The senior management of the bank is responsible for preparing and updating the compliance policy for managing compliance matters and obtaining board approval for local banks, and the branch head for foreign bank branches, and communicating it to all bank sectors. The policy should include:

1. The compliance principles that work units and their personnel must adhere to.
    
2. An explanation of the key procedures for identifying and managing compliance risks throughout all levels of the bank's system.
    
3. Enhancement of clarity and transparency by distinguishing between general standards applicable to all employees and specific standards and procedures that apply only to certain employee groups.
    

The senior management, with the assistance of the compliance unit, are responsible for:

• Identifying the principal non-compliance risks facing the bank, developing plans to manage and assess these risks at least annually. These plans should address any deficiencies in the policy, procedures, or implementation related to the effectiveness of the existing non-compliance risk management, as well as determine the need for any additional policies or procedures to address new non-compliance risks identified in the annual non-compliance risk assessment.
   
• Providing written reports to the board or its delegated committee, highlighting the bank's management of non-compliance risks at least once annually, to support board members in making informed decisions based on accurate information regarding the effectiveness of the bank’s non-compliance risk management.
   
• Reporting in writing to the board or its delegated committee immediately about any significant failures, deficiencies, or violations of non-compliance (e.g., non-compliance situations that may result in significant risks leading to legal or regulatory penalties, severe financial losses, or damage to the bank’s reputation).