Annual report 2019

System of control and risk management in the process of preparing financial statements

The Bank’s internal control system complies with the requirements of Polish supervisory authorities and is aligned with the internal control rules applied in the BNP Paribas Group. The Bank maintains and develops an internal control system adjusted to the organizational structure, which includes organizational units and basic organizational units of the Bank and its subsidiaries.

The Bank has adopted the Policy on internal control, approved by the Bank’s Management Board and Supervisory Board – with respect to the assessment of adequacy and effectiveness of the internal control system and categorisation of irregularities detected by the internal control system.

The objective of internal control is the effective control of risk, including the prevention or early detection of risks in order to ensure:

  • effectiveness and efficiency of the Bank’s operations,
  • the reliability of financial reporting,
  • compliance with the Bank’s risk management principles,
  • compliance of the Bank’s operations with legal regulations, internal regulations and market standards.

The internal control system is an element of the management system at the Bank, consisting of three lines of defence, which includes: control mechanisms and risk control mechanisms, verification of compliance of the Bank’s operations with the law and internal regulations as well as internal audit.

The internal control system supports risk management in the processes carried out in the Bank. The scope of responsibility for risk management by specific organizational units/departments of the Bank is defined within three mutually independent lines of responsibility, called „lines of defence”, namely:

the first line of defence consists of organisational units from particular banking and support areas, responsible for the implementation and support of professional and fair behaviour in accordance with applicable rules, standards and regulations, as well as for day-to-day supervision, development and implementation as well as the application of control mechanisms in operational processes, and also for detecting, early warning and whistle-blowing of irregularities. The first line of defence is responsible for managing the risks in the subordinate processes,

the second line of defence consists of organisational units responsible for risk management, organisational units independent of risk management within the first line of defence and the compliance function, which, taking into account the requirements set by supervisory authorities, business needs, including the risk appetite adopted by the Bank, form the framework and principles of risk management and control; the second line of defence monitors compliance with control mechanisms and is responsible for reporting on risk management and control,

the third line of defence is an independent and objective internal audit unit which verifies the proper functioning of the first and second lines of defence.

The control function consists of


risk and control mechanisms,


independent monitoring of the mechanisms referred to in point 1


reporting within the control function.

Risk control mechanisms implemented within the first and second line of defence are adjusted to the Bank’s specificity and include in particular principles, limits and procedures related to the Bank’s activity.

Horizontal and vertical testing are conducted in accordance with the internal regulations in force in the Bank, approved by the Management Board and Supervisory Board.

The Bank has an Internal Control Coordination Committee as an advisory unit supporting the Bank’s Management Board. The main task of the Internal Control Coordination Committee is to supervise the integrity, completeness and effectiveness of the internal control system and the Bank’s operational risk management processes, as well as to manage the main risks related to the internal control system of the Bank and its subsidiaries, including the system supporting the operational risk management process, compliance risk and fraud prevention.

In addition, the Supervisory Board is supported by the Audit Committee, inter alia, in monitoring the effectiveness of the internal control system and the Risk Committee in the area of risk management.

In addition to the above mentioned committees, the Bank has a Risk Management Committee whose primary task is to monitor and supervise the main risks resulting from the Bank’s activities, including strategic aspects of credit risk, cross-sectoral aspects of market and liquidity risk, counterparty risk and operational risk.

The purpose of the risk management system is to identify, measure or estimate, monitor and manage risks occurring in the Bank’s activities. The main role in the Bank’s risk management system is performed by the Management Board, which defines the risk policy and adopts rules of risk management, as well as sets the policy of setting limits for significant risks and risk control procedures. The risk management rules have their source in the Risk Management Strategy defined by the Management Board and approved by the Supervisory Board.

Internal Audit Line

The Bank has an Internal Audit Line responsible for conducting internal audits, whose task is to review and assess, in an independent and objective manner, the adequacy and effectiveness of the internal control system and to provide opinions on the Bank’s management system, including the effectiveness of risk management related to the Bank’s activities.

The Internal Audit Line is supervised by the Audit Committee and within the Bank’s organizational structure it is located in the Bank Management Area. The Managing Director of the Internal Audit Line is organisationally subordinated to the President of the Bank’s Management Board. The Internal Audit Line regularly submits to the Audit Committee and the Supervisory Board conclusions resulting from the performed internal audits, in particular information on the irregularities found as well as information on the recommendations issued.

The Bank adopted an Accounting Policy consistent with the International Financial Reporting Standards. The Financial Accounting Line and the Management Accounting and Investor Relations Line, supervised by the Vice-President of the Management Board responsible for Finance are responsible for the preparation of financial statements, periodic financial reporting and providing management information. The financial statements are adopted by resolution and approved for publication by the Bank’s Management Board.

A key role in the process of assessment of the Bank’s financial statements is performed by the Audit Committee, which monitors the financial reporting process and independence of the statutory auditor and the entity authorized to audit financial statements, and recommends that the Supervisory Board approve or reject the annual financial statements.

The annual financial statements, upon a positive recommendation of the Audit Committee and the Supervisory Board, are presented to the General Meeting for approval.

Search results