These EBA Guidelines supersede earlier Guidelines on internal governance, such as the High-level Principles for Remuneration Policies, the High Level Principles for Risk Management and section 2.1 of the Guidelines on the Application of the Supervisory Review Process under Pillar 2.
Article 22 of Directive 2006/48/EC requires “that every credit institution has robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, adequate internal control mechanisms, including sound administrative and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management”. Article 73(3) of Directive 2006/48/EC requires that Article 22 also applies to parent undertakings and subsidiaries on a consolidated or sub-consolidated basis
In order to meet these requirements under Article 22 of the Directive, these new Guidelines have been prepared. The Guidelines deal with a number of subjects:
- The chapter on “Corporate Structure and Organisation” aims at limiting opaque activities using non-supervised structures. The concept of checks and balances in group structures is discussed in more detail and the “know-your-structure” principle is introduced.
- The chapter on “Management Body” was enhanced by adding guidelines on the composition, appointment and succession and the qualifications of the management body, which focus more on the use of committees and the identification and management of conflicts of interest. As lack of oversight was one of the most significant weaknesses identified in the financial crisis, the aim of this part of the Guidelines is to ensure that members of the management body (especially in its supervisory function) devote sufficient time to their functions. Finally, the responsibilities of the management body regarding outsourcing and setting the remuneration policy have also been added to the Guidelines, for completeness of the overview of the Management Body functions.
- The third chapter on “Risk Management” reflects large parts of the High Level Principles for Risk Management. Other aspects of the high level principles have been reformulated, such as risk appetite and risk tolerance.
- The chapter on “Internal Control” is aimed at ensuring the proper staffing of the control function, as formerly the control functions were not given sufficient resources to fulfil their duties. The principles also deal with the issue of unapproved exposures, aimed at implementing adequate processes for monitoring the set limits and taking appropriate actions where necessary.
- The chapter on “Systems and Continuity” contains new guidelines on information and communication systems and business continuity management. Instead of formulating extensive requirements, the Guidelines refer to generally accepted standards on this matter.
- The last chapter on “Transparency” deals with public disclosure and transparency and has been taken over from the former CEBS Internal Governance Guidelines with only limited amendments.
Article 22 of Directive 2006/48/EC