Individuals
Digital Banking
Premium Banking
Private Banking
Business Banking
Corporate & Investment Banking
Go For More
NBG Group
hamburger-text
Ελληνικά
Connect to Digital Banking
IndividualBusiness
Get the bank in your desktopGet the bank in an applicationGet Digital Banking codesGet started with NBG online

Group Compliance Risk Governance & Monitoring

The Compliance Risk Governance & Monitoring Division has been operating within NBG since 2022, with the strategic objective of measuring and assessing compliance risks and the adequacy and effectiveness of compliance controls, in order to prevent and detect any violations of the institutional framework and to propose corrective actions should any compliance gaps within the NBG Group arise.

As a result, the Division ensures that the Board and its Committees function in an adequate and effective regulatory compliance environment and have access to reliable measurements of the level of compliance risks. 

The main activities of the Division at Bank and Group level are the following:

  • Developing, implementing and updating the Compliance Risk Methodology
  • Conducting Compliance Risk Testing 
  • Compliance Testing Findings Follow Up through the GRC Tool
  • Ongoing Monitoring through the Compliance Risk Dashboard-KRIs & Quality Assurance Dashboard-KPIs
  • Overseeing External Quality Assurance - ISOs
  • Collaborating with other control functions for the holistic management of compliance risk

The Compliance Risk Assessment Methodology is designed to proactively identify and manage compliance risks in alignment with NBG's business model and objectives.

The following key principles form the basis of the Methodology:

  • Gradual integration of IT tools into the risk assessment process.
  • Dynamic adaptation reflecting the evolution of business risks in relation to the business and operational models adopted.
  • Utilization of objective/quantitative data based on the Bank's best practices and extensive experience, supporting more accurate assessment and allowing for a focus on actual compliance risks. 

NBG's compliance obligations are categorized in a structured form (Compliance Taxonomy) comprising three levels.

Level 1 - Compliance Risk Classes: It represents broad areas of compliance risk that the Bank must manage to remain in compliance with the institutional framework.

Level 2 - Regulatory Areas: It consists of subcategories within each Level 1 class 

Level 3 - Obligation Categories: It refers to specific obligations or requirements that the Bank must fulfil to comply with respective laws, regulations, or internal policies. 

This categorization allows the Group Compliance Risk Governance & Monitoring Division to include two assessment levels in the Compliance Risk Assessment methodology:

  • Macro Risk Assessment (High Level)
  • Micro Risk Assessment (Operational Level)

Macro-Risk Assessment

The annual Macro-Dimension compliance risk assessment (High Level - HL) is carried out for all regulatory areas (Level 2). All key regulatory areas are evaluated through the quantitative and qualitative assessment of predefined risk indicators. Inherent risk at the High Level is assessed on the basis of a set of main standard indicators with a weighting factor according to their effect on the overall risk assessment. Through the Macro Risk Assessment, entity-level controls (at Bank/Group level) are evaluated either individually or collectively, according to their ability to mitigate risk. Based on this assessment, the residual risk is determined.

Micro Risk Assessment

The applied Compliance Risk Methodology provides a more detailed and analytical assessment at the level of risk scenarios for:

  • A number of areas that are considered Very High/High Risk (based on the residual risk from the macro-assessment)
  • All new regulations, especially for the first year of implementation
  • Risks related to money laundering/terrorist financing.

The inherent compliance risk is calculated based on the assessment of specific parameters such as the impact and likelihood of occurrence of a regulatory breach scenario (at the Level 3 - Obligation categories). As compliance risk mitigation measures, process controls and general IT controls are evaluated based on Compliance Risk Testing in terms of control design and operating effectiveness. The residual compliance risk is generated automatically, using a matrix embedded in the tool.

To assess compliance risk and the Bank's controls to mitigate it, the Group Compliance Risk Governance & Monitoring Division conducts Compliance Risk Testing and ongoing Monitoring using key risk and performance indicators (KRIs & KPIs).

Compliance Risk Testing is a dynamic risk-based compliance assessment process, carried out periodically across selected business products and services. It examines the design/operational effectiveness of compliance controls and compliance with the institutional framework and applicable policies and procedures.
Compliance Risk Testing is carried out by independent, specialized teams. It is designed in the context of an Annual Plan, proposed by Division 516 and approved by the competent Board Committees. It takes place at specified intervals and retroactively covers a given period (e.g. 12 months). 

The results, findings and corrective actions are validated by the Group's Chief Compliance Officer and communicated to the Compliance, Ethics & Culture Committee of the Board of Directors, while they are monitored by Division 516 through the Connected Risk Compliance Module.

Ongoing Monitoring is facilitated through two dashboards:

Compliance Risk Dashboard & Quality Assurance Dashboard

The Compliance Risk Dashboard features specialized Key Risk Indicators (KRIs) to facilitate the process of effectively monitoring compliance risks. It provides insights into compliance trends and helps identify compliance weaknesses before they become a real threat. Thus, compliance is transformed from a set of regulations into a goal with a well-defined evolutionary path.

The frequency of monitoring and reporting is usually determined during the KRIs (Key Risk Indicators) selection phase and can be quarterly, semi-annual or annual. The frequency is determined based on best practices and the nature of each indicator. The indicators are subject to annual review by the Group Chief Compliance & Corporate Governance Officer and the Head of Group Compliance, Risk Governance & Monitoring, and may be amended when necessary.

The Quality Assurance Dashboard is a tool for monitoring the quality level of regulatory compliance, based on the regular review of specific KPIs (Key Performance Indicators) for each of the Division’s Units.

The thresholds of each indicator are set to serve as early warning signals for more effective quality assurance management and are established:

  • in line with best practices
  • following regulatory limits
  • based on historical data

The frequency of monitoring and reporting is usually determined during the KPI selection phase and can be quarterly, semi-annual or annual. The frequency is determined based on best practices and the nature of each indicator. Limits and frequency are subject to annual review.

External Quality Assurance - ISO Certifications

The Group Compliance and Corporate Governance Division, with the initiative and actions of the Group Compliance Risk Governance & Monitoring Division, was successfully awarded the following ISO certifications:

  • ISO 37000 Governance of Organizations (based on EBA 2017 Internal Governance Guidelines)
  • ISO 37301 Compliance Management Systems
  • ISO 9001 Quality Management Systems
  • ISO 37001 Anti-Bribery Management Systems
 

You might be interested

Close
Close
back-to-top