Compliance with Applicable Standards, Laws and Regulations
The Bank applies standards which aim to ensure compliance with law, the Statute, internal regulations, recommendations from regulatory and supervision authorities, best practices and principles of ethics. In managing compliance risk, the Bank follows the guidelines and standards adopted across the UniCredit Group, unless these are in conflict with the provisions of Polish law.
The Bank Pekao S.A. Compliance Policy sets out the assumptions that are consistent for all organisational levels of the Bank with respect to compliance risk management process as well as a compliance program covering, among others, the processes for the identification, assessment, control, monitoring and reporting of the risk. The Policy also identifies the key procedures for the Bank and its employees in the area.
Implementation and application of the compliance risk management standards are key factors in creating enterprise value, reinforcing and protecting the Bank's reputation, and fostering public trust in the Bank's activities and its standing.
Compliance risk is managed at three separate levels:
- executive staff responsible for ensuring compliance,
- risk management functions by dedicated organisational units of the Bank not involved in business operations,
- internal audit, responsible for independent assessment of the functioning of the internal control system and monitoring of postinspection activities.
Coordination of the Bank's compliance risk management activities is the responsibility of the Compliance Department. The tasks of the Department include in particular updating the Compliance Policy and monitoring of its observance; identification, assessment, monitoring and control of compliance risk in the regulatory areas in accordance with its authority; advisory services to organisational units related to legal acts, regulations, principles, codes, standards, business aspects and products in relation to compliance and reputational risk; strengthening the dialogue and the relationship with the supervisory and regulatory authorities, and performance of tasks related to prevention of involving the Bank in money laundering and terrorism financing activities.
The Bank uses the dedicated compliance risk assessment (CRA) methodology and performs second-level compliance controls that ensure the assessment of compliance and effectiveness of selected processes with key legal requirements related to banking activities. The CRA methodology, which operates as an early-warning system, provides for the development and implementation of mitigation measures in case of detecting irregularities. Selected organisational units of the Bank are involved in the process. The assessment of compliance risk and second-level compliance controls contribute to improvement of the internal control system at the Bank and therefore to minimization of the compliance risk involved in the Bank's operations.