JCC INTERNAL CONTROLS
Enterprise Risk Management (ERM)
At a glance
The ERM Team is responsible for coordinating and articulating the instruments we use to implement our risk policies. They also regularly revaluate the maturity of risk assessments, train risk delegates, monitor escalated risks and prepares risk management reports for the Risk Committees (Board and Internal) and for the Board of Directors. ERM reports directly to the Board of Directors through the Board Risk Committee.Responsibilities
Our responsibilities include:- Determining JCC’s overall risk appetite
- Ensuring that all material risks are identified, measured and properly reported
- Informing our partners about JCC's risk exposure
- Submitting an annual review of the general business risks that may weaken JCC's going-concern-status
- Communicating with management about JCC's major risks, evaluating the measures taken by management to minimise those risks, and making recommendations accordingly
- Reviewing management’s proposals on risk strategy across all risk areas (credit, compliance and regulatory, information security, operational, etc.), and advising the Board Risk Committee accordingly
- Overseeing that all new projects, products, functions, systems, procedures, outsourcing arrangements, venture relationships, etc., are evaluated appropriately and that the necessary risk mitigation instruments are put in place prior to implementation
Information Security
At a glance
The Information Security Control Team is responsible for setting up and implementing our information security program. They support and advise JCC on all security-related issues. The overall purpose of the information security control team is to protect the confidentiality, integrity and availability of JCC's information assets. The Information Security Control Team reports to the Board of Directors through the Board Risk Committee.Responsibilities
Other responsibilities include:- Developing and implementing JCC's information security programme
- Creating and disseminating the company's information security policies and procedures to the company
- Ensuring that those policies are kept up-to-date and are being implemented
- Reporting significant threats, risks and any non-compliance to senior management
- Establishing and managing the information security training and awareness programme for all JCC employees
Compliance
At a glance
Our Compliance Team makes sure that all laws and regulations (local or EU, internal rules, or any compliance principles outlined in JCC’s Code of Conduct and established good business standards), are upheld. Integrity is an important part of managing compliance risk and the driving force behind JCC’s compliance activities. The compliance team is independent from the rest of the company and reports to the Board of Directors through JCC’s Board Risk Committee.Responsibilities
The Compliance Team is responsible for overseeing compliance in the following areas:- National and EU legislation
- JCC's approved procedures and policies
- Rules and regulations for card schemes
- JCC’s Code of Conduct and the integrity of its management and staff
- Conflict of interest issues between management, employees, suppliers or clients
- Money laundering and terrorism financing
Internal Audits
At a glance
The Internal Audit Team evaluates how effectively our company is governing itself and dealing with risk. They also oversee internal controls and monitor how well the company is meeting its goals and objectives. The Internal Audit Team reports to the Board of Directors through the Board Audit Committee.Responsibilities
Other responsibilities include:- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report that information
- Evaluating the systems that ensure compliance with any policies, plans, procedures, laws and regulations that could have a significant impact on our company
- Evaluating how the company can identify and safeguard its assets
- Evaluating how effectively and efficiently the company's resources are being used
- Evaluating operations and programmes to determine whether the company is meeting its objectives and goals as planned
- Monitoring and evaluating how the company governs itself
- Advising the company on issues like governance, risk management and control
- Administrative reporting to the company at least once a quarter on the state of the internal audit
- Functional reporting of significant risk exposures and control issues, including fraud risk, governance, and other matters requested by the Audit Committee