Sampath Bank Annual Report 2023-24

Directors’ Statement on Internal Control Over Financial Reporting

RESPONSIBILITY

The report on Internal Control Over Financial Reporting is presented by the Board of Directors of Sampath Bank PLC in line with Section 3(8)(ii)(b) of Banking Act Direction No. 11 of 2007, Section 9.2(b) of Banking Act Direction No. 05 of 2024 (w.e.f 1st January 2025) issued by the Central Bank of Sri Lanka (CBSL) and with Principle D.1.5 of the Code of Best Practice on Corporate Governance 2023 issued by the Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka).

The Board of Directors (“the Board”) is responsible for the implementation of an adequate and effective internal control mechanism at Sampath Bank PLC (“the Bank”). In doing so, the Board has ensured that the system in place is designed to manage the Bank’s key areas of risk within an acceptable risk profile, to achieve the business objectives of the Bank.

In the light of the foregoing, the system of internal controls can only provide reasonable and not absolute assurance against material misstatement of financial information and records or against financial losses or fraud.

The Board has instituted a continuous process to identify, assess and proactively manage the significant risks encountered by the Bank. This ongoing effort aims to strengthen Internal Control Over Financial Reporting, in strict adherence to regulatory guidelines and to enable the Bank to adapt swiftly to shifts in the broader operating environment. The Management plays a vital role in translating the Board's policies and risk protocols into practical measures. Their collaborative efforts encompass the identification and evaluation of risks, as well as the design, implementation and monitoring of effective internal controls, for the purpose of mitigating and managing these risks effectively. Accordingly, the Bank maintains a robust system of Internal Control Over Financial Reporting (ICOFR) and Management Information System in order to preserve the financial integrity and safeguard the interests of our stakeholders. The process is regularly reviewed by the Board, in accordance with the “Guidance for Directors of Banks on the Directors’ Statement on Internal Control” issued by CA Sri Lanka.

In the year 2024, the Board assessed the existing system of Internal Control Over Financial Reporting vis-à-vis the principles outlined in the aforementioned guidance. Following this comprehensive assessment, the Board confidently asserts that the existing system of Internal Control Over Financial Reporting within the Bank is robust and sufficient to provide a reasonable level of assurance regarding the accuracy and reliability of financial reporting, thus ensuring that the preparation of financial statements for external purposes aligns with the relevant accounting principles and regulatory stipulations.

KEY FEATURES OF THE PROCESS FOLLOWED IN REVIEWING THE DESIGN AND OPERATING EFFECTIVENESS OF THE SYSTEM OF INTERNAL CONTROL OVER FINANCIAL REPORTING

The key mechanisms that have been established to review the adequacy and integrity of the system of internal controls with respect to financial reporting include the following;

Board Sub-Committees assist the Board in ensuring the effectiveness of Bank’s day-to-day operations and to ensure that all such operations are carried out in accordance with the corporate objectives, strategies and in line with the annual budget as well as the policies and the business direction approved by the Board.

The Board Audit Committee reviews internal control issues identified by the Internal Audit Department, the External Auditors, Regulatory Authorities and the Management and the effectiveness of the Internal Audit function.

The minutes of the Board Audit Committee meetings are forwarded to the Board on a periodic basis. Further, the details of the activities carried out by the Board Audit Committee during the year under review are set out in the Board Audit Committee Report on pages 199 to 201.

The Bank’s Internal Audit Department is tasked with verifying compliance with policies and procedures and the effectiveness of the internal control systems on an ongoing basis using samples and scheduled audit procedures. This helps to provide an independent and objective assessment of system efficacy and highlights significant non-compliances. Audits are carried out according to the annual audit plan which is reviewed and approved by the Board Audit Committee. Onsite Audits, Offsite Audits, Spot Audits, Process Audits and Thematic Audits are carried out across all Bank operations covering business units, departments and branches. The frequency of these audits is determined by the level of risk assessed. In addition, cyber security and data security measures are monitored through appropriate audit techniques and tools. Through these audit programmes and techniques, all controls are tested on an ongoing basis with significant findings identified by the Internal Audit Department submitted to the Board Audit Committee for review at their periodic meetings.

A special Steering Committee (Internal Control Over Financial Reporting Steering Committee) together with several Management-level Committees (referred to in page 165) have been granted appropriate authority to ensure effective management and supervision of the core areas of the Bank’s business operations.

In assessing the Internal Control Over Financial Reporting, identified officers of the Bank were reassigned to ensure compliance with all procedures and controls that are connected with significant accounts and disclosures of the financial statements of the Bank. The procedures used for this purpose are checked and verified by the Internal Audit Department for suitability of design and operating effectiveness on an ongoing basis. Significant issues (if any) observed by the Internal Audit Department are referred to the “Internal Control Over Financial Reporting Steering Committee” for their comments, prior to being included in the final report on Internal Control Over Financial Reporting submitted to the Board Audit Committee and the External Auditors. Sampath Bank continues to follow the new Sri Lanka Accounting Standards comprising LKAS and SLFRS. The processes and procedures initially implemented in 2012 with regard to the aforementioned Accounting Standards have been further strengthened over the years based on the feedback received from the Regulators, External Auditors, Board Audit Committee and the Internal Audit Department. The Bank has documented procedures pertaining to these new requirements and has proceeded to update the relevant procedure manuals as and when necessary.

Due to the increase of credit risk, liquidity risk and operational risk driven by local and global economic uncertainties, cyber security threats, frauds and internal malpractices, the Board Audit Committee strengthened its focus on enhancing internal controls and risk management framework to mitigate the evolving risks.

Further, the Credit Risk Management Unit continues to perform an independent review of the individually significant loan impairment process at each reporting date. The adequacy of post model adjustments (overlays) is also assessed. This assessment does not include the Bank’s subsidiaries.

The Board has long since recognised the need to automate the financial reporting process in order to proactively comply with the requirements of recognition, measurement, classification and disclosure of the financial instruments. Towards this end, the Bank successfully implemented Robotic Process Automation (RPA) in 2019, which has eliminated manual intervention in calculating impairment provisions to a greater extent. The Board continues to review various options available to increase the degree of automation in the financial reporting process.

In 2024, the Bank further strengthened its internal control processes to ensure that the challenges and uncertainties facing the country, including the complexity and frequent updates of regulations, rapid technological advancements, cybersecurity threat and data protection risk, lack of skilled personnel, high employee turnover, increasing trends in fraud and internal misconduct, were effectively mitigated. To ensure the adequacy and effectiveness of the Bank's internal control systems and to comply with the applicable governance requirements the ICOFR verification process was streamlined and revamped during the year 2024 and the Board Audit Committee obtained and reviewed the assurance received from the Managing Director and other Key Management Personnel who are responsible regarding the adequacy and effectiveness of the Bank's internal control systems.

The comments made by the External Auditor in connection with Internal Control System Over Financial Reporting in previous years, were reviewed and appropriate steps taken in 2024 to address relevant matters raised. The recommendations made by the External Auditor in 2024 in connection with the System of Internal Control Over Financial Reporting will be dealt with in future.

CONFIRMATION

Based on the above processes, the Board confirms that Sampath Bank’s System of Internal Control Over Financial Reporting is fully competent to provide a reasonable assurance regarding the reliability of financial reporting and support the preparation of financial statements for external purposes in accordance with relevant accounting principles and regulatory requirements of the Central Bank of Sri Lanka.

REVIEW OF THE STATEMENT BY EXTERNAL AUDITORS

The External Auditors, Messrs Ernst & Young, after reviewing the Directors’ Statement on Internal Control Over Financial Reporting included in the Annual Report of the Bank for the year ended 31st December 2024, have confirmed to the Board that nothing has come to their attention that causes them to believe that the Statement is inconsistent with their understanding of the process adopted by the Board in the review of the design and operating effectiveness of the System of Internal Control Over Financial Reporting. The External Auditor’s Report on the Statement of Internal Control Over Financial Reporting is given on page 266 of this Annual Report.

By order of the Board,

17th February 2025
Colombo, Sri Lanka