Risk, security and compliance - JCC Payment Systems Ltd

Internal controls systems

JCC's internal control departments are independent of our business and the areas of our business they oversee. The purpose, standing and authority of each internal control department is governed by the respective terms of reference of each unit, which is approved and periodically reviewed by the Audit Committee and the Risk Committee of the Board of Directors

Enterprise Risk Management (ERM)

At a glance

The ERM Team is responsible for coordinating and articulating the instruments we use to implement our risk policies. They also regularly revaluate the maturity of risk assessments, train risk delegates, monitor escalated risks and prepares risk management reports for the Risk Committees (Board and Internal) and for the Board of Directors. ERM reports directly to the Board of Directors through the Board Risk Committee.

Responsibilities

Our responsibilities include:

Determining JCC’s overall risk appetite
Ensuring that all material risks are identified, measured and properly reported
Informing our partners about JCC's risk exposure
Submitting an annual review of the general business risks that may weaken JCC's going-concern-status
Communicating with management about JCC's major risks, evaluating the measures taken by management to minimise those risks, and making recommendations accordingly
Reviewing management’s proposals on risk strategy across all risk areas (credit, compliance and regulatory, information security, operational, etc.), and advising the Board Risk Committee accordingly
Overseeing that all new projects, products, functions, systems, procedures, outsourcing arrangements, venture relationships, etc., are evaluated appropriately and that the necessary risk mitigation instruments are put in place prior to implementation

Information Security

At a glance

The Information Security Control Team is responsible for setting up and implementing our information security program. They support and advise JCC on all security-related issues. The overall purpose of the information security control team is to protect the confidentiality, integrity and availability of JCC's information assets. The Information Security Control Team reports to the Board of Directors through the Board Risk Committee.

Responsibilities

Other responsibilities include:

Developing and implementing JCC's information security programme
Creating and disseminating the company's information security policies and procedures to the company
Ensuring that those policies are kept up-to-date and are being implemented
Reporting significant threats, risks and any non-compliance to senior management
Establishing and managing the information security training and awareness programme for all JCC employees

Compliance

At a glance

Our Compliance Team makes sure that all laws and regulations (local or EU, internal rules, or any compliance principles outlined in JCC’s Code of Conduct and established good business standards), are upheld. Integrity is an important part of managing compliance risk and the driving force behind JCC’s compliance activities. The compliance team is independent from the rest of the company and reports to the Board of Directors through JCC’s Board Risk Committee.

Responsibilities

The Compliance Team is responsible for overseeing compliance in the following areas:

National and EU legislation
JCC's approved procedures and policies
Rules and regulations for card schemes
JCC’s Code of Conduct and the integrity of its management and staff
Conflict of interest issues between management, employees, suppliers or clients
Money laundering and terrorism financing

Internal Audits

At a glance

The Internal Audit Team evaluates how effectively our company is governing itself and dealing with risk. They also oversee internal controls and monitor how well the company is meeting its goals and objectives. The Internal Audit Team reports to the Board of Directors through the Board Audit Committee.

Responsibilities

Other responsibilities include:

Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report that information
Evaluating the systems that ensure compliance with any policies, plans, procedures, laws and regulations that could have a significant impact on our company
Evaluating how the company can identify and safeguard its assets
Evaluating how effectively and efficiently the company's resources are being used
Evaluating operations and programmes to determine whether the company is meeting its objectives and goals as planned
Monitoring and evaluating how the company governs itself
Advising the company on issues like governance, risk management and control
Administrative reporting to the company at least once a quarter on the state of the internal audit
Functional reporting of significant risk exposures and control issues, including fraud risk, governance, and other matters requested by the Audit Committee

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
LB_Cookie	End of session	Security cookie Cookie used for server high availability. This cookie is deleted when the user closes the browser.
PHPSESSID	End of session	To identify your unique session on the website.
TSxxxxxxxx_xx	End of session	Security cookie Performs domain cookie validation, detects session expiration, and validates integrity of cookies. This cookie is deleted when the user closes the browser.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
loc	13 months	This cookie is set by AddThis social sharing widget to detect visitor location when providing sharing buttons on the website. How to opt out (https://www.addthis.com/privacy/opt-out/)
na_id	1 year	This cookie is set by AddThis social sharing widget to count unique visitors when providing sharing buttons on the website. How to opt out (https://www.addthis.com/privacy/opt-out/)
na_tc	1 year	Social Media sharing tracking cookie.
ouid	1 year	This cookie is set by AddThis social sharing widget to count unique visitors when providing sharing buttons on the website. How to opt out (https://www.addthis.com/privacy/opt-out/)
uid	1 year	This cookie is set by AddThis social sharing widget to count unique visitors when providing sharing buttons on the website. How to opt out (https://www.addthis.com/privacy/opt-out/)
uvc	13 months	This cookie is set by AddThis social sharing widget to count unique visitors when providing sharing buttons on the website. How to opt out (https://www.addthis.com/privacy/opt-out/)

Cookie	Duration	Description
__atuvc	13 months	This cookie is set by AddThis social and is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. How to opt out (https://www.addthis.com/privacy/opt-out/)
__atuvs	2 hours	This cookie is set by AddThis social and is commonly embedded in websites to enable visitors to share content with a range of networking and sharing platforms. How to opt out (https://www.addthis.com/privacy/opt-out/)
acceptCookies	1 month	This cookie sets your acceptance of cookies to

Cookie	Duration	Description
__utmb	30 min	Google analytics Used to determine new sessions/visits. This cookie is deleted 30 minutes after the initial visit to the website.
__utmc	End of session	Google analytics Used to determine new sessions/visits. This cookie is deleted when the user closes the browser.
__utmt	End of session
__utmz	6 months	Google analytics Stores the traffic source or campaign that explains how the user reached your site. This cookie is deleted 6 months after the initial visit to the website.
_utma	2 years	Google analytics Used to distinguish users and sessions. This cookie is deleted 2 years after the initial visit to the website.

JCC INTERNAL CONTROLS

Enterprise Risk Management (ERM)

At a glance

Responsibilities

Information Security

At a glance

Responsibilities

Compliance

At a glance

Responsibilities

Internal Audits

At a glance

Responsibilities