Annual Report & Accounts December 2009 – Charting new frontiers
Business Review

Compliance Risk Management

  1. Compliance risk management philosophy, strategy and policies
  2. Compliance risk management governance structure
  3. Compliance risk management roles and responsibilities
  4. Responsibilities of the Chief Compliance Officer (CCO)

1 Compliance risk management philosophy, strategy and policies

Ongoing reform in the banking industry, changes to regulations and the introduction of new legislations, have placed greater emphasis on the need for formal and structured monitoring of compliance with legal and regulatory requirements. FirstBank remains committed to comply fully with both the spirit and the letter of applicable laws and regulations and to always act with care and due diligence. The risk of non-compliance with legal and regulatory requirements ranges from potential financial loss occasion from regulatory sanctions, to loss of business and/or franchise, as well as damage to the Group's reputation.

In ensuring compliance with laws and regulations, the Bank has put in place a robust compliance framework. The Compliance function, under the leadership of the Chief Compliance Officer ensures that the compliance process runs effectively, monitors to ensure that statutory and regulatory requirements are adhered to and ensures that breaches are promptly reported. The Bank has in place a comprehensive Compliance Process Manual, which is accessible to all staff through the Group's e-porter. The Manual defines the roles and responsibilities of all stakeholders in ensuring compliance with laws and regulations. The Group's compliance objectives as well as the minimum acceptable compliance standards across the Group are also specified in the Manual.

While the primary responsibility for complying with regulatory requirements lies with all members of staff conducting particular transactions or activities to which regulation applies, the Board of Directors is ultimately accountable for compliance performance.

The current regulatory regime places so much pressure on financial institutions to know their customers and implement processes for combating money laundering as well as putting in place measures aimed at understanding regulation as it affects the financial services industry and the implication for non-compliance. In this regard, FirstBank has reviewed its Anti-Money Laundering (AML)/Countering the Financing of Terrorism (CFT) Manual, incorporating new guidelines for Know Your Customer (KYC)/Know Your Customers' Business (KYB), in line with the recent CBN AML/CFT Compliance Manual. The Group has continually reviewed and analysed relevant laws and regulations, which are compiled into rule books in order to ensure business is run in line with compliance requirements.

The Compliance function operates from Head Office and some selected hubs, each of which is manned by dedicated Compliance Officers whose main job in the Bank is 'compliance'. Highlights of the scope of coverage of the Compliance function include:

  • regulatory compliance;
  • anti-money laundering (AML)/countering the financing of terrorism (CFT) compliance (including KYC/KYB principles); and
  • corporate governance compliance monitoring.

Each and every one of the activities of the Compliance function is governed by articulated policies and process duly approved by the Board. The Group's AML/CFT regime is driven by a documented, functional AML/CFT Policies and Procedures Manual to which every member of staff has unfettered access through the Group's e-porter. As a living document, the manual is reviewed and updated regularly to reflect the dynamism and changing regulatory or environmental imperatives.

Back to top

2 Compliance risk management governance structure

In line with international best practice, the Compliance function is responsible for ensuring that the Bank continuously manages its regulatory risk.

Regulatory risk is the risk that occurs when financial institutions do not comply with the spirit and the letter of applicable laws and regulations or supervisory requirements. The management of regulatory risk comprises ensuring compliance with all the statutory and regulatory requirements. The Compliance function is therefore responsible for ensuring compliance with all rules imposed on the business by regulators/supervisors.

Responsibility for managing compliance with internal rules created by FirstBank itself lies with the Internal Audit and Control functions. These are monitored as part of their normal duty of ensuring that an effective system of internal controls is maintained in FirstBank.

Certain internal rules are of such importance that the Executive Committee (EXCO) may require the involvement of the Compliance function for effective implementation. The Compliance function is also, to that extent, responsible for monitoring compliance with internal rules, as determined by EXCO from time to time.

The Compliance function operates independently from Internal Audit and Control functions. However, the Division leverages on the Internal Audit and Control infrastructure by administering compliance checklists on business units and branches through the independent control and normal audit procedures. These compliance reports are forwarded to the Compliance Department for review and subsequent monitoring.

Back to top

9.3 Compliance risk management roles and responsibilities

Roles and responsibilities for compliance are assigned to various functions as follows:

We are embarked on a focused transformation programme

Useful Link's

In this report:

On our corporate website:

Function Role
Board of Directors Assume overall accountability for compliance performance
Chief Executive Officer Provides demonstrable support to the CCO with the development of a compliance culture
Executive Directors (EDs) and Executive Committee Assume overall accountability for compliance within their Strategic Business Units (SBUs)/Strategic Resource Functions (SRFs)
CEOs of subsidiaries and their management teams CEOs assume overall accountability for compliance within their companies and their respective management is responsible for day-to-day compliance with regulations applicable to their business
Business Unit Heads and Business Development Managers Responsible for day-to-day compliance with regulations applicable to their business
SBU/SRF/Subsidiary Compliance Officers Facilitate the implementation of the compliance process within their SBU/SRF/Subsidiary
Branch Managers (Branch Compliance Officers) As the Compliance Officer of their respective branches, Branch Managers assume overall responsibility for compliance in their branches and are responsible for conducting periodic compliance reviews
All employees Responsible for familiarising themselves with the regulatory requirements applicable to their business and ensuring that all transactions and activities in which they are involved are carried out in accordance with those regulations
Internal Control Assists the Compliance function in the conduct of independent monitoring
Internal Audit Provides quality assurance for the Compliance function
CCO Responsible for the development, communication, leadership and implementation of the compliance strategy, policy, structure and process
External Audit Responsible for reviewing the compliance risk management process as part of their statutory audit duties

Back to top

4 Responsibilities of the Chief Compliance Officer (CCO)

The CCO takes overall responsibility for compliance issues in the Group including its Strategic Business Unit. The CCO works closely with the Chief Financial Officer (CFO) in the performance of the following specific responsibilities:

  1. Assigns a robust compliance structure, process and advisory service in order to ensure line management's compliance with current laws, regulations and supervisory requirements
  2. Reports non-compliance with laws, regulations and supervisory requirements to the CE and the Board of Directors in a timely manner
  3. Provides the Board of Directors with regular information on the level of FirstBank's compliance with laws, regulations and supervisory requirements
  4. Ensures, as far as possible, that no conflicts of interest exist between the Compliance function and other internal control functions
  5. Establishes compliance culture in FirstBank that contributes to the overall objective of prudent risk management
  6. Establishes effective communication with line management in order to continuously monitor compliance with laws, regulations and supervisory requirements
  7. Mandates line management to monitor compliance with laws, regulations and supervisory requirements as part of their normal operational duties
  8. Ensures that regulatory requirements are incorporated into operational procedures and manuals where appropriate
  9. Makes recommendations whenever necessary to ensure that laws, regulations and supervisory requirements are being complied with
  10. Establishes effective mechanisms for reporting and resolving non-compliance with laws, regulations or supervisory requirements
  11. Documents his findings, including remedial action, as part of the compliance monitoring programme
  12. In conjunction with training and development, ensures continuous training of compliance staff on technical knowledge of regulatory framework and associated risks
  13. Compiles and maintains comprehensive compliance manual for the Group, in conjunction with line management.

Back to top

© First Bank of Nigeria plc 2010