Regulators

The key regulators

Central Bank of Sri Lanka (CBSL)

The CBSL plays a vital role in the financial sector of Sri Lanka, to achieve and maintain a healthy and stable economic and financial system while utilising resources effectively. There are several departments that provide oversight to the financial sector including the Department of Supervision of Non-Banking Financial Institutions of Central Bank of Sri Lanka (DSNBFI) and the Financial Intelligence Unit of Sri Lanka (FIU) which are the main departments, and the Forex Department and the Payment and Settlement Division that function within the administration of the CBSL.

DSNBFI supervises Non-Banking Financial Institutions through examinations, continuous surveillance, granting regulatory approvals, issuance of directions and prudential requirements, and investigations to ensure the establishment and maintenance of a sound financial system.

FIU functions to combat money laundering, terrorist financing and other related crimes in Sri Lanka in line with international recommendations and standards.

The proposed Corporate Governance Direction effective from 1 July 2022, will further strengthen the corporate governance culture across the NBFI sector.

Securities and Exchange Commission of Sri Lanka (SEC)

EC acts to create and maintain a market where securities can be fairly traded and to protect investors.

Colombo Stock Exchange (CSE)

CSE aims to facilitate investors to raise capital by trading corporate and Government Securities while extending regulations to maintain market integrity and investor confidence.

Sri Lanka Accounting and Auditing Standards Monitoring Board (SLAASMB)

To monitor compliance with the Sri Lanka Accounting Standards and the Sri Lanka Auditing Standards in the preparation, presentation, and audit of financial statements of specified business entities.

Inland Revenue Department (IRD)

IRD administers the various taxes which fall under its authority intending to secure decent tax revenue to be utilised for the sustainable development of Sri Lanka.

Our team members are given ongoing training through the CDB e-learning platform to enhance their knowledge of regulatory aspects and compliance with a special emphasis on anti-money laundering.

A culture of compliance

Good governance is a fundamental element of driving improvement in culture, business practices and decision making. It is also critical in being able to respond effectively to crises. Following the stringent scrutiny of non-bank financial institutions, and the increased digitalisation of financial services, we have continued to strengthen the compliance and governance framework across our business. Our employees are given ongoing training through the CDB e-learning platform to enhance their knowledge of regulatory aspects and compliance with a special emphasis on anti-money laundering. The compliance culture is reinforced through the appointment of compliance representatives for each branch and department and the communication of new directions through regular meetings. The feedback of the employees on compliance aspects is reported to the management team and the Board regularly for review and action. This enables us to be proactive in being compliant with the new regulations when they come into effect. We have also integrated ethical behaviour and good conduct across our Organisation, maintained open and transparent communications with regulators and engaged constructively in inspections and investigations. During the year, the periodic information related to the Company’s operations was submitted to the CBSL on time.

Strengthening our IT Governance and cybersecurity

The highest priority is accorded to minimising our vulnerability to cybercrimes, loss of information and maintenance of uninterrupted data services for our stakeholders, whilst ensuring preparedness for the future. As we remain vigilant against external and internal cybersecurity threats, we ensure our security measures are working as optimally as possible. Our transparent, compliant, and ethical collection and use of data is key to earning and maintaining the trust of our customers and colleagues. Our focus is on keeping data secure protecting our customer systems and providing our employees with the right tools and processes to respond to security incidents when they occur.

With the increased investment in technology and digital capabilities to build scale and offer best-in-class experiences to our stakeholders, we have established strong IT Governance framework. We follow the Three Lines of Defence framework for IT governance. Our Information Technology Steering Committee (ITSC) and Information Security Steering Committee (ISSC) promotes and supports the effective use of technology, information and information security across the Organisation. The Committee improves the alignment between IT and business strategy, accountability for IT decision and finally value generation through ongoing evaluation of IT value and performance of IT services. We are an ISO/IEC 27001:2013 certified organisation for our IT Services. We have continued the certification for the last five consecutive years. The certification is a testament to our commitment to ensuring the highest levels of customer information security through conformance to the highest information systems, practices and protocols, in accordance with global standards. Moreover, we implement a comprehensive firewall and security policy management solution (for multi-vendor), to combat cybersecurity and enhance the security architecture of the Organisation. ICT shared services have implemented a web application firewall to protect the application systems in tandem with the increasing use of web-based applications and the resulting increase in exposure to the Internet. Furthermore, we conduct regular security assessments to identify and assess system and application vulnerabilities and take appropriate remedial action.

Regular pursuits

• Conducting regular VAPTs to ensure the security of the CDB internal network and external accesses.
• Providing regular training to team members on specialised areas for performance improvement and career advancement.
• Participating in annual audits of the membership body including KPMG and FinCSIRT. This is in addition to the ISO 27001:2013 audit.
• Conducting awareness sessions on cybersecurity for customers and colleagues, alerting and assessing cyberthreats and conducting simulation analysis at regular intervals with management support.
• Supporting the IT Disaster Recovery site through engaging in drills to strengthen resilience.

Our RegTech and FinTech security measures

Ensuring a sustainable organisation

GRI 409-1

The CDB Sustainability Steering Committee oversees the sustainability policy of the Company and the promotion of financial inclusion. The Committee closely monitors the business conduct to ensure accountability, fairness and ethical behaviour whilst assuring the privacy of customer data. We maintain a zero-tolerance policy towards financial crime, bribery and corruption, whilst ensuring no slavery, or forced or bonded labour is undertaken within CDB operations and supplier operations through the Environment and Social Management System (ESMS), Procurement Policy and Supplier Codes of Conduct.

Satisfied customers can drive the organisation towards a sustained competitive advantage. Therefore, we are committed to providing quality and convenient financial services, fuelled by our business model and the “urban funding rural lending” concept. Our customers experience the most convenient and differentiated financial services, 24/7, through a disciplined and well-trained workforce as well as FinTech innovations. Furthermore, as a socially responsible organisation, we are committed to resolving customer complaints efficiently and speedily, whilst attending to customer needs swiftly and fairly.

We respect human rights and the universal right to work. Therefore, we provide equal opportunity to earn a living through work, with freedom of choice and space to safeguard the rights of employees. Information about human rights, gender equality and sustainable development are included in our corporate internal policies, such as the Employee Code of Conduct and HR Policy. By increasing awareness and application, we have ensured that these policies are comprehensively shared and understood by all employees.

A zero-tolerance policy has been established towards all forms of violence in the workplace including sexual harassment. Appropriate policies, procedures, grievance mechanisms and support structures have been established for employees to report incidences or suspected incidences of violence, exploitation or harassment anonymously. Best practices are in place to safeguard whistleblowers against potential retaliation. Our commitment to reducing gender-based violence has been communicated both internally and externally. We have also raised awareness among employees about what constitutes harassment, trafficking, or exploitation, and provided training on how to manage and prevent it.

Ethics and integrity

Ethical leadership is of paramount importance to CDB. Ethical behaviour has been internalised through the Company’s Code of Ethics which is central to how we operate and grow sustainably, refuting unethical behaviour, fraud and corruption. Ethical business practices are supported by the top management and are guided by our values-driven culture and are cascaded to the team members in carrying out day-to-day business.

Supporting regulators through the pandemic

We have continued to coordinate with the regulators and established communication protocols to respond to their urgent and ad hoc queries to safeguard the interest of the stakeholders and the industry. We continue to be fully compliant with all regulations, especially pertaining to operations during the pandemic. Most of our Board meetings were held virtually.

Priorities for 2022/23

As a responsible and ethical corporate entity, we will continue to strengthen our governance and regulatory compliance aspects that create and sustain shareholder value and ensure sustainable value creation for all stakeholders. We will proactively establish the required protocols to comply with the new regulations, especially with the proposed Corporate Governance Direction No. 05 of 2021 which will come into effect from 1 July 2022.