The document discusses internal control and compliance risk management in Bangladeshi banks. It outlines the objectives of having an internal control system, which include ensuring efficiency and effectiveness, reliable financial reporting, and compliance with laws and regulations. The document also analyzes the internal control units of two Bangladeshi banks, AB Bank and BRAC Bank, finding that both banks have structured internal control departments that establish policies and guidelines to facilitate transparent governance, in line with standards set by Bangladesh Bank.
Descrição original:
The report includes practical exponents about internal control & compliance risk management, its significance and implementing mechanism of AB bank limited and BRAC bank limited as you have assigned us. The report also includes the answers of questionnaire and illustrations from banks’ officials.
Título original
A report on Internal Control & Compliance management in AB Bank & Brac Bank Limited
The document discusses internal control and compliance risk management in Bangladeshi banks. It outlines the objectives of having an internal control system, which include ensuring efficiency and effectiveness, reliable financial reporting, and compliance with laws and regulations. The document also analyzes the internal control units of two Bangladeshi banks, AB Bank and BRAC Bank, finding that both banks have structured internal control departments that establish policies and guidelines to facilitate transparent governance, in line with standards set by Bangladesh Bank.
The document discusses internal control and compliance risk management in Bangladeshi banks. It outlines the objectives of having an internal control system, which include ensuring efficiency and effectiveness, reliable financial reporting, and compliance with laws and regulations. The document also analyzes the internal control units of two Bangladeshi banks, AB Bank and BRAC Bank, finding that both banks have structured internal control departments that establish policies and guidelines to facilitate transparent governance, in line with standards set by Bangladesh Bank.
Internal Control and Compliance risk management has been a
significant and indispensable part of the banking organization to flourish efficiency and effectiveness of management and to uplift corporate governance. And Private Commercial banks in Bangladesh are no exception of that. Internal Control and Compliance risk management is a separate department, full of diversified and structural mechanism which doesnt let just cover internal audit or audit works, it encompasses plenty of other significant core issues like internal control body, establishing policy guidelines, internal rules and regulations, complying with persistent laws and central banks legal procedures. This report is aimed for extracting something out which are: To outline the standardized measurement criteria for the Private commercial banks as per Bangladesh Banks regulatory manuals. To grow a practical experience in our mind about internal control and compliance risk management in two private commercial banks namely AB Bank and BRAC Bank ltd. To bring the real picture out of the internal control department and compliance culture in AB Bank and BRAC Bank. We have identified that both of the assigned banks AB Bank and BRAC Bank follow the framework for internal control system and compliance regulations provided by Bangladesh Bank with a reasonable and expected extent. They have a structured plan to improve their internal control and compliance risk management more in successive periods. The overall scenario of the internal control department and compliance risk management is seemingly satisfactory. But there are scopes to improve in some areas. It is really a bit tougher to recommend or suggest something to spot out any shortfall or any major inconsistency in these two banks. Nevertheless, we think that the compliance culture should be in a more regulated and structured way and Bangladesh Bank can update its framework for internal control systems to keep pace our banking industry with the competitive globalized banking community.
Executive Summary Page 2 of 18
Introductory Discussion on of the Topic:
Effective internal controls are the foundation of safe and sound banking. A properly designed and consistently enforced system of operational and financial internal control helps a banks board of directors and management safeguard the banks resources, produce reliable financial reports, and comply with laws and regulations. Effective internal control also reduces the possibility of significant errors and irregularities and assists in their timely detection when they do occur.
Internal Control and Compliance risk management is not a new discovery as it effects the whole of any organization. Effective internal control mechanism, sound corporate governance, transparency, accountability have become significant issues to pave the way for the banking industry to smooth performance. Banking has a diversified and complex financial activity which is no longer limited within the geographic boundary of a country. Since its activity involves high risk, the issue of effective internal control system, corporate governance, transparency, accountability has become significant issues to ensure smooth performance of the banking industry throughout the world. In many banks internal control is identified with internal audit; the scope of internal control is not limited to audit work. It is an integral part of the daily activity of a bank, which on its own merit identifies the risks associated with the process and adopts a measure to mitigate the same. Internal Audit on the other hand is a part of Internal Control system which reinforces the control system through regular review.
In Bangladesh, analysis on the performances of the banks has pointed out that an effective internal control system could have contributed significantly in improving the performance of the commercial banks if the control culture is brought in through policy guidelines and structural changes at these banks.
Page 3 of 18
Literature Review According to an IMF publication Internal Control refers to the mechanism in place on a permanent basis to control the activities in an organization, both at a central and at a departmental/divisional level. A key component of effective internal control is the operation of a solid accounting and information system. Internal Control is a process, effected by an organizations board of directors, management and other personnel, to provide reasonable assurance regarding achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations - COSO
Definition
Internal control is the process, effected by a company's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the effectiveness and efficiency of operations, the reliability of financial reporting and compliance with applicable laws, regulations, and internal policies. Internal controls are the policies and procedures established and implemented alone, or in concert with other policies or procedures, to manage and control a particular risk or business activity, or combination of risks or business activities, to which the company is exposed or in which it is engaged.
Page 4 of 18
Objective of Internal Control
The primary objective of internal control system in a bank is to help the bank perform better through the use of its resources. Through internal control system bank identifies its weaknesses and takes appropriate measures to overcome the same. The main objectives of internal control are as follows: Efficiency and effectiveness of activities (performance objectives). Reliability, completeness and timelines of financial and management information (information objectives) Compliance with applicable laws and regulations (compliance objectives)
Page 5 of 18
RESEARCH METHODOLOGY
The study contains both primary & secondary data. Primary data have been collected through personal interview from respondents using the structured questionnaire. We were assigned two banks first, BRAC Bank & Dhaka Bank respectively as sample. Later for data collection problem with Dhaka Bank we have changed Dhaka Bank and select AB Bank with required permission of our course instructor. So the target sample of the study was BRAC Bank & AB Bank which have Internal control and compliance risk management for their business operation. On the other hand secondary data were accumulated from related Annual reports of the banks, published text books, related journals and web sites of the banks and Bangladesh Banks. Participants were asked to help us to complete a questionnaire which consisted of questions relating to Bangladesh Banks guidelines. Questionnaires have distributed to those people who have a clear idea about Internal Control & Compliance Risk Management. The questionnaires were all hand delivered with face to face talking.
ASSUMPTION OF THE STUDY
There is no research work which is free from assumptions. For every research, few assumptions will have to be made. The assumptions are made with respect to the respondents, organization & its conditions hoping that the results will be that of the presented objectives. Collection of data through personal interview with structured questionnaire is easy and correct. The research methodology for the study is appropriate. The sample size of two banks to analyze Internal Control & Compliance Risk management is adequate and it represents the population of the study.
Page 6 of 18
ANALYSIS & FINDINGS
INTERNAL CONTROL UNIT: Analysis: Every banking organization must have a department or unit for internal control. The total internal control system will work as per the directions delivered from this department. This department features the process, policy guidelines or any other regulatory issues and implement it properly as it thinks fit for its organization. This department should have a structured organogram including banks managing director and Board of Directors with their departmental officials and staffs headed by the head of the department. This department is to set out the internal control policies and other necessary guidelines to ensure a transparent governance system.
Findings:
AB Bank
AB Bank ltd. has an internal control unit named as Internal Control & Compliance Division (ICCD) in its organizational structure. This department is basically designed as follows:
Page 7 of 18
BRAC Bank
BRAC Bank has also a structured internal control unit named as Regulatory & Internal Control Department (R&ID) in its organizational structure. This department is basically designed as follows:
MD & CEO Company secretary and Head of Legal, Regulatory & Internal Control Sr. manager (Legal) Head of Regulatory & Internal Control (TBA) Manager, Company Secretariat Sr. Manager, Compliance & Monitoring (1) Sr. Manager, IT Audit & system security (1) Sr. Manager, Internal audit & Inspection, HO & ROC (1) Sr. Manager, Internal Audit & Inspection, Br, SME, ROC, RBO, SBO (1) Company Secretariat Officer (1) Associate Manager, Compliance (1) Page 8 of 18
INTERNAL CONTROL MANUAL: Analysis: This manual should contain three parts internal control over the operating activities of bank (here, audit means the internal audit). They will monitor the functions of various departments of the bank periodically on regular basis. Depending on the requirement they should carry out inspection, surprise inspection in order to help avoiding any fraudulent activities which in turn would strengthen the bank to set up sound structural base. o Know Your Customer Policy (KYC) o Code of Conduct / Ethics o Gift giving & acceptance o Monitoring Procedures o Audit Guidelines
Findings: AB Bank has a KYC policy where BRAC Bank has a form-based KYC policy. Both of the banks informed us that they have a Code of Conduct or Ethics, monitoring procedures and separate Audit Guidelines. AB Bank strictly prohibits any sort of gift giving to the auditors. AUDIT MECHANISM: Audit Mechanism refers to the type of audit design used to perform auditing activities in banks. Here Both AB Bank and BRAC Bank apply RISK BASED AUDIT program where AB Bank uses internal control questionnaire for only its Principal Office and they perform a Risk Weighted Score Measurement to measure the risk management.
AUDIT COMMITTEE:
Analysis: Every bank must have a separate internal audit committee as per Bangladesh banks internal Control regulation. Through the establishment of Audit Committee the Board of Directors can monitor the effectiveness if internal control system. Bangladesh Bank has already instructed the banks to establish Audit Committee. Page 9 of 18
Findings: AB Bank
AB Bank has an internal Audit Committee comprising of a chairman and members. The Audit Committee Personnel are: Mr. Faisal M Khan Chairman Mr. Sajedur Seraj Member Mr. Golam Sarwar Member Mr. Muhammad Tipu Sultan Member Mr. D. S. Faisal Hyder Member
BRAC Bank
BRAC Bank also has an Audit Committee comprised of three members from the Board of Directors including one independent director. The Audit Committee Personnel are: Mr. Shib Narayan Kairy Chairman Mr. Muhammad A. (Rummee) Ali Member Ms. Nihad Kabir Member Mr. Rais Uddin Ahmad Secretary
INTERNAL AUDIT SYSTEM Analysis: The internal control department requires a well-set internal audit system for the measurement of the effectiveness of the organization. It covers an internal audit committee which we have covered in the very earlier topic of our analysis and regulatory formulation. Page 10 of 18
Findings: Both of the banks AB bank and BRAC bank do have a structured internal audit system in their respective organization. But BRAC bank adopts AUDIT UNIVERSE type of audit system which is enabled to check Non-compliance and work as Key Risk Indicator (KRI) simultaneously. MANCOM (Management Committee) Analysis: In setting out a strong internal control framework within the organization the role of Managing Director is very important. The senior management will establish a Management Committee (MANCOM), which will be responsible for the overall management of the bank. The statutory functions of MANCOM are: o MANCOM will put in place policies & procedures, identify measure, monitor and control these risks with governance & guidance from the Board of Directors. o MANCOM will put in place an internal control structure in the banking organization to assign clear responsibility, authority and reporting relationship. o MANCOM will monitor the adequacy and effectiveness of the internal control system based on the banks established policy and procedures. o MANCOM will review on a yearly basis the overall effectiveness of the internal control system of the organization and provide a certification yearly to the Board of Directors.
Findings: AB Bank Obviously. AB Bank has a well-constituted 13 man MANCOM headed by their President & MD. MANCOM of AB bank holds meeting in a year and the last meeting held in 2008. There is yet to come out for 2009 but they are thinking that to do this year. MANCOM review the internal control system on a yearly basis & provides certification to the Board of Directors over the effectiveness of internal control policy. BRAC Bank As usual, BRAC Bank also has a 15-member well-placed MANCOM headed by their Managing Director & CEO including Deputy MDs, Heads of departments, Company secretary and Chief Information System. Page 11 of 18
They exceptionally (MANCOM) holds meeting every month and talks about segregation of duties, process policy spelled out, strategic alignment, peoples policy and human resource and other domains. They (MANCOM) review a yearly basis the overall effectiveness of the internal control system of the organization and provide a certification yearly to the Board of Directors. DEPARTMENTAL CONTROL FUNCTIONS CHECKLIST (DCFCL): Analysis: The functions of DCFCL are as follows: o The guideline/procedure deals with matters relating to review/verifications of Departmental functions to ensure that prescribed procedures are being followed by each department. o All departments are required to check that prescribed controls are being observed and laid down procedures are not overlooked & relaxed. o Departmental Managers, Line Managers, Branch Managers will review the DCFCL to ensure that control functions are performed and documented in the control sheets at the prescribed frequencies i.e. Daily, weekly, monthly and quarterly. o The DCFCL Checklist should be retained with the branch/departments for future inspection by Internal Control and Senior Management.
Findings: AB Bank There is a Departmental Control Function Checklist (DCFCL) to verify the departmental functions and prescribe controls and procedures.
BRAC Bank BRAC bank also has a Departmental Control Function Checklist (DCFCL) to verify the departmental functions and prescribe controls and procedures. BRAC bank updates its DCFCL yearly and this department sends its forms to the banks officials. All the branches including remote branches are audited annually to check compliance on DCFCL, AML (Anti-money laundering), ICC (internal control & compliance), internal policies and procedures. Page 12 of 18
LOAN DOCUMENTATION CHECKLIST Analysis: The checklist deals with matters relating to security documentation for sanctioning and drawdown credit facilities to ensure that prescribed documentation is being obtained to safe guard banks legal charge.
Findings: AB Bank AB Bank follows a Loan Documentation Checklist system to care about their loan sanctioning and drawdown of credit facilities.
BRAC Bank BRAC Bank also adopts Loan Documentation Checklist system to care about their loan sanctioning and drawdown of credit facilities as they described about their diversified loan as for instance, 57% mortgage free loan for the poorer section of the society. Management check with T forms including loan application forms, guarantors copy but they dont get the copy of the lease agreement if held.
CREDIT POLICY MANUAL Analysis: The main objective of lending money is to ensure maximum return of lendable fund. This manual should highlight the process starting from review of credit proposals, obligor risk rating, approving credit limit, disbursement of loans, monitoring of credit risk etc. Various types of MIS should be provided in order to have better control over assets of the bank. Risk classes, lending limits and credit authorities Lending guidelines Approval processes Documentations Secured loans and collaterals
Page 13 of 18
Findings:
AB Bank They follow the regulations as per the Credit Policy Manual of Bangladesh Bank formulated. They adopt Credit Policy & Risk Management Guide (CPRMG) as credit risk is one of the important element of their risk based audit and operational manuals Board Operational manual (BOM).
BRAC Bank BRAC Bank also has a separate credit policy manual to comply with the Bangladesh bank regulations. Besides, they also conform to the VISA standards of Audit Guide, MasterCard standards, IT standards and SWIFT standards. Most interestingly, BRAC bank conducts CAMELS rating internally 4 (four) times a year apart from Bangladesh Banks regulatory CAMELS rating.
Page 14 of 18
Compliance of the Framework of Internal Control Systems At a Glance:
Subject AB Bank BRAC Bank Internal Control Unit / Department Internal Control Manual Regulatory inspection on the operation Yearly Audit Plan Periodic Meeting with Senior Mgt. X Audit Committee (Internal) Summary report to the MD & Audit Committee
Surprise Check Segregation of Duties Code of Ethics Internal Audit System Participation of employees in the improvement of internal control system
Access to the external auditors to evaluate & comment on internal control
MANCOM Yearly review & Certification by MANCOM Credit policy manual Operation manual Treasury manual X HR policy manual Know Your Customer (KYC) policy Anti-Money Laundering policy Asset- Liability Committee (ALCO) DCFCL Loan Documentation Checklist Quarterly Operation Report CAMELS rating Manpower of the department 96 53
Page 15 of 18
C O N C L U S I O N
To complete our assigned task we collected information from two renowned banks in Bangladesh namely AB Bank and BRAC bank. We got our level of satisfaction in working and interacting with these two banks. It was really a comfortable visit to both of the banks as they approximately maintain full compliance with the framework for the internal control systems of Bangladesh Bank. They are successful enough to cope with the internal control policy and compliance with laws and regulations and here we find the difficulty as we hardly can get any major deficiency or any sort of inconsistency in them. We think they are not yet in full complacence with their belongings in their respective internal control and Compliance department; they still hunt for more of better models.
Page 16 of 18
Recommendation of the Study
It is really tough to go for spotting out any major shortfall or any deficiencies in both of the banks as they fulfilled our level of expectation in that study. Nevertheless, there are some short areas where they can still go for improving and redefining the job with a plan for instance, holding regular yearly meeting of MANCOM to increase the professional relationship with the Board of Directors and building a Treasury Manual for better Treasury management in AB Bank. And BRAC Banks internal control department can collect the lease agreement papers in case of more secured Loan Documentation Checklist System.
Page 17 of 18
BIBLIOGRAPHY
1. www.bangladeshbank.org (Bangladesh Banks official website) 2. www.bracbank.com (BRAC Banks website) 3. www.abbank.com.bd (AB Banks website) 4. Framework for the Internal Control System & Compliance of Bangladesh Bank 5. Comptrollers handbook of Internal Control, JAN 2001 (USA) 6. A General Textbook of Banking by L.R Chowdhury
Page 18 of 18
ATTACHMENT
1. Questionnaire on INTERNAL CONTROL & COMPLINCE RISK MANAGEMENT filled by each bank. 2. Organogram of BRAC Bank 3. Framework of Summary of Risk Based Audit of AB Bank