What are the organizational requirements for banks, including with respect to corporate governance?
Banking & Finance (2nd edition)
The BoI issued "Proper Management of Banking" directives ("PMB") which impose corporate governance and organizational requirements on bank.
PMB 301 deals with the board of directors and, among others, addresses the following matters: functions of the Board of Directors and its powers; issues that the board must consider and decide on; supervisory and monitoring role; board committees; frequency of board meetings including presence requirements for board members; certain meetings without the management of the bank; chairman of the board; practices for effective functioning of the board; reports to the BoI etc. As to the composition of the board, the directive sets out among others: limitation on the minimal and maximal number of members, eligibility to serve as a director and conflict of interests, at least third of directors should be independent (external directors); at least third of directors should have “banking experience”, at least a fifth of directors should have “accounting and financial expertise”, at least half of directors should have general professional qualification, and at least one director will have proven knowledge and experience in information technology.
Other PMBs address different organs and functions in the bank such as the chief accountant, the external auditor, the internal auditor function, the compliance functions, the risk management, the ombudsman etc.
The FMA has published a detailed set of guidelines and circular letters (Rundschreiben) on the application and the scope of the organizational regulations, which depend on the type of business activities envisaged by the entity. An institution has to implement and monitor a comprehensive set of organizational requirements on an ongoing basis e.g., organizational structure, clear decision-making processes, documentation and reporting obligations as well as responsibilities. Furthermore the management shall define and oversee the internal principles of proper business management, guaranteeing the requisite level of care when managing the institution, and in particular, focus on the segregation of duties in the organization and the prevention of conflicts of interest and therefore establish mechanisms to safeguard security and confidentiality of information (in particular pursuant to the Austrian Banking Secrecy [sec 38 BWG]).
The organisational requirements are specified under the Directive to Credit Institutions on Governance and Management Arrangements in Credit Institutions of July 2014 (“CBC Governance Directive”). In brief, the CBC Governance Directive provides that: institutions must ensure that they have an independent member in their management who holds the position of the Chairman; a non-executive member who holds the position of the vice chairperson to carry out the role and the responsibilities of the Chairman when the latter is absent; an independent member appointed as a senior member but shall not also hold the position of the chairman; to establish committees of appropriate size, composition, structure and responsibilities to effectively carry out the role and responsibilities of the management body.
In addition, the CBC Governance Directive requires that: the management body must have a minimum of seven members and a maximum of 13 members; that 50% plus one of its members must be independent; there must be at least two executive members constituting not more than 25% of the total members of the management body and of whom one must be the chief executive officer. There must also be diversity with respect to gender, age, education, profession, in order to have a wide range of experience, independent opinions and critical challenge; the members of the management body must have the required knowledge, skills and expertise to enable the management body to understand the bank’s risks and activities.
Corporate governance arrangements and guidance systems of Finnish credit institutions must be sufficient in relation to the quality, scale and diversity of the business operations in order to ensure effective and prudent management of the institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. The organisational structure must:
- be well defined, transparent and consistent with lines of responsibility;
- be effective to processes;
- identify, manage, monitor and report the risks they are or might be exposed to;
- maintain adequate internal control mechanisms, including sound administration and accounting procedures; and
- maintain remuneration policies and practices that are consistent with and promote sound and effective risk management.
Members of the management body must at all times be of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties.
A credit institution must have a board of directors responsible for establishing an internal governance framework in the company. The board can set up various committees or other bodies to assist in fulfilling its tasks. The senior management, that is, the managing director and members of a management group, run the credit institution’s everyday operations. A management group is not a mandatory corporate body, but is recommended to assist the managing director. The management group can be either an advisory or a preparatory body.
The credit institution must be managed in a professional manner and in accordance with sound business practices. It must have an effective risk management system in order to avoid risks that could jeopardise the bank's capital adequacy or liquidity. In supervising the bank's corporate governance procedures, the FFSA currently pays particular attention to:
- the use of high professional and ethical standards in all business operations;
- the control and definition of the responsibilities and powers within the company, and the identification of conflicts of interest;
- the existence of a strategy and business plan, as approved by the board of directors;
- whether the management is competent, fit and proper, and reliable;
- the independence of the board of directors in evaluating the operations of the company
- the composition of the management;
- the existence of effectively arranged internal control and risk management;
- internal audit arrangements;
- compliance with external rules and regulations, and internal guidelines;
- the existence of a duly organised remuneration system that does not encourage undesirable behaviour;
- the appropriate amount of personnel;
- the management of customer assets and data storage in a reliable and safely manner; and
- the procedures for handling customer complaints.
Institutions that qualify as systemically important institutions must establish a remuneration committee and a nomination committee composed of members of the management body who do not perform any executive function in the institution concerned.
Turkish banks are required to establish following bodies, committees and units as a result of organizational requirements under Turkish law:
- Board of Directors;
- Audit Committee;
- Corporate Governance Committee;
- Remuneration Committee;
- Internal Systems Units consisting of (i) internal control; (ii) internal audit; and (iii) risk management units;
- Compliance Unit in relation to compliance with anti-money laundering legislation;
- Credit Committee (if the Board of Directors delegates its credit-related duties).
Pursuant to the Regulation on Corporate Governance Principles of Banks (the “CG Regulation”), the main corporate governance principles that banks should comply with by taking into consideration the size of their activities and their organizational types, are, amongst others, (i) establishment of corporate values and strategic goals; (ii) explicit determination of the scope of authorities and responsibilities within the bank; (iii) competency of board members and the senior management required for effective performance of their duties; (iv) efficient use of internal and independent auditors’ operations; (v) establishment of remuneration policies compliant with the ethical values and strategic goals and (vi) transparency.
Additionally, the Corporate Governance Communiqué No. II-17.1 issued by the CMB sets forth further requirements applicable to publicly held banks related to, inter alia, (i) composition of the board of directors and appointment of independent board members, (ii) establishment of a corporate governance committee, and (iii) transactions with related parties other than those arising from ordinary activities.
At any time, the institutions must ensure that:
- at least two people are in charge of effectively running the business;
- the nature and scope of the functions performed by persons effectively running the undertaking enable that person to have a comprehensive and in-depth view of the whole business and related risks;
- persons effectively running the undertaking comply with applicable regulatory re-quirements.
The appointment of a member of the supervisory body of a credit institution, finance company or in-vestment firm must be notified to the ACPR, providing the information required for the authority to as-sess the fitness, propriety, knowledge, experience and availability of the person in question.
At any time, the institutions must ensure that the supervisory body is independent with respect to effec-tive management. For this purpose, the general manager in charge of effectively running the business can not add the function of chairman of the board of directors.
Important institutions must comprise several committees to assist the supervisory body as :
- the risks committee;
- the remuneration committee;
- the appointments committee;
- the audit committee.
In Particular, the appointment of the persons called on to take charge of the effective running of the business of the institution must be notified to the ACPR, providing the information required for the au-thority to assess the fitness, propriety, knowledge, experience and availability of the concerned persons.
Banking institutions must adopt a strong governance package including:
- a clear organisation ensuring a defined, transparent and consistent division of re-sponsibilities,
- effective procedures for the detection, management, monitoring and reporting of risks
- an adequate internal control system,
- sound administrative and accounting procedures,
- remuneration policies and practices that enable and promote sound and effective risk management.
Pursuant to section 25a KWG, a credit institution needs to implement a business organisation that safeguards compliance with all applicable laws. In more detail sentence 3 of section 25a KWG says: A proper business organisation shall comprise, in particular, appropriate and effective risk management on the basis of which an institution shall continuously safeguard its internal capital adequacy. Such risk management shall comprise, in particular:
- The definition of strategies, in particular the definition of a business strategy geared to the institution’s sustainable development and a risk strategy that is consistent therewith, as well as the establishment of processes for planning, implementing, assessing and adjusting the strategies.
- Processes for determining and safeguarding internal capital adequacy, which shall be based on a conservative determination of risks and of the available financial resources to cover these.
- The establishment of control mechanisms consisting of an internal control system and an internal audit function.
- Risk management that is geared to the nature, scope, complexity and riskiness of the institution's business activities.
- A proper business organisation also comprising (i) appropriate rules by means of which the institution’s financial situation can be gauged with sufficient accuracy at all times, and (ii) complete documentation of business operations permitting seamless monitoring by BaFin for its area of responsibility.
- A procedure which enables employees, whilst ensuring that their identity is kept confidential, to report to competent agencies breaches of Regulation (EU) No 575/2013 or of the KWG or of statutory orders issued on the basis of the KWG as well as any criminal actions committed within the undertaking.
- Processes for identifying, assessing, managing as well as monitoring and reporting risks in accordance with the criteria laid down in Title VII, Chapter 2 Section II Sub-Section 2 of Directive 2013/36/EU.
- A risk control function and a compliance function.
- Adequate staffing and technical and organisational resources; and
- the definition of an adequate contingency plan, especially for IT systems.
BaFin has published a detailed catalogue of minimum requirements for the risk management of a credit institution that has to be followed.
The Banking Act, Banking Ordinance and FINMA Circulars require a certain governance structure. For example, the members of a bank's governing body for its guidance, supervision and control (e.g., the board of directors) are not allowed to be members of the bank's management and must meet fit and proper requirements, at least 1/3 of the board must meet certain criteria of independence, and banks generally must have an audit committee on the board level, as well as an independent risk control function, compliance function and an internal audit. The bank's risk management needs to be carried out on the appropriate organisational level, using adequate methods, and must reflect the particularities of the specific bank.
Banks are obliged to set in its articles of association a bank’s organizational structure and management system so as to ensure the proper and secure performance of banking activities in line with the banking license and to prevent a conflict of interests arising within the bank. Banks shall also regulate the rela-tions and cooperation between the bank’s statutory body, supervisory board, senior employees, and its internal control and internal audit unit. Furthermore, a bank shall regulate principles of remuneration, which are taken into account in the bank’s risk management system and which support that system. The Bank shall also set cover for the activities of the bank’s remuneration committee if established or the activities of the person responsible for the bank’s remuneration system. In its articles of association, a bank shall also separate and regulate the powers and responsibilities within the bank for example for (i) the setting, implementation, monitoring, and oversight of the bank’s business objectives; (ii) the internal control system, including a separate and independent internal control and internal audit unit correspond-ing to the complexity of banking activities and the risks involved; (iii) risk management conducted inde-pendently and separately from banking activities, including a management system for the risks to which the bank is exposed, and for the activities of the risk management committee; (iv) the conduct of credit transactions separately from investment transactions; (v) separate monitoring of the risks to which the bank is exposed when performing banking activities vis-à-vis persons in a special relationship with the bank; (vi) the information system; (vii) protection against money laundering and terrorist financing; (vii) the activities of the bank’s remuneration committee.
There are extensive organisational and governance requirements imposed on local banks. These are largely set out in the Banking (Corporate Governance) Regulations 2005 and supplemented by various regulatory guidelines.
In summary, the regulations impose requirements on the composition of the bank’s board of directors, and for the establishment of various board committees.
To ensure separation between the roles of the Chairman of the Board and the Chief Executive, the Chairman must not hold an executive role within the bank. There are also requirements to the effect that a proportion of the board’s directors have to be independent of the bank’s management, relationships and substantial shareholders.
The guidelines on corporate governance set out various best practices which MAS generally encourages banks to adopt.
With respect to corporate governance, a bank must have:
(i) a board of directors;
(ii) a board of statutory auditors (kansa-yaku); and
(iii) an accounting auditor.
In lieu of a board of statutory auditors, the bank may elect to have alternative corporate governance structures and establish:
(i) an audit and supervisory committee (kansa-tou iinkai); or
(ii) a nominating committee (shimei iinkai), an audit committee (kansa iinkai) and a compensation committee (houshuu iinkai).
The bank must also have risk control, compliance and internal audit oversight structures as required by the FSA’s Supervisory Guidelines.
The board of directors of a bank (the “BOD”) has, in accordance with the Commercial Companies Law (RD 4/1974, the “CCL”), the Banking Law and the CMAL, overall responsibility for the management of the bank, which will include, but not be limited to, the BOD being responsible for such matters as policy formulation, the supervision of major strategic and business initiatives, overseeing policy implementa-tion, ensuring compliance with applicable laws and regulations, ensuring proper and ethical behaviour, ensuring transparency and integrity in stakeholder reporting and for the oversight and supervision of senior management. The CBO has the right to veto any director elected or appointed for a bank.
The management of a bank is required to render complete assistance to the BOD in respect of policy formulation, has responsibility for implementing BOD-approved policies, ensuring professionalism such that the bank achieves efficiently in accordance with BOD-approved policies, ensuring expertise for achieving the bank’s corporate goals, providing complete and authentic reports to the BOD, creating and maintaining a fair corporate image of the bank and assisting the BOD with ensuring proper and ethical behavior.
The BOD is obliged to establish committees considered necessary by the BOD or where required by applicable law to enhance the corporate objectives of the bank. The number and nature of such commit-tees depends on many factors, including requirements of law, the size of the bank and its BOD, the na-ture and structure of the business areas of the bank (i.e. the various licensed activities undertaken by the bank) and its risk profile. The main committees would usually include the credit committee, the audit committee, the risk committee and the nomination and remuneration committee.
The CEO or General Manager of a bank (the “CEO”) is required to be approved by the CBO and such CEO shall be accountable to the bank for proposing policies, evolving and adopting implementation strategies in respect of BOD-approved policies and initiating measures for short-term profit growth with-out sacrificing medium or long term profit and net worth enhancement potential. The CEO is expected to provide leadership by establishing style and spirit that enhances the image and reputation of the bank.
Under the Law of Georgia on the Activities of Commercial Banks, the highest governing body of the bank shall be the meeting of the shareholders. The meeting of the shareholders shall elect the superviso-ry board. The supervisory board shall consist of at least 3 and no more than 21 members. The manage-ment and representative authorities are vested upon the directors of the commercial bank. The board of directors shall consist of at least three members. The law establishes eligibility criteria for the members of the supervisory board and the board of directors.
The National Bank of Georgia has recently introduced the Corporate Governance Code for the Commer-cial Banks (approved by the Decree №215/04 of the President of the National Bank of Georgia, dated 26 September, 2018) establishing detailed corporate governance rules for the banks.
According to Article 3.2 of the Code, a bank should have a well-defined organizational structure, which ensures allocation of responsibilities, effective identification of risks, management/monitoring and reporting procedures, adequate internal control mechanisms, including robust administrative and accounting procedures, effective IT systems and controls for risk management, remuneration policies/procedures. This shall be subject to regular internal review and update.
According to Article 7.1 of the Code, each bank, regardless its size, complexity and the scope of business, is required to establish at least audit and risk committees composed of supervisory board members. Under Article 7.2 of the Code, without prejudice to the first paragraph of Article 7, systemically important banks are required to establish remuneration and corporate governance committees. Furthermore, pursuant to Article 7.3 of the Code, it is highly recommended to establish other specialized committees for the purposes of enhancing the effectiveness of supervisory board performance. Moreover, the NBG might require a commercial bank to establish additional committee(s) considering bank’s systemic importance, risk profile, complexity and specificity.
As banks are subject to regulation and prudential supervision, the organizational requirements for banks are heavily influenced by European law and supervisory guidance. A business plan must outline the details of the organisation. Generally, the bank must have a sound internal organisation and a proper business operation, whereas organisational requirements are applied with regard to the size of the institution and the nature of its business and the services provided.
The bank must have its head office in Liechtenstein and must be organised in a permitted legal form, thus as a stock company (AG) or European company (Societas Europea - SE). The minimum initial capital of a bank under Liechtenstein law amounts to at least 10 million Swiss francs. Furthermore, there is a requirement to have an investor compensation scheme in place as well as appropriate procedures for employees to report violations of the Banking Act and the CRR.
The board of directors must consist of at least 3 members; there must be two managing directors who exercise joint responsibility for their activities and who may not simultaneously be members of the Board of Directors. Key personnel must be fit and proper and thus must be sufficiently qualified with respect to their education and experience in the sector and must be of good repute. The law further requires for example an internal audit department, a compliance function and a risk management system independent of operational business. Shareholders with qualifying holdings are subject to an eligibility requirement.
Further details regarding the banks organization are provided by law and regulatory guidelines. As mentioned above, lower regulatory requirements and approval standards may apply, if not a full banking license, but an investment firm license with only a limited spectrum of services is obtained.
The CSSF provides extensive guidance on the organisational requirements for banks, in particular in its circulaire 12/552, as amended from time to time.
The principal organisational requirements are (but are not limited to) the following:
- the central administration (i.e. the decision-taking and administrative centre) and the registered office of the bank must be located in Luxembourg;
- the board of directors and the authorised management of the bank must pass the "fit and prop-er" test and be approved by the CSSF;
- the bank shall produce evidence that it has a sound administrative and accounting organisation and adequate internal control procedures in Luxembourg and shall put the following functions in place: (i) an accounting function; (ii) a risk management function; (iii) a compliance function; (iv) an IT function; and (v) an internal audit function.
Certain additional specific organisational and governance requirements apply to the CRR investment firms (please see the answer to Question 11 below) and to the banks and investment firms providing investment services regulated by directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments ("MiFID II"), as implemented into Luxembourg law.
As a general rule, credit institutions shall have, at least, management and supervisory bodies, who, within the scope of their competences, shall oversee and be responsible for the implementation of governance arrangements that ensure effective and prudent management of the credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest.
Credit institutions that are significant in terms of their size, internal organisation and the nature, scope and complexity of their activities shall establish a nomination committee composed of members of the management body who do not perform any executive function, or members of the supervisory body.
A report on corporate governance shall be annually prepared by the management body and published alongside with the credit institutions’ financial statements.
The primary objective of bank governance should at all times be the safeguarding of stakeholders’ interests in conformity with public interest in a sustainable manner. Hence, banks differ in the way they must establish their corporate governance structures as their main aim, despite their private nature, is respect of the public interest. To this effect, banks must ensure that their Board of Directors has overall responsibility of the bank, approves and monitors the way management implements the bank’s objectives, governance framework and corporate culture. Therefore, all banks should define appropriate governance practices and methods for carrying them out, permitting the management function of an institution to carry out banking activities in a manner which is consistent with the business strategy, risk appetite and policies. The MFSA has indeed established, in line with EU legislation, various capital and liquidity requirements, measures relating to the fair valuation of assets and the allocation of adequate capital to cover risks associated with losses on credit facilities which have become partly/wholly uncollectible, among others. All in all, the MFSA expects that an authorised credit institution conducts its business in a prudent manner. Credit institutions are required to have robust governance arrangements, including a clear organisational structure, well defined lines of responsibility, effective risk management processes, control mechanisms and remuneration policies. The internal governance arrangements should be appropriate to the nature, scale and complexity of the credit institution. The main responsibility for internal governance lies with the Board of Directors. In this respect, local credit institutions are required to abide by the EBA Guidelines on Internal Governance EBA/GL/2017/11, as well as the Joint ESMA and EBA Guidelines on the Assessment of the Suitability of Members of the Management Body and Key Function Holders EBA/GL/2017/12.
Article 7 of the QCB Law provides, inter alia, that the Central Bank shall develop and implement policies relating to regulation, control and supervision of financial services and activities in the State, and shall in particular (5) develop controls, instructions and guidelines for corporate governance, transparency and good governance in all financial institutions under the supervision of the Bank.
The Instructions to Banks issued by the QCB provides, inter alia, that the Board of Directors of the QCB shall assume the main role and responsibility of forming the organizational structure for the bank or other financial institution.
In this respect, QCB Circular No. 68 of 2015 regarding Corporate Governance Guidelines (“Guidelines”), provides for the corporate governance principles that shall be applicable on all banks licensed by the QCB.
Principle (1) of the Guidelines provides that the Board of Directors of the QCB has overall responsibility to the bank, including approving and overseeing the implementation of the bank’s strategic objectives, policies, risk profile, governance framework and corporate culture. The board is also responsible for oversight of senior management.
Furthermore, Part 5 of Principle 5 of the Guidelines provides that the senior management should prepare the bank’s organizational structure to be approved by the board, which should include appropriate distribution of responsibilities, delegation of authority, and limits to responsibility and accountability. The organizational structure should include, but not limited to the following:
- Departments, units, and divisions in such a way that ensures independent implementation, audit and reconciliation, and prevents conflict of interests.
- Designations and professional levels.
- Communication channels and mechanism of reporting.
- Dual Control
- Assessment and accountability
EGO 99/2006 transposes the obligation contained in EU Directive 2013/36/EU (CRD IV) for credit institutions to have robust governance arrangements, by imposing strict authorization requirements and eligibility criteria for the leadership of credit institutions. The Romanian law in this regard should be read together with the EBA Regulatory Technical Standards under art. 8(2) of CRD IV on the information to be provided for the authorization of credit institutions.
Before commencing its activities, a Romanian credit institution must obtain NBR approval for the persons having medium level management functions of important activities (art. 21, NBR Reg. 6/2008). The authorization for the functioning of a credit institution is accompanied by the NBR approvals for, inter alia, the persons designated in the capacity of director, supervisory board member and financial auditor, and must be accompanied by the confirmation of the significant shareholders (art. 3(4), NBR Reg. 11/2007).
The members of the board of directors and, where applicable, the members of the supervisory and executive boards, as well as managers in certain specified departments must possess adequate reputation and experience to carry out the responsibilities attributed to them (art. 108, EGO 99/2006, art. 16, NBR Reg. 11/2007).
The specific governance obligations for directors and executives of credit institutions include:
- In the case of a one-tier system, the board must delegate executive management to at least two executives. The Chairman of the board must not concurrently hold the role of CEO, unless this arrangement is approved by the NBR in exceptional cases (art. 107, EGO 99/2006);
- In the case of a two-tier system, the executive board must be comprised of at least three members (art. 107, EGO 99/2006);
- The executive leadership responsibilities may only be carried out by natural persons, who must be approved by the NBR before they start their mandates (108(2)-(3), OUG 99/2006);
- For credit institutions that are significantly large from the perspective of internal organization and the complexity of activities, persons who cumulate multiple mandates may not exercise an executive mandate concurrently with two non-executive mandates, or four concurrent non-executive mandates (art. 1081(21), EGO 99/2006).
For both banks and credit cooperative organizations, at least one of the directors must be able to demonstrate knowledge of the Romanian language (art. 16(3), NBR Reg. 11/2007).
For both banks and credit cooperative organizations, as part of the evaluation of the persons nominated for directorship/leadership roles, the NBR will take into account whether the business plan presented is based on a realistic approach and whether it denotes professionalism (art. 17(3), Reg. NBR 11/2007).
The bank has a mandatory organizational structure and qualified staff. The General Assembly of the bank is comprised of shareholders. Management bodies of the bank include Managing Board and the Executive Board, whose members must have a sound business reputation and appropriate qualifications, including banking and finance experience. The President of the Executive Board represents and acts on behalf of the bank. The bank is obligated to establish a committee for monitoring the operations of the bank (audit committee), credit committee, and assets and liabilities management committee. The bank may form other committees as well. The bank establishes an organizational unit responsible for compliance, including identification, measurement, and monitoring of risk from money laundering and financing terrorism and management of such risk, as well as the organizational unit responsible for internal audit. The bank shall establish such internal organization, i.e. organizational structure that will functionally and organizationally separate the activities of risk management (Middle Office) and support activities (Back Office) from risk management (Front Office) with a clearly determined separation of jobs and duties of employees preventing conflict of interest.
Corporate governance determines the allocation of authority and responsibilities by which the business and affairs of a bank are carried out by its board and senior management, including how they:
- set the bank’s strategy and objectives;
- select and oversee personnel;
- operate the bank’s business on a day-to-day basis;
- protect the interests of depositors, meet shareholder obligations, and take into account the interests of other recognised stakeholders;
- align corporate culture, corporate activities and behaviour with the expectation that the bank will operate in a safe and sound manner, with integrity and in compliance with applicable laws and regulations; and
- establish control functions.
Banks are subject to corporate governance requirements similar to other corporations, though the specific requirements applicable to a given bank depend on its charter. Banking organizations are required to establish and maintain internal policies and processes sufficient to identify, measure and assess potential operational, legal, compliance and financial risks, including without limitation, asset quality, earnings, liquidity, cash flow and other elements of capital and liquidity positions. Consolidated oversight and risk management on a company-wide basis is expected, though there are some limitations on the supervision or management of separate legal entities.
Banks can exercise their right to choose between the three administration and control systems:
(i) the traditional system (shareholders’ meeting, board of directors and board of statutory auditors);
(ii) monistic system (whereby an internal control committee is appointed within the board of directors);
(iii) dualistic system (where the management board is appointed by the supervisory board, that is in turn appointed by the shareholders’ meeting).
The choice must be based on an in-depth self-assessment, which must allow the identification of the model concretely more suitable in order to ensure the “sound and prudent management” and the effectiveness of the controls, taking into account also the costs connected with the adoption and the functioning of the chosen model. In the valuation, banks have to consider, in particular, the following elements: the ownership structure and the relevant degree of openness towards the risk capital market, the size and the operational complexity; the medium and long-term strategic objectives; the organizational structure of the group in which it is inserted (if any).
Banks have to identify the bodies responsible for the main prudential functions (strategic supervision, management and internal control):
(i) corporate bodies in charge of strategic supervision and management which must assure control of the risks banks are exposed to;
(ii) the supervisory body which monitors compliance with all laws, regulations and statutory rules, the proper administration and the adequacy of the organizational and accounting structures.
There are extensive organisational and governance requirements imposed on financial institutions including commercial banks. Since 2008, BoT has issued Policy Statements on Internal Audit which include corporate governance. Recently, these have been largely set out in the Notifications on Corporate governance of Financial Institutions and Guidelines on Approvals of the Appointment of Directors, Managers, and Person with Power of Management or Advisors of Financial Institutions, issued on 22 May 2018 (as amended on 20 August 2018).
In summary, the Notifications impose requirements on the composition of the financial institution’s board of directors, and for the establishment of various board committees.
To promote the balance of power within the board of directors, the chairman of the board of directors must be an independent director or non-executive director, unless approved otherwise by the BoT; in giving the approval, the BoT may impose conditions to ensure that the financial institution has in place a mechanism that promotes the balance of power within the board of directors.
These notifications and guidelines are in accordance with the Corporate Governance Principles for Banks of the Basel Committee on Banking Supervision (BCBS).
With respect to corporate governance, a bank must have the Management board and the Supervisory board.
A bank may choose a two-tier governance system with a management board and supervisory board, or a single-tier governance system with a board of directors. The provisions regarding a bank’s supervisory board must apply mutatis mutandis to a bank’s board of directors in a single-tier governance system, while the provisions regarding a bank’s management board must be applied mutatis mutandis to executive directors.
A bank’s management board must comprise at least two members who must jointly act on behalf of and represent the bank in legal transactions. A bank’s supervisory board must appoint an audit committee and a risk committee, which may be merged by Bank of Slovenia into a single committee at the request of a bank that is not deemed a significant bank. Supervisory board must also appoint the nomination committee and the remuneration committee, which serve as the advisory bodies to the supervisory board.