📄 Certeficate Of Company Registration

IBCBanking — Company Policy

 Applies to all directors, employees, temporary staff, contractors, and third-party service providers of IBCBanking. Jurisdiction: Lithuania and applicable EU law.

1) Purpose & Scope

This Policy sets minimum standards for ethical conduct, regulatory compliance, customer protection, information security, and risk management at IBCBanking. Departmental procedures must meet or exceed these standards.

2) Governance & Accountability

The Board approves this Policy and sets risk appetite. Executive Management implements controls and reports to the Board. The CRO oversees enterprise risk; the CCO oversees regulatory compliance and AML/CFT; the DPO oversees GDPR; the CISO oversees cybersecurity. All staff must read, understand, and comply with this Policy.

3) Code of Conduct & Ethics

Act with integrity, avoid conflicts of interest, and never engage in bribery, corruption, fraud, harassment, or discrimination. Gifts/hospitality must be modest and recorded where required. Confidential information must not be disclosed, including on social media.

4) Regulatory Compliance

Comply with Lithuanian and EU regulations and supervisory expectations of the Bank of Lithuania and EU authorities. Consult Compliance when in doubt.

5) Financial Crime Compliance (AML/CFT & Sanctions)

Apply risk-based CDD/KYC, verify UBOs, monitor transactions, and screen against sanctions/PEP lists. Escalate and report suspicious activity. Retain records as required and complete mandatory AML/CFT training.

6) Customer Protection & Market Conduct

Treat customers fairly with clear, not-misleading communications. Ensure suitability, transparent terms/fees, and robust complaints handling. Provide enhanced care to vulnerable customers.

7) Data Protection & Privacy (GDPR)

Process personal data lawfully for specified purposes, minimise data, and maintain accuracy. Enable data-subject rights, manage international transfers, report suspected breaches to the DPO, conduct DPIAs where needed, and follow retention/disposal schedules.

8) Information Security & Technology

Use a risk-based security framework with least-privilege access (MFA), asset inventory/classification, encryption where appropriate, secure SDLC, vulnerability management, logging/monitoring, and third-party/cloud controls. Follow the Incident Response Plan.

9) Risk Management

Identify, measure, monitor, and control key risks within Board-approved appetite/limits. Report breaches immediately. Maintain and test BCP/DR; validate and monitor models independently.

10) Conflicts of Interest

Identify and disclose conflicts to Compliance; manage via recusal, segregation of duties, and customer disclosure where appropriate. Outside business activities require prior approval.

11) Human Resources & Workplace Standards

Ensure equal opportunity, a safe and respectful workplace, proportionate background screening, mandatory training, and confidential whistleblowing with no retaliation.

12) Records Management

Keep accurate, complete, and retrievable records. Follow retention schedules and secure destruction protocols.

13) Procurement & Third-Party Management

Conduct vendor due diligence (financial, compliance, security, sanctions). Include confidentiality, data protection, audit rights, and termination/exit clauses in contracts. Perform risk-based oversight.

14) Physical Security

Protect premises with appropriate access controls, visitor management, and lawful CCTV. Apply clean-desk practices for sensitive information.

15) Communications & Disclosure

Only authorised spokespeople deal with media, regulators, and investors. Regulatory notifications must be prompt, accurate, and complete. Pre-approve marketing materials.

16) Policy Breaches & Disciplinary Action

Breaches may lead to disciplinary action up to termination, civil/criminal referrals, and contractual remedies. Report suspected breaches promptly to a manager, Compliance, HR, or via whistleblowing channels.

17) Training & Acknowledgement

All personnel must complete mandatory training on hire and annually and acknowledge compliance with this Policy.

18) Review & Maintenance

Owner: Compliance (with Risk, Legal, HR, IT Security). Review at least annually or upon change. Latest version is kept in the policy repository.

19) Definitions

CDD/KYC: identify and verify customers and understand their activities. PEP: Politically Exposed Person. Personal Data: data relating to an identifiable person. Incident: event that compromises confidentiality, integrity, availability, or safety.


Disclaimer

This Policy is a general template for IBCBanking in Lithuania and does not constitute legal advice. Local laws and supervisory requirements may impose additional obligations. Consult Legal/Compliance before deviating.

We may use cookies or any other tracking technologies when you visit our website, including any other media form, mobile website, or mobile application related or connected to help customize the Site and improve your experience Learn more

Allow