Skip to main content
Version date: 25 April 2024 - onwards
Version 2 of 2

Principle 26 - Internal control and audit (paras. 40.59-40.60) (effective as of 25 April 2024)

40.59 Principle 26: [Reference documents: BCBS, Principles for the effective management and supervision of climate-related financial risks, June 2022; BCBS, Corporate governance principles for banks, July 2015; BCBS, The internal audit function in banks, June 2012; BCBS, Compliance and the compliance function in banks, April 2005; BCBS, Framework for internal control systems in banking organisations, September 1998.] The supervisor determines that banks have adequate internal control frameworks to establish and maintain an effectively controlled and tested operating environment for the conduct of their business, considering their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank's assets; and
appropriate independent [In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.] internal audit (including those that are outsourced or co-sourced), compliance and other control functions to test adherence to and effectiveness of these controls as well as applicable laws and regulations.

40.60 Essential criteria: