Compliance

Compliance

As "Kapital Bank" OJSC (hereinafter – Bank), our mission is to serve our customers as a reliable partner by providing responsible financial services that contribute to development and economic progress. Our Bank conducts its activities in compliance with the requirements and norms of applicable laws, regulations, codes, and standards. We approach with a "zero tolerance" principle towards non-compliance. For us, responsible banking means fairness, security, and stability. Our Bank takes its economic and social responsibilities very seriously, and therefore, we are committed to upholding our values ​​through modern and innovative management and Compliance standards.

In addition to being guided by domestic and international Compliance regulations, "Kapital Bank" OJSC actively contributes to the improvement of legal regulations,  if necessary, by deeply analyzing the meaning and purpose of these laws and regulations.

Compliance Function

"Kapital Bank" OJSC is fully committed to its obligations in the field of Compliance. Our Bank has established an independent Compliance function with specialized human and technological resources. The Compliance function protects our Bank from measures of impact and sanctions, financial losses or loss of reputation that it may encounter as a result of non-compliance with legislation and requirements of legal acts regulating the financial markets. By adhering to internal, domestic, and international Compliance regulations, recommendations, and best practices in the market, the Compliance function ensures the credibility of our Bank.

The Bank's Compliance system includes the following elements:

• Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT)
• Fraud prevention
• Conflict of interest
• Whistleblowing
• International sanction regime
• Anti-Bribery and Corruption
• Code of Conduct
• Correspondent Banking
• Compliance with corporate governance
• Data Privacy and protection
• ESG (sustainability)
• Reputational risk management

The following key principles govern the Bank's approach to controlling Compliance risk:

• Compliance with anti-money laundering and combating the financing of terrorism (AML/CFT)  laws and regulations;
• Cooperation with and support of regulators and law enforcement agencies in their efforts to prevent, detect and control financial crime;
• Serving customers and providing products and services consistent with the Bank's commitment to the highest ethical standards and responsible finance.
• Responsible Banking.

Bank's Global Compliance Program

The Bank has established a comprehensive Compliance Program to help protect its clients from the risks of money laundering, terrorist financing, and other financial crimes. The core of this global program is the Bank Compliance Policy, which provides a globally consistent The Bank has the Money Laundering Reporting Officer (the MLRO whosubmits reports to the Chief Compliance Officer and the Supervisory Board on a periodic basis and, in cases of significant compliance risks, on an extraordinary basis.

The Chief Compliance Officer is a member of the Board who supervises (Curator) the activities of structural units of the Bank in connection with the Compliance function and performs the following functions:

• manage the current activities of the bank, ensuring compliance with the requirements of the regulations of the Republic of Azerbaijan within its own authority;
• control (supervise) the activities of the Bank's structural units related to the Compliance function;
• participate in person in the Board meetings and decision-making;
• manage compliance and corporate governance functions, direct the establishment of corporate governance standards of the Bank;
• supervise the timely and proper submission of required reports to the Financial Monitoring Service;
• make suggestions and recommendations for taking proactive measures regarding compliance risks;
• assess conflicts of interest in the decision-making process about the Bank's activities;
• assess cases that will adversely affect the Bank's reputation and participate in decision-making on its impact;
• manage the regulation of compliance processes in terms of establishing and maintaining correspondent relations;
• regulate the preparation of measures in the field of combating fraud and deception.

The MLRO is the person responsible for the implementation of the requirements of the AR Law on AML/CFT, as well as internal regulations and procedures, control mechanisms in the Bank,  the exchange of information with the Financial Monitoring Service, and the preparation and submission of relevant reports on the operations to be monitored, and performs the following functions:

• monitor the compliance of employees with the requirements of the Law, as well as internal regulations, procedures and control mechanisms in accordance with the area of activity of the Bank;
• carry out daily monitoring of Bank transactions (deals) to be controlled in the field of Compliance, implement ongoing customer compliance measures, and ensure the preparation and submission of relevant reports on current and suspicious transactions to FMS according to the deadlines prescribed by the laws;
• ensure the preparation of training materials, rules, and other internal Bank documents for the implementation of the Policy on the prevention of the legalization of criminally obtained property and the financing of terrorism of the Kapital Bank OJSC;
• submit periodic reports to the Bank Management (Board of Directors and Supervisory Board) on high-risk transactions (deals) in terms of compliance, their statistics and dynamics, potential risks that may be exposed to ML/FT risks, measures that are being and may be implemented in the future to prevent such risks, and risk assessment of clients, products, services, transactions, delivery channels, and geographical location;
• organize regular trainings for Bank employees on the activities in AML/CFT;
• ensure the assessment of the Bank's AML/CFT-related risks (including institutional risk assessment).
• ensure the automation of the software by agreeing on the list of specific indicators, respectively;
• inform the Bank management (Board of Directors and Supervisory Board) about the violations committed by employees in the area of AML/CFT;
• oversee the necessary inspection measures in the Bank for the inspection of transactions, clients, and processes (establishment of relationships with vendors, involvement of service providers, etc.) against domestic and international sanction lists;
• collaborate with supervisory authorities and external auditors on AML/CFT matters;
• bring to the attention of the Compliance Commission those issues that are not prohibited but which contain high risk or which can be justified, even if there is a possibility of compliance with the risky category, and which cannot be decided within the framework of its authority;

Compliance with International Sanction Regime 

Compliance with International Sanction Regime

International sanction regime refers to political and economic decisions that are part of the diplomatic efforts of states, multilateral or regional organizations against states or organizations in order to protect their security interests or international law, international peace and security from threats.

Sanctions compliance is a key component of the risk management strategy of the Compliance function of the Bank. The Bank is committed to ensuring compliance with the requirements of global and domestic laws and regulations related to sanctions.

Our Bank defines our approach to ensure that we fully comply with all sanctions imposed on our business activities and adequately manage sanction risks in accordance with the Policy of meeting the requirements of the international sanction regime.

Kapital Bank is responsible to its clients, shareholders and regulators for complying with the requirements of the sanctions imposed during its activities, as well as for preventing the misuse of the Bank's products and services in order to violate the requirements of the sanction regime.

The Compliance function continuously conducts screening for compliance with international sanction lists before initiating business relationships with customers and partners of the Bank, as well as throughout the duration of these business relationships, and during transactions.

Customer screening process:

In accordance with the Bank's "Know Your Customer" principles, customers are screened in real-time through the KYC Module integrated into the Bank's operating system. Using a special algorithm determined by the KYC screening module, customer data is analyzed by calculating the percentage of compliance with lists. The lists are automatically updated through the services provided by Refinitiv and integrated into the software and are regularly analyzed. In case of detection[OIB1]  of suspicious information, measures are taken in accordance with the internal regulations of the Bank. If no suspicion is detected, the execution of the transaction is continued. Batch screening process is executed daily and quarterly.

Transaction screening process:

Based on the principles of detection of suspicious transactions of the Bank, the Embargo Module integrated with the Bank's operating system analyzes domestic and foreign transfers, as well as countries, on the basis of designated specific indicators (scenarios). The execution of transactions that correspond to specific indicators, are considered unusual or suspicious, and do not correspond to the client's profile is automatically suspended. If there are no grounds for suspicion or if the suspicion has disappeared as a result of the analysis, the transaction is executed. Additionally, using the specific algorithm determined by the KYC screening module, the compliance percentage of customer information with predetermined lists is calculated, and during transactions, confrontation with sanction lists is also conducted, and in case of suspicious circumstances, appropriate measures are taken.

Partner screening process:

Based on the documents provided, third parties, their founders, and beneficial owners are screened against sanction lists, and checks are conducted using the international database (World Check) and information available from open sources to identify sanctioned individuals and/or organizations, as well as to identify any illegal activities and detect risks related to sanctions. If no discrepancies are identified, a positive opinion is provided. If discrepancies are identified, an opinion is provided to refuse establishing business relationships.

Compliance Control process

Built on and guided by this foundation are the key Program elements that are executed throughout four phases of the Compliance Control process - Prevention, Detection, Control over the implementation of the action plan and Reporting:

• Prevention: Building and adhering to a robust Know Your Customer (KYC) program that focuses on the setting and managing of globally consistent standards/policies, customer risk scoring, and maintenance of customer data in the Bank's internal database.
• Detection: Global transaction monitoring to identify unusual or suspicious transactions or patterns of activity, as well as robust Global AML investigations to provide holistic reviews of both new and existing clients across various businesses and regions.
• Control over the implementation of the action plan: It is a comprehensive plan that guarantees compliance with all legal and regulatory requirements. It describes the exact steps that must be followed to recognize, assess and control compliance risks.
• Reporting: Active creation, tracking and filing of Suspicious Activity Reports (SARs), Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs), as required in many countries.

Our constant vigilance

• Our bank is fully committed to being vigilant to prevent the use of its products and services by those who seek to abuse them. We continually seek to combat money laundering and terrorist financing through the prevention, detection and reporting of unusual or suspicious behavior. We actively work to prevent terrorist organizations from accessing our financial services, readily assist regulators and law enforcement agencies in their efforts, and promptly respond to inquiries.
• We continuously evaluate the strength of our existing policies, procedures and technologies, and update them, as necessary, to address the changing environment. We also train our staff to assure that they are well versed in the evolving techniques that criminals use to infiltrate the system and are well-equipped to combat money laundering and other financial crimes.
• Anti- money laundering is a constant and evolving process. Here we recognize that preventing money laundering and identifying possible terrorist financing activities involves constant diligence and the ability to keep pace with the sophisticated schemes employed by criminals. We acknowledge that we must constantly work to identify and understand the potential risks of money laundering and terrorist financing, implement appropriate processes, and ultimately mitigate such risks.

Evaluation of partners

In accordance with internal policies, before starting business relationships, all partners are screened by Compliance, and an opinion on the establishment of collaboration is given.

According to the Bank's internal regulations, before establishing business relationships with all third parties (both service recipients and providers), identification measures are implemented by the Compliance function based on necessary information and documents, and an assessment is conducted.  Based on the documents provided, screening and evaluation by the Compliance function is carried out based on the following criteria:

• Screening on international and domestic "sanctions lists" ;
• Screening on high-risk countries and areas;
• Identification and verification of beneficiary owners;
• Conducting research on information damaging the reputation in publicly available information (mass media, internet resources, etc.);
• In accordance with the Bank's Code of Conduct (evaluation in terms of conflict of interest);
• In other areas provided for by law.

Compliance Systems

Fico Tonbeller modules and Refinitiv (World check Database).

Code of conduct

These regulations regulate the behavior of employees within the Bank. They establish the moral, ethical, and legal values ​​for employees by contributing to the formation of the Bank's image and influence.The code of conduct primarily ensures control over the behavior of employees within the Bank, allowing its application to various specialties within the profession and offering effective means for compliance with the described regulations. Moral values include the employee's behavior both in and out of work and social activities. Ethical values include safeguarding the Bank's reputation, attitude toward its property, etc. Legal values include attitude to laws, compliance with internal bank procedures, protection of data for confidential and service use, etc. Business etiquette is behavior and communication in a business - professional environment. Business etiquette is built on the basis of respect and courtesy, kindness and attention to the people around. In the bank, each employee must strictly adhere to the rules of subordination in business relationships.

Data privacy and protection

As it covers all activities at the Bank, employees should keep the following information strictly confidential:

* Bank’s information of personal nature

* Guidelines related to bank secrecy

* Information about the Bank’s customers

* Information about the Bank’s staff

* Information that concerns state security, available to Bank’s employees due to their position etc.

.