68 / 204
66
Rothschild & Co | Annual Report 2017
1 Regulatory context
Rothschild & Co is on the list of the financial holding companies supervised
by the
Autorité de contrôle prudentiel et de résolution
(“ACPR”) on a
consolidated basis. The rules which impact upon the Group arrangements
for risk management systems and controls are set out in the French
Monetary and Financial Code
(Code monétaire et financier)
and the Order
dated 3 November 2014, which defines the conditions for implementing
and monitoring internal control systems in banks and investment firms. The
Order dated 3 November 2014 lays down the principles relating to control
systems for transactions and internal procedures, accounting systems and
information processing, risk and performance measurement systems, risk
supervision and control systems, and internal control documentation and
reporting systems.
As required by the Order dated 3 November 2014, the Group internal
control system established by Rothschild & Co operates a distinction
between organisations and managers in charge of permanent control
(including compliance, anti-money laundering and risk management)
and periodic control (i.e. internal audit).
The internal control system of Rothschild & Co must also take into account,
as appropriate, the AMF
’s
General Regulations (the “AMF Regulations”),
local regulations applicable to branches and subsidiaries outside France
and to specialised operations such as portfolio management, the most
widely accepted industry practices in this area and the recommendations
of international bodies dealing with the capital adequacy framework of
international banks, foremost among which are the Basel Committee, the
Financial Stability Board and the European authorities (European Banking
Authority, European Securities and Markets Authority).
2 Definition, objectives and scope of
internal control
The internal control system refers to Rothschild & Co’s own internal control
system and the Group’s internal control system on a consolidated basis.
The internal control system seeks to provide directors, officers and
shareholders with reasonable assurance that the following objectives
are achieved:
• the effectiveness and efficiency of the entity’s operations;
• the prevention and detection of fraud;
• compliance with laws and regulations, internal standards and rules;
• the reliability of accounting and financial information; and
• protection of the entity’s assets.
It also fulfils the internal control objectives specific to financial companies
supervised by the ACPR on a consolidated basis.
3 Organisation of internal control
The Group’s internal control framework is based on the “three lines of
defence” model. The first line comprises front line management from the
business itself. The second line includes independent Risk, Compliance
(including AML/CFT) and Legal functions and to a lesser extent Finance
and Human Resources to monitor on a continuous basis the activity of
the front line management, and the third line comprises Internal Audit –
which exercises periodic surveillance of the Group’s activities and
support functions.
The Three Lines of Defence for identifying, evaluating and managing risks
First Line of Defence
Second Line of Defence
Third Line of Defence
It is the responsibility of senior management
in each of the Group’s business lines
to establish and maintain effective risk
management systems and to support risk
management best practice.
Comprises specialist Group support functions
including: Risk, Compliance, Legal, Finance
and Human Resources.
These functions provide:
• operational and technical guidance;
• advice to management at Group level and
operating entity level;
• independent challenge to the businesses; and
• assistance in the identification, assessment,
management, measurement, monitoring and
reporting of financial and non-financial risks.
Provides independent objective assurance on the
effectiveness of the control procedures including
those relating to the management of risks across
the entire Group.
This is provided by the Group’s Internal Audit
function.
Internal control, risk management and accounting procedures