The Internal Control System
To achieve its objectives, the Internal Control System based its action on the Risk Management, Compliance and Internal Audit functions, centralized and transversal to the Group.
TThe policy and risk management of the Group is developed through a transversal and multi-domestic functional control model governed by Millennium bcp’s Board of Directors , which delegates its monitoring, evaluation and the control of each type of risk in the Risk Commission.
The Risk Commission is responsible for monitoring the overall levels of risk incurred, ensuring that they are compatible with the objectives and strategies approved for the development of activity.
The Risk Office is responsible for promoting the implementation of the Group's risk policy defined by Millennium bcp’s Board of Directors, ensuring consistency of principles, concepts, methodologies and risk assessment and management tools that are for a correct evaluation of the risks incurred and arising from the activities of the Group. To learn more about the Risk Management policy of Millennium bcp, click here.
The Compliance Office, created in 2004, aims to ensure that the management bodies, the functional structures and all Employees of the Group comply with the legislation, rules and regulations (internal and external) that guide the activities of the Bank and its subsidiary companies, in order to avoid the risk of the Institution incurring in penalties of legal or regulatory nature and in financial or reputational damages as a result of the breach of the laws, codes of conduct and "negotiation good practices" and the duties to which they are subject.
One of the objectives of the Compliance Office is the compliance with the legal requirements and regulations, including those relating to the prevention of money laundering and terrorist financing, as well as with the professional standards and practices, ethics and internal rules, the articles of association, the rules of conduct and relationship with Customers, the guidelines of the corporate bodies and the recommendations issued by the Basle Committee on Banking Supervision and by the Committee of European Banking Supervisors (CEBS) in order to protect the reputation of the institution and to ensure that the institution is not sanctioned, as provided in Art. No. 2) (c) of the Notice 5/2008 of Banco de Portugal (BdP).
The Audit Department is a component of the internal control system of Banco Comercial Português whose primary mission is to ensure before the stakeholders ? in particular the Supervisory Board and the Executive Board of Directors ? that the internal control system of the Bank is adequate and efficient as a whole and also ensure that the procedures for the risk identification and management and governance of the Bank and the Group are appropriate.
The exercise of the internal audit function should be permanent and independent and the Audit Department must carry out its mission through the adoption of internal audit principles recognized and accepted internationally and issue recommendations based on the results of such assessments that should add value to our organization and improve the control and the quality of its operations by contributing to the achievement of its strategic interests and assuring that:
- risks are properly identified and managed and the controls implemented are correct and proportionate to the risks;
- the Bank's capital evaluation system is adequate versus its degree of exposure to risk;
- the various governance bodies interact in a appropriate, effective and efficient manner;
- operations are accurately recorded and the financial, operational and management information is accurate, reliable and timely;
- the safeguard of the Bank?s interests and assets and those of the Group or those that have been entrusted to it;
- the employees perform their duties in accordance with policies, codes of conduct, rules and internal procedures and with the laws and other applicable regulations;
- resources are acquired economically, used efficiently and adequately protected;
- the programs, plans and objectives defined by management are complied with;
- the legal and regulatory matters with significant impact on the organization are recognized, clearly understood and properly addressed.