P.

16

2018 Pillar 3 Disclosures

Risk Management

2 | 2.2

Regulatory Compliance Department

The Regulatory Compliance Department, as may be seen in the previous organisational chart,

is part of the Control and Compliance Division of the Associate Services, Control and Resources

Department, and answers directly to the Head of Division. As such, it is an independent function

from the business units.

Its main aim is to ensure efficient management of compliance risk, which is defined as the risk

that breaches of legal demands or internal standards could impact on the income statement,

either directly, as a result of official sanctions or adverse judgements, or indirectly through a

negative impact on the bank’s reputation.

Its main spheres of action are the prevention of money laundering, standards of conduct on the

Securities Market (RIC and MiFID), data protection, corporate governance and reputational and

crime risk.

Internal Audit of Risks

Internal Audit is the third line of defence of risk control. One of the general aims of the analysis

carried out by this independent team is to verify that the risks a bank is taking on fall within the

parameters agreed by the Board of Directors, as outlined below.

Internal Audit is located within the organisational structure, and functionally reports to the

Audit Committee on a monthly basis through its Chairman. This ensures its independence and the

2.2.4.3

2.2.5

Associate Services, Control

and Resources Departament

Regulatory

Compliance

IT Security

Internal Control

and Operational Risk

Communication and

External Relations

Consultancy,

Quality and CSR

Control and

Compliance

Talent, Cultura and

Gen. Serv. Division

Regulation

and Studies

Reporting,

Operational

Management

and Banking

Training Serv.