The Board and Senior Management are responsible for ensuring that the Bank, and if applicable, Group, has an internal control framework that is adequate to establish a properly controlled operating environment for the conduct of its business, taking into account its risk profile.
Senior Management is responsible for developing an internal control framework that identifies, measures, monitors and controls all risks faced by the Bank. Specific internal controls must deal with organizational structure, accounting and financial reporting policies and processes, checks and balances, and the safeguarding of assets and investments. It must also include measures against unauthorized trading and computer intrusion.
Banks’ organizational structures should incorporate a “three lines of defence” approach comprising the business lines, the support and control functions and an independent internal audit function.
Banks’ internal control frameworks must provide for a balance of the skills and resources of the back office, control functions and operational management relative to the business origination units. This includes, but is not limited to, ensuring that the staff of the back office and control functions have sufficient expertise and authority within the Bank, and in the case of control functions sufficient access to the Board, to be an effective check and balance to the business origination units.