The bank recognizes the importance of an effective Internal Audit Department to reinforce internal control systems and support comprehensive banking controls.
The department will play a role in achieving the bank’s objectives through a structured systematic approach to evaluate and improve the effectiveness of risk management, monitoring, and reinforcing governance. The Internal Audit Department has a sufficient number of qualified trained personnel that are adequately remunerated. It is authorized to access any information or contact any employee. It has all the necessary authorizations to perform its duties as required. The functions and duties of the Department are as follows:
The bank is responsible for the regular rotation of the external auditor, while ensuring during the selection process that the external auditor is (1) accredited by the Palestinian Monetary Authority with the necessary professional license from relevant official and professional entities, (2) does not have any suspected conflict of interest, (3) has not received any direct or indirect credit facilities from the bank in their personal capacity or on behalf of their spouse or children, or on behalf of any entity that they are partners in, separately or collectively, by a percentage equal to 5% or more of its shares, or are members of its board of directors. The external auditor must have no direct or indirect benefit related to the bank, or with companies affiliated with the bank. They must not be a manager or employee of the bank or any of the companies affiliated with the bank. They must carry out their duties in compliance with international auditing standards and instructions from the PMA, as follows:
The National Bank envisions becoming one of the leading financial institutions in Palestine and recognizes that compliance is key in this regard. In order to reaffirm and enhance this commitment, TNB has put in place the following principles for good compliance.
TNB is committed to complying with all laws issued by legislative authorities, instructions issued by the PMA and Palestinian laws. The bank continuously works on updating its internal policies and procedures to remain compliant with new publications of supervisory authorities and follow-up on their implementation. The bank also follows up on and examines international best practices to maintain its good reputation among local and international banks.
Compliance will allow the bank to become a leading institution in the local financial sector by following international best practices in line with the bank’s own values. The Compliance Department is responsible for examining and evaluating the internal policies and procedures approved by the Board of Directors in line with the laws and regulations of the supervisory authority. The Department is also in charge of assessing risks related to violating compliance regulations and the impact of such violation by carrying out regular and comprehensive assessments and examinations of compliance-related risks. Should any deficiencies be identified, they should be followed up and necessary corrective measures must be taken.
The Compliance Department also issues policies and procedures requiring detailed information from customers and continuous updates of customer information at TNB branches on an ongoing basis. These updates and information are required to protect the bank’s interests, shareholders, and customers particularly from any legal repercussions that may result in the classification of customers or the bank on lists of non-compliant entities.
TNB, from its Board to its specialized departments, strives to implement rules and practices in line with instructions in the PMA’s Guide for Rules and Best Practices for Corporate Governance for Banks in Palestine.
The Compliance Department is also responsible for receiving customers’ complaints and suggestions in order to achieve the highest level of customer satisfaction with the provided banking services. The Compliance Department receives complaints and works on resolving any issues in line with the regulations and interests of the customer.
TNB maintains high levels of transparency toward its shareholders and customers, among other relevant stakeholders and active parties in the market. This is achieved through disclosing accurate and sufficient information in a timely manner, in accordance with the International Financial Reporting Standards and the Palestinian Monetary Authority’s instructions in force issued pursuant to the applied Banking Law and relevant legislations. In fact, the Bank is fully aware of the changes introduced to the Financial Disclosure and Transparency International Practices, and it is also keen on:
TNB is committed to the gradual implementation of FATCA within a specified timeframe. FATCA is a US law aimed at preventing tax evasion by US taxpayers through non-US financial institutions and foreign investment instruments.
As for FATCA, TNB is officially registered to comply with the US Tax Compliance Law. The bank prepared a brief and a workplan to amend all of its systems to be compliant with the law. The forms for opening accounts and updating customer data were amended to be in line with the law that requires all new and current customers of the bank to fill the approved “citizenship forms”, signing them and presenting them with the remaining documents required to open an account
The National Bank manages risks on a permanent and continuous basis by identifying and measuring all types of risks that the bank faces. The bank’s risk management methodology is based on a holistic approach of practices and norms. The Risk Department is separate from business and operational processes departments. Business centers are the first line of defense, and there is an independent department, the Risk Department, that manages, measures and monitors risks related to the bank’s various activities on an ongoing basis. The Risk Department is affiliated to the Board of Directors’ Risk Committee. It acts as a second line of defense, and the risks are monitored and controlled through specific thresholds and ratios approved either by the Board of Directors or the PMA.
The effectiveness of internal controls and safety and security measures that minimize the impact on the Bank’s activities are ensured as a third line of defense.
Additionally, the management and the Risk Department analyze the bank’s financial statements through the Assets and Liabilities Committee. They assess various risks and take the necessary decisions to manage them in line with the management’s expectations of adequate profits while maintaining reasonable and controlled levels of risk.
TNB is considered a bank of systemic importance locally. This classification is based on special indicators and determinants, including the size of the bank, the volume of its business and other indicators. This classification gives TNB a special importance locally to the banking sector and the local economy of Palestine. It also means any crisis it may be exposed to may have an impact on the economy. For this reason, the Bank developed and adopted additional control measures to monitor and predict risks. It adopted an early warning document to periodically and continuously monitor indicators related to the business and activity risks to which the bank may be exposed. In the event of any crisis, the necessary plans were put in place to address and manage risks. TNB has a crisis management policy, and has developed recovery plans and necessary solutions to ensure a return to normal as soon as possible and with minimal losses.
PMA instructions are implemented to ensure the bank’s ability to handle risks by carrying out stress testing to measure risks. Scenarios and hypotheses of varying severity are developed and the bank measures the reaction to them as well as their impact on the adequacy and continuity of its capital.
TNB follows a preventive risk management methodology based on reducing risks before they occur, i.e., a preventive action approach instead of a corrective action. The implementation of the new accounting standard (IFRS9) is an important principle that will enhance this methodology, especially since it is based on measuring and hedging risks from the outset.
To ensure the proper implementation of this methodology, internal controls are monitored and reviewed, and periodic reports are submitted by the Risk Department to the senior executive management and the Board’s Risk Committee. The reports address all types of risks facing the bank and give an overview of the situation.
Operational risks are the risks of loss attributed to the failure or inadequacy of internal procedures, the human element, systems, and external events. This definition includes legal risks, reputational risks and organizational risks as adopted by the National Bank.
The identification, evaluation and management of operational risks are one of the main factors of success and prosperity and help the bank to achieve its desired goals. Operational risks arising from internal or external events may have a material impact on the bank’s business and may lead to losses or failure to achieve strategic objectives. They may negatively affect the bank’s reputation.
For this reason, the National Bank seeks to provide comprehensive approaches, policies and procedures and equip itself with the tools necessary to manage operational risks, strategic risks, reputational risks, outsourcing risks and fraud risks in line with best practices.
Market risks are current or future risks that could affect the bank's revenues and capital due to fluctuations in interest rates, exchange rates, stock prices and commodity prices.
The bank manages its market risks by adhering to the general framework set by PMA instructions. It adopts and implements various policies to regulate investments and manage assets and liabilities. The bank also has a set of procedures for these matters.
Interest rate risks are risks attributed to fluctuations in interest rates, which may have a negative impact on the bank's revenues and capital.
Interest rate changes can affect many investments, but they directly affect the value of bonds and other fixe income securities. Therefore, bonds and their interest rates are carefully monitored so that the appropriate investment decision is taken. In addition, there are multiple aspects of interest rate risks, mainly the difference in maturity dates against the fixed interest rate between the bank's assets, liabilities and off-balance sheet financial positions. Fluctuations in the interest rate are natural and can have a clear impact on the bank's revenues, both positively and negatively.
To ward off any risks that may arise as a result of fluctuations in interest rates, the National Bank monitors these fluctuations periodically through the Assets and Liabilities Committee and takes the necessary decisions to prevent them.
They represent the losses that the bank can incur as a result of an adverse change in currency rates after maintaining long or short open positions. They can be defined as the risks that the bank faces while revaluing currencies based on floating exchange rates. This can affect the value of assets and liabilities and the bank's financial position, which may lead to significant losses.
The National Bank follows various strategies to hedge these risks, as foreign exchange positions are monitored on a daily basis to ensure they are maintained within the limits approved by the Board of Directors and compatible with PMA instructions. Any change in exchange rates for financial centers is studied and appropriate action is taken to address any potential risks.
Liquidity risks are the risks that may lead to losses as a result of the bank's inability to meet its obligations on due dates. This is attributed to the bank's inability to provide the necessary financing or insufficient liquid assets to meet these obligations. Liquidity crises are usually associated with the scarcity or absence of funding sources in the market as a result of a defect in the banking system, a decrease in the volume of liquidity between banks, or the occurrence of large withdrawals from the bank or the banking sector in general. Liquidity risks may also appear when cash inflows in the bank are lower than the corresponding cash outflows.
The National Bank effectively manages the liquidity gap between its assets and liabilities for the short and long term according to the principles set out in its approved policies and procedures. Management determines the appropriate mechanisms for liquidity management and the provision of appropriate liquidity sources in each period based on the circumstances at the time.
Credit risk arises from a possible inability and/or unwillingness of the borrower or the third party to fulfil its obligations to the Bank in the specified times, which leads to losses.
In this context, TNB is strengthening its institutional frameworks for credit management through organizational structures that separate credit granting from follow-up and by setting ceilings and powers for the terms and amounts of direct credit facilities (retail/ corporate). It also set out general ceilings on credit rates approved by the Board of Directors or specified in the instructions of the supervisory authority. These ceilings reduce and limit credit risks. The bank also monitors credit risks and works continuously to assess the credit status of customers and ensure it obtains appropriate guarantees from them. The bank follows the following principles to reduce credit risks:
According to best practice, IT security risks are defined as risks attributed to the exploitation by a (internal or external) factor, cause or threat of weaknesses and gaps in the existing IT security environment, to negatively affect the confidentiality, integrity and availability of information and supporting technological assets, (such as information systems, databases, network systems... etc) and inflicting losses that may affect the bank's business and commercial objectives.
The National Bank manages IT security risks through a set of vital and important operations that aim to identify the true level of business risks and challenges TNB faces while using technology to achieve its objectives and carry out its commercial operations and activities. This is to ensure that decision-making processes are based on an awareness of the real levels of risks facing the bank, and to enhance the ability of the decisionmaker to take rational and relevant decisions in a timely manner. This is also to ensure a clear vision and constructive future plans that define the courses and strategies to be followed in order to respond to the existing technological risks and mitigate their effects.
The National Bank is committed to working within the legal frameworks related to AML/CFT efforts based on Palestinian Law No 20 updated in 2015. The bank also implements AML/CFT instructions and regulations issued by the Financial Follow-up Unit (FFU), the PMA and the FATF according to banking best practices. The bank approved a policy dedicated to combatting this crime and preventing any possible transaction through the bank. This policy is continuously reviewed and updated in cooperation with the skilled experts in the field. A contract was signed with PWC to update the latest policy, particularly in light of the increasing risks of money laundering transactions and the diverse ML methods used given the latest technological advancements in the financial and banking sectors, and to maintain the reputation of the bank in the local and international banking community. The AML/CFT Unit carries out its work independently in accordance with the PMA instructions. The PMA is responsible for preparing periodic reports on measures taken by the bank to prevent this phenomenon. The AML/CFT Unit at the bank also follows up on financial and banking transactions to verify the compliance of branches with its considerations, by reviewing procedures carried out by each branch to verify its compliance with the relevant AML instructions. Furthermore, any suspected transaction shall be reported to the competent authority according to the Palestinian law, which is the FFU.
The bank also examines the AML/CFT monitoring environment by using best methods and practices to maintain a low-risk investment environment.
As part of the efforts to complement the AML policy, in accordance with the instructions of the PMA and the provisions of the AML/CFT Decree Law No 20 of 2015, and to ensure the full implementation of local and international best practices in this regard, the Compliance Department and AML/CFT Unit at the bank monitor compliance with the procedures related to customer information before and after opening an account, the method for documenting these accounts, the purpose of opening such accounts, and classifying them based on the estimated level of risk. This would allow to draw a clear picture on the nature of customer activities, and would reinforce the effectiveness of control procedures, in addition to enhancing the ability to make the right decision on the way to deal with customers in different sectors.
Customer data is continuously updated, and the accuracy and effectiveness of this process is monitored to ensure the presence of customers and enhance ways of communicating with them.
TNB remains committed to the provisions of banking secrecy through the approved policies that have been circulated to all employees, regardless of their position. It is prohibited to share any data, information or statements about customer accounts and personal data available in bank records, whether directly or indirectly, unless there is a prior written approval from the account holder or by virtue of a decision from a competent judicial authority according to Palestinian law, or regulatory authorities accredited by the PMA. No confidential information received during the performance of the employee’s roles and responsibilities can be used to achieve any personal gains or in any way that violates the law or adversely affects the interest of the institution.