a | a | a

58. Compliance risk management

Compliance risk is defined as the risk of legal sanctions, incurring financial losses or losing reputation or reliability due to failure of the Group, its employees or entities acting on its behalf to comply with the provisions of the law, internal regulations, standards adopted by the Group, including ethical standards.

The objective of the compliance risk management is:

  1. to prevent the occurrence of cases of non-compliance and establish among shareholders, customers, employees, business partners and other market participants, the Bank's image as an institution acting in accordance with the law and accepted standards of conduct, reliable, fair and honest,
  2. preventing the possibility of losing reputation or reliability of the Group, as a result of failure to comply or improper application the provisions of the law, internal regulations, standards adopted by the Bank, including ethical standards,
  3. preventing the risk of occurring financial losses or legal sanction risk, which may result from breach of above mentioned regulations and standards of conduct.

Appropriate organisational units or designated employees are responsible for finding systemic solutions in the area of ensuring the Group entities compliance with the binding regulations and operating standards. Compliance Department is responsible for finding such solutions and development of the methods for evaluation, monitoring and reporting the Bank’s compliance risk. The Compliance Department is a unit which was granted independence and which, in the area of compliance risk management, reports directly to the President of the Bank’s Management Board.

In all entities in the PKO Bank Polski SA Group consistent principles of compliance risk management exist.

Identification and assessment of compliance risk is carried out cyclically by the entities of the Group, in collaboration with the Compliance Department and includes in particular:

  1. estimating the potential severity of the cases of non-compliance as a:
    • financial losses, particularly administrative penalties or damages,
    • losing reputation or reliability,
  2. carrying out an in-depth assessment of the process in accordance with the law regulations, using information on the findings of external controls and internal audits, formulated post-control recommendations and degree of their implementation.

58.1. Monitoring of compliance risk includes in particular:

  1. the results of the identification and assessment of compliance risk,
  2. instances of non-compliance – their origins and effects caused,
  3. actions undertaken by the Bank as part of:
    • managing the compliance risk,
    • execution of internal audits, functional controls and external controls recommendations,
    • adapting to the new law regulations and standards of conduct,
    • execution of the recommendations of the Bank,
  4. assessment the effectiveness of control mechanisms associated with reducing the compliance risk.

Compliance risk management in the Group involves in particular the following:

  1. preventing involvement of the Bank in illegal activities,
  2. ensuring data protection,
  3. development of ethical standards and monitoring of their application,
  4. conflict of interest management,
  5. preventing situations where the Bank’s employees could be perceived as pursuing their own interest in the professional context,
  6. professional, fair and transparent formulation of product offers, advertising and marketing messages,
  7. prompt, fair and professional consideration of complaints, requests and quality claims of clients.

The entities of the Group have adopted a zero tolerance policy against compliance risk, which means that the entities of the Group focus their actions towards preventing cases of materialisation of this risk.