As EFG Hermes Holding continues to expand into new business lines and geographies, it is faced with a growing number of unique regulations and shifting regulatory mandates, which the Firm was well positioned for with sound and prudent compliance and risk policies that guide the Group’s decision-making and day-to-day operations. As such, the Risk and Compliance Department has developed a solid set of frameworks to govern EFG Hermes Holding’s compliance and risk strategies in accordance with global best practices. The department’s 42 compliance officers actively worked to ensure that each of the Firm’s new and existing business lines adhered to appropriate statutory provisions, official regulations, and internal policies. At the same time, the 52-member Risk Management team continued to ensure all operational, market, credit, and liquidity risks were identified, assessed, and accordingly mitigated using adequate controls. Both teams report to the Group Chief Risk and Compliance Officer.

The Internal Audit is an independent appraisal function that is authorized by the Board of Directors and the Audit Committee, with the role of monitoring and assessing the adequacy and effectiveness of the Firm’s operational, financial, information systems, and administrative controls. It provides objective risk assessment and evaluation of the effectiveness of risk management practices, and internal control and corporate governance processes across the Group’s subsidiaries, business lines, and business partners. The team is composed of highly skilled, multilingual individuals with diversified professional experience across different industries. At present, the Group’s Internal Audit team comprises of a Chief Internal Auditor and nine centralized auditors covering investment banking and NBFI activities, in addition to 43 auditors providing auditing services for Tanmeyah Microfinance.

Internal Audit reports directly to the Audit Committee and is tasked with carrying out systematic reviews and periodic spot checks in line with the Audit Committee’s pre-approved strategy for the year. To maximize the review process efficiency, the frequency of reviews is based on the function/department’s risk level and the previous review’s internal audit score. To this end, high and medium-risk departments are reviewed on an annual basis, and low-risk departments with effective scores are reviewed every other year. Additionally, the division performs quarterly follow-ups on previous audit findings, to ensure they have been adequately addressed and corrected. It also provides a wide range of services including in-depth assessment of operations, adherence to regulatory requirements, conformity with the Firm’s strategy, monitoring of corporate governance and ESG policies, and compliance with third party recommendations regarding Anti-Money Laundering (AML) regulatory requirements.

During 2021, the Risk and Compliance team played a vital role in ensuring that the Firm’s business continuity was not at risk. The division had to continually assess the situation on the ground in each country to ensure the safety of all staff members, and the continuity of operations considering the continuing challenges posed by the COVID-19 pandemic and shifting market dynamics. The Firm successfully operated with 50% of its staff working from home on rotational basis through to the beginning of September 2021, except for a few countries in its footprint due to local regulations. Most offices resumed operations at full capacity in September 2021, after 97% of staff across the entire Group were vaccinated. The health and safety precautionary measures are still enforced in all offices.

- Establishing two new Collective Investment Scheme management companies for the Firm’s private equity line of business in Abu Dhabi, UAE
- Completed an enterprise-wide AML and Sanctions Risk Assessment
- Renewed ISO 22301:2012 for the sixth year in a row
- Set up two new Disaster Recovery sites in Saudi Arabia and Pakistan
- Executed Disaster Recovery drills

As the Firm’s NBFI platform continues to grow and increase its product offering, the Internal Audit Department has been working alongside new subsidiaries to establish adequate reporting lines and develop monitoring programs, providing the necessary frameworks to enhance the Group’s oversight of both new and existing operations. The team’s scope is to ensure new products and subsidiaries are effectively monitored, particularly in the early phases of launch, in addition to evaluating compliance with regulatory requirements.

During 2021, Internal Audit completed 42 audit reviews across 10 jurisdictions. In March 2021, the department concluded its first audit of corporate culture, governance, and management. At the same time and in coordination with the division, Ernst and Young (EY) concluded the first phase of a full risk assessment and audit of EFG Hermes Holding’s systems, applications, networks, and infrastructure. Results of the full risk assessment were reported to the Audit Committee. Additionally, other ad hoc assignments were performed during the year, including fraud investigations, handling complaints received through Voice-It, overseeing the renewal process of the Group’s insurance policies, and ensuring insurance coverage is appropriate to mitigate risks.

TeamMate continues to enhance the Internal Audit team’s processes. It helps the division store, analyze and process the vast quantity of financial data related to various Group operations across its footprint, to allow for a more accurate and efficient auditing process. The digital tool has proved to be significantly important in the wake of the COVID-19 pandemic as a shift to digital and automated functions was required on different fronts. TeamMate was introduced as part of the Group’s wider digital transformation strategy, with the aim of solidifying EFG Hermes Holding’s position at the forefront of an increasing digital financial services industry. As the Group transitions to a fully digitized system, the team’s scope has extended to assess potential cyber-security and data protection risks ensuring all clients’ and EFG Hermes Holding’s internal data is stored safely and well protected against possible cyber-attacks.

Communicating the Group’s strategy, policies, and procedures to all employees continues to be key to binding various geographies and lines of business as the Firm’s footprint and product portfolio grow. To guarantee that all new employees are promptly integrated in the Group’s operating framework, the team participates in the HR onboarding process to orient new hires on main audit, compliance, and risk issues at least once a year or when needed if a high-risk situation arises.

The Internal Audit function continues to serve the Firm as a consultant by providing advice and suggesting ways to improve the business and add value, in addition to enhancing current procedures to improve the Group’s daily operations. The Firm, under the monitoring and guidance of the Compliance division, continued to conduct five mandatory training courses on Anti-Money Laundering (AML), anti-fraud, General Data Protection Regulation (GDPR), cybersecurity, and sustainability awareness. To ensure employees reach the required level of understanding on various subjects, staff members must pass all the courses with the results reflected in end-of-year appraisals. Given the burgeoning focus on ESG by responsible investors, an ESG training module was introduced in 2020 in the arsenal of development tracks for employees.

Next year, the Risk and Compliance department along with the Internal Audit division will continue to work on streamlining operations and increasing operational efficiencies to capitalize on the growing digital technologies, particularly with the market disruptions amid the ongoing pandemic. As the Group continues to penetrate new markets and add lines of business, the departments will continue to work with other divisions to ensure new products, business lines, and subsidiaries are swiftly integrated into EFG Hermes Holding’s control framework, and that new regulations and laws related to these expansions are accurately reflected in operating policies.