Page 33 - 86395_CCB - 2024 Annual Report (web)
P. 33

33







               Legal, Compliance & Regulatory

               Description    The risk that non‑compliance with laws or regulations could give rise to
                              fines, litigation, sanctions, reputational damage, or financial loss

               Governance     Board Audit Committee                   Compliance & Legal Framework
                              Board Risk & Compliance Committee       Data Protection Framework
                              Risk Management Committee               Compliance Monitoring Framework
               Risk Appetite   The Bank maintains a low appetite for Legal, Compliance and Regulatory Risk. Whilst
               Statement      the Bank recognises that operational errors can occur, it maintains zero tolerance
                              for breaches of regulations, relevant legislation, late responses to regulatory requests
                              or gifts/hospitality policy breaches. The Bank strives to ensure that it always remains
                              within the law and regulation. All material breaches are investigated and reported to
                              the Risk & Compliance Committee in a timely manner, rule changes are implemented
                              within the applicable regulatory timelines and staff operate within the Bank’s
                              documented policies and controls and, where applicable, industry guidelines.
               Key Mitigants  Compliance monitoring of the Bank’s     Maintaining a Whistleblowing
                              activities through an approved annual plan.  procedure for staff to self‑report.
                              Undertaking detailed and regular reviews   Horizon scanning to ensure continued
                              of key activities and processes via the   adherence to regulatory requirements
                              second line oversight programme.        & developments involvement with relevant
                              Provision of guidance in relation to business,   trade bodies and other industry professionals.
                              product, and change management requests.  Regular reviews of training content &
                              Ensuring appropriate registrations under   oversight of the training & development of
                              the Senior Management and Certification   staff to ensure up to date knowledge base.
                              Regime, second line oversight.
                              Maintaining logs of internal
                              compliance breaches, regulatory
                              breaches & conflicts of interest.
               Comments       Ensuring compliance with all applicable regulatory requirements in a complex and fast‑
                              changing landscape is a challenge to which the Bank devotes considerable resources,
                              and the Compliance and Data Protection Frameworks are continually under review
                              to ensure that they meet all requirements and is in line with industry practices.
                              Annual submission of the Data Protection Officers Report.
                              Approval of the Annual Compliance Monitoring Plan.
                              Annual Whistleblowing report.
                              Supporting the Whistleblowing Champion regarding annual reporting.
   28   29   30   31   32   33   34   35   36   37   38