Home

For the Latest News and Announcements click here.

News and Announcements

ANTI-MONEY LAUNDERING, DATA PRIVACY, REGULAR COMPLIANCE, and ISLAMIC BANKING

Welcome

EMPOWERING THE POOR with CARD BANK’s EFFECTIVE FINANCIAL SERVICES

Anti-Money Laundering, Data Privacy Act, and Regular Compliance Policies and Programs

Learn more

ANTI-MONEY LAUNDERING, TERRORIST FINANCING, and PROLIFERATION FINANCING

BASIC PRINCIPLES AND POLICIES

Guidelines are set to ensure compliance with the Anti-Money Laundering Law and terrorist financing prevention, its implementing rules and regulations, as well as other applicable regulations without violating other relevant laws and without losing bona-fide business/clients in the process.

The guidelines are intended to help this process and to ensure high standards in the following areas:

a) Ensuring the bank’s conformity with high ethical standards in protecting the safety, soundness and integrity of the national banking and financial system

b) Ensuring that identity of customer is established at all times along with ensuring that financially and socially disadvantaged are not denied access to financial services.

c) Ensuring that suspicious individuals or entity are denied from opening or maintaining an account or transacting with the bank.

d) Adopting and implementing this MTPP risk management system to identify, assess, monitor and control risks associated with money laundering and terrorist financing.

REGULAR COMPLIANCE

THE COMPLIANCE PROGRAM

a) Guide the CARD Bank’s directors, officers and personnel, especially the Compliance Unit headed by the Chief Compliance Officer (CCO) to continuously identify relevant Philippine laws, rules and regulations and pertinent BSP Circulars governing the operations of rural banks;

b) The program set out the planned activities of the compliance function, such as the review and implementation of specific policies and procedures; compliance risk assessment; compliance testing; educating staff on compliance matters; monitoring compliance risk exposures; and reporting to the board of directors or board-level committee. The program espouses a risk-based approach and shall have appropriate coverage across businesses and units.

c) To identify and mitigate business risks2 enumerated below which are detrimental to the bank’s ability to generate returns for its continuous operation.

▪ Risk to reputation that arise from internal decisions that may damage a bank’ market standing;

▪ Risks to reputation that arise from internal decisions and practices that ultimately impinge on the public’s trust of a bank;

▪ Risks from the actions of a bank that are contrary to existing regulations and identified best practices and reflect weakness in the implementation of codes of conduct and standards of good practice;

▪ Legal risks to the extent that changes in the interpretation or provisions of regulations directly affect a bank’s business model

d) To devise a systematic and effective communication systems to keep management always conscious of their obligations and legal responsibility as trustee of public funds; and

e) Judiciously remind management of the long-lasting benefits to the Bank in particular, and the rural banking industry in general, by strictly adhering to the rules and regulations and the provisions of the Manual of Regulations prescribed by BSP in the management of the affairs of the Bank.

f) Provide for periodic compliance testing with applicable legal and regulatory requirements. Testing frequency should be commensurate with identified risk levels (e.g., annual testing for low-risk, quarterly testing for medium-risk, monthly testing for high-risk). It should also provide for the reporting of compliance findings noted to appropriate levels of management

g) Establish the responsibilities and duties of the Chief Compliance Officer and other personnel (if any) involved in the compliance function

DATA PRIVACY ACT

DATA PRIVACY PRINCIPLES

All Processing of Personal Data within the Institution should be conducted in compliance with the following data privacy principles as incorporated in the Data Privacy Act:

a) Transparency. The Data Subject must be aware of the nature, purpose, and extent of the Processing of his or her Personal Data by the Institution, including the risks and safeguards involved, the identity of persons and entities involved in processing his or her Personal Data, his or her rights as a Data Subject, and how these can be exercised. Any information and communication relating to the Processing of Personal Data should be easy to access and understand, using clear and plain language.

b) Legitimate purpose. The Processing of Personal Data by the Institution shall be compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.

c) Proportionality. The Processing of Personal Data shall be adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose. Personal Data shall be processed by the Institution only if the purpose of the Processing could not reasonably be fulfilled by other means.

Page updated

Report abuse