LISTEN TO AUDIO VERSION:
Consolidation of existing regulations with minor enhancements to risk governance
In order to reinforce these increased requirements for sound corporate governance, in the last years, the BIS has updated its “Principles for enhancing corporate governance” guidance of October 2010 to the new “Corporate governance principles for banks” guidelines (BCBS 328) published in July 2015.
The BCBS 328 principles cover various topics concerning the governance of banks with a strong focus on risk management. According to zeb, These principles provide recommendations that can be clustered into four main blocks: (risk) governance, independent internal control, external control and supporting factors.
Corporate governance principles for banks
Strengthening risk governance involves a definition of distinct roles and responsibilities as well as a fine-tuned and clearly communicated risk profile. The board has to set clear standards for its own structures, qualifications and practices and assumes the ultimate responsibility for the bank’s strategic and risk management. Support and involvement of the senior management based on a holistic risk culture are further important factors for a sound risk governance. Independent internal control is mainly performed by the compliance and internal audit functions with the aim of preventing the institution from misconduct. External control by supervisors needs to be supported by proper disclosure and transparency processes. In order to support sound corporate governance, an appropriate risk-oriented compensation strategy as well as the understanding of group structures are important factors.
Although the mentioned principles are already covered — to a large extent — by a wide range of regulations on national and international level, it is worth having a closer look at the few aspects that are further detailed or rephrased in the BCBS 328 paper.
From a German regulatory perspective, the main components of the corporate governance principles are reflected in the Minimum Requirements for Risk Management (Mindestanforderungen an das Risikomanagement, MaRisk), the German Banking Act (Kreditwesengesetz, KGW) and the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). Further international regulations such as the Capital Requirements Directive IV (CRD IV), the Supervisory Review and Evaluation Process (SREP) and the OECD Principles on Corporate Governance take up similar principles.
Gap analysis with existing regulation
While—as illustrated in Figure 2—in the fields of internal and external control as well as supporting factors, no significant new aspects have been brought up, there are some refinements in the area of (risk) governance.
The focus on the board’s direct responsibility in terms of creating sound corporate culture and values is an important component underlined by the Corporate Governance Principles for Banks, but not covered by existing regulations such as KWG, DCGK and Guidance Notices for Managers as well as OECD Principles of Corporate Governance or CRD IV to the same extent. The direct oversight of the risk appetite and control framework is another main component of the board’s responsibilities that is not fully covered by the mentioned regulations.
It is noteworthy that the BCBS guidelines define the board (of directors) as the body that supervises management. In comparable German regulations such as the MaRisk and KWG, the overall responsibility for risk management lies with the executive board (senior management) level. The new BIS paper expands the guidance within the board of directors’ role to include their final responsibility for and oversight of the implementation of effective governance and risk management systems.
With the MaRisk as the main German regulation defining minimum standards for proper risk management, large parts of the guidelines on risk governance are already in place. Nevertheless, BCBS 328 puts additional focus on aspects such as backtesting of risk measures as well as risk mitigation activities that are not fully reflected in the existing regulations (even if they have already been largely implemented). While in existing regulations, risk communication is only dealt with superficially, it represents one distinct principle in the BCBS guidelines. Especially in terms of supporting a strong risk culture (link: BankingHub, No Comprehensive Risk Management Without Risk Culture) and prohibiting organizational silos, reporting and communication are pointed out as an integral part of sound governance.
In general, the new principles of corporate governance consolidate existing regulations and guidelines, enhanced by some aspects of corporate (risk) control that have come more and more into focus in the recent years.
By pursuing the three main objectives
- reinforcing collective oversight and risk governance responsibilities of the board,
- emphasizing key components of risk governance (e.g. risk culture, risk appetite and its link to risk capacity), and
- defining roles and responsibilities of the board, senior management and the control functions,
the BCBS paper sets new comprehensive guidelines for a best-practice corporate governance in banks. Even if does not include too many surprisingly new requirements, institutions are well-advised to identify, assess and close existing gaps in order to improve internal governance as well as to meet the future demand of various stakeholders.