The internal control is a continuous process, meant to provide a reasonable assurance regarding the fulfilment of at least the following objectives:

  • performance objectives - the effectiveness and the efficiency of the activities carried out;
  • informing objectives - the credibility, the integrity and the timely provision of the financial information and the information necessary to the management;
  • compliance objectives - the compliance with the applicable laws and regulations as well as with the internal policies and procedures.

In order to ensure the effectiveness of the internal control process, the following 3 functions have been implemented in the bank:

  • The Risk Management function that identifies, measures, assesses, controls and reports the significant risks (and, within it, the risk control function that should ensure compliance with risk policies).

    • Risk Management - through the Risk Management Unit is subordinated administratively to the General Manager and functionally to the Board of Directors through the Risk Management Committee. Moreover, Risk Management Unit has a direct reporting line to the Risk Management Unit in NBG, benefiting from the independence which allows the achievement of its objectives. Within the Risk Management Unit is included the Risk Control Division that ensures the compliance with risk policies. The risk control function reports, through the coordinator of the Risk Management Unit, to the management structure of the bank, as well as to any relevant persons (having medium-level managerial functions competent to make decisions) on aspects identified while fulfilling the responsibilities they have. Also, a direct reporting line is established between the internal risk management function of the subsidiaries and the Bank Risk Management Unit.
  • The Compliance function that should identify and assess compliance risk;
    • Compliance - mainly through Compliance Division is subordinated administratively to the Chief Financial Officer, and functionally to the Board of Directors through the Audit Committee, reporting compliance aspects, periodically and whenever necessary, to the Executive Committee, Audit Committee, Board of Directors. The Head of the Compliance Division/ his replacement represent the coordinator of the compliance function of the Bank. The Compliance Division collaborates to fulfil its function, with the Risk Control Department, Legal Division, BPO Division, Internal Audit Division and with all bank's units. The Banking Officer Custody & Depository Internal Control will directly report to the Board of Directors, via the Audit Committee. A direct reporting line was also set to the Compliance Division within the NBG Group, this relationship providing further independence of this function, which allows the achievement of its objectives. Also, a direct reporting line is established between the internal compliance function of the subsidiaries and the Bank Compliance Division.
  • The Internal Audit function that should assess the adequacy and effectiveness of the internal controls and provide relevant reasonable assurance to the management structure.
    • Internal Audit through the Internal Audit Division is subordinated administratively to the General Manager and functionally to the Board of Directors through the Audit Committee. Moreover, the Internal Audit Division has a direct reporting line to the Internal Audit Division of NBG Group, benefiting from the independence which allows the achievement of its objectives. For the implementation of the principles described in chapter VI Bank subsidiaries, a direct reporting line is established between the internal audit function of the subsidiaries and the bank Internal Audit Division.

The internal control system also includes accounting organization, information treatment, risk assessment and risk measurement systems.

For the purpose of ensuring the achievement of the objectives mentioned above, the Bank sets up an internal control system, applicable to the level of each structure and subsidiary, corresponding to the structure, activity and taking into consideration the nature, dimension and complexity of the different risks to which the group and its subsidiaries are exposed.