Title of the PPR |
Compliance Charter |
Authority Effective Date |
Board of Directors 9 March 2017 |
History |
Current Document: The Board of Directors' Decision No. BD-2017-64-06 & 07 & 08 & 09, dated 9 March 2017
Previous Document: The Board of Directors’ Decision No. BD2007-04-04, dated 13 June 2007
Amended Previous Document: Amendments related to Internal Audit Charter approved by the Board of Directors Decision No. BD2008-13-01, dated 6 August 2008
|
Compliance Charter
Introduction
Mission
Responsibilities of the Management
Authority
Responsibilities of the Policy and Compliance Department With Respect to
Compliance Functions
Outsourcing
Continuity, Independence and Objectivity
Relationship with Internal Audit Function
Relationship with Other Risk Management Functions
Standards
Introduction
This Charter primarily aims to define and establish a) the formal mission statement on management and supervision of compliance risk function including operational risk in the ECO Trade and Development Bank (the Bank), b) the purpose, authority, and responsibilities of the Policy and Compliance Department (PCD), and c) the PCD’s position within the Bank, its independence and accountability with respect to compliance functions.
Mission
The “Compliance Risk” is defined as “the risk of legal or regulatory sanctions, material financial loss or loss to reputation that the Bank may suffer as a result of its failure to comply with its own regulations, policies and procedures (collectively internal regulations) and relevant international standards of best/ good practice (all together compliance regulations)” whereas the “Operational Risk” is specifically defined as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. The definition includes legal risk but excludes strategic and reputational risk. The PCD assists the Management Committee (Management) in effectively supervising and managing the compliance risk that the Bank can face. To this end, the PCD identifies, assesses, and advises on; reviews and reports accordingly on the Bank’s potential compliance risks.
Responsibilities of the Management
The Bank’s Management is responsible for the effective management of the Bank’s compliance risk in care of the Policy and Compliance Department and operational risk in care of Operational Risk Committee (ORCO) under comprehensive risk management framework. The Management is responsible for communicating the Compliance Charter, ensuring that the Compliance Charter is implemented effectively and efficiently. The Management shall promptly report to the Board of Directors (BoDs) on any material compliance failures (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss or loss to reputation) and moreover submit an annual report to the BoDs on the compliance-related activities in the Bank at least once a year.
Authority
The PCD is authorized, during the course of its activities, to:
- have authorized access to all relevant Bank’s functions, policy statements, procedures, records and staff as necessary for the accomplishment of its mission, where authorized and relevant mean “within the Compliance Charter and ad hoc tasks to be assigned by the President”,
- require all members of staff and the Management on every compliance activity to supply such information and explanations as may be needed within a reasonable period of time not later than seven (7) workdays after receipt of the request.
The PCD and its staff are not authorized to:
- perform any operational duties for the Bank,
- initiate or approve any operational transactions external to PCD.
Responsibilities of the Policy and Compliance Department With Respect to Compliance Functions
In line with its mission described above, the responsibilities, which are also the departmental job description of the PCD are:
Compliance Functions
- To discharge compliance functions efficiently and effectively with respect to the provisions described herein in this Charter,
- To assist the Management in identifying and assessing potential compliance issues,
- In cooperation with relevant departments, to provide guidance and advice to the Management and staff on compliance regulations,
- To assist the Management in educating staff on compliance and ethics matters and act as a contact point in the Bank for compliance and ethics queries from staff,
- To assess the appropriateness of the Bank’s internal regulations in terms of compliance risk, and promptly follow up any identified deficiencies, and where necessary propose amendments,
- To evaluate and assess significant merging/ consolidating of functions and new or changing services, processes, operations, and control processes coincident with their development, implementation, and/or expansion,
- To identify and report to the Management actual and potential weakness in control systems where it exists, and recommend feasible ways to remedy it,
- To deal with the issues of conflict of interest (of the Bank, staff, etc.), cases of alleged corruption, money laundering, internal and external fraud, terrorist financing and complaints with regard to Bank-financed operations,
- To liaise with relevant external bodies including regulators, standard-setters and external experts.
- To ensure that the PCD staff possesses the knowledge, skills and other competencies needed to perform their duties.
The compliance process, however, does not relieve departmental heads and their staff of their responsibility for the maintenance and improvement of departmental controls with regard to compliance and operational risks in their respective areas. Therefore, the Departments and related Division Heads are responsible for controls and risks and for action to correct deficiencies in systems of control.
Outsourcing
Compliance function should be regarded as a core risk management activity within the Bank. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the Head of the Policy and Compliance Department.
Continuity, Independence and Objectivity
The compliance function shall be a permanent function within the Bank.
The compliance function shall be independent from the business activities of the Bank and be managed by the Head of the PCD, who directly reports to the President. The PCD shall also submit an annual report to the Management on the compliance-related activities which may be submitted to the BoDs. A copy of the submitted report shall be also conveyed to the Audit Committee. The PCD may meet with the Audit Committee members whenever necessary.
The PCD shall have an impartial, objective, unbiased attitude and avoid any conflict of interest.
Relationship with Internal Audit Function
The Internal Audit Department, will keep the PCD informed of any significant audit findings relating to compliance, as appropriate. Respectively, the PCD will also keep the Internal Audit Department informed of significant findings in relation to compliance and operational risk control deficiencies.
Relationship with Other Risk Management Functions
Every effort will be made to enable communication and coordination between the compliance function and credit risk management, operational risk management and assets & liabilities management functions in relation to issues of compliance and operational risk management, aiming at ensuring appropriate coverage of these areas and avoidance of overlapping of tasks or responsibilities.
The PCD adheres to the standards of best professional practice, such as the relevant reports and recommendations of the Basel Committee on Banking Supervision of The Bank for International Settlements (BIS) - www.bis.org. The PCD staffs are the staff of the Bank therefore they are also assumed to comply with the policies of the Bank including the Codes of Conduct Policy.
|