Internal control system

The internal control system at Alior Bank is the entirety of solutions and measures to ensure that the internal control system objectives defined by statute are met, and at the same time to support Bank management, contribute to effective performance of tasks, and ensure the security and stable operations of the Bank. The Bank’s internal control system comprises: control function, compliance unit, and independent internal audit unit.  

The internal control system operated at the Bank is built around the model of three lines of defence: 

SUPERVISORY BOARD/SB AUDITCOMMITTEESENIORMANAGEMENT/MANAGEMENT BOARDOF THE BANKCONTROLFUNCTION1STLINE OF DEFENCE2NDLINE OF DEFENCE3RDLINE OF DEFENCEBusinessunits,AutomaticandsystemcontrolsFinancialcontrol,Security,Riskassessmentunits,Modelvalidation,ComplianceInternalauditControlsIndependentmonitoringControlsIndependentmonitoringAuditingExternalauditRegulator

The Bank’s authorities attach special importance to ensuring the quality and correctness of operation of the internal control system. The Bank’s Management Board is responsible for designing, introducing and ensuring the operation of an adequate and effective internal control system, in particular it approves the criteria for separation of material processes, the list of material processes, and their connection to the goals of the internal control system, and defines and overseas any corrective action taken to remove the most significant inadequacies. The Supervisory Board’s Audit Committee deals with, among other things, current monitoring and annual review of the quality and effectiveness of the internal control system. In particular, the Supervisory Board approves the rules of operation of the internal control system and evaluates the adequacy and effectiveness of that system.  

On all three levels of defence, the employees of the Bank, due to performing their job duties, apply as appropriate certain controls or independently monitor compliance with certain controls. The particular lines of defence are separated from each other, they are characterised by separate roles and responsibilities which are defined in the Bank’s organisational rules, as well as in dedicated policies and procedures. Despite that the lines of defence are disjoint, they share information and coordinate their activities for risks, controls and organisational governance. All three lines of defence have the same task, i.e., support the Bank in achieving the goals of the internal control system. 

In 2019, the Bank has taken a number of measures to increase the quality and effectiveness of the internal control system. In particular, the Bank has redeveloped the control function matrix, introduced organisational changes to strengthen the control function on the second line of defence, and conducted a training and information campaign in this regard.