Page Tools

Internal regulations

The Bank’s internal regulators serve the prevention and identification of various risks related to the conduct of banking business. Employees are trained regularly on the rules for preventing abuse and ensuring protection of the clients’ funds and data.

Compliance policy

When monitoring compliance with internal and external regulations, the following issues are considered by Bank Millennium as particularly important:

  • counteracting money laundering and financing of terrorism;
  • ensuring compliance of Bank Millennium's internal normative acts with generally applicable provisions of law and with recommendations formulated by supervisory authorities;managing conflicts of interest;
  • observing the ethical principles;
  • restrictions on personal transactions and protecting sensitive information related to Bank Millennium financial instruments issued by the Bank as well as information related to sales and purchases of such instruments;
  • monitoring and ensuring compliance with respect to investment products covered by the EU MiFID directive.

Report on the adequacy and effectiveness of the compliance supervision system is presented quarterly to the Bank’s Management Board and the Supervisory Board’s Audit Committee and annually to the Supervisory Board.

G4-DMA EN29, G4-DMA SO8

Legal cases

Class action of mortgage clients

2015 Insurance of the low down payment for mortgage loans On 25 September 2015, a class action suit was filed with the Regional Court in Warsaw concerning mortgage loans indexed to CHF with a low down payment insurance. A group of the Bank’s borrowers (454 people), represented by a Municipal Consumer Ombudsman in Olsztyn, demands payment of a total amount of PLN 3.5 million. The group members believe that the regulations of the low downpayment insurance are impermissible and therefore they are not binding for the borrowers. The Bank is currently preparing a response to the statement of claim.
2014 Mortgage loan indexation On 21 October 2014, the Bank received a class action suit in which a group of borrowers seeks a ruling of the Bank’s liability for unjustified enrichment in connection with CHF-indexed mortgage loan agreements. The group believes that the Bank allegedly charged excessive amounts for repayment of loans. On 21 September 2015, the Court of Appeals in Warsaw quashed the ruling of the Regional Court in Warsaw dismissing the class action suit. The Bank awaits for a new decision to be issued by the Regional Court whether examination of the case in class action lawsuits should be permitted.

The value of penalties

  Amount (PLN) Explanation
2015 12,158,370 By a decision of 29 December 2006, the President of UOKiK imposed a fine of PLN 12,158,370 on Bank Millennium. The fine was also imposed on other banks (20 in total). This fine was a result of proceedings, in which UOKiK recognized as a competition-restricting practice the practice, in which banks, including Bank Millennium, took part in an arrangement to jointly set the interchange fee rates charged on transactions made with Visa and Mastercard cards. In a judgment of 6 October 2015 handed down by the Court of Appeals in Warsaw, the Bank was obligated to pay the fine.
2014 850,000 The President of UOKiK also recognized as a practice violating the collective interests of consumers the fact that, in the agreements to open and run Individual Retirement Accounts, the Bank failed to indicate the prerequisites for amending the agreements and failed to specify the scope of the Bank's liability for the timely and correct cash settlements and the amount of compensation for exceeding the deadline for performing instructions from the account holder and requested that those practices be discontinued. On account of these violations, the President of UOKiK fined the Bank PLN 2,857,389. The Bank has appealed against the Office's decision. On 25 November 2014, the Court reduced the fine to the aggregated amount of PLN 850,000. The judgment is not final.

G4-SO8

Fraud prevention

The Fraud Risk Management Program has been created to effectively fight and prevent abuses and is the basis for the currently existing and continuously updated fraud prevention system. The system enables coordination of actions taken by the Bank’s units involved in fraud prevention in the area of fraud detection, analysis and prevention, while providing professional tools to ensure effective protection of the Bank.

One of the elements of the program is Branch employee training, since branch employees have ongoing contact with clients and have the opportunity to identify suspicious behavior. In addition to training for new Network employees (484 people trained in 2015), a site is available on the Bank’s Intranet containing all the necessary information and materials; new information is also sent out to employees about new procedures and methods used by criminals.

Another element of the program is an e-mail account created especially for this purpose and an alert hotline operating 24/7/365 to ensure that any Bank employee could immediately clear up any doubt related to a suspicion of abuse. This solution has proven effective in particular when an employee identifies a “grandson fraud” since it has allowed the Bank to react quickly in such cases.

Anti-Money Laundering and Combating Terrorism Financing

The Bank’s Anti-Money Laundering and Combating Terrorism Financing (AML/CTF) Program is a comprehensive system to identify risk areas related to the money laundering crime.

The activities taken in the program involve, among others the use of financial security measures depending on the evaluation of money laundering risk, registration and reporting of transactions, selection of suspicious transactions, cooperation with the Inspectorate General of Financial Information.

Bank Millennium has adjusted its reports on an ongoing basis to the results of analysis of suspicious transactions, by adding the schemes operating in the given period (sectors, money flow directions, client behavior) in order to effectively identify and report transactions that may be related money laundering operations.

Efficient operation of the Program is ensured through internal procedures, organizational solutions in place and the employee training programs.

Anti-Money Laundering Program 2015 2014 2013 2012
Number and % of employees trained 1259 (22%) 1256 (22%) 1539 (28%) 1346 (22%)
Number of Suspicious Activity Reports (SARs) sent to GIIF* 152 134 155 187
Number of clients reported in SARs 472 502 640 844

*GIIF- Inspectorate General of Financial Information

Anti-corruption regulations

The anti-corruption regulations described in the internal compliance policies and the Code of Ethics of the Bank Millennium Group pertain to the acceptance and offering of benefits by Bank employees, rules for contacting people discharging public functions, public institutions and political parties. These regulations also apply to the Bank’s suppliers and business partners. Every supplier taking part in a tender procedure must undertake to observe the rules included in the Bank’s Code of Ethics, by signing a representation to that effect.

Employees may voice questions and observed irregularities concerning the breach of law, regulations and ethical norms via a dedicated telephone line or e-mail inbox or they may contact their immediate supervisor or the person running the Compliance Department.

However, during the internal audits, the vulnerability of bank processes to various types of threats and possible abuse, including corruption, is examined.

G4-DMA SO3, G4-DMA SO5

Risk of corruption 2015 2014 2013 2012
Number and % of organizational units analyzed for corruption risk   It is difficult to specify the number of audited units, since audits concern processes and several organizational units may be involved in each process.  
Actions taken after corruption cases are found No corruption cases found     1 No corruption cases found    

G4-DMA SO3, G4-DMA SO5

Information Security

The information security system in place in the Bank is modeled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization.

The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees and transactions. In order to achieve this goal, the Bank has used organizational, IT and telecommunication measures, in particular the mechanisms to protect devices, systems, applications, databases and communication channels.

The Bank continuously analyzes new threats and methods employed by criminals to be able to prevent them effectively. It also actively collaborates with other financial sector entities in Poland and internationally, sharing its knowledge about contemporary threats, trends and the evolving methods of abuse.

Special care is exercised to ensure continuity of the services provided by the Bank. The Business Continuity Management System implemented in the Bank serves to ensure availability of the key processes and IT systems, regardless of any chance events. Resistance to threats is further increased by the dispersed architecture of the information technology environment.

Internal and external audit

Internal audit

Internal audit opines any regulations introduced or amended in the Bank and conducts an independent and objective assessment and provides advice to the units regarding the audited domain. Advisory activity may be performed if its character does not compromise the principle of the internal auditor’s objectivity and independence.

The Internal Audit Department is an independent unit reporting to the Chairman of the Bank’s Management Board, which delivers results of its activities to the Audit Committee of the Bank’s Supervisory Board and to the Supervisory Board itself. Results of the operating review of the entire internal control system and of its selected elements are presented regularly and evaluated by the Audit Committee of the Bank’s Supervisory Board.

G4-DMA FS9, G4-FS9

Internal Audit - activities in 2015

Process audits 64
Financial audits 5
Audit of outlets 161
Compliance audits: IRF/MiFID 10
Ad hoc audit 9
ICP review, inspections from KNF, BION 5
TOTAL:  254
Preventive inspections 56
Explanatory proceedings (ad hoc) 303

External audit

In 2015, PwC was the Bank’s External Auditor.In addition to the cooperation in performing the basic tasks of the External Auditor, such as review and audit of semi-annual and annual financial statements, respectively, the Bank cooperates with PwC in implementing the concept of ongoing monitoring and consulting economic events in the context of their correct presentation in other financial statements. As a result of this approach, information in interim statements is presented in the same manner as in the annual statements.