Basel II and Corporate Governance in Financial...

Basel II and Corporate Governance inFinancial Institutions

Tel Aviv, 26 May 2009

*connectedthinking

Basel II and Corporate Governance

PricewaterhouseCoopers

26 May 2009

Agenda

• Basel Committee Corporate Governance Principles

• CEBS Guidance on Corporate Governance

• Governance issues identified during the financial crisis

• Revised Corporate Governance Guidance in response tofinancial crisis



26 May 2009

The first set of Corporate Governance Principles were issued in1999

• In its guidance, the Basel Committee defines corporate governance as:

The manner in which the business and affairs of individual financial institutions aregoverned by their boards of directors and senior management

• As such, corporate governance affects how banks:

- set corporate objectives (including generating returns to owners);

- run the day-to-day operations of the business;

- consider the interests of recognised stakeholders;

- align corporate activities and behaviours with the expectation that banks willoperate in a safe and sound manner; and

- protect the interests of depositors.

• The principles were revised in 2006 to reflect guidance on corporate governanceissued by the OECD in 2004

Basel Committee Corporate Governance Principles



26 May 2009

Basel Committee Principles on Corporate Governance (2006)

1. Board members should be qualified for their positions, have a clear understandingof their role in corporate governance and be able to exercise sound judgment aboutthe affairs of the bank

2. The board of directors should approve and oversee the bank’s strategic objectivesand corporate values that are communicated throughout the banking organisation.

3. The board of directors should set and enforce clear lines of responsibility andaccountability throughout the organisation

4. The board should ensure that there is appropriate oversight by senior managementconsistent with board policy

5. The board and senior management should effectively utilise the work conducted bythe internal audit function, external auditors, and internal control functions

6. The board should ensure that compensation policies and practices are consistentwith the bank’s corporate culture, long-term objectives and strategy, and controlenvironment

7. The bank should be governed in a transparent manner8. The board and senior management should understand the bank’s operational

structure, including where the bank operates in jurisdictions, or through structures,that impede transparency (i.e. “know-your-structure”)

Basel Committee Corporate Governance Principles



26 May 2009

Agenda







26 May 2009

The Committee of European Banking Supervisors incorporatedthe Corporate Governance Principles in its Pillar 2 guidance

• In 2006, the Committee of European Banking supervisorsissued 21 Principles of Corporate Governance as part of itsPillar 2 guidance to European financial institutions;

• While Basel focuses on the Board and Senior Management,additional guidance on the internal control functions isincluded at CEBS level:

- Risk Management;

- Compliance;

- Internal Audit.

CEBS Guidance on corporate governance



26 May 2009

CEBS guidance on internal control functions

• Institutions should establish, making adequate allowance for the principleof proportionality, the following three primary functions in order toimplement an effective and comprehensive system of internal control in allareas of the institution, namely:

i. risk control function;

ii. compliance function; and

iii. internal audit function.

• The risk control function should ensure compliance with risk policies.

• The compliance function should identify and assess compliance risk.

• The internal audit function should allow the management body to ensurethat the quality of the internal controls is both effective and efficient;

• The internal control functions should be independent of the business linesthey monitor and control.




26 May 2009

Independence of internal control functions – conditions:

• Staff do not perform any tasks that fall within the scope of the activities thefunction is intended to monitor and control;

• The function is organisationally separate from the activities it is assigned tomonitor and control;

• The head of the function is subordinated to a person who has noresponsibilities for managing the activities that are being monitored andcontrolled;

• The head of the function reports directly to the management body and/orthe audit committee, and is present at least once a year at meetings of thebody it reports to;

• The remuneration of the control function staff is not linked to theperformance of the activities that the control function is intended to monitorand control.




26 May 2009

Agenda







26 May 2009

The financial crisis highlighted a number of issues with respect toCorporate Governance in Financial institutions

• The Senior Supervisors Group (comprising supervisors from the US, UK,Germany, France and Switzerland) identified a number of differences in theapproach of senior management to the market turmoil in 2007;

• These differences centred on four areas:- the balance that a firm’s senior management in general achieved

between its desire to do business and its appetite for risk as reflected inthe tone set for developing or enforcing controls on the resulting risks;

- the role that senior management played in identifying andunderstanding material risks and acting on that understanding tomitigate excessive risks;

- the efforts that senior management undertook to surmountorganizational structures that tended to delay, divert, or distort the flowof information up the management chain of the firm; and

- the breadth and depth of cross-disciplinary discussions andcommunication of insight into relevant risks across the firm.

Governance issues identified in financial crisis



26 May 2009

Governance issues identified in firms that experienced largerlosses

• Firms appeared to have been under pressure over the short term either to expandthe business aggressively, to a point beyond the capacity of the relevant controlinfrastructure, or to defend a market leadership position.

• Senior management championed the expansion of risk without commensuratefocus on controls across the organization or at the business-line level.

• Senior management’s drive to generate earnings was not accompanied by clearguidance on the tolerance for expanding exposures to risk. For example, balancesheet limits may have been freely exceeded rather than serving as a constraint tobusiness lines.

• Focus on growth without an appropriate focus on controls resulted in a substantialaccumulation of assets and contingent liquidity risk that was not well recognised.

• Some of the executive leaders did not have a sufficient degree of experience incapital markets and did not advocate quick, strong, and disciplined responses.

• Hierarchical structures served as filters when information was sent up themanagement chain, leading to delays or distortions in sharing important data withsenior management

• The existence of organizational “silos” tended to ‘compartmentalise’ information.This inadvertent restriction on the flow of key information left different businessareas to make decisions in isolation and in ignorance of other areas’ insight.

Governance issues identified in financial crisis



26 May 2009

Agenda







26 May 2009

Substantial new guidance on corporate governance and riskmanagement has emerged in response to the crisis

• Report of the IIF Committee on Market Best Practices settingout principles of conduct and best practice recommendations;

• Basel Committee consultation paper on enhancements to theBasel II framework;

• CEBS consultation paper on high level principles for riskmanagement;

• Numerous additional papers from G10, G20, Financial StabilityForum, etc. on aspects of corporate governance and riskmanagement.

Revised guidance in response to the financial crisis



26 May 2009

Basel Committee provides guidance on firm wide governanceand risk management

• Clear expectations for boards of directors and senior managementto:

- understand the firm-wide risk profile;

- aggregate firm-wide exposure information in a timely mannerusing easy to understand and multiple metrics;

- define the risk appetite in a manner that considers long-termperformance over the cycle;

- ensure that accountability and lines of authority are clearlydelineated;

- embed risk management in the culture of the bank; and

- set clear incentives across the firm to control risk exposures andconcentrations in accordance with the stated risk appetite.




26 May 2009

In addition, focus is put on managing risk and returns over thelonger term

• Banks should establish appropriate incentives throughout the firm to reflect thelong-term risks and rewards associated with their respective business models;

• Sound compensation schemes are seen as key part of the risk managementprocess:

- Compensation policies should not be linked unduly to short-term accountingprofits. They should be linked to longer-term capital preservation and considerrisk-adjusted performance measures;

- Banks should provide adequate disclosure on its compensation policies tostakeholders;

- The Board and senior management have the responsibility to mitigate risksarising from remuneration policies to ensure effective risk management.

• Banks should also focus on effective and efficient capital planning as well as long-term capital maintenance:

- Capital planning process to include rigorous, forward looking stress testing;

- Banks should hold capital buffers that can be drawn down in crisis situations.




26 May 2009

CEBS issued high level principles on risk management inresponse to the crisis, echoing the Basel Committee guidance

• Review of existing risk management guidelines identifiedgaps in the areas of:

(i) governance and risk culture;

(ii) risk appetite and risk tolerance;

(iii) the role of the Chief Risk Officer and risk managementfunctions;

(iv) risk models and integration of risk management areas;

(v) new product approval policy and process




26 May 2009

Governance and risk culture

• Banks should establish a comprehensive and independentrisk management function under direct responsibility of thesenior management.

• The management body should have a full understanding ofthe nature of the business and its associated risks.

• Every member of the organisation must be constantlyaware of his responsibilities relating to the identification andreporting of risks and other roles within the organisation andthe associated responsibilities to these roles.

• Institutions must implement a consistent risk culture andestablish sound risk governance supported by an appropriatecommunication policy.




26 May 2009

Risk appetite and risk tolerance

• Risk tolerance (defined by CEBS as the level of risks an institution can accept totake within regulatory and supervisory constraints) should take all relevant risksinto account and depends not only on intrinsic risk aversion, but also on the currentfinancial situation of the institution and its strategic direction.

• It is important that institutions set risk appetite targets, and that the targets beconsistent with one another.

• In setting a risk appetite or risk tolerance level, the institution has to take allrelevant risks to the institution into account.

• The management body and senior management are responsible for setting theinstitution’s risk appetite or risk tolerance at a level which is commensurate withsound operation and the strategic goals of the institution.

• The roles of the management body and senior management in the oversight ofrisks should be clearly and explicitly defined.

• Senior management should be responsible for risk management on a day-to-day basis, under the oversight of the management body.




26 May 2009

Best practice recommendations on risk appetite(IIF report on market best practices)

• A firm’s risk appetite will contain both qualitative and quantitativeelements:- Its quantitative elements should be precisely identified.- Clearly defined qualitative elements should help the Board and senior

management assess the firm’s current risk level relative to risk appetiteas adopted;

- By expressing elements of the risk appetite quantitatively, the Boardcan assess whether the firm has performed in line with its stated riskappetite.

• Risk appetite should be the basis on which risk limits are established;• The firm’s risk appetite should be connected to its overall business

strategy (including assessment of business opportunities) and capital plan;• Firms should involve the risk-management function from the beginning

of the business planning process to test how growth or revenue targets fitwith the firm’s risk appetite and to assess potential downsides.




26 May 2009

The role of Chief Risk Officer and the risk management function

• The institution should appoint a person responsible for the risk managementfunction across the entire organisation, and for coordinating the activities ofother units relating to the institution’s risk management framework. Normally thisperson is the Chief Risk Officer (CRO).

• The CRO (or equivalent) should have sufficient independence and seniority toenable him to challenge (and potentially veto) the decision-making process of theinstitution.

• The CRO should have expertise which matches the institution’s risk profile.• The risk management function should also have expertise which matches the

institution’s risk profile.• The risk management function should be actively involved, at an early stage, in the

elaboration of the institution’s strategy and decision-making on business activities.• Institutions should ensure that the risk management function is independent

from the operational units whose activities they review.• The management of risks should not be confined to the risk management function.• The management body and senior management should be responsible for

allocating resources to the risk management function in sufficient amountsand quality to allow it to fulfil its missions.


© 2009 PricewaterhouseCoopers. All rights reserved. “PricewaterhouseCoopers” refers to the networkof member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independentlegal entity. *connectedthinking is a trademark of PricewaterhouseCoopers LLP (US).

Thank you for your attention*

Contact details:Monika Mars+31 20 568 [email protected]

Basel II and Corporate Governance in Financial...

Documents

Transcript of Basel II and Corporate Governance in Financial...