Professional Documents
Culture Documents
In the Bank, a system should exist to ensure that deficiencies identified arc
promptly managed and meaningful corrective actions are implemented; the
basic processes are the following:
a) The nature of the risk - What event or incident can happen, when and
where?
b) The source of the risk- What types of people or businesses will be
involved?
c) The cause of the risk- Whydoes the risk occur, direct and underlying
reasons?
d) The effect of the risk - What is the impact upon the regulatory
outcome? Who will be adversely affected? There may be a range of different
effects that need to be identified.
e) It will be necessary to use information on previous cases of non-
compliance as well as the knowledge of the staffs in examining these matters.
8.3.2. MEASUREMENT OF COMPLIANCE RISK
The regulatory compliance risk should be analyzed so that the level of the risk
can be understood. This information is important because it will be used
to decide which risks the Bank should give most attention. The level of
co.,mp.liance risk is determined by Enat Bank S.C Page 103
The Bank should use quantitative analysis, where possible, because it is the
most objective and accurate method of analysis. Quantitative analysis can be
used to determine the consequences and likelihood of non-compliance were
verifiable data 1s available for the legal risk or non-compliance.
8.3.4.1. REPORTING
The monitoring process also includes reporting of potential compliance risk,
which has been identified, measured and monitored by Risk and Compliance
Management Department to the Board's Risk and Compliance committee on
quarterly basis in brief and in a summarized manner for informed business
decisions and proper management of the compliance risk of the Bank.
8.4. . MANAGEMENT INFORMATION SYSTEM
An effective management information system (MIS) is essential for sound
compliance risk management decisions and the effective oversight.
Management information systems are a critical tool for communicating
information to decision makers in a form that enables them to review and act
on the information. Information should be readily available for day-to-day
operations management and risk control. Data should be appropriately
consolidated, comprehensive yet brief, focused and available in a timely
manner. Compliance risk can arises from violating the national laws,
regulations and procedures at any level while the Bank is performing its day
to day activities and effective compliance risk management may require daily
internal reporting. Since the banks operation 1s affected by different factors
therefore, detailed information on every transaction 1s essential.
Enat bank shall implement a system to monitor on an ongoing basis its
compliance risk exposure and loss events by each major departments and
branches. The bank monitors its compliance losses directly, with an analysis
of each occurrence and a description of the nature and causes of los ses.