P.
16
2018 Pillar 3 Disclosures
Risk Management
2 | 2.2
Regulatory Compliance Department
The Regulatory Compliance Department, as may be seen in the previous organisational chart,
is part of the Control and Compliance Division of the Associate Services, Control and Resources
Department, and answers directly to the Head of Division. As such, it is an independent function
from the business units.
Its main aim is to ensure efficient management of compliance risk, which is defined as the risk
that breaches of legal demands or internal standards could impact on the income statement,
either directly, as a result of official sanctions or adverse judgements, or indirectly through a
negative impact on the bank’s reputation.
Its main spheres of action are the prevention of money laundering, standards of conduct on the
Securities Market (RIC and MiFID), data protection, corporate governance and reputational and
crime risk.
Internal Audit of Risks
Internal Audit is the third line of defence of risk control. One of the general aims of the analysis
carried out by this independent team is to verify that the risks a bank is taking on fall within the
parameters agreed by the Board of Directors, as outlined below.
Internal Audit is located within the organisational structure, and functionally reports to the
Audit Committee on a monthly basis through its Chairman. This ensures its independence and the
2.2.4.3
2.2.5
Associate Services, Control
and Resources Departament
Regulatory
Compliance
IT Security
Internal Control
and Operational Risk
Communication and
External Relations
Consultancy,
Quality and CSR
Control and
Compliance
Talent, Cultura and
Gen. Serv. Division
Regulation
and Studies
Reporting,
Operational
Management
and Banking
Training Serv.