Professional Documents
Culture Documents
The Arcg Charter: Issued in March 2008
The Arcg Charter: Issued in March 2008
Index
Part B Compliance
Introduction
Guiding Principles
Function & Task of Compliance
Scope of Compliance
Organisation of Compliance Function within ARCG
Reporting Lines & Communication Lines
Independence
Authority
Standards
Accountability
Page 2 of 9
Audit Review & Compliance Group - ARCG
ARCG CHARTER
This document has been divided into two parts; Part A relates to Internal Audit which
comprises four Divisions, Risk Review, Retail Audit, Operations & IT Audit and Fraud
& Investigation; Part B relates to Compliance.
PURPOSE
Internal Audit examines and evaluates the adequacy and effectiveness of the system
of internal control provided by the Bank. The objective is to provide all levels of
management with sufficient, relevant and useful information that will help them
assure:
The purpose of this charter is to define the role and responsibilities of the Internal
Auditing function within the organization, authorize their unrestricted access to all
the entity’s records, information, personnel, and locations needed in the performance
of audits, reviews. It also defines the nature, objective and scope of internal auditing
activities and to delegate to the Head of ARCG the authority necessary to achieve
these objectives.
ARCG has independent status in Mashreq and will not be involved in the day to day
operations or internal checking systems and will also not be involved or responsible
for implementation of internal control systems. ARCG may be consulted when
considered necessary, in assessing the adequacy of controls when first implemented
and during changes in control specifications.
Page 3 of 9
Audit Review & Compliance Group - ARCG
The required reasonable assurance exists when all the components of management
control (the control environment; risk assessment processes; control activities;
information and communication systems; and monitoring activities) are present and
operate effectively.
CHARTER
The Charter serves as a guide to Internal Audit in the performance of its duties. The
Charter does not include, nor is it intended to include, all of their duties or
responsibilities, as they may exist from time to time.
This charter describes the mission, independence and objectivity, scope and
responsibilities, authority, accountability and standards of the Internal Audit function.
Page 4 of 9
Audit Review & Compliance Group - ARCG
MISSION
The mission of Internal Audit is to ensure that the Bank’s businesses are conducted
according to the highest professional and ethical standards by providing an
independent, objective assurance function and by advising on best practice. Through
a systematic and disciplined approach, Internal Audit helps the Bank accomplish its
objectives by evaluating and improving the effectiveness of risk management,
control and governance processes.
INDEPENDENCE
The scope of internal audit work includes the review of risk management procedures,
internal control systems, information systems, and governance processes. This work
also involves periodic testing of transactions, best practice reviews, special audits,
appraisals of regulatory requirements, investigation and implementing measures to
help prevent and detect fraud.
Page 5 of 9
Audit Review & Compliance Group - ARCG
AUTHORITY
Internal Audit aims to promote effective controls at reasonable cost. To achieve this,
Internal Audit is authorised in the course of its activities, to:
¾ Enter all areas of the Bank and have unrestricted access to any documents
and records, personnel, core issue analysis, investigation and determination
of facts and statement of recommendations in its reports, considered
necessary for the performance of its functions.
¾ Require all members of staff and Management to supply such information and
explanations as may be needed within a reasonable period of time.
ACCOUNTABILITY
Internal Audit shall prepare, in liaison with the Head of ARCG, an annual audit plan.
The plan is based on a risk model that identifies business risks, and on input from
line managers. It provides information about the risk assessment, the current order
of priority of audit projects and how they are to be carried out.
The plan shall be presented to Head of ARCG and the Audit Committee for approval.
In case of need, adjustments may be made to the plan during the year. Any such
changes would have to be approved by the Head of ARCG and communicated to the
Audit Committee.
The above does not restrict Internal Audit in initiating any action and/or
recommendation, including an unscheduled audit; where exceptions, risks, process
gaps/efficiency, losses, near losses or other matter requiring preventive action,
should they deem it necessary. Senior Management may also investigate/ highlight
concern which may prompt action by internal audit.
Internal Audit shall coordinate with external audit to ensure proper coverage and
avoid duplication of effort.
STANDARDS
Internal Audit adheres to the standards of best professional practice, such as those
published by the Institute of Internal Auditors and the Information Systems Audit
Page 6 of 9
Audit Review & Compliance Group - ARCG
and Control Association, and the relevant reports and recommendations of the Basel
Committee on Banking Supervision.
PART B - COMPLIANCE
INTRODUCTION
“The Compliance function within the bank is the independent oversight on behalf of
senior management of those core processes and related policies and procedures that
seek to ensure that the bank is in conformity with industry-specific laws and
regulations in letter and spirit, thereby maintaining the bank’s reputation.”
The Board of Directors of Mashreq is fully committed to its Corporate Values and to
the preservation of the integrity and reputation of the bank by complying with laws
and regulations in each of the markets it operates in. Integrity is the corner stone of
the compliance function as it is the pivot of the bank’s Corporate Values.
The following describes the role and responsibilities of the compliance function within
Mashreq, its position and authority.
GUIDING PRINCIPLES
Page 7 of 9
Audit Review & Compliance Group - ARCG
SCOPE OF COMPLIANCE
The compliance function within the bank provides independent oversight on behalf of
senior management of those core processes and related policies and procedures that
seek to ensure the bank is in conformity with industry-specific laws and regulations
in letter and spirit, thereby maintaining the bank’s reputation. This includes sanctions
and client acceptance and anti money laundering, the protection of clients against
miss selling by the bank (e.g. personal investment policy, conflict of interest, chinese
walls) and ‘good citizenship’ (e.g. HR’s code of conduct).
The compliance scope does not include regulations and policies covering capital
adequacy, accounting standards, credit administration etc. These are primarily
covered by other support functions and business units, where applicable in
consultation and cooperation with Compliance.
Activities that require consistency or highly specialised skills across businesses are
conducted in dedicated organisational units in coordination with compliance, ARCG.
For cross-cutting activities, compliance, ARCG steps in as a centre of excellence.
Formal mechanisms are put in place to ensure ‘one face to the regulator’ which is the
Head of Compliance, ARCG on an overall level and embedded compliance managers
for their respective business units.
The Head of Compliance, ARCG reports directly to the ARCG Head who is the
member of the Leadership Forum. Thus compliance representation is at the senior
most level in the overall hierarchy.
The Heads of the embedded Compliance functions maintain intense and close
communication with senior management within their jurisdiction and have overall
responsibility for the quality of the professional practices in their department. They
have a solid reporting line into the Head of Compliance, ARCG.
Page 8 of 9
Audit Review & Compliance Group - ARCG
Compliance maintains close relationships with other key divisions within ARCG. These
divisions are Risk Review, Operational & IT Audit, Retail Audit and Fraud &
Investigations Division.
INDEPENDENCE
Compliance is independent from the business and other line functions. Therefore the
Head of Compliance reports directly to the Head of ARCG who is a member of the
Leadership Forum (LF) and has representation to the Board of Directors through
Chief Executive Officer of the bank and to the Audit & Compliance Committee of the
LF.
AUTHORITY
The compliance function has free access to information and personnel and has the
right to advise internal audit to conduct investigations of possible breaches of the
compliance policy and if required to appoint outside experts to perform this task.
Compliance is the principal interface with the regulators on compliance issues. All
contacts with the regulators on compliance issues are managed through or in
consultation with Compliance.
STANDARDS
ACCOUNTABILITY
Compliance staff are available to provide guidance and support to the Businesses on
issues related to laws and regulations. The overall Annual Compliance Plan is
approved by the Head of ARCG.
NOTE
Any changes to the contents of this document require the approval of the Head of
ARCG, who will communicate such changes to the Audit & Compliance Committee for
their ratification.
Page 9 of 9