On July 8, 2015, the Basel Committee on Banking Supervision published final updated Guidelines on Corporate Governance Principles for Banks. The Guidelines replace the guidance published by the Basel Committee in 2010 which had been produced as a result of the lessons learnt since the recent financial crisis.
The revised guidance has been issued because the thematic review on risk governance that the Financial Stability Board undertook in 2013 showed that banks still need to improve risk governance frameworks.
The FSB principles flow through to the banking industries in each of the G20 economies, and have contributed to a global convergence in governance standards as these standards overflow from the banking industry through to other industries.
There are several elements that should be of interest to Australian listed company boards, n that the principles require boards to step a bit further into matters often seen as the preserve of management.
In a culmination of concerns raised across countries since the GFC, and more recently in Australia in relation to bad behaviour in the provision of conflicted financial planning advice, the FSB guidelines require boards to step up and “align corporate culture, corporate activities and behaviour with the expectation that the bank will operate in a safe and sound manner, with integrity and in compliance with applicable laws and regulations”.
Drawing from an international peer review of practices conducted in February this year, the FSB noted that both national authorities and banks to establish effective risk governance frameworks and to enumerate expectations for third-party reviews of the framework need more work.
National authorities need to strengthen their ability to assess the effectiveness of a bank’s risk governance and its risk culture and should engage more frequently with the board and its risk and audit committees.
Any doubt that the Australian system of prudential supervision and board oversight of risk management was as sound relative to other international regimes was put to bed by the FSB guidelines in at least the 1st and 3rd bullet points of the following:
“Cases of misconduct have been identified as stemming from:
- the mis-selling of financial products to retail and business clients;
- the violation of national and international rules (tax rules, anti-money laundering rules, anti-terrorism rules, economic sanctions, etc); and
- the manipulation of financial markets – for instance, the manipulation of Libor rates and foreign exchange rates.
The board should set the “tone at the top” and oversee management’s role in fostering and maintaining a sound corporate and risk culture. Management should develop a written code of ethics or a code of conduct. Either code is intended to foster a culture of honesty and accountability to protect the interest of its customers and shareholders.”
Principle 1 of the guidelines specifically requires bank boards to
- “play a lead role in establishing the bank’s corporate culture and values”; and
- “oversee the bank’s approach to compensation, including monitoring and reviewing executive compensation and assessing whether it is aligned with the bank’s risk culture and risk appetite;”
To date it could be successfully argued that the banks, in varying degrees, have undertaken the latter. However, judging from comments from APRA, ASIC Treasury and others, Australian bank (and life insurer) boards have a way to go with the former.
It is worth quoting how the FSB sees boards acting on creating and maintaining an appropriate culture:
“A fundamental component of good governance is a corporate culture of reinforcing appropriate norms for responsible and ethical behaviour. These norms are especially critical in terms of a bank’s risk awareness, risk-taking behaviour and risk management (i.e. the bank’s “risk culture”).
In order to promote a sound corporate culture, the board should reinforce the “tone at the top” by:
- setting and adhering to corporate values that create expectations that all business should be conducted in a legal and ethical manner, and overseeing the adherence to such values by senior management and other employees;
- promoting risk awareness within a strong risk culture, conveying the board’s expectation that it does not support excessive risk-taking and that all employees are responsible for helping the bank operate within the established risk appetite and risk limits;
- confirming that appropriate steps have been or are being taken to communicate throughout the bank the corporate values, professional standards or codes of conduct it sets, together with supporting policies; and
- confirming that employees, including senior management, are aware that appropriate disciplinary or other actions will follow unacceptable behaviours and transgressions.
A bank’s code of conduct or code of ethics, or comparable policy, should define acceptable and unacceptable behaviours.
- It should explicitly disallow illegal activity, such as financial misreporting and misconduct, economic crime including fraud, breach of sanctions, money laundering, anti-competitive practices, bribery and corruption, or the violation of consumer rights.
- It should make clear that employees are expected to conduct themselves ethically and perform their job with skill and due care and diligence in addition to complying with laws, regulations and company policies.
The bank’s corporate values should recognise the critical importance of timely and frank discussion and escalation of problems to higher levels within the organisation.
- Employees should be encouraged and able to communicate, confidentially and without the risk of reprisal, legitimate concerns about illegal, unethical or questionable practices. This can be facilitated through a well communicated policy and adequate procedures and processes, consistent with national law, which allow employees to communicate material and bona fide concerns and observations of any violations in a confidential manner (e.g. whistleblower policy). This includes communicating material concerns to the bank’s supervisor.
- The board should have oversight of the whistleblowing policy mechanism and ensuring that senior management addresses legitimate issues that are raised. The board should take responsibility for ensuring that staff who raise concerns are protected from detrimental treatment or reprisals.
- The board should oversee and approve how and by whom legitimate material concerns shall be investigated and addressed by an objective independent internal or external body, senior management and/or the board itself.”
Other aspects of the guidelines are, more or less, well established for APRA regulated institutions. However, it is a short read that board members could use as a checklist for their own companies.
The revised Guidelines are available HERE.
© Guerdon Associates 2023 Back to all articles