Reporting Accounting Irregularities
Policy for Reporting Irregularities Relating to Accounting and Internal Controls
The Policy for Reporting Irregularities Relating to Accounting and Internal Controls (the “Policy”) applies to all employees of National Bank, its subsidiaries and foreign centers (the “Bank”) and any other individuals wishing to avail themselves of it. Where an employee is subject to more than one policy relating to these matters, they must always abide by the policy that is the most restrictive.
In compliance with National Instrument 52-110 about audit committees issued by the Canadian Securities Administrators, the Audit Committee hereby establishes procedures for:
- The receipt, retention and treatment of reports of irregularities and concerns received by the Bank regarding accounting, internal accounting controls or auditing matters;
- The confidential, anonymous submission by any individuals or Bank employees of concerns regarding questionable accounting, internal accounting controls or auditing matters; and
- The protection of individuals who wish to report a potential irregularity or submit a concern in connection with this Policy.
Objective of Policy
This Policy addresses the reporting of irregularities and concerns regarding questionable accounting, internal accounting controls or auditing matters at the Bank, including:
- Any misstatement, fraud or omission in any financial statement of, or other financial information released by the Bank, including any report or document filed with securities regulatory authorities or any other government or regulatory authority;
- Any intentional error or misconduct in the preparation, evaluation, review or audit of any of the Bank's financial statements;
- Any misstatement, fraud or omission in the recording and maintaining of the Bank's financial records;
- Any weakness or deficiency or non-compliance with the Bank's internal accounting controls;
- Any misrepresentation or false statement made to or by an executive or accountant concerning a matter contained in, or required to be contained in, the Bank's financial records, financial statements, financial reports or audit reports;
- Any deviation from full and fair reporting of the Bank's financial condition, operating results or cash flows;
- Any effort to mislead, deceive, coerce or fraudulently influence any internal or external accountant or auditor of the Bank in connection with the preparation, examination, audit or review of any of the Bank's financial statements or records;
- Any other error, deficiency or weakness in the Bank's financial statements, internal controls, auditing procedures, financial records or reports.
Report Handling Procedure
Managers who are made aware of irregularities by employees reporting to them must refer these employees to the reporting process described below.
Ombudsman for Clients
Any individual or Bank employee may report an irregularity or concern regarding questionable accounting, internal accounting controls or auditing matters at the Bank directly to the Office of the National Bank Ombudsman for Clients:
- By e-mail:
- By regular mail:
Ombudsman for clients
National Bank of Canada
P.O. Box 275, Montreal, Quebec H2Y 3G7
- By fax:
The Ombudsman for Clients maintains the anonymity of the reporting individual and the confidentiality of the report or concern. The information obtained by the Ombudsman for Clients is compiled on an anonymous, confidential basis and the file is sent to the Internal Audit Department (“Internal Audit”) with a copy to the Corporate Compliance Department (“Corporate Compliance”).
If the irregularity or concern relates to the Ombudsman for Clients, it must be reported directly to Internal Audit, which will act in accordance with the rules established for the Ombudsman for Clients. In this situation, Internal Audit must be notified by e-mail at firstname.lastname@example.org.
If the irregularity or concern relates to Corporate Compliance or Internal Audit, the Ombudsman for Clients will notify the Audit Committee, and the Audit Committee will mandate a third party, such as the Bank's external auditors, to conduct the investigation to ensure independence and impartiality.
Internal Audit receives the complete file prepared by the Ombudsman for Clients and investigates the reported irregularity. If additional information is needed during the investigation, the Ombudsman for Clients contacts the reporting individual. Once the investigation has been completed, Internal Audit submits its investigation report to Corporate Compliance and the Ombudsman for Clients.
Corporate Compliance receives and retains a copy of the file about the irregularity or concern reported. Corporate Compliance informs the Global Risk Committee and the Audit Committee of each irregularity or concern reported, whether founded or unfounded. Once the investigation by Internal Audit has been completed and documented, Corporate Compliance reports to the Audit Committee on the results of the investigation. In addition, Corporate Compliance compiles statistics and informs the Audit Committee periodically, or as necessary, about the number of irregularities or concerns reported, whether founded or unfounded.
Periodically, or as necessary, Corporate Compliance reports to the Audit Committee on irregularities and concerns reported, and subsequently apprises the Audit Committee of the results of each investigation. It reviews the number of irregularities or concerns reported, whether founded or unfounded.
In the event a reported irregularity or concern is determined to be founded, Corporate Compliance makes a recommendation to the Audit Committee concerning any action to be taken. The action may be formulated as follows:
- If the irregularity or concern relates to a weakness or deficiency in any of the Bank's internal controls or accounting systems, the Audit Committee designates an executive to oversee any necessary strengthening and/or correction of such weakness or deficiency.
- If the irregularity or concern relates to a misstatement, error or omission in any of the Bank's financial statements, or in any report or other document filed by the Bank with securities regulatory authorities or any government or regulatory authority, the executive (or other person designated by the Audit Committee), in cooperation with the Corporate Secretary's Office, if appropriate, oversees the prompt correction or restatement of such financial statement, report or document and, if necessary, ensures that all amendments to any previously filed reports or documents to correct said misstatements, errors or omissions are filed with the securities regulatory authorities or any other government or regulatory authority.
- Any other matter reported is addressed and resolved appropriately in accordance with legislation and the applicable accounting and auditing standards.
- The executive or the person designated by the Audit Committee is responsible for taking the necessary action against any employee who is the object of a founded irregularity or concern and is determined to be at fault.
Follow-up report to reporting individual
When the Audit Committee has completed its investigation of a reported irregularity or concern, whether founded or unfounded, the Ombudsman for Clients gives the reporting individual a written report on the results of the investigation. However, if action is to be taken against an employee at fault, the details of said action are not disclosed in the report.
Protection of Reporting Individual
The Bank will not tolerate any reprisals that may be made against any individual who, in good faith, reports an irregularity or provides information in relation to a report. Any manager or employee who takes or threatens reprisal in any form will be subject to corrective or disciplinary measures up to and including dismissal, in accordance with its policy entitled “Corrective and Disciplinary Measures.”
In addition, any Bank employee who alleges having been discharged, demoted, suspended, threatened,
harassed or in any manner discriminated against in violation of the provisions of the Policy may report the alleged violation to the Chair of the Audit Committee, who may take the necessary action, in particular by appointing an individual to direct an investigation into the employee's allegations.
However, anyone who participates in a prohibited activity is subject to corrective measures up to and including dismissal even if the person reports the irregularity. Should corrective measures be deemed necessary, the Bank will take into consideration the person’s decision to report the irregularity.
A Bank employee who intentionally makes a false report or in any other way abuses the Policy may be subject to corrective measures up to and including dismissal, in accordance with the policy entitled “Corrective and Disciplinary Measures”.
Confidentiality and Anonymity
All reporting may be made confidentially and the Bank will take all necessary action to ensure the confidentiality of the information disclosed and the anonymity of the reporting individual. Only the individuals and/or sectors specified in the Policy may be made aware of the information disclosed. Unless the disclosure of the information is required by law or is essential to conducting the investigation, confidentiality will be maintained at all times. The identity of the reporting individual may not be disclosed unless he or she consents and confirm his or her agreement in writing of its required by a governmental authority.
Roles and Responsibilities
The Global Risk Committee oversees all matters pertaining to comprehensive risk management Bank‑wide.
The Audit Committee is responsible for applying the Policy and revising it, when substantial amendments are made and recommending its approval to the Conduct Review and Corporate Governance Committee.
The Conduct Review and Corporate Governance Committee approves any revisions to the Policy submitted by the Audit Committee.
- Reviews the Policy annually or as needed;
- Ensures that the Policy is communicated to Bank employees;
- Reports to the Global Risk Committee and the Audit Committee, if required.
Office of the Ombudsman for Clients:
- Actively maintains the reporting procedure;
- Ensures that the Policy is communicated to anyone who requests it.
Internal Audit investigates every report of irregularity received.
Executives make sure that their employees are familiar with the Policy.
Review and Approval of the Policy
The Policy will be reviewed annually by the Senior Vice-President and Chief Compliance Officer of the Bank in order to keep it current with significant applicable laws and recognized industry practices. The Policy will be submitted to the Audit Committee periodically or if substantial modifications are required, for approval to the Conduct Review and Corporate Governance Committee. The Senior Vice-President and Chief Compliance Officer of the Bank may make non-substantive modifications to the Policy from time to time.