CIB believes in a culture of compliance and ethical conduct where prudent compliance risk management is the foundation of how we do business and the underpinning guarantee that we uphold our stakeholders’ trust. We understand this responsibility requires constant vigilance on the part of every CIBian, and we ensure we live up to the standards our stakeholders expect of us. CIB’s independent Compliance Group is responsible for embodying this culture and is tasked with ensuring the Bank is ready for the rapidly changing regulatory and industry standards. The Group drives Bank-wide compliance by setting the strategy and tone required to guide employees to make sound business decisions while adhering to applicable laws and regulations.

In 2020, we embarked on a journey of transformation through which we critically tested our foundation and its ability to support our ambition to achieve excellence in managing compliance risk. Since then, we have taken strides in transforming this foundation and have focused our efforts in 2021 on the modernization of our compliance risk framework, while continuing to enhance synergies with our partners across different lines of defense. Transforming our compliance risk and control environment remains a strategic priority that will not only strengthen our culture as an ethical organization but also allow us to compete effectively in the digital age as we drive value for all stakeholders.

2021 Highlights

Managing Change

As the pandemic continues to act as a catalyst for change around the globe, the new realities of doing business and shifting regulatory agendas underscored the responsibility entrusted in the Group to respond quickly and adequately to these changes. The investments we had made during 2020 in our infrastructure, foundation, and people have significantly equipped us in this regard.

We continued to invest in technology, digital transformation, and infrastructure to establish an end-to-end compliance management platform that supports compliance requirements at all stages of the customer life cycle. To complement these efforts, we established futuristic architecture for sourcing, processing, aggregating, and interpreting compliance data. We also automated most key data provisioning related to regulatory reporting, which is vital to maintaining the integrity of our relationship with regulators and ensuring ongoing compliance.

CIB Financial Crime Combating Program

The Financial Crime Combatting (FCC) Program is an integral part of the CIB compliance program. The FCC team is tasked with managing and implementing standards, policies, and procedures that safeguard CIB’s local and global community against financial crime. Consequently, the Compliance Group has implemented structural and infrastructure enhancements to ensure the team is equipped with the necessary independence, manpower, and technology.

Our program deploys best practices and international standards to guarantee we can combat the risk of money laundering and terrorist financing. The program is founded on three main pillars:

1. Prevention: Through our Know Your Customer (KYC) Program and the utilization of state-of-the-art risk scoring, customer compliance risk levels are preemptively defined. This provides CIB with the insights required to act proactively against the risk of money laundering and terrorist financing.
2. Detection: We monitor our portfolio on an ongoing basis for financial crime risk. Using data analytics and ongoing review of unusual and suspicious behaviors, the portfolio is regularly
   scanned. We also ensure specific transactions are automatically detected and monitored. Detected suspicions are investigated independently by the FCC team.
3. Reporting: It is our responsibility to track, investigate, and report any suspicious activities and/ or transactions.

CIB Sanctions Program

CIB conducts business in full compliance with all applicable local and international sanctions. We maintain a robust sanctions compliance program that applies to various customer engagements. The program is structured to fully adhere to local sanctions requirements included in the Egyptian Money Laundering Combating Unit Sanction Lists, as well as global sanctions requirements proposed by organizations such as the United Nations, European Union, Office of Foreign Assets Control, Her Majesty’s Treasury, and the Financial Conduct Authority. Required procedures are in place to ascertain that we are continuously kept abreast and in compliance with evolving sanctions requirements. Our Sanctions Compliance team drives our organization when it comes to the design of policies and procedures that incorporate robust control measures to ensure full adherence.

Analytics for Compliance

The Compliance Group has implemented several projects that automate high-risk compliance processes, machine-learning, and the enhancement and unification of related processes. This becomes exponentially more important as digitalization becomes a reality, not only as a progressive business strategy but also as a global direction to manage the repercussions of the pandemic and ensure continued customer access to our services.

We focused on using analytics and process automation (i.e. robotics) for efficiencies. Today, transaction monitoring for financial crime risk has seen many investments as we enhance our ability to capture and investigate breaches at an early stage while analyzing trends for future decision-making. We also continued to focus on indicators that act as early warnings when it comes to financial crime, conduct risk, and regulatory compliance. Risk appetite indicators and their benchmarks are one of the pillars we heavily rely on to ensure the strength and health of our compliance program.

Regulatory Landscape

As we embrace our compliance and controls culture, focusing on our relationship and engagement with our regulators remains key. The Regulatory Compliance Team has continued to work with regulators and internal stakeholders to ensure seamless and structured communication and swift implementation of requirements. We believe our relationship and engagements with regulators should be established on the principles of transparency, respect and open communication, and consistent delivery on our commitments. This year, the Compliance Group developed the Contact with Regulator Policy to manage Bank-wide communication with regulators and strengthen the Bank’s relationship with them.

Accurate and timely regulatory reporting remains one of our strategic commitments. With that in mind, we capitalized on data and analytics to hone to our regulatory reporting commitments and ensure the process is conducted with agility and transparency.

2021 has seen multiple new regulatory requirements to which we have taken the necessary steps to implement, including the review and implementation of the new Banking Law no. 194 issued in 2020. We have focused our efforts on identifying the impacts of new and amended articles on our policies and operations and how we will manage their implementation. Similarly, we are committed to aligning our work with the Central Bank of Egypt’s emergency response management and financial inclusion initiatives.

Conduct Risk and Customers’ Rights Protection Program

Conduct risk functions were moved under the purview of the Compliance Group to ascertain the importance of conduct as a driver for behavioral compliance, treating customers fairly, and customers’ rights protection. As we work to revamp the Conduct Risk Management Program, our focus is to ground the Conduct Risk Framework through two pillars:

• Customer Conduct: ensuring customer rights are protected in line with regulatory requirements and customer expectations.
• Market Conduct: ensuring our pricing and promotion strategies shape and respond to the realities of the markets and communities we serve, as well as making sure our marketing and distribution strategies safeguard customer welfare and confidentiality.

At the heart of our conduct risk strategy are the principles of treating customers fairly, protecting their rights, and positively impacting the communities we serve. To that end, CIB has adopted two major financial inclusion initiatives in 2021: Arabizing our statements and taking steps to boost accessibility at branches and to online and digital services for disabled and visually impaired customers.

Managing Misconduct, Ethical Issues and Corruption

Our compliance framework and programs aim to foster a culture of ethical conduct and embed our expectations for behavior throughout the Bank. Our approach begins with a strong “tone from the top” culture, starting with our board and senior management. We also believe in accountability for all employees when it comes to compliance and ethical conduct. We empower employees to do what’s right by setting clear expectations, not only to act responsibly but also to speak up and escalate ethical concerns or misconduct.

To do this, we have established independent and confidential channels to report misconduct, ethical concerns, or any suspicion related to bribery or corruption. Our Whistleblowing Policy enables employees to identify instances that are classified as misconduct without fear of detriment or retribution. The policy also provides multiple channels for employees to report concerns, as well as the ways through which we protect whistleblowers and safeguard their identity, subject to applicable laws and regulations. CIB prohibits any form of retaliation against whistleblowers or any concerned parties. We also guarantee a fair, independent, and confidential investigation process regarding whistleblowing reports.

In the same context, CIB has established the Anti-Bribery and Corruption (ABC) Program that advocates zero tolerance when it comes to involvement in bribery or corruption. The program sets standards that guarantee we comply with antibribery and corruption laws and guidelines. The group also onboarded a new Anti-Bribery and Corruption Manager reporting to the Head of Financial Crime to raise awareness on identifying and escalating instances of non-compliance.

Compliance Monitoring and Control Program

Utilizing a hands-on approach, the Internal Control Management and Compliance Monitoring and Testing teams take the pulse of the compliance program, providing independent assessments of the compliance and control environment. The teams act as an independent testing arm while managing the role of process control oversight as part of the second line of defense. The teams also lead the Bank-wide compliance risk assessment and design and implement risk-based reviews to provide assurance related to compliance and controls at an organizational level.

Accountability, Culture, and Talent

A compliance, risk-aware culture is the most valuable asset that CIB continues to invest in, especially as we are confronted with ever-changing regulatory requirements and industry standards. We believe this culture guarantees our ability to manage uncertainty and change more effectively. While the Board and senior management believe in instilling this culture of compliance, we acknowledge the challenges this can pose in a fast-paced environment. We believe this continued focus will allow us to continue striving for excellence and adding value for our colleagues, clients, and communities.

Our overall approach toward managing talent and culture is confounded by the principle of accountability. We prioritize strong governance and decision-making and require colleagues to speak up with transparency.

Despite the exceptionally challenging circumstances imposed by the COVID-19 pandemic, the Board agreed to invest heavily in the training and development of control and compliance staff, with 25% of the Bank-wide budget allocated to these areas. As such 100% of compliance staff have been provided on-the-job technical training, including post-graduate level technical certifications from globally renowned accredited compliance associations. The Bank made the same pledge of investment for 2022.

CIB employees have been trained on different compliance-related topics, including financial crime combatting, sanctions, customer due diligence, the Foreign Account Tax Compliance Act (FATCA) requirements, whistleblowing, anti-bribery and corruption, and customer rights protection. In 2021, we chose to disseminate key messages through campaigns directed toward raising awareness, including information on customers’ rights protection, speaking-up and whistleblowing, and compliance culture.