you are in

On this page

The Bank’s compliance, risk management, and internal control agenda is a key priority. 

In this respect, BPI:

  • continuously enhances governance and oversight of the compliance, risk management and internal control across the BPI Group;
  • streamlines operations and reduces risk via investments in financial, technology and human capital;
  • partners and engages in constructive dialogue, shares efforts and seeks proper clearance in designing adjustments and remediation plans with our regulators; and
  • builds and strengthens the culture and infrastructure to support risk management, compliance, and assurance activities.

Annually, the Board, through its various board-level committees, reviewed the Bank’s overall control, risk management and compliance systems covering operational and financial areas to determine that these are adequate and operating effectively.

Compliance

In line with the regulatory shift of the BSP, the Bank’s Compliance Office functions as the second line of defense, embracing a more forward-thinking, risk-based, and stress-tested approach to continuously monitor, evaluate, and improve compliance amidst a banking landscape experiencing disruption and rapid change.

Enterprise Risk Management

The bank has a comprehensive and integrated Risk and Capital Management Framework guiding the management of all risk exposures and ensuring that the bank has adequate capital to cover and mitigate these risks. This framework follows Bangko Sentral regulations to implement an active and effective Internal Capital Adequacy Assessment Process (ICAAP) and risk management processes within the bank.

 

Risk Policy

The Board carries out its risk management function through its Risk Management Committee, which is tasked with nurturing a culture of risk management across the enterprise, proposing guidelines and regularly reviewing risk management structures, metrics, limits, and issues across the BPI Group, in order to meet and comply with regulatory and international standards on risk measurement and management. The committee also supports technology and training for key personnel in risk management.

Major identified risks in the bank's business are credit risk, market risk (interest rate risk and liquidity risk), and operational risk (people and process risks, information security, technology and physical security risks, model risk, compliance and regulatory risks, legal and tax risks, and reputation risk, amongst others).

 

Control System

The Risk Management Committee reviews the reports from the bank's various management committees and business units that are necessary to identify, monitor, and assess the risk exposures and capital adequacy and their implications to the Bank.

It also reviews and recommends to the Board the approval of the bank's risk and capital management policies, and the appropriate capital structure for the bank in support of long-term strategic objectives, current business plans, and risk appetite.

The committee also reviews, approves, and confirms proposals relating to risk limits, risk exposure allocation, capital allocation and other related risk management policies.

Several committees and units manage the bank's financial and non-financial risk exposures at the management level. The Chief Risk Officer leads the Risk Management Office, and supports the Risk Management Committee by recommending risk management policies and methodologies, closely coordinating and facilitating risk management best practices with the various business units. In the process, the CRO promotes an enterprise-wide risk management awareness, learning and appreciation. Read the full biography of the Chief Risk Officer.

Risk Management Committee

en

File-type

File-size

download-icon
Internal Control

BPI's internal control system is the framework under which internal controls are developed and implemented to manage and control a particular risk or business activity, or a combination of risks and activities, to which the Bank is exposed.

Our Internal Audit Division is an independent body that supports the Audit Committee in fulfilling its oversight responsibilities by providing an objective assessment on the adequacy and effectiveness of the Bank’s risk management, internal controls, and governance processes through well-established risk-based audit plans. Internal Audit also ensures that the Bank’s operating and business units adhere to internal processes and procedures and to regulatory and legal requirements.

This unit reports directly to the Board through its Audit Committee. It collaborates with other assurance providers such as the Risk Management Office, Compliance Office, external auditors, and other oversight units. Through this system for the comprehensive monitoring and review of risks and compliance in the institution, the Board ensures that the Bank and all business units proactively manage the risk and compliance exposures impacting the business. (Recommendation 2.10 and 12.2 of the SEC CG Code for PLCs)

The Audit Committee also ensures that the Internal Audit Division undergoes an external quality assessment review (EQAR) to confirm that audit activities conform to the International Standards for the Professional Practice of Internal Auditing and Code of Ethics. The program includes periodic internal and external quality assessments and ongoing monitoring of the performance of the internal audit activity. Periodic internal assessments are conducted annually, while external quality assessments are conducted at least once every five years by a qualified independent validator. This unit maintains its “generally conforms” ratings on both internal and external assessments, which indicate that its activities have continuously conformed to professional standards, code of ethics, and other internal standards.

The statement of the Directors on the effectiveness of the Bank's internal control system is embodied in the Report of the Audit Committee to the Board of Directors, which is part of the Annual Report.

 

Internal audit charter

The internal audit function as empowered by the Internal Audit Charter includes free access to all records, properties, and personnel. In this respect, the Audit Committee reviews the internal audit function, including its independence and the authority of its reporting relationships. The Internal Audit Division continuously improves the capabilities of its auditors through continuous education on specialized areas of knowledge, auditing techniques, regulations, and banking products and services. As stated in the Manual on Corporate Governance, the Board, through the Audit Committee, periodically reviews and approves the Internal Audit Charter. (Recommendation 2.10, SEC CG Code for PLCs).

Read the Internal Audit Charter here.

BPI Internal Audit Charter

en

File-type

File-size

download-icon

Chief audit executive

The Internal Audit Division is headed by a Chief Audit Executive (CAE) who is appointed by the Board and reports functionally to the Board through the Audit Committee and administratively to the President and CEO. The CAE has unrestricted access to all functions, records, property, and personnel. Additionally, the Audit Committee ensures that the CAE has access to the Board, on a confidential basis, and that the Internal Audit Division is independent of bank management, both by intent and actual practice. The Board, through the Audit Committee, evaluates the performance of the CAE. (Recommendation 2.8, 9.1, 9.2, 12.3 SEC CG Code for PLCs).

 

Read the full biography of the Chief Audit Executive here

 

Independent external auditor

The Audit Committee recommends to the Board the appointment of a BSP accredited external auditor for the purpose of preparing or issuing an audit report or other related work. The appointment, re-appointment, and removal of the Bank’s external auditor is subject to the approval and endorsement by the Audit Committee, for subsequent confirmation and approval by the Board and, finally, the stockholders. (Recommendation 9.1, 9.2 SEC CG Code for PLCs) The engagement of the external auditor is also done pursuant to the General Requirements of Securities Regulation Code (SRC) Rule 68, Par. 3 (Qualifications and Reports of Independent Auditors).

The Audit Committee also assesses the external auditor’s effectiveness, independence, and objectivity, ensuring that key partners or the handling partner is rotated at appropriate intervals or changed every five years or earlier. The Committee also reviews the external auditor’s annual plan, scope of work, and, in consultation with management, approves the external auditor’s term of engagement and audit fees. They also oversee the resolution of disagreements between management and the external auditors in the event that these arise.

The external auditor reviews and discusses the financial statements and reports, including results of operations, with Management and the Internal Auditor, and endorses the same to the Board for approval. Audited Financial Statements are signed by the Chairman of the Board, the President and CEO, and the Chief Finance Officer (CFO).

The Audit Committee also holds executive or private meetings with the external auditors without the presence of Management.

 

Audit and audit-related fees

BPI has paid the following fees, inclusive of taxes, to its external auditors in the past two (2) years:

Fiscal Year

Audit Fees

Audit-related Fees

2021 paid in 2022

2021 Bond Offering

Paid in 2022

Php 21.010 Mn

Php 3.662 Mn

Php 4.558 Mn

Php 190.590 K

2022 paid in 2023

Php 19.037 Mn

Php 3.674 Mn

Approved for 2023

(not yet paid)

Php 21.584 Mn

-

The audit and audit-related fees cover services by the external auditor that are reasonably related to the performance of the audit or review of the annual, half year or quarter end financial statements for BPI and its subsidiaries. These were no non-audit fees for other services not related to the audit/review of the financial statements. (Recommendation 9.3 SEC CG Code for PLCs).

 

The Audit Committee charter, as stated in the Bank’s Manual on Corporate Governance, provides that the Audit Committee is empowered by the Board to approve all audit and non-audit services, including fees, to be provided by the external auditor to the Bank and its subsidiaries. It is also tasked to review the external audit fees and recommend for approval by the Board.

Audit Committee charter

en

File-type

File-size

download-icon
Report of the Audit Committee

en

File-type

File-size

download-icon
Need more help?

Get all the help for your banking needs.

prefered