System of Internal Controls
The Bank has established a system of internal controls that is based on international best practice and is designed to provide reasonable assurance regarding the achievement of objectives in the following categories
- efficient and effective operations
- reliability and completeness of financial and management information
- compliance with applicable laws and regulations
The Internal Audit Department is established under the approval of the Board of Directors and the Audit Committee of the Bank.
The Internal Audit Department is an independent, objective assurance and consulting function designed to add value and improve the Bank’s operations. It helps the Bank accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
In the course of its work, the Internal Audit Department reviews the adequacy and effectiveness of internal control and risk mitigation systems set up in order to address inherent risks associated with businesses carried out and operations run, to provide reasonable reassurance to the Board of Directors, in the form of an independent opinion, as to:
- the appropriateness, adequacy, and effectiveness of the Governance framework of the Bank
- the overall means by which the Bank manages and mitigates risks to preserve its assets, and seeks to prevent fraud, misappropriation, or misapplication of such assets
- the reliability, integrity and completeness of accounting, financial reporting, and information technology systems
- the design, adequacy and effectiveness of the internal control framework of the Bank
- compliance with the Bank’s business, risk, ethical policies, applicable laws and regulations
- safeguarding of the Bank’s assets
- any other matter, as requested by the Board, the Bank’s Management, the Central Bank of Cyprus or matters within the scope of the Department’s review universe.
The Board has delegated the responsibility for monitoring the activity of the Risk Management Division to the Risk Committee of the Bank.
The Risk Management Division main functions include the following:
- The utilization of suitable methods employed by the Bank for the management of risks undertaken by the Bank, in general, and risks to which the Bank may be exposed to, including the use of models for forecasting, identifying, measuring, monitoring, mitigating and reporting of risks
- The fine-tuning of risk taking limits, based on specific parameters, by type of risk, counter-party, business sector, country, currency, facility, security of financial asset, derivative, etc.
- The setting-up of an early warning system for individual and connected portfolios
- The carrying out, on an annual basis, of crisis simulation exercises (stress tests), for all types of risks (credit risk, market risk, interest rate risk, liquidity risk etc.)
- The determination of the Bank’s capital requirements in cooperation with Finance & Control and the development of methodologies for their calculation so that the bank is covered against all risks to which it is exposed as well as the submission of suggestions for the management of such risks
- The submission of written reports, on a quarterly basis, by the Head of the Risk Management Unit to the Board and the senior executive management.
The Board has delegated the responsibility for monitoring the activity of the Compliance Department to the Audit Committee of the Bank.
The main duties of the Compliance Department include the following:
- Handle issues related to Anti Money Laundering and Combat Financing of Terrorism, in accordance with applicable laws and regulations. The Department is responsible for the development of the necessary policies and procedures as well as for monitoring adherence to them and the provision of adequate AML/CFT training and guidance to the staff
- Provide timely and accurate responses to requests arising from Regulatory and other Authorities as well as co-operate with them in order to facilitate their work
- Set up internal codes of conduct and monitor staff adherence to them
- Assist in the handling of Market in Financial Instruments Directive related issues
- Ensure that customer complaints are handled in accordance with the established procedure
- Cooperate with Eurobank’s Group Compliance & Regulatory Requests Division on major compliance activities
- Submit quarterly and annual activity reports to senior management and the Audit Committee
The Information Security Division is responsible for the development and implementation of the information security framework.
The main duties of the Information Security Division include the following:
- Advise and provide recommendations to Board on the development of an information security policy
- Advise and provide recommendations to the Bank’s senior management on the development and implementation of the Bank’s information security program in the form of security policies, standards, guidelines, procedures and processes
- Oversee the dissemination and implementation of the information security program Bank-wide
- Cooperate with the Bank’s business and support divisions and other internal control functions, for the effective implementation of security principles in the development of their policies and procedures
- Develop and implement, in cooperation with the Risk Management Division, an information security risk assessment and management program
- Monitor compliance with information security policies, standards, guidelines, processes and procedures.