The ESM internal control framework is consistent with the nature, complexity and risk inherent in the ESM activities and responds to changes in the ESM internal and external conditions. The ESM internal control framework includes, among others:
- Entity level controls aligned with the principles of the Basel Committee’s Framework for Internal Control Systems in Banking Organisations, including high ethical and integrity standards of conduct established in a Code of Conduct applicable to the Managing Director and all members of staff; a Whistleblowing Procedure; a dedicated anti-fraud program; annual objectives setting and performance assessment process for all staff; risk management processes ensuring that all types of risk faced by the ESM are identified, assessed, monitored and managed, including a new tools and instruments approval process.
- Control activities which are an integral part of the daily operations of divisions / departments, including top level reviews, physical controls, checking for compliance with exposure limits and follow-up on non-compliance, approval and authorisation controls, verification and reconciliation controls, ESM’s oversight of external service providers, including review and reconciliation controls performed by ESM staff over the external providers’ deliverables.
- General and application specific Information Technology controls ensuring that the ESM information systems are reliable, secure, monitored and supported by adequate contingency arrangements.
Evolution of the ESM Internal Control Framework
The Three lines of Defence:
The ESM internal control system is reinforced by the three lines of defence governance model established by the Board of Directors, and includes independent Risk Management & Compliance and Internal Audit Functions. Internal controls are subject to scrutiny and self-evaluation by management on an annual basis and periodic independent review by the Internal Audit Function.