The governing body governs compliance with applicable laws and adopted policies, non-binding rules, codes and standards in a way that promotes ethics and responsible corporate citizenship.

Exception declaration

All the recommended practices in support of Principle 9 have been implemented.

Specific disclosures

(a) Disclosures in relation to compliance:

1. Whether the governing body is satisfied that the organisation-wide system of compliance is effective and that significant regulatory penalties, sanctions or fines for contraventions of, or non-compliance with, statutory obligations – whether against the organisation, the governing body or prescribed officers – have been appropriately responded to, to manage consequences and prevent future occurrences.
   
   The board is satisfied that the organisationwide system of compliance is effective and that significant regulatory penalties, sanctions or fines for contraventions of, or non-compliance with, statutory obligations – whether against the organisation, the governing body or prescribed officers – have been appropriately responded to in order to manage consequences and prevent future occurrences.
   
   Nedbank is committed to the preservation of its reputation, financial soundness, and integrity through compliance with applicable regulatory requirements (including acts, rules, directives and codes by authorities such as parliament, regulators, supervisory bodies and organs of state that Nedbank Group Limited and its subsidiaries must by law comply with, as well as industry rules, codes and practices to which Nedbank Group Limited voluntarily adheres).
   
   The board holds ultimate accountability for governance and compliance risk, which is 1 of the 17 risk types identified in the ERMF. Compliance is a key risk for the group, and the board is responsible for reviewing the adequacy of the group's governance, risk and compliance risk management, including controls that are implemented to ensure that the group complies with regulatory requirements. The board also sets the compliance risk appetite, which states that 'the group ensures that appropriate controls are in place to comply with regulatory requirements and has no appetite for material non-compliance with regulatory requirements'.
   
   The board delegates its oversight responsibility for compliance to Group DAC, which ensures that the group maintains an independent and effective compliance function headed by the Group CCO, who reports directly to the CE. The Group CCO is responsible for the facilitation, coordination and independent monitoring of compliance risk within the group. The Group CCO reports to Group DAC on the status of compliance risk and key compliance issues and their resolution, and provides an overview of the regulatory environment, including appropriate responses to regulatory developments, emerging trends, and engagements with regulators.
   
   The Group CCO is invited to attend board and committee meetings and is granted the authority and access necessary to communicate directly with the Chairperson, boardmembers, all levels of management, and both internal and external auditors on compliance-related matters.
   
   The compliance function is responsible for fostering a strong compliance culture by raising awareness of compliance risk and reinforcing the importance and value of managing compliance risk in the business. Leadership and management reinforce this message by communicating and modelling behaviours that support a culture of compliance. The compliance function continues to drive initiatives that highlight the rights and protections that compliance affords and is placing increased emphasis on sustained awareness. The compliance function measures the perceptions of all employees of the compliance culture of Nedbank.
   
   GIA undertakes independent reviews of the compliance function and the implementation of the Compliance Risk Model (i.e. Policy, Framework and Manual).