The central bank has strengthened the standards for banks’ and other financial institutions’ internal control and audit in line with international best practices.
In a statement on Friday, the Bangko Sentral ng Pilipinas (BSP) said its Monetary Board had revised the guidelines for the internal control and internal audit raising the bar of control standards for BSP-supervised financial institutions (FIs).
“The guidelines complement other BSP initiatives to further strengthen the quality of governance in the industry and align existing regulations with international standards and best practices,” it stated.
The monetary authority noted that the revised guidelines feature the fundamental elements of internal control namely, management oversight and control culture; risk recognition and assessment; control activities; information and communications; and monitoring activities and correcting deficiencies.
These features effectively broaden the regulatory expectations for internal control of financial institutions, from previously being limited only to the implementation of basic internal control activities to promoting shared accountability of the board and personnel at all levels in the control process, it said.
“The Monetary Board recognizes though, that there is no ‘one size fits all’ internal control framework. As such, consistent with the principle of proportionality, financial institutions are expected to adopt internal control frameworks that are suited to their size, risk profile and complexity of operations,” the BSP added.
Moreover, the central bank stressed that the revised guidelines also cover the BSP’s expectations for the internal audit function, highlighting that its role is to both assess and complement operational management, risk management, compliance and other control functions.
The BSP said financial institutions are generally allowed to outsource internal audit functions in order to access certain areas of expertise or to address resource constraints, provided that the scope of audit will not include areas that are covered by existing statutes on deposit secrecy.
“The guidelines, however, clarify that arrangements where financial institutions which are part of group structures who opt to establish an internal audit function centrally in the parent bank will not fall under the outsourcing framework provided under existing regulations,” it said.
Lastly, the central bank said the revised guidelines expanded the qualifications of the head of the internal audit function of banks and other financial institutions so as to consider professionals from disciplines outside of the accountancy profession.
“Certified Public Accountants (CPAs) or Certified Internal Auditors (CIAs) are still required for the head of the internal audit function of a universal/commercial bank,” it said. However, the BSP noted that the head of the internal audit function of thrift, rural, and cooperative banks may be a graduate of any accounting, business, finance, or economics course but should have the technical proficiency on the conduct of internal audit.
Regardless of academic background, heads of the internal audit function of all supervised financial institutions should meet the prescribed number of years of experience, it concluded.