Compliance Policy 0 Compliance and Corporate Governance Group October 2016

Transcription

1 Compliance Policy 0 October 2016

2 Table of Contents Introduction Chapter I: The Framework of NBE s Compliance Function 3 Chapter II: The Role of NBE s Compliance Function 4 Chapter III: Core Principles of NBE s Compliance Function 7 Chapter IV: Key Elements of Success 11 Chapter V: Responsibilities of Regulatory Compliance Departments Chapter VI: Governance Principles 17 Chapter VII: Chapter VIII: The Relationship between Compliance and Internal Audit Compliance Assessment Criteria Appendix (1): Appendix (2): Appendix (3): Compliance Self-assessment Compliance Statement Corporate Governance Assessment of Companies in Which NBE holds equity participation

3 Introduction In the light of recent developments in the banking sector, particularly the great importance attached to putting banks internal controls into effect, the National Bank of Egypt (NBE) realized for certain that solid rules for compliance are the bedrock of sound management and earning goodwill with the banking sector. Therefore, compliance is considered a management issue of the utmost importance. On 20/1/2016, NBE s board of directors (BoD) approved updating the organizational chart of the which submits its reports (including, but not limited to, annual reports on anti-money laundering (AML) and combating the financing of terrorism (CFT) activities and quarterly progress reports on all the activities of the Compliance and Corporate Governance Group) directly to the BoD. The new organizational chart comprises the following divisions: Regulatory Compliance Division, AML/CFT Division, Code of Ethics Compliance Department and Testing and Risk Evaluation and Assurance Department. Compliance is an independent function that identifies, evaluates, advises on, monitors and reports on NBE s compliance risk, that is, the risk of legal or regulatory sanctions, financial loss or loss of reputation a bank may suffer as a result of its failure to comply with all or any of the applicable laws, regulations, codes of conduct for employees and senior management and standards of sound practices issued by regulators (together laws, rules and standards ). Lines of business/foreign branches and the relevant subsidiaries are responsible for applying the regulatory instructions each according to the relevant field of work. Such business lines make sure that NBE s policies and procedures are consistent with the business-related laws and regulations as well as banking directives issued by regulators to ensure non-exposure to compliance risks. The compliance function aims at reducing the risks to which NBE is exposed as a result of the violation of laws and regulatory controls which can be averted through implementing the role of compliance effectively, as each employee recognizes his/her personal and professional responsibility towards regulatory compliance. 1

4 The Regulatory Compliance Division has been established as part of the which is an independent function that directly reports to the Chairman. It conforms to the requirements of local and international laws and regulations and best practices. In that vein, the compliance function: a) is responsible for coordinating NBE s management of compliance risk as it reports directly to the Chairman, and b) has access to all information and staff necessary to carry out its responsibilities. 2

5 Chapter I The Framework of NBE s Compliance Function The responsibility of compliance extends to all NBE s divisions, branches and subsidiaries inside Egypt and abroad. NBE is fully responsible for the compliance of all business lines and the application of NBE s Head Office compliance policies to all branches and subsidiaries inside Egypt and abroad. 1. Compliance function definition It is an independent function that identifies, evaluates, advises on, monitors and reports on NBE s compliance risk; that is, the risk of legal or regulatory sanctions, financial loss or loss of reputation a bank may suffer as a result of its failure to comply with all the applicable laws, regulatory controls, banking practices set by local and international regulators or codes of conduct and sound professional practices. 2. The Compliance function Manages risk, particularly reputation risk with respect to offering products in line with regulations, laws and banking practices; Reinforces relationships with regulators and opens lines of communication; Follows up foreign branches compliance with both local and H.O. jurisdiction laws, regulations and banking practices; Reviews the activities of divisions to ensure their compliance with laws and regulations and provides the relevant advice; Reports to the compliance manager any failure on part of any manager or employee to comply with laws or internal regulations and instructions; and Continuously follows up the effective remedy of compliance deficiencies. 3

6 Chapter II The Role of NBE's Compliance Function The Regulatory Compliance Division plans and manages the application of the best practices of compliance programs to all business domains to ensure NBE s compliance with regulatory controls and local and international laws and reduce related risk. The scope of application includes NBE s local and foreign branches and subsidiaries. Compliance with laws, regulations and other social standards is essential for corporations. Nonetheless, ensuring compliance is vital to banks in particular due to the pivotal role played by banks in the financial system and the social and economic infrastructure. In addition, the demand for banks to act responsibly and transparently has remarkably increased in light of the fierce competition across national and industrial boundaries. Furthermore, the market has become more selective. Accordingly, enhancing compliance is a priority of NBE s senior management which will have a significant impact on boosting business. In order for compliance to perform its role, NBE s Regulatory Compliance has developed a compliance function comprising a set of operations and management tools used to undertake business, management and control activities and mitigate compliance risk. The Regulatory Compliance Division is subdivided into the Regulatory Control Department and the Corporate Governance and Regulatory Affairs Department. The Regulatory Control Department is subdivided into the following departments: New Products Regulatory Control Department: Studies new products and assesses existing ones to ensure adherence to the regulations and laws issued by all regulators. Lines of Business (LOB) Regulatory Control Department: Reviews activities related to maintaining a database of laws and regulations issued by the Central Bank of Egypt (CBE); promptly provides the relevant parties with access to information to ensure adherence to local and international regulations and laws; communicates with regulators in case of any violations; and develops and follows up an action plan for compliance. 4

7 Foreign Branches and Correspondent Banks Regulatory Control Department: Maintains effective contact with NBE s foreign branches to ensure their adherence to local and international policies and procedures; provides branches with new law and regulation amendments; receives periodic compliance reports from them; and assesses risks of relationships between NBE and local and foreign agents and correspondent banks. The Corporate Governance and Regulatory Affairs Department is subdivided into the following departments: Regulatory Affairs Department: Represents a liaison with regulators to obtain any regulation amendments and provides regulators with data and information. Corporate Governance Department: Ensures the application of the highest professional performance standards across all NBE s activities pursuant to the governance instructions and regulations issued by regulators. Committee Follow-up Department: Represents a liaison between the BoD and its committees. 5

8 Compliance and Corporate Governance Organizational Chart 6

9 Chapter III Core Principles of NBE s Compliance Function Compliance should maintain NBE s good reputation and integrity: NBE enjoys a distinguished reputation among its customers as well as all local and international banks. Maintaining such good reputation requires the adherence of NBE and its employees to the Compliance Policy which can only be applied through the full comprehension and appropriate application of laws and regulations in each jurisdiction in which NBE conducts business. BoD and senior management should support compliance: The BoD is committed to support and provide the Compliance Division with all the required powers and authorities to perform its responsibilities independently from the executive divisions. Compliance is consulted in all new products and services before their launching. The Compliance function encompasses various aspects. For instance, quarterly reports are submitted to the Audit Committee with a view to evaluating compliance performance and policy implementation, reporting any violations of the current laws and internal, CBE or AML unit regulations, and submitting the Compliance and Corporate Governance Group Head s necessary recommendations for putting the report findings into effect. Moreover, the BoD ensures that resources provided for the Compliance function are both adequate and appropriate for effective compliance risk management and successful identification and mitigation of all kinds of risk. Compliance should be every employee s responsibility Compliance is the core principle of NBE s policy and it is the responsibility of all employees. It is also one of the key standards for NBE to undertake business. Compliance should support business NBE believes that good and sound business practices should be supported by a robust compliance program in place. 7

10 Compliance scope of activity should cover all divisions, geographical areas and NBE regulatory issues The compliance function is comprehensive. It is not limited to financing and investment banking for which many banks have already made suitable arrangements, but it also includes other activities. For example, retail banking requires knowledge of the relevant laws. All units and foreign branches should adhere to the regulatory compliance requirements The Compliance Policy applies to all NBE s departments and branches effective from the date of its approval by the BoD. Furthermore, NBE ensures that its foreign branches have systems in place for monitoring the levels of compliance with the local rules applicable to their activities. Foreign branches are additionally responsible for fully respecting the regulations and standards of the jurisdiction where they carry out their activities and report any discrepancies with Egyptian standards and regulations to NBE s Compliance Group Head. CO in each unit A compliance officer (CO) should be present in each branch, region, H.O. department, foreign branch and subsidiary to support NBE s Compliance function in monitoring compliance, AML and CFT. The CO in a branch/region/department is responsible for the daily monitoring of compliance with NBE s policies and procedures with respect to know your customer (KYC), AML and CFT. The same goes for all laws regulating the business of banking in particular and economic activities in general, as well as applicable laws and regulations issued by regulators such as the CBE and other applicable laws, regulations and rules as may be relevant. In case any violations are identified in this regard, the CO reports to the. 8

11 Each CO should realize that s/he must adhere to the Compliance Policy. S/he should have the appropriate powers to put the compliance function into action in his/her unit. The Compliance Committee The Compliance Committee is composed of the Chief Executive Officer Compliance and Corporate Governance / General Secretariat of the Board of Director as chairman and with the membership of Internal Audit and Inspection Group Head, Legal Affairs Group Head, Operation Group Head, Branches Group Head, Bank Consultant supervising Information Technology Group, Operational Risk Head and General Manager at the Compliance and Corporate Governance Group. The Committee may consult any person at its discretion The Committee holds its meetings quarterly or whenever necessary. Responsibilities of the Compliance Committee Reviews NBE s regulatory Compliance Policy and recommends amendments in coordination with the Regulatory Compliance Division to be approved by the BoD; Assesses the implementation status of NBE s Regulatory Compliance Policy; ensures taking corrective action in case of identifying any policy violations; and presents periodic reports on the implementation status to the Audit Committee; Monitors NBE s adherence to regulatory requirements and submits recommendations to the Audit Committee in case of any violation on the part of the executive departments; Expresses its opinion on common issues among the divisions represented by the Committee members; Investigates the exposure of NBE to compliance risk and presents its reports to the BoD; Gauges the expected impact in case of any changes to the legal framework governing NBE; Discusses issues related to whistleblowing policy; Develops coordination frameworks with each of the Regulatory Compliance, Legal, Internal Audit and Operational Risk Divisions; 9

12 Follows up the FATCA Task Force which is responsible for the applied procedures and for ensuring NBE s compliance with Foreign Account Tax Compliance Act (FATCA) requirements; and determines its terms of reference; Monitors compliance with the timelines specified by the United States legislative body and amends the relevant plan to be consistent with FATCA; Proposes training programs to develop and improve the skills of the FATCA Task Force members; Provides the technical capabilities and eliminates administrative obstacles to streamline the Committee s work; Receives semi-annual reports on the work results of the FATCA Task Force and identifies ratios of performance and the reasons for failing to achieve the plan s objectives in a timely manner, if any; Coordinates with the local regulator with respect to agreements and provides it with the required information for the purpose of enforcing the FATCA; Follows up consultancies helping with the implementation of FATCA and determines the best of which to be presented to the BoD; and Submits semi-annual reports to the BoD showing the status of NBE s compliance with FATCA. 10

13 Chapter IV Key Elements of Success Independence NBE shall obtain the CBE s approval of the appointment of a compliance officer (CO) for NBE. The H.O. compliance officer does not engage in executive work and performs his/her job independently in order to ensure objectivity. The compliance function carries out its responsibilities on its own initiative in all NBE s departments in which compliance risk exists. It has the right to check possible violations of the Compliance Policy and to request assistance from specialists within NBE (e.g. Legal or Internal Audit Divisions). The compliance function has unfettered access to all NBE s data. It is further free to report to senior management any irregularities or nonadherence to the Compliance Policy or any other relevant policies, rules or regulations. Powers and responsibilities: The CO has full powers to access all data and information necessary for undertaking his/her responsibilities and reporting to higher management levels according to the Compliance organizational chart. The CO should have the competency required for examining and studying all procedures and any violations related to compliance risk. Trained and qualified staff The Compliance staff members are qualified and trained to perform the compliance function in NBE. They should have a sound understanding of compliance laws, rules and standards and their practical impact on NBE s operations. The professional competencies of the compliance staff, especially with respect to keeping abreast of the latest developments in compliance laws, rules and standards, are promoted through regular and systematic education and training. 11

14 Sufficient resources The Compliance function is provided with the necessary means of communication for performing its tasks and following up local and international developments and updates. Making all the required resources available to the different levels of Compliance employees is essential in order to be objective in conducting their monitoring duties. The competent officers according to such organizational chart should discuss their comments which indicate violation of the laws and regulations with the relevant departments first before reporting such incidents. Compliance database All the relevant applicable local and international laws and regulations; NBE s articles of association and bylaws; Regulatory controls issued by all regulators such as the CBE and AML unit; and All applicable regulations, taking into consideration the legislation and laws applicable to foreign branches. 12

15 Chapter V Responsibilities of Regulatory Compliance Departments New Products Regulatory Control Department Examines new products to ensure adherence to the relevant regulatory requirements and controls; Assesses the impact of changing regulatory requirements and controls on existing products and their work procedures; Analyzes and evaluates new projects and verifies adherence to the relevant regulations and laws; Ensures disclosure of the specifications and conditions of retail banking products, interest rates and banking tariff; and Ensures the application of e-banking regulations. LOB Regulatory Control Department Reviews activities relating to maintaining a database of laws and regulations issued by the CBE and AML unit and promptly making information available to relevant parties via: - Compiling a database of relevant laws and regulations, ensuring timely access to such database by the relevant parties which may be affected by changes/updates and notifying the management of such changes, their impact and action taken; - Supervising the review of documents and forms used by NBE, ensuring their adherence to applicable laws and regulations, and making the relevant recommendations; - Providing required training to the Department s staff to ensure having the competencies necessary to achieve the highest performance levels; - Developing and updating a matrix of laws and associated risks; - Making recommendations to improve existing procedures for ensuring the effectiveness and quality of business activities; - Coordinating with the Testing and Risk Evaluation and Assurance Department for the evaluation of H.O. divisions to ensure their adherence to the laws and banking compliance and receiving evaluation comments with respect to compliance; and 13

16 - Presenting the necessary reports on non-compliance to senior management; - Taking part in reviewing NBE s divisions responses to CBE s inspection reports. Correspondent Banks and Foreign Branches Regulatory Control Department Establishes effective communication with NBE s foreign branches to ensure their compliance with local and international policies and procedures, receives the periodic report on compliance evaluation from foreign branches (Compliance Self-evaluation Form (Appendix (1)), monitors such evaluation, directs corrective actions if necessary, examines any conflict between local laws and instructions and laws of hosting countries, and prepares the required reports to be presented to the Head who in turn notifies the CBE s Banking Supervision Sector to consider preparing a memorandum of understanding with the authorities of the relevant hosting country; Continuously oversees the compliance of NBE s foreign branches and subsidiaries with local and international policies, procedures, regulations and laws; Evaluates and monitors compliance of foreign branches and subsidiaries to ensure accurate application of compliance programs; Coordinates with foreign branches for the purpose of continuous monitoring to identify violations/breaches of regulatory controls and recommend corrective actions; Identifies deficiencies in the application of NBE s compliance program at NBE s branches and units and takes the necessary corrective actions; Reviews periodic compliance reports received from foreign branches and subsidiaries; Prepares and presents periodic reports on foreign branches to the Regulatory Compliance Division General Manager; Reviews internal and external audit reports with respect to compliance and follows up the adopted corrective actions; Provides foreign branches with updated laws and regulations; 14

17 Receives and discusses the semiannual report to evaluate the performance of compliance officers at foreign branches; Provides CBE s Bnaking Supervision Sector with all the regulatory reports on foreign branches prepared by regulators or auditors in the relevant hosting country; Fills out questionnaires from NBE s correspondent banks and provides them with the required identification documents and compliance statement (Appendix 2); Checks customer identification procedures followed by correspondent banks to identify their risk rating through the information gathered via questionnaires and other bank repositories; and Periodically reviews transactions on the accounts of correspondent banks to ensure that transactions are consistent with the purpose of opening such accounts. Regulatory Affairs Department Forms a liaison with regulators to timely receive any regulation amendments and provides regulators with data, information and periodic reports; Maintains good relations with the CBE s contact person to ensure that the updated regulations are obtained and inquiries are answered; Forwards complaints to relevant business units and follows up corrective actions and replies to the CBE; Prepares accurate periodic reports in accordance with CBE s requirements in a timely manner; Monitors providing the CBE and AML unit with the required data upon preparing for inspection visits to NBE or to the AML/CFT Division; and Reviews and forwards all comments in the regulators reports to the relevant divisions to take corrective actions and reply to such comments. Corporate Governance Department: Gives advice to the senior management on governance instructions issued by the CBE and global governance best practices; Ensures compliance with bank governance instructions issued by the CBE in August 2011; 15

18 Prepares and follows up the implementation of the Governance Manual and makes the necessary amendments in accordance with the latest global and international updates in this regard; Receives and follows up investigations of illegal practices reported by NBE s employees pursuant to the whistleblowing policy and provides protection to the whistleblower; Formulates and monitors the implementation of the code of ethics for employees and the senior management and makes the necessary amendments in accordance with the latest global and international updates in this regard; Develops, and amends as necessary, a conflict of interests policy in accordance with the latest global and international updates in this regard; Studies the CBE s comments on the system of governance and makes the necessary recommendations; and Addresses the appropriate divisions to ensure that companies in which NBE holds equity participation apply governance instructions (Appendix 3). Committee Follow-up Department: Coordinates with all BoD committees to ensure effective communication between such committees and the BoD; Makes amendments to the committees at the request of committee members to be presented to the BoD for approval; Assesses the impact of changes to the laws and regulatory controls on NBE s committees; Provides the CBE with information on the committees; Submits periodic reports on the frequency of meetings held by the committees; Follows up filling out the committee evaluation forms by the committees to support the BoD which has the right to oversee the effectiveness of such committees; and Prepares periodic reports on the committees meetings to be presented to the BoD. 16

19 Chapter VI Governance Principles To have a sound banking sector and put the best international practices in place, the CBE BoD's decision dated July 5 th, 2011 has set bank governance principles including: Concept of governance Bank BoD Relationship between the BoD and senior management and clear segregation of duties Optimal use of the findings of the internal/external auditors and the internal control functions Disclosure and transparency Relationship of the BoD with shareholders Tight control over complex transactions/structures within the governance framework Terminology NBE is a pioneer in terms of applying governance principles. The method adopted by the BoD and senior management in managing and supervising business stresses this fact. Based on such method, objectives are identified, and liability towards beneficiaries, depositors, regulators and the government is observed when carrying out the banking business. Moreover, a professional attitude that ensures a safe and sound workflow is adopted and the applicable laws and regulations are complied with. In that vein, the Governance Manual which is considered an integral part of the Compliance Policy, was approved by the BoD and circulated to all personnel. Further, NBE provides an updated version of the manual to the public and places a copy on its website. Concept of governance Governance BoD and General Meeting Effective relationship between directors and senior management Internal control Relationship of the BoD with internal/external auditors as well as other internal control functions Disclosure and transparency Tight control over complex transactions/structures within the governance framework 17

20 Code of Ethics for employees and senior management Policy of reporting workplace illegal/unethical practices (whistleblowing) Conflict of interests policy Social responsibility Governance report Code of Ethics for employees and senior management As a financial institution, NBE is keen to have an appropriate work environment featuring the highest degree of compliance as far as impartiality, integrity, honesty and credibility are concerned. Hence, all staff should strictly comply at all times and under all circumstances with all regulations, rules and directives in order to achieve the Bank's objectives and keep its image and reputation intact. Accordingly, the Code of Ethics for employees and senior management is updated, approved by the BoD, circulated to the staff, and introduced to NBE employees/new recruitments via orientation courses, as an integral part of the Compliance Policy. The Code of Ethics aims to: Clarify the standards of conduct for staff and senior management Create an appropriate work environment Protect NBE data and customers Serve financial accounting systems, security and soundness of banking transactions and financial reporting Handle conflict of interests Ensure compliance with its items and report violations Whistleblower Protection Policy NBE has developed a policy for reporting malpractices and protecting whistleblowers as an integral part of the Compliance Policy so as to secure a safe liaison with employees who report any practices which are illegal or which violate the Code of Ethics for employees and senior management. The Policy was approved by the BoD and circulated to all employees along with holding orientation sessions. The Policy covers: Core principles and hold harmless provision Normal channels Unacceptable conduct reporting channels for whistleblowers Protection and investigation procedures 18

21 Core roles and responsibilities and disciplinary measures for violating the policy Record keeping and policy review and update 19

22 Chapter VII The Relationship between Compliance and Internal Audit Putting the Bank's compliance program into motion is not enough. The program must be frequently monitored and its success constantly evaluated. Institutions should assess their compliance programs regularly to ensure their effectiveness and look for new risk factors. Internal Audit definition Internal Audit is one stream of NBE's internal control function where a risk-oriented internal audit approach is followed in accordance with the international standards set by the Institute of Internal Auditors as well as the best practices. It aims to add value to the Bank through improving its processes and enhancing efficiency of risk management, control procedures and corporate governance. Internal Audit provides the Audit Committee with an objective and independent assessment of the adequacy of regulatory controls and efficiency of the policies and procedures with the ultimate objective of mitigating major risks according to the Bank's risk appetite and tolerance. Internal Audit versus Compliance The compliance function is mainly concerned with adhering to laws, regulations and best practices whether local or international through ensuring that all NBE's policies and procedures are compliant with the laws and regulations. Internal Audit is concerned with the sound application of NBE's established policies and procedures and whether all staff comply with them. Internal Audit & Inspection plays a collaborative role with the compliance function through the following: Drive the adoption of automated regulatory controls for non-compliance oriented workflow; Provide periodic input for a comprehensive non-compliance assessment; Monitor business practice/processes related to non-compliance; Assess the effectiveness of non-compliance related internal regulatory controls as part of its assurance role; and Review compliance activities as part of the Bank's audit plan. 20

23 Auditing NBE's foreign branches & units NBE takes certain regulatory measures regarding its foreign branches and units by ensuring that: The activities of foreign branches and units are consistent with the organizational and strategic objectives as a whole; All foreign branches and units comply with the applicable instructions at the host country in addition to adhering to CBE instructions, particularly in connection with rules of preparing the financial statements. In case of inconsistency, NBE's foreign branch or unit notifies the Head of Compliance and Corporate Governance Group- Head Office who, in turn, gives a full account of such inconsistency to CBE's Banking Supervision Sector to take the necessary actions in this regard; Authorities vested to make the appropriate decisions are in line with the targets of the units and their business nature; Duties are segregated and the principle of dual control is effectively applied; and Foreign branches and units perform an internal audit and periodically provide H/O Internal Audit and Inspection Group with reports of their operating results. 21

24 Chapter VIII Compliance Assessment Criteria The Basel Committee defined the compliance criteria as a group of parameters that measure the commitment of the Bank and its staff. Bank compliance The Bank's internal policies and procedures are set in accordance with the regulating laws and legislation and periodically reviewed. Such laws and regulations are either local or international. Local laws and directives include those issued by legislative bodies, e.g. CBE, Banking Sector and Money Law No. 88/2003, Anti-money Laundering Law No. 80/2002, Labour Law, Tax Laws, Capital Market Law, Trade Law and other relevant laws, regulations, executive and ministerial decrees, and other directives, rules and regulations issued by the CBE or the AML unit. International and regional regulations include regional and international standards such as Basel Committee, and Financial Action Task Force (FATF) recommendations. The Bank's compliance assessment can be measured through internal/external control reports. Staff compliance Staff compliance is evaluated through their personal and professional performance, which are both linked to staff comprehension of and compliance with the Bank's policies, procedures, regulations and other HO complementary regulations such as: the Code of Ethics determining staff responsibilities and prohibited conduct and related disciplinary actions and the AML policies and procedures which set penalties for violation of the AML/KYC regulations. As NBE is keen on maintaining its position on the top of the banking system and keeping its good reputation locally and internationally, staff have to maintain this unique standard through providing high-quality and prudent services, and adopting ethical policies and refined attitudes towards customers. This policy manual will be reviewed and updated every two years by NBE s. The contents of this manual may not rescind or override the applicable local regulatory laws and directives which govern NBE s activity. In case there is a conflict between the contents hereof and laws, instructions and regulations issued by regulators or 22

25 legislators, whichever is stricter shall apply to the extent that no local authority laws or instructions are broken or violated. This policy applies to all NBE s branches, divisions and foreign branches and subsidiaries to the extent that the application does not conflict with the laws and regulations of the jurisdictions in which they conduct business. 23

26 Appendix (1) Compliance Self-Assessment 1. Management Commitment and Oversight Risk Component Weight Risk rating 1. Senior management has values, attitudes and beliefs 0.2 supporting compliance culture 2. Senior management is committed to implementing 0.2 compliance culture 3. Senior management drives the development of the 0.2 desired values, attitudes and beliefs 4. Management meets on regular basis and is 0.2 accessible for ad hoc meetings with country compliance manager; management is directly involved in the discussion and review of compliance issues. 5. Senior management provides leadership in defining 0.2 and embedding the desired behaviors and culture Calculation 2. Compliance Role Risk Component Weight Risk rating 1. Compliance is engaged in and consulted in advance 0.25 of making significant business decisions/ transactions with compliance implications 2. Compliance is provided with comprehensive and 0.25 adequate resources (e.g. staff, budget, system, etc.) 3. Compliance has unrestricted access to information, 0.25 system, and people as it relates to compliance risk identification, monitoring, and reporting. 4. The compliance governance structure ensures the 0.25 compliance manager is empowered to conduct responsibilities as per compliance group policy, standards, requirements, and operating procedures. Calculation 3. Foreign Branches and Subsidiaries: Risk Component Weight Risk rating 1. Policies developed to establish requirements with 0.25 respect to record keeping and their retention, and ascertain client identity 2. Compliance program includes the risk assessment 0.25 of money laundering or a terrorist activity financing Calculation 24

27 offence and risk mitigation controls when the risk is considered to be high and is established and implemented 3. Board of Directors approved these policies Foreign branches or foreign subsidiaries apply these 0.25 policies to the extent it is permitted by the laws of the country in which they are located 4. Culture of Ethics & Compliance Accountability Risk Component Weight Risk rating 1. The Code of Ethics is provided to and signed by 0.1 new bank staff as part of the hiring process 2. The Code of Ethics is acknowledged by all bank 0.2 staff on annual basis. 3. Violations of the Code of Ethics as well as noncompliance 0.1 with Bank policies and procedures are reported, documented and tracked 4. There are direct documented and enforced 0.2 consequences for violation and non-compliance 5. Accountability for compliance is specifically 0.2 defined and included in job descriptions 6. Accountability for compliance performance is 0.2 specifically included as part of personnel evaluations/ appraisals 5. Policies & Procedures Risk Component Weight Risk rating 1. Current products/ services/ processes are 0.2 documented in the form of policies & procedures; policies are standardized across business area. 2. Policies & procedures reflect the necessary legal/ 0.2 regulatory requirements that pertain to the business area. 3. Policies & procedures follow the appropriate 0.2 approval process. 4. Policies & procedures are updated on regular basis 0.2 in order to reflect any AML/CFT legislation changes. 5. Policies & procedures are communicated and 0.2 understood by the staff (policies & procedures are clear and detailed), as appropriate. Calculation Calculation 25

28 6. Training Programs & Professional Competency Risk Component Weight Risk rating 1. Training programs are well developed, address the 0.2 compliance risk issues for the business, have formalized training plans, and are approved by Compliance- Head office 2. Relevant Bank staff received compliance training, 0.2 as appropriate; training attendance is monitored, tracked and reported. 3. Bank staff have received AML training at least once 0.2 within the last two years; training attendance is monitored, tracked and reported. 4. Compliance staff demonstrate investment in their 0.2 continued compliance education and certification programs (e.g. CAMS, CFCS) to ensure their knowledge of compliance is current and that they are aware of regulatory developments, industry trending, and leading compliance practices. 5. Compliance staff demonstrate investment in their 0.2 continued competencies/ skills (non-compliance) to ensure quality (e.g. computer skills, interpersonal skills, etc.) Calculation 7- Identify & Prioritize Compliance Risk Risk Component Weight Risk rating 1. Compliance Manager maintains a current 0.25 understanding of country risk profile, inclusive of existing products/ services, distribution channels, customer types and segmentation, transaction types, and geographies. 2. New and revised regulatory developments, 0.25 inclusive of compliance related laws, rules, regulations, and instructions are closely monitored and Regulatory Inventory is updated accordingly. 3. Identification and implementation of process 0.25 changes, new products and services, and organizational or management changes are timely and effective. 4. Compliance risks are prioritized according to risk 0.25 exposure/impact. Calculation 26

29 8- Monitoring & Tracking Compliance issues Risk Component Weight Risk rating 1. Monitoring techniques are developed to effectively 0.2 detect violations, noncompliance, or weak control. 2. Compliance monitoring is performed according to 0.2 the compliance monitoring techniques, policies and procedures and results are prioritized and addressed as appropriate. 3. Compliance monitoring techniques per line of 0.1 business are annually updated. 4. System controls are effectively utilized to allow 0.1 potential violations and non-compliance to be detected before actually occurring as well as after a violation occurs. 5. AML alerts are managed and investigated in a 0.2 timely and thorough manner; Suspicious Activity Reports (SARs) are filed with authorities as appropriate. 6. Validation & Corrective actions required as a result 0.2 of monitoring, complaints, Internal Audit, Risk Evaluation and Assurance and regulatory reports are timely and effective in reducing the potential exposure. Calculation 9 Reporting & Communication Risk Component Weight Risk rating 1. The status of compliance issues is communicated to 0.2 the compliance officer at the branch and the Compliance Head Office through accurate and timely formal status reports/ scorecards/ matrices. (e.g. Compliance Self Assessment, Regulatory Compliance Report, and Audit/ Exam notification per Compliance Head Office Operating procedures). Calculation 2. Compliance related regulatory communications are received, logged, and tracked; action is taken and responses provided in a timely manner, where required

30 3. Awareness of compliance issues and requirements is achieved through periodic communications (e.g. newsletters, internal memos, presentations, etc.) to appropriate employees and management. 4. Compliance staff have developed solid relationships with internal and external business partners and serve as industry leaders in trade associations, committees, etc. 5. Strong relationship and open channels of communication exist related to compliance with regulatory agency contacts (e.g. Central Bank and FIU) Infrastructure Risk Component Weight Risk rating 1 Compliance Monitoring Program results indicate that compliance management systems and information processes are strong. Calculation 2 Regulatory report, external audit & internal audit review items relating to violations, noncompliance, as well as weaknesses are few and are deemed relatively insignificant. 3 There are no recent losses or negative publicity associated with compliance issues, including regulatory penalties imposed. 4 Customer complaints are infrequent Overall assessment score 28

31 Appendix (2) Compliance Statement National Bank of Egypt (NBE) enjoys a distinguished reputation among its customers, as well as among local and foreign banks. Maintaining such reputation requires that NBE as well as its employees fully understand and properly apply the laws, regulations and instructions issued by the competent regulators. The Compliance function in NBE aims at mitigating potential risks to which the Bank may be exposed in case of the violation or misapplication of such laws, regulations or instructions. Being a financial institution which provides banking services and products across different countries, NBE is subject to many legal and regulatory systems and requirements at the local and international levels. Accordingly, NBE must adhere to the laws, rules, systems, directives, policies and procedures which apply to NBE as well as its branches and departments. NBE is subject to periodic inspection by different regulators. Its customers expect a proper work environment which is characterized by the highest levels of impartiality, honesty, integrity and credibility. Non-compliance with such instructions may jeopardize NBE s image and reputation, and consequently prevents the Bank from achieving its objectives. NBE complies with the applicable AML and CFT regulatory controls issued by CBE which generally include adopting KYC procedures, appointing a compliance officer and designating his/her responsibilities and authorities, establishing suspicious transactions reporting procedures, keeping records and documents, setting internal control regulations, and providing the necessary training to all employees. In light of the Anti-money Laundering Law No. 80/2002 and its amendments, NBE s BoD approved and adopted an AML and CFT program. The main objective of such program is to consolidate and disseminate the AML Internal Control regulations to be applied at the H.O. and all branches inside Egypt and abroad. This program includes, without limitation: Prohibiting establishing or maintaining relationships with shell banks or with banks which provide correspondence services to shell banks; Prohibiting opening anonymous or numbered bank accounts; 29

32 Identifying and assessing money-laundering risks in connection with all services and products; Adhering to all local and international AML and CFT laws and regulations; Adhering to KYC rules and due diligence procedures and identifying the actual beneficiaries of accounts; Identifying and evaluating the risks of high-risk profile customers whether due to their positions as politically exposed persons "PEPs", or financially exposed persons "FEPs"; Keeping records and documents of opening accounts and bank transactions according to the set retention periods; Developing AML and CFT training plans for NBE employees in coordination with the Human Resources; Reporting suspicious money laundering transactions according to the applicable laws in this regard; Setting internal control regulations to be continuously enhanced; and Conducting ongoing offsite and onsite evaluation of compliance activities at NBE s branches and units. 30

33 Appendix (3) Corporate governance assessment of companies in which NBE holds equity participation I. Introduction & Definition This assessment measures the extent to which corporate governance rules and principles are applied, as they represent the systems and procedures that keep the best level of protection and balance between the interests of BoD, companies managers, shareholders and other affected stakeholders. These rules are deemed complementary to the provisions stipulated under various laws, especially Law No. 159/1981 on Joint Stock Companies, Limited Partnerships and Limited Liability Companies, and the Capital Market Law No. 95/1992, and the executive regulations thereof and other resolutions issued for their application. However, the said corporate governance rules organize and state the proper conduct in corporate management according to the international best practices, striking balance between the interests of different parties. Therefore, it is expected from companies of different types, including their shareholders and management, to work on implementing and adhering to these rules as they realize several benefits not only for the compliant companies but also for the investment climate in general. Such rules protect shareholders rights and ensure the necessary disclosures by companies, increasing investors confidence. The purpose of this assessment is recognizing the extent of applying corporate governance criteria and their realization rates in companies in which NBE holds equity participation. It also unveils defective application of rules and casts light on the problems that impede implementation in order to be avoided in the future. This assessment measures the extent of applying governance criteria based on the following: 1) basics of an effective corporate governance framework, 2) governance framework on protecting shareholders primary rights, 3) general assembly governance framework, 4) governance framework on management structure and manner of composition, 5) governance framework on BoD s discharge of its functions, 6) audit committee governance framework, 7) internal audit department governance framework, 8) governance framework on safeguarding stakeholders rights, 31

34 9) governance framework on implementing conflict of interests policy, 10) disclosure and transparency governance framework, 11) governance framework on effective auditor s role, and 12) governance framework on effective internal audit management. Role of NBE's representative in assessing the effective implementation of corporate governance in companies: The Bank s representatives play a substantial role in the respective companies. S/he is responsible for: ensuring that governance rules and concepts are applied in the company and their goals are realized; preparing a periodic report including the key recommendations and proposals s/he may deem appropriate; spotting the obstacles and problems that may negatively influence the implementation of rules; issuing the relevant recommendations for corrective actions in the future; ensuring there is an efficient governance system; and acting on disseminating governance concepts and awareness. II. Assessment Technique and Process This assessment consists of three parts. Part I deals with the information on the assessed company. The other two parts assess the extent of implementing the concepts and procedures of corporate governance: Part I: includes an information form about the company. Part II: contains the basic assessment that treats a set of criteria. Each criterion is evaluated separately through determining to what extent it is fulfilled by the company. The scores of each criterion are calculated to obtain the final result in a table below every criterion. Part III: is a complementary assessment that includes a set of questions. Scores are determined based on answers. The assessment s final result is calculated by summing up the scores of each part, to figure out the percentage to total score. The Bank s representative writes down at the end of the report his/ her notes and recommendations about implementing governance concepts and procedures by the assessed company. 32

35 Part I Information on the company in which our Bank holds equity participation Basic information Name Name of Bank s representative Assessment period Head Office Website Telephones Legal form The law under which the Company was incorporated Year of incorporation Bank s equity participation Purpose of incorporation Paid-up capital Number of BoD members Manner of selecting BoD members 33

36 Information on joint stock companies listed on EGX Commercial register Listing date Number of listed shares Number of shareholders Nominal value per share Book value per share Authorized capital Information on joint stock companies not listed on EGX Commercial register Number of shares Number of shareholders Nominal value per share Book value per share Authorized capital 34

37 Information on public-business companies Number of affiliated companies (in case of holding companies) Working capital Latest audited financial statements Number of branches Other information deemed worth-mentioning by the Bank s representative about the assessed company:

38 Part II Basic Assessment Criterion Fair Good V. good Excellent Total Score Score Score of each grade Basics of an effective corporate governance framework: - The responsibilities and powers of board members and senior management are determined. - The extent to which the policies and manuals are adequate and compatible with the laws, regulations and concepts of modern governance. - Efforts are made to develop the company s governance structure, taking into account its influence on the overall economic performance and the incentives provided for the market players. - Governance concepts and awareness are disseminated among all employees. - The company embraces a general strategy where the optimal capital structure, company s objectives and future plans for business expansion are determined. Realized score 36