Company Ownership

JCC is fully owned by local commercial banks whereby Bank of Cyprus Public Co Ltd maintains a controlling interest. Other shareholders are Hellenic Bank Public Company Ltd, Alpha Bank Cyprus Ltd, National Bank of Greece (Cyprus) Ltd and AstroBank Ltd.

Board of Directors

The shareholders of JCC Payment Systems Ltd appoint the members of the Board of Directors which is comprised by the Chairman, the Vice-Chairman and two Non-Executive Directors out of which at least one Director is Independent Non-Executive of JCC’s shareholding structure.

The shareholders also appoint two Alternate Directors, who have the same roles and responsibilities as the primary Directors, however they participate in voting only in the case of absence of the primary Directors. One of the Alternate Directors is appointed by the minority shareholders of the Company.

The appointment of the Independent Non-Executive Director is in accordance with the Company’s Memorandum and Articles of Association, having no relation with the banking sector, being experienced, honest with high integrity. Such director has no direct or indirect relationship with any of the JCC Shareholders.

The Board of Directors’ main roles and responsibilities involve the decision-making of the following main matters:

a) the objectives and strategic policy of the Company;

b) its annual budget and business plan;

c) the significant capital expenditures as set out by the Board of Directors;

d) the adoption and any changes in the application of accounting principles;

e) the selection, appointment and termination of the services of the General Manager of the Company;

f) the approval of the company’s Risk Appetite.


Company Structure

Organizational Chart


General Manager

Dr. Nicodemos Damianou


Department Managers

Cosmas Agathocleous: KYC Department

Phoebus Christodoulides: Transaction & Physical Security Department 
Christophoros Mitsides: Operations Department

Maro Panayiotou: Marketing & Business Development Department

Christos Patzinakos: Finance Department

Andreas Savva: Processing Services Department

Constantinos Theodorou:  Information Technology Department


Internal Control Systems

The internal control departments of the Company are independent of the business and the units which they monitor and control. The purpose, standing and authority of each internal control department is governed by the respective terms of reference of each unit which is approved and periodically reviewed by the Audit Committee and the Risk Committee of the Board of Directors.

The internal control departments are:

a) The Enterprise Risk Management and Information Security;

b) The Compliance Department,

c) The Internal Audit Department.

Enterprise Risk Management (ERM) Function

The ERM function reports to the Board Risk Committee, coordinates and provides the facilities that will ensure risk policies are implemented, re-ensures the maturity of risk assessments, guides, trains risk delegates, facilitates relevant risk meetings/workshops and assess/take appropriate actions for risk matters. ERM also monitors escalated risks and prepares risk management reports to the Risk Committees (Board and Internal) and to the Board of Directors.

The ERM function reports to the Board of Directors through the Board Risk Committee


The main responsibilities of the ERM function:

1. Recommend to the Board Risk Committee the JCC’s overall Risk Appetite;

2. Provide assurance that all material risks are identified, measured and properly reported;

3. Review the risk exposure of JCC to existing and new participant banks;

4. Review, on an annual basis, the general business risks that may impair the going-concern-status of JCC;

5. Request information from the Management for the major risks, to which JCC is exposed, evaluates the measures taken by the Management to minimize those risks and makes recommendations for improvement measures;

6. Review management proposals on the desired risk strategy, i.e., the risk appetite/exposure, in each area of risk (credit, compliance & regulatory, information security, operational) and make appropriate recommendations to the Board Risk Committee;

7. Oversee that new projects/products, functions, systems, procedures, outsourcing arrangements venture relationships, etc., are evaluated appropriately through relevant processes by the risk owners, in terms of any risks introduced and that necessary risk mitigations are at hand before these are introduced and implemented.

8. Chair the Internal Risk Committee.

Information Security

Establishing and implementing an information security program and structure for communicating and coordinating security activities. Providing support/advise/services on all matters related to Information Security. The objective of the service is to protect the confidentiality, integrity and availability of the information assets of JCC.

The Information Security unit reports to the Board of Directors through the Board Risk Committee.

The main responsibilities of the Information Security unit are:

1. Develop and implement a wide JCC information security program;

2. Create and distribute information security policies and procedures;

3. Ensure that the Information Security Policy and standards are kept up to date;

4. Report significant threats, risks and non-compliances to senior management;

5. Ensure that all Information Security related responsibilities are performed;

6. Establish and manage an Information Security training and awareness program, for all employees;

7. Ensuring compliance with Information Security standards and guidelines.


The Compliance function principle task is to encourage, monitor and effective control the observation of laws and regulations either local or EU, internal rules including the compliance principles outlined in JCC’s Code of Conduct and established good business standards that are relevant to the integrity and hence, to the reputation of JCC. Integrity is an important element in managing compliance risk and the driving force behind JCC’s activities.

Compliance function maintains its independence from the functions that are primarily responsible for the implementation and maintenance of proper control.

Compliance function reports to Board of Directors through the JCC’s Board Risk Committee.

The Compliance Function is responsible for the oversight and monitoring compliance in relation to the following areas:

1. Local & EU legislation;

2. JCC procedures and policies approved by the Board of JCC;

3. Card Schemes Rules & Regulations;

4. Proper use of JCC’s Code of Conduct and Probity and Integrity of management and staff;

5. Proper handling of Conflict of Interest issues amongst management, staff, suppliers or clients;

6. Prevention of Money Laundering and Terrorism Financing.

Internal audit

The scope of Internal Audit encompasses, the examination and evaluation of the adequacy and effectiveness of the organisation's governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the organisation’s stated goals and objectives.

The Internal Audit reports to the Board of Directors through the Board Audit Committee.

The main responsibilities of the Internal Audit are the following:

1. Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information;

2. Evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the organization;

3. Evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets;

4. Evaluating the effectiveness and efficiency with which resources are employee;

5. Evaluating operations or programmes to ascertain whether results are consistent with established objectives and goals and whether the operations or programmes are being carried out as planned;

6. Monitoring and evaluating governance processes;

7. Performing consulting and advisory services related to governance, risk management and control as appropriate for the organization;

8. Reporting at least quarterly on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan;

9. Reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by the Audit Committee;

10. Evaluating specific operations at the request of the Audit Committee or management, as appropriate. 

Copyright 2011 JCC Payment Systems Ltd