1 | RECOMMENDATION: As a matter of policy, boards should be encouraged to take a broad based view of Corporate Governance which encompasses the totality of their role. In addition those who maintain codes of Corporate Governance should ensure that a broad based view is incorporated into their respective codes. This may require changes in the law, which should be consistent across territories and it may also require considerable further work in developing appropriate guidance to assist boards and individual directors to discharge these duties |
2 | RECOMMENDATION: Remuneration committees should oversee the broad principles underpinning remuneration of senior managers throughout the organisation, especially where there is a high contingent of conditional remuneration (bonuses) which has the potential significantly to influence the nature of risk-taking in the organisation. |
3 | RECOMMENDATION: As a matter of policy, mechanisms of enforcing compliance with Corporate Governance Codes should be reviewed. Such mechanisms need to be effective, easily implemented and should have teeth. |
4 | RECOMMENDATION: As a matter of policy, in order to reduce the scope for regulatory arbitrage, codes of Corporate Governance should be brought closer in line, as far as possible. |
5 | RECOMMENDATION: There is a clear and urgent need for better guidance for directors on implementing and assessing risk management and assurance frameworks in large corporations. This guidance needs to be provided as an international framework that works across boundaries. It is probably not appropriate to use the International Standards Organisation (which currently has a draft standard: ISO 31000 on exposure) because of the nature of the compromises that are forced by the standard-setting process. |
6 | RECOMMENDATION: The international banking regulators should consider further how the Core Provisions for Effective Banking Supervision which relate to the matters of Corporate Governance as set out in this paper are dealt with effectively both by the national supervisors, and also by the banks themselves. |
7 | RECOMMENDATION: As a matter of policy, there should be a new focus on the assurance role of the board, and how that should be discharged. Often referred to as oversight, this implies a rather passive role. By introducing the term “assurance”, boards should be encouraged to be more pro-active in this role. |
8 | RECOMMENDATION: In the case of organisations that have a broad societal impact, and who therefore owe a duty of care to society at large, directors and officers should owe a legal duty to discharge their Corporate Governance responsibilities with due and diligent care. This legal duty should be broadly equivalent in all jurisdictions to avoid regulatory arbitrage. |
9 | RECOMMENDATION: The code developers and the international banking regulators should review the Codes of Corporate Governance that societally important banks are required to comply with, that these codes should where possible be harmonised with the requirements of the Core Principles for Effective Banking Supervision issued by the Basel Committee on Banking Supervision and should take into account the recommendations made elsewhere in this paper. |
10 | RECOMMENDATION: The international banking regulators should initiate a programme for the professionalization of management in the banking sector. This would involve the ultimate introduction of a professional qualification. This should be overseen by a new professional body which would award the qualification, oversee professional ethics and act as a guardian of high standards of professional behaviour by individuals. Members of existing professions might remain subject to their own professional codes, although there might need to be a meta-professional code that cuts across all professions in the banking sector. |
11 | RECOMMENDATION: Where their complexity demands it, banks should be encouraged to develop more sophisticated holistic risk frameworks within which they can manage risk better. |
12 | RECOMMENDATION: Banks should be encouraged to think in terms of a balanced risk approach which balances the behaviours associated with the risks being taken and those being avoided, and which is also cognisant of the risks associated with its performance culture and ethical approach to business. |
13 | RECOMMENDATION: All banking institutions should periodically assess their risk management maturity and identify what steps they need to take in order to develop into Risk Intelligent Organisations. |
14 | RECOMMENDATION: Boards should take formal responsibility for setting, managing and periodically assessing the risk management culture of the organisation. This will facilitate a better approach to managing risk throughout the organisation. |
15 | RECOMMENDATION: Boards should take formal responsibility for setting the scope of risk management activities right round the operations of the institution and its business activities to ensure that risks are identified, assessed, managed and monitored in an appropriate manner, in the light of the risk culture. |
16 | RECOMMENDATION: There should be a single meaning of risk management in each institution which encompasses different roles and responsibilities, and which facilitates information and communication between different parts and different levels of the hierarchy within the organisation. The definition should be agreed and communicated by the board. |
17 | RECOMMENDATION: In view of the complexity of this area, the international banking regulators should be asked to explore appropriate mechanisms for recording and aggregating risks and responses, which would then facilitate better risk sharing between organisations and with banking regulators and supervisors. It is possible that risk information provided to regulators in XBRL (eXtensible Business Reporting Language), using a common risk taxonomy, could well form the basis of this approach. |
18 | RECOMMENDATION: The international banking regulators should be encouraged to invest in research into practical ways of understanding, measuring and monitoring risk appetite. This is currently a long way from fruition. |
19 | RECOMMENDATION: Non-executive directors should play a key role in stress-testing the bank, its long term strategy and other strategic risks. This is not to dampen the entrepreneurial spirit, but rather to ensure that risk taking is done in a proportionate and managed way. |
20 | RECOMMENDATION: Each board should formally review the ethics programme of their institution on a regular basis and should take regular soundings to ensure that it remains effective. Directors should take steps to ensure that the “dangerous silence” is addressed so that individuals can raise appropriate and reasonable grievances or concerns in a manner which is not harmful to their personal well-being. This potentially goes much further than traditional whistle-blowing programmes. In addition, boards need to take action to ensure that their organisation is living up to the ethical values they have chosen so they should have full programmes that include not just communication but training, discussion, reporting and leading by example. |
21 | RECOMMENDATION: The International Banking Supervisors and Regulators should explore mechanisms for sharing risk data between participating banks where risks cross organisational boundaries. In this regard there may be an opportunity to leverage the work referred to earlier about risk taxonomies and the use of a risk variant of XBRL. |
22 | RECOMMENDATION: The board should develop an assurance map which should be updated regularly as events dictate, but no less that at least annually. |
23 | RECOMMENDATION: There should be a risk management group or function, headed by a senior individual with direct access to the board. This individual should be responsible for all aspects of the risk framework throughout the bank. |
24 | RECOMMENDATION: All boards should review their internal audit departments to ensure that they are appropriately resourced, headed by a heavy weight individual with access to the board, and that they are adequately funded. Management should not be empowered to impose restrictions on the internal audit department. |
25 | RECOMMENDATION: All boards should prepare a schedule of key assurance role holders, and that they should ensure that these role holders and their teams are appropriately resourced and funded and report independently of management to the board on a regular basis. |
26 | RECOMMENDATION: All boards should consider the appointment of a Chief Assurance Officer or Director of Risk Management and Assurance, and consideration should be given to appointing this individual to the board, and ensuring that they have the appropriate status in the organisation, reporting directly to the Chairman (where the roles of Chairman and Chief executive are split) or otherwise to the Chair of the Audit Committee. Where such an individual is appointed, the Head of Internal Audit and the Head of Risk Management should report directly to them, as well as having an open line into the board room. |
27 | RECOMMENDATION: The banking regulators and supervisors should consider encouraging, or in some cases where the societal duties require it, instructing boards to appoint full time non-executive directors to act as an effective counter balance to the executive management. |
28 | RECOMMENDATION: Banking regulators and supervisors should require banks to commission periodic governance audits as outlined above. Such audits should be carried out be an independent organisation and should not be conducted by the current external auditors. |