ECCB 2025-2026 Annual Report

EASTERN CARIBBEAN CENTRAL BANK ANNUAL REPORT 2025 - 2026

Organisational Effectiveness and Development

The Board and the BARC are furnished with quarterly updates from management risk owners in relation to the Bank’s principal risks. These updates include the history of the risks to date, key mitigating actions and controls, remaining residual risk and any future actions planned to address control deficiencies. During the year, the Bank engaged in activities to finalise the implementation of its IT Disaster Recovery Strategy as part of its BCMS Policy implementation. These activities included the acquisition of Starlink Satellite Internet as a business continuity tool to mitigate existing internet unreliability and instability threats. The equipment for the installation of Starlink Satellite Internet was procured and successfully tested, and work is ongoing to with stakeholders to integrate Starlink into the infrastructure as a gateway option to the internet. In addition, the development of the Bank’s IT Disaster Recovery (DR) Cloud Solution was completed and tested. This included ensuring that network connectivity between all the replicated components and email were successfully tested via the DR Cloud solution, testing of the payment systems (transactions), email and Document Management solutions across the Bank. Compliance Function Enhancement The Compliance function is a key component of the Bank’s ERM second line of defence governance role. At a minimum, the compliance function seeks to ensure that the operations of the Bank incorporate: 1. An alignment and adherence to the applicable policies, laws and regulations (internal Business Continuity and Operational Resilience

and external), in keeping with regional and international best practices; 2. A Risk Based Approach in line with the approved risk appetite to identify, assess and mitigate compliance risks; 3. Continuous and up-to-date training and awareness across the bank with the aim to build and foster a strong culture of compliance; and 4. Development and documentation of adequate procedures in alignment with the Compliance Management Framework Policy. The Bank achieved two major milestones in the implementation of the compliance management framework: (1) creating and building greater focus on awareness and foundational mapping of the Bank’s compliance obligations and (2) the introduction of a structured reporting methodology to the second line of defense. This has strengthened the Bank’s ability to identify emerging compliance typologies and heightened exposure areas. The Bank, consequently, has made notable progress in embedding compliance ownership across departments. The Bank has made significant progress in providing targeted training to its staff, helping them to achieve professional development, including the Association of Certified Anti Money Laundering Specialist (ACAMS) certification and participation in regional conferences. These advancements have improved the technical capacity of the team and elevated the quality of compliance monitoring, analysis, and reporting to ensure that controls are appropriately calibrated to the specific threat landscape. Work continued toward the development of the credit risk function as the Bank participated in a World Bank facilitated mission to two Latin American central banks. The visits allowed for observation of mature credit risk operations and engagement with relevant staff. The Bank’s exposure to security analysis and portfolio

49