Page Tools

Assurance of deposit safety

Ensuring safety of funds deposited by clients is one of the sustainable business priorities defined in the Bank’s strategy for 2015-2017. Bank Millennium and Group companies operate pursuant to the applicable legal regulations, the code of ethical behaviour and best market practices. The Bank attaches special importance to the matters related to risk management and security of operations.

G4-DMA

Compliance policy

The laws, principles and standards pertaining to compliance of the Bank's actions with the applicable internal and external regulations concern matters such as: observance of appropriate market behaviour standards, managing conflicts of interest, fair treatment of clients and providing them with appropriate advice. The Bank considers the following areas of operation to be of particular importance:

  • counteracting money laundering and financing of terrorism;
  • ensuring compliance of Bank Millennium's internal normative acts with generally applicable provisions of law and with recommendations formulated by supervisory authorities;
  • management of conflicts of interest,
  • observance of the ethical principles;
  • restrictions on personal transactions and protecting sensitive information related to Bank Millennium financial instruments issued by the Bank as well as information related to sales and purchases of such instruments.
  • monitoring and ensuring compliance with respect to investment products covered by the EU MiFID directive.

Report on the adequacy and effectiveness of the compliance supervision system is presented quarterly to the Bank’s Management Board and the Supervisory Board’s Audit Committee and annually to the Supervisory Board.

G4-DMA, G4-57, G4-58

Instances of incompliance with the law and best practices

Class action of mortgage clients

On 21 October 2014, the Bank received a class action suit in which a group of the Bank’s borrowers represented by the Municipal Ombudsman of Consumers in Olsztyn pursues a judgment that the Bank is liable to them for unjustified enrichment in connection with CHF-indexed mortgage loan agreements. The group believes that the Bank charged excessive amounts for repayment of loans. According to the lawsuit, the excessive amounts resulted from the application of forbidden contractual clauses relating to the indexation of loans to CHF.

The Bank does not accept the claims put forward by the group. On 31 December 2014, the Bank submitted a rejoinder in which it challenged the claims of the group members.

Amounts of significant fines for non-compliance with the law or regulations

Amounts of significant fines for non-compliance with the law or regulations
Amount (PLN)Explanation
2014 850,000 The President of UOKiK also recognized as a practice violating the collective interests of consumers the fact that, in the agreements to open and run Individual Retirement Accounts, the Bank failed to indicate the prerequisites for amending the agreements and failed to specify the scope of the Bank's liability for the timely and correct cash settlements and the amount of compensation for exceeding the deadline for performing instructions from the account holder and requested that those practices be discontinued. On account of these violations, the President of UOKiK fined the Bank PLN 2,857,389. The Bank has appealed against the Office's decision. On 25 November 2014, the Court reduced the fine to an aggregated amount of PLN 850,000. The judgment is not final.
2013 634,071 By a decision of 29 December 2006, the President of UOKiK imposed a fine of PLN 12,158,370 on Bank Millennium. The fine was also imposed on other banks (20 in total).
This fine was a result of proceedings, in which UOKiK recognized as a competition-restricting practice the practice, in which banks, including Bank Millennium, took part in an arrangement to jointly set the interchange fee rates charged on transactions made with Visa and Mastercard cards. In its judgment of 21 November 2013, the Competition and Consumer Protection Court in Warsaw dismissed in part the appeals submitted by banks, while reducing the fines, in the case of Bank Millennium down to PLN 634.071. The judgment is not final.

G4-SO8

Fraud prevention

The Fraud Risk Management Program has been created to effectively fight and prevent abuses and is the basis for the currently existing and continuously updated fraud prevention system. The system enables coordination of actions taken by the Bank’s units involved in fraud prevention in the area of fraud detection, analysis and prevention processes, while providing professional tools and systems to ensure effective protection of the Bank.

One of the elements of the program is Branch employee training, since branch employees have ongoing contact with clients and have the opportunity to identify suspicious behaviour. In addition to training for new Network employees (470 people trained in 2014), a site devoted to fraud prevention is available on the Bank’s Intranet.  Employees also receive information on new tricks and methods used by criminals. 

G4-58

Anti-Money Laundering and Combating Terrorism Financing

The Bank’s Anti-Money Laundering and Combating Terrorism Financing (AML/CTF) Program is a comprehensive system to identify risk areas related to the money laundering crime.

The activities taken in the program involve in particular the use of financial security measures depending on the evaluation of money laundering risk, registration and reporting of transactions, selection of suspicious transactions, cooperation with the Inspectorate General of Financial Information.

Bank Millennium has adjusted its reports on an ongoing basis to the results of analysis of suspicious transactions, by adding the schemes operating in the given period (sectors, money flow directions, client behaviour) in order to effectively identify and report transactions that may be related money laundering operations.

Efficient operation of the Program is ensured through internal procedures, organizational solutions in place and the employee training programs.

Anti-Money Laundering Program201420132012
Number and % of employees trained 1256 (22%) 1539 (28%) 1346 (22%)
Number of Suspicious Activity Reports (SARs) sent to GIIF* 134 155 187
Number of clients reported in SARs 502 640 844

*General Inspector of Financial Information

Anti-corruption regulations

The anti-corruption regulations described in the internal compliance policies and the Code of Ethics of the Bank Millennium Group pertain to the acceptance and offering of benefits by Bank employees, rules for contacting people discharging public functions, public institutions and political parties. These regulations also apply to the Bank’s Suppliers and business partners. Every Supplier taking part in a tender procedure must undertake to observe the rules included in the Bank’s Code of Ethics, by signing a representation to that effect.

G4-DMA

Employees may voice questions and observed irregularities concerning the breach of law, regulations and ethical norms via a dedicated telephone line or e-mail account or they may contact their immediate supervisor or the person running the Compliance Department.

However, during the internal audits, the vulnerability of bank processes to various types of threats and possible abuse, including corruption, is examined.

Risk of corruption

20142013

2012

Number and % of organizational units analysed for corruption risk It is difficult to specify the number of audited units, since audits concern processes and several organizational units may be involved in each process.
Actions taken after corruption cases are found 1 No corruption cases have been found

G4-SO3, G4-SO5, G4-58

Information security

The information security system in place in the Bank is modelled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization. The information security management regulations are reviewed at least once a year.

The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees and transactions. In order to achieve this goal, the Bank uses a broad range of organizational, IT, telecommunication measures and in particular device protection mechanisms, systems, applications, databases and communication channels.

Even though the Bank is not obligated to obtain a certificate of its information security management method, great emphasis is placed on all levels of the organization on compliance with the requirements set forth in the international standard ISO/IEC 27001 and the standard applicable in the payment card sector, that is PCI DSS. This results in positive reports of periodic audits conducted by the Polish Financial Supervision Commission and external consultants as well as accreditations from leading payment card issuers, including VISA, MasterCard and American Express.

G4-58

Internal and external audit

Internal audit

The activity of Internal Audit is based on the annual audit plan. Planning is based on the evaluation of risks to which individual areas and processes of the Bank are exposed. The planning process takes into account consultations with senior management and key process owners. The annual audit plan is approved by the Audit Committee of the Bank’s Supervisory Board and is implemented on a quarterly basis.

Internal audit opines any regulations introduced or amended in the Bank and conducts an independent and objective assessment and provides advice to the units regarding the audited domain. Advisory activity may be performed if its character does not compromise the principle of the internal auditor’s objectivity and independence.

The Internal Audit Department is an independent unit reporting to the Chairman of the Bank’s Management Board, which delivers results of its activities to the Audit Committee of the Bank’s Supervisory Board and to the Supervisory Board itself. Results of the operating review of the entire internal control system and of its selected elements are presented regularly and evaluated by the Audit Committee of the Bank’s Supervisory Board.

G4-DMA

Internal Audit - activities in 2014

Process audits 78
Financial audits 4
Audit of outlets 178
Compliance audits: IRF / MiFID 13
Ad hoc audit 8
ICP review, inspections from KNF, BION 5
TOTAL: 286
Preventive inspections 251
Explanatory proceedings (ad hoc) 297

G4-FS9, G4-58

External audit

For the stakeholders, it is important to receive information about the results of the Bank’s operations, which is timely, transparent and adequate. One of the actions supporting the performance of this task is the Bank's cooperation with an External Auditor during the preparation of financial statements. The External Auditor is selected by the Bank's Supervisory Board based on a recommendation of the Supervisory Board’s Audit Committee.

In 2014, after long years of cooperation with KPMG Audyt Sp. z o.o., PricewaterhouseCoopers Sp. z o.o. became the Bank’s External Auditor. In addition to the cooperation in performing the basic tasks of the External Auditor, such as review and audit of semi-annual and annual financial statements, the Bank cooperates with PwC in implementing the concept of ongoing monitoring and consulting economic events in the context of their correct presentation in other financial statements. This approach ensures that such transactions will be presented in interim statements in the same way as in the audited annual financial statements.

G4-58