CCB Brazil is committed to a strong regulatory framework, defined by several regulatory bodies (such as BACEN, CVM, AMBIMA, etc.) In addition to that, it is a signatory to the Banking Self-Regulation System (SARB), which represents the effective commitment of banks to their consumers, recognizing that it is possible and opportune to go beyond what is strictly legal. The Compliance department centralizes the supervision of actions linked to compliance risk (Compliance), in cooperation with other operational and control departments. The following practices are the foundation of this department’s activities.
• To act independently and autonomously with free access to the information necessary for the exercise of its duties;
• Continuously monitor the regulatory environment and disclose the applicable regulations for the activities of the responsible areas;
• Assess the institution's adherence to regulations, monitor changes in the Process Manuals and other Institutional Policies regarding compliance with activities;
• Perform the management of the set of internal regulations and provide information to employees through the disclosure of standards;
• Maintain relationships with regulatory bodies, supervisors, trade associations, as well as with independent and external auditors, ensuring that all items related to non-compliance are met and corrected in a timely manner;
• Assist the Executive Board in its duties related to information and dissemination of the culture of compliance;
• Assist business areas in complying with regulations issued by internal regulatory and regulatory bodies and their impacts;
• Follow up with the responsible managers the timely action to resolve non-compliance with the Laws, external and internal rules;
• Coordinate the activities related to Compliance and Risk Management with the Internal Audit;
• Prepare a report, at least annually, containing a summary of the results of activities related to the compliance function, its main conclusions, recommendations and necessary measures. The Audit Committee and the Risk and Compliance Executive Board must receive this report;
• Systematically and timely reporting the results of activities related to Compliance to the Board of Directors.
• In this line, the Institutional Principles of the activities of the Compliance Department are:
1. Reporting to senior management;
The Compliance department periodically reports its activities to Senior Management. In addition, the department must systematically and timely communicate to the Institution's Executive Board, the situations that may affect the Conglomerate's compliance risk;
2. Independence
The Compliance department acts independently and segregated from the administrative and business departments, as well as the internal audit, but in permanent synergy with the risk management and compliance strategies (Compliance);
3. Responsibility
The Compliance department is responsible for managing a Compliance Program, composed of policies, procedures, and activities that aim to strengthen the compliance and integrity of the businesses, about compliance with legal and regulatory issues, both internal and external.
The Compliance Program must be guided by a risk-based approach, to ensure focus on the most relevant and critical aspects.
The compliance risk management (Compliance) must include actions to test adherence to the activities carried out by the other departments, with periodic reporting of its results to the Senior Management.
The Compliance structure is part of the 3-line model, which defines and assists risk management at different levels of the institution. This model assigns roles and responsibilities, ensuring independence and adequate segregation of functions.
The “lines” play a distinct role acting independently, and maintaining synergy for the cohesion of Risk Management, Internal Controls and Compliance (Compliance), as follows:
1st. Line - Department of Corporate Business and Operations Management - As the main generators of operations, they are responsible for the identification, assessment, control, and mitigation of risks, guiding the development and implementation of internal policies and procedures, to ensure that activities are according to the Institution's goals and objectives. In addition, they must ensure that exposure to risks remains within acceptable limits, compliance with applicable regulations, as well as the timely adjustment in possible irregularities in their business processes.
2nd. Line - Risk Management, Internal Controls, and Regulatory Compliance - Responsible for providing guidance and training on the risk management process and monitoring the implementation of effective practices by the first line. In addition, it has the role of alerting on emerging issues and changes in the regulatory and risk scenario, as well as monitoring the adequacy and effectiveness of internal control, the accuracy, and integrity of reporting, compliance with laws and regulations, and timely resolution of disabilities.
3rd. Line - Internal Audit - Continuously and independently, verifies the existence, compliance, effectiveness, and optimization of internal controls and processes, identifying problems and opportunities for improvement and formulating recommendations that seek to achieve reasonable assurance that the internal control resources established by the Management are in effective operation, including regarding compliance with the institution's employees. In addition, it provides independent and objective assurance on the adequacy and effectiveness of the risk structure, controls and governance processes.
REGULATION
• CMN Resolution 2.554 / 1998 (internal controls)
• CMN Resolution 4.539 / 2017 (relationship with customers and users)
• CMN Resolution 4.557 / 2017 (integrated risk management)
• CMN Resolution 4.595 / 2017 (Compliance)
• CMN Resolution 4.567 / 2017 (channel for communicating evidence of illegality)
• Bacen Circular 3.865 / 2017 (Compliance)
• Basel Committee on Banking Supervision - Compliance and the Compliance function in banks (April 2005) Guide to Good Compliance Practices - Febraban 2018