Central Bank of Djibouti Circular No. 03/BCD/2012 on the Annual Internal Control Report

Central Bank of Djibouti CIRCULAR NO. 03/BCD/2012 ON THE ANNUAL INTERNAL CONTROL REPORT

The report is prepared in application of Article 17 of Instruction No. 2011-01 and aims to report on the conditions for exercising internal control and the means implemented to ensure this function. It thus seeks to describe the activity of the internal control function, as organized within the establishment. The report must also highlight actions undertaken during the year and set out any modifications that may have occurred in the internal control framework.

Article 2: Definition of an Internal Control Framework The internal control framework aims to identify risks incurred due to the activities of establishments, measure them, and manage them. It also aims to ensure the operational and organizational compliance of establishments with applicable legislation and regulations, as well as compliance with all obligations set by the BCD.

Article 3: General Presentation of the Internal Control Framework

• Name, telephone coordinates and email address of the internal control function manager(s) (permanent controls);
• Name, telephone coordinates and email address of the internal audit manager, if different (periodic controls);
• Hierarchical and functional reporting lines of these managers (attach an organizational chart showing units dedicated to permanent controls, as well as periodic control, and the hierarchical positioning of their managers);
• Other functions possibly performed by the aforementioned manager(s), within the establishment or within other entities of the same group;
• Brief description of the internal control framework implemented;
• Number of staff assigned to internal control devices—including internal audit—(full-time equivalent headcount; total annual headcount of the establishment as of December 31 of the reference year and end of April of the current year);
• Description and date(s) of updates to procedures relied upon by controllers and/or auditors (attach a copy of the current operational procedures manual);
• Scope (perimeter) of permanent and periodic controls (activities, processes, and entities).

Article 4: Conditions for Application of Procedures Implemented for Each Activity

• Description of activities performed by the establishment (list and describe activities);
• Attach and present the risk map generated by these activities (Article 3, Instruction 2011-01);
• Describe the risk analysis and measurement system, as adapted to the establishment's activities (Article 10, Instruction 2011-01);
• List and briefly present internal procedures defined to govern these activities;
• Description of new activities (e.g., consumer credit, distribution of Islamic credit-leasing products, etc.) implemented by the establishment during the reference year (list activities, describe them, specify associated risks);
• Limits and derogations adapted to these activities (Article 9, Instruction 2011-01);
• Attach to the report as an appendix procedures related to new activities cited in the preceding paragraph;
• Attach a copy of recommendations issued regarding internal control by statutory auditors as part of their annual audit (Article 2, paragraph 2 of Instruction 2011-01);
• Description of the implementation modalities for internal control (permanent controls and internal audit) for each activity performed, as per Article 2, paragraph 2 of Instruction No. 01-2011.

Article 5: Organization of Internal Control for Outsourced Activities

• Description of outsourced activities and conditions under which outsourcing occurs: country of establishment, names of external service providers, list of service contracts, nature of services;
• Attach internal procedures and describe the monitoring and control framework for outsourced operations.

Accounting and Prudential

• List, description, and date(s) of updates to procedures related to accounting treatment of operations;
• Organization implemented to guarantee the quality and reliability of the audit trail (as per Article 12 of Instruction No. 02/2011-01);
• Organization implemented to guarantee the quality of prudential information;
• Attach a reconciliation plan between the internal chart of accounts and accounting and prudential statements submitted to the BCD.

Article 7: Operations with Directors and Shareholders

• List of operations with directors (as per Articles 101 to 105 of Law No. 19/86 on Commercial Companies): specify beneficiary identity, type of beneficiaries—natural or legal person, director or executive—and nature of commitments, gross amount, applicable deductions and weighting used, date of implementation and maturity date;
• List of facilities to shareholders and affiliated companies: specify beneficiary identity, type of beneficiaries—natural or legal person, shareholder or executive—and nature of commitments, gross amount, applicable deductions and weighting used, date of implementation and maturity schedule.

Frauds and Losses

• List of frauds occurring during the year, description, impact (financial, disciplinary, etc.);
• Lists of other natural disasters and losses and measures taken to prevent their occurrence;
• Lists of pending legal actions, grounds.

Article 9: Conclusions and Recommendations of Internal Controls The establishment's overall activities and associated risks (credit risk, market risk, global interest rate risk, liquidity risk, operational risk, legal risk, concentration risk, compliance risk, and risks related to money laundering and terrorist financing, among others) must be considered. a) Results of internal control activity: monitoring compliance with applicable regulations and internal procedures, control of operational security, adherence to diligence related to risk surveillance associated with operations: I. List by activity type the main deficiencies identified; II. Table of corrective measures undertaken to address identified deficiencies and status of their implementation as of the report drafting date. b) Results of periodic control, or internal audit: I. Verification frequency for the establishment's main activity areas; II. Areas subject to periodic control verification during the past year (by internal audit or, on its behalf, by external parties); III. List by performed mission the main deficiencies identified; IV. Table of corrective measures undertaken to address identified deficiencies and status of their implementation as of the report drafting date; V. Investigations conducted by the (or bodies of) inspection (or internal audit) of the parent company or, on its behalf, by external organizations (external firms, etc.): list, summary of main conclusions, decisions taken to address identified deficiencies. c) Sessions in which the deliberative body examined internal control activity and results during the past year, pursuant to Instruction No. 02/2011-01, Art. 4, paragraph 2 (attach extracts of meeting minutes corresponding to this examination); d) Modalities for monitoring recommendations resulting from permanent and periodic controls (tools, responsible persons).

Article 10: Transmission of the Report The elements mentioned in Articles 3 to 9 must appear in the report transmitted to the BCD, pursuant to the aforementioned article, paragraph 2, no later than April 30 following the end of the fiscal year. They will be supplemented by any document the establishment deems useful to inform the Central Bank of Djibouti about developments in its risks and control framework during the past year.

Article 11: Date of Entry into Force of the Circular This circular enters into force as of the date of signature. Djama M. H. 30 October 2012