Corporate Governance Principles for Banks - Executive Summary
In July 2015, the Basel Committee on Banking Supervision published its updated corporate governance principles for banks. The 13 revised principles provide a framework within which banks and supervisors should operate to achieve robust and transparent risk management and decision-making. Sound corporate governance of banks can promote public confidence and uphold the safety and soundness of the banking system.
Given significant differences in legislative and regulatory frameworks across jurisdictions that may restrict the application of certain principles, each jurisdiction should apply the provisions as the national authorities see fit. The implementation of these principles should also be commensurate with the size, complexity, structure, economic significance, risk profile and business model of the bank and the group (if any) to which it belongs.
The 13 principles
Principle 1 emphasises the board's overall responsibility for the bank
The board is responsible for approving and overseeing management's implementation of the bank's strategic objectives, governance framework and corporate culture. In particular, the board has ultimate responsibility for the bank's business strategy and financial soundness; key personnel decisions; internal organisation, governance structure and practices; and risk management and compliance obligations. The board should also ensure that the bank maintains an effective relationship with its supervisors. The members of the board should exercise their "duty of care" and "duty of loyalty" to the bank.
Principle 2 specifies requirements for board qualifications and composition
The board should have an appropriate balance of skills, diversity and expertise commensurate with the size, complexity and risk profile of the bank. Board members should be (and remain) qualified, individually and collectively, for their positions. They should understand their oversight and corporate governance role and be able to exercise sound and objective judgment about the affairs of the bank. Boards should have a clear and rigorous process for identifying, assessing and selecting board candidates. Board members should not have any conflicts of interest that may impede their ability to perform their duties independently and objectively.
Principle 3 describes the appropriate board structure and practices
The board should undertake regular assessments of its performance, the role of the chair and the board committees. The chair of the board plays a crucial role in the proper functioning of the board and should be an independent or non-executive board member. Board committees on audit, risk and compensation are required for systemically important banks and strongly recommended for other banks. The board should oversee the implementation and operation of policies to identify potential conflicts of interest.
Principle 4 sets guidance regarding banks' senior management
There should be clarity on the role, competencies, appointment process, delegation of duties and accountability of the senior management. It should manage a bank's activities in a manner consistent with the business strategy, risk appetite, remuneration and other policies approved by the board. Senior management should provide the board with the information it needs to carry out its responsibilities. It should keep the board informed on all material matters, including changes in business strategy, financial conditions, breaches of risk limits, legal or regulatory concerns and issues raised from the bank's whistleblowing procedures.
Principle 5 covers the governance of group structures
The board of the parent company should be aware of material risks and issues that might affect the banking group and its subsidiaries. It should exercise adequate oversight over subsidiaries while respecting the independent legal and governance responsibilities of subsidiary boards. Subsidiary boards and senior management remain responsible for developing effective risk management processes for their entities. Structures for specific legal, regulatory or tax purposes should not impede the ability of the board and senior management to conduct appropriate business oversight nor hinder effective banking supervision.
Principle 6 sets guidance for the risk management function
Banks should have an effective independent risk management function, under the direction of a chief risk officer (CRO), with sufficient stature, independence, resources and access to the board. Key activities of the risk management function should include identifying, assessing, continuously monitoring, mitigating and reporting all material individual, aggregate and emerging risks. Appointment, dismissal and other changes to the CRO position should be approved by the board or its risk committee.
Principle 7 covers risk identification, monitoring and controlling
A risk governance framework should include policies supported by appropriate control procedures and processes designed to ensure that a bank's risk identification, aggregation, mitigation and monitoring capabilities are commensurate with its size, complexity and risk profile. Such a framework should encompass all material risks to the bank, on and off balance sheet and on a group-wide, portfolio-wise and business-line level. Banks should use stress tests and scenario analyses to better understand their risk exposures under different adverse circumstances. Special attention should be given to the quality, completeness and accuracy of data used for taking risk-related decisions.
Principle 8 sets guidance for risk communication
Risk-related information should be communicated within a bank and to the board and senior management in a timely, accurate and understandable manner. Banks should avoid organisational "silos" that can impede information-sharing.
Principle 9 covers the compliance function
The bank's board is responsible for overseeing the management of the bank's compliance risk. The board should establish an independent compliance function and approve the bank's policies and processes for identifying, assessing, monitoring and reporting, and advising on compliance risk. The compliance function should report directly to the board and is responsible for ensuring that the bank operates with integrity and in compliance with applicable, laws, regulations and internal policies.
Principle 10 sets guidance for internal audit
The internal audit function should have a clear mandate, be accountable to the board and be independent from audited activities. It should have sufficient standing, skills, resources and authority within the bank to be able to provide an independent assurance to the board and senior management on the quality and effectiveness of the bank's internal control, risk management and governance systems and processes.
Principle 11 explains how a bank's compensation structure should support sound corporate governance
The remuneration structure should be in line with the business and risk strategy, objectives, values and long-term interests of the bank. It should reflect risk-taking and risk outcomes and incorporate measures to prevent conflicts of interest. The board is responsible for the overall oversight of management's implementation of the remuneration system and should regularly monitor and review outcomes to assess whether the bank-wide remuneration system is creating the desired incentives for managing risk, capital and liquidity.
Principle 12 covers disclosure and transparency of a bank's governance to its shareholders, depositors, other stakeholders and market participants
Such disclosure should include material information on the bank's objectives, organisational and governance structures and policies, major share ownership and voting rights, related-party transactions, recruitment and compensation policies, and key information concerning its risk exposures and risk management.
Principle 13 describes the role of supervisors in fostering sound corporate governance
Supervisors should provide guidance for and supervise corporate governance at banks, including through comprehensive evaluations and regular interaction with boards and senior management. They should require improvement and remedial action as necessary and share information on corporate governance with other supervisors.
This Executive Summary and related tutorials are also available in FSI Connect, the online learning tool of the Bank for International Settlements.