To ensure its safe and effective operation, the protection, management and safe and efficient use of its assets and resources, to ensure its timely and adequate financial and management information, as well as to ensure compliance with laws and regulations, internal regulations, VPBank has been establishing and maintaining an internal control system in accordance with requirements, regulations and the best international practices for internal control and risk management.
HỆ THỐNG KIỂM SOÁT NỘI BỘ: Là tập hợp các cơ chế, chính sách, quy trình, quy định nội bộ, cơ cấu của tổ chức tín dụng nhằm kiểm soát, phòng ngừa, phát hiện, xử lý kịp thời rủi ro và đạt được yêu cầu đề ra. Hệ thống kiểm soát nội bộ được cung cấp đầy đủ nguồn lực về tài chính, con người, công nghệ để hoạt động hiệu quả và được thực hiện thống nhất từ cấp cao nhất của Ngân hàng tới từng cán bộ, nhân viên của VPBank.
INTERNAL CONTROL SYSTEM: A set of internal mechanisms, policies, procedures, internal regulations and structure of credit institutions to control, prevent, detect and deal with associated risks in a timely and satisfactory manner. The internal control system is fully equiped with financial, human and technological resources for efficient operation and is implemented uniformly from the highest level of the Bank to every officer and employee of VPBank.
The supervisory responsibilities are assigned to the Board of Directors (“BOD”), the Chief Executive Officer (“CEO”) and the Supervisory Board (the “SB”). The BOD and the CEO are assisted by the following Committees and Councils:
- Internal Control: To control over all of VPBank’s operations, business processes and departments to ensure compliance with laws; to manage conflicts of interests; to detect and handle violations and to help enhance the awareness of individuals and departments.
- Risk Management: Risk management at VPBank is assigned to manage critical risks, identify and measure risks on a regular basis to prevent and limit losses and control risk status to ensure compliance with applicable risk limits and risk assurance in line with risk management policies and risk limits.
- Internal Capital Adequate Assessment: VPBank examines capital adequacy, conducts capital planning and carries out periodic review of its internal rules for assessment and reporting of capital adequacy for the purpose of compliance with regulations on capital adequacy ratios, maintaining capital adequacy ratios and creating the basis for development and adjustment of VPBank’s business plans.
- Internal Audit: Internal Audit Division of VPBank examines and makes independent and objective assessment of the internal control system, makes independent assessment of the suitability of and compliance with internal regulations, procedures and policies established at VPBank; offer recommendations to improve efficiency; monitor and assess the implementation of recommendations made by the SB to the BOD, CEO, individuals, departments at the head office, branches and other financially dependent units of VPBank.
The internal control system at VPBank was established, based on an effective risk management framework with three layers of independent protection and mutual control, including:
- FIRST PROTECTION LINE (LAYER 1):
+ Responsibility: Identify, control and mitigate daily-operation assocciated risks at VPBank, promptly and fully report any identified risks.
+ Implementing Units:
(i) Business Units: Retail Banking Division (RB), Corporate and Investment Banking (CIB), Corporate Banking (CMB), Small and Medium Enterprise Banking Division (SME), Household Banking Division (HB), Financial Institutions and Transaction Banking Center (FITB), Financial Market Division (FM), Digital Banking Service Division (DBS) and Other business units established by VPBank;
(ii) Operating and Supporting Units: Credit Division (CM), Operation Division (OPS), Information Technology Division (IT), Strategy and Project Management Center (SPM), Communication and Marketing Center (Marcom), Human Resource Management Division (HR), Finance Division (FIN) and other units have the function of operating and supporting established by VPBank.
- SECOND PROTECTION LINE (LAYER 2):
+ Responsibilities: Develop risk management policies, internal regulations on risk management, risk monitoring and compliance.
+ Implementing Units: To be held at Risk Management Division (RM); Legal and Compliance Division (L&C).
- THIRD PROTECTION LINE (LAYER 3):
+ Responsibility: Conduct internal audit of head office, branches and other financially dependent units of VPBank and perform other duties as stipulated by law.
+ Implementing Units: Internal Audit Division (IA)
LAYERS OF THE INTERNAL CONTROL SYSTEM AT VPBANK