Compliance
  • Training of management and staff on Compliance

ICT and Security Risk Management Function

The Board ensures the implementation of appropriate ICT and security risk management policies, standards and procedures aiming for the establishment of an appropriate ICT and Security Risk Management framework that will protect the Bank’s confidential and proprietary information.

In this regard, the Bank has established an independent ICT and Security Risk Management Function, which reports and has direct access to the Bank’s Board through the Risk Committee.

The roles and responsibilities of the ICT and Security Risk Management Function include the following:

  • Development and implementation of the ICT and Security Risk Management framework, in the form of policies, standards, guidelines, procedures and processes
  • Advice and recommendation to senior management and the Board through its Risk Committee, on the development and implementation of the Bank’s ICT and Security Risk Management framework
  • Development and implementation of an education and training program on ICT and security risks and privacy matters for staff
  • Participation in the activities required for the implementation of effective ICT and security controls in the Bank’s ICT infrastructure and guidance to ICT operations units
  • Cooperation with the Bank’s business and support units and other control functions, for the effective implementation of ICT and Security Risk Management principles

Internal Audit Function

Audit assignments are essential in order to provide independent assurance to the Board for the appropriateness, adequacy and effectiveness of the procedures, measures, means and frameworks applied by the Bank.

In this regard, the Bank establishes an independent Internal Audit function, which reports directly to the Board through the Audit Committee. The overall objective of the Internal Audit function is to assist the Board and all levels of management to discharge their responsibilities in maintaining the Bank as a well-controlled, economic efficient and effective organization that complies with statutory obligations.

The roles and responsibilities of the Internal Audit function include the following:

  • Implementation of an efficient internal audit program, based on the Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors, as well as other professional organisations, and covers the entire operations of the Bank, including any outsourced activities
  • Assessment of effectiveness and efficiency of the internal control, risk management and corporate governance and other matters of regulatory interest
  • Reporting to the Board, through the Audit Committee, at least on a quarterly basis, including on significant risk exposures, control issues and any other matters that are deemed necessary or requested by the Board and Senior Management
  • Providing of independent assurance and performing consulting assessments on the adequacy and effectiveness of management and IT control frameworks and governance processes of all units of the Bank, aiming at adding value and assisting the bank in achieving its strategic objectives

Risk Management Function

The Bank has developed an integrated risk culture based on a full understanding of the risks and the risk management, which is disseminated at all hierarchical levels such that each member of the staff understands the nature of risks.

Therefore, the Bank is ensuring that an appropriate holistic risk management framework is in place and establishes an independent Risk Management function, which reports directly to the Board through the Risk Committee.

The roles and responsibilities of the Risk Management function include the following:

  • Establishment of an appropriate framework for the treatment of bank-wide risk
  • Ensuring that all material risks are identified, measured and reported
  • Assistance of the Board through the Risk Committee in setting the Bank’s strategy and risk appetite framework by providing analysis and expert judgement on risk exposures
  • Establishment of policies and procedures that adhere to the Bank’s strategy and risk appetite framework
  • Ensuring that internal systems adequately represent the Bank’s risk profile and recommending of remedial actions in times where risk limits are breached
  • Preparation of quarterly and annual reports to the Risk Committee elaborating, as a minimum, on internal assessments and measurement of risks faced by the Bank, stress test results, capital adequacy and market trends that might affect the Bank’s risk profile. Annual reports are also submitted to the Central Bank of Cyprus outlining material developments within the Bank and the analysis of core risk areas