Internal Control and Audit
VTB Group’s internal control and audit functions operate in compliance with international best practices and applicable legislation in the countries where the Group operates. The system is guaranteed the necessary independence by the way its parts function together and by its reporting structure.
VTB Group’s internal control system ensures:
- efficiency of VTB Group’s and VTB Bank’s activities;
- effective management of assets and liabilities (including asset integrity) and risks;
- reliable, complete and timely financial and management information and reporting;
- compliance with legislation, regulatory acts, rules and standards; non-involvement of the Group and its employees in unlawful activities.
The VTB Group Management Committee established an Internal Audit Coordination Committee, as well as a Coordination Committee for Compliance and Internal Control aimed at preventing money laundering and the financing of terrorism.
|Internal audit||Compliance control||Combating money laundering and the financing of terrorism|
| independently assessing the effectiveness of the internal control and risk management systems, accounting reports, business processes and the activities of departments and individual employees, as well as assessing the economic expediency and effectiveness of operations and transactions; |
verifying the reliability of internal control over automated information systems, as well as verifying methods used to secure property;
monitoring key risk areas and risk control mechanisms, with a view to identifying shortcomings in the internal control system and emerging risks, and to create mechanisms to prevent these risks;
developing recommendations to improve the efficiency of systems, processes, procedures, transactions and activities by the Group’s structural units and employees;
organising efficient communications with external regulatory bodies and auditors.
| ensuring compliance of the activities of the credit and non-credit financial institutions included within VTB Group with the legislation of the country of registration, internal regulations, standards of self-regulatory organisations and common business practices; |
effective management of regulatory (compliance) risks;
creation and maintenance of an effective system of governance information and reporting;
preventing the involvement of participants or employees of VTB Group in unlawful activities (including corruption, improper use of insider information and market manipulation);
maintenance of VTB Group’s strong reputation and raising its investment appeal in financial markets.
| ensuring compliance with the requirements of legislation in the sphere of combating money laundering and the financing of terrorism; |
effective internal control for AML/CFT purposes as a means of ensuring the Bank’s stability, reliability and solid reputation, as well as a way of safeguarding the interests of creditors and depositors;
minimising the risk of customer transactions involving money laundering or terrorist financing, as well as the risk of non-compliance with international sanctions;
avoiding involving Group employees in money laundering or terrorist financing.
The Bank's internal control system includes:
- governing bodies (General Meeting of Shareholders, Supervisory Council, Management Board and the President and Chairman of the Management Board as the sole executive body);
- Statutory Audit Commission;
- Chief Accountant (and his or her deputies);
- Branch managers (and their deputies) and branch chief accountants (and their deputies);
- Structural units (responsible managers) in charge of internal control.
Monitoring of the internal control system is carried out on an ongoing basis by management and employees of the Bank's structural units, as well as by the Internal Audit Department.
Audit Committee. The Audit Committee operates as part of the structure of the Supervisory Council in order to facilitate the effective performance of the functions of the Supervisory Council in the area of control over the Bank’s financial and economic activities. More detailed information on the composition and activity of the Audit Committee can be found in the Section “Corporate Governance/Supervisory Council/Supervisory Council committees”.
Internal Audit Department. The Internal Audit Department provides direct support to the Bank’s governing bodies to ensure that VTB Group works efficiently and effectively. The Internal Audit Department monitors internal control systems, conducts audits and provides impartial recommendations for improving banking operations and control procedures.
The Internal Audit Department is an independent structural unit of VTB Bank and operates under the direct supervision of the Supervisory Council. The Supervisory Council approves the Internal Audit Department’s work plans and monitors their implementation, reviews the Internal Audit Department’s reports on the results of audits and on monitoring of the internal control system, as well as reports on the implementation of the Internal Audit Department’s recommendations to address previously identified issues.
The Internal Audit Department’s organisational structure comprises a number of units responsible for auditing the credit process, non-credit business processes, regional divisions, digital auditing of processes and information technologies, as well as for coordinating the Group's internal control systems. To increase the effectiveness of the monitoring of the internal control system at the Bank’s regional branches, the structure of the Internal Audit Department includes dedicated internal control teams at the branch level.
The Internal Audit Department is responsible for:
- verifying and assessing the effectiveness of the Bank's internal control system;
- verifying the effectiveness of the Bank’s risk management system;
- verifying the reliability, completeness, objectivity and timeliness of the preparation of accounting and management reports;
- verifying compliance with Russian legislation and the requirements of regulatory and supervisory authorities;
- verifying the adequacy and reliability of systems of internal control for the use of automated information systems;
- establishing uniform approaches to the organisation of VTB’s internal control systems.
The Internal Audit Department liaises with the Audit Committee and independent auditors, providing information on the internal control system and reporting any shortcomings during the audit period.
In 2018, the Internal Audit Department conducted 56 audits, including 10 audits of business processes at the Bank's parent company and 46 audits of branch activities. In addition, as part of its ongoing monitoring, Internal Audit Department staff members conducted 755 thematic audits at the branch level.
Taking into account systemic trends in the banking sector, the main challenges facing the Internal Audit Department include: more focus in the auditing process on the efficiency and competitiveness of business processes, ensuring that audits are closely linked to the technological changes taking place within the Bank, and developing remote and thematic auditing formats for individual processes.
In addition to conducting audits and monitoring the Bank’s internal control system, the Internal Audit Department’s priority is to monitor the activities of subsidiaries. In 2018, the Internal Audit Department conducted 10 audits related to the activities of the Bank's subsidiaries.
The Internal Audit Department also regularly analyses reports on the work of Group companies’ internal audit services. To enhance the level of professionalism and exchange of experience, on-the-job training is provided for staff from the internal audit services within Group companies, including with the involvement of VTB Group functional coordinators.
The Department of Compliance Control and Financial Monitoring assists the Bank’s governing bodies with the effective management of regulatory (compliance) risks resulting in losses due to non-compliance with the legislation of the country of registration, the Bank’s Charter, standards for self-regulatory organisations, and also as a result of the application of sanctions and/or the impact of other measures on the part of the supervisory authorities.
Regulatory risks also include the risks of money laundering and the financing of terrorism (AML/CFT), as well as the proliferation of weapons of mass destruction (WMD).
Within VTB Group, the Department of Compliance Control and Financial Monitoring is responsible for ensuring a unified approach to internal (compliance) control, AML/CFT and preventing the spread of WMD within VTB Group’s credit and non-credit financial institutions.
In the context of measures aimed at the effective development of the systems of internal (compliance) control and AML/CFT and preventing the spread of WMD within VTB Group, the Department of Compliance Control and Financial Monitoring interacts with the Coordination Commission on Compliance and Internal Control for the Purpose of Preventing Money Laundering and the Financing of Terrorism, which includes the following tasks:
- development of common principles and standards;
- introducing best practices within VTB Group companies;
- sharing information among VTB Group companies;
- improving the general professional capacity of experts.