Discussion Topics

Learning Objectives

Background

What is Financial Crime?

Governance overview and its importance

Regulatory Landscape on governance

Financial Crime Compliance Programme

Responsibilities of governance committees

Three Lines of Defence Model

Example Cases

Summary
1
Learning Objectives
Learning Objectives

At the end of this training you will be able to understand the following:
► An overview of Financial Crime
► The importance of risk governance

 ►

►
Local regulatory guidance on governance matters
The Financial Crime Compliance framework and its components
► The responsibilities of governing committees
► The concept of the Three Lines of Defence

3
Background
Background

► Financial Crime is a major threat to Financial Institutions globally, costing the industry billions of dollars each year.

► FCC Risk Governance is imperative for the establishment of a robust framework for the purpose of mitigating FCC
risks.

► The State Bank of Pakistan has issued The Compliance Risk Management guidelines where by it encourages the
Banks to implement the Three Lines of Defence model to mitigate compliance risk.

5
Why is Financial Crime Compliance important?

Impact of Financial crime

Undermines the
Increased cost for Economic integrity of
law enforcement instability financial
institutions

Undermines the
Increased social, political,
More crime
regulatory fines and economic
structure

6
Top 10 challenges faced by banks
Enhanced expectations by global correspondent banks on the AML/CFT/CPF, Sanctions and Compliance programs in place at Banks — expectations
1
well beyond local regulatory requirements.

Significant increase in regulations in the region as regulators want to keep pace with their peers. Difficulties or failure in responding to changing
2
regulatory requirements and its pace.

3 Lack of adequate Compliance, AML/CFT/CPF and Sanctions resources in the market (numbers and skills) to meet increasing regulatory demands.

Weak customer on-boarding and KYC programs. Extremely poor quality of legacy customer data resulting in potential adverse impact on
4
AML/CFT/CPF and Sanctions program.

Lack of a risk-based approach to managing Compliance, AML/CFT/CPF and Sanctions risks. A holistic view of Compliance related risks not identified,
5
impacting the effectiveness of AML/CFT/CPF and Sanctions programs.

6 Lack of adequate awareness and training on Financial Crime within business units as well as ‘control’ functions.

‘Three Lines of Defence’ model not clearly understood. Lack of coordinated approach to regulatory compliance through monitoring by various
7
‘control’ functions. Regulatory compliance seen as Compliance department’s problem.
Many banks lack systematic tools and technology to effectively manage AML/CFT/CPF and Sanctions programs. However there is an upward trend
8
noted on investments on tools and technology.

Relaxation/ expansion of Sanctions require banks to carefully understand the change as they prepare to modify their systems and controls to enable
9
business activities. Changes in sanctions remains a high-risk opportunity that requires a stringent control environment.

10 Major expansions in business operations and geographies resulting in complexities in managing local and international regulatory standards.

7
What is Financial Crime?
What is Financial Crime?
There are six main elements of Financial Crime:

Money Laundering Terrorist Financing Proliferation Sanctions & Bribery &

Fraud
Financing Embargos Corruption

SBP and Obtain money, property or

Clean Clean NACTA services
Money Money Proliferat
Dirty Clean Terrorist Avoid payment or loss of
Or Or ion OFAC list
Money Money financing services
Dirty Dirty Financing
Money Money Secure personal or
UN list business advantage

It is the provision of Imposing asset

The process of The act of unlawfully funds or financial freezes and/or Persuading a person One or more persons
concealing or and willingly services used for the financial or to refrain them from acting intentionally for
disguising the providing or manufacture, economic their duties by creating deception to
existence, source, collecting funds with acquisition, prohibitions,
possession, or use of providing them with obtain an unjust or
movement, the intention that controls, and a financial or non- illegal advantage.
destination or use of they should be used nuclear, chemical or restrictions against
biological weapons financial advantage.
illicitly-derived funds or, in the knowledge targeted activities,
to make them appear that they are to be and their means of
persons,
legitimate. used, in support of delivery and related
governments,
an act of terrorism. materials.
and/or jurisdictions.

9
Define Money Laundering, Terrorist Financing, Proliferation Financing & Sanctions

Major Financial Crime elements

Money Laundering (ML) is any act or attempted act to conceal or disguise the identity of
illegally obtained proceeds so that they appear to have originated from legitimate sources.

ML The overriding objective of such activity is to transform illicit funds into appearing as being
derived from legitimate sources. Criminals use the financial system to deposit funds, make
payments and transfer funds to conceal the original source of funds.

Terrorist Financing (TF) involves the solicitation, collection or provision of funds with the
TF intention that they may be used to support terrorist acts or organizations, often with funds
generated from legitimate sources as well as those accrued from illegal criminal activity.

Proliferation Financing (PF) has many appearances but ultimately involves the transfer and

PF export of technology, goods, software, services or expertise that could be used in nuclear,
chemical or biological weapon related programs, including delivery systems; it poses a
significant threat to global security.

Sanctions and Embargos (S&E) are the imposition of asset freezes and/or financial or
S&E economic prohibitions, controls, and requirements against targeted activities, persons,
governments, and/or jurisdictions.

10
Money Laundering

Money Laundering (ML) is any act or attempted act to conceal or disguise the identity of illegally obtained proceeds so that
they appear to have originated from legitimate sources. The overriding objective of such activity is to transform illicit funds
into appearing as being derived from legitimate sources. Criminals use the financial system to deposit funds, make payments
and transfer funds to conceal the original source of funds.
- Group AML and CFT Policy

“In simple terms, ‘ML’ is the name given to the

process by which illegally obtained funds are given
the appearance of having been legitimately
obtained.”

In short: Making dirty money clean

11
Stages of Money Laundering

1
Placement 2
• Illegal or unlawful funds or assets
Layering 3
• First brought into the financial Integration
• Illegal or unlawful funds or assets
system
• Moved, dispersed and disguised
• In cash or any other form • Illegal or unlawful funds or assets
• To conceal their origin
• In such a manner as to avoid • Successfully cleansed and appear
detection • Funds can be hidden in the legitimate in the financial system
financial system through multiple
• Funds available for investment,
and complicated transactions
saving or expenditure
• Create an apparent legal origin for
criminal proceeds

In Short: Making dirty money clean

12
What is Terrorist Financing?

Terrorist financing involves the solicitation, collection or provision of funds with the intention that they may be used
to support terrorist acts or organizations, often with funds generated from legitimate sources as well as those
accrued from illegal criminal activity.
- Group AML and CFT Policy
► Terrorist financing involves raising and transferring of funds to supply terrorists with resources, to carry out
their attacks
► Terrorist financing can be done using legitimate sources such as fund-raising activities, salaries and business
profits, as well as illegitimate sources such as the drug trade and fraud
► Terrorist organisations are driven by several motives which are also used in recruitment
► Motives for terrorist financing include:
 Politics

 Revenge

 Symbolism

Unlike money laundering, where the process is to make dirty money appear clean,
terrorist financing often involves clean money being used for criminal purposes

13
What is Proliferation Financing?

Proliferation Financing (PF) is the act of providing funds or financial Combating Proliferation Financing in Pakistan
services which are used, in whole or in part, for the manufacture,
acquisition, possession, development, export, trans-shipment, Pakistan has established relevant legislations, regulations and
guidelines which include but not limited to following.
brokering, transport, transfer, stockpiling or use of nuclear, chemical or
biological weapons and their means of delivery and related materials
• Anti-Money Laundering Act 2010 (as amended up to Sep
(including both technologies and dual use goods used for non-
2020);
legitimate purposes), in contravention of national laws or, where • Anti-Terrorism Act 1997;
applicable, international obligations. • United Nations (Security Council) Act, I948;
• State Bank of Pakistan’s AML/ CFT/ CPF Regulations
International Standards and Obligation to Counter PF Risk
Moreover Ministry of Foreign Affairs of Pakistan has also issued
On April 28, 2004 the UN Security Council adopted UNSCR 1540, which was detailed guidance document namely “Guidelines on the
established to prevent non-state actors from acquiring nuclear, biological, and Implementation of the UN Security Council Resolutions
chemical weapons, their means of delivery, and related materials. Concerning Targeted Financial Sanctions on Proliferation
Financing.
Recommendation 7 of the FATF Standards requires countries to implement
proliferation financing related Targeted Financial Sanctions (TFS) made under
United Nations Security Council Resolutions (UNSCRs or resolutions). Red Flag for Proliferation Financing
Recommendation 2 requires countries to put in place effective national
To identify a suspicion that could be indicative of proliferation
cooperation and, where appropriate, coordination mechanisms to combat the
financing activity; a number of red flags are identified by FMU
financing of proliferation of weapons of mass destruction (WMD).
with respect to customer behavior and transactional pattern.

14
Red Flag for Proliferation Financing.

Red Flag (Customer’s Behavior) Red Flag (Transactional Pattern)

• When customer is involved in the supply, sale, delivery or purchase • Project financing and complex loans, where there is a presence of
of dual-use, proliferation sensitive or military goods, particularly to other objective factors such as an unidentified end-user.
higher risk jurisdictions. • The transaction(s) involve an individual or entity in any country of
• When customer or counter-party, or its address, is the same or proliferation concern.
similar to that of an individual or entity found on publicly available • The transaction(s) related to dual-use, proliferation-sensitive or
sanctions lists. military goods, whether licensed or not.
• The customer is a research body connected with a higher risk • The transaction(s) involve the shipment of goods inconsistent with
jurisdiction of proliferation concern. normal geographical trade patterns i.e. where the country involved
• Red Flag
When customer is vague about the ultimate beneficiaries and for Proliferation Financing
does not normally export or import or usually consumed the types of
provides incomplete information or is resistant when requested to goods concerned.
provide additional information. • Over / under invoice of dual-use, proliferation-sensitive or military
• When customer uses complicated structures to conceal connection goods, trade transactions.
of goods imported / exported, for example, uses layered letters of • When goods destination/shipment country is different from the
credit, front companies, intermediaries and brokers. country, where proceeds are sent/ received without any plausible
• When a freight forwarding / customs clearing firm being listed as the reason.
product’s final destination in the trade documents.
• When final destination of goods to be imported / exported is unclear
from the trade related documents provided to the reporting entity

15
What are Sanctions?

Sanctions are legal restrictions imposed on countries, governments, persons or Why are sanctions important for UBL:
industry sectors by competent authorities in territories where they hold jurisdiction.
 To protect the Bank’s business
These restrictions can include the blocking of property, trade prohibitions,  Avoid financial penalties due to
prohibitions on commercial dealings or denial of access to the financial system. breach of Sanctions
 Avoid reputational damage,
which may undermine confidence
Why do governments apply Sanctions? in the Bank and impact
profitability

Encourage a change in the Prevent and suppress the Prohibiting the transfer of
behaviour of the target financing of terrorists and funds to a sanctioned
(country or regime) terrorist acts country
Sanctions can be imposed by a number of
international bodies, including:

 United Nations Security Council

(UN)
Apply pressure on the target An enforcement tool when Freezing the assets of  Office of Foreign Assets Control
(country or regime) to international peace and governments, corporate
(OFAC)
comply with set objectives security has been entities, residents
threatened and diplomatic of the target  European Union (EU)
efforts have failed  Her Majesty’s Treasury (HMT)

16
Money Laundering vs. Terrorist Financing vs Proliferation Financing vs. Sanctions
Behaviour Money Laundering Terrorist Financing Proliferation Financing Sanctions

Influence change in
Motive Profit Ideological To acquire WMD activities or policies
Funds are typically derived Funds may or may not be Local and international
from criminal activity (e.g., Funds may or may not be derived derived through illegal authorities
Source drug and people through illegal means (i.e., could means (i.e., could be backed impose
trafficking, arms be charitable donations) by governments) sanctions measures
smuggling)

Size Large amounts Can be of any size but tend to be Mostly large amounts Irrelevant
smaller

Will tend to be focused on

Will use any potential delivering funds to the end user Through trade and also use Through screening
method to disguise origin and more likely to use informal informal value transfer local and/or
Method including “structuring” value transfer systems (e.g., systems (e.g., Hawalas) and international sanctions
techniques Hawalas) and currency exchange currency exchange firms blacklists
firms

Purpose To integrate funds into the To further the ideological goals of Proliferation of WMD Sanctions evasion
legitimate financial system the controller of the assets

17
Bribery and Corruption

“Bribery is defined as giving someone a financial or other advantage to encourage or induce that person to perform his or her
functions or activities improperly or to reward that person for having already done so. This could cover seeking to influence a
decision-maker by giving some kind of extra benefit to that decision maker rather than what can legitimately be offered.”

“Corruption is the abuse of public or private office to obtain an undue advantage. Often, but not always, bribery is a vehicle
for, and enabler of, corrupt behavior.”
- Group Anti-Bribery and Corruption (ABC) Policy

Active Bribery
Embezzlement
“A person offering, promising or giving a financial or
other advantage to a person with the intention of
influencing a person to perform their duty improperly.” Tax Evasion Extortion
– UK Bribery Act 2010
Forms of Corruption
Passive Bribery
Money
“A person requesting, agreeing to receive or accepting a Nepotism
Laundering
bribe for a function or activity to be performed
improperly.” Fraud
– UK Bribery Act 2010

18
What is Fraud?

Fraud is defined as “An intentional act by one or more individuals among management, those charged with governance,
employees or third parties, involving the use of deception to obtain an unjust or illegal advantage”.
Group Anti Fraud Policy

Fraud can occur in the absence of controls as well as by collusion between employees and/ or external parties through
circumvention of the systems and controls in place.
Fraud is any illegal act characterized by deceit, concealment or violation of trust perpetrated to:
► Obtain money, property or services
► Avoid payment or loss of services
► Secure personal or business advantage

Stated differently, fraud is any act characterized by intentional deception or misrepresentation.

Sources of fraud:
► Internal Fraud: Losses due to acts intended to defraud, misappropriate property or circumvent regulations, law or Bank’s policy,
which involves at least one internal party. This category includes frauds committed by external parties in collusion with insiders.
► External Fraud: Losses due to acts intended to defraud, misappropriate property or circumvent law, by a third party, e.g. hacking
damage, theft/ robbery, fraud, forgery, etc.

19
Governance overview and
its importance
What is FCC Risk Governance?
FCC Risk Governance includes development of FCC Policies and Standards along with establishment of clear authority and
responsibility over continuous monitoring and effective implementation of the FCC Framework.

Board-level oversight: Boards and risk committees that focus on major risks affecting the Bank

Properly embedded Financial Crime Risk Appetite Frameworks : Encompassing a

comprehensive risk appetite framework and strong controls to effectively manage FC risk
Risk appetite
framework Strong risk culture: Ensure that the risk appetite is communicated and implemented
throughout the Bank
Risk
Talent and accountability
incentives Risk (3LoD)
Strengthened Three Lines of Defence: True First Line accountability, broader and effective
governance
Second Line and an independent strengthened Third Line

Risk transparency, Control Effective controls: Integrated risk assessments, a greater focus on the quality of controls
MIS and data effectiveness and their ability to adapt to changing risk profiles

Integrated talent management approach to risk and control personnel : Incentives (financial
and non-financial), competencies, employee life cycle and internal succession

Effective risk reporting: Integrated reporting with cleaner data

21
Importance of Governance – Regulatory environment

Regulatory landscape has changed significantly

► Enhanced risk governance requirements are routinely cited in new regulations or supervisory examinations
► The direction that many international regulators are taking has significantly increased the challenges and costs of
operating a global or regional business and has a direct impact on risk governance

Focus on remediation Revenue and cost pressure

► Global regulators are imposing fines resulting ► There is a direct impact on revenues and business
in costly remediation programs models, including the need to exit existing business
relationships

New business models require a new approach to governance

► Investors are demanding sustainable returns and are applying pressure on costs.
► Strong risk governance is essential to oversee and enable new business and operating models
► Effective risk oversight enables successful implementation of controls, reduce costly remediation and provide clear
visibility across the organization to realise synergies and increase profitability

22
FCC Governance Structure

Board Audit Board Risk & Compliance

BOD
Committee Committee

CEO Front Line Business Units

Internal
Audit Branch Banking
Compliance Committee of
Group Executive - Compliance
Management
Operations

Corporate, Institutional
and Investment Banking
Head Financial Crime
Compliance
Divisional Head Unit Head Regulatory Digital Banking
Compliance Policy and Compliance Advisory
Transformation Assurance Treasury and Capital
Head CFT Desk & Compliance
Systems Markets
Unit Head – Regulators
Coordination
Unit Head Data Analytics & Head Quality Assurance Islamic Banking
Investigation Senior Manager Compliance
Review & Monitoring
Human Resources
Unit Head Name Scanning Unit Head Monitoring &
Reporting International
Information Technology
Unit Head Transaction
Monitoring Head Compliance Risk,
Business Support & International – Home
International Remittance, FI and EPZ
Divisional Head Anti Fraud

Senior Manager
AML Executive Management Direct Report
Dotted Line Report

23
Regulatory Landscape on
governance
Regulatory Landscape

State Bank of Pakistan (SBP) has provided guidance over Risk Governance under below mentioned regulations:

Guidelines on Compliance Risk Management AML/CFT Regulations for Banks & DFIs
Governance Responsibilities Policy Matters
► Responsibility of the Board and senior management to ► Policies shall at minimum include Customer Due
maintain a strong compliance culture Diligence measures, record retention, correspondent
banking, wire transfers, risk assessment procedures,
► Develop a strong control environment detection of unusual and/ or suspicious transactions and
► Ensure all employees comply with all legal and obligation to report suspicious transaction etc
regulatory requirements, standards and best practices ► Consider ML/ TF threats which may arise from the use of
► Encourage the required ethical conduct that underlies new or developing technologies, when formulating
such requirements policies, procedures and controls

► Develop a strong compliance culture to ensure

► Ensure that FCC Policies is applied by all branches and
employees identify and report events of non compliance subsidiaries including foreign branches and subsidiaries,
without any fear of negative consequences to the extent that laws and regulations of the host
country permits

25
Financial Crime Compliance
(FCC) Programme
UBL Financial Crime Compliance Programme

► UBL is committed to implement a

comprehensive framework to ensure
compliance with local and international financial Financial Crime
crime compliance laws and regulations. Risk Appetite

► This framework includes the following FCC Strategy

components:
 Financial Crime Risk Appetite
FCC Risk Governance Framework

 FCC Strategy
 FCC Risk Governance FCC Policies and Standards

 FCC Policies and Standards Create Note: needs recreating

FCC Risk Assessment

 FCC Risk Assessment
Identification Assessment Mitigation Reporting

 FCC Processes and Procedures

Operational FCC Processes and Procedures
 FCC Management Information and
Reporting
FCC Management Information and Reporting FCC Culture and People
 FCC Culture and People

27
FCC Programme – FC Risk Appetite

The FC Risk Appetite sets out the thresholds for exposure to Financial Crime within the Bank and has to be reviewed at least
annually and in response to specific triggers.
► The Bank maintains a zero tolerance approach towards breaches of applicable laws and regulations related to financial crime.
UBL aims to comply with all legal and regulatory requirements to avoid enforcement actions and reputational damage
► Factors influencing the level of FC risk associated with a business relationship include:

Prohibited
Customers
Restricted
Risks
identified
FC Risk Appetite Products Risk from these
High
statement Factors factors must
be divided
into
Medium
Countries/
Geography
Low

28
FCC Programme – FCC Strategy

The Bank’s FCC strategy aligns with UBL’s ambition to be a world class bank dedicated to excellence, with an effective financial
crime compliance framework in line with international standards. UBL’s strategy is to:

Ensure strict client acceptance rules and prevent any exceptions to the rule

Assess type of products and services offered to clients and restrict products to customers that present higher FCC risks outside appetite

Ensure comprehensive identification of customers and third parties (by completing KYC, identifying UBOs, etc.)

Implement robust transaction monitoring and filtering controls to mitigate existing risks and identify emerging risks before they
materialise

Document and retain the results of FC and customer risk assessments and implement the appropriate mitigating controls

Receive regular and proactive information on FC risks and keep this up to date

Ensure close coordination and full disclosure of the Bank’s FC framework to third parties (such as regulators, law enforcement or
correspondent banks), where legally permissible

29
FCC Programme – FCC Risk Governance Framework

The FCC Risk Governance Framework sets out the key principles for the overall management of risk in the Bank and is aligned
with the Bank’s strategy and risk appetite. FCC risk is governed by the following structure

Board of Directors

Board of Risk and Fraud Policy

AML/CFT Policy Compliance Committee

Compliance Committee
of Management
Country Risk
Sanctions Policy
Polity

Group Group
Anti-Bribery Standards,
Policy Executive - Methodologies
Compliance and Models

30
FCC Programme – FCC Risk Governance Framework

The FCC Programme has been designed to address key control requirements of the Bank’s FC Control Framework, developed and
informed by regulatory expectations and leading industry practice.

► The framework includes the following control areas:

1. Governance

2. People, Learning & Awareness

3. Risk Assessment

6. Monitoring, Escalation & 7. Advisory Services

4. Customer Identification & 5. Screening Controls investigation
Due Diligence

11. Testing & Assurance

10. Management Information

8. Internal & External 9. Financial Crime Intelligence
Reporting 12. Change Management

31
FCC Programme – FCC Policies and Standards

The Policies and Standards are based on the agreed risk appetite and set to ensure compliance with the highest or
most effective local and international FCC laws and regulations as defined by a college of regulators

► A policy provides the guiding principle or set of principles that implement risk appetite and provide the direction
or course of action in an organization
► The FCC Programme is underpinned by a collection of Group Standards providing specific guiding principles
flowing from each Policy
► The FCC programme includes five policies, 18 standards and a 2 methodologies.
► The Group Anti-Money Laundering & Countering Financing of Terrorism (AML/CFT) Policy, the Group Sanctions
Policy, the Group Anti-Bribery & Corruption (ABC) Policy, the Group Fraud Policy and Group Financial Crime
Country Risk Policy form the core of the Financial Crime Compliance Programme
► The Bank adopts financial crime laws and regulations as required by the State Bank of Pakistan (SBP). Additionally,
the Bank will review and incorporate into Policy, on a risk based approach, the highest or most effective controls
as defined by the laws and regulations of amongst others, the United States of America (U.S.), European Council
(EC), the United Kingdom (UK), United Arab Emirates (UAE), Bahrain, Qatar, Switzerland and Tanzania (the
jurisdiction it operates in)
► Policies and standards are readily accessible to the Bank’s staff and are updated periodically

32
Financial Crime Compliance Policies and Standards

Policies Standards
 Name and Transaction Screening
 Suspicious Activity Investigation and Reporting
AML/CFT  Business Conformance Testing (BCT)
 Internal Audit Assurance
Policy  Customer Due Diligence (CDD)
 FCC Resource Management
 FCC Learning and Awareness
 Financial Crime Risk Analysis, Intelligence and Investigations
FC Country
Risk
Sanctions  Compliance Monitoring & Testing (CMAT)
Policy  List Management
Policy FCC  Trade Finance Sanctions and CFT
Policies &  Employee Due Diligence
Standards  Data & Systems Architecture Governance
 Transaction Monitoring & System Management
 FCC Screening System Management
 FCC Governance and Accountability
 Correspondent Banking Accounts (including Vostro, Nostro Accounts
Fraud ABC and RMAs)
Policy Policy  Managing Regulatory Relationships and Law enforcement requests

Methodologies
 Entity Wide Risk Assessment
 Customer Risk Assessment

33
FCC Programme – FCC Risk Assessment
Risk assessments are a key component of a robust compliance program. They identify and assess compliance risk and facilitate
efforts to measure, control, monitor and report risks.

Identify inherent risks Risk assessment design and plan

• Geography • Risk assessment to allow comprehensive identification of risks
• Customer (legal entity or legal structure industry) • Areas of unknown risks (e.g. data gaps) are treated as high risk
• Products and services Information and data collection
• Regulatory • Risks will be captured through a questionnaire to be answered by the business
Assess the controls in operation • The questionnaire covers both areas of inherent risk and controls
• Governance Risk score calculation
• Customer Due Diligence • Rating is based on the scoring methodology
• Transaction Monitoring Heat map
• Training • Develop heat maps based on the final ratings
• Quality Assurance and Compliance Monitoring Ongoing monitoring
• Sanctions Screening • The risk assessment identifies and assesses compliance risks to facilitate efforts to
• Foreign Correspondent Banking Relationships measure, control, monitor and report risks. The risk assessment feeds the planning
• Issues Management and objectives process which in turn helps to inform and establish enterprise-wide
programs and standards. This assessment can be used to monitor ongoing risks
Evaluate the residual risk and measure remedial progress
Risk assessment design and plan

Ongoing monitoring
assessment process
Information and data collection

High level risk

Systems
and
Inherent risk Residual Risk score calculation
controls
assessment risk
effective- Inherent risk Controls Residual risk
ness
Risk rating review and acceptance
Identify Review Mitigate Heat-map

34
FCC Programme – FCC Culture and People

The Bank’s staff are a critical component in combatting Financial Crime. It is therefore essential that all staff receive training that
is appropriate to the role they undertake.

• Targeted at Board members and executive management

• Executive level awareness training to drive appropriate awareness and sponsorship

Executive
level briefing
• Focussed training for staff in high risk or specialised roles (e.g. FCC advisory staff)
• External accreditation where appropriate
Professional
• Obtain professional qualifications to develop expertise in financial crime compliance
accreditation

• Role specific
Advanced • Bespoke training relevant to role and responsibilities, business units
Training • Focussing on equipping employees with the knowledge / understanding to carry out
their role (e.g. trade finance, payments, etc.)

• Core and standard awareness training

• AML / CFT / Sanctions / Anti-bribery and Corruption E-learning training is
Core Mandatory for all staff
Training • Delivered via HR’s E-learning platform
• Group wide FCC awareness programme
26
Responsibilities of
governance committees
Responsibilities of governance committees
In line with SBP regulations, the Bank has established oversight committees to manage FC risks. The Board is accountable for Group-
wide compliance with the FCC programme and ensuring systems and controls are in place to meet regulatory obligations.

 Overall ownership and accountability for the Bank’s FCC Programme including all FCC systems and controls
 Define and approve the Bank’s FCC risk appetite
 Ensure adequate resources are made available for FCC activities across the Bank
Board of  Give adequate authority and independence to Compliance resources within the Group
Directors (BoD)  Ensure sufficient Compliance resources to carry out their responsibilities
 Review and approve the FCC Programme and its constituent Policies on an annual basis
 Conduct ongoing oversight over the FCC Programme

 Executive responsibility for management and oversight of the FCC Programme

 BRCC membership includes executive senior management covering the bank’s businesses, Operations, Risk,
Legal and Compliance functions
Board Risk and  Remit includes managing all risks and issues related to the Bank’s FCC systems and controls
Compliance  Responsible for delivery of FCC related project plans and milestone tracking
Committee  Identify areas where the Bank may become exposed to FC and direct mitigating actions
(BRCC)  Ensure ongoing compliance with applicable legal and regulatory requirements
 Review and approval of relationships and transactions that pose a significant regulatory or reputational
sanctions risk to the Bank
 Ratification of high risk relationships

37
Responsibilities of governance committees
In line with SBP regulations, the Bank has established oversight committees to manage FC risks. The Board is accountable for Group-
wide compliance with the FCC programme and ensuring systems and controls are in place to meet regulatory obligations.

Board Audit  Delegated Board level responsibility for oversight of the FCC Programme
Committee  Report material issues and risk incidence to the Board
(BAC)

 Ownership and management of FC risks within the Bank

 Ensure FCC systems and controls are in place within the Bank
Compliance  Reporting to BRCC and subsidiary Boards on management of risks and issues within the Bank
Committee of  Review FCC MI on a monthly basis
Management  Identify FCC resource requirements for the Bank
(CCM)  Review and approve FCC Procedures
 Implement Group Policies and Standards and obtain assurance on the effectiveness of controls

38
Three Lines of Defence
Model
Three Lines of Defence Model

SBP encourages Banks to implement the Three Lines of Defence (“3LoD”) model to mitigate Compliance risk.
The Bank’s FCC governance structure is aligned to the 3LoD Model, that requires:
 First Line of Defence: A robust control environment to identify and mitigate risks at the business level
 Second Line of Defence: Oversight of controls performed by the Compliance / FCC department in addition to it acting as an advisory function and
responding to queries from the Business
 Third Line of Defence: Internal Audit performs independent assurance testing of controls over first line and second line functions

Three Lines of Defence model

Governing Body/ Board/ Audit Committee

► Provides independent assurance of risks
and controls
Internal
► Addresses effectiveness and sustainability
of risk governance Audit
3rd Line of Defence
► Monitoring of risks and controls within the

Senior Management
First Line

Regulator
FCC Department
► Tests FC risk exposure
2nd Line of Defence
► Advisory function

► Owns and manages risks and controls

► Performs conformance testing Business Units/ Operations
► Identifies, assesses, measures, 1st Line of Defence
monitors and reports risks

40
Three Lines of Defence Model – Risk Ownership and Enablers
Ownership and accountability for FC risks is assigned to the front line with Business line senior executive management approving
customer relationships and transactions presenting heightened reputational and FC risks.

Ownership of risk Enablers

► Management of risks sits within functions where the risk ► Clear risk accountability and
originates embedded risk appetite
► Responsibility for assessing and monitoring all risks related to ► Aligned with compensation/
business activities incentives
► Front line activities must be consistent with risk appetite ► Escalation process
1st LoD ► Risk acceptance assigned to first line management ► Risk transparency

► Responsible for identifying, measuring and monitoring FC risks

relative to risk appetite ► Reviewing controls performed within
► Responsible for risk oversight first line to ensure appropriateness to
► Testing and assurance activities to ensure conformance with risk appetite
2 LoD
nd
policies and risk appetite

► Much enhanced role for internal audit ► Direct reporting line to Board of
► Audit function to remain independent of first and second lines Directors
► Audit should evaluate compliance with risk management ► Expansion of role to observer at risk
3rd LoD framework policies committee

41