Reporting Accounting Irregularities

Policy for Reporting Irregularities Relating to Accounting, Internal Accounting Controls and Auditing Matters at National Bank of Canada

Scope

The Policy for Reporting Irregularities Relating to Accounting, Internal Accounting Controls and Auditing Matters at National Bank of Canada (the “Policy for Reporting Accounting Irregularities” or the “Policy”) applies to all employees of National Bank, its subsidiaries and foreign centers (the “Bank”) and any individuals wishing to avail themselves of it.

Regulatory Context

In compliance with National Instrument 52-110 about audit committees issued by the Canadian Securities Administrators, the Audit Committee hereby establishes procedures for:

  • The receipt, retention and treatment of reports of irregularities and concerns received by the Bank regarding accounting, internal accounting controls or auditing matters;
  • The confidential, anonymous submission by any individuals or Bank employees of concerns regarding questionable accounting, internal accounting controls or auditing matters; and
  • The protection of individuals who wish to report a potential irregularity or submit a concern in connection with this Policy.

Objective of Policy

This Policy addresses the reporting of irregularities and concerns regarding questionable accounting, internal accounting controls or auditing matters at the Bank, including:

  • Any misstatement, fraud or omission in any financial statement of, or other financial information released by the Bank, including any report or document filed with securities regulatory authorities or any other government or regulatory authority;
  • Any intentional error or misconduct in the preparation, evaluation, review or audit of any of the Bank's financial statements;
  • Any misstatement, fraud or omission in the recording and maintaining of the Bank's financial records;
  • Any weakness or deficiency or non-compliance with the Bank's internal accounting controls;
  • Any misrepresentation or false statement made to or by an executive or accountant concerning a matter contained in, or required to be contained in, the Bank's financial records, financial statements, financial reports or audit reports;
  • Any deviation from full and fair reporting of the Bank's financial condition, operating results or cash flows;
  • Any effort to mislead, deceive, coerce or fraudulently influence any internal or external accountant or auditor of the Bank in connection with the preparation, examination, audit or review of any of the Bank's financial statements or records;
  • Any other error, deficiency or weakness in the Bank's financial statements, internal controls, auditing procedures, financial records or reports.

Report Handling Procedure

Ombudsman for Clients

Any individual or Bank employee may report an irregularity or concern regarding questionable accounting, internal accounting controls or auditing matters at the Bank directly to the Office of the Ombudsman for Clients:

  • By telephone: Ombudsman for Clients – Ethics
    1-877-390-7881
  • By regular mail:
    Ombudsman for clients
    National Bank of Canada
    P.O. Box 275, Montreal, Quebec H2Y 3G7
    Transit: 9152-1
  • By fax:
    1-888-866-3399

The Ombudsman for Clients maintains the anonymity of the reporting individual and the confidentiality of the report or concern. The information obtained by the Ombudsman for Clients is compiled on an anonymous, confidential basis and the file is sent to the Internal Audit Department (“Internal Audit”) with a copy to the Corporate Compliance Department (“Corporate Compliance”).

If the irregularity or concern relates to the Ombudsman for Clients, it must be reported directly to Corporate Compliance, which will act in accordance with the rules established for the Ombudsman for Clients. In this situation, Corporate Compliance must be notified by telephone at 514-394-8694.

If the irregularity or concern relates to Corporate Compliance or Internal Audit, the Ombudsman for Clients will notify the Audit Committee, and the Audit Committee will mandate a third party, such as the Bank's external auditors, to conduct the investigation to ensure independence and impartiality.

Internal Audit

Internal Audit receives the complete file prepared by the Ombudsman for Clients and investigates the reported irregularity. If additional information is needed during the investigation, the Ombudsman for Clients contacts the reporting individual. Once the investigation has been completed, Internal Audit submits its investigation report to Corporate Compliance and the Ombudsman for Clients.

Corporate Compliance

Corporate Compliance receives and retains a copy of the file about the irregularity or concern reported. Corporate Compliance informs the Global Risk Committee and the Audit Committee of each irregularity or concern reported, whether founded or unfounded. Once the investigation by Internal Audit has been completed and documented, Corporate Compliance reports to the Audit Committee on the results of the investigation. In addition, Corporate Compliance compiles statistics and informs the Audit Committee periodically, or as necessary, about the number of irregularities or concerns reported, whether founded or unfounded.

Audit Committee

Periodically, or as necessary, Corporate Compliance reports to the Audit Committee on irregularities and concerns reported, and subsequently apprises the Audit Committee of the results of each investigation. It reviews the number of irregularities or concerns reported, whether founded or unfounded.

In the event a reported irregularity or concern is determined to be founded, Corporate Compliance makes a recommendation to the Audit Committee concerning any action to be taken. The action may be formulated as follows:

  • If the irregularity or concern relates to a weakness or deficiency in any of the Bank's internal controls or accounting systems, the Audit Committee designates an executive to oversee any necessary strengthening and/or correction of such weakness or deficiency.
  • If the irregularity or concern relates to a misstatement, error or omission in any of the Bank's financial statements, or in any report or other document filed by the Bank with securities regulatory authorities or any government or regulatory authority, the executive (or other person designated by the Audit Committee), in cooperation with the Corporate Secretary's Office, if appropriate, oversees the prompt correction or restatement of such financial statement, report or document and, if necessary, ensures that all amendments to any previously filed reports or documents to correct said misstatements, errors or omissions are filed with the securities regulatory authorities or any other government or regulatory authority.
  • Any other matter reported is addressed and resolved appropriately in accordance with legislation and the applicable accounting and auditing standards.
  • The executive or the person designated by the Audit Committee is responsible for taking the necessary action against any employee who is the object of a founded irregularity or concern and is determined to be at fault.

Follow-up report to reporting individual

When the Audit Committee has completed its investigation of a reported irregularity or concern, whether founded or unfounded, the Ombudsman for Clients gives the reporting individual a written report on the results of the investigation. However, if action is to be taken against an employee at fault, the details of said action are not disclosed in the report.

Protection of Reporting Individual

The Bank will not tolerate any reprisals that may be made against any individual who, in good faith, reports an irregularity or provides information in relation to a report. Any employee who takes or threatens reprisal in any form will be subject to corrective or disciplinary measures up to and including dismissal, in accordance with its policy entitled “Corrective and Disciplinary Measures.”

In addition, any Bank employee who alleges having been discharged, demoted, suspended, threatened,
harassed or in any manner discriminated against in violation of the provisions of the Policy may report the alleged violation to the Chair of the Audit Committee, who may take the necessary  action,  in particular by appointing an individual to direct an investigation into the employee's allegations.

However, anyone who participates in a prohibited activity is subject to corrective measures up to and including dismissal even if the person reports the irregularity. Should corrective measures be deemed necessary, the Bank will take into consideration the person’s decision to report the irregularity.

A Bank employee who intentionally makes a false report or in any other way abuses the Policy may be subject to corrective measures up to and including dismissal.

Confidentiality and Anonymity

All reporting may be made confidentially and the Bank will take all necessary action to ensure the confidentiality of the information disclosed and the anonymity of the reporting individual. Only the individuals and/or sectors specified in the Policy may be made aware of the information disclosed. Unless the disclosure of the information is required by law or is essential to conducting the investigation, confidentiality will be maintained at all times. The identity of the reporting individual may not be disclosed unless he or she consents and confirm his or her agreement in writing of its required by a governmental authority.

Roles and Responsibilities

The Global Risk Committee oversees all matters pertaining to comprehensive risk management Bank‑wide.

The Audit Committee is responsible for applying the Policy and revising it, when substantial amendments are made and recommending its approval to the Conduct Review and Corporate Governance Committee.

The Conduct Review and Corporate Governance Committee approves any revisions to the Policy submitted by the Audit Committee.

Corporate Compliance:

  • Reviews the Policy annually or as needed, submits  substantial amendments to the Audit Committee to recommend  approval by the Conduct Review and Corporate Governance Committee;
  • Ensures that the Policy is communicated to Bank employees;
  • Reports to the Global Risk Committee and the Audit Committee, if required.

Office of the Ombudsman for Clients:

  • Actively maintains the reporting procedure;
  • Ensures that the Policy is communicated to anyone who requests it.

Internal Audit investigates every report of irregularity received.

Executives make sure that their employees are familiar with the Policy.