Risk Management
The Bank has an independent control function, Risk Management Function which is headed by the Chief Risk Officer (CRO), who holds a General Manager position. Risk Management is comprised of the following 2 divisions:
- Credit Risk Division
- Market & Operational Risk Division.
The Board of Directors ensures the independence of the General Manager Risk by providing direct access to the Board through the Board Risk Committee.
The Risk Management Divisions are independent from executive functions, business line responsibilities, operations and revenue generating functions.
Risk management comprises a broad framework of policies and procedures on the undertaking, assessment, monitoring and treatment of the various risks affecting the activities of the Bank. Particular emphasis is placed on the strict observance of the framework and the overall management of the various risk types, as well as on the determination of the acceptable risk appetite, during the business decision-making process and target setting.
The main responsibilities of the Risk Management Divisions are the following (list is not exhaustive):
- Assist the Board Risk Committee, Board of Directors and Senior Management of the Bank to establish and communicate within the Organization, the Bank’s risk appetite and objectives.
- Assist the Board Risk Committee and Senior Management of the Bank to develop and communicate within the Organization, the risk management policies.
- Proceed to the identification, assessment, measurement, monitoring and reporting of risks.
- Report to the Senior Management, the Board Risk Committee and the Board of Directors the results of the assessment and monitoring of risk exposures.
- P repare and submit an Annual Report to the Central Bank of Cyprus and the Board of Directors, presenting an overview of key risk issues within the Bank and recent developments and overview of the Bank’s Risk Management Framework.
- Participate in the formulation of the Bank’s strategy, Risk Appetite Framework and the risk limit setting.
Internal Audit Division
The Audit Division is responsible for the internal audit of the Bank and reports to the Board of Directors through the Audit Committee, as well as to the Managing Director of the Bank. The Audit Division performs audits regarding the adequacy and the effectiveness of the internal control system of the Bank, in accordance with the stipulations of the regulatory framework and investigates thoroughly cases on which there is evidence that the interests of the Bank are harmed. Monitors the implementation and the effectiveness of the corrective actions recorded in the reports of all sorts of audits (by internal auditors, external auditors, Regulatory Authorities etc.).
Compliance Division
The Bank has established a code of conduct regarding the implementation of optimal practices in business operations, in management, in the behavioural regulations of the Bank’s Officers and Employees and for the Bank’s traders, shareholders and third parties.
The obligations and the principles derived from the undertakings of the Bank’s Officers and Employees are included in the Code of Conduct. These obligations are recorded in the Personnel Manual.
The Bank has designed, developed and implemented a comprehensive, compliance regulatory framework, in order to prevent and effectively manage the risks of not complying with the current regulatory framework (Risk Compliance) that may arise from the operational activity.
The Bank has established appropriate policies and procedures and has adopted audit and monitoring recognition mechanisms, of the relevant risks, in order to ensure regulatory compliance.
More specifically the Bank has developed an exhaustive culture of compliance:
(A) based on the full comprehension of the regulations, national and international standards and best practices governing the Bank and the compliance risks that faces and
(B) that complies with the Bank and the Group’s business code of conduct and corporate values.
Information Security Department
The Bank has adapted the Alpha Bank Group Information Security Framework, which ensures Management’s commitment with respect to information security.
In particular the Bank has established policies, procedures and information security mechanisms, for the correct use and safeguarding of information assets of the Bank and it’s customers.
In this regard the Bank:
- Has an administrative structure in place, that administers all information security issues.
- Applies the Group Information Security Framework in all procedures and systems of the Bank and proposes improvements of the framework to the responsible Division of Alpha Bank Group.
- Implements procedures for the detection, containment and response to security incidents, from internal or external threads and to disasters from physical or other occurrences, which affect or may affect the Bank.
- On a regular basis assesses the information security performance and takes necessary actions, so that it remains at acceptable levels by the Management.
- Implements an education and training program on information security matters for all employees of the Bank, including senior management.