Compliance Awareness Campaign 2021

Phase 2
Phase 1
Phase 3
Understanding Compliance & Compliance Why Compliance Matters?
Risk Management (CRM)
Compliance helps to protect business's resources and
What is Compliance? reputation. It takes time to build trust with customers,
prospects, and vendors, and a big part of that centers
Adherence to the laws, rules, regulations, self-regulatory on ethical behavior. Compliance lays the foundation
organization standards and code of conduct applicable to on which one build the bank’s reputation.
banking activities.

What is Compliance Risk?

The risk of any legal or regulatory sanction, material
financial loss or loss to reputation, the bank may suffer as
a result of its failure to comply with laws, regulations,
rules, related self-regulatory standards and code of
conducts applicable to its banking activities.
What is Compliance Risk Management ?
Compliance risk management is the process of
identifying, assessing and mitigating potential losses that
may arise from bank’s noncompliance with laws,
regulations, standards, and both internal and external
policies and procedures
The risk appetite for non-compliance to legal and
regulatory requirements is ‘ZERO’. The existing risk
appetite statement shall be further enhanced to
holistically reflect various elements of composite HBL SLOGAN: Compliance Is My Responsibility
Compliance Risk.
Mission Statement The following five Global Compliance Principle set forth the basic
requirements that must be met at all levels:

To build the Working with highest standards and principle in daily activities.
compliance function as
a center of excellence
Providing independent and impartial advice to stakeholders.
domestically and across
HBL’s international
networks in line with Promoting honest and ethical behavior to ensure that the bank the right
Global best Practices. culture and systems for internal control.

Encouraging ongoing professional development of compliance staff and the

transfer of knowledge to the business in support of Bank’s vision and goals

Endeavoring to be at forefront of regulatory development trends and best

practices standard in the industry
 The Risk of Compliance arises from
Violating…
Code of
Rules
Conduct

Regulation
Ethical Norms
s

Regulatory Bank’s
Instructions Policy
25%

Laws
Compliance Risk Events

Financial losses due to regulatory fines, penalties

Financial or legal actions against the Bank or its employees.

Damage to the Bank’s reputation or brand as a

Reputational result of bad press or social-media resulting in loss
of customer trust, or decreased employee morale.

Cancellation of banking or product license that

Strategic / Operational may significantly disrupt the bank's ability to
operate.
 Three lines of Defense
First Line of defense
(Support & business units)
I. Identify and assess compliance risk
on daily basis.
II. Establish compliance controls to
mitigate risks
III. Inform emerging risks & issues to
compliance.
IV. Own and Operate control
V. Ensure staff training to manage
compliance risk.
Second Line of defense
(Compliance)
I. Monitors compliance with regulations,
executes risk-based testing, and
implement the compliance program
II. Assist 1st LOD in designing and
implementing controls.
III. Execute quality reviews & provide
Advisory services
IV. Develop and Provide compliance
related Trainings
V. Utilize various tools to identify,
mitigate and report entity wide
compliance risk to BoD and Senior
Management.
Third Line of defense
(Internal Audit)
I. Conducts independent assessment of the
design effectiveness of the compliance
program and controls.
II. Providing independent assurance to the
Board or its Audit Committee on the
quality, effectiveness and adequacy of
the bank’s governance and controls.
III. Utilizing a risk-based approach,
targeting risks of businesses or functions
that focus on risks of underlying
activities.
IV. Ascertain adequacy and effectiveness of
1LOD controls and 2LOD monitoring
oversight to achieve risk management
and control objectives.
 Content Form Previous

Three lines of Defense

First Line of defense Second Line of defense Third Line of defense

(Support & business (Compliance)
units) I. Establish and maintain an enterprise-
i. Execute business processes. wide compliance program and
ii. Establish compliance controls to mitigate governance framework.
risks. II. Advise business on compliance with
iii. Own and Operate control. rules and regulations.
iv. Assume general responsibility for III. Monitor and advise on change to laws
policies and procedures that guide staff and regulations.
adherence to laws and regulations. IV. Assess business unit regulatory controls.
v. Perform ongoing monitoring and self- V. Issue reports and monitor remedial
assessment of process-level compliance actions.
(Internal Audit)
i. Test on a sample basis key regulatory
controls in accordance with the risk based
annual plan.
ii. Issue reports and monitor remedial
actions.
iii. Assess and report on overall effectiveness
of controls on an enterprise-wide basis in
accordance with the risk based annual
plan.
 1 st L 2 nd 3 rd
ine Lin Def
o f De e of
D ef ense Line
fens ense of
e
Three Lines of Defense
Compliance Risk Assessment
Risk Evaluation
You can guard yourself against any Risk Evaluation is the process

en ato f
em ul e o
potential risk and those around you used to compare the estimated

ry
uir Reg ar

See Line plianc r any

through a three steps process. risk against the given risk

req ant lf aw

Ma

k G ma e R clar
criteria to determine the

ts

Ris
ev se

n ag

uid nag isk

Co nt
significance of the risk.

rel our

kE
em
m

anc er
tio
all ep y
Managing risks in a company

e fr or
ica

va l
starts with a decision to

Ke

om
t if

fo
u at
strategically manage risks

en

you
organization-wide.

io n
Id

r
sk

ity
Ri Risk Mitigation
Risk Identification Risk Mitigation
The purpose of identifying Risk Treatment is the process of
Shift Behavior to adapt
Compliance Risk is to find, selecting and implementing of
new process for
recognize and describe the measures to modify risk. Risk
managing Compliance
risk that can prevent an treatment measures can include
risk
organization from achieving avoiding, optimizing, transferring
its objective. or retaining risk.
CCO’s MESSAGE
“REFRESHER ON
COMPLIANCE RISK
MANAGEMENT

Dear HBL Family,

Global Compliance is committed to assisting the bank to maintain the

highest Compliance Standards benchmarked to global best practices in
order to meet increasing regulatory and industry expectations.

HBL has ZERO risk appetite for regulatory risk which is integral part
of compliance risk. Global Compliance is the independent second line
as part of three lines of defense model, plays an integral role as an
enabler and challenger in managing the regulatory risk and achieving
the Compliance Gold Standards at HBL.

Compliance is always a focus of management and is imperative to

organization’s operations. Not only ensuring compliance with
applicable laws, regulations, internal policies and procedures, ethical
standards but to inculcate a robust compliance culture across the bank
is the objective of Global Compliance. A strong culture of compliance
is about infusing ethics into an organization and doing the right thing
into the existing culture.

To further strengthen Compliance Culture across the bank, the Global

Compliance Team will enthusiastically strive with best of their
abilities. Compliance is everyone’s responsibility, looking forward to
see all of you playing your part in order to achieve the collective goal
of ensuring Compliance.
CCO’s MESSAGE
Dear HBL Family,
Global Compliance is committed to assisting the bank to maintain
the highest Compliance Standards benchmarked to global best
practice in order to meet increasing regulatory and industry
expectations.
HBL has ZERO risk appetite for regulatory risk which is integral
part of compliance risk. Global Compliance is the independent
second line as part of three lines of defense model, plays an integral
role as an enabler and challenger in managing the regulatory risk
and achieving the Compliance Gold Standards at HBL.
Compliance is always a focus of management and is imperative to
organization’s operations. Not only ensuring compliance with
applicable laws, regulations, internal policies and procedures,
ethical standards but to inculcate a robust compliance culture across
the bank is the objective of Global Compliance. A strong culture of
compliance is about infusing ethics into an organization. It's about
weaving doing the right thing into the existing culture in an
organization.
To continually strengthen the Compliance Culture across the bank,
the Global Compliance Team will enthusiastically strive with best
of their abilities. Compliance is everyone’s responsibility, looking
forward to see all of you playing your part in order to achieve the
collective goal of ensuring Compliance.
 CCO’s MESSAGE
Dear HBL Family,
Global Compliance is committed to assisting the bank to maintain
the highest Compliance Standards benchmarked to global best
practice in order to meet increasing regulatory and industry
expectations.
HBL has ZERO risk appetite for regulatory risk which is integral
part of compliance risk. Global Compliance is the independent
second line as part of three lines of defense model, plays an integral
role as an enabler and challenger in managing the regulatory risk
and achieving the Compliance Gold Standards at HBL.
Compliance is always a focus of management and is imperative to
organization’s operations. Not only ensuring compliance with
applicable laws, regulations, internal policies and procedures, ethical
standards but to inculcate a robust compliance culture across the
bank is the objective of Global Compliance. A strong culture of
compliance is about infusing ethics into an organization. It's about
weaving doing the right thing into the existing culture in an
organization.
To continually strengthen the Compliance Culture across the bank,
the Global Compliance Team will enthusiastically strive with best of
their abilities. Compliance is everyone’s responsibility, looking
forward to see all of you playing your part in order to achieve the