This document outlines the internal control framework for banking companies, including credit institutions and financial institutions, as per French law and regulatory requirements.
Extract
[...] The quality of information and accounting documents is another essential control point, particularly for financial institutions due to prudential regulation requiring accounting in accordance with the standards of the capital requirements regulation. An internal audit, independent of the control carried out by the statutory auditors, is put in place. This internal audit is distinct from that carried out by the statutory auditors, the latter qualifying banks as entities of public interest. 4. The internal control also ensures the security of information systems, that is to say the information technology structure of the institution. 5. [...]
[...] The internal control aims to ensure that banking operations respect the current regulation. This includes an extended verification: payment operations must comply with the Code monétaire and financial, while credit operations must comply with the Code of Consumer Protection, notably by respecting the prohibition of usury and anatocism. In short, each banking operation requires a verification procedure. 2. It is also essential to check that the procedures for decision-making and risk-taking, delegations and decision trees are in line with the policies established by the supervisory body, and not by the operational management of the bank. [...]
[...] At the top of this structure, the directors and supervisory bodies of the institutions, as well as the central body in the case of a mutual bank, are responsibles. Below, it is mandatory to set up a organisation ensuring the internal control of the establishment. It is necessary to briefly define the object of this internal control in order to fully understand its scope and objectives. I. Section 1 - The object of the control In reality, internal control is found in all companies. [...]
[...] This relatively recent element aims to limit the bonuses of key employees, such as traders, whose remuneration can be indexed on the amounts generated by their arbitrage. II. Section 2 - Control Levels The control device is based on three distinct levels : The first level control level is the execution level. At this stage, agents ensure compliance with the objectives set for internal control. This control, of an operational nature, is located closest to daily operations and is characterized by its permanence. It is therefore a continuous control, directly integrated into the activities of the establishment. [...]
[...] The third level of control consists of verify that level two controllers have correctly supervised level one controllers. This level offers a more global perspective and an in-depth analysis of possible flaws in the internal control system. When an irregularity or failure is identified at the operational level, it is reported to the third level, which has a broader overview. This control is not permanent but periodic, based on targeted surveys as part of scheduled internal control campaigns. Each level of control is strictly independent of the others, thus ensuring the impartiality and reliability of the internal surveillance system. [...]
