Decision on internal control systems. (Official Gazette 1/2009, 75/2009 and 2/2010 unofficial consolidated version)

Similar documents
Decision on outsourcing. Article 1

Decision on recovery plans of credit institutions. Subject matter Article 1

Pursuant to Article 95, item 3 of the Constitution of Montenegro I hereby pass the ENACTMENT PROCLAIMING THE LAW ON BANKS

System of Governance

Regulation for Establishing the Internal Control System of an Investment Management Company

Decision on adequate information system management. (Official Gazette 37/2010)

MINISTRY OF FOREIGN AFFAIRS AND EUROPEAN INTEGRATION CROATIAN PARLIAMENT

CROATIAN PARLIAMENT 1364

CONTENT OF THE AUDIT LAW

ARTICLES OF INCORPORATION OF RAIFFEISEN VOLUNTARY PENSION FUND

INSURANCE ACT ZAKON O OSIGURANJU

REGULATION ON FINANCIAL HOLDING COMPANIES (Published in Official Gazette dated November 1, 2006 Nr )

R E G U L A T I O N ON THE SUPERVISION OF BANKS AND SAVINGS BANKS ON A CONSOLIDATED BASIS *

RS Official Gazette, No 51/2015

Insurance Undertakings and Compliance Requirements

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

The Banking Act of 29 August 1997 (Journal of Laws of 2015, item 128) (consolidated version) CHAPTER 1 GENERAL PROVISIONS

CONSULTATIVE COUNCIL OF EUROPEAN PROSECUTORS (CCPE)

Eurex13e Regulations for the As of Audit Group of Eurex Exchanges Page 1

DECISION PROMULGATING THE PAYMENT SYSTEM ACT

ACT ON THE CHAMBER OF ARCHITECTS AND CHAMBERS OF ENGINEERS IN CONSTRCUTION AND PHYSICAL PLANNING I. GENERAL PROVISIONS

THE CROATIAN PARLIAMENT DECISION PROMULGATING THE ACT ON INVESTMENT FUNDS WITH A PUBLIC OFFERING

Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)

UNOFFICIAL AND UNAUTHORIZED TRANSLATION

Guideline on risk management and other aspects of internal control in stock exchange

DECISION on own funds of credit institutions. Subject matter Article 1

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

Key functions in the system of governance Responsibilities, interfaces and outsourcing under Solvency II

LAW ON BANKS (consolidated) 1

Finansinspektionen s Regulatory Code

Bylaws. for the Managing Board of Siemens Aktiengesellschaft. valid from October 1, 2015

AS DnB NORD Banka REPORT ON CORPORATE GOVERNANCE for the year ending on 31 December 2008

Act on Investment Firms /579

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

UNOFFICIAL CONSOLIDATION AND TRANSLATION OF LAWS 128(I) OF 2009 AND 52(I) OF 2010 THE PAYMENT SERVICES LAWS OF 2009 TO 2010

THE CORPORATE GOVERNANCE CODE FOR THE COMPANIES LISTED ON THE NATIONAL STOCK EXCHANGE OF LITHUANIA

Ministry of Labour and Social Policy LAW ON VOLUNTARY FULLY FUNDED PENSION INSURANCE ( )

Finansinspektionen's Regulations

Ordinance on Collective Investment Schemes

(28 February 2014 to date) CREDIT RATING SERVICES ACT 24 OF 2012

ACT ON BANKS. The National Council of the Slovak Republic has adopted this Act: SECTION I PART ONE BASIC PROVISIONS. Article 1

Corporate Governance Regulations

Statement of Guidance

OPEN JOINT STOCK COMPANY SBERBANK OF RUSSIA

ECB-PUBLIC. 2. General observations

THE CROATIAN PARLIAMENT. Pursuant to Article 89 of the Constitution of the Republic of Croatia, I hereby issue the DECISION

Referential Translation. Development of Remote Trading Participant System January 29, 2009 Tokyo Stock Exchange, Inc.

STATUTORY INSTRUMENTS. S.I. No. 416 of 2014 EUROPEAN UNION (INSURANCE AND REINSURANCE GROUPS AND FINANCIAL CONGLOMERATES)(AMENDMENT) REGULATIONS 2014

PAYMENT SERVICES AND SYSTEMS ACT (ZPlaSS) CHAPTER 1 GENERAL PROVISIONS SUBCHAPTER 1 CONTENT OF THE ACT. Article 1. (scope)

EXTERNAL AUDIT AND RELATION BETWEEN INTERNAL AUDITORS, SUPERVISORY BODY AND EXTERNAL AUDITORS OF THE BANKING SECTOR IN THE REPUBLIC OF MACEDONIA

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

Act amending Banking Act (ZBan-1L) Article 1

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

Corporate Governance Code for Banks

Article 1. Article 2. The legislation shall mean this Law and the by-laws relating to the compliance with this Law.

CIVIL CODE OF AZERBAIJAN. (unofficial translation)

Statement of Guidance: Outsourcing All Regulated Entities

DECISIONS ADOPTED JOINTLY BY THE EUROPEAN PARLIAMENT AND THE COUNCIL

CREDIT RATING SERVICES BILL

REPUBLIC OF SOUTH AFRICA CREDIT RATING SERVICES BILL. Draft for public comment As approved by Cabinet on 26 July 2011

Standard 4.1. Establishment and maintenance of internal control and risk management. Regulations and guidelines

S T A T U T E OF THE AGROINDUSTRIJSKO KOMERCIJALNA BANKA AIK BANKA A.D. NIŠ (REVIEWED TEXT)

Suppliment tal-gazzetta tal-gvern ta Malta Nru. 18,412, 30 ta April, 2009 Taqsima B FINANCIAL MARKETS ACT (CAP. 345)

Estonian Health Insurance Fund Act

(Unofficial translation by the Financial and Capital Market Commission)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

RS Official Gazette, No 23/2013 and 113/2013

KINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS

10 Audit of Consolidated Financial Statements

ESTONIA MONEY LAUNDERING AND TERRORISM FINANCING PREVENTION ACT

Credit Institution Law

MINNESOTA MUTUAL COMPANIES, INC. Guidelines of the Audit Committee of the Board of Directors

(UNOFFICIAL TRANSLATION)

Unofficial Consolidation

Audit of the control body through the monitoring of compliance with control plan. Measures for the irregularities

I. BASIC PROVISIONS. Subject of regulation

CROATIAN PARLIAMENT. Based on Article 88 of the Constitution of the Republic of Croatia, I hereby make the

Act on Payment Services

I. GENERAL PROVISIONS

Amended and Restated. Charter of the Audit Committee. of the Board of Directors of. Tribune Publishing Company. (As Amended November 11, 2014)

THE CROATIAN FINANCIAL SERVICES SUPERVISORY AGENCY

(Unofficial translation by the Financial and Capital Market Commission)

Law on Investment Management Companies

Guidelines on preparation for and management of a financial crisis

Appendix 1. This appendix is a proposed new module of the DFSA Rulebook. Therefore, the text is not underlined as it is all new text.

Authorised Persons Regulations

CORPORATE LEGAL FRAMEWORK IN JORDAN. Legal reference: The Companies Law No. 27 of 2002 and its amendments

CROATIAN PARLIAMENT 242

THE INVESTMENT FUNDS AND MANAGEMENT COMPANIES ACT - 1. Ljubljana, 2003

NATIONAL PAYMENT SYSTEM ACT

GUIDELINES for the analysis and assessment of money laundering and terrorist financing risks for credit institutions and credit unions

Margin Trading Rules

Regulations of the Audit and Compliance Committee of Gamesa Corporación Tecnológica, S.A.

Smartphone Authentication Service Terms and Conditions

Law. on Payment Services and Payment Systems. Chapter One GENERAL PROVISIONS. Section I Subject and Negative Scope. Subject.

Insurance Groups under Solvency II

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

ANNEX A IRAQ BANKING LAW. Section 1 General Provisions...5 Article 1 Definitions...5 Article 2 Regulatory objectives...8 Article 3 Prohibitions...

Republic of Macedonia LAW ON MANDATORY FULLY FUNDED PENSION INSURANCE

Rules. of Multilateral Trading Facility. First North

Transcription:

Decision on internal control systems (Official Gazette 1/2009, 75/2009 and 2/2010 unofficial consolidated version) Zagreb, February 2010

Decision on internal control systems 1 GENERAL PROVISIONS Subject matter and scope Article 1 (1) This Decision governs the minimum requirements for establishing adequate and efficient internal control systems, as well as the scope and manner of carrying out the control function activities. (2) The provisions of this Decision shall apply to credit institutions with registered offices in the Republic of Croatia which have been authorised by the Croatian National Bank. (3) The provisions of this Decision shall apply mutatis mutandis to branches of thirdcountry credit institutions which have been authorised by the Croatian National Bank to provide services, as well as electronic money institutions. (4) A credit institution shall apply the provisions of this Decision on an individual basis and, on a consolidated basis, in accordance with the Decision on the supervision of a group of credit institutions on a consolidated basis. 2 INTERNAL CONTROL SYSTEMS Internal control systems Article 2 (1) The internal control systems shall be a group of processes and procedures established for adequate risk control, monitoring the efficiency and effectiveness of a credit institution s operation, reliability of its financial and other information, and compliance with regulations, internal bylaws, standards and codes in order to ensure the stability of the credit institution s operation. (2) A credit institution shall establish and implement effective internal control systems in all areas of operation including at a minimum: 1) an appropriate organisational structure; 2) organisational culture; 3) adequate control activities and the allocation of responsibilities; 2

4) appropriate internal controls integrated into the business processes and activities of the credit institution; 5) appropriate administrative and accounting procedures; and 6) activities within the scope of the credit institution s control functions. (3) A credit institution shall prescribe and establish adequate control activities and the allocation of responsibilities, appropriate internal controls and appropriate administrative and accounting procedures referred to in paragraph (2) items (3) to (5) of this Article, to be implemented within the credit institution s regular activities. (4) All employees, the senior management, management board and supervisory board of a credit institution should participate in the establishment and implementation of the internal control systems. (5) The internal controls, including the administrative and accounting procedures referred to in paragraph (2) of this Article, shall in particular relate to: 1) the calculation and reassessment of capital requirements regarding risks in accordance with Article 114, paragraph (1), item (2) of the Credit Institutions Act; 2) the identification and monitoring of large exposures and subsequent changes thereto, and verification of the large exposures compliance with a credit institution s policies regarding this type of exposure, pursuant to Article 114 of the Credit Institutions Act; 3) the keeping of business books, other business documentation and records, evaluation of assets and liabilities and the preparation, publishing and delivery of annual financial statements in accordance with Articles 171 to 175 of the Credit Institutions Act, and other reports in accordance with valid regulations and professional standards; 4) the processes ensuring timeliness, validity and accuracy of publicly disclosed information in accordance with Article 178, paragraph (2) of the Credit Institutions Act; 5) the management, logical and physical controls within the information system, including the controls and procedures in accordance with Article 207, paragraph (2) of the Credit Institutions Act; 6) control procedures to verify the correctness of data and information necessary for supervision on a consolidated basis in accordance with Article 286, paragraph (1) of the Credit Institutions Act; 7) the reporting system and monitoring procedures for intra-group transactions in accordance with Article 297, paragraph (2), item (1) of the Credit Institutions Act; 8) reporting to supervisory and other bodies in accordance with the Credit Institutions Act, subordinate legislation adopted under this Act and other relevant regulations; and 9) estimation of the effects of outsourcing of business activities on internal control systems. 3

(6) A credit institution shall timely determine the areas of operation with potential conflicts of interest, and shall ensure that conflicts of interest in any form whatsoever are adequately prevented. 3 CONTROL FUNCTIONS Control functions Article 3 (1) A credit institution shall establish three control functions: 1) a risk control function, 2) a compliance function, and 3) an internal audit function. (2) A credit institution shall establish permanent and effective control functions independent from the business processes and activities in which a risk occurs, or which it monitors and supervises, proportionally to its size, as well as the type, scope and complexity of operation in accordance with its risk profile. (3) A credit institution shall organise an internal audit function as a separate organisational unit, functionally and organisationally independent both from the activities it audits and from other organisational units of the credit institution, in accordance with the Credit Institutions Act and the regulations adopted thereunder. (4) A credit institution shall organise its control functions in a manner to cover all significant risks to which the credit institution is or might be exposed in its operation. (5) A credit institution shall establish control functions in a manner to avoid conflicts of interest. (6) Control functions should ensure the compliance of a credit institution s operation with the strategies, policies and other internal bylaws on risk management. (7) A credit institution s management board shall periodically, and on an annual basis at a minimum, verify the appropriateness of the procedures and the efficiency of the control functions. (8) A credit institution s supervisory board shall verify the appropriateness of the internal audit procedures and its efficiency. (9) No individual control function may be organised within other control functions. 4

(10) A credit institution may entrust the performance of a part of activities related to the control functions to service providers in accordance with Articles 164 to 166 of the Credit Institutions Act and regulations adopted thereunder. (11) By way of derogation from paragraph (10) of this Article, a credit institution may outsource the carrying out of internal audits in accordance with Article 183, paragraphs (2) to (4) of the Credit Institutions Act. Bylaw on a control function Article 4 (1) A credit institution shall, in an internal bylaw for each control function, lay down at a minimum: 1) the objectives, scope and mode of operation of a control function; 2) the organisational structure and the role of the control function; 3) the organisational position of the control function within the credit institution and the measures to ensure its independence; 4) the powers, responsibilities and relationships of the control function with other organisational units and its mutual relationships with other control functions; 5) the right of access to data and information; 6) the duties and responsibilities of the person responsible for the operation of the control function as a whole; 7) the reporting system. (2) Bylaws on the risk control and compliance functions shall be adopted by the credit institution's management board, subject to the prior approval of the supervisory board. Persons carrying out control functions Article 5 (1) A credit institution shall, proportionally to its size and the type, volume and complexity of operation, for the carrying out of each control function ensure a sufficient number of persons with adequate professional qualifications and experience. (2) Where several persons are entrusted with the performance of a certain control function, a person responsible for the operation of the control function as a whole and his/her deputy shall be appointed. (3) A credit institution shall without delay notify the supervisory board and the Croatian National Bank of the appointment of the persons responsible for the operation of each control function. 5

(4) The person responsible for the operation of a control function shall directly report to the management board and the supervisory board and/or audit committee, and shall, at a minimum once a year, participate in the meetings of the bodies to which he/she reports. (5) Credit institutions shall ensure regular professional education and training for persons carrying out control function activities. Control function work plan Article 6 (1) A credit institution shall periodically, and at a minimum once a year, identify and assess risks to which it is or might be exposed, including the risks arising from macroeconomic environment in which the credit institution operates. Each control function shall adopt an annual control function work plan based on a documented risk assessment. (2) A credit institution's management board, subject to the prior approval of the audit committee/supervisory board, shall adopt each control function s work plan. (3) By way of derogation from paragraph (2) of this Article, a credit institution's management board shall, in accordance with Article 187, paragraph (2) of the Credit Institutions Act, adopt the annual internal audit work plan, subject to the prior opinion of the audit committee and approval of the supervisory board. (4) The work plans of the risk control and compliance functions shall include at a minimum: 1) a list of areas of operation or risk subject to control; 2) organisational units and business operations to be covered by the controls; and 3) a description of the planned control methods and procedures. (5) A credit institution shall describe in detail the content of the plans referred to in paragraph (4) of this Article. (6) Each control function shall adopt an operational work plan based on its work plan. (7) Each control function shall adopt the methodology used in its area of operation. Control function reports Article 7 (1) Each control function shall prepare reports in accordance with the activities it carries out and the established operational work plans. 6

(2) The reports referred to in paragraph (1) of this Article, depending on a control function s activities, shall include at a minimum: 1) illegalities and incidents of non-compliance with the credit institution's policies and procedures identified in the course of carrying out the control function s activities; 2) deficiencies and weaknesses in risk management identified in the course of carrying out the control function s activities; 3) an assessment of the adequacy and efficiency of the internal control systems; 4) an assessment of the adequacy and efficiency of risk management, including information on risk exposure; 5) proposals, recommendations and time limits for the elimination of the identified illegalities, irregularities, deficiencies and weaknesses; 6) information on the status of implementation of the proposals and recommendations for the elimination of illegalities, irregularities, deficiencies and weaknesses; 7) a completed verification of the compliance of new products and procedures with the regulations, internal bylaws, standards and codes, and the assessment of their effects on the credit institution s risk exposures; and 8) an assessment of the credit institution s compliance with the regulations, internal bylaws, standards and codes. Control function work reports Article 8 (1) The risk control and compliance functions shall periodically, and on a semi-annual basis at a minimum, prepare work reports. (2) The reports referred to in paragraph (1) of this Article, depending on the control function s activities, shall contain at a minimum: 1) a report on the realisation of the annual work plan; 2) a summary of the most important facts established in carrying out the controls; 3) illegalities and irregularities, deficiencies and weaknesses identified in carrying out the controls; and 4) a report on the implementation of proposals and recommendations for the elimination of illegalities, irregularities, deficiencies and weaknesses identified in carrying out the controls. (3) The risk control and compliance functions shall deliver the report referred to in paragraph (1) of this Article to the credit institution's management board, audit committee and supervisory board on a semi-annual basis. (4) The risk control and compliance functions work reports must be signed by the persons responsible for the operation of the control function concerned. 7

(5) Internal audit shall prepare a work report in accordance with Article 9 of this Decision. Internal audit work report Article 9 (1) The internal audit function shall prepare a work report which shall include: 1) a report on the realisation of the annual work plan; 2) a summary of the most important facts established in the course of the audit of operations; and 3) a report on the implementation of proposals and recommendations for the elimination of illegalities, irregularities, deficiencies and weaknesses identified in the course of the audit of operations. (2) The report on the realization of the annual work plan shall include at a minimum: 1) a list of all areas subject to audit; 2) a list of planned, but uncompleted audits; 3) reasons for non-implementation of the plan; and 4) a list of all extraordinary audits carried out. (3) The summary of the most important facts established in the course of the audit shall include at a minimum: 1) a description of illegalities and incidents of non-compliance with the credit institution's policies and procedures identified in the course of the audit; 2) a description of deficiencies and weaknesses in the audited areas identified in the course of the audit; 3) an assessment of the adequacy and efficiency of the internal control systems; and 4) an assessment of the adequacy and efficiency of risk management in the audited areas. (4) The report on the implementation of proposals and recommendations shall include at a minimum: 1) proposals, recommendations and time limits for the elimination of illegalities, irregularities, deficiencies and weaknesses identified in the course of the audit; 2) persons responsible for the implementation of the proposals and recommendations, and 3) information on the status of implementation of the proposals and recommendations for the elimination of illegalities, irregularities, deficiencies and weaknesses provided in the course of previous audits. (5) The internal audit shall deliver the report referred to in paragraph (1) of this Article to the credit institutions' management board and audit committee on a quarterly basis, to the credit institution's supervisory board on a semi-annual basis and to the Croatian National Bank on an annual basis. 8

(6) The internal audit work reports must be signed by the persons responsible for the internal audit function. (7) A credit institution shall deliver the annual internal audit work report to the Croatian National Bank by 31 March of the current year for the previous year. Control function activities Article 10 (1) A credit institution shall, within its risk control function, ensure the carrying out of the following activities at a minimum: 1) risk analysis, including the identification, measurement and assessment of risk to which the credit institution is or might be exposed in its operation; 2) monitoring all significant risks to which the credit institution is exposed; 3) implementation of stress testing; 4) verifying the application and efficiency of the methods and procedures for the management of risks to which it is or might be exposed, including the risks arising from macroeconomic environment; 5) examining and evaluating the adequacy and efficiency of internal control systems in the risk management process; 6) assessing the adequacy and documentation of the risk management methodology; 7) participating in the risk management strategy and policy development; 8) participating in the development, application and supervision over the functioning of the risk management methods and models; 9) making proposals and recommendations for the appropriate risk management; 10) analysing, monitoring and reporting on the adequacy of the credit institution s internal capital, and reviewing the strategies and procedures for the assessment of the necessary internal capital; 11) analysing the risks of new products or new markets; 12) reporting to the supervisory board and management board on risk management; 13) reporting to the supervisory board and management board on its own work; 14) making other verifications necessary for adequate risk control. (2) A credit institution shall, within the compliance function, ensure the carrying out of the activities referred to in Article 182, paragraph (5) of the Credit Institutions Act. (3) A credit institution shall, within the internal audit function, ensure the carrying out of the activities referred to in Article 185, paragraph (1) of the Credit Institutions Act. Notification to the credit institution's management and supervisory boards and the Croatian National Bank Article 11 9

Where a control function, in carrying out its activities, identifies illegalities in the operation or violations of risk management rules that jeopardise the liquidity, solvency or safety of the credit institution's operation, it shall immediately notify the credit institution's management and supervisory boards, and the Croatian National Bank thereof. 4 TRANSITIONAL AND FINAL PROVISIONS Article 12 This Decision shall be published in the Official Gazette and shall enter into force on 31 March 2010. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information