Annex 5: Independent Assurance Reports

INDEPENDENT ASSURANCE REPORT To commercial bank of ceylon plc

We have been engaged by the Directors of Commercial Bank of Ceylon PLC (“the Company”) to provide reasonable assurance and limited assurance in respect of the Sustainability Indicators as identified below for the year ended December 31, 2016. The Sustainability Indicators are included in the Commercial Bank of Ceylon PLC’s Integrated Annual Report for the year ended December 31, 2016 (the "Report").

The Reasonable Assurance Sustainability Indicators covered by our reasonable assurance engagement are:

Assured Sustainability Indicators		Integrated Annual Report Page
Financial Highlights		14

The Limited Assurance Sustainability Indicators covered by our limited assurance engagement are:

Limited Assurance Sustainability Indicators		Integrated Annual Report Page
Sustainability performance indicators:
Non-financial highlights		15
Performance highlights		16 – 17
Information provided on following stakeholder groups:
Shareholders and investors – Financial and manufactured capital and Investor relations		48 – 51 and 108 – 116
Customers – Social and network capital, Intellectual capital and personal banking		54 – 56, 66 – 67 and 84 – 87
Society and environment – Natural capital and Social and network capital		59 – 63 and 78 – 79
Employees and employee association – Human capital		70 – 75
Suppliers and business partners – Social and network capital		57 – 58

Our Conclusions:

Our conclusion has been formed on the basis of, and is subject to, the matters outlined in this Report.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusions.

Reasonable Assurance Sustainability Indicators

In our opinion, the Reasonable Assurance Sustainability Indicators, as defined above, for the year ended December 31, 2016, are, in all material respects, prepared and presented in accordance with the Global Reporting Initiative (GRI) G4 Content Index Guidelines.

Limited Assurance Sustainability Indicators

Based on the limited assurance procedures performed and the evidence obtained, as described below, nothing has come to our attention that causes us to believe that the Limited Assurance Sustainability Indicators, as defined above, for the year ended December 31, 2016, have not in all material respects, been prepared and presented in accordance with the GRI G4 Content Index Guidelines.

Management's Responsibility

Management is responsible for the preparation and presentation of the Reasonable Assurance Sustainability Indicators and the Limited Assurance Sustainability Indicators in accordance with the GRI G4 Content Index Guidelines.

These responsibilities includes establishing such internal controls as management determines are necessary to enable the preparation of the Reasonable Assurance Sustainability Indicators and the Limited Assurance Sustainability Indicators that are free from material misstatement whether due to fraud or error.

Management is responsible for preventing and detecting fraud and for identifying and ensuring that the Company complies with laws and regulations applicable to its activities.

Management is also responsible for ensuring that staff involved with the preparation and presentation of the description and Report are properly trained, information systems are properly updated and that any changes in reporting encompass all significant business units.

Our Responsibility

Our responsibility is to express a reasonable assurance conclusion on the Company's preparation and presentation of the Reasonable Assurance Sustainability Indicators and a limited assurance conclusion on the preparation and presentation of the Limited Assurance Sustainability Indicators included in the Report, as defined above.

We conducted our assurance engagement in accordance with Sri Lanka Standard on Assurance Engagements SLSAE 3000: Assurance Engagements other than Audits or Reviews of Historical Financial Information (SLSAE 3000) issued by The Institute of Chartered Accountants of Sri Lanka.

We have complied with the independence and other ethical requirements of the Code of Ethics issued by The Institute of Chartered Accountants of Sri Lanka.

SLSAE 3000 requires that we plan and perform the engagement to obtain reasonable assurance about whether the Reasonable Assurance Sustainability Indicators are free from material misstatement and limited assurance about whether the Limited Assurance Sustainability Indicators are free from material misstatement.

Reasonable Assurance over Reasonable Assurance Sustainability Indicators

The procedures selected in our reasonable assurance engagement depend on our judgement, including the assessment of the risks of material misstatement of the Reasonable Assurance Sustainability Indicators whether due to fraud or error.

In making those risk assessments, we have considered internal control relevant to the preparation and presentation of the Reasonable Assurance Sustainability Indicators in order to design assurance procedures that are appropriate in the circumstances, but not for the purposes of expressing a conclusion as to the effectiveness of the Company's internal control over the preparation and presentation of the Report.

Our engagement also included assessing the appropriateness of the Reasonable Assurance Sustainability Indicators, the suitability of the criteria, being the GRI G4 Content Index Guidelines, used by the Company in preparing and presenting the Reasonable Assurance Sustainability Indicators within the Report, obtaining an understanding of the compilation of the financial and non-financial information to the sources from which it was obtained, evaluating the reasonableness of estimates made by the Company, and re-computation of the calculations of the Reasonable Assurance Sustainability Indicators.

Limited Assurance on the Assured Sustainability Indicators

Our limited assurance engagement on the Limited Assurance Sustainability Indicators consisted of making enquiries, primarily of persons responsible for the preparation of the Limited Assurance Sustainability Indicators, and applying analytical and other procedures, as appropriate. These procedures included:

interviews with senior management and relevant staff at corporate and selected site level concerning sustainability strategy and policies for material issues, and the implementation of these across the business;
enquiries of management to gain an understanding of the Company's processes for determining material issues for the Company's key stakeholder groups;
enquiries of relevant staff at corporate and selected site level responsible for the preparation of the Limited Assurance Sustainability Indicators;
enquiries about the design and implementation of the systems and methods used to collect and report the Limited Assurance Sustainability Indicators, including the aggregation of the reported information;
comparing the Limited Assurance Sustainability Indicators to relevant underlying sources on a sample basis to determine whether all the relevant information has been appropriately included in the Report;
reading the Limited Assurance Sustainability Indicators presented in the Report to determine whether they are in line with our overall knowledge of, and experience with, the sustainability performance of the Company;
reading the remainder of the Report to determine whether there are any material misstatements of fact or material inconsistencies based on our understanding obtained as part of our assurance engagement.

The procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement, and consequently the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed. Accordingly, we do not express a reasonable assurance conclusion on the Limited Assurance Sustainability Indicators.

Purpose of our Report

In accordance with the terms of our engagement, this Assurance Report has been prepared for the Company for the purpose of assisting the Directors in determining whether the Company's Reasonable and Limited Assurance Sustainability Indicators are prepared and presented in accordance with the GRI G4 Content Index Guidelines and for no other purpose or in any other context.

Restriction of use of our Report

Our Report should not be regarded as suitable to be used or relied on by any party wishing to acquire rights against us other than the Company, for any purpose or in any other context. Any party other than the Company who obtains access to our Report or a copy thereof and chooses to rely on our Report (or any part thereof) will do so at its own risk. To the fullest extent permitted by law, we accept or assume no responsibility and deny any liability to any party other than the Company for our work, for this Independent Assurance Report, or for the conclusions we have reached.

Chartered Accountants

Colombo.
February 22, 2017

Independent Assurance Statement on Non-Financial Reporting – DNV GL

Scope and Approach

DNV GL represented by DNV GL Business Assurance Lanka (Private) Limited has been commissioned by the management of Commercial Bank of Ceylon PLC (‘Commercial Bank’ or ‘the Bank’) to carry out an independent assurance engagement (Type 2, Moderate level) for the non-financial – qualitative and quantitative information (sustainability performance) reported in Commercial Bank’s Annual Report 2016 (‘the Report’) in its printed format for the financial year ending December 31, 2016. The sustainability disclosures in this Report is prepared by the Bank, based on the ‘in accordance’ – Core reporting option of the Global Reporting Initiative (GRI) Sustainability Reporting Guidelines Version 4 (GRI G4) and its Financial Service Sector Disclosures.

We performed our work using Account Ability’s AA1000 Assurance Standard 2008 (AA1000 AS) and DNV GL’s assurance methodology VeriSustainTM1, which is based on our professional experience, international assurance best practice including International Standard on Assurance Engagements 3000 (ISAE 3000) Revised* and GRI G4. Our assurance engagement was planned and carried out in February – March 2017.

The intended user of this assurance statement is the Management of Bank (‘the Management’). We disclaim any liability or responsibility to a third party for decisions, whether investment or otherwise, based on this assurance statement.

The reporting aspect boundary of sustainability performance is based on internal and external materiality assessment covering Commercial Bank’s banking and associated operations in Sri Lanka and Bangladesh. The Report excludes performance data and information related to the activities of Commercial Bank’s five subsidiaries – Commercial Development Co. PLC, ONEzero Co. Ltd., Serendib Finance Ltd., Commercial Bank of Maldives Private Limited and Commex Sri Lanka S.R.L. – Italy and the operations of its two associates, Equity Investments Lanka Ltd. and Commercial Insurance Brokers (Pvt) Ltd. as the results of their operations are not significant (<1 % revenue) compared to the overall results of the Bank. This is as set out in the Report in the section ‘Basis of Preparation’.

We planned and performed our work to obtain the evidence we considered necessary to provide a basis for our assurance opinion and the process did not involve engagement with external stakeholders.

Responsibilities of the Management of Commercial Bank and of the Assurance Providers

The Management of Commercial Bank have the sole responsibility for the preparation of the Report as well as the processes for collecting, analysing and reporting the information presented in the Report. In performing our assurance work, our responsibility is to the Management; however, our statement represents our independent opinion and is intended to inform the outcome of our assurance to the stakeholders of the Bank. DNV GL was not involved in the preparation of any statements or data included in the Report except for this Assurance Statement.

DNV GL provides a range of other services to Commercial Bank, none of which in our opinion, constitute a conflict of Interest with this assurance work.

DNV GL’s assurance engagements are based on the assumption that the data and information provided by the client to us as part of our review have been provided in good faith. We were not involved in the preparation of any statements or data included in the Report except for this Assurance Statement. DNV GL expressly disclaims any liability or co-responsibility for any decision a person or an entity may make based on this Assurance Statement.

Basis of our Opinion

A multi-disciplinary team of sustainability and assurance specialists performed work at Commercial Bank’s Head Office and as part of assurance, we visited sample branch operations in Colombo, Sri Lanka. We undertook the following activities:

Review of Commercial Bank’s approach to stakeholder engagement and materiality determination process and the outcome as reported in this Report. We did not have any direct engagement with external stakeholders;
Interviews with selected senior managers responsible for management of sustainability issues and review of selected evidence to support issues discussed. We were free to choose interviewees and interviewed those with overall responsibility to deliver the Company’s sustainability objectives;
Site visits to two sample branch operations in Kelaniya and Kiribathgoda to review processes and systems for preparing site level sustainability data and implementation of sustainability strategy. We were free to choose sites we visited;
Review of supporting evidence for key claims and data in the Report;
Review of the processes for gathering and consolidating the specified performance data and, for a sample, checking the data consolidation. The reported data on economic performance and other financial data are based on audited Financial Statements issued by the Company’s statutory Auditors;
An independent assessment of Commercial Bank’s reporting against the Global Reporting Initiative (GRI) G4 Guidelines and the reporting requirements for its ‘in accordance’ – Core option.

During the assurance process, we did not come across limitations to the scope of the agreed assurance engagement.

Opinion

On the basis of the verification undertaken, nothing came to our attention to suggest that the Report does not properly describe Commercial Bank’s adherence to the GRI G4 reporting requirements, including the Principles for Defining Report Content, identified material Aspects, related strategies and Disclosures on Management Approach and Performance Indicators as below:

General Standard Disclosures: The reported information on General Standard Disclosure generally meets the disclosure requirements for the ‘in accordance’ – Core option of reporting and the reasons for omissions and partial disclosure were explained to us and also brought out within the Report.
Specific Standard Disclosures: The Report describes the generic Disclosures on Management Approach (DMA) and Performance Indicators for identified material Aspects presented within the Report as below:

Economic

– Economic Performance – G4-EC1;

– Market Presence – G4-EC5, G4-EC6;

– Indirect Economic Impacts – G4-EC8;

– Procurement Practices – G4-EC9;

Environmental

– Energy - G4-EN6;

– Effluents and Waste - G4-EN23;

– Supplier Environmental Assessment - G4-EN32;

Social

Labour Practices and Decent Work

– Employment – G4-LA1, G4-LA2, G4-LA3 ;

– Labour/Management Relations – G4-LA4;

– Occupational Health and Safety – G4-LA8;

– Training and Education – G4-LA9,
G4-LA10, G4-LA11;

– Diversity and Equal Opportunity – G4-LA12;

– Equal Remuneration for Women and
Men – G4-LA13;

– Supplier Assessment for Labour Practices – G4-LA14;

– Labour Practices and Grievance Mechanisms – G4-LA16;

Human Rights

– Non-Discrimination – G4-HR3;

– Freedom of Association and Collective Bargaining – G4-HR4;

– Child Labour – G4-HR5;

– Forced or Compulsory Labour –
G4-HR6;

– Supplier Human Rights Assessment – G4-HR10;

– Human Rights Grievance Mechanisms – G4-HR12;

Society

– Local Communities – G4-SO1, FS13, FS14;

– Anti-Corruption – G4-SO5;

– Compliance – G4-SO8;

– Supplier Assessment for Impacts on Society – G4-SO9;

Product Responsibility

– Product and Service Labelling – G4-PR3, G4-PR4, G4-PR5;

– Marketing Communications – G4-PR7;

– Customer Privacy – G4-PR8;

– Compliance – G4-PR9;

– Product Portfolio – FS7, FS8

– Audit

Observations

Without affecting our assurance opinion, we also provide the following observations. We have evaluated the Report’s adherence to the following principles on a scale of ‘Good’, ‘Acceptable’ and ‘Needs Improvement’:

Materiality

The process of determining the issues that is most relevant to an organisation and its stakeholders.

The process of materiality assessment is based on the GRI G4 guidelines and considers the Bank’s value creation process, sustainability context and key concerns and issues raised by key external and internal stakeholders. In our opinion, the level at which the Report adheres to this principle is ‘Good’.

Inclusivity

The participation of stakeholders in developing and achieving an accountable and strategic response to Sustainability.

The Bank has a documented stakeholder engagement process, which helps in identifying, engaging and responding to key sustainability concerns of significant stakeholders. In our opinion, the level at which the Report adheres to this principle is ‘Good’.

Responsiveness

The extent to which an organisation responds to stakeholder issues.

The key stakeholder concerns are well responded within the Report i.e. the Report adequately brings out disclosures such as Bank’s business model, policies, management systems, governance mechanisms, Disclosures on Management Approach and Performance Indicators for the identified material Aspects. In our opinion, the level at which the Report adheres to this principle is ‘Good’.

Reliability

The accuracy and comparability of information presented in the Report, as well as the quality of underlying data management systems.

The robustness of the data management and aggregation systems was evaluated during our visits to Commercial Bank’s Head Office and branch sites; the sample data and information verified as part of assurance was found to be reliable. Nothing has come to our attention to suggest that reported data has not been properly collated from information reported at operational level, nor that the assumptions used were inappropriate. Some of the data inaccuracies identified during the verification process were found to be attributable to transcription, interpretation and aggregation errors and the errors have been communicated for correction. In our opinion, the level at which the Report adheres to this principle is ‘Good’.

Specific Evaluation of the Information on Sustainability Performance

We consider the methodology and process for gathering information developed by the Bank for its sustainability performance reporting to be appropriate and the qualitative and quantitative data included in the Report was found to be identifiable and traceable; the personnel responsible were able to demonstrate the origin and interpretation of the data and its reliability. We observed that the Report presents a faithful description of the reported sustainability activities for the Reporting period.

Additional principles as per DNV GL VeriSustain

Completeness

How much of all the information that has been identified as material to the organisation and its stakeholders is reported.

The Report has fairly reported the General and Specific Standard Disclosures including the management approach, monitoring systems and sustainability performance indicators against GRI G4 requirements for its ‘in accordance’ – Core option of reporting within its identified reporting boundary. In our opinion, the level at which the Report adheres to this principle is ‘Acceptable’.

Neutrality

The extent to which a report provides a balanced account of an organisation’s performance, delivered in a neutral tone.

The disclosures related to sustainability issues and performances are reported in a neutral tone, in terms of content and presentation, however, the Report could further bring out responses related to the challenges faced during the Reporting period at various geographical locations of operations. In our opinion, the level at which the Report adheres to the principle of Neutrality is ‘Good’.

Opportunities for Improvement

The following is an excerpt from the observations and opportunities for improvement, reported to the management of the Bank and are not considered for drawing our conclusions on the Report; however, they are generally consistent with the management’s objectives:

Commercial Bank may link its strategy to the Sri Lankan Banking Association’s Sustainable Banking Principles and disclose its responses to the principles within the Report.
Disclosures on sustainability opportunities, impacts and strategy to mitigate impacts and risks related to Commercial Bank’s international operations with significant operational or financial control and influence may be carried out, to further improve completeness of reported disclosures.

For DNV GL

Rathika de Silva

Country Head

DNV GL Business Assurance Lanka (Private) Limited, Colombo, Sri Lanka Kiran

Kiran Radhakrishnan

Lead Verifier

DNV GL Business Assurance India Private Limited, India.

Nandkumar Vadakepatth

Assurance Reviewer

Regional Sustainability Manager – Indian Subcontinent and Middle East