Beruflich Dokumente
Kultur Dokumente
Index
Part A Internal Audit
Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards
Part B Compliance
Introduction Guiding Principles Function & Task of Compliance Scope of Compliance Organisation of Compliance Function within ARCG Reporting Lines & Communication Lines Independence Authority Standards Accountability
Page 2 of 9
ARCG CHARTER
This document has been divided into two parts; Part A relates to Internal Audit which comprises four Divisions, Risk Review, Retail Audit, Operations & IT Audit and Fraud & Investigation; Part B relates to Compliance.
Page 3 of 9
Internal Control is the responsibility of management. It is a process designed to provide reasonable assurance of: Control over operations; Prevention of frauds Adequate self checking mechanisms and timely detection & resolution of errors Reliable financial data; Compliance with applicable laws and regulations; Top down control culture and banks risk appetite assessed through sound and tested risk evaluation processes. The required reasonable assurance exists when all the components of management control (the control environment; risk assessment processes; control activities; information and communication systems; and monitoring activities) are present and operate effectively. Internal Audit is an independent, objective assurance and consulting activity which is managed within the bank as an integral part of its risk management, control and governance processes. It assists management in accomplishing their objectives by assessing the state of internal control. In that regard, internal audit: Assists management in understanding and assessing risks; Evaluates the adequacy of techniques and controls to manage risk; Provides an assessment of the level of comfort that risk management, control and governance processes are operating effectively and efficiently; Identifies and recommends changes that add value; In a consultative capacity advises on efficiency of controls and effectiveness of structure on new initiatives and during change processes. Through these assurance and consultative activities, Internal Audit assists management in accomplishing its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
CHARTER
The Charter serves as a guide to Internal Audit in the performance of its duties. The Charter does not include, nor is it intended to include, all of their duties or responsibilities, as they may exist from time to time. The Charter is intended to: Provide a written record of formally approved policies of Internal Audit; Provide a basis for the evaluation of the performance of Internal Audit by the management of the Bank; Serve as a basic document in the Bank for administration of Internal Audit. This charter describes the mission, independence and objectivity, scope and responsibilities, authority, accountability and standards of the Internal Audit function.
Page 4 of 9
MISSION
The mission of Internal Audit is to ensure that the Banks businesses are conducted according to the highest professional and ethical standards by providing an independent, objective assurance function and by advising on best practice. Through a systematic and disciplined approach, Internal Audit helps the Bank accomplish its objectives by evaluating and improving the effectiveness of risk management, control and governance processes.
INDEPENDENCE
To ensure independence, Internal Audit is directly responsible to Head ARCG who reports to the CEO. In addition, it reports regularly to both the Audit and Compliance Committee of the Leadership Forum and the Audit Committee of the Board of Directors.
Page 5 of 9
AUTHORITY
Internal Audit aims to promote effective controls at reasonable cost. To achieve this, Internal Audit is authorised in the course of its activities, to: Enter all areas of the Bank and have unrestricted access to any documents and records, personnel, core issue analysis, investigation and determination of facts and statement of recommendations in its reports, considered necessary for the performance of its functions. Require all members of staff and Management to supply such information and explanations as may be needed within a reasonable period of time. Senior Management should inform Internal Audit immediately on any occurrence of any significant incident concerning security and/or compliance with regulations and procedures, without delay.
ACCOUNTABILITY
Internal Audit shall prepare, in liaison with the Head of ARCG, an annual audit plan. The plan is based on a risk model that identifies business risks, and on input from line managers. It provides information about the risk assessment, the current order of priority of audit projects and how they are to be carried out. The plan shall be presented to Head of ARCG and the Audit Committee for approval. In case of need, adjustments may be made to the plan during the year. Any such changes would have to be approved by the Head of ARCG and communicated to the Audit Committee. Internal Audit is responsible for planning, conducting, reporting and following up on audit projects included in the audit plan, and decides on the scope and timing of audits. The details of these processes are defined in the Internal Audit Manual. The above does not restrict Internal Audit in initiating any action and/or recommendation, including an unscheduled audit; where exceptions, risks, process gaps/efficiency, losses, near losses or other matter requiring preventive action, should they deem it necessary. Senior Management may also investigate/ highlight concern which may prompt action by internal audit. Audit fieldwork shall be conducted in a professional and timely manner. Reporting of results will include an open process to agree on the facts and the validity of audit recommendations. A detailed audit report and a letter to Management will summarise the objectives and scope of the audit as well as observations and recommendations. In all cases, follow-up work will be undertaken to ensure adequate response to audit recommendations. Internal Audit shall coordinate with external audit to ensure proper coverage and avoid duplication of effort.
STANDARDS
Internal Audit adheres to the standards of best professional practice, such as those published by the Institute of Internal Auditors and the Information Systems Audit
Page 6 of 9
and Control Association, and the relevant reports and recommendations of the Basel Committee on Banking Supervision.
GUIDING PRINCIPLES
The starting point for compliance is formulated in six guiding principles: 1. Compliance is the individual and collective responsibility of each staff member in the bank within the given area of his/her responsibilities. All staff should be aware of relevant regulations and policies, be knowledgeable on how to comply and believe in the need to be compliant. 2. Business unit management is responsible for compliance and acts as role models for all staff. 3. The compliance function exercises independent oversight, enables and supports everyone to fulfill their roles, instills compliance discipline and ethical business conduct, prevents and detects violations of compliance policies. 4. The compliance approach is in principle risk-based, except where a rulesbased approach is required on a case to case basis. 5. The compliance function acts in partnership with the business with complete access to business information and strategy. 6. The compliance function encompasses industry-specific laws and regulations as well as related business conduct.
Page 7 of 9
SCOPE OF COMPLIANCE
The compliance function within the bank provides independent oversight on behalf of senior management of those core processes and related policies and procedures that seek to ensure the bank is in conformity with industry-specific laws and regulations in letter and spirit, thereby maintaining the banks reputation. This includes sanctions and client acceptance and anti money laundering, the protection of clients against miss selling by the bank (e.g. personal investment policy, conflict of interest, chinese walls) and good citizenship (e.g. HRs code of conduct). The compliance scope does not include regulations and policies covering capital adequacy, accounting standards, credit administration etc. These are primarily covered by other support functions and business units, where applicable in consultation and cooperation with Compliance.
Page 8 of 9
Compliance maintains close relationships with other key divisions within ARCG. These divisions are Risk Review, Operational & IT Audit, Retail Audit and Fraud & Investigations Division.
INDEPENDENCE
Compliance is independent from the business and other line functions. Therefore the Head of Compliance reports directly to the Head of ARCG who is a member of the Leadership Forum (LF) and has representation to the Board of Directors through Chief Executive Officer of the bank and to the Audit & Compliance Committee of the LF.
AUTHORITY
The compliance function has free access to information and personnel and has the right to advise internal audit to conduct investigations of possible breaches of the compliance policy and if required to appoint outside experts to perform this task. Compliance is the principal interface with the regulators on compliance issues. All contacts with the regulators on compliance issues are managed through or in consultation with Compliance.
STANDARDS
The senior management of Mashreq is committed to preserving the integrity and reputation of the bank by complying with applicable laws and regulations in each of the markets in which it operates. Employees must adhere to all laws and regulations applicable to Mashreq and to the ethical standards set by Mashreq and those who do not may face disciplinary action. All employees are expected to observe high standards of conduct and be aware of the laws and regulations of other countries when conducting cross border transactions. In addition, Compliance represents Mashreq in external bodies / forums that focus on compliance issues and best practices (e.g. World Check, Complinet, Gulf Coop. Council, Hawkama Institute of Corporate Governance).
ACCOUNTABILITY
Compliance staff are available to provide guidance and support to the Businesses on issues related to laws and regulations. The overall Annual Compliance Plan is approved by the Head of ARCG. Compliance follows a risk based approach in addressing issues escalated to it or resulting from the monitoring conducted by Audit.
NOTE Any changes to the contents of this document require the approval of the Head of ARCG, who will communicate such changes to the Audit & Compliance Committee for their ratification.
Page 9 of 9