Reporting Accounting Irregularities

Policy for Reporting Irregularities Relating to Accounting, Internal Accounting Controls and Auditing Matters at National Bank of Canada

Scope

The Policy for Reporting Irregularities Relating to Accounting, Internal Accounting Controls and Auditing Matters at National Bank of Canada (the “Policy for Reporting Accounting Irregularities” or the “Policy”) applies to all employees of National Bank and its subsidiaries (the “Bank”) and any individuals wishing to avail themselves of it.

Regulatory context

In accordance with National Instrument 52-110 about audit committees issued by the Canadian Securities Administrators, the Audit Committee hereby establishes procedures for:

  • the receipt, retention and treatment of complaints and concerns received by the Bank regarding accounting, internal accounting controls or auditing matters;
  • the confidential, anonymous submission by any individuals or Bank employees of complaints or concerns regarding questionable accounting, internal accounting control or auditing matters; and
  • the protection of individuals who wish to file a complaint or submit a concern in connection with this Policy.

Objective of policy

This Policy addresses the reporting of complaints and concerns regarding questionable accounting, internal accounting controls or auditing matters at the Bank, including:

  • Any misstatement, fraud or omission in any financial statement of, or other financial information released by the Bank, including any report or document filed with securities regulatory authorities or any other government or regulatory authority;
  • Any intentional error or misconduct in the preparation, evaluation, review or audit of any of the Bank's financial statements;
  • Any misstatement, fraud or omission in the recording and maintaining of the Bank’s financial records;
  • Any weakness or deficiency or non-compliance with the Bank’s internal accounting controls;
  • Any misrepresentation or false statement made to or by an executive or accountant concerning a matter contained in, or required to be contained in, the Bank’s financial records, financial statements, financial reports or audit reports;
  • Any deviation from full and fair reporting of the Bank’s financial condition, operating results or cashflows;
  • Any effort to mislead, deceive, coerce or fraudulently influence any internal or external accountant or auditor of the Bank in connection with the preparation, examination, audit or review of any of the Bank’s financial statements or records;
  • Any other error, deficiency or weakness in the Bank’s financial statements, internal controls, auditing procedures, financial records or reports.

Complaint handling procedure

Ombudsman

Any individual or Bank employee may submit a complaint or concern regarding questionable accounting, internal accounting controls or auditing matters at the Bank directly to the Office of the Ombudsman:

  • By telephone at the dedicated phone line for the application of the Policy:
    1-877-390-7881

  • By e-mail at the dedicated e-mail for the application of the Policy
    ombudsmanethic@nbc.ca

  • By regular mail:
    Ombudsman
    National Bank of Canada
    P.O. Box 275, Montreal, Quebec H2Y 3G7
    Transit: 9152-1

  • By fax:
    1-888-866-3399

The Ombudsman maintains the anonymity of the reporting individual and the confidentiality of the complaint. The information obtained by the Ombudsman is compiled on an anonymous, confidential basis and the file is sent to Internal Audit with a copy to Corporate Compliance.

If the irregularity or concern relates to the Ombudsman, it must be reported directly to Corporate Compliance, which will act in accordance with the rules established for the Client Ombudsman. In this situation, Corporate Compliance must be notified of the complaint by telephone at 514-394-8694.

If the complaint or concern relates to Corporate Compliance or Internal Audit, the Ombudsman will notify the Audit Committee, and the Audit Committee will mandate a third party, such as the Bank's external auditors, to conduct the investigation to ensure independence and impartiality.

Internal Audit

Internal Audit receives the complete file prepared by the Ombudsman and investigates the reported irregularity. If additional information is needed during the investigation, the Client Ombudsman contacts the reporting individual. Once the investigation has been completed, Internal Audit submits its investigation report to Corporate Compliance and the Client Ombudsman.

Corporate Compliance

Corporate Compliance receives and retains a copy of the file for the complaint received or concern reported. Corporate Compliance informs the Global Risk Committee and the Audit Committee of each complaint received or concern reported, whether founded or unfounded. Once the investigation by Internal Audit has been completed, Corporate Compliance reports to the Audit Committee on the results of the investigation. In addition, Corporate Compliance compiles statistics and informs the Audit Committee periodically, or as necessary, about the number of complaints and concerns received, whether founded or unfounded.

Audit Committee

Periodically, or as necessary, Corporate Compliance submits a report to the Audit Committee on complaints and concerns received, and subsequently apprises the Audit Committee of the results of each investigation. It reviews the number of complaints and concerns received, whether founded or unfounded.

In the event a complaint or a concern is determined to be well-founded, Corporate Compliance makes a recommendation to the Audit Committee concerning any action to be taken. The action may be formulated as follows:

  • If the complaint or concern relates to a weakness or deficiency in any of the Bank’s internal controls or accounting systems, the Audit Committee designates an executive to oversee any necessary strengthening and/or correction of such weakness or deficiency.
  • If the complaint or concern relates to a misstatement, error or omission in any of the Bank’s financial statements, or in any report or other document filed by the Bank with securities regulatory authorities or any government or regulatory authority, the executive (or other person designated by the Audit Committee), in cooperation with the Corporate Secretary’s Office, if appropriate, oversees the prompt correction or restatement of such financial statement, report or document and, if necessary, ensures that all amendments to any previously filed reports or documents to correct said misstatements, errors or omissions are filed with the securities regulatory authorities or any other government or regulatory authority.
  • Any other matter reported is addressed and resolved appropriately in accordance with legislation and the applicable accounting and auditing standards.
  • The executive or the person designated by the Audit Committee is responsible for taking the necessary action against any employee who is the object of a well-founded complaint or concern and is determined to be at fault.

Follow-Up Report to Reporting Individual

When the Audit Committee has completed its investigation of a complaint or concern, whether each complaint or concern is determined to be founded or unfounded, the Ombudsman gives the reporting individual a written report on the results of the investigation. However, if action is to be taken against an employee at fault, the details of said action are not disclosed in the report.

Protection of reporting individual

Confidentiality and anonymity are ensured at all times for any individual, including a Bank employee, who submits a complaint or concern.

No action or reprisal may be taken against any individual, including a Bank employee, who submits a complaint or concern in good faith, even if the irregularity or concern is ultimately determined to be unfounded. In particular, neither the Bank nor any employee of the Bank may discharge, demote, suspend, threaten, harass or in any manner discriminate in the terms and conditions of employment or otherwise take any form of reprisal against a reporting individual who filed a complaint or submitted a good faith concern in accordance with this Policy. Any such action or reprisal taken against a reporting individual constitutes a violation of this Policy.

In addition, any Bank employee who alleges having been discharged, demoted, suspended, threatened, harassed or in any manner discriminated against in violation of the provisions of the Policy may report the alleged violation to the Chair of the Audit Committee, which may take remedial action, as appropriate, in particular by appointing an individual to direct an investigation into the employee’s allegations.

However, if an individual, including a Bank employee, submits a complaint or concern in an unreasonable, frivolous or abusive manner, the individual may be subject to disciplinary actions.

Confidentiality and anonymity

Complaints or concerns may be submitted confidentially and the Bank will take all necessary action to ensure the confidentiality of the information disclosed and the anonymity of the reporting individual. Only the individuals and/or sectors specified in this Policy may be made aware of the information disclosed. Unless the disclosure of the information is required by law or is essential to conducting the investigation, confidentiality will be maintained at all times. The identity of the reporting individual may not be disclosed without the reporting individual’s consent. If the reporting individual consents to disclosure, said consent must be provided in writing.

Roles and responsibilities

The Global Risk Committee oversees all matters pertaining to comprehensive risk management Bank-wide.

The Audit Committee is responsible for applying and revising, as applicable, this Policy. The Conduct Review and Corporate Governance Committee approves any revisions to this Policy.

Corporate Compliance:

  • reviews the Policy annually or as needed, and recommends any changes, if required, to the Audit Committee for approval by the Conduct Review and Corporate Governance Committee;
  • ensures that the Policy is communicated to Bank employees;
  • reports, if required, to the Global Risk Committee.

Office of the Ombudsman:

  • actively maintains the reporting procedure;
  • ensures that the Policy is communicated to anyone who requests it.

Internal Audit investigates every complaint or concern received.

The managers make sure that their employees are familiar with the Policy.