EBA Guidelines on Internal Governance

Transcription

1 EBA Guidelines on Internal Governance Bernd Rummel Policy Expert Regulation, EBA 15 April 2013 Malta 2013 EBA European Banking Authority

2 Contents Guidelines on Internal Governance (GL44) > The Single Rulebook > GL 44 Background - the broad picture > Implementation issues > Challenges and future developments 2

3 Building the single rulebook 2010 The Basel committee presents Basel III : set of global regulatory standards on bank capital adequacy and liquidity agreed by the Governors and Heads of Supervision, and endorsed by the G20 Leaders at their November Seoul summit July 2011 The European Commission put on the table the CRD IV package (CRD/CRR) transposing Basel III agreement into EU law The capital requirements regulation (CRR) and directive (CRD4) will enter into force New capital regulations will require credit institutions to hold more capital phased in over time EBA to publish various reports, guidelines and technical standards on a wide range of issues. The guidelines and technical standards will ensure a common framework for all European credit institutions 3

4 Regulation within the European context EBA aims at a level playing field in Europe >EU Regulation directly applicable >Regulatory and implementing technical standards directly applicable >EU Directives national implementation >EBA Guidelines national implementation 4

5 The Single Rulebook Introduction of the a single rulebook: > exactly the same rules across the EU internal market > proportionality > direct visibility, clear distinction with national rules But > company law not harmonised > different board structures and ownerships 5

6 Workflow when developing Guidelines Planning Develop ment by SG/proje ct team Discussi on with EU COM SC review BoS endorsm ent Public consultat ion SG/proje ct team review and feedback statemen t Discussi on with EU COM SC review BoS endorsm ent Publicati on INTERMEDIATE PRODUCTS -drafting the CP GL -Impact Assessment FINAL PRODUCTS -revision of the GL -Feedback statement (post consultation) 6

7 Survey to identify good governance practices and weaknesses Sound strategy and setting of risk appetite >Considering all risks and adverse scenarios (stress tests) >understanding of risks within management and supervisory function Holistic risk management approach >Aggregated view on all risks >Strong CRO, independent >Highly qualified staff in control functions, sufficient resources >Qualitative and quantitative risk assessments Sound reporting lines >Direct reporting from all control functions to CEO and supervisory function 7 7

8 Frequent weaknesses in the financial crisis >Too complex organisation >Unclear definition of roles within the organization >Lack of committee structures (audit, risk, nomination, remuneration) >Conflicts of interests (e.g. role of CRO and CFO mixed up) >Low standing of risk management function and CRO >No holistic view >Overreliance on risk models 8 8

9 Directive 2006/48/EC Robust governance arrangements are required by Article 22 and Annex V >clear organisational structure >well defined, transparent and consistent lines of responsibility >effective processes to identify, manage, monitor and report the risks >adequate internal control mechanisms >new remuneration rules 9 9

10 Older CEBS Guidelines Under CEBS several GL dealt with internal governance > 2006 Guidelines on the Supervisory Review process chapter on Internal Governance > 2006 GL on Outsourcing > 2010 High level Principles on Risk Management > 2010 GL on Remuneration Policies and Practices 10

11 Guidelines on Internal Governance Consolidating, improving and completing older guidelines Corporate structure and organisation Management body Risk management Internal control Systems and continuity Transparency 11 11

12 Corporate structure and organisation In particular for a group of institutions: >know your structure principle suitable and transparent corporate structure reduce complexity; evolve as needed over time >overall responsibility for adequate internal governance lies with the management body of the parent institution >checks and balances between parent and subsidiaries 12 12

13 Management Body Composition, appointment and succession > sound assignment process challenging repute and experience > proper composition ensures sufficient collective experience > enhance individual and collective knowledge; training > time devotion > identify and manage conflicts of interest 13

14 Management body s responsibilities monitoring and review of performance proposals for (change of ) direction implementation in day-to-day business constructive challenge setting of strategy/risk appetite 14

15 Three lines of defence Appropriate resources, culture and standing in all lines 1) Risk management within business line 2) Independent risk control 3) Internal audit Risks Exposures Losses 15 15

16 Risk management Develop a risk culture in line with the risk tolerance/appetite > business strategy and risk appetite to be implemented > awareness about responsibilities relating to risk management > holistic risk management framework > strong new product approval process 16 16

17 Guidelines on the management of operational risk Specific guidelines for banks active in market related activities exist in parallel > Proactive anti fraud measures introduce controls day-to-day and other e.g. Scenario analysis, incident reviews, creating risk awareness; protect data integrity; rules on acting from outside the office; audit trail back to the person/trader; consider relationships between staff and clients/counterparties code of conduct review of amendments to transactions 17

18 Remuneration Develop a risk aligned remuneration framework > alignment of remuneration with risk profile > institution to identify which staff has material impact on risk profile > variable remuneration partly paid out in instruments > control function are remunerated independent from business 18 18

19 Internal Control ensure effective and efficient operations > GL aim to strengthen the control function > sufficient resources and involvement Budget Systems HR 19

20 Risk Control Function Chief Risk Officer (CRO) should be appointed >responsible for providing comprehensive, understandable and well interpreted risk information >qualification requirements apply >removal of CRO to be disclosed >replacement only with approval of non-exec. directors >supervisory authority to be informed about the reasons 20

21 Information systems and business continuity Today s banking business depends on sound infrastructures > Generally accepted IT Standards (e.g. BS 7799; information security) > BCM section consistent with Basel Principles operate on a ongoing basis (business continuity plans) limit losses in case of severe disruptions (contingency plans) swift return to normal situation (recovery plan) > Testing Testing - Testing 21

22 Other implementation issues Proportionality and supervisory activities > Rules apply according to the nature, size and complexity > Effect on internal governance: fitness and propriety committee structures hierarchic level of CRO and structure of control functions sophistication of risk management tools 22

23 Challenges and future developments Changing regulatory requirements > CRD IV, CRR > MiFiD II > EU COM proposal regarding public companies Short implementation periods Costs of doing banking business 23

24 Evolution of European Banking Regulation > Most recent major regulatory proposals CRD IV/CRR: Single rulebook and Basel III implementation CMD: Crisis management framework Banking Union proposals: SSM and roadmap for future steps (resolution and depositor protection) 24

25 Conclusions > Financial stability requires a more robust governance framework > Quality and responsibility of the supervisory function increased > Risk culture and risk awareness to be created > Increased supervisory review of internal governance 25

26 Contact Information Floor 18 Tower Old Broad Street London EC2N 1HQ United Kingdom t +44 (0) f +44 (0) info@eba.europa.eu 26