4
3
2
1
Page
Corporate Governance
The core objectives of the Bank’s Strategic Information Technology Governance which impact the diverse functional areas of the Bank are set out below:
Objective IT Governance Mechanism in place at Commercial Bank
Compliance
  • Investing in Licensed Software deployed in compliance with Intellectual Property Laws with a view to educate and mandate compliance to such laws throughout the Bank.
Operational Efficiency
  • Streamlining of payments process so that integrity is maintained across value chain through near real-time processing.
  • Business Continuity Plan for IT that supports all other key functions of the Bank to ensure uninterrupted service to customers.
Reliable Financial Reporting
  • Close integration of the different IT systems used by the various functional areas of the Bank.
  • Assuring effective IT controls leads to reliable financial reporting and streamlining the financial reporting process.
Information Security Management
  • Achieving the ISO/IEC 27001:2005 Information Security Management Systems certification in 2010 as the first Sri Lankan bank to do so to re-align our commitment to customer confidenciality.
  • Ensuring that information security extends throughout the Bank and beyond as a means of proactive management of information security risks and controls.
Prudent Capital Expenditure
  • All major IT-related procurement to be reviewed by a Solutions Evaluation Committee prior to seeking approval from the Bank’s Procurement Committee.
  • Final approval of IT capital expenditure is sought from the Board of Directors of the Bank based on value and recommendations of Chief Information Officer, the Chief Operating Officer and the Managing Director.
Customer Convenience
  • A constant drive for improvement and a commitment to high quality uninterrupted service levels to ensure systems availability translating to customer convenience at each of our delivery channels.
  • Ensuring process efficiencies and disciplines through certification to increase the contribution to customer convenience.
IT Risk Management
  • Integrated Risk Management Department of the Bank identifies IT-related risks as a part of its continuous risk assessment procedures
  • Existing risk management processes are further strengthened and where appropriate new processes are designed to understand risks and implement controls to effectively manage them to mitigate the risk exposure
‘Green’ IT
  • Protecting the environment by reducing the carbon footprint through migration to e-Statements, Document Workflow and Soft Copy.
  • Returning used IT equipment to re-cyclers who follow environmental friendly guidelines in disposing them as per international standards.

INTEGRATED RISK MANAGEMENT AT COMMERCIAL BANK

The primary responsibility of the Bank’s Integrated Risk Management Team headed by the Chief Risk Officer encompasses the implementation of a comprehensive risk management strategy which embraces the accomplishment of the overall strategy of the Bank.

Board of Directors strives to strike a balance in the risk and return to the stakeholders with the backing of the Board Integrated Risk Management Committee formed in terms of the mandatory requirements of the Banking Act Direction No. 11 of 2007 on ‘Corporate Governance for Licensed Commercial Banks in Sri Lanka’ which establishes, co-ordinates and drives the risk management process throughout the Bank. The Integrated Risk Management System of the Bank steered by the aforesaid Board Sub-Committee with the assistance of the Integrated Risk Management Team ensures the timely identification and management of significant risks including exposure to Credit, Market and Operational Risks. Chief Risk Officer reports on the Risk Management Strategy regularly to the Board through the Board Integrated Risk Management Committee.

Committee Report is given here.

A full Report on the Bank’s Risk Management Mechanism including the development took place in 2011 are found in the Section on ‘Managing Risk at Commercial Bank’ of this Stewardship Report.

INTERNAL CONTROLS MECHANISM

The Bank makes every effort to ensure the effectiveness of the Internal Control Mechanism to assure the Bank’s goals are met in terms of efficient operations, compliance with relevant laws and regulations and reliable financial reporting. The communication of information through the Bank’s Internal Control Mechanism, diagrammatically presented below, encompasses assessing the degree of control risks, evaluating the level of existing controls,
monitoring the effectiveness of their implementation and integrating new or modified controls to bridge any control lapses.

This process of effective communication within the Bank on the Internal Control Mechanism contributes to ensuring that the right business decisions are made. The status of activities of the Bank’s control system is followed up continuously through the periodic reporting to the Management and to the Board Audit Committee which reports to the Board.

The Bank’s internal audit function headed by the Deputy General Manager - Inspection is responsible for independent, objective assurance on internal control mechanism, in order to systematically evaluate and propose improvements for more effective internal control processes and governance. Findings of these audits are tabled at the meetings of the Board Audit Committee of the Bank in furtherance of the effectiveness of control mechanism. Report of the Board Audit Committee is given here.

As mandated by the Banking Act Direction No. 11 of 2007, the Board provides a report on the Bank’s internal control mechanism which confirms that the financial reporting system of the Bank has been designed to provide reasonable assurance regarding the reliability of financial reporting, and that the preparation of Financial Statements for external purposes has been done in accordance with relevant accounting principles and regulatory requirements. Moreover, the External Auditors have reviewed this Report which forms a part of the Annual Report. Please see ‘Directors’ Statement on Internal Control’ for further information on internal control.

The Bank’s External Auditors’ Reports also provide the Board with the evidence that enables it to conclude whether the Bank’s Internal Control Mechanism is appropriately designed and operating effectively.

OUR CORPORATE BEHAVIOUR AND RESPONSIBILITY FOR SUSTAINABLE BUSINESS PERFORMANCE

Commercial Bank being a responsible corporate citizen, its strategies nurture and grow a sustainable business that reaches far beyond profit making or being the best, affirming that the Bank will engage in ethical business practices and thereby seek to create value for a variety of stakeholders, including shareholders, employees, customers, service providers, communities and the natural environment.

Our corporate behaviour further understands its promised commitment towards the society at large in creating a balance between economic and social goals and between individual and communal goals.

Social and Environmental Responsibility is regarded as a fundamental aspect of our strategy execution and decision- making process and is prominently placed in the Bank’s corporate priorities and core values. The Bank ensures that it does not compromise this responsibility even at the expense of its economic performance. One of the most important developments of sustainability at Commercial Bank is our ‘Social and Environmental Management System’ (SEMS), which spells out the social and environmental policy and procedures to be followed by the Bank.

In addition, the Bank’s Corporate Social Responsibility Trust which was formed in 2004 too plays a pivotal role in assisting various needy sectors of the society. Four of the trustees being drawn from the members of the Board of Directors of the Bank amply demonstrate the Bank’s commitment towards ensuring sustainability in its letter and spirit.

We take pride in presenting our Sustainability Supplement as an integral part of this Annual Report for the third consecutive year which is based on the Global Reporting Initiative (GRI) G3.1 Reporting Framework.

OUR CODE OF ETHICS

The Bank pays close attention to the moral concerns in order to make the right ethical decisions on a day-to-day basis over and above observing the law, one of the basic professional requirements for the Bank. We at Commercial Bank believe that the upholding of an ethical culture in banking is of critical interest to the customers, employees, regulators, alike and to the Bank itself as a secured, reliable and efficient banking system is one of the pillars of economic stability of any country. Hence, nurturing an ethical culture is of utmost importance for banks, like any other organisation. Our core ethical values include honesty, integrity, fairness, responsible citizenship and accountability.

Enforcing a Corporate Code of Ethics requires understanding and active participation by everyone in the Bank since the Code spells out the expected standards of behaviour and sets the operating principles to be followed. Every official should ensure that the Bank at all times maintains high ethical standards and adequate internal control measures are in place guarding against unethical practices and irregularities.

To make the Code effective, the Bank endeavours:

  • To apply core values and principles embodied consistently
  • For management to display the fullest support to the Code and serve as role models for compliance
  • To ensure that all personnel strictly comply with the Code
  • To fair rewarding and punishment be effected under a transparent system
  • To communicate the contents to all employees and even make the Code available to those outside the Bank
  • To review and revise regularly

In addition, our six steps ‘ETHICS PLUS Decision-Making Model’ encompasses:

  • Establishing the relevant facts and identifying the ethical issue
  • Taking stock of all stakeholders or parties involved
  • Having an objective assessment of each stakeholder’s position
  • Identifying viable alternatives and their effects on stakeholders
  • Comparing and evaluating the likely consequences of each alternative with reference to the standards expected
  • Selecting the most appropriate course of action
In a nutshell, our business ethics means, “Choosing the good over the bad, the right over the wrong, the fair over the unfair and the truth over the untruth”. Strict compliance, confidentiality, avoidance of conflicts of interest, encouraging the reporting by the Officers of the Bank on illegal and unethical behaviour are also amongst the guiding principles of the Bank’s Code of Ethics.

Please refer the web link for additional information on the Bank’s Code of Ethics: http://www.combank.net/newweb/info/104?oid=57

RELATIONSHIP AND COMMUNICATION WITH STAKEHOLDERS

The Bank endeavours to maintain open dialogue with its stakeholders at all times and hence steps have been taken to strengthen this dialogue by enabling closer connections with them. The stakeholders identified on this basis together with topics of engagement, the method and the frequency of engagement are detailed in the Section on ‘Stakeholder Engagement’ in the ‘Sustainability Supplement’.

Bank’s Adherence with The Code of Best Practice on Corporate Governance issued jointly by The Institute of Chartered Accountants of Sri Lanka and the Securities and Exchange Commission of Sri Lanka (‘Code’)


Download PDF
© All rights reserved. Commercial Bank of Ceylon PLC.

Back to Top