Bank Governance Principles and Basel 2
A Best Practice Guide

Developed as part of the Australian APEC Study Centre’s Managing Regulatory Change Program 2004

Contents


Acknowledgements| Background

Governance | Management | Staff | Systems and reporting
Customer relationship | Regulatory interactions

This document is available as a pdf file which may be more suitable for printing


Acknowledgments

This document was prepared by Kevin Davis, Christine Brown, Shouqing Zhu and Ken Waller as part of the Australian APEC Study Centre's Managing Regulatory Change Program. The preparation of this manual is intended to ensure sustainability of learning from the Capacity Building Programs on Prudential Regulation and Risk Management held for bank regulators from ASEAN countries in March and April 2004 by the Australian APEC Study Centre.

The APEC Study Centre wishes to record its thanks to the authors and to the training program participants who contributed to this document.


Background

As part of the training programs designed to assist bankers and bank regulators understand the fundamental principles that underpin the new Basel capital accord, and to prepare for the implementation of the Accord, some time was devoted in these courses to developing the key governance principles that would be relevant to banks as they relate to Basel 2. Knowledge of the principles of good governance is equally relevant for Boards, management and staff, as well as for bank supervisory agencies.

Those agencies are required to have a sound understanding of governance arrangements in the banks they supervise and they themselves (the supervisory agencies) ought to be governed by appropriate governance principles in carrying out their own supervisory functions.

The principles outlined below are shown under various headings so that they can be placed in some context in the hierarchy of a bank – from the Board to management and staff, and between a bank and its customers. While most of the principles mainly relate to governance in banks, some also shed light on the interactive relationship between a bank and the supervisory regulatory agency. These principles are shown under the heading of “regulatory interactions”, which comes at the end of this paper.

The Authors drew on the suggestions of participants in its training programs in relation to Basel 2 – for regional regulators and for representatives from banks. There was considerable feedback from participants and regional regulators in refining this document.

The principles should be seen as the beginnings of an iterative process and one which will result in a continually evolving document which will contribute to a better understanding of the important issues that are involved in the transformation of banking systems in the period ahead, as Basel 2 is implemented. The principles are very much part of a learning process and no explicit agreement to them by participants in our courses is implied by the issue of this paper.


Principles

Governance

This section deals with issues at the level of the Board of Directors - including the Board's obligations to shareholders, the qualifications and expertise of Board members, the composition of the Board, relationships with shareholders and bank management, and overall guiding rules for a bank.

The Board should:

  • be composed of people of good character and integrity and by people of different backgrounds with expertise in areas including law, accounting, and risk management.
  • comprise an appropriate mix of both executive and non-executive members (this may differ in different markets).
  • ensure that shareholders have the following basic rights:
    • elect and remove members of the board by due process;
    • entitled to relevant, timely and correct information of the bank;
    • share in the profits of the corporation.
  • ensure that all shareholders are fairly treated and all shareholders should have access to effective redress for violation of their rights.
  • have sufficient knowledge and experience in banking industry and a good understanding of Basel 2 and risk management practices commensurate with the size and complexity of its banking operations.
  • determine and authorise clear strategies to deal with significant risks, and the risk profile and risk tolerance for the bank
  • have a genuine understanding on the implication of the risk tolerance on the business model and behaviour of senior management and staff.
  • appoint the Chief Executive Officer and other key members of the Committees. The Chairman and Chief Executive Officer should, desirably, be separate appointments
  • cultivate a risk culture, define a code of conduct for members of the Board, management and staff, to support business objectives, risk management objectives and internal control systems.
  • approve and monitor procedures for the approval of investment plans.
  • determine a clear set of policies on disclosure and ensure the independence of both internal and external auditors.
  • ensure that transparent procedures are in place to avoid and deal with cases of conflict of interest within the Board and management and staff.
  • ensure that Board and management support each other in effective risk management, and ensure that information flows from management to the Board are not “blocked”, especially when management may be adversely affected by such information flows.
  • ensure that shareholders and management fully understand and appreciate differences between regulatory capital and economic capital, as these concepts are highly relevant to Basel 2 and to sound banking.
  • formulate remuneration packages which adequately recognise sound performance and returns to shareholders and give appropriate incentives.
  • establish procedures to adequately protect responsible whistle blowing activities by staff.
  • communicate with and protect the interests of shareholders and other stakeholders of the bank.
  • establish a formal and transparent board nomination and election process.
  • Members of the Board should avoid appointments to the Boards of competitor companies.
  • Members of the Board who are appointed by the governments in banks in which the government has an interest, should be competent and have suitable professional qualifications and experience.
  • Family controlled banks should include competent, independent and skilled external members on their Boards.


Management

This section deals with the required expertise, responsibilities and duties of the top and middle level management.

Management should:

  • be fit and proper people for the roles they play.
  • promote a culture of trust, honesty and integrity within the organisation.
  • be responsible to the Board for protecting stakeholder interests and for implementing the plans and goals set by the Board.
  • ensure that the organisation is efficiently structured and that duties of the staff are clearly defined and that competent people are assigned to these duties, and ensure clear and transparent delegations to competent people.
  • ensure the implementation of best practices in risk management, including policies, procedures, as well as risk rating and allocation of economic capital.
  • fully understand the risk tolerance of the Board, and define risk areas and oversee the application of specific risk measurement and management tools.
  • provide a structured procedure for capital management and planning ahead for future growth.
  • consider the implementation of Basel 2 as a priority. ( It is important to establish project teams or task forces to prepare for Basel 2)
  • communicate the processes involved in implementing Basel 2 to relevant staff.
  • understand that the implementation of Basel 2 is unlikely to be the sole project in a bank and ensure that resources are spread effectively over all the bank's activities.
  • be remunerated on the basis of the achievement of company goals, including meeting performance targets and satisfactory risk-based returns.
  • ensure that middle level managers under its supervision are fit and proper. Capacity building programs should be arranged for managers where skill inadequacies are detected.

Staff

This section deals with the desirable skills, duties and rights of bank staff.

Staff should:

  • possess the skills and experience appropriate for the roles they play. (Appropriate programs should be in place to encourage and support skills development). New recruits need to be educated in the bank's risk culture and approach)
  • be provided with clearly defined job descriptions, delegations and arrangements for accountability.
  • be motivated by appropriate performance enhancing schemes and their performance measured against key performance indicators.
  • have an appreciation of the cost of capital, be aware of the need for adequate risk control and be provided with a work environment in which they feel comfortable in communicating any concerns over fraudulent activities and inadequate management practices and procedures. (There is a need for awareness programs on Basel 2 in banks as part of initiating a change in culture that Basel 2 is likely to entail)
  • comply with the bank’s code of conduct and exercise due diligence and integrity in performing their duties.
  • know a bank’s strategy but not disclose information directly or indirectly to outsiders without management approval.

Systems and reporting

This section deals with rules required in designing management systems, in complying with regulatory requirements and in reporting and public disclosure.

  • Rules and procedures need to clearly define responsibilities, decision-making authority, and accountability. There should be proper and adequate checks and balances in the approval and reviewing processes of loan-making and timely adjustment in these processes to reflect changes to the environment. Front and back office control activities should be separated.
  • Banks need to develop credit rating models and review them on a periodic basis. Advanced risk measurement and performance evaluation techniques (such as VaR and RAROC) warrant attention by management. Best practices such as stress testing and back testing of models should also be implemented.
  • There is a critical need for strong financial risk management functions and strong internal control. Risks in each business line should be clearly identified, and banks should have a business continuity plan to deal with unexpected operational risks. Risk management areas must be adequately staffed.
  • Computer information systems to collect data should be developed, and procedures to safeguard security of information established. The information system should be reviewed regularly to keep pace with technology development. Adequate funding in budgets is required for these activities and for an information system that is able to support timely and accurate reporting.
  • Documentation should be adequate to inform customers and to meet public disclosure requirements. A bank’s website could be one of the major channels to disclose information to the public.
  • Care is needed to ensure effective and timely reporting. Auditing should play a very important role in checking results. Internal auditors should have the authority to report directly to the Board, to ensure the independence of internal auditing.
  • Disclosure of risk profiles and risk management practices is anticipated under Pillar 3 of Basel 2. Banks should disclose relevant information.
  • Incidences of fraud should be promptly investigated.

Customer relationship

This section deals with the bank’s duties in looking after the interests of customers and rules in dealing with customers.

  • Banks have vital duties and interests in serving their customers' needs. The protection of customer interests and delivering customer satisfaction needs to form a core part of the corporate culture. Customers should be clearly advised of both returns and risks inherent in their investments and relevant documents and policies should be made transparent to customers.
  • The corporate governance framework should ensure that bank lending is made on an arm’s-length basis and extension of credit are effectively monitored and appropriate measures are taken to mitigate risks involved in lending activities.
  • Limits must be set to restrict bank exposure to single borrowers or group of related borrowers, and sound information systems must be in place to enable management to detect any concentration risk within the portfolio.
  • The corporate governance framework should ensure that the bank has adequate policies and procedures for identifying, monitoring and controlling country risk and transfer risk in its international lending and investing activities, and for maintaining appropriate reserves against such risks.
  • Banks should seek to achieve excellent customer relationships and have clear procedures in place to handle customer complaints. The customer relationship function should be separated from credit approval process. Banks should inform customers on products of particular interest and seek to avoid conflict of interest in marketing their products.
  • Banks should observe the principle of “know your customer” in conducting its business and ensures procedures are in place to combat money laundering activities.

Regulatory interactions

This section deals with the rules and responsibilities of the Board, the management and staff in cooperating with supervisory authorities.

  • Bank’s ownership structure, organisation, business plan and appointments to its Board and top management should be evaluated and approved by bank regulators. Changes in bank ownership structure should be reported to and approved by regulators. For the establishment of a foreign or joint venture bank, recommendations from home authorities in which the bank's head office is domiciled should be obtained.
  • On-site supervision over banks by regulators should include credit policies, internal control practices and procedures, investment portfolios as well as capital adequacy. Off-site supervision should focus, inter alia, on the examination of consolidated bank reports. Supervisors should provide an early warning to a bank considered to be in difficulties in meeting regulatory requirements and sound standards. Regulators may determine to involve external auditors in carrying out its supervisory duties.
  • Bank management should cooperate closely with supervisory agencies on regulatory issues, and exchange information on a regular basis. Banks' risk profile evaluations and self-assessment of capital adequacy should be reported and discussed with regulators. Regulators’ opinions should be reflected in the way a bank conducts its business. Bank regulators should fully inform banks of the regulatory arrangements and procedures for the implementation of Basel 2 and they should provide clear guidelines on calibrations between international credit ratings and domestic credit ratings.
  • Banks should respond positively to regulators and both banks and regulators need to drive the cultural changes needed to facilitate implementation of good risk management practices as embodied in Basel 2.
  • Banks should have clear internal procedures and specially designated staff to be responsible for external reporting. Results of supervisory examinations should be published to ensure transparency.
  • Banks with international operations should make available to supervisors their consolidated financial accounts drawn up with consistent accounting policies.