ANNUAL REPORT 2016

MANAGEMENT DISCUSSION AND ANALYSIS

9.0. COMPLIANCE

The Board of Directors and Senior Management of Bank Audi sal consider sustaining the integrity and reputation of the Group’s franchise as a key priority. Compliance and Business functions are entrusted with preserving these assets, constantly identifying improvement areas, and rising up to the challenges imposed by compliance requirements. The Group considers this to be a matter of sound banking practices and reflects its commitment to remain compliant with all applicable laws and regulations, staying abreast of industry standards and best practices observed by the global banking community, whether at international or local levels.

All business lines are therefore required to have a good understanding of compliance, with the letter, spirit and intent of applicable laws, regulations and standards in each of the jurisdictions in which the Group operates, as well as of the ongoing implementation of and adherence to, group compliance policies. Their contents are mandatory and represent minimum standards that apply throughout the Group. They are, of course, adapted at local level to be in line with local requirements, the general principle being that the more stringent requirement applies as long as it does not contradict local laws and regulations.

Moreover, it is within the Group’s policy for all its subsidiaries to be fully informed of the laws and regulations governing their foreign correspondents, and deal with the latter in conformity with these laws, regulations, procedures, sanctions and restrictive measures imposed by their respective governments.

In 2016, various regulatory authorities and supra-national regulatory bodies have maintained the trend of increasing the levels of compliance requirements and regulatory scrutiny over the banking industry. It is expected that this will continue in the coming period. Topics such as Tax Evasion, Anti-bribery and Corruption, and Cybercrime have been subject to particular focus, however not at the expense of traditional Compliance/Anti-money Laundering (Know Your Customer, Beneficial Ownership, Risk-based Approach among others) topics. All represent challenges facing the Group, as well as banks and financial institutions worldwide. As a result, regulatory authorities worldwide are becoming more stringent and relationships with global correspondent banks are now more demanding, especially that a number of them have recoursed to de-risking whenever compliance risk goes beyond their risk appetite.

In 2016, the Compliance Function group-wide continued to ensure that risks deriving from local and global developments are appropriately monitored and managed with suitable mitigating measures effectively implemented. Back in November 2015, the Lebanese parliament modified the AML law and enacted a series of AML-related supplementary laws, namely tackling tax evasion and setting the ground for compliance with the OECD Common Reporting Standard. The Central Bank of Lebanon followed suit and issued a number of regulations beefing up compliance requirements applicable to Lebanese banks, in line with latest FATF recommendations and international best practices.

The desired objective at Bank Audi is to avoid failures or mistakes with adverse impact on the Group on the one hand, and missing out on good business opportunities on the other, while operating in high risk geographies. The Compliance Function constantly works on improving itself, its governance, policies, procedures, and measurement methods so as to keep succeeding in this balancing act, to promote a compliance culture at Group level, to remain a trusted and skilled business partner, and to help achieve durable earnings. Current arrangements have proven to be satisfactory, as witnessed by results of internal/external audit reports and regulatory examinations that showed no major breaches or violations. The Bank has succeeded in maintaining very positive relationships with regulators (both local and international) and correspondent banks. These are considered as valuable assets and testimonies of the soundness of our compliance practices that translate into: continuous Senior Management involvement in Compliance, a clear, risk-based approach to AML/CFT, compliance policies embedded within the business, compliance procedures applied consistently, a robust procedure for reporting suspicious transactions, and a clear lack of complacency. This places the Group today in a leadership position in the Middle East region in terms of efficiency and effectiveness of its Compliance program.

In parallel, the Group Compliance Function further developed its enterprise-wide compliance management framework that requires stakeholders at all group entities to further work together in a coherent manner and upgrade the levels of business and compliance controls aiming at protecting our franchise. Work in progress is being performed in the following areas:
  • Redefining the respective roles and responsibilities of Group Compliance and Compliance Functions at group entities towards a more collaborative and centralised model allowing for increased oversight role/enforcement on key matters and active involvement of Group Compliance.
  • Defining priorities in collaboration with the business, following compliance risk assessments conducted at the Group and entity levels. This determines the compliance risk appetite based on which the Bank sets acceptance criteria for customers and transactions to be uniformly applied across the Group. The overall framework also makes sure that whenever exceptions are granted, these are tracked and continuously monitored.
  • Increasing the level of information sharing between Group Compliance and Compliance Functions at group entities. The main purpose is for Group Compliance to collect more data relevant to key risk and performance indicators from group entities in order to better monitor the implementation of compliance programs and be constantly aware of and act on any specific deficiencies leading to increased compliance risk exposure. This translates into more accurate reporting on the status of compliance group-wide.
  • Upgrading the AML/CFT programs in place at group entities: this typically involves increased automation and more efficient and robust controls. The purpose is to work towards a uniform AML/CFT program tailored to the size and nature of business at every group entity. The main topics addressed are:
    • Know Your Customer/CDD: standardisation of the KYC form, customer due diligence process and customer acceptance criteria, in addition to the ongoing review of KYC/CDD information.
    • Risk-based Approach: implementing the Group RBA standards/ customer risk classification criteria tailored to the size and nature of business of each group entity. These standards are already set in the Group AML/CFT Policy and are being upgraded.
    • AML/CFT monitoring systems: adopting common minimum business requirements/efficient, robust controls and upgrading system capabilities in terms of client on-boarding/KYC, profiling and filtering at all group entities.
    • Qualifications and training requirements of Compliance-dedicated human resources.
  • Increasing the level of coordination with Group Internal Audit on the scope and frequency of reviews against (i) Group Compliance policies and (ii) applicable compliance-related laws and regulations.
  • Enhancing the compliance training and awareness program managed and executed at the Group level. The training program serves to make sure that all group employees receive a consistent compliance message on major topics and group standards.