Guidelines on Communication between the Central Bank of Seychelles and Internal Audit Functions of Banks

CENTRAL BANK OF SEYCHELLES P. O. Box 701 Victoria, Seychelles Telephone: [+248] 4282000 Ref.: FSS/GENIl Fax: [+248] 4323 665 E-mail: enquiries@cbs.sc Date: December 28, 2016 TO ALL BANKS Guidelines on communication between Central Bank and the internal audit function of banks and other financial institutions The Central Bank hereby issues the following Guidelines with a view to enhancing communication and cooperation with the internal audit function of banks and other financial institutions. In addition to adherence to the above, banks and other financial institutions should continue to ensure compliance with the provisions of relevant legislations such as the Financial Institutions Act, 2004 as amended as well as such other applicable legislation relating to audit and all the other provisions of the relevant legislation governing the banks and other financial institutions. We trust in your cooperation. C. Edmond First Deputy Governor

Central Bank of Seychelles Guidelines on communication between Central Bank and the internal audit function of banks and other financial institutions

1. INTRODUCTION The purpose of these Guidelines are to provide a framework to guide the communication and cooperation process between Central Bank of Seychelles (CBS) and the internal audit function of banks. These Guidelines may also apply to other institutions under CBS mandate as may be determined by CBS. These Guidelines have been deemed relevant in view of interest from both CBS and the banking sector for closer collaboration between CBS and banks' internal audit function. Such collaboration is also in line with the paper titled 'The Internal Audit Function in Banks' dated June 2012 issued by the Bank for International Settlementl . Specifically, Principle 16 of this paper requires bank supervisors to have regular communication with banks' internal auditors and covers the relationship of the supervisory authority with the internal audit function of banks. Additionally, Principle 17 requires bank supervisors to regularly assess whether the internal audit function has sufficient standing and authority within the bank and operates according to sound principles. Considered as the third line of defence, the internal audit function provides insight on the risk management, internal controls and governance of an entity. Such function is key to one of CBS objective to promote a sound financial system. Note that the BIS paper referred to above, serves as a guide to these Guidelines. I The Basel Committee is the primary global standard-setter for the prudential regulation of banks. (http://www.bis.orglbcbs/about.htm)

Page 2 of3 2. PROCESS 2.1 Periodic meetings At a minimum, CBS shall have biannual meetings with internal auditors. Additionally, based on the size, nature, risks and complexity of the bank, CBS or the internal audit of banks may request for meetings in between the biannual meetings. CBS may request the presence of senior management, the audit committee, the external auditor and the Board at these meetings. In addition, meetings can be convened with the aforementioned individuals to discuss audit matters. 2.2 Matters for discussion The discussions shall include the following: Risk matters (i) risk management procedures; (ii) risk assessment methodologies; (iii) the risk areas identified by CBS (including those made during on-site reviews) and internal auditors; (iv) the risk mitigation measures taken by the bank; and (v) the bank's response to weaknesses identified. Specific risk areas include (i) concentration risk and large exposure limits; (ii) transactions with related parties; (iii) problem assets, provisions and reserves; (iv) market risks; (v) interest rate risk in the banking book; (vi) liquidity risk; (vii) operational risk; and (viii) credit risk. External Auditor Update on discussions between the bank and the external auditors and outcome of these meetings. Meetings between a bank's internal audit and external auditor is encouraged to discuss such areas as audit planning, audit priorities and scope of audit to avoid duplication. Audit Committee Functioning of the Committee in line with section 37(1) of the Financial Institutions Act, 2004 and the Corporate Governance Guidelines issued in April 2015. Corporate Governance Guidelines In line with the Corporate Governance Guidelines, internal audit can play a key role in contributing to the board's role to strategically guide the bank, effectively monitor management and provide accountability to shareholders. Accordingly, matters pertaining to internal audit in

Page 3 of3 the Corporate Governance Guidelines shall be the subject of discussions to ensure implementation of the Guidelines. Other matters for discussion include (i) contingency planning; (ii) fraud risk; (iii) implementation of the audit plan; and (iv) internal audit budget, human resources and development. 3. INFORMATION SHARING (i) CBS may share information with the internal audit function that could increase the effectiveness of internal audit. (ii) CBS shall make recommendations aimed to strengthen the internal audit function and the control environment. (iii) The banks shall provide CBS at a minimum with the internal audit reports, audit charter and audit plan as requested. (iv) The banks shall provide CBS at a minimum with the minutes of the following meetings: meeting of the Audit Committee; Board meeting with the Audit Committee, meeting of internal auditors or external auditors or senior management on internal audit matters; internal auditors meeting with the external auditors or senior management. (v) Internal audit shall share with CBS accounting data (such as fair values and impairment of financial instruments) that are included in regulatory reporting. (vi) Internal audit shall share with CBS any business conduct and market conduct issues identified through the audit of the compliance function.