70518 Corporate Governance for Banks in Southeast Europe Policy Brief © Copyright 2012. All rights reserved. International Finance Corporation 2121 Pennsylvania Avenue, NW, Washington, DC 20433 European Bank for Reconstruction and Development One Exchange Square London EC2A 2JN United Kingdom The findings, interpretations, and conclusions expressed in this publication should not be attributed in any manner to the International Finance Corporation (IFC) and/or to the European Bank for Reconstruction and Development (EBRD) and their affiliated organizations, or to members of their boards of directors or the countries they represent. IFC and EBRD do not guarantee the accuracy of the data included in this publication and accept no responsibility for any consequence of their use. The material in this work is protected by copyright. IFC and EBRD encourage dissemination of this publication and hereby grant permission to users of this work to copy portions for their personal, noncommercial use, without any right to resell, redistribute, or create derivative works there from. Any other copying or use of this work requires the express written permission of the International Finance Corporation. For permission to photocopy or reprint, please send a request with complete information to: International Finance Corporation c/o the World Bank Permissions Desk Office of the Publisher 1818 H Street, NW Washington, DC, 20433 All queries on rights and licenses including subsidiary rights should be addressed to: International Finance Corporation c/o Office of the Publisher World Bank 1818 H Street, NW Washington DC, 20433 Or, fax (202) 522-2422. The Policy Brief on Corporate Governance for Banks in Southeast Europe preparation and publication was made possible with the support of the Development Bank of Austria (OeEB) and the Government of Luxembourg. Contents I. Introduction...........................................................................................................................................5 II. Overview of bank corporate governance in SEE................................................................................7 III. Sound corporate governance principles............................................................................................ 11 A. Board practices................................................................................................................................ 11 A1. Responsibilities of the board....................................................................................................... 12 A2. Qualifications............................................................................................................................ 14 A3. Training..................................................................................................................................... 15 A4. Composition.............................................................................................................................. 16 A5. Role of the Chair....................................................................................................................... 23 A6. Board committees..................................................................................................................... 24 A7. Group structures........................................................................................................................ 29 A8. Performance-improvement plans (evaluations)........................................................................... 32 B. Risk management and internal controls............................................................................................34 B1. Risk management versus internal control....................................................................................34 B2. Chief risk officer or equivalent ...................................................................................................36 B3. Risk methodologies and activities...............................................................................................38 C. Compensation.................................................................................................................................40 D. Disclosure and transparency............................................................................................................. 43 IV. The role of supervisors.......................................................................................................................50 A. Guidance by supervisors...................................................................................................................50 B. Monitoring...................................................................................................................................... 52 C. Remedial action...............................................................................................................................54 D. Home-host supervisory cooperation................................................................................................. 55 V. Promoting an environment that supports sound governance........................................................56 VI. Additional issues................................................................................................................................. 57 A. State ownership of banks................................................................................................................. 57 B. Monitoring of borrower governance................................................................................................ 57 VII. Annexes...............................................................................................................................................59 A. Southeast Europe Policy Brief Contributors....................................................................................... 59 B. Important sources of guidance on bank governance......................................................................... 63 C. Synopsis: BCBS Enhancing corporate governance for banking organizations (2006).......................... 65 D. Synopsis: BCBS Principles for enhancing corporate governance banking organizations (2010)............66 E. Additional Information from EBRD SEE Bank Assessments................................................................68 E1. Board Structures in SEE...............................................................................................................68 E2. Ownership of SEE Banks............................................................................................................. 70 E3. Supervisor oversight of remuneration practices........................................................................... 74 List of Acronyms ALCO Asset-liability committee BCBS Basel Committee on Banking Supervision BIS Bank for International Settlements BSCEE Banking Supervisors from Central and Eastern Europe CRD3 Third Amendment to European Commission’s Capital Requirements Directive CRO Chief Risk Officer EBRD European Bank for Reconstruction and Development IFRS International Financial Reporting Standards OECD Organisation for Economic Co-operation and Development SEE Southeast Europe 4 Policy Brief Corporate Governance for Banks in Southeast Europe I. Introduction The stability of global financial markets came into the spotlight as a result of the financial crisis of 2007–2010. At the heart of the crisis were investments whose assets had been derived from bundled home loans. Exposure to such mortgage-backed securities, and to the credit derivatives that were used to insure them, caused the collapse or takeover of several large financial firms such as Lehman Brothers, AIG, and Merrill Lynch.1 Global financial markets allowed the crisis, which originated in the United States, to spread to Europe and worldwide. Initially a crisis of the financial sector, the impact quickly spread. Financial institutions that were forced to deleverage and to pay back obligations created a solvency crisis that made its impact felt in real markets and eventually caused a decrease in international trade. The fundamental origins of the crisis have been The Importance of Governance ascribed to the following: 1) housing and monetary policy; 2) subprime lending; 3) easy credit conditions; It is not a question of whether we need “ and 4) the rapid deflation of a housing bubble. corporate governance, but how to do it Corporate governance practices of the firms involved and survive.� are not generally understood to be the origin, though Zoran Bohacek, Croatia they do appear to have played a role. An inquiry into the causes of the crisis in the United States took the view that corporate governance and, in particular, Here we have a once-in-a-lifetime “ risk management practices at systemically important opportunity after the financial crisis, financial institutions were factors that allowed the crisis which really stress-tested our governance to develop.2 Others have argued that governance was systems, and we have to respond.� a major cause and that its role was greater than simply Peter Dey, Canada letting a bad situation get worse.3 In any event, the crisis has been an opportunity to We strongly believe that the improvement “ reexamine corporate governance practices in banks of corporate governance will contribute to and other financial institutions, to establish their role the creation of a better, stronger and more in the crisis, and to learn from past mistakes. Such an sustainable banking system in the region.� examination is without doubt salutary. It has become Kiyoshi Nishimura, Japan a global exercise, extending beyond those countries directly involved in the meltdown, to developing countries, emerging markets, and transition economies. Banks in Southeast Europe, whose governance is seen as an important aspect of their successful integration into the European Union and the global family of banks, have also come under scrutiny. This Policy Brief emanates from the reflections of a High Level Policy Group composed of banks and regulators from Southeast Europe (SEE)4 and international experts who met in Belgrade in December 2009 and in London in June of 2011 to draw lessons from the financial crisis, discuss international best practice in bank governance, and develop recommendations and action plans for the different countries in the SEE These firms were not traditional depository banks but, rather, part of the so-called shadow banking system that consists of nondepository banks and 1  financial entities, which at the time of the crisis were roughly equivalent in size to the U.S. banking sector and which played a critical role in lending. 2  Conclusions of the U.S. Financial Crisis Inquiry Commission, 2010. 3  G. Kirkpatrick, “The Corporate Governance Lessons from the Financial Crisis,� Financial Market Trends 2009/1 (OECD 2009). 4  Albania, Bosnia and Herzegovina, Bulgaria, Croatia, the former Yugoslav Republic of Macedonia, Montenegro, Romania, and Serbia. Corporate Governance for Banks in Southeast Europe Policy Brief 5 region.5 The main challenge that the group faced was understanding the differences between local and foreign banking markets and making recommendations that were specific to the circumstances and needs of SEE. SEE is clearly not Wall Street. SEE has very high foreign ownership of the banking system, the equities markets are small and emergent,6 and almost all banks are closely held. The corporate governance guidance promulgated by the OECD, the Bank for International Settlements (BIS), the International Corporate Governance Network, and others responds more directly to the needs of more developed countries. Even though their principles are globally sound, their application in the local context poses considerable challenges. The Policy Brief aims to help apply international best practice in the SEE context. Its recommendations build to a large extent upon the BIS Basel Committee on Banking Supervision (BCBS) Principles for Enhancing Corporate Governance (2010) and also upon the BIS Enhancing Corporate Governance for Banking Organizations (2006). These documents provide authoritative international guidance on corporate governance that is tailored to the circumstances of the banking sector.7 The Policy Brief is not intended in any way to substitute for such guidance. Rather it is intended to complement it and serve as a tool for highlighting those issues that are seen to be most germane to the region. It should also be understood that the Policy Brief makes recommendations that are on the policy level. It is not intended to be a detailed “toolkit� or set of instructions for supervisors or banks on how to achieve better governance. In many cases detailed guidance exists and should be consulted when implementing these policy recommendations. In other cases more detailed guidance may need to be developed. The larger chapter headings of the 2010 BIS Principles have been used to structure the Policy Brief. Following this introduction, Chapter II provides an overview of bank corporate governance in SEE. Chapter III looks at sound corporate governance principles for banks. Chapter IV discusses the role of supervisors, and Chapter V looks at how to promote a supportive environment for better governance. Some issues that are not developed in the BIS Principles, such as state ownership of banks and the role of banks in client governance, are treated in Chapter VI, “Additional issues.� The annexes contain additional information, including sources of guidance on bank governance, synopses of key Basel Committee statements on bank governance, and the results of a significant 2010–2011 European Bank for Reconstruction and Development (EBRD) study on banks in the SEE region. 5  Participants in the High Level Policy Meeting and in the ensuing discussions are listed in Annex A. Morningstar, “Diverging Opportunities in Emerging Europe� (2011). http://www.morningstar.co.uk/uk/markets/articles/96403/Diverging- 6  Opportunities-in-Emerging-Europe.aspx. Between 2008 and 2010, markets in SEE lost considerable value. The main index on the Sofia stock exchange collapsed from a peak of 1,950 points in March 2007 to a low of 260 points in February 2009, a fall of 87 percent. The performance of the larger and more liquid Romanian market saw an 80 percent drop in its main index. Synopses of both BIS documents are provided in Annexes C and D. For readers interested in a fuller understanding of international best practice in 7  bank governance, a complete reading of the BIS document is recommended. In addition, the OECD Principles for Corporate Governance and the OECD Guidelines for the Governance of State-owned Enterprises provide a broader, more comprehensive, but non-industry-specific view on governance practices. Also, the OECD-EBRD Policy Brief on Corporate Governance of Banks in Eurasia provides insight into the governance issues faced by banks in transition economies. Further important sources of guidance on corporate governance and the governance of banks are listed in Annex B. 6 Policy Brief Corporate Governance for Banks in Southeast Europe II. Overview of bank corporate governance in SEE The structure of the banking sector in SEE The banking sector in SEE differs dramatically from those of the United States and Western Europe. All of the countries in the region have stock exchanges, but the liquidity on these exchanges is, with some exceptions, very limited. Thus, businesses in most SEE countries are crucially reliant on banks to provide financing. The banking sector provides the single most important form of financial intermediation. Most of the local banks in the SEE region are classic deposit-taking and loan-making businesses. Most are quite small, and few are listed on local exchanges. They make little use of the sophisticated financial instruments that contributed to the financial crisis in more developed markets, and most risks are generated in the area of credits. Ownership structures are also different. SEE countries are all living with the consequences of their recent transition from central-control to market-driven economies, including a profound restructuring of the banking sector. In Serbia, for example, as recently as 2001, two-thirds of the banking sector was state-owned, with foreign ownership representing approximately 13 percent of banks. By the end of 2009, state ownership had declined to about 17 percent of total assets, with foreign ownership rising to 74 percent and approximately 9 percent in the hands of other private owners.8 The reform process occurred differently in each SEE country, but each had its own experience with privatization, a massive restructuring of the banking sector, and the rapid emergence of new banking institutions. State ownership is now low in most countries in the region (see Table 1). Table 1: State Ownership of Banks: Percent of Registered Capital Jurisdiction/Country 2007 2008 2009 2010 Albania 0.3 0.2 – – Bosnia and Herzegovina (Federation) 2.7 1.3 1.1 1.1 Bosnia and Herzegovina (Republika Srpska) – – – – Bulgaria* 0.4 0.6 1.3 1.9 Croatia 4.6 4.4 4.1 4.3 FYR Macedonia 1.4 1.2 1.4 2.3 Montenegro – – – – Romania 5.4 5.2 7.3 7.4 Serbia na 16.0 17.5 17.9 Source: Data from Banking Supervisors from Central and Eastern Europe, BSCEE Review 2010. http://www.bscee.org. *Percentage on the basis of total assets. Without doubt, the most striking feature of the banking sector in the SEE region is the level of foreign ownership. By 2009, an average of 87 percent of bank assets in the region was in banks with majority foreign ownership. These figures range from a low of 74 percent in Serbia to a high of 94 percent in the Federation of Bosnia Herzegovina (see Table 2). 8  R. Jelašic, “European Integration Challenges,� Speech at Belgrade Conference 2009. Corporate Governance for Banks in Southeast Europe Policy Brief 7 Table 2: Number of Banks and Percent of Registered Capital Foreign-owned % of registered capital Jurisdiction/Country Number of banks foreign-owned 2007 2008 2009 2010 2007 2008 2009 2010 Albania 16 16 16 16 93.9 93.9 93.3 92.1 Bosnia and Herzegovina 22 20 20 19 92.4 94.3 93.9 91.9 (Federation) Bosnia and Herzegovina 10 10 10 10 na 91.9* 91.1* 91.3* (Republika Srpska) Bulgaria 29 30 30 30 82.1* 83.9* 84.1* 80.7* Croatia 33 39 39 38 90.6 90.8 91.0 90.4 FYR Macedonia 18 18 18 18 85.9 92.7 93.3 92.9 Montenegro 11 11 11 11 79.0 85.0 87.0 88.0 Romania 31 32 31 32 87.7 88.2 85.3 85.1 Serbia 35 34 34 33 75.6 75.5 74.3 73.5 Source: Data from BSCEE Review 2009 and BSCEE Review 2010. http://www.bscee.org. *Percentage on the basis of total assets. Foreign banks typically entered the SEE region as strategic investors. They brought stability to the banking sector and a significant knowledge transfer from more developed markets. They also served to introduce good corporate governance practices, which they did by revamping the banks they acquired. Foreign banks also brought with them experience with home-country bank regulations. They typically complied with Basel II, International Financial Reporting Standards (IFRS), and, when listed, the stock exchange rules in their home markets. Because of accounting rules and prudential regulation, foreign bank subsidiaries were required to meet both their home requirements and those of local regulators. These home regulations were typically more stringent than local regulation, but, equally important, the banks had long experience in compliance. The foreign influx has not come without challenges. Foreign banks created considerable competition for domestic banks. They had easier access to funding, could finance larger companies, and had established products and services, procedures and systems, and economies of scale. For supervisors, having a great number of banks that followed a sophisticated external regulatory regime seemed to provide significant benefits in efficiency, security, and application of best practice. However, during the crisis, news from abroad worried some regulators, who saw that local bank strategy was controlled from abroad, and that they had limited control over foreign group entities. The crisis The 2007 crisis came as an exogenous shock to SEE. At the time, one of the fears was that international banking groups would withdraw from the region. Given their overwhelming importance to the local banking sector, their departure would have triggered a systemic banking crisis with ensuing damage to the real economy. Fortunately, these fears were met by a strong national and regional response. A key factor in stabilizing the banking sector on the regional level was the European Bank Coordination Initiative (EBCI), the so-called “Vienna Initiative� that was launched at the height of the financial crisis when banks were trying to take as much liquidity out of the region as possible. EBCI was designed to provide a 8 Policy Brief Corporate Governance for Banks in Southeast Europe framework for coordinating crisis management and Foreign Ownership crisis resolution. It brought together public and private sector stakeholders of EU-based banking groups Our banking market is pretty much owned “ present in emerging Europe, including international by banks from the European Union.� institutions (the International Monetary Fund, the Donka Markovska, FYR Macedonia EBRD, the European Investment Bank, and the World Bank); European bodies (the European Commission Such a large level of foreign ownership “ and the European Central Bank); home- and host- represents a potential risk since strategic country regulatory and fiscal authorities; and the largest decisions are being made so far away banking groups operating in the region. from monetary authorities.� The goals of the Vienna Initiative were to 1) prevent a Kemal Kozarić, Bosnia and Herzegovina large-scale and uncoordinated withdrawal of cross-border bank groups; 2) ensure that parent bank groups publicly Home country supervision of foreign “ commit to maintaining their exposures and recapitalize subsidiaries is no longer the reassuring their subsidiaries; 3) ensure that national support thing that many thought it was before the packages of cross-border bank groups benefit their crisis erupted.� subsidiaries in emerging Europe and avoid a home bias in dealing with Europe’s banks; and 4) strengthen cross- John Plender, United Kingdom border regulatory cooperation and information sharing. Though not perfect, it was able to achieve its goals.9 The timely response of national banking supervisors and central banks also contributed to maintaining liquidity and stability in the system. SEE regulators had learned from experience; the banking system had already suffered a strong financial crisis in the mid-1990s when many banks went bankrupt. As a result, bank supervision was placed on a new and more solid ground. New methodologies were developed and implemented for offsite and onsite inspections. Regulatory demands became stronger, and regulatory indexes and ratios were set at higher levels than those of the EU. This ensured considerable reserves in the banking system, which would become a powerful tool for overcoming difficulties in 2007. In the end, the SEE banking sector weathered the crisis well because of the Vienna Initiative, the firm commitment of foreign parents, and domestic regulatory responses. Nevertheless, foreign capital inflows did decline, and confidence in the financial system was shaken. The high credit growth, experienced before the crisis, slowed and there was a contraction in credit activity, which had implications for the recovery of the real economy. Most worryingly, the deterioration of economic conditions caused problem loans to grow. It is important to note that the crisis affected different types of banks differently. Among foreign-owned banks, there was little perceptible impact on local operations, even if some well-known names suffered significant problems in their head offices and were required to cut back on the local operations of their subsidiaries. Nevertheless, foreign investors clearly stood ready to back up their banks. Similarly, the few state-owned banks tended to be well-capitalized and had access to government support. In some countries problems arose in locally owned banks with small private shareholders. These banks were smaller and had weaker corporate governance and less-developed systems of control. Some of those with a limited number of liquid shareholders were able to receive additional capital. However, those with more dispersed ownership were unable to impose upon small shareholders to provide additional financing in bad times.10 EBRD, “Vienna Initiative—moving to a new phase� (May 2011). http://www.ebrd.com/downloads/research/factsheets/viennainitiative.pdf. 9  Romania may be an exception. At the central bank’s (National Bank of Romania) recommendation, in view of the results of stress- 10  test exercises, credit institutions’ shareholders further strove to increase their own funds so that the 10 percent solvency threshold was complied with by the banking system as a whole and by each individual entity. Source: NBR Annual Report 2009. Corporate Governance for Banks in Southeast Europe Policy Brief 9 Implications The crisis in SEE was not a crisis of governance. The crisis came from outside. Helping SEE weather its impact were the absence of easy credit, the nature of the banking business, the limited use of financial instruments, and foreign ownership. However, the lesser severity of the crisis in SEE, compared with certain more developed markets, should not lead to complacency; improved corporate governance remains an important objective for the growth and development of the financial sector and the real economy. Since SEE markets are dominated by subsidiaries of The Need for Tailored Responses foreign banks, the focus of attention needs to be on the governance of cross-border groups. This is In our small countries it is very difficult to “ a complex issue, involving group law, supervisory implement sophisticated and technologically concerns, crisis resolution, and burden sharing, to demanding best practice. In the area name a few. For locally owned banks, there is a need of corporate governance we face the to focus on the basics of good governance, the bread- issue of high costs, very complicated and-butter topics of boards, related-party transactions, management structures, a shortage of related lending, and protection of stakeholders. human resources….We need to look for a Tailored responses are needed. In SEE it may be specific solution for small countries such difficult, and in certain cases even counterproductive, as ours. We need to create a less costly and to implement sophisticated and technologically less complicated regulatory framework.� demanding best practice. On the other hand, Ljubiša Krgovic, Montenegro postponing the implementation of sophisticated and technologically demanding best practices could It is very important that we bring changes “ potentially deepen the gap between SEE and more that are in line with the stage of development advanced banking countries. The best approach may of the market. It is good for these banks and be a gradual but determined implementation of best these markets to start learning the examples practice. of the more developed countries. The problem Regarding regulation, it is important that it be in line is how to adjust those rules that are, in terms with the corresponding stage of development of the of the legal environment, rather different.� market. In the area of corporate governance, SEE Belgrade Conference 2009 regulators face the challenges of high costs, limited capacity, complicated oversight structures, and the need to integrate with international practice. SEE regulators need a less costly and less complicated regulatory framework. Future efforts to improve governance should help SEE banks come into line with international practice while, at the same time, not slavishly mimicking the practices of other financial markets for the sake of compliance. 10 Policy Brief Corporate Governance for Banks in Southeast Europe III. Sound corporate governance principles11 A. Board practices12 A well-trained, professional, and dedicated board is the most effective means to ensure sound bank governance. It is also broadly accepted that a professional board can be a key contributor to bank performance. As a consequence, most countries in the region view the improvement of board practices as a key policy goal. Most countries in the region have two-tier board structures (a supervisory board and a management board), with two countries allowing banks to choose and one country (Montenegro) requiring one-tier boards (see Table 3). In this Policy Brief, references to “board� under the two-tier structure are to the supervisory board.13 Table 3: Board Structures of SEE Banks13 Albania Two-tier Bosnia and Herzegovina (Federation) Two-tier Bosnia and Herzegovina (Republika Srpska) Two-tier Bulgaria Option to choose one-tier or two-tier Croatia Two-tier FYR Macedonia Two-tier Montenegro One-tier Romania Option to choose one-tier or two-tier Serbia Two-tier14 Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Among domestically owned banks, there may be some Substance Over Form confusion about the different roles of supervisory boards versus management boards, and supervisory board com- For most countries boards still exist here “ mittees versus operational committees. In some cases, purely as a necessary legal requirement bank boards appear to be more directly involved in opera- and not as a competitive advantage for tional management than best practice would suggest. In a company.� other cases, executives view their operational committees Leonardo Peklar, Slovenia as fulfilling the same function as (and substituting for) a committee of the supervisory board. Banks need to be Very seldom is the substance discussed over “ aware of the differences between operational and board the form. At the level of the subsidiary in committees, and there may be a need for some clarifica- unlisted companies, it is only hard law.� tion in law, regulation, and practice.14 London Conference 2011 11 BCBS, Principles for Enhancing Corporate Governance (Bank for International Settlements, 2010) (hereafter cited as 2010 BIS Principles), Section III, p. 7. 12  2010 BIS Principles, Section III A, p. 7. EBRD, Corporate Governance Assessment of Banks (2010–2011). A more detailed description of the laws determining board structures can be found 13  in Annex E.1. The Law on Business Entities allows joint-stock companies to choose between one-tier and two-tier structures. Banks are regulated by the Law on 14  Banks, which provides for a two-tier governance system. Corporate Governance for Banks in Southeast Europe Policy Brief 11 A1. Responsibilities of the board15 The principal tasks of the board are to appoint and dismiss management and to approve and oversee bank strategy and monitor its implementation. More specific tasks (sometimes exercised within specialized committees) involve setting the basic direction of, approving, and overseeing, among others, risk strategy and risk tolerance; risk management and compliance; Management versus Supervisory Boards internal systems of control, including internal audit; the corporate governance framework; and the We start to become confused when we get “ compensation system.16 Though boards have many regulatory requirements that refer to ‘board’ tasks, the essential precept of corporate governance is and are not clear about which board.� that the board carries overall and ultimate responsibility Oliver Whittle, Albania for the bank’s performance. At the same time, it should be clear that boards are not responsible for operations and day-to-day management, which are the sole responsibility of bank executives. There are really two different types of boards in SEE countries: boards of domestic banks and boards of the subsidiaries of international banking groups. Though the laws that govern their establishment and operation are usually the same, these two types of boards differ in their functions and in the challenges they face. As a consequence, the Policy Brief recommendations for domestic bank boards and for the boards of subsidiaries of banking groups are different. Many domestic SEE boards were established purely to comply with regulatory requirements; some could be viewed as control bodies designed to monitor legal compliance rather than to add value to bank operations. In some cases, domestic bank boards developed excessively close relationships with management, allowing management to act with limited oversight. Similarly, the boards of foreign subsidiaries were at times established as formalities. Meetings were infrequent, only in response to law or regulation, or their focus was on implementing decisions from the home office. Additionally, some subsidiary boards have little understanding of the local environment, because board members are executives flown in from the home office. At times, their contact with and understanding of the region is limited. These individuals can control the local subsidiary but may not understand the local culture or Board Responsibility Toward Stakeholders the local business environment. The particular situation of subsidiary boards in group structures is discussed in I think corporate governance for banks is “ Section III.A.7, below. not just dedicated to protecting the interests For the boards of domestic banks, a better of minority shareholders. However, there understanding of the role and responsibilities of is this interest of depositors as stakeholders, the board is probably the most serious challenge to which must be guaranteed by the law, by better bank governance. Irrespective of whether it is regulators, but also within the board.� a domestic bank or a subsidiary of a group holding, Gian Piero Cigna, Italy board members need to understand the basic fiduciary duties that they owe to the bank.17 The duties of care and loyalty are primary. 15  2010 BIS Principles, Section III.A, p. 7. 16  For a more detailed description of board responsibilities, consult the documentation of both the BIS and the OECD. OECD, “Policy Brief on Corporate Governance of Banks in Asia�, (Asian Roundtable on Corporate Governance, June 2006). 17  www.oecd.org/dataoecd/48/55/37180641.pdf 12 Policy Brief Corporate Governance for Banks in Southeast Europe The duty of care requires that board members exercise reasonable care, prudence, and diligence in their oversight of the bank. The practical implications of this duty are that board members are expected to satisfy themselves that decision-making structures and reporting and compliance systems are functioning properly, and that an external independent auditor is appointed and acts in an objective and independent way. On the other hand, the duty of loyalty requires an undivided and unselfish loyalty to the bank and demands that there be no conflict between the board member’s self-interest and his or her duty to the bank. The practical implication of the duty of loyalty is that board members are required to act in the interest of the bank and refuse any action, or to take part in any deliberation, in which they have a conflict of interest with the bank. An implicit obligation of both duties is that board members are to maximize the long-term value of the bank for shareholders.18 Generally speaking, the fiduciary duties that require board members to act in the best interests of the bank imply that that they also take into account the interests of stakeholders, depositors in particular, and act responsibly toward them. To do otherwise implies putting the bank at risk. Recommendations: Roles and responsibilities of the board: SEE boards should have a clear understanding of their role and exercise sound and objective judgment. The legal framework should make it clear that the board has overall responsibility for the bank, including approving and overseeing the bank’s strategy, budget, risk appetite, and corporate governance. The role, responsibilities, and specific tasks of boards are well-documented in international best practice. Boards and supervisors need to be well-versed in international best practice. Oversight of management: To perform its role, the board should have the authority to select and, when necessary, replace senior management. A clear line of accountability should exist between board and management. Duties of board members: The duties of loyalty and care, as well as the specific roles and responsibilities of board members, should be clarified in (internal and external) rules and regulations and should be clearly communicated to board members and executives. The duties and obligations of supervisory board members should be covered by induction training, supported by development programs offered, for example, by institutes of directors, and should be made explicit in the employment contracts with the bank and set out in clear terms of reference. Personal responsibility of board members: Board members are responsible for overseeing the bank, including its compliance with the law. Board members must be aware that they may be personally liable if there is fraud or if they act negligently or in breach of trust. Insurance may protect board members against the financial consequences of such a finding. Guidance on board practices: Sufficient guidance on board practices should be available. Minimum standards are typically set in law, while best practices are generally set in voluntary codes. Boards should inform themselves and be aware of what is expected of them and what standards they are expected to comply with. Recommendations specific to boards of subsidiaries operating within group structures are found below in Section III.A.7. A number of papers discuss the fiduciary duties of directors towards depositors and equity-debtholders. In particular see: 18  Jonathan R. Macey and Maureen O’Hara, “The Corporate Governance of Banks,� Federal Reserve Bank of New York, Economic Policy Review (April 2003). http://www.newyorkfed.org/research/epr/03v09n1/0304mace.pdf. Bo Becker and Per Stromberg, “Fiduciary Duties and Equity-Debtholder Conflicts�, Harvard Business School (Working Paper 10-070 - November 30,2011). www.hbs.edu/research/pdf/10-070.pdf Office of the Comptroller of the Currency, “The Director’s Book�, US Department of The Treasury (October 2010). http://www.occ.gov/publications/ publications-by-type/other-publications-reports/director.pdf Corporate Governance for Banks in Southeast Europe Policy Brief 13 A2. Qualifications19 Board Qualifications Bank boards should be sufficiently qualified to enable A good board is made up of different talents, “ them to effectively fulfill their responsibilities and respond and can collectively control all relevant issues.� to the needs of the bank. Skills that all bank boards need Christian Strenger, Germany include experience and expertise in finance, accounting, lending, bank operations and payment systems, Competencies are most important, and “ strategic planning, communication, governance, risk regardless of who the people are, if they management, internal controls, bank regulation, auditing, are competent they will do their job.� and compliance. Knowledge of the business and political environment and legal issues is also important. At times, Belgrade Conference 2009 boards may need further specialist skills, depending on immediate circumstances, such as experience in mergers and acquisitions. Skills need not be present in all individual board members, but they should be present collectively within the board as a whole. The qualifications and skills of board members in SEE could stand to improve. Knowledge of domain-specific issues, such as finance and banking, and of technical issues, such as accounting, risk, and controls, could be strengthened, as could knowledge of issues such as corporate governance. SEE boards do not generally evaluate the appropriateness of the mix of skills in their own structure against the strategy and the board performance, and thus they are typically unaware of the gaps in their knowledge or of the skills they might be missing. SEE chairpersons may be instinctively aware of an area of weaknesses, but they do not generally proactively address skills gaps by training or by actively searching for new, more qualified board members. (Training issues, including the role of chairpersons in promoting the development of board members, are discussed in Sections III.A.3 and III.A.5, below. Board performance evaluations are discussed in Section III.A.8. Each of these issues merits greater attention for enhancing board performance.) Recommendations: Qualifications of board members: SEE boards should upgrade their qualifications and skills. The skills that are required on a board are well-defined under international best practice; these skills need to be more present locally. Increasingly, boards are seeking to strengthen themselves by finding domain-specific knowledge, particularly board members who are risk specialists. The skills needed on a bank board should be described in a general sense in regulation, and more specifically in the form of board-member job descriptions at the bank level, as well as in bank internal documentation. A formal gap analysis of the board can help flesh out the skills that are needed. (See Section III.A.8, below.) Intangible qualities: Having qualified board members is clearly a key objective. However, a mechanical listing of and search for individuals with desirable attributes may lead to “box ticking� and possibly the erroneous conclusion that a board is competent because it boasts qualified individuals. The function of a board is equally determined by intangible qualities such as leadership and capacity for teamwork. Both banks and supervisors need to be aware of the importance of intangible factors in board performance—and focus on outcomes over checklists. 19  2010 BIS Principles, Section III.A, p. 10. 14 Policy Brief Corporate Governance for Banks in Southeast Europe A3. Training20 The Need for Education and Training Finding board talent is hard enough in countries with We would like to recommend to the “ long traditions of professional board governance. The banks and the regulators training task is even harder in SEE, where the local banking courses for executives and non-executive sector has been in a stage of rapid development and directors, because this was a crisis where opportunities to learn from experience have of knowledge and competence.� been limited. Training is the principal solution to this Bistra Boeva, Bulgaria dearth of knowledge. Most SEE board members need additional training to become fully effective. Training can be divided into two broad categories: 1) induction training; and 2) ongoing training. Induction training is the most commonly provided learning opportunity for board members. It is, in fact, less a training exercise than an introduction to the bank. It usually includes visits to bank sites, briefings from bank executives, and the provision of information manuals and other documentation. Induction training helps board members get up to speed quickly. In all likelihood, induction training will not help board members fill gaps in their qualifications but it is essential for getting an understanding of the key players and structure of the bank. More specific ongoing training opportunities are typically needed to respond to the needs of banks. For example, training in risk management, finance, accounting, and other topics may provide important bank-specific skills, and more technical knowledge of corporate governance practices and the roles and responsibilities of board members would also be useful. In the area of governance, board members need to develop a better understanding of why conflicts of interest are bad, and they need to learn how to be more assertive, more independent, and more articulate. Although such basic knowledge and skills may be widely available in developed financial markets, they tend to be less prevalent in markets in earlier stages of development (see Chart 1). Chart 1: Requirements for and Monitoring of Training and Induction in SEE Do supervisory authorities require and/or monitor the induction and training of new directors? NO YES 0 10% 20% 30% 40% 50% 60% 70% 80% Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to regulators in the region. How to provide the needed training is a major challenge. Institutes of directors can provide training in areas that are of importance to the region, such as risk management, internal control, and internal audit, and they can play an important role in creating a pool of competent board members, as can academia, 20  2010 BIS Principles, Section III.A, p. 10. Corporate Governance for Banks in Southeast Europe Policy Brief 15 bankers’ associations, and other institutions. Since institutes of directors are themselves in various stages of development in the region, there may be some role for governments to encourage and promote such training efforts. And it is important not to overlook the responsibility of the chair in strengthening the human capital of the board; without the proactive leadership of a chairperson, it is unlikely that board members will seek out further training opportunities themselves. (See Section III.A.5, below, on the role of the chairperson.). Recommendations: Training: Training for board members: Training opportunities need to be enhanced. All banks should develop a plan for induction training and make such training mandatory. This training should orient new and existing board members on bank processes, forms, reports, organization, and so on—the internal workings and reporting processes of the bank. The board should be attentive to ongoing and postinduction training opportunities provided by institutes of directors, governments, international financial institutions, academia, and others. Role of the chairperson in board development: The chairperson of the board should ensure that new board members receive a full, formal, and tailored induction upon joining the board. The chairperson should also regularly review and reach agreement with each board member regarding individual training and development needs. (See recommendations on the role of the chair in Section III.A.5, below.) Role of board members in their own development: Board members should recognize that learning is a way of creating long-term value both for themselves and for the bank. Though banks may stop short of creating mandatory training requirements, they may issue strong encouragement for board members to engage in learning activities when good opportunities present themselves. A4. Composition21 The Importance of Character and Competence Defining the needed profile It is the people, not the bodies, who run “ The composition of the board fundamentally the shop. My focus would be on board determines its effectiveness. Effective boards have composition. I would really underline the diversity, different backgrounds, and a multiplicity of individual characters of people. skills and opinions. By contrast, overly homogeneous People have different kinds of appetite boards can breed narrow thinking or “groupthink� and for risk according to their gender, age, can pose a serious governance risk. culture, background, and so on. These are Diverse skills and backgrounds need to be the kinds of issues that you might want to complemented by personal qualities such as integrity. consider when building up a board.� Board-member integrity can be established through Olli Virtanen, Finland probity or “fit and proper� tests as conducted by the FSA (Financial Services Authority) in the United Kingdom.22 Some countries, such as Bulgaria, conduct When we focus on the qualifications of “ such tests and require preapproval by the supervisor of the directors, the ‘fit and proper’ rules, board members or executives. we should not just look at the negative criteria — that they should not have a criminal record, they should not have done this, that or other things. We should really 21  2010 BIS Principles, Section III.A, p. 10. look at what the director is there for.� FSA, “The Fit and Proper Test for Approved Persons� (January 2004). 22  http://www.fsa.gov.uk/pubs/hb-releases/rel27/rel27fit.pdf. Gian Piero Cigna, Italy 16 Policy Brief Corporate Governance for Banks in Southeast Europe Tests for integrity are needed. However, probity tests have Behavioral Issues and Group Dynamics their limitations, principally because they work through a You find that foreigners talk too much and “ process of exclusion based on a series of negative criteria. the locals do not talk. That creates tension. They do not establish what is needed or test for other It does not just have a neutral effect; it is bad important behavioral characteristics of board members. dynamics on the board.� Behavioral characteristics include, for example, capacity for leadership, ability to work on a team, and ability to Dragica Pilipovic Chaffey, Serbia receive and provide constructive criticism. In SEE, few banks have a clear notion of what skills are required on the board or have a formal job description for the needed board member. Nor do they publish such job descriptions or disclose why board members have been selected for their posts. Independence Best-practice boards have the capacity to make objective and unbiased economic decisions. Objective and unbiased judgment is also necessary to protect the bank and its shareholders from the possible negative effects of conflicts of interest. The way boards typically achieve these goals is by having independent board members. Typically, there are three classifications of board members: 1) executive, 2) nonexecutive, and 3) independent.23 A sufficient number of nonexecutive and independent board members is the way to achieve considered and objective decision making. Independence and the capacity for independent judgment are particularly important on the audit, remuneration, and nominations committees of the board, because these three committees are tasked with overseeing issues where the potential for a conflict of interest is particularly acute. Best practice usually suggests that audit and remuneration committees be staffed fully by independent board members, and nominations committees be staffed in majority by independent board members. (A further discussion of board committees is found in Section III.A.6, below.) Chart 2: Independence of Boards in SEE Banks What percentage of your board is independent according to applicable legislation, banking regulation, and/or governance codes? no independent directors less than 30% 30% to 50% more than 50% 0 5 10 15 20 25 30 35 40 Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to regulators in the region. Definitions of independence vary in SEE legislation (see Background Box 1, below). According to international best practice, 23  nonexecutive board members may or may not be independent. Executives are never considered independent. Corporate Governance for Banks in Southeast Europe Policy Brief 17 The introduction of independent board members on SEE boards has met with significant challenges (see Chart 2). Though regulators and supporters of good governance have promoted greater independence, the value and effectiveness of independence is widely questioned. Among domestically owned banks, skepticism exists principally because SEE banks tend to be closely held and run by owners, making the classic governance problem of information asymmetries between managers and owners less acute. Furthermore, independence is often a matter of form Independence over substance. Independent board members are often former ministers or lobbyists, or they represent Director independence is almost nonexistent.� “ political bodies, rather than being professionals who Belgrade Conference 2009 have an independent view on the activities of the bank. On paper, such board members may appear to fit Formal independence alone does not do “ definitions of independence, but a closer examination the trick.� of their backgrounds usually shows that they do not Christian Strenger, Germany actually contribute to the goals of independence. Another challenge to independence is the level of board-member remuneration. When board members receive too much of their remuneration from a particular board, they are less likely to stand up to management. Even remuneration that appears modest in the eyes of foreigners can be sufficient to influence a local board member’s objectivity. Many SEE board members will receive board fees that exceed their regular monthly salary and will depend on those fees and other benefits that come with board membership. Ultimately, a prerequisite for effective independent board members is owners and chairpersons who are open to constructive criticism and debate. To the extent that board leadership is not willing to embrace open dialogue, the value of independent board members cannot be fully tapped. Such openness may be a tall order. Nevertheless, a strong argument can be made in favor of some level of independence on bank boards, even though independence may be uncomfortable for some. Another argument for independent board members is that independence helps monitor the interests of stakeholders. Even though stakeholder interests are typically guaranteed by regulation and law, best practice suggests that monitoring stakeholder interests is also a function of the board.24 Having a minimum number of independent board members may help banks be more attuned to the needs of depositors and the local community, and it could have an important reputational effect. Requirements for independence in SEE are shown in Background Box 1. 24  See OECD Principles of Corporate Governance. “It [the board] should take into account the interests of stakeholders.� 18 Policy Brief Corporate Governance for Banks in Southeast Europe Background Box 1: Legal Requirements for Independence in SEE Banks Albania In Albania, Article 35(4) of the Law on Banks requires that “At least one-third of the members of the Steering Council shall be composed of individuals that . . . are not connected through private interests . . . with the bank, shareholders that control the bank or its executive directors.� There is no requirement that these “independent� members sit on board committees, members of which can be outsiders (not board members). Bosnia and Herzegovina In both entities of Bosnia and Herzegovina, the Law on Banks requires members of the “audit board� to be independent from the executives of the bank.25 Audit boards are special structures that have a different legal status from audit committees of the board as typically understood under best practice.26 Members of the audit boards can be outsiders (not board members). Bulgaria In Bulgaria, there is no requirement for the appointment of independent directors of banks that are not publicly listed. The three largest banks are subsidiaries of EU banks that are publicly listed and whose governance policies are determined by group practice. In general, the presence of independent, nonexecutive board members is the exception rather than the rule. Croatia In Croatia, few banks have independent board members. The requirement to have at least one independent board member on the supervisory board entered into force on January 1, 2010, and it is expected that compliance will improve in the future. FYR Macedonia In FYR Macedonia, Article 88(2) of the Banking Law requires that one-fourth of the board be independent (outsiders).27 The same law requires the majority of the members in the auditing committee to be elected from the members of the supervisory board, and “the other members shall be independent members.� The auditing committee is therefore made up of a minority of members who do not sit on the supervisory board. Montenegro In Montenegro, Article 30 of the Law on Banks, requires that at least two board members be independent from the bank. “Independent from the bank� means a person that 1) has no qualified stake in the bank or the parent company of the banking group to which the bank belongs; and 2) in the previous three years has not been employed in the bank or its subsidiary company. Article 39 of the same Law, requires the audit committee to be made up of at least three members, the majority of whom are not connected to the bank and have experience in finance. Article 76 of the Law on Banks of Republika Srpska and Article 32h of the Law on Banks of the Federation of Bosnia and Herzegovina provide that the 25  “Chairman and members of Audit Board may not be appointed from the group that includes the Chairman or members of Supervisory Board and must not be members of Management or staff within the bank, nor may he/she have direct or indirect financial interest in the bank, except for the compensation based upon conduct of that function.� 26 Ibid. According to Article 2(27) of the Banking Law, “Independent member� is “a natural person and natural persons connected thereto, who: is not 27  employed or a person without special rights and responsibilities in the bank (i.e., a member of the Supervisory Board, member of the Board of Directors, member of the Auditing Committee, member of the Risk Management Committee and other managers as defined by the Statute of the bank. In the case of a foreign bank branch: is a natural person managing the branch; is not a shareholder with a qualified holding in the bank or does not represent a shareholder with a qualified holding in the bank; does not work, or has not been working in an audit company over the last three years, which at that time audited the operations of the bank; and has no financial interest or business relation with the bank in an amount exceeding Denar 3,000,000 annually, on average, over the last three years.� Corporate Governance for Banks in Southeast Europe Policy Brief 19 Romania In Romania, Regulation No. 18/2009 requires the establishment of board-level audit committees responsible for supporting the board in “fulfilling its internal audit duties.� According to the regulation, “audit committees shall be comprised, in majority, of members of the bodies having supervisory functions that are independent of management—under a unitary board structure—and have a firm understanding of the role of this committee in the internal audit function.� Directors’ independence is still a major issue in Romania, because the Companies Act (Law No. 31/1990, as revised) provides this requirement as optional and not mandatory. To cover this gap, the Bucharest Stock Exchange Corporate Governance Code strongly recommends that: “An adequate number of non-executive directors shall be independent....� (Principle VII). Serbia In Serbia, banking regulation requires that at least one-third of members of the board of a bank shall be independent of the bank. A person not holding direct or indirect ownership in the bank or in the banking group is considered independent. Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Subsidiary boards Since the banking sector in SEE is dominated by foreign banks (see Table 2, above, for levels of foreign ownership), questions arise regarding the governance of cross-border groups and, in particular, requirements for independent board members in subsidiaries. Another important issue is the presence of subsidiary board members with local experience. In practice, wholly owned foreign bank subsidiaries have boards that are dominated by insiders. Such boards may, for example, consist of seven people, five of whom are executives from the parent bank, with the local chairperson being the chief executive officer or deputy chief executive officer of the parent bank. In addition, there may be two nominally independent people, or external members of the board. In all jurisdictions in the region boards of subsidiaries are held to the same independence requirements as their parents. Some parties argue that this is not appropriate. However, SEE subsidiary boards could stand to be strengthened. There is a view that both subsidiary boards and subsidiary board committees (in particular, the audit committee) need to have some level of independence. Independence on subsidiary boards is expected to protect local stakeholders and enhance the governance function for the parent.28 In addition, subsidiary boards are expected to benefit from the presence of board members with local expertise. The costs of better governance always need to be considered in conjunction with the anticipated benefits. To avoid excessive burdens, there could be a requirement for systemically important banks, to have independent board members, independent audit committees, and local board members. (A further discussion of group structures is found in Section III.A.7, below.) In particular, the Basel Committee’s Principles for enhancing corporate governance (2010) states, “The board of a regulated banking 28  subsidiary should retain and set its own corporate governance responsibilities, and should evaluate any group-level decisions or practices to ensure that they do not put the regulated subsidiary in breach of applicable legal or regulatory provisions or prudential rules. In order to exercise its corporate governance responsibilities independently, the board of the subsidiary is expected to have an adequate number of qualified, independent non-executive board members, who devote sufficient time to the matters of the subsidiary.� 20 Policy Brief Corporate Governance for Banks in Southeast Europe Capacity issues The Tradeoff between Qualifications and Independence Finally, competent independent board members are not easy to find in SEE. The gravity of the problem is I should address whether independence is “ illustrated in Croatia, where only about 40 candidates more important than qualifications. They are might come under consideration. What is more, the need for independent board members is high, not the opposite. The fact that we can oppose since best practice suggests that half the board be independence and qualification means only independent and that key committees such as the audit that we do not have enough candidates.� committee be fully staffed by independent members. Patrick Zurstrassen, Luxembourg These conditions make it unlikely that banks could comply with best practice in the short term. Many banks would like to have members who are independent, but who also have the needed technical know-how, contacts, and banking experience. The combination of these characteristics is rare, and when forced to make a choice, banks tend to prefer experience and competence over independence. This being said, there are questions regarding whether the efforts to find qualified independent board members in the SEE region are sufficient, whether only the usual group of individuals are being considered, and whether criteria and search efforts need to be broadened. Recommendations: Board composition: SEE banks should focus on getting the right people on their boards. The board should have the essential qualifications that are listed in Section III.A.2, above. Boards must have members with banking experience, as well as individuals capable of objective thought. Probity tests should be applied, but they should be complemented with an assessment of needed skills and behavioral characteristics of board members. A diversity of skills and backgrounds is important, including gender and international diversity. Banking boards should not be “constituency boards,� that is, composed of individuals who represent the interests of a particular stakeholder group or constituency; they should be professional boards. Stature of subsidiary boards: Some boards of local banks that are important for the local economy are staffed by middle-level management of the international group. These board members do not necessarily have the banking experience that a significant institution in the local economy requires. Board members need to have the stature and experience commensurate with the importance of the subsidiary in the local economy. Local expertise is useful on subsidiary boards. Board evaluation and gap analysis: To understand its needs, a bank should conduct a gap analysis to identify gaps between the mix of skills present at the board and the skills needed, considering the business of the bank and the board’s oversight duties. Typically part of a full performance evaluation of a board, a systematic gap analysis should establish, for example, whether the board has risk management skills, members who understand political issues, industry experience, banking experience, and so on, and show where the existing skills mix needs to be adjusted to help the bank achieve its strategic objectives. Gap analysis is useful preparation for drawing up job descriptions for board members. Boards also often find it helpful to conduct gap analyses in conjunction with board evaluations and performance-improvement plans. (For more on performance-improvement plans and evaluations, see Section III.A.8, below). Fit-and-proper tests: A robust system for fit-and-proper vetting may be useful. However, preapproving each board member may miss the spirit of such a policy by encouraging a mechanical box-ticking approach. One solution may be to enforce more third-party checks, such as board evaluations, that might raise concerns about proper board function. Corporate Governance for Banks in Southeast Europe Policy Brief 21 The value of independence: The value of an independent view of bank affairs needs to be better communicated. Independent board members bring fresh ideas and increase objectivity. Some level of independence will benefit independence-minded owners of closely held banks. Independent board members can also demonstrate commitment to depositors and other stakeholders and help instill trust. Qualifications of independent board members: Independent board members need to bring needed skills to the bank. If independent board members are to sit on board committees, they should be required to have specific expertise and background to effectively fulfill their responsibilities. Job descriptions for independent board members would help define the required background. Definitions of independence: Better and more simple definitions of independence are required. Current definitions are long checklists of negative characteristics that disqualify a board member from being labeled as independent. Checklists are often popular with supervisors, because they are simple to use. Although checklists ensure consideration of a certain number of key factors, they are poor at flushing out important qualitative factors. Definitions should describe the qualities that are needed and not just those that are to be avoided. An overly narrow and negative definition of independence can result not only in the selection of poor board members but also in the loss of valuable talent. The Basel Committee provides a simple working definition of independence: “The key characteristic of independence is the ability to exercise objective, independent judgment after fair consideration of all relevant information and views without undue influence from executives or from inappropriate external parties or interests.� Furthermore, the Basel Committee task force for the new corporate governance principles has reduced emphasis on prescribing independence for individual independent board members and focused more on ensuring that the collective board is objective, qualified, and so on, thus allowing a good mix of experience as well as inclusion of individuals that may not meet the letter of the independence definition. Letting the markets decide on independence: Competitive pressures should be allowed to create demand for independence. However, sometimes board members may be threatened by or afraid of change. So a minimum of independent board members may need to be legislated to get the idea started. The number of independent board members should be disclosed to allow the public to assess the potential risks associated with an absence of independence. Independence on boards of subsidiaries: It is not desirable to prevent owners of wholly owned foreign subsidiaries from determining the specific composition of their supervisory boards, though some level of independence on the boards of foreign subsidiaries is considered to be beneficial. The committees of subsidiary boards, in particular the audit committee, could benefit from the presence of independent board members. Consideration should be given to mandating a minimum level of independent board members for subsidiary boards. This may be particularly important if the foreign subsidiary is among the top banks within the country. 22 Policy Brief Corporate Governance for Banks in Southeast Europe A5. Role of the chair29 The Need for Strong Board Leadership The chair of the board plays a crucial role in the governance of the bank. A good chairperson can bring If push comes to shove, and you asked “ out the talents of board members and provide the me to choose between financial industry leadership and context necessary for board members expertise and leadership skills, I would to contribute. A bad chairperson can stifle debate and say go with leadership skills.� hamper the board in achieving its objectives. One of Catherine Lawton, United Kingdom the most important responsibilities of the chair is to set the board agenda and ensure that important decisions are subject to proper discussion and examination. More specifically, the chair’s responsibilities are to ensure that 1) the board receives accurate, timely, and clear information from management to enable the board to make sound decisions; 2) sufficient time is allowed for discussion of complex or contentious issues; 3) constructive debate and criticism flourish; 4) effective communication with board committees occurs; 5) induction and other training opportunities exist; 6) the performance of the board is evaluated at least once a year; and 7) plans are made for strengthening the board and bank governance. SEE chairpersons may not fully appreciate some of these general and specific responsibilities that contribute to the sound governance of the bank. They tend, understandably, to be more focused on performance issues. However, governance ultimately influences bank performance by affecting the quality of decision making at the board level. More progressive and forward-looking board leadership is a key to improving bank governance. The need for leadership may be particularly important in boards of subsidiaries of foreign groups, where the work may focus narrowly on implementing directions from the home office. Best practice increasingly suggests that the roles of chief executive officer and chairperson be separated or that other means be found to provide an appropriate counterbalance to the powers of the executive. In countries with two-tier boards, the roles should be separate by definition, since executives should not sit on supervisory boards. In countries where single-tier boards exist, there is continued discussion on whether the roles of chairperson and chief executive officer should be separated. The argument in favor of combining the two is that it provides a better understanding of the operational issues at board level, fewer decision-making hurdles, better integration of strategy and tactics, and clearer direction. The arguments against are that it is hard for other board members to challenge a powerful chief executive officer who is also chairperson, independent board members can be intimidated and neutralized, and the evaluation of board and executive performance becomes biased. In the end, the argument for is based on the notion that there is an irreconcilable conflict between the roles of monitor and executor. In SEE, the chair of foreign subsidiaries are usually executives from the home office of the bank. So, in effect, there is a separation of the roles of chairperson and chief executive officer among the vast majority of banks, though such separation does not automatically guarantee sufficient control of the executive. Among locally owned banks, the chair is often the major shareholder or the major shareholder’s representative, and the roles of chair and chief executive officer may be combined. 29  2010 BIS Principles, Section III.A, p. 12. Corporate Governance for Banks in Southeast Europe Policy Brief 23 Recommendations: Board chairpersons: The SEE bank chair needs to be more conscious of his or her role as a leader who creates a context for debate and constructive criticism. The chair needs to have a plan for how to maximize the value of the board as a deliberative forum. The chair should consider aspects of composition and how to make better use of individual board members’ skills, and should set an agenda that responds to the bank’s needs. It is of critical importance that the SEE chair provide the proper context for the board to perform, in particular ensuring access to complete information on the issues that the board will be considering. The chair of the board also has an important role in ensuring that board evaluations occur (see Section III.A.8, below). Separation of roles of chief executive officer and chair: SEE banks that combine the roles of chief executive officer and chairperson should explore the possibility of separating the two. This is an increasingly accepted feature of best practice. When the two roles are separated, the relationship between the chair and the chief executive officer becomes critical to the function of the board. This relationship must be carefully cultivated and based on trust and respect. If the roles of chair and chief executive officer are combined, it is important for the bank to have checks and balances in place, such as having a lead board member who is independent. A6. Board committees30 Board committees allow the board to better manage its Audit and Other Committees workload, give proper attention to complex or sensitive issues, and manage potential conflicts of interest. In Banks were functioning as a one-man “ OECD countries, the three most common committees show. Whenever we told them ‘You need in listed companies are the audit, nominations, and remuneration committees. Under best practice, these this committee and that committee,’ they three committees are generally staffed by at least said, ‘Sure, Mr. Governor, you can have a majority of independent board members.31 Other it.’ Basically, in a day we got whatever common board committees among listed companies we asked for, but there was still the are strategy, risk, compliance, ethics, and governance chairperson and the chairperson alone.� committees. In unlisted companies, the most common Radovan Jelašic, Serbia committee is the audit committee. In developed financial markets, bank boards may The way to bring quality work into the “ have additional industry-specific committees, board is also through committees and, to such as a risk management committee.32 A risk start with, audit committees—which also management committee reviews the risk management need proper formal independence, and at functions of the bank, the capital adequacy and the least a majority.� allocation of the bank’s capital, and risk limits; it Christian Strenger, Germany then makes recommendations to the whole board. Board committees should be staffed by technically On any audit committee virtually all of its “ competent individuals and by an appropriate number of members have to be financially literate.� nonexecutive and/or independent members. Peter Dey, Canada 30  2010 BIS Principles, Section III.A, p. 12. In more stringent jurisdictions, audit and remuneration committees must be 100 percent staffed by independent board members, while nominations 31  committees may be majority independent. See for instance, the UK Corporate Governance Code at: http://www.frc.org.uk/corporate/ukcgcode.cfm 32 2010 BIS Principles, Section III.A, p. 13. 24 Policy Brief Corporate Governance for Banks in Southeast Europe Among committees, the audit committee is primary. Each year, the board is required to provide the shareholders with an assurance of the ongoing integrity of the bank’s financial reporting, systems of internal control, and risk management. For this assurance, the members of the board rely on the audit committee and, through it, the internal audit department and the external auditor.33 Given the potential for conflict of interest, the audit committee is best staffed by independent members to exercise objective and arms-length oversight of the internal and external auditors. Functioning board committees are still relatively new in the SEE region. Where they have been established, it appears that they are principally audit committees (all SEE banks surveyed in the context of the EBRD’s 2010–2011 Corporate Governance Assessment reported having audit committees), which are usually mandated by legislation. Although the record of their establishment is excellent, it appears that that some of the committees may be purely formal bodies established in response to regulatory requirements (see Chart 3). Chart 3: Board Committees in SEE Risk Committee Remuneration Committee Nomination Committee Audit Committee 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Furthermore, not all of the so-called “audit committees� of domestic SEE banks are in fact equivalent to audit committees as they are traditionally defined in OECD financial markets. Some SEE “audit committees� are legally mandated structures, external to the bank and external to the board, that are tasked mainly with providing assurances regarding the bank’s accounts and compliance. These are better termed “audit councils.� In the past, audit councils were usually composed of individuals who were completely unrelated to the company, being neither executives nor board members. Such bodies have historical counterparts in OECD countries, including Italy, Japan, and Turkey, though they are increasingly infrequent. They were common in Russia and other countries under Soviet influence, which may explain this feature in the SEE context. Audit councils are considered audit committees for the purposes of Chart 3 and are considered by local regulators to be the equivalent of an EU country audit committee. However, it is doubtful that they fulfill the same function as a board committee. For instance, an audit council, not being part of the board, has no obligation to fulfill either of the key duties of loyalty and care that are normally expected of board members. Board members generally provide these assurances in their personal capacity, which means they could potentially be held liable. The issue of 33  board-member liability insurance was not considered in depth in the debate leading to the development of this Policy Brief, but it may warrant further attention in the future. Corporate Governance for Banks in Southeast Europe Policy Brief 25 Furthermore, the fundamental responsibility for oversight of the audit, the internal and external auditors, and, more generally, the bank’s reporting and control systems, lies with the board and cannot be delegated to an outside body that, ultimately, has limited or no accountability to owners. Finally, the findings of an audit council can, at best, be endorsed by the board but can never be considered to be the board’s own position or under the ultimate responsibility of the board. Since audit councils differ so substantially from audit committees, some of the recommendations that emanate from best practice that are typically addressed to audit committees (such as the presence of a certain percentage of independent members, or the responsibility for overseeing the independent audit, or ensuring that systems of control are in place) might not be relevant. It is, in fact, difficult to see how an outside body can effectively carry out the larger expectations of an audit committee and be held (along with the board) truly accountable for bank performance. Other issues that have been reported about domestic bank audit committees is that they may not adequately brief the full board. Some cases have been reported of committee chair using the audit committee to control information flows and pursue their own interests. In other instances, representatives of larger shareholders used audit committees as a type of executive committee where most strategic decisions were made. The reporting burdens of audit committees are also a concern. In some countries, boards have a monthly reporting obligation to supervisors. Since the full board cannot typically meet on a monthly basis, the responsibility for reporting is assigned to the audit committee. This increases the work load of the committee, shifts its focus toward being a compliance tool, and distracts the audit committee from its other tasks. Few banks boards have remuneration committees, which are arguably of greatest importance next to the audit committee because they establish performance standards for senior management and focus the attention of management on what the board wants to achieve. Remuneration committees are also important, because incentive plans that encouraged undue risk taking were found to be a contributor to the financial crisis in the more developed banking markets. Even fewer nomination committees exist. For foreign-owned banks, there is little need for a nomination committee, because the parent decides who will sit on the board of the subsidiary. Similarly, for domestically owned banks, these board committees are uncommon. Some of the reasons are that many domestic banks are small, the stage of development of the board is such that it draws little benefit from a committee, and the potential benefits of committees are not well-understood. At times, there is not a clear understanding of the difference between board committees and operating committees of the bank. So, for example, some banks cite asset-liability committees (ALCOs) as evidence of proper board governance. The ALCO is an operating committee whose primary goal is to evaluate and approve practices relating to risk due to imbalances in the capital structure of the bank. There may be similar confusion about the risk committee. It is important to recognize that operating committees are no substitute for proper oversight by the board or board committees. It is precisely the excessive delegation of risk monitoring to executives that led to some of the questionable risk practices at Lehman Brothers in the United States during the financial crisis. Similarly, it is important that supervisory board members not be members of operating committees or become involved in the operations of the bank (see Background Box 2). 26 Policy Brief Corporate Governance for Banks in Southeast Europe Background Box 2: Board Committees in SEE banks Albania In Albania, banks are required to establish an audit committee consisting of three members with experience in accounting or auditing. They are appointed by the shareholders’ meeting and from outside the steering council (supervisory board). The audit committee is responsible for the supervision of the audit, accounting procedures, and internal controls of the bank. The steering council can appoint other committees composed of nonexecutive members of the council. Bosnia and Herzegovina In both entities of Bosnia and Herzegovina, banks’ supervisory boards must appoint an audit committee consisting of five members for a term of four years. Members may be reappointed. Audit committee members cannot be members of staff or members of the supervisory or management boards.34 Bulgaria In Bulgaria, in line with Article 41 of the 8th EU Company Law Directive, the Law on Financial Independent Audit requires “public interest companies� (including banks) to establish an audit committee. Ordinance No. 4 on the Requirements for remuneration in Banks, adopted in 2010, requires banks to set up a remuneration committee. Croatia In Croatia, the Credit Institutions Act implicitly requires banks to have an audit committee, because the Act expressly provides for reporting duties by internal audit to the audit committee. The Croatian National Bank has the authority to order a credit institution’s supervisory board to appoint appropriate committees for specific oversight responsibilities. FYR Macedonia In FYR Macedonia, banks are required to establish an audit committee, to be appointed by the general meeting of shareholders. The majority of the committee’s members must be from the supervisory board, and the others should be “independent� outsiders. At least one of the members of the audit committee needs to be an auditor. All audit committee members need to have knowledge of accounting and auditing and be informed of the bank’s operations, its products and services, the risks the bank is exposed to, the internal control systems, and the risk management policies of the bank. The Corporate Governance Code of the Macedonian Stock Exchange further recommends that listed companies and banks consider the introduction of nomination and remuneration committees at the supervisory-board level. The Decision on the Basic Principles of Corporate Governance defines the role of the risk management committee and requires banks to have adequate remuneration policies and procedures and a remuneration committee. Montenegro In Montenegro, bank boards are required to appoint the members of the audit committee, made up of a majority of people not connected with the bank, who have experience in finance. Bank boards can also create risk management, nominations, or remuneration committees. 34  See Article 75, and following, of Republika Srpska’s Law on Banks and Article 32g, and following, of the Federations’ Law on Banks. Corporate Governance for Banks in Southeast Europe Policy Brief 27 Romania In Romania, according to the Law No. 31/1990, the board or, as appropriate, the supervisory board may set up consultative board committees formed by at least two board members. In companies with a single-tier board structure, at least one member of the committee needs to be an independent nonexecutive director; the audit and remuneration committees are to be composed exclusively of nonexecutive directors. In companies with a two-tier board structure, at least one member of each committee must be an independent member of the supervisory board. According to Regulation No. 18/2009, banks may set up a risk management committee. The Bucharest Stock Exchange Corporate Governance Code provides more direct recommendations. Serbia In Serbia, banks are required to establish an audit committee, credit committee, and committee for managing assets and liabilities. Only the audit committee is a board committee. It must be made of at least three members, two of whom must be board members and the third must be independent. A person not holding direct or indirect ownership in the bank or in the banking group is considered independent. Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Recommendations: Board committees: The creation and composition of board committees should be carefully considered. Smaller wholly owned domestic banks and banks with small boards should be left free to decide whether they should have committees. Types of committees: For a well-functioning board, the most important committee is the audit committee. Audit committees should benefit from the maximum level of independence possible because of their central importance and the potential for conflicts of interest. It should be noted that EU legislation requires all public interest entities (listed companies, credit institutions, and insurance undertakings) to have an audit committee with at least one independent board member with competence in accounting or auditing.35 The definition of independence is not included in the directive, but it can be derived from the 2005 recommendation on the role of nonexecutive or supervisory board members of listed companies and on the committees of the (supervisory) board.36 Remuneration committees are useful in defining the bank’s goals and focusing management’s attention on their achievement. A nomination committee can help the board better determine its own composition. In practice, most banks will find it useful to combine board committees or to use ad hoc structures instead of standing committees to make efficient use of independent board members. Risk management committees: Larger, systemically important, and complex banks should have a risk management committee. If a risk committee is established, it is important that the full board be fully appraised of risk-related issues so that all board members can work together in addressing the risks. Operational committees are no substitute for a risk committee at the board level. Participation and decision-making power of committees: Board committees should be composed exclusively of board members. Executives and outside experts can be invited to inform committees on specific issues, but decisions must be made exclusively by board members. Board committees act in an advisory capacity to the board as a whole. Decision-making responsibility remains with the full board. See Article 41 of Directive 2006/43/EC of the European Parliament and of the Council of May 17, 2006, on statutory audits of annual accounts 35  and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC. 36  The Recommendation is available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2005:052:0051:0063:EN:PDF. 28 Policy Brief Corporate Governance for Banks in Southeast Europe Briefing of the board: Audit committees should not become gatekeepers. It is good to have the internal auditor periodically brief the full board to ensure good communication and not to cloister the internal auditor within the confines of the audit committee. Also, if the audit committees are receiving briefings from the risk managers and compliance people, they should also periodically brief the full board. In any event, the full board should be discussing risk and periodically hear from the risk manager, and the risk manager should have fluid access to the board. Assessment of statutory audit bodies or “audit councils�: In SEE, it is important to distinguish between statutory audit bodies required by company law, or so-called audit councils, and an audit committee of the board. The statutory body typically has a different role and is not a substitute for a properly constituted board committee. In the majority of countries in SEE, audit councils can be made up of outsiders, which creates problems with confidentiality and accountability. At a minimum, the effectiveness of such structures should be assessed. Qualifications and independence: Board committees tend to benefit greatly from specific skills and a reasonable level of independence. A majority of independent members and of members with specific skills is widely considered a minimum. SEE banks should seek to staff board committees with experienced and independent individuals as needed. A7. Group structures37 Group structures are very important in the SEE context, Subsidiary Boards given that the vast majority of banking activity is conducted by subsidiaries of foreign banking groups. There is no way…parents are going to “ In most cases, parent banks come from outside want the subsidiary board to come in on the region. Though, in a few cases, locally owned issues of strategy and risk. But that does not banks are parents of regional groups, as with the mean that directors can…abrogate their Komercijalna Banka ad Beograd. Although the large responsibilities. They have…responsibilities presence of international banking groups has brought but their position is extraordinarily difficult.� improvements in banking and corporate governance John Plender, United Kingdom practices, the very high levels of foreign ownership have also raised concerns. Of course, looked at on a group basis, you “ A local subsidiary of a foreign bank may not be a would say, ‘We are responsible as a group. significant operation from a group perspective, yet Here is the brand. We will look after you,’ a foreign subsidiary in SEE can easily have a systemic but when the balloon goes up, [and] the impact in a small country. As was famously described local regulator…has to sort this mess out… by Mervyn King, governor of the Bank of England, every legal argument is likely to be raised “Global banks are global in life, but national in death.� that places the responsibility with that local In other words, when things go wrong, it is ultimately subsidiary, to the detriment of the public the local entity that suffers the consequences and, to a and the depositors in that host country.� much lesser extent, the group. By extension, it is local Roger McCormick, United Kingdom stakeholders and the local economy that will suffer the costs of a subsidiary bank failure. 37  2010 BIS Principles, Section III.A, pp. 15–16. Corporate Governance for Banks in Southeast Europe Policy Brief 29 On the SEE bank level, there is the need for a clear definition of the roles and responsibilities of subsidiary boards. Best practice38 recommends that the obligations of a parent bank board with regard to the subsidiary are to establish governance structures adapted to the local conditions that meet all locally applicable governance requirements, and to ensure that resources are available to meet both group and local governance standards. It is important that the different decision-making powers of the parent and subsidiary board are clearly understood. The parent board should also monitor subsidiary compliance with applicable local requirements. Best practice also suggests that the regulated subsidiary of a foreign bank adhere to the governance requirements of the parent bank, taking into account the nature of the local business and local legal requirements. The local bank subsidiary must ensure that group-level decisions do not put it into breach of host-country legal provisions. Similar to the obligations of any board, the local subsidiary board has a duty of care and loyalty that should ensure the sound management of the subsidiary and its financial health. In addition, it has an obligation to protect the legal interests of its stakeholders. However, the implementation of these general recommendations is a considerable challenge in practice. On the one hand, parents do not wish to cede control over strategy, products, and risk to local subsidiary boards. Many of these local operations may almost function more as branches than as independent banks. On the other hand, substantive input by local boards should protect local stakeholders and encourage a better understanding of local conditions and local risks. Local conditions do matter, and local boards cannot merely be rubber stamps or conduits for executing central command. The middle ground is a substantive interaction between the parent and the subsidiary that respects group strategy and ensures a full understanding of the local conditions. Another concern is that different governance rules from different jurisdictions can lead to situations in which foreign and local requirements come into conflict. In principle, this should not occur in countries that are adopting EU legislation and with a preponderance of foreign banks. However, in practice, banking groups increasingly point to a bewildering complexity of rules and regulations that come from the group and from the home and host countries. Background Box 3 provides an overview of foreign ownership of banks in SEE. Background Box 3: Foreign Ownership of SEE Banks39 Albania The Albanian banking sector comprises 16 banks, of which only 2 are owned by Albanian shareholders. The three major banks represent more than 56 percent of the Albanian market share. Only one of the three major banks is domestically owned; the other two are subsidiaries of important banking groups. Bosnia and Herzegovina In Bosnia, the majority foreign-owned banks dominate the banking system. They account for over 90 percent of the registered capital of banks. Domestic privately owned banks represent 7 percent of the registered capital of banks. State-owned banks controlled 1.1 percent of total assets. The three major banks represent over 50 percent of the market share. 38  2010 BIS Principles BCBS (2010). 39  For detailed illustrations of ownership of SEE banks by country and individual owners, see Annex E.2. 30 Policy Brief Corporate Governance for Banks in Southeast Europe Bulgaria The Bulgarian banking sector comprises 30 banks. The ownership of the three largest banks, which account for approximately 40 percent of the aggregate value of assets of the Bulgarian banking sector, is highly concentrated in the hands of foreign investors. Croatia The Croatian banking sector comprises 38 credit institutions (32 banks, 1 savings bank, and 5 housing savings banks). The three largest banks represent almost 60 percent of the whole banking sector. All three are listed on the Zagreb Stock Exchange, and their ownership is concentrated in the hands of international investors. FYR Macedonia The banking sector in FYR Macedonia comprises 18 banks and 8 savings houses.40 Fourteen banks are owned by foreign shareholders who hold approximately 90 percent of the capital of these banks. The three largest banks hold about 80 percent of the market in the country; two of them are owned by European banking groups and are listed on the exchange. Montenegro Of the 11 banks in Montenegro, 6 are listed on the Montenegro Stock Exchange. The three largest banks in the country are all subsidiaries of major international banking groups. Romania There are 32 banks in Romania. The three largest banks are owned by foreign investors. Only one of these, BCR (Banca Comerciala Romana S.A.), is listed. According to the National Bank of Romania, the top five banks hold more than half of total bank assets. Serbia Of the 33 banks in Serbia, 19 are listed on the Belgrade Stock Exchange. Among the five largest banks in the country, four are owned by foreign investors. The three largest banks represent approximately 30 percent of the Serbian banking market. Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011), supplemented by BSCEE, Review (2010). Recommendations: Group structures: Parent banks need to be aware of subsidiary bank governance practices and ensure that subsidiary banks adhere to appropriate governance practices from both parent and subsidiary jurisdictions. They should ensure that the subsidiary respects local legal requirements and acts with due concern for local stakeholder interests. Subsidiaries of foreign banks in SEE must adhere to the governance practices of parent banks while adhering to local legal requirements. Boards of parent banks: The board of the parent bank should approve a corporate governance policy at the group level for its subsidiaries. The policy should clearly map out the relationship between group and subsidiary boards as well as the relationship between group and subsidiary functions and businesses. The board of the parent bank should periodically assess the governance structure and ensure that enough resources are available for each subsidiary to meet both group and local governance standards. 40  As of March 2011. Updated source: National Bank of FYR Macedonia. Corporate Governance for Banks in Southeast Europe Policy Brief 31 Boards of subsidiaries: The legal framework should ensure that the boards of subsidiaries that are systemically important to the local banking system localize certain key strategic and control responsibilities without impairing the significant benefits of groupwide consolidation of key controls and business practices. Such localization is intended to improve decision making, enhance internal control, and provide better assurances to local stakeholders. This means, among other things, that certain subsidiaries may be required to have independent board members as well as audit committees staffed by independent board members. Such independent board members should, in principle, be able to police conflicts of interest between parents and local stakeholders. Expectations regarding the capacity of independent board members to be proactive and to police conflicts of interest should be realistic. In practice, independent board members of local boards are constrained by parent/subsidiary rules and may be limited to signalling that conflicts of interest exist. Coherence between localization of board and control functions: Where there is to be greater responsibility of subsidiary boards, then the role of other functions, such as internal control, internal audit, and compliance, will need to be structured in a way that makes them consistent with the strengthened role of the local board. New products at subsidiary level: There should be more formalized review of new products. For major foreign bank subsidiaries, the board still needs to be apprised of major product changes or relocations (such as the shifting of a product to another local subsidiary or affiliate) and the impact of such changes. Also, foreign subsidiary boards should be apprised of product evolution and introduction to the locale, if they are to be responsible for local operations. The head office should not simply push product down without a proper vetting at the locale. Local boards may not necessarily be able to approve products, but rather they should review products that have been launched and risks that have been generated. A8. Performance-improvement plans (evaluations) Board evaluations constitute an important tool for 1) sensitizing boards to the link between good governance and performance; 2) educating boards on good governance practices; and 3) putting into motion a process for continuing improvement in governance practices. Evaluations can be extremely useful in benchmarking the board against best practice, identifying gaps, and generating ideas for improvements. Evaluations should always culminate in plans for how to improve the bank’s governance. Formalized board evaluation plans are making inroads in best-practice countries. In Bulgaria, Croatia, FYR Macedonia,41 Montenegro, Romania, and Serbia, corporate governance codes already include recommendations for the conduct of an annual board evaluation. In the SEE region, formal evaluations are more commonly found in the subsidiaries of foreign banks. They are comparatively rare in locally owned banks. Clearly, such evaluation plans are features of larger, more structured organizations and less common in smaller banks with more informal practices. Evaluations can become sensitive when they seek to evaluate individual board-member performance. Often, personal sensitivities can be eased by using external consultants, who bring both expertise and an independent view to the task. However, the likelihood of success of such programs can be greatly improved by recasting them as forward-looking performance-improvement plans and exercises to explore ways to improve the governance systems of the bank, rather than backward-looking performance evaluations that implicitly ascribe blame. Evaluations arise from Articles 89, 90, and 91 of the Banking Law, which requires annual self-assessments of the members of the board and of the risk 41  and audit committees. 32 Policy Brief Corporate Governance for Banks in Southeast Europe Recommendation: Evaluations: Banks should conduct benchmarking exercises of their governance against best practice. Where gaps are found, potential remedial action should be discussed at the board level. Evaluations should also address where the board has gaps in skills, expertise, and leadership talent. The outcome should be a performance-improvement plan. Evaluation exercises need to be recast as governance-improvement plans. How to conduct board evaluations is not the subject of this Policy Brief. Numerous publicly available sources provide detailed guidance on how to conduct board and governance evaluations.42 42  See, for example, IMD Board Evaluation Questionnaire at http://www.ifc.org/ifcext/corporategovernance.nsf/content/BoardEvaluation Corporate Governance for Banks in Southeast Europe Policy Brief 33 B. Risk management and internal controls43,44 B1. Risk management versus internal control45 Risk management and internal control are two Risk Management and Risk processes that work hand in hand. Risk management Management Culture is intended to 1) identify risks; 2) assess the bank’s When sophisticated risk management comes “ exposure to risks; 3) monitor exposure and conduct too late, I do not think there is much reason consequential capital planning; 4) monitor and assess to celebrate.� decision making as it relates to risk, in particular, whether risk decisions are in line with board-approved George Bobvos, Montenegro risk tolerance and policy; and 5) report to senior management and the board. Effective risk management is not about “ eliminating risk-taking; risk-taking is a Internal control, on the other hand, ensures that each key risk has an associated policy and control fundamental driving force in business and mechanism, and that each control policy and entrepreneurship. The aim should be to ensure mechanism is being applied effectively. Internal controls that risks are understood and managed and, provide a variety of assurances to management, such when appropriate, communicated.� as the reliability of information, compliance with law, Hans Christiansen, Denmark compliance with governance systems, prevention of excessive managerial discretion or fraud, and so on. It is One of the most important lessons that I think “ a key responsibility of the board to ensure that effective comes out of the crisis from a governance systems of risk management and control are in place.46 point of view is a focus on the risk governance A best-practice board will typically need to rely on role of a board.� an internal auditor to provide the board, via the Catherine Lawton, United Kingdom audit committee, with assurances regarding the bank’s risk management and internal controls and corporate governance processes. The internal auditor traditionally reports to management administratively and to the board functionally, with the head of internal audit reporting directly to the chairperson of the audit committee or to an independent lead board member. Internal auditors should enjoy substantive independence from management and have direct access to the board. Supervisors and bankers may use the term internal control to refer to a variety of aspects of the control environment, including risk management, internal audit, controls, and compliance. Irrespective of how the functions of the control environment are named, each one is necessary and should be performed effectively. In addition, a bank’s general counsel or legal function contributes significantly to the control of risk. Many problems in developed markets during the recent financial crisis resulted from legal risk failures. For banks in the SEE region, implementing effective and reliable risk management and internal controls is one of the most important challenges. It is only through an effective control environment that the board can be confident that the information and reports that it receives are reliable. It is also the only way the board can express itself with any certainty on the risks in the bank. 43  2010 BIS Principles, Section III.C, p. 17. For additional specific guidance on risk management, see CEBS, High Level Principles for Risk Management (2010). 44  http://www.eba.europa.eu/documents/Publications/Standards---Guidelines/2010/Risk-management/HighLevelprinciplesonriskmanagement.aspx. 45  2010 BIS Principles, Section III.C, p. 17. 46  See also BIS, Framework for Internal Control Systems in Banking Organizations (1998). 34 Policy Brief Corporate Governance for Banks in Southeast Europe Effective systems of risk management, internal audit, and internal control are often taken for granted in developed banking markets. For example, the Bank of Montreal recently added 200 people to strengthen its risk function, and Toronto Dominion Bank added 500 new staff on its risk side. SEE banks on the other hand may have difficulty finding and affording one highly competent risk professional. These figures put into perspective the relative scale of SEE banks and their capacity to respond. On the other hand, it is worth noting that a large number of risk professionals does not equate to good risk management; even in developed markets where financial and human resources are broadly available, firms have been known to accommodate their risk control to meet short-term sales or profitability objectives. For example, before the crisis, positions for risk professionals in UBS were filled by individuals with sales (not risk management) backgrounds in order to accommodate growth.47 This confirms the common knowledge that there are important human elements to developing a sound risk management culture. Another practical challenge in SEE is the communication of risk up to the board. In SEE banks, including international subsidiaries, communication from the risk control functions goes to management first; the chief executive officer and management are inevitably the first port of call for the internal auditor. The audit committee is likely to be secondary, especially in countries where the internal audit function is not well-developed and where internal auditors are junior and do not have sufficient stature to go to the audit committee or balance their authority against the management structure. It is important to note that the risks involved in banking in SEE pertain mainly to operational risk and credit risk and not to financial instruments, asset-backed securities, sophisticated market trading risk, or special- purpose vehicles, as was the case in more developed banking countries during the financial crisis. The different nature of risk in the SEE region calls for an adapted approach to risk management. Recommendations: The control environment: Bank boards need to assure themselves that the bank’s control environment is functioning properly. The control environment should comprise not only risk management, compliance, internal controls, and the internal audit, but also the external audit. The importance of the general counsel function and legal function in managing risk should also be recognized. Each of these functions should have adequate authority, stature, independence, resources, and access to the board. Larger banks should have a sufficiently independent audit committee to ensure professional oversight of the control environment. Communication of risk to the board: The communication of risk needs attention. Even though internal audit and chief risk officers (CROs) may have organization-chart reporting lines to the board or to an audit committee, it is important to ensure that these lines of communication function in practice and are secure. Further, risk and audit committees should not localize information on risks, which needs to be shared with the full board. Board review of the control environment: SEE boards should approve their bank’s control policies and assess the extent to which the bank is managing its risk effectively. They should regularly review (at least annually) policies and controls with senior management to determine areas needing improvement and to identify and address significant risks. The board should ensure that the control functions are properly positioned, staffed, and resourced and are carrying out their responsibilities independently and effectively. In doing so, they should work directly with the internal auditor and the CRO. OECD, “The Current Financial Crisis: Causes and Policy Issues,� Financial Market Trends (2008), 10. 47  http://www.oecd.org/dataoecd/47/26/41942872.pdf. Corporate Governance for Banks in Southeast Europe Policy Brief 35 Outsourcing versus centralization of key functions: Centralization is not the same as outsourcing. Depending on the size of a foreign subsidiary, certain functions may be centralized and provided by the head office. The risk management, compliance, and internal audit functions may be conducted centrally but cannot be outsourced to a service provider. When these functions are provided by the home office, centralized functions need to benefit from local knowledge. Risk analysis and control should not rely solely on the work of the home office but should be fully informed by local circumstances and draw upon local expertise. Subsidiary banks, particularly those of systemic importance, should develop their own risk analysis. (See Section III.B.3, paragraph 1, below.) Where key control functions are decentralized, there should be interim monitoring processes in place with the ability to trigger an exceptional audit, an audit visit, or a change in audit schedule from the home office. Such monitoring might include, for instance, reviewing documents that provide insight into the operational patterns of the subsidiary, such as reports on transaction volumes and shifts therein, reviews of board information, and reviews of anti-money-laundering data. Such interim monitoring processes could be crafted to allow some insight into shifts in business and risk activity when an audit is not in process. B2. Chief risk officer or equivalent48 Best practice suggests that large banks and other banks, depending on their governance requirements, have an independent chief risk officer who is responsible for the risk management function and who is able to engage directly with the board and/or its risk committee on issues of risk (see Background Box 4). According to the BIS Principles (2010), “Banks should have an effective internal controls system and a risk management function (including a chief risk officer or equivalent) with sufficient authority, stature, independence, resources and access to the board.49 The BIS Principles go on to say that (similar to an internal auditor50) the CRO should be functionally independent.51 This means that, although the CRO may report to the chief executive officer or to other senior management administratively, the CRO should report to and have direct and unfettered access to the board. Nonexecutive board members should have the right and opportunity to meet with the CRO upon request without senior management present. Similarly, the position of the Committee of European Banking Supervisors (now European Banking Authority) is that “The CRO (or equivalent) should have sufficient independence and seniority to enable him or her to challenge (and potentially veto) the decision-making process of the institution. The CRO’s position within the institution should permit him or her to communicate directly with the executive body concerning adverse developments that may not be consistent with the institution’s risk appetite and tolerance and business 48  2010 BIS Principles, Section III.C, p. 17. 49  2010 BIS Principles, Principle 6. According to the Institute of Internal Auditors (IIA), “Internal auditing is an independent, objective assurance and consulting activity designed 50  to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.� Furthermore, the IIA states that functional reporting lines to the board and audit committee are necessary to ensure the independence of the internal audit: “The functional reporting line for the internal audit function is the ultimate source of its independence and authority. As such, the IIA recommends that the chief audit executive report functionally to the audit committee, board of directors, or other appropriate governing authority.� 51  Report on Corporate Governance in Financial Institutions, A7-0074/2011� (2011), paragraph 22, p. 5. 36 Policy Brief Corporate Governance for Banks in Southeast Europe strategy. When the executive body or the management body considers it necessary, the CRO should also report directly to the management body or, where appropriate, to the audit committee (or equivalent).�52 Background Box 4: CROs in SEE Banks In Albania, Croatia, Montenegro, and Serbia, there are no regulatory requirements for the appointment of a CRO, but responses to the survey undertaken in 2010–2011 indicate that the presence of a chief risk officer is usually monitored as part of the supervisory process. In Bosnia, FYR Macedonia, and Romania, the appointment of a CRO is required. In Bulgaria, in compliance with the legal provisions of Article 73(3) LCI, the Bulgarian National Bank has issued binding guidelines for the appointment of CROs. It is included as part of the onsite inspection performed by supervisors. In Romania, banking regulation requires the establishment of an independent risk function overseen by a CRO. The legal and regulatory frameworks on risk governance as well as supervisory practice seem to foster a strong risk culture within the banks. In compliance with Regulation 18/2009, banks reviewed have established a risk function that operates independently under the oversight of a chief risk officer. The independence of the risk function is underpinned by direct reporting lines of local chief risk officers to the heads of the group risk function. Source: EBRD, Corporate Governance Assessment of Banks (2010–2011). In SEE, smaller local banks might not have sufficient resources for a dedicated CRO. Banks may find it more practicable to assign these functions to another officer of the bank. The Committee of European Banking Supervisors (now European Banking Authority) suggests that “when the institution’s characteristics—in particular its size, organization, and the nature of its activities—do not justify entrusting such responsibility to a specially appointed person, the person responsible for internal control can be made responsible for risk management as well.�53 However, best practice also suggests that the responsibilities of the CRO not be shared with other operational functions within the bank, such as the chief financial officer or other senior management, to avoid clear conflicts of interest and to preserve the CRO’s independence. In subsidiaries of foreign banks, CROs and the risk management function are sometimes provided by the home office. This solution should be carefully assessed and be subject to the regulator’s approval.54 Data on practices in SEE suggest that the great majority of SEE banks follow best practices in providing the CRO with direct access to the board (see Chart 4). Of greater concern may be that only 50 percent of regulators report regular contact with bank risk departments, when such contact is considered to be good practice.55 Committee of European Banking Supervisors, High Level Principles for Risk Management (2010), paragraph 21, p. 4. 52  Further, the European Parliament’s Report on Corporate Governance in Financial Institutions (2011) takes the view that “chief risk officers should have the same status in a financial institution as the chief financial officer and should be able to report directly to the board,� paragraph 14, p. 14. In addition, the report underlines that “the CRO should have direct access to the board of the company; in order to ensure his independence and objectivity is not compromised, his appointment and dismissal will be decided by the whole board,� paragraph 22, p. 5. In all of these cases it is clear that the CRO needs to be able to act with independence: paragraph 14, pp. 14–21. Further discussion of the importance of the independence of the CRO and the impact that lack of skills and independence had on the financial crisis can be found in Section 3.1.1, pp. 18–19, and Section 3.2.2, p. 21, and in the example on p. 22. 53  Committee of European Banking Supervisors, High Level Principles for Risk Management (2010), paragraph 20, p. 4. 2010 BIS Principles recommends that the board and management of a subsidiary remain responsible for effective risk management processes at the 54  subsidiary. Although parent companies should conduct strategic, groupwide risk management and prescribe corporate risk policies, subsidiary management and boards should have appropriate input into their local or regional adoption and to assessments of local risks. 55  EBRD, Corporate Governance Assessment of Banks (2010–2011). Corporate Governance for Banks in Southeast Europe Policy Brief 37 Chart 4: CRO (or Equivalent) Presence, Reporting and Access to the Board The bank has: No CRO, different risks are managed by different departments A CRO reporting to the CEO or CFO but with irregular, indirect access to the board and/or its risk committee A CRO reporting to the CEO or CFO and with regular, direct access to the board and/or its risk committee 0% 10% 20% 30% 40% 50% 60% 70% 80% Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Recommendations: CROs: The board should be able to have an independent view on the risks of the bank. Such an independent view can be provided by a CRO or equivalent. Whether a bank or a banking subsidiary has a dedicated risk officer depends on the size and nature of the operation. Smaller banks may wish to assign CRO responsibilities to other functions. Subsidiary banks may have their risk management function fulfilled by a CRO from the home office. In such cases, the CRO must fully understand the characteristics of the local environment. Risks should be the subject of a specific report to the board. Supervisors: Supervisors should enhance dialogue with and the frequency of meetings between themselves and internal and external auditors and the risk management function, including the CRO, to improve the likelihood of detecting risk in the early stages.56 Supervisors may wish to take a firm stand on requiring certain risk management functions, if the local operation is of such significance that a failure would have a catastrophic local impact. B3. Risk methodologies and activities57 Bank risk management has come sharply into focus as a result of the financial crisis. There is a global need to enhance the sophistication of banks’ risk management and risk models. Some current best-practice trends are to 1) consider more qualitative elements of risk in addition to quantitative elements, and not permit excessive or blind reliance on quantitative models; 2) avoid overreliance on any one specific methodology or model; 3) consider different scenarios to better understand the impact of a broad variety of circumstances; and 4) have subsidiary banks develop their own risk analysis, and not rely exclusively on parent-bank risk assessments. Where subsidiary banks and boards should conduct their own risk assessments to evaluate local 56  European Commission, Corporate Governance in Financial Institutions (2011), p. 21. 57  2010 BIS Principles, Section III.C, p. 19. 38 Policy Brief Corporate Governance for Banks in Southeast Europe Excessive Focus on Technical Aspects circumstances, these findings should be reported to the of Risk Management parent bank. Today risk management runs banks, and that “ Risk management and risk modeling are of undeniable should not be the case. I agree that corporate importance, yet neither has been the cause of concern governance should provide additional in SEE that they have been in more developed markets. security, guarantee of transparency or be a Nevertheless, greater attention is warranted, even if it kind of tool, but I think that we first need should not be allowed to distract SEE banks from other to solve the fundamentals. I think there problems that merit attention. Principal among these is much to do in southeast Europe before is the need to become more proficient in the basics of looking at more sophisticated corporate banking, concentrating on products and services that customers need, and integrating risk management into governance. I would go back to the basics: this basic banking business. what are the products people need?� George Bobvos, Montenegro SEE countries also face challenges in applying risk models that were developed to respond to the risk environment of more sophisticated financial markets So what I would say is do not mistake “ and which require considerable expertise to apply fancy risk measurement capability for a properly. In some cases, bank executives do not culture of risk management; they are very understand the more sophisticated risk models and different things.� find it difficult to apply them within their context. Jon Lukomnik, United States This inability to properly apply risk models presents an additional risk in its own right and suggests that better- adapted models need to be developed. Recommendations: Risk methodologies: Risk models must be sufficiently flexible to capture a fuller range of potential risks. At the same time, risk management should not draw excessive attention from building a fundamentally sound bank. Risk management models must reflect the nature of the business and become an integral part of the banking business. Credit culture: Most risks within SEE will be credit-related risks. Although much emphasis is currently on systems and methodologies, it is important for a bank to have a strong credit culture and for people to have an instinct for credit. These are very basic items that are more important than sophisticated matrices. Ultimately, no risk model can substitute for a culture of prudent risk management. Corporate Governance for Banks in Southeast Europe Policy Brief 39 C. Compensation58 Compensation policies can have an impact on bank Compensation in SEE performance and risk taking. In developed financial markets, and in particular in the United States, Compensation is not a burning issue in this “ there has been interest in the role that incentive region, and also probably the amounts are payments may have had on the level of risk in financial not comparable to some of the grotesque institutions. Remuneration has captured the public’s amounts that have been paid in the West.� attention because of what appear to be inordinate Peter Dey, Canada payments and the reward of bonus payments irrespective of bank performance. But, what elicited the most public outrage were the large bonuses paid at ailing institutions that relied on taxpayer funds to continue their operations. In developed markets, boards will be taking a much more active role in remuneration policies in the future by examining the effectiveness of incentive compensation plans, the degree to which incentives support the achievement of bank objectives, the extent to which they encourage excessive risk, and their reputational impact. Board remuneration committees that are staffed entirely or predominantly by independent board members can be expected to play an important role. In SEE, on the other hand, high-payout compensation plans are exceedingly rare, and risk taking fueled by large incentives is not a significant issue. SEE banks are almost uniformly small. Compensation is correspondingly modest and predominantly in the form of fixed salaries with a considerably smaller component of variable compensation. The trading, securitization, and derivatives operations that seem to have gotten sophisticated banks into trouble are not present. Furthermore, the influence of executives over their own pay is more limited. Chart 5: Variable Compensation as a Percentage of Total Compensation Performance-based variable compensation as a percentage of total compensation for senior executives in the three largest SEE banks too opaque to have a view less than 20% 20% to 40% 40% to 70% more than 70% 0% 10% 20% 30% 40% 50% 60% Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to regulators in the region. 58  2010 BIS Principles, Section III.D, p. 24. 40 Policy Brief Corporate Governance for Banks in Southeast Europe A significant concern is the large percentage of supervisors who indicate that the performance-based compensation of the top three executives in banks is too opaque for them to have a view on it (see Chart 5). If regulators do not have a clear idea of how bank compensation is structured, it will be difficult for them to ensure that compensation is in line with best practices and that compensation structures are in the best long- term interests of the bank. A related concern is the question of CRO compensation. Data indicate that CROs commonly receive a part of their compensation in the form of variable or incentive pay (see Chart 6). This practice has been identified as potentially compromising the independence of the CRO. Chart 6: CRO Compensation in SEE Banks Is the CRO’s variable compensation paid according to the same criteria as other senior executives? NO YES 0% 10% 20% 30% 40% 50% 60% Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to selected banks in the region. Most board member compensation is in the form of fixed fees. Few SEE banks use stock options, but some have performance-based awards (see Chart 7). Chart 7: Board Member Compensation Remuneration of nonexecutive directors within the bank is: �xed fee combined with stock options �xed fee combined with stock awards �xed fee combined with performance-based bonus a �xed fee 0 10 20 30 40 50 60 70 80 Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to selected banks in the region. Corporate Governance for Banks in Southeast Europe Policy Brief 41 The disclosure of compensation, which is viewed as a means of creating accountability for pay, is uncommon, though some SEE countries require banks to disclose their remuneration policy. In Bulgaria, for example, this policy is disclosed on the website of the Bulgarian National Bank. Where such disclosure is mandatory in SEE, it is typically in response to EU requirements. Joining the European Union requires compliance with a set of rules, part of which is the European Commission’s Capital Requirements and Bonuses Package (CRD3),59 which has explicit rules on the form and disclosure of compensation. Nevertheless, individual disclosure remains a sensitive issue, partly because of security risks to executives. It has been suggested that the disclosure of salary information may expose executives to extortion or harassment. Still, aggregate disclosure and disclosure of the bank’s remuneration policies may help enhance accountability and control potential excesses. Recommendations: Executive remuneration: The board needs to regularly review the bank’s remuneration policies. The board needs to be confident that incentive programs are effective in enhancing bank performance, and to be vigilant that such programs are neither excessive nor likely to incentivize risk taking that is not in accord with the bank’s risk strategy. Remuneration of control functions: Compensation for the control function (for example, CRO and risk management) should be structured in a way that is based principally on the achievement of their objectives and does not compromise the independence of the control functions (that is, compensation should not be tied to business-line revenue). Board-member remuneration: Views diverge regarding board-member remuneration. Some advocate aligning nonexecutive board-member interest with that of the bank via long-term compensation plans (often using shares and/or stock options). Others suggest that such plans co-opt boards, damage their independence, and increase short-termism. They suggest that nonexecutive board members not take part in variable pay plans and that they should only be paid a fixed annual fee (and perhaps a separate fee for attending meetings). Practice within the EU appears to favor the latter approach. Supervisors: Supervisors need to have a clear view of compensation practices in banks to ensure that banks’ remuneration practices favor long-term interests and do not encourage undue risks. For the specific amendments included in the CRD3, see http://ec.europa.eu/internal_market/bank/docs/regcapital/com2009/Leg_Proposal_ 59  Adopted_1307.pdf. 42 Policy Brief Corporate Governance for Banks in Southeast Europe D. Disclosure and transparency60 Disclosure is a tool used by regulators in the most developed markets to hold banks to account to the public, shareholders, supervisors, and the markets. So-called disclosure-based regulation is often used as a less intrusive and more effective alternative to merit-based regulation, which requires companies to comply with substantive rules. Disclosure and transparency are widely considered fundamental to the effective governance of any enterprise and are a key feature of best practice. Disclosure requirements usually apply to exchange-listed companies, but, in some countries, even private companies of a certain size and banks, irrespective of their size, are expected to make information available to the public. The justification for such requirements is that the operations of banks and large enterprises have a significant impact on economies, and that the public interest is served by greater transparency. This is the case with unlisted banks whose activities can pose risks to the financial system and whose financial health is of fundamental interest to creditors and consumers. In principle, banks should disclose to the public any and all “material�61 information on their operations. Disclosure should focus on areas that are most likely to affect the users of information, and it should be presented clearly, so it can be understood by nontechnical people. For banks, special attention needs to be paid to disclosing the process of risk management and the results of risk assessments. Smaller banks and banking subsidiaries should adapt their level of disclosure to their size, complexity, and risk profile, to provide the information that is truly needed, without incurring excessive costs. At a minimum, banks can be expected to disclose their audited financial statements as well as a statement on their corporate governance.62 Such governance disclosure should cover issues such as the following: board composition; board-member backgrounds; governance structures such as committees; bank, board, and committee charters; governance and ethics policies; remuneration; and information regarding risk exposure, capital exposure, and structures designed to ensure a sound control environment at the bank.63 Furthermore, disclosure should be made on significant events between regular reporting periods. Appropriate accounting and disclosure standards need to be followed. IFRS is increasingly becoming the global standard and is required for listed companies in the EU. Subsidiaries of listed EU home-country banks will inevitably be required to use IFRS to comply with consolidation requirements. In some SEE countries, the central bank requires all licensed banks to use IFRS. To the extent possible, local banks should be required to use IFRS to remain on the same footing with foreign banks. Banking is possibly the most transparent sector in SEE, and banks tend to comply well with disclosure requirements. On the other hand, gaps can be observed. Some banks appear to be missing the systems necessary to produce financial statements to an acceptable standard. Resolving reporting problems poses a complex challenge, because it involves having adequate accounting and audit standards, proper systems within the bank, and, perhaps most important, sufficient trained staff to produce reliable statements on a timely basis. 60  2010 BIS Principles, Section III.F, p. 29. 61  Definitions of what constitutes material information can be found in such international guidance as the OECD Principles for Corporate Governance. Specific disclosure requirements are not listed in this Policy Brief. A large number of pronouncements exist that outline specific disclosure 62  requirements. Of particular interest are those of the BCBS, which are tailored to the banking sector as well as to the EC. Governance-related disclosure requirements have been compiled by UNCTAD (United Nations Conference on Trade and Development), and a more principles-based overview is provided by the OECD. Numerous national requirements may also serve as guidance. For more detailed guidance on corporate governance disclosures, see UNCTAD’s Guidance on Good Practice in Corporate Governance Disclosure at 63  www.unctad.org/en/docs/iteteb20063_en.pdf. Corporate Governance for Banks in Southeast Europe Policy Brief 43 Skepticism regarding disclosure Beyond these technical concerns, there is considerable skepticism regarding the benefits of disclosure in the region. In best-practice countries, the usual benefits of disclosure are described as better accountability to owners and the public, improvements in performance, better access to capital, and improved public perceptions. Yet, SEE managers and owners tend to be more conscious of the short-term costs than of the considerably less tangible benefits that might accrue to them in the longer term. For disclosure to work, information must be easily available for the public and the markets to use. The Internet is often a cost-effective way of getting information into the public’s hands (see Chart 8). In SEE, banks make most basic information publicly available directly in their branches, in government publications, or in the published media. Chart 8: Web-based Disclosure by SEE Banks Are the following disclosures of the bank posted on the website? Director remuneration report Corporate governance report Terms of reference/charters of the board and committees Composition and structure of the board Ownership structure Financial statements 0 10 20 30 40 50 60 70 80 90 100 Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to selected banks in the region. Yet, even where information is freely available, it is uncertain whether the public and depositors can Capacity of the Public to understand complex issues such as risk, gearing, or Understand Disclosures capital adequacy, or whether they would access such information if it were available on a website. In practice in this region I do question “ whether the depositors can really Some SEE supervisors express concern that information understand market risk, ordinary risk, given to the public could damage trust in the financial risk-weighted assets, all of these issues markets and destabilize them. Supervisors’ concerns which are of course relevant. I wonder are not with public disclosure itself but rather with whether they actually understand them what should be disclosed. Supervisors tend to agree and whether it gives them any comfort that problems should be handled initially in discussions at all to read about it on a website.� with supervisors, with disclosure occurring only when problems become worse. Belgrade Conference 2009 44 Policy Brief Corporate Governance for Banks in Southeast Europe Supervisors also expressed skepticism about the ability of disclosure to signal impending problems; they felt that banks would not reveal truly relevant information. They suggested credit ratings as a way to strengthen and complement disclosure. One benefit of independent credit ratings is that they provide an easy shorthand that allows the public to understand bank risk. On the other hand, ratings agencies were unable to warn of risks during the recent financial crisis, which suggests that their effectiveness is not a foregone conclusion. Some countries such as Bulgaria have requirements in law for banks to undergo credit ratings. All of these doubts merit consideration. However, they also emanate from a partial view of how disclosure- based regulation functions. True, the information that is compiled and reported is intended to be read, scrutinized, and understood by an intelligent reader, yet a considerable part of the value of disclosure-based regulation is that disclosure forces the bank and management to seriously examine the issues that are the subject of the disclosure, to take a position, and to make a public assertion. Such a public assertion usually makes the board and management legally responsible. The role of the board in disclosure under best practice Under best practice, the specific responsibilities of the board regarding disclosure and transparency can be divided into four areas: 1) ensuring transparent governance; 2) reporting on company performance; 3) ensuring an effective and independent external audit; and 4) ensuring effective internal control.64 In the first area, ensuring transparent governance, the board is expected to develop formal written mandates or policy statements that set out the general duties and operating principles of the board, and disclose them. Best-practice boards report on the bank’s governance structures, policies, and governance performance. Basic information such as the charter and bylaws should be publicly available under any circumstance. Board reporting may take a variety of forms, including, for example, statements of compliance with a national code of corporate governance, and a consolidated annual report on the company’s governance. In addition, boards are increasingly being asked to report on their own work and performance.65 It is generally accepted that the board has responsibility for reporting on the financial and operating results of the bank. The basic responsibility of the board is to review financial statements, approve them, and then submit them to shareholders. In addition to the external auditor, the board provides some level of assurance that the financial statements accurately represent the situation of the company. Providing credible assurances is a difficult and complex task that involves checking the consistency of accounting and financial statements and the external auditor’s report, ensuring the integrity of the company’s accounting and financial reporting systems, overseeing the independent audit, and maintaining an appropriate relationship with the company’s auditors.66 It is typically the audit committee that helps the board fulfill these tasks. The audit committee’s principal role is overseeing the internal and external audit, assisting the board in supervising the selection of external auditors and the audit process, and addressing the accounting issues of the company. Another responsibility of the audit committee is to assess the reliability of the systems whereby the accounts are drawn up and the validity of accounting methods.67 An important aspect of this responsibility is the process of selecting and monitoring the external auditor to ensure the quality and independence of the audit. Best-practice audit committees are expected to prepare the For a detailed examination of best practice, see R. Frederick, “The Role of the Board in Disclosure: An Examination of What Codification Efforts Say,� 64  Paper developed for the OECD and presented at the OECD’s Fifth Meeting of the South East Europe Corporate Governance Roundtable (2004). http://www.oecd.org/dataoecd/55/33/32387383.pdf. 65 Ibid. 66 Ibid. 67 Ibid. Corporate Governance for Banks in Southeast Europe Policy Brief 45 decision concerning the appointment of the external auditor; maintain contacts with the auditor and examine the auditor’s reports; review and monitor the external auditor’s independence, including the development and implementation of a policy on the engagement of the external auditor to supply nonaudit services; and evaluate other services supplied by the external auditor that may lead to a conflict of interest.68 The external audit In SEE, the relationship between board members and external auditors is an important issue. Some SEE board members express concern that audit statements do not reveal the real problems of banks, because they are the result of negotiations between management (that appoints the auditors and pays them in practice) and the auditors. Questions may arise, for example, about loan provisioning or provisioning for investments. Management is required to provide satisfactory explanations to auditors; however, these explanations may not be sufficient to convince board members who may be aware of more profound problems.69 Such a situation poses a significant dilemma for some SEE board members. On the one hand, board members need to follow their conscience and act forcefully and with integrity. On the other hand, management may be unresponsive, and going public with incriminating information may be detrimental to the value of the bank on a stock exchange or may even cause concern regarding systemic stability. Board members may question the extent to which they should trust their own judgment versus the auditors and management. Furthermore, there is a limit to the number of times a member can object before his role on the board becomes untenable. Eventually board members who object may need to resign. However, this also means they can no longer act as a positive influence on the bank by encouraging better governance and performance.70 Finally, regarding internal control, best practice describes the board’s higher-level responsibility for ensuring the integrity of the corporation’s internal control and management information systems. Where a bank has an internal audit function, the audit committee should, at a minimum, approve its mandate, ensure that it has adequate resources, and verify that the director of internal audit has direct and open communication with both the board and the external auditor. The specific responsibilities of the board concerning the internal audit are to annually review the effectiveness of internal controls and procedures and to report the findings. The review should cover all systems of internal control, including financial, operational, and compliance and risk management, and it should include procedures to identify and report to the board, and (where appropriate) to shareholders, situations of conflict of interest affecting board members, managers, or other senior employees of the company (see Background Box 5). In discussing risk management, best practice often cites the review of unusual and complex transactions as well as transactions using financial instruments and their level of risk.71 68 Ibid. 69 Ibid. 70 Ibid. 71 Ibid. 46 Policy Brief Corporate Governance for Banks in Southeast Europe Background Box 5: Disclosure Requirements in SEE Albania The 2008 Bank of Albania Regulation, “For the Minimum Requirements of Disclosing Information from Banks and Foreign Bank Branches,� requires banks to maintain a website with relevant information and to publish, among other things, information on their share capital; any capital increase; “qualified� shareholders; management structure, powers, and responsibilities; qualifications and experience of directors; ownership structure; participation of main shareholders in the steering council (supervisory board) or in the bank directorate (management board); code of ethics; and code or governance policy and bank policy in connection with conflict of interest and related parties. Annual reports do not include any specific section on corporate governance. Not posted are banks’ charters and bylaws, information on responsibilities and functions of directors, and bank policies on conflict of interest and related parties. Bulgaria Apart from the reporting duties to the National Bank, the Law on Credit Institutions establishes detailed rules for disclosure of key corporate governance documentation and practices such as financial results, information on shareholder meetings, and disclosure of conflicts of interests. The law requires banks to disclose a corporate governance improvement plan in their annual reports. An identical requirement exists in the National Code of Corporate Governance and is applicable to listed banks. Despite significant improvement in the legal framework on corporate governance, compliance is mostly with the form of the requirements, and to a much lesser extent with their essence.72 Major bank websites provide the names and biographies of the members of the board, financial and annual reports, and in some cases a corporate social responsibility report. Information is not typically provided on independent directors, the composition of board committees, bank charters, bylaws, or board committees. Croatia In Croatia, apart from the ordinary reporting duties to the regulator, banks are required to have a policy on public disclosure. The Credit Institutions Act details a list of issues that banks are required to disclose on their websites. The list does not include relevant information on corporate governance other than risk management objectives and policies. As a result, only those banks that are listed on stock exchange follow “recommendations� to disclose corporate governance information to the public. All listed banks include a statement on the implementation of the Code of Corporate Governance developed by the Zagreb Stock Exchange in their 2009 annual reports. Constitutional documents are not posted on websites. FYR Macedonia The National Bank requires banks to prepare and adhere to a corporate governance code, which encompasses rules for bank governance and for supervision over governance. The 2007 “Decision on the Basic Principles of Corporate Governance in a Bank� requires banks to disclose data and information about their corporate governance on their websites and to prepare a corporate governance report as an integral part of the annual report. The report must include information on the composition and the function of the supervisory board, the management board, and other bank bodies; the criteria for independence for the members of the supervisory board and the audit committee; the bank’s ownership structure; information related to the 72  See European Commission, Study on Monitoring and Enforcement Practices in Corporate Governance in the Member States (2009), Appendix 1, p. 31. Corporate Governance for Banks in Southeast Europe Policy Brief 47 application of the bank’s corporate governance code; and information on the bank’s policy on conflict- of-interest prevention. Listed banks73 disclose the identity of board members but do not always include biographies or additional information. Montenegro The Banking Law requires banks to disclose exposure to risks in operations and the manner of managing those risks. There are no specific requirements to disclose corporate governance information. The Corporate Governance Code recommends that listed companies adopt a written and publicly available reporting policy defining the rules and procedures of reporting to shareholders and the public. Further, the code recommends that companies use their websites for disclosure of information and that the annual reports include a section on corporate governance, prepared by the board, that describes the level of compliance with the law and the national code. At this writing, only four companies—but no banks—have adopted the code. Banks in Montenegro do not post any corporate governance information on their websites. Romania According to the Romanian Banking Act, to ensure market discipline and transparency, credit institutions must disclose, at least annually, data and information regarding their activities as soon as these are available. In general, the means of disclosing such data and information remain the credit institution’s choice, but the National Bank of Romania may impose credit-institution-specific measures regarding the content, frequency, and means of disclosure. In general, disclosure on corporate governance by banks is limited. When documents referring to corporate governance are made available, they are not comprehensive. Nevertheless, general corporate information (annual reports, financial statements, current shareholders, and the composition of the board) is generally appropriately disclosed. Listed banks are bound to make the following disclosure: under the Companies Act, as corporations; under the Banking Act and Regulations and norms of the central bank (National Bank of Romania), because of their activity; and under the Capital Market Act, Rules and Regulations of the Romanian National Securities Commission, and Rules and Regulations of the Bucharest Stock Exchange, including the Corporate Governance Code. The content of their information disclosure is clearly defined. Serbia The Law on Banks requires banks to publish audited annual financial statements, unaudited quarterly financial statements, the names of members of the supervisory and management boards, ownership in the bank or the bank’s holding company, along with the bank’s organizational structure and a list of organizational units in the bank. The Law on Banks also requires the supervisory board to provide an annual report to the general shareholders’ meeting, including information on salaries, fees, and other earnings of the members of the supervisory and management boards and information on contracts between a bank and the members of these boards or other related people. In practice, bank websites do not generally provide any dedicated specific corporate governance disclosure. Nevertheless, general corporate information (annual reports, shareholders, members of the boards) is adequately disclosed. None of the websites of the 19 listed banks contains information regarding compliance with the Corporate Governance Code of the Belgrade Stock Exchange. Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). The Third Investor Relations and Corporate Social Responsibility Surveys of the websites of the leading companies listed on the Macedonian Stock 73  Exchange was presented on April 26, 2010, and it is available at http://www.mse.org.mk/News.aspx?NewsId=4026. 48 Policy Brief Corporate Governance for Banks in Southeast Europe Recommendations: Disclosure and transparency: Disclosure is an effective governance tool. At a minimum, banks need to disclose their accounts, governance practices and structures, risks, and risk management practices to the public on a regular and timely basis. This obligation should apply even if banks are unlisted, because there is a public interest in the health of the financial sector. Banks should disclose not only in accordance with local law, but also in accordance with best-practice standards. Disclosure requirements are often wide ranging. Supervisors need to develop minimum disclosure requirements. Important guidance on bank-specific disclosure is provided by the BCBS and others and should be consulted in the development of a disclosure policy.74 Web disclosure: Disclosed information should be provided to authorities and be easily accessible to the public on the Web. Corporate governance codes: In jurisdictions where corporate governance codes include a “comply or explain� approach (such as Bulgaria, Croatia, FYR Macedonia, Montenegro, Romania, and Serbia), listed banks should be required to publish corporate governance reports and compliance statements, with detailed explanations when the recommendations of the code are not followed. Differences on audited statements: Differences of opinion between board members and auditors on the financial statements need to be resolved first by discussion. Discussions may be held first internally with management, then externally via interviews with auditors, and eventually with professional audit bodies and regulators. Compromise may be required on differences where compromise is possible. The way to encourage change may be through small steps. But, under egregious circumstances, board members may need to resign when other initiatives have failed. 74 BCBS, Enhancing Bank Transparency (1998); Compensation Principles and Standards Assessment Methodology (2010); and Pillar III Disclosure Requirements for Remuneration (2010). See also UNCTAD, Guidance on Good Practice in Corporate Governance Disclosure (2006). Corporate Governance for Banks in Southeast Europe Policy Brief 49 IV. The role of supervisors75 A sound governance culture drives performance Increasing Interest of Supervisors in and is able to moderate the tension between profit Bank Governance maximization and prudent risk taking. However, there are issues that require regulatory intervention. Systemic I think that regulators will increasingly be “ risk is an example, because market forces and individual taking corporate governance of banks into banks cannot address it. account as part of their risk assessment for Regulators are becoming more proactive internationally banks, and not before time. Regulators and are seeking to extract lessons from the recent do not want to regulate on the structure financial crisis. At the same time, SEE countries are also of a board but they are concerned that all working to enhance the basic regulatory framework, members of the board, both executive and principally by focusing on the basics: transparency, non-executive, understand the complexity of risk management, retail lending, licensing of foreign their organizations and have a role to play.� branches, and so on. Generally, such regulatory efforts Ian Radcliffe, United Kingdom reflect the requirements of EU legislation. There are, however, concerns regarding their “transplantability� to the SEE region. A common concern is that banks comply on paper while falling far short of the impact intended by law. The standards being developed at the global and regional levels are of undeniable importance and relevance, but SEE needs to have a less complicated regulatory framework and solutions that are in step with its stage of financial sector development and adapted to the needs of smaller countries. Another key concern is implementation. In many cases the implementation of policies at both the supervisory and bank levels is quite mechanical, and it is not uncommon for form to take priority over substance. Provisions in law, put in place with the best intentions, can have unintended consequences. A. Guidance by supervisors76 Supervisors are expected to provide guidance to banks concerning corporate governance. This is particularly important where rules, practices, and legislation do not address the singular governance aspects of banking. International guidance A large number of international bodies provide guidance on corporate governance, including the EU, the Committee of European Banking Supervisors, and the Financial Stability Board. Furthermore, the OECD Principles of Corporate Governance have influenced many of the local rules and much of the legislation in the region. Each of these sources is valuable; however, none is perfectly suited to the needs of SEE banks. For example, the OECD Principles are the global benchmark, but are generally aimed at larger listed companies and do not deal with the specificities of the banking sector. The Basel Committee Principles for Enhancing Corporate Governance are sector-specific but focus on the problems of sophisticated banks in more developed markets. 75  2010 BIS Principles, Section IV, p. 30. 76  2010 BIS Principles, Section IV.1. p. 30. 50 Policy Brief Corporate Governance for Banks in Southeast Europe These limitations are due to the very nature of Creating a Culture of Good Governance international instruments; the basic problem is that In order to strengthen implementation, “ it is not possible to develop international guidance we need to create a culture of corporate that responds perfectly to the needs of all individual governance. A culture is essentially created countries and all potential users. That is why international guidance is often framed as principles through dialogue, through discussion.� and tends to avoid detail. And, there is always the Gian Piero Cigna, Italy expectation that these principles—even if they hold universally—will be implemented differently depending The Effectiveness of Voluntary Codes on the local context. In our case, we are trying to impose “ Thus a key concern is how to apply international something on the banks from outside. That guidance in SEE and avoid the “cut and paste� approach now prevalent in the region. One approach is how they perceive it, ‘ it is something may be the partial implementation of international they want to put on us.’ It is not natural guidance, using only those pieces where there is an for them and their behavior.� easy fit. But, this approach may result in a framework Dimitar Bogov, FYR Macedonia with considerable gaps. An alternative might be the development of less stringent, intermediate standards It is not enough to have a fancy code “ that could be strengthened over time. published on the website and just stick to the formal requirements. It is up to the substance Domestic governance codes of implementing those procedures in real life. Otherwise it is just a formality but there is A number of voluntary codes already exist in SEE. In no obligation at all to implement them.� fact, all jurisdictions have a corporate governance code, and all of these apart from Bosnia and Albania have a Josip Vukovic, Croatia “comply or explain� requirement. However, comply-or- When it comes to the private corporate sector “ explain disclosures are not broadly done. Concern may adopting codes, again I am not entirely also be warranted when comply-or-explain disclosures sure that that exercise could bring any consistently claim full compliance. This may be an indication that the level of performance required by good if they are not really accepted by the the code is too low or that the evaluation of what managers or the owners of private firms.� constitutes compliance is too easy. Giancarlo Miranda, Serbia Some SEE banks comply with their codes principally in form rather than substance. One of the reasons may The Need for Formal Requirements be that boards do not see how regulations improve the profitability or even the risk profile of their banks. Even If you are going to force me by means of “ if bankers may agree with rules and understand their some regulation, we will definitely react.� ultimate rationale, they view all of them as expense Rumen Radev, Bulgaria items. The rules do not contribute to profitability in the short term, which is what shareholders and most board The best way to implement corporate “ members are principally interested in. governance is first to have it written Ultimately, the effectiveness of voluntary codes depends down as the rule! Some banks apply some on the local legal and business culture, with voluntary of these practices, but we believe that codes and comply-or-explain disclosures being much putting them into a letter is something more likely to succeed in countries that have strong completely different.� self-regulatory traditions. Their effectiveness will also Almir Salihovic, Bosnia and Herzegovina Corporate Governance for Banks in Southeast Europe Policy Brief 51 depend on the presence of active institutional investors. Differences in levels of acceptance and perceived utility may also relate to whether the country comes from a common law or civil law tradition. The SEE countries thus face a sort of regulatory conundrum: the commonly used developed-market approach of relying on the board and voluntary codes as a nuanced, soft, outsourced form of regulation may not suit the local culture; on the other hand, the imposition of hard rules has been criticized as a superficial compliance exercise that adds little value to the bank. A possible intermediate approach for better embedding good governance in banks might be to set up task forces, with prominent bankers and business people, that develop best practices that would in turn become obligatory for all banks. This approach of using private sector input for the development of governance practices, which then becomes mandatory, is not uncommon in countries with more normative regulatory cultures. The institutional aspects of voluntary codes also need to be considered. Voluntary codes tend to be enforced by securities regulators or stock exchanges and ultimately the markets. Given the relative size of securities markets in SEE, guidance on corporate governance would likely need to emanate from central banks. Voluntary codes in other countries have been developed by private groups and then published as central bank circulars. Recommendation: Guidance on corporate governance: Regulators should provide guidance on sound governance practices. Such guidance must be adapted to the local environment and go beyond the mere transposition of international rules and codes.77 The implementation of the guidance must also be in accord with the local business and legal culture. Voluntary corporate governance codes should be developed with the participation of the private sector; however, the correct balance between hard and soft law needs to be found. SEE countries may require more formal means of implementing codes than other countries require. B. Monitoring78 Supervisors need to have processes for evaluating the quality of bank governance and the implementation of legal requirements. Regulators are increasingly expected to take corporate governance into account as part of their risk assessment for banks. This monitoring can take different forms, such as the following: the collection of internal and prudential reports, including statements of external auditors; the use of formal evaluations or scorecards; and onsite inspections. Such monitoring should focus on the bank’s risk profile and those aspects of governance that have an impact on the bank’s overall safety and soundness. This approach implies looking closely at the bank’s control environment and risk management functions as well as the capacity of the board to monitor the effectiveness of such systems. Further items that can be examined at board level are fit-and-proper tests, and whether the board has the necessary combination of skills to ensure safe and sound operations. Bank evaluations can involve regular meetings with boards, executives, and people responsible for key aspects of the control environment. Within SEE, supervisors conduct full-scope examinations of banks and may develop recommendations for executives and boards. Such examinations can cover any number of issues. However, the extent to which Nevertheless, the guidance of international bodies should not be ignored. In particular, the 2006 and 2010 BIS Principles (see Annexes C and D) 77  should receive broad consideration. 78  2010 BIS Principles, Sections IV.2 and IV.3. pp. 31–32. 52 Policy Brief Corporate Governance for Banks in Southeast Europe examinations permit a systematic evaluation of a bank’s Meetings with Bank Boards governance is uncertain. It is common that supervisors only meet with boards when there is a problem. We have found…that the supervisor…does “ Furthermore, local supervisors rarely have a clear view not have interaction with the board; they of the structure of responsibility and authority within have a lot of interaction with management. group structures, which makes it difficult for them It is surprising…how many supervisors do to form a global picture as to where the weaknesses not meet with the board on a regular basis.� might lie in the group. At present, there is no clear Esad Zaimovic, Montenegro concept of what criteria are to be used and how to monitor the process of implementation of good governance. Supervisors’ ability to make meaningful comparisons of governance between banks is also limited by the lack of a standardized supervisory reporting process. Finally, some concern has been expressed over the tendency of regulators to rely on checklists and box-ticking exercises for their monitoring responsibilities. Checklists and box ticking are often criticized, though they have the merit of ensuring that all issues of relevance are at least considered. Their weakness is that the issues may not be examined in sufficient detail to reveal deficiencies or risks. Nor is it clear how individual components on a checklist may interrelate or how they affect the risk of the bank. Ultimately, checklists can work if applied intelligently by individuals who understand the substance. Getting at the substance requires time and may call for additional training for supervisory staff. Recommendations: Monitoring bank governance: The monitoring of bank governance should be formalized and strengthened. The basis of any monitoring should be an agreed standard of governance. Standardized frameworks for the analysis of banks will make evaluations more rigorous and allow for interbank comparison. Supervisors should themselves be held accountable and report on their own progress in enhancing governance in the banking system. Meetings with bank boards: Supervisors should meet regularly with boards and chief risk officers, or equivalent, during visits and inspections. This includes subsidiary boards. Supervisors should require the full board to meet locally at least once a year. The supervisor should meet annually with the board to discuss current issues, even when the bank is in satisfactory condition. These meetings should be conducted locally. Understanding home-subsidiary relations: To varying extents, supervisors place confidence in the ability of head offices to oversee their local subsidiaries. This trust should not turn into blind confidence. Supervisors need to develop the capacity to look through to the parent’s control systems. Supervisors should be aware of and understand the scope of reporting and oversight provided by head offices, in part by reviewing the nature and configuration of key reports. If obvious gaps exist, it may require dialogue between the supervisor, the parent and the subsidiary and understanding of the issue or risk by all parties. Corporate Governance for Banks in Southeast Europe Policy Brief 53 Focus on substance and outcomes: Regulators need to avoid mechanistic implementation of policy (box ticking) and focus their attention on substance and outcomes. Checklists should be applied intelligently as a means of getting to the deeper issues. Supervisors need to focus on outcomes. Reporting requirements that are intended to reduce risk among banks may actually increase risk if they distract the board from substantive issues. Be aware of costs: Being aware of outcomes implies being aware of costs. Complying with regulation inevitably costs money. Supervision must be efficient in the sense that the burdens it imposes need to be justified and have a clear benefit not only for the banking system but also for the individual bank. C. Remedial action79 When material deficiencies in bank governance are found, supervisors need to be able to take effective and timely remedial action. The principal need is for supervisors to have the authority to compel such action. Chart 9 shows how rarely remedial action is applied in SEE banks. Chart 9: Use of Remedial Action by Regulators in SEE How often over the last five years has remedial action been used to address material corporate governance deficiencies of SEE banks? never rarely occasionally very often 0 10 20 30 40 50 60 70 80 Source: Data from EBRD, Corporate Governance Assessment of Banks (2010–2011). Question asked to regulators in the region. In practice, a lack of authority poses some difficulties both within SEE and elsewhere. In a number of jurisdictions, regulators have identified weak corporate governance practices and have written to banks only to be told to go away. In addition, regulators are typically reluctant to compel action based on voluntary codes of best practice when these are not embedded in law. In some cases, public reports by supervisors may be used to encourage banks to take action; however, there may not be any legal basis for supervisors to make their concerns public. With foreign banking groups, local supervisors may not have access to remedies, because the integration and design of the function are not effectuated within the jurisdiction, but rather take place somewhere else. 79  2010 BIS Principles, Section IV.4, p 32. 54 Policy Brief Corporate Governance for Banks in Southeast Europe Recommendation: Remedial action: Supervisors need to have the authority to compel remedial action when material deficiencies are found in bank governance. Where important aspects of governance are embedded in voluntary codes, which are not being enforced by market pressures, greater authority may need to be given to regulators. D. Home-host supervisory cooperation80 Supervisors are expected to be in contact with, cooperate with, and share information with their counterparts in other jurisdictions. Such cooperation is necessary for a number of reasons: 1) to permit oversight of banks that operate in multiple jurisdictions; 2) to better assess and control for the potential for international Cooperation Between Supervisors contagion; 3) to enhance understanding of international best practice in governance and supervision; and 4) The recent crisis in the financial sector “ to better understand the regulations and supervisory has shown that the monetary authorities approaches of other countries and their potential and institutions and supervisory bodies impact on the host supervisor. The tools used for such need to co-operate more closely in order to cooperation are usually memoranda of understanding mitigate the consequences of the crisis.� and periodic meetings among supervisors. Kemal Kozarić, Bosnia and Herzegovina Cooperation between SEE and home-country supervisors needs substantial enhancement. There is The linkages between parent and subsidiary “ widespread disappointment with the memoranda of banks and between different parent banks understanding signed with home supervisors, which are more intertwined. At the same time, proved to be of limited use during the recent crisis. the regulatory system globally, not just Despite such understandings, the main sources of in Europe, has not kept up with it.� information on home-country banks were the media Jon Lukomnik, United States and the Internet. Information provided by home supervisors was often incomplete and out of date. International cooperation is of fundamental importance, because it is not possible to regulate global capital locally in an increasingly globalized economy. Links between banks are more intertwined, and capital and risk can move almost instantaneously, often propagated by increasingly complex financial instruments. Recommendation: Home- and host-country cooperation between supervisors: Cooperation needs to be greatly enhanced between home-country and SEE host-country supervisors. Supervisors have to try to establish a dialogue both with home-country supervisors and the parent on all matters to do with liquidity, capital, risk, and governance. Resources need to be applied to help achieve the intent of memoranda of understanding. New systems and strategies may need to be devised to allow for better information sharing both on banks and on supervisory policies. 80  2010 BIS Principles, Section IV.5 on cooperation with relevant supervisors in other jurisdictions, p 32. Corporate Governance for Banks in Southeast Europe Policy Brief 55 V. Promoting an environment that supports sound governance81 The corporate governance of banks is determined by Getting Beyond the Governance Infrastructure the legal framework and a sound interaction between “ We have come a long way in the last 15 to 20 shareholders, boards, managers, supervisors, and other years. We understand well the infrastructure stakeholders such as depositors. It represents a system of governance; we know how boards should in which a variety of players contribute jointly to its be constituted; we know what committees we effectiveness. In countries with strong governance should have; we know what qualifications practices, there is good interaction between all of these are necessary for the chair of the board. We components. need to get beyond the infrastructure and In SEE, some of these factors may require enhancement understand how we can make functioning or may be missing altogether as countries seek to in the boardroom more effective.� develop their economies. Certainly, excessive attention to rules, codes, and standards risks addressing only Peter Dey, Canada half of the corporate governance equation and turns governance into a compliance exercise in which banks The problem with corporate governance, and “ engage to keep regulators at bay. Ultimately, good also in crisis, is a behavioral issue. At the corporate governance has to do with establishing the end of the day, therefore, we have to have proper governance environment that encourages the good managers, good CEOs, good board right behaviors. members, in order to have good banks.� Bistra Boeva, Bulgaria Recommendation: Incentives and behavioral issues: Companies and regulators are encouraged to look at behaviors and culture ahead of structure and processes. Boxes and checklists may have value but they are insufficient. More attention needs to be paid to the variety of stakeholders in the governance process and the incentives that contribute to good governance. A multipronged, long-term approach involving a wider range of players in the governance equation may serve to create the desired cultural change. To start, a more active dialogue is needed between banks and supervisors. 81  2010 BIS Principles, Section V on promoting an environment supportive of corporate governance, p. 33. 56 Policy Brief Corporate Governance for Banks in Southeast Europe State Ownership of Banks VI. Additional issues The state is a funny owner. We had a board “ A. State ownership of banks member who did not say a word for three years. Constructive, clever, or at least common A number of countries in the SEE region still have sense comments would be more welcome.� state-owned banks, which may have had a stabilizing Dragica Pilipovic Chaffey, Serbia effect during the recent crisis, but they are also vulnerable to political influence, politically directed lending, and the inefficiencies common to other state- State-owned banks are part of the “ owned enterprises. Each of these factors can expose political economic distribution of power state-owned banks and the banking sector to risks. In after the election. Membership of the addition, the links between political structures and the board of directors is understood not as banking system have at times had a negative impact on a professional responsibility but as a the regulatory framework. ‘thank you’ for political support.� Radovan Jelašic, Serbia Recommendation: State-owned banks: The remaining state-owned banks in SEE need to be governed professionally and brought into line with private sector governance practices. Where these banks exist, patronage must be checked and brought under control. Changes in their governance pose considerable political challenges. Guidance on best practice in state-owned enterprise governance is available from the OECD, IFC, and the World Bank. B. Monitoring of borrower governance International best practice suggests that credit decisions, loan classifications, and provisioning be based on an assessment, made under the responsibility of the bank, of both quantitative and qualitative factors, including the corporate governance of the borrower. Interest in the impact of banks on borrower governance also emanates from the expectation that banks can help improve the governance practices of their clients and Borrower Governance thereby exercise a positive effect on the economy as a whole. “We recommend banks to require In developed financial markets, borrower governance corporate governance information of is taken into account to varying degrees, with some customers as a business pre-condition.� banks using informal and others more structured and Bistra Boeva, Bulgaria sophisticated approaches. These evaluations do appear to moderate credit risk. They tend to be located in Borrower governance is still, even in “ credit quality control divisions that analyze losses and developed countries, in banking terms, in its factors behind these losses and develop lessons that go early stages; there is a need for reflection on into the evaluation of other debtors. concepts, procedures, methodology and most Though largely a qualitative assessment, a number importantly on training, not only training of basic quantitative measures can be used to assess of the staff but...also training of the clients.� borrower governance risk. At the top of the list are Leo Goldschmidt, Belgium Corporate Governance for Banks in Southeast Europe Policy Brief 57 related-party transactions, because historically the number of companies that fail as a result of related transactions is high. Another measure is the extent to which nonexecutives on the board are independent. Further measures are the quality of management, their track record, and the regularity and quality of the financial reports (are they audited, who are the auditors, quality of internal control, systems, transparency, and management stability, and so on). In SEE, qualitative factors do come into play when assessing loan applications. Some of these factors are clearly governance-related, such as the capacity of the borrower to produce credible financial information. However, the evaluation of governance is not usually subject to formalized approaches, at least not in locally owned banks. Beyond the necessary analytical tools, encouraging better practices among borrowers ultimately requires direct contact with the client. One approach observed in SEE is to invite managers and shareholders of clients to seminars. These seminars serve to sensitize participants to governance problems and educate them about governance. The message from such meetings is that governance forms an integral part of borrower evaluation and has an influence on the client’s creditworthiness and ultimately on loan pricing and conditions. For clients undergoing restructuring, banks can introduce conditions concerning client governance, to be assured that the restructuring process will be approved. An example of client education comes from Croatia, where banks and the banking association have provided workshops for small and medium enterprises. The target of Croatian workshops is not corporate governance per se but more general information on how to approach banks and how to make it easier to obtain a loan. The objective is to help potential clients understand why the bank is asking them for information. Corporate governance issues are only touched upon but could become a more significant part of such efforts. Recommendations: Borrower governance: The governance of corporate borrowers should be taken into account in lending decisions as a way to reward borrowers that have better governance practices in place. Formal methodologies should be devised to take governance practices into account. Banks should encourage borrowers to raise the level of their governance in line with best practice. Such encouragement should serve to enhance banks’ level of comfort with borrowers and should have an effect on credit pricing decisions. There may also be a role for banking associations in educating the business community about governance. Assessment methodologies: In matters of governance, the credit function should address problems of if, what, and how: “if� corporate governance is a real concern that should be taken into account; “what� aspects of borrowers’ corporate governance should be scrutinized; and “how� procedures and methodologies should be applied and what data should be gathered. Credit analysis requires the assessment of both qualitative and quantitative factors for the purposes of loan classification, provisioning, and most importantly the credit decision proper.82 Banking supervisors: Supervisors should encourage banks to assess and monitor the quality of the corporate governance of their clients as a critical part of their ongoing credit risk management. Conflicts of interest: Banks’ interests do not necessarily converge with those of other stakeholders. To avoid conflicts of interest and to contribute effectively to the enhancement of borrower governance, banks should be transparent regarding the governance-related requirements they may impose on their borrowers. Methodologies, including scorecards that benchmark companies against local governance codes, are discussed on IFC’s website: www.ifc.org and 82  www.gcgf.org. 58 Policy Brief Corporate Governance for Banks in Southeast Europe VII. Annexes A. Southeast Europe Policy Brief Contributors PROJECT COORDINATION Gian Piero Cigna, Senior Consultant, EBRD Richard Frederick, Consultant, Senior Consultant, IFC Global Corporate Governance Forum Marie-Laurence Guy, Senior Projects Officer, IFC Global Corporate Governance Forum Ralitza Germanova, Projects Coordinator, IFC Global Corporate Governance Forum COUNTRY TASKFORCE MEMBERS IN SOUTHEAST EUROPE Albania Genc Mamami, Chief of Cabinet of the Governor of Albania Indrit Banka, Head of Supervision Department in the Central Bank of Albania Toni Gogu, Director of the Legal Department, Bank of Albania Juna Bozdo, Head of Credit Risk Division, Bank of Albania Libero Catalano, Chair of Association of Banks Oliver Whittle, Chief Executive Officer, Raiffeisen Zentralbank Österreich AG Edmond Leka, Chair of Union Bank Monika Milo, Deputy Executive Director, Credins Bank Migena Aliaj, Business Credit Department Director, Credins Bank Miranda Citozi, Banka Kombetare Tregtare Varuzhan Piranjani, Chair of Audit Committee, Union Bank Jona Bica, Head of Banking Department, Senior Associate, Kalo Associates Bosnia and Herzegovina Kemal Kozarić, Governor of the Central Bank of Bosnia and Herzegovina Radomir Bozic, Vice-Governor, Central Bank of Bosnia and Herzegovina Milenko Krajisnik, Member of the Governing Board, Central Bank of Bosnia and Herzegovina Vasilj Zarkovic, Member of the Governing Board, Central Bank of Bosnia and Herzegovina Zlatko Bars, Director, Federal Banking Agency Slavica Injac, Director, Republika Srpska Banking Agency Mirzeta Arnautovic, Director of Brcko Branch, Central Bank of Bosnia and Herzegovina Nedžad Tuce, Deputy Director, Federal Banking Agency Almir Salihovic, Special Assistant to Governor, Central Bank of Bosnia and Herzegovina Orhan Pašalić, Head of Compliance and AML Department, Intesa Sanpaolo Banka, Sarajevo Samir Lacevic, Head of Banking Operations, Education and Training, Association of Banks Dragan Dzinic, Legal Advisor, Nova Bank Bulgaria Kalinka Dimitrova, Head of Division, Special Supervision Directorate, Bulgarian National Bank Maria Grigorova, Director, Special Supervision Directorate, Bulgarian National Bank Bistra Boeva, University Professor, University for National and World Economic Studies Rumen Radev, Vice Chair of the Bulgarian Industrial Capital Association Plamen Tchipev, Institute of Economics, Bulgarian Academy of Science Corporate Governance for Banks in Southeast Europe Policy Brief 59 Croatia Martina Drvar, Chief Advisor in the Prudential Regulation Area, Croatian National Bank Sanja Petrinić Turković, Chief Advisor in the Bank Supervision Area, Croatian National Bank Zoran Bohacek, President of the Croatian Bankers Association Cedo Maletic, President of the Management Board Hrvatska postanska banka Ronald Given, Managing Director, Wolf Theiss Attorneys at Law FYR Macedonia Evica Delova Joleska, Portfolio Manager, Central Bank of Macedonia Cveta Jankoska, Senior Advisor Supervisor, Central Bank of Macedonia Violeta Stojanovska Petrovska, Assistant Head for Financial Systems, Ministry of Finance Donka Markovska, Assistant Division Manager at NLB Tutunska Banka Gjorgji Jancevski, President, Macedonian Bankers Association Kristijan Polenak, Macedonian Stock Exchange Montenegro Ljubisa Krgovic, Governor of the Central Bank of Montenegro Darko Bolatovic, Legal Adviser at the Supervision Department Central Bank of Montenegro George Bobvos, CKB - OTP Group Dino Redžepagić, Director of Retail Department, NLB Montenegrobanka ad Podgorica Esad Zaimovic, Chief Executive Director, Hipotekarna banka AD Podgorica Jelena Vuletic, Executive Director Risk Management, Hipotekarna banka AD Podgorica Natasa Lakic, Director for Payment Operations and Treasury Division, Hipotekarna banka AD Podgorica Romania Oana Balanescu, Chief of Department, Regulation and Authorisation Division, National Bank of Romania Liliana Michaely, Regulations and Licensing Department, National Bank of Romania Gabriela Raluca Folcut, Communication Counsellor of Romanian Banking Association Gabriel Mateescu, Chief Financial Officer, Alpha Bank Romania Petra Alexandru, Capital Market Expert, Freelancer Peter Franklin, Non-executive Director, Bank Transilvania Serbia Radovan Jelašic, Governor, National Bank of Serbia Malica Katic, Head of Legal Division in Banking Supervision, National Bank of Serbia Ana Trifunovic, Junior Expert Associate in Legal Division, National Bank of Serbia Giancarlo Miranda, Chief Operations Officer and Deputy President of the Executive Board, Banca Intesa Philippe Delpal, Board Member, Komerciljana Banka Veljko Visic, Head of Legal and Ethical Compliance Department, Compliance Division, Komercijalna banka Dragica Pilipovic-Chaffey, Non-executive Director, Komercijalna Bank Milos Vuckovic, Managing Director, DCA Brands Serbia, Millhouse DOO Darko Jovanovic, Managing Director, Telsonic DOO, Promonta Olivera Trikić, Executive Manager of Human Resources Sector, Komercijalna Bank Mirjana Čolović, Compliance Division Director, Komercijalna Bank Marija Bojovic, Partner, Bojovic, Dasic, Kojovic Attorneys at Law Tanja Momcilovic, Corporate Governance, Eurobank EFG ad Beograd 60 Policy Brief Corporate Governance for Banks in Southeast Europe INTERNATIONAL EXPERTS Peter Dey, Chair, Paradigm Capital, and Chair of the IFC Global Corporate Governance Forum’s Private  Sector Advisory Group (PSAG) Leo Goldschmidt, Honorary Managing Partner, Bank Degroof and Founding Member European  Corporate Governance Institute (PSAG member) Elie Beyrouthy, Assistant of Department, Retail Financial Services, Legal and Social Affairs, European  Banking Federation David Beatty, Chair of the Risk Review Committee and Executive and Governance Committees of Bank of  Montreal; Professor, Rotman School of Management, University of Toronto (PSAG member) Christian Strenger, Director, DWS Investment GmbH, Frankfurt; Member of the German Government  Commission on Corporate Governance; Director, Center for Corporate Governance, HHL Leipzig Graduate School of Management (Deputy Chair of PSAG) Patrick Zurstrassen, Chair, European Confederation of Directors’ Associations (PSAG member) Stilpon Nestor, Managing Director, Nestor Advisors John Plender, Senior Editorial Writer, Financial Times (PSAG member)  an Radcliffe, Director, Training & Consultancy, World Savings Banks Institute - European Savings Banks I Group Bertrand Rossert, Head of Corporate Governance Policy and Coordination Division Secretariat General  and Legal Affairs, European Investment Bank Mikhail Nadel, Chair, Board of Directors, Asia Universal Bank Olli Virtanen, Head, Finnish Association of Professional Board Members (PSAG member) Peter Montagnon, Senior Investment Advisor, Financial Report Council. United Kingdom (PSAG member) Ken Rushton, Former Director of the U.K. Listing at the Financial Services Authority (PSAG member) Ilkka Salonen, Partner, Septum Partners Marin Marinov, Deputy General Counsel, Black Sea Trade Development Bank Thomas Grasse, Consultant, TG Consulting Irakli Kovzanadze, Professor, Chair of the Finance and Banking Department, Tbilisi State University Yerlan Balgarin, Independent Director, Dana Bank Arman Aloyan, Head of the EU Integration Division of the Legal Department, Central Bank of Armenia  vyatslav Abravov, Deputy Head of Company Law Division, Russian Federation Ministry of Economic S Development Ala Abakumov, Consultant, Board Nominee – SDM Bank, Russian Federation Teodor Volcov, Board Member, Volksbank, Ukraine Roger McCormick, Law Division, London School of Economics Anna Grosman, PhD Researcher, Imperial College Business School Saleh Alhamrani, PhD Candidate, University of Leeds Jeremy Denton-Clark, Director, GBRW Limited Corporate Governance for Banks in Southeast Europe Policy Brief 61 Paul Rex, Director, GBRW Limited, UK Esra Suel, Research Assistant, University of Istanbul Andrzej Witak, Consultant, UK Peter Werner, Senior Director, International Swaps and Derivatives Association Roman Chapaev, Foreign Qualified Lawyer, DLA Piper UK LLP Carsten Gerner-Beurle, Lecturer, London School of Economics and Political Science Victoria Miles, Emerging Market Director, J.P. Morgan Catherine Lawton, Director, EMEA Corporate Governance Consulting, Nestor Advisors Mary Ellen Collins, Independent Financial Consultant, Blue Ridge Lane Financial Services, USA INTERNATIONAL ORGANIZATIONS EBRD Nick Tesseyman, Managing Director Financial Institutions, EBRD Kiyoshi Nishimura, Acting Director Western Balkans, Financial Institutions, EBRD Michel Nussbaumer, Chief Counsel, EBRD Elena Urumovska, Head of EBRD Office in Skopje Huw Williams, Senior Banker – Corporate Equity, EBRD Predrag Radlovacki, Principal Banker, EBRD Damir Cosic, Associate Banker, EBRD Office in Sarajevo Josip Vukovic, Principal Banker, EBRD Office, Zagreb Milos Grkinic, Senior Analyst, EBRD, Podgorica Veronica Bradautanu, Consultant, EBRD IFC Philip Armstrong, Head, IFC Global Corporate Governance Forum Oliver Orton, Regional Project Manager - Corporate Governance, IFC Advisory Services, Southeast Europe Merima Zupcevic Buzadzic, Operations Officer, IFC Advisory Services Southern Europe Kiril Nejkov, Associate Operations Officer, IFC Advisory Services Southern Europe OECD Hans Christiansen, Senior Economist Corporate Affairs, OECD World Bank Laura Ard, Lead Financial Sector Specialist, World Bank Charles McDonough, Vice President - Controller, World Bank John Hegarty, Advisor on Financial Reporting and Regulation to the Chief Financial Officer and the Vice President/Controller, World Bank Note: This list includes participants in Southeast Europe High Level Policy Meetings on Corporate Governance of Banks held in Belgrade in 2009 and London in 2011. Please note that some of the representatives, who contributed to the preparation of the Policy Brief in the positions listed above, may no longer hold the same positions. Opinions expressed by task force members, international experts and other participants to the Belgrade and London meetings were those of participants only and do not necessarily represent the views of the institutions where they were or are currently working. 62 Policy Brief Corporate Governance for Banks in Southeast Europe B. Important sources of guidance on bank governance Basel Committee on Banking Supervision Compensation Principles and Standards Assessment Methodology (2010): www.bis.org/publ/bcbs166.pdf. Enhancing Bank Transparency (1998). www.bis.org/publ/bcbs41.pdf. Enhancing Corporate Governance for Banking Organizations (2006): www.bis.org/publ/bcbs122.pdf. Principles for Enhancing Corporate Governance (2010): www.bis.org/publ/bcbs168.pdf. EBRD EBRD-OECD Policy Brief on Corporate Governance of Banks in Eurasia: http://www.ebrd.com/pages/sector/legal/corporate/eurasia.shtml EU  Capital Requirements and Bonuses Package (CRD3): http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:329:0003:0035:EN:PDF. IFC/World Bank  Governing Banks, a supplement to the Corporate Governance Board Leadership Training Resources, IFC Global Corporate Governance Forum (2010): http://www.gcgf.org/ifcext/cgf.nsf/Content/Governing_Banks. Guidance for the Directors of Banks, Focus 2, Jonathan Charkham, CBE, former advisor to the governor of the Bank of England (2003): http://www.gcgf.org/ifcext/cgf.nsf/AttachmentsByTitle/Focus_2_Guidance_ for_Directors/$FILE/Focus_2_Guidance_for_Directors_of_Banks.pdf. IFC Corporate Governance Progression Matrix—Financial Institutions (2007): http://www.ifc.org/ifcext/ corporategovernance.nsf/AttachmentsByTitle/CG_Matrix_Fin_Inst_Oct07/$FILE/Matrix_Fin_Inst_Oct2007.pdf. Corporate Governance Screening Tool for Banking Organizations, IFC Advisory Services in Europe and Central Asia (2010): http://www.ifc.org/ifcext/acgp.nsf/AttachmentsByTitle/CG_Screening_tool/$FILE/ Banking+Screening+Tool.pdf. Corporate Governance Guidelines for UAE Bank Directors, IFC and Association of Banks in Lebanon (2006): www.ifc.org/ifcext/corporategovernance.nsf. Guidance for Supervisory Board Members of Banks, IFC Ukraine (2006): http://www.gcgf.org/ifcext/ cgf.nsf/AttachmentsByTitle/Ukraine_Eng_Guidance_Supervisory_Board_+Members_of_+Banks/$FILE/ Charkham+Manual+Final_Eng.pdf. Analyzing Banking Risk, A Framework for Assessing Corporate Governance and Risk Management (2009): http://imagebank.worldbank.org/servlet/WDSContentServer/IW3P/IB/2009/04/22/000334955_200904220 84743/Rendered/PDF/482380PUB0Anal101OFFICIAL0USE0ONLY1.pdf. Bank Governance, Lessons from the Financial Crisis, The World Bank (2010): http://siteresources.worldbank. org/EXTFINANCIALSECTOR/Resources/Note13_Bank_Governance.pdf. OECD Guidelines for the Governance of State-owned Enterprises (2005): http://www.oecd.org/document/33/0,3 746,en_2649_34847_34046561_1_1_1_1,00.html. Policy Brief on Corporate Governance of Banks in Asia: www.oecd.org/dataoecd/48/55/37180641.pdf. Corporate Governance for Banks in Southeast Europe Policy Brief 63 Policy Brief on Improving Corporate Governance of Banks in the Middle East and North Africa: http://www.hawkamah.org/events/conferences/conference_2009/files/mena-policy-brief-banks.pdf. Principles of Corporate Governance (2004): www.oecd.org/dataoecd/32/18/31557724.pdf. The Role of the Board in Disclosure: An Examination of What Codification Efforts Say (2004): http://www.oecd.org/dataoecd/55/33/32387383.pdf. UNCTAD Guidance on Good Practice in Corporate Governance Disclosure: www.unctad.org/en/docs/iteteb20063_ en.pdf. 64 Policy Brief Corporate Governance for Banks in Southeast Europe Synopsis: BCBS Enhancing corporate governance for banking organizations (2006) C.  Sound corporate governance principles Principle 1: Board members should be qualified for their positions, have a clear understanding of their role in corporate governance and be able to exercise sound judgment about the affairs of the bank. Principle 2: The board of directors should approve and oversee the bank’s strategic objectives and corporate values that are communicated throughout the banking organization. Principle 3: The board of directors should set and enforce clear lines of responsibility and accountability throughout the organization. Principle 4: The board should ensure that there is appropriate oversight by senior management consistent with board policy. Principle 5: The board and senior management should effectively use the work conducted by the internal audit function, external auditors, and internal control functions. Principle 6: The board should ensure that compensation policies and practices are consistent with the bank’s corporate culture, long-term objectives and strategy, and control environment Principle 7: The bank should be governed in a transparent manner. Principle 8: The board and senior management should understand the bank’s operational structure, including where the bank operates in jurisdictions, or through structures, that impede transparency (that is, “know your structure�). The role of supervisors Supervisors should provide guidance to banks on sound corporate governance and the proactive practices that should be in place. Supervisors should consider corporate governance as one element of depositor protection. Supervisors should determine whether the bank has adopted and effectively implemented sound corporate governance policies and practices. Supervisors should assess the quality of banks’ audit and control functions. Supervisors should evaluate the effects of the bank’s group structure. Supervisors should bring to the board of directors’ and management’s attention problems that they detect through their supervisory efforts. Corporate Governance for Banks in Southeast Europe Policy Brief 65 Synopsis: BCBS Principles for enhancing corporate governance (2010) D.  Sound corporate governance principles Board’s overall responsibilities Principle 1: The board has overall responsibility for the bank, including approving and overseeing the implementation of the bank’s strategic objectives, risk strategy, corporate governance, and corporate values. The board is also responsible for providing oversight of senior management. Board Qualifications Principle 2: Board members should be and remain qualified, including through training, for their positions. They should have a clear understanding of their role in corporate governance and be able to exercise sound and objective judgment about the affairs of the bank. Board’s own practices and structure Principle 3: The board should define appropriate governance practices for its own work and have in place the means to ensure that such practices are followed and periodically reviewed for ongoing improvement. Group Structures Principle 4: In a group structure, the board of the parent company has the overall responsibility for adequate corporate governance across the group by ensuring that there are governance policies and mechanisms appropriate to the structure, business, and risks of the group and its entities. Senior management Principle 5: Under the direction of the board, senior management should ensure that the bank’s activities are consistent with the business strategy, risk tolerance/appetite, and policies approved by the board. Risk management and internal controls Principle 6: Banks should have an effective internal controls system and a risk management function (including a chief risk officer or equivalent) with sufficient authority, stature, independence, resources, and access to the board. Principle 7: Risks should be identified and monitored on an ongoing firmwide and individual-entity basis, and the sophistication of the bank’s risk management and internal control infrastructures should keep pace with any changes to the bank’s risk profile (including its growth) and to the external risk landscape. Principle 8: Effective risk management requires robust internal communication within the bank about risk, both across the organization and through reporting to the board and senior management. Principle 9: The board and senior management should effectively use the work conducted by internal audit functions, external auditors, and internal control functions. Compensation Principle 10: The board should actively oversee the compensation system’s design and operation, and should monitor and review the compensation system to ensure that it operates as intended. Principle 11: An employee’s compensation should be effectively aligned with prudent risk taking: compensation should be adjusted for all types of risk; compensation outcomes should be symmetric with risk outcomes; compensation payout schedules should be sensitive to the time horizon of risks; and the mix of cash, equity, and other forms of compensation should be consistent with risk alignment. 66 Policy Brief Corporate Governance for Banks in Southeast Europe Complex or opaque corporate structures Principle 12: The board and senior management should know and understand the bank’s operational structure and the risks that it poses (that is, “know your structure�). Principle 13: Where a bank operates through special-purpose or related structures or in jurisdictions that impede transparency or do not meet international banking standards, its board and senior management should understand the purpose, structure, and unique risks of these operations. They should also seek to mitigate the risks identified (that is, “understand your structure�). Disclosure and transparency Principle 14: The governance of the bank should be adequately transparent to its shareholders, depositors, other relevant stakeholders, and market participants. The role of supervisors 1. Supervisors should provide guidance to banks on expectations for sound corporate governance. Supervisors should regularly perform a comprehensive evaluation of a bank’s overall corporate governance 2.  policies and practices and evaluate the bank’s implementation of the principles.  upervisors should supplement their regular evaluation of a bank’s corporate governance policies and 3. S practices by monitoring a combination of internal reports and prudential reports, including, as appropriate, reports from third parties such as external auditors. Supervisors should require effective and timely remedial action by a bank to address material deficiencies in 4.  its corporate governance policies and practices, and should have the appropriate tools for this. Supervisors should cooperate with other relevant supervisors in other jurisdictions regarding the supervision 5.  of corporate governance policies and practices. The tools for cooperation can include memoranda of understanding, supervisory colleges, and periodic meetings among supervisors. Corporate Governance for Banks in Southeast Europe Policy Brief 67 E. Additional Information from EBRD SEE Bank Assessments E1. Board structures in SEE Albania Joint stock companies in Albania have the option to choose either a one-tier or two-tier system. In the latter case, management board members can be elected and dismissed by the general shareholders meeting or by the supervisory board, as provided by the charter. The Law on Banks requires banks to be organized under a two-tier system, where the general shareholders’ meeting appoints both a supervisory board (“steering council�) and the members of the management board (“directorate�). The steering council is the bank’s decision-making and supervisory body. At least one-third of its members must not be related to controlling shareholders or to the bank’s management board members. Members of the directorate can also sit on the steering council, but they should not be in the majority. Bosnia and Herzegovina Corporate governance and banking in Bosnia and Herzegovina is regulated at the entity level. In practice, two distinct corporate governance regimes exist and each entity has its own framework of primary and secondary legislation and a Banking Agency. In both the Federation of Bosnia and Herzegovina and in the Republika Srpska, the Law on Banks requires financial institutions to have a supervisory board and a management board. The latter is appointed by the general meeting of shareholders and is responsible for the supervision of the business operations of a bank. The management board is appointed by the supervisory board and is responsible for the direct business operations of the bank. The supervisory board must appoint an audit committee consisting of five members for a term of four years. Members may be reappointed. Audit committee members cannot be bank staff or members of the supervisory or management boards. Bulgaria Bulgarian joint stock companies, including public companies and banks, can opt for a one-tier system or a two-tier system. In line with Article 41 of the 8th EU Company Law Directive, the Law on Financial Independent Audit requires public interest companies (including banks) to establish an audit committee. In listed companies and banks, one-third of board members must be independent. Detailed rules on independent board members are included in the National Code of Corporate Governance. Finally, the Law on Credit Institutions promulgated in July 2006 requires banks to regularly review their organizational structure and the procedure for defining and delegating powers and responsibilities of board members. Croatia In Croatia, the Companies Act allows joint stock companies to choose between one-tier or two-tier board systems. According to the Credit Institutions Act, banks are required to establish a management board and a supervisory board. The Act requires the supervisory board to have at least one independent member. There are no specific requirements for board committees, although the Act expressly provides reporting duties by internal audit to the audit committee. On the other hand, the Corporate Governance Code recommends that boards in listed companies and banks establish nominations, remuneration, and audit committees with a majority of independent board members. FYR Macedonia In FYR Macedonia, banks are governed under a two-tier system, where the general shareholders meeting appoints the supervisory board, and the latter appoints and removes the members of the management 68 Policy Brief Corporate Governance for Banks in Southeast Europe board. The supervisory board is responsible for the oversight of the operations of the board of directors. At least one-fourth of a bank’s supervisory board members must be independent, pursuant to the definition included in the Banking Law. Montenegro According to the Business Organisation Law of Montenegro, joint stock companies are organized under a one-tier system, where the general shareholders meeting appoints the board. The same structure can be found in the Banking Law for banks. The board is responsible for the oversight of the bank’s business activities. Bank boards are required to have at least two independent board members. Romania In Romania, credit institutions can be organized under a one-tier or a two-tier board structure. According to Law No. 31/1990, the board or, as appropriate, the supervisory board can set up consultative board committees formed by at least two board members. With a one-tier board, at least one member of the committee needs to be an independent nonexecutive director, and the audit and remuneration committees are to be composed exclusively of nonexecutive directors. In companies with a two-tier board structure, at least one member of each committee has to be an independent member of the supervisory board. According to Regulation No. 18/2009, banks can set up a risk management committee. Serbia In Serbia, the Law on Banks requires banks to have a supervisory board and a management board. The supervisory board is responsible for the oversight of the bank’s activities. Board members are appointed and removed by the shareholders meeting. At least one-third of supervisory board members must be independent (people not holding direct or indirect ownership in the bank or in the bank’s holding), and at least three of its members must have experience in the field of finance. The management board is appointed and removed by the supervisory board. Banks are also required to establish an audit committee, a credit committee, and a committee for managing assets and liabilities. At least one member of the audit committee must be independent. Corporate Governance for Banks in Southeast Europe Policy Brief 69 E2. Ownership of SEE Banks83 Albania 13.6% National Commercial Bank 9.5% Tirana Bank 13.4% Intesa-Sanpaolo Bank 7.6% Alpha Bank 5.8% Credins Bank 4.8% NBG 4.5% Procredit Bank 4.3% Popular Bank (Soc Gen) 29.1% Raiffeisen Bank 3.3% Emporiki Bank (CA) 4.0% Others Bosnia and Herzegovina 21.6% Raiffeisen Bank 44.5% Others 18.5% Hypo Group 5.6% Intesa Bank 16.4% Unicredit Group 5.7% Volksbank Group 9.3% NLB Group The source of the charts for Albania, Bosnia and Herzegovina, Bulgaria, Croatia, Romania and Serbia is: CEE Banking Sector Report, September 2010, 83  Raiffeisen Research, available at: http://www.rzb.at/eBusiness/services/resources/media/677012584775275435- 677012584775275436_677251119927032833_677257048341086064-679588600387211306-1-9-DE.pdf The source of the charts for FYR Macedonia and Montenegro is: BankScope 70 Policy Brief Corporate Governance for Banks in Southeast Europe Bulgaria 19.1% Others 2.9% Corporate Commercial Bank 16.3% Unicredit Bulbank 3.2% Alpha Bank 4.2% SG Expressbank 12.5% DSK Bank (OTP) 5.1% Piraeus Bank 11.5% United Bulgarian Bank 5.8% First Investment Bank 11.0% Raiffeisenbank 8.5% Eurobank EFG Croatia 19.4% Privredna banka (Intesa) 25.3% Zagrebacka 2.6% Others 13.7% Erste 2.1% Volksbank 3.5% OTP banka 11.7% Raiffeisenbank 3.8% HPB 7.5% Splitska banka (SocGen) 10.6% Hypo Group Corporate Governance for Banks in Southeast Europe Policy Brief 71 FYR Macedonia 8% Others 23% K  omercijalna Banka 2%  Stopanska Banka A.D. Skopje A.D. Bitola 2%  Halka Banka A.D. Skopje 3%  Alpha Bank A.D. Skopje 22% S  topanska Banka 3%  Universal Investment Bank A.D. Skopje A.D. Skopje 4% ProCredit Bank A.D. 6%  Ohridska Banka A.D. Ohrid 21% N  LB Tutunska Banka A.D. Skopje Montenegro 1% First Financial Bank A.D. Podgorica 1% Invest banka Montenegro 25% C  rnogorsko Komercijalna Banka A.D. Podgorica-CKB 3%  Komercijalna Banka Bank A.D. Budva 5% H  ipotekarna Banka A.D. Podgorica 6%  Atlas Bank A.D. Podgorica 10% Erste Bank A.D. Podgorica 19% N  LB Montenegrobanka 9%  Podgorica Banka Societe A.D. Podgorica General Group AD 9% Prva Banka Crne Gore A.D. 12% Hypo Alpe Adria 72 Policy Brief Corporate Governance for Banks in Southeast Europe Romania 19% BCR (Erste) 13.1% BRD (SocGen) 7.2% Raiffeisenbank 2.4% Banca Romanesca 3.0% Pireus Bank 6.1% Volksbank 4.0% Bank Post (EFG Eur.) 5.8% Alpha Bank 5.0% CEC 6.0% Unicredit 5.3% Banca Transilvania Serbia 13.1% Bank Intesa 35.2% Others 9.5% Komercijalna banka 8.3% Raiffeisenbank 6.3% Hypo Group 2.6% ProCredit 6.1% Eurobank EFG 3.7% Vojvodjanska banka 5.8% Unicredit banka 4.3% SocGen 5.1% AIK banka Corporate Governance for Banks in Southeast Europe Policy Brief 73 E3. Supervisor oversight of remuneration practices84 Is the link between compensation and performance reviewed as part of the supervisory process? NO YES 0% 10% 20% 30% 40% 50% 60% Are there specific regulatory requirements as regards the alignment of compensation to prudent risk management? NO YES 0% 10% 20% 30% 40% 50% 60% 70% 80% 84  Source: Data from EBRD, Corporate Governance Assessment of Banks (2010-2011). 74 Policy Brief Corporate Governance for Banks in Southeast Europe For information requests and general inquiries, please contact Gian Piero Cigna at cignag@ebrd.com and Marie-Laurence Guy at mguy@ifc.org Corporate Governance for Banks in Southeast Europe Policy Brief 75