The Bank’s internal control system is organised in the framework of the so-called three independent lines of defence, which comprise:
- 1st line – the Bank’s operating units not belonging to the 2nd and 3rd line of defence,
- 2nd line – Compliance Department and other units managing particular risks,
- 3rd line – Internal Audit Department.
The internal control system covers all organisational units of the Bank and subsidiaries belonging to the capital group.
The main objectives of the internal control system are to ensure:
- effectiveness and efficiency of the Bank’s operations,
- credibility of financial information (including: completeness, correctness and comprehensiveness of administrative and accounting procedures and fair and true internal and external reporting),
- observance of risk management principles at the Bank,
- compliance of the Bank’s activity with laws, internal regulations and market standards.
Based on the developed selection criteria the Bank identified material processes, and then linked them to the general and specific objectives of the internal control system. For material processes the Bank selected controls (control mechanisms) functioning within such processes and selected out of them certain controls of key importance for achieving the objectives of the internal control system assigned to a given process. Key controls have been covered by the monitoring of their observance, such monitoring performed independently by organisational units belonging to the 1st and the 2nd line of defence in the internal control system.
The linking of the general objectives of internal control and specific objectives isolated as part of them with material processes functioning at the Bank and key controls and principles of independent monitoring of their observance is documented in the form of the Control Function Matrix. The Bank in the Matrix also specified the responsibility of particular organizational units for employing control mechanisms, as well as their independent monitoring.
The Bank has a formalized path of reporting about the results of monitoring controls, ascertained irregularities and status of implementing remedial and disciplining measures. From time to time this information is also transferred to the Internal Audit Department, the Bank’s Management Board and Audit Committee of the Supervisory Board.
The Bank’s Management Board is responsible for the implementation and functioning of an adequate, effective and efficient internal control system.
The Bank’s Supervisory Board exercises supervision and performs the annual evaluation of the implementation and ensuring that the internal control system is adequate and effective, as a whole and in its parts (including the control function, Compliance Department, Internal Audit Department).