98301 FINANCIAL SECTOR ASSESSMENT PROGRAM BOSNIA AND HERZEGOVINA STATE BANK GOVERNANCE TECHNICAL NOTE JUNE 2015 This Technical Note was prepared in the context of a joint World Bank-IMF Financial Sector Assessment Program mission in Bosnia and Herzegovina during October-November 2014 led by Michael Edwards, World Bank and Sonia Munoz, IMF, and overseen by Finance and Markets Global Practice, World Bank and the Monetary and Capital Markets Department, IMF. The note contains technical analysis and detailed information underpinning the FSAP assessment’s findings and recommendations. Further information on the FSAP program can be found at www.worldbank.org/fsap. THE WORLD BANK GROUP FINANCE & MARKETS GLOBAL PRACTICE 1 Contents Glossary 3 Executive Summary 4 Introduction 9 Key tenents of effective corporate governance in state owned banks 12 Main Findings 15 Detailed Recommended actions 33 2 GLOSSARY BARS Banking Agency of the Republic of Srpska BCBS Basel Committee for Banking Supervision CEO Chief Executive Officer CoB Chairman of the Board DBFBiH Development Bank of the Federation of Bosnia and Herzegovina FBA Banking Agency of the Federation of Bosnia and Herzegovina FBiH Federation of Bosnia and Herzegovina FSAP Financial Sector Assessment Program GDP Gross Domestic Product IAS/IFRS International Accounting Standards/International Financial Reporting Standards IDBRS Investment and Development Bank of the Republic of Srpska IMF International Monetary Fund ISA International Standards on Auditing IFRS International Financial and Reporting Standards JSC Joint Stock Company KM Convertible Mark KPI Key Performance Indicator LoB Law on Banks LoE Law on Enterprises MoF Ministry of Finance NBFIs Non-bank financial institutions NPLs Non-Performing Loans OECD Organization for Economic Cooperation and Development SFIs State Financial Institutions SME Small and Medium Enterprise SOE State-Owned Enterprise UBO Ultimate Beneficial Owner RS Republic of Srpska WBG World Bank Group 3 EXECUTIVE SUMMARY 1. The governments of the Federation of Bosnia and Herzegovina (FBiH) and the Republic of Srpska (RS) are involved in their domestic banking systems through equity stakes and subordinated debt investments in certain banking institutions. The FBiH owns the Development Bank of the Federation of Bosnia and Herzegovina (DBFBiH) and a commercial bank, the Union Bank. Recently, the government of the Republic of Srpska (RS) has sharply increased its participation in the banking sector through a 100% stake in Banka Srpska and through preferred, convertible shares in two other commercial banks, Pavlovic Banka (21%) and Bobar Banka (8%). Additionally, Nova Bank has a 6.7% stake in Bobar Banka, and the RS also holds subordinated debt in Nova Banka and Srpska Banka. The RS holdings are managed by the Investment Development Bank of Republic of Srpska (IDBRS). Common governance practices and concerns in State commercial banks in the FBiH and the RS 2. Banks’ supervisory boards are not performing their in tended leadership role. Supervisory boards provide little strategic direction (in terms of business approach and risk appetite), seemingly focused on conducting high level compliance activities rather than holding bank management accountable for executing strategy, prudent operation of the bank, or establishing strong systems and controls. As a result, the management board is de facto placed in a stronger leadership and decision making position, resulting in an important blurring of lines of responsibility and accountability and overlapping operational roles with management. In the two minority held banks in RS, the founders play a key role in the supervisory board and through their positions, have influenced the operation of the subject banks. 1 State banks suffer from an inordinate level of related party transactions, many which are classified as NPLs. 3. Despite the existence of a structured recruitment process for most banks’ supervisory board members, boards are often seen to lack sufficient experience, skills and independence to effectively guide their institutions. Selection criteria are rather basic (including a university degree and five years of professional experience). The LoB and LoE are silent regarding independence requirements of supervisory board members and do not limit the number of civil servants who can serve on supervisory boards of state banks. As a result, many board members do not have important sector specific skills needed to direct and oversee a bank. In state controlled banks, the MoF recruitment committee does not engage with existing board members to determine the essential skills necessary to building a board with relevant experience and qualifications. Moreover, state bank recruitment committees do not include non-government individuals which impact the independence and objectivity of the process. 1 The founder of one of the banks, in concert with reform efforts begun in the first part of 2014, resigned his position at the same time. 4 4. The audit board structure does not promote effective monitoring of the banks’ control environment. The audit board operates as a separate corporate body rather than as a subcommittee of the supervisory board. This arrangement has the effect of diffusing responsibility and accountability for internal audit oversight and effectiveness.2 As a result, the supervisory board is not fully accountable for the integrity of the internal audit function. Banks’ internal audit departments suffer from understaffing and cannot comprehensively cover bank operations with a high level of quality. The effectiveness of the external audit function is substantially compromised given that the appointment of the audit firms occurs late in the financial year and is many times based on a lowest-cost basis. External audit results are rarely presented and discussed at the supervisory board level, thereby mitigating the independence of the activity. 5. The risk management function in state banks is a relatively new concept. Banks report that the functions typically support the credit approval process (which involves them in the business line), determine credit classification according to regulation, and periodically perform portfolio monitoring. Moreover, the head of the functions are accountable to senior management rather than to the supervisory board and currently are not independent. 6. Both supervisory authorities have made progress in enhancing the regulatory framework and supervisory processes since the 2006 FSAP. The regulatory framework has been broadened by the issuance of regulations on corporate governance, credit risk management and capital, and comprehensive regulations on risk management have been drafted.. As well, legal and/or regulatory amendments are warranted to enhance the selection process and independence of state bank supervisory boards. The law on accounting requires updating to capture the most current version of IFRS, and there is a need to strengthen both internal and external audit oversight by the supervisory board, in part by making the existing audit board a supervisory board subcommittee. Institution-specific Governance Shortcomings Development Bank of the Federation of Bosnia and Herzegovina (DBFBiH) 7. The DBFBiH is charged with promoting social and economic development in the FBiH. The DBFBiH lends directly to the market but has not set targeted strategies or policies to support specific sectors of the economy (e.g. SMEs, agriculture, etc.). Moreover, the DBFBiH faces important long term financing difficulties as according to Article 3 of the Law on the DBFBiH, it should have operating capital of 400 mn KM. However its capital has not exceeded 180 mn KM since its inception. 2 The supervisory board is responsible for both appointing and remunerating the internal auditor. However, the audit board reviews the audit plan, monitors the audit process, and receives the audit results. While the audit board may report periodically to the supervisory board, in some cases the reports are only written. This makes it difficult, if not impossible, for the supervisory board to be apprised of the control environment and for it to assess the performance and adequacy of the internal audit function. This also can allow the supervisory board to relegate its responsibility for the bank’s control environment and control oversight. 5 8. The DBFBiH is only partially supervised by the Banking Agency of the FBiH (FBA). The DBFBiH is incorporated under a separate legislation, the Law on the DBFBiH, which restricts the FBA’s supervisory reach. As a result, the FBA is not allowed to sanction the bank for violations of regulations or to vet the fitness and propriety of its supervisory or management board members. Thus, as seen later in this Technical Note, the DBFBiH’s accountability mechanism is severely compromised. Investment and Development Bank of Republic of Srpska (IDBRS) 9. In addition to its development activities (e.g. housing finance, SME finance), the IDBRS is charged with oversight responsibility for the state’s investments. The IDBRS oversees and carries out certain ownership responsibilities in the state’s investments in the real and financial sectors and manages the portfolio of existing state-owned enterprises. The IDBRS is set up as a joint stock company under the Law on the IDBRS and manages six funds through which the activities are conducted. The funds are individual joint stock companies; each formed under its own law. The IDBRS is not a licensed bank and is not supervised by the Banking Agency of the RS (BARS). 10. Specific objectives, business strategies and exit plans for the government’s participation in and support of the financial sector have not been defined. During the last two years, the government of the RS, through the IDBRS, has sharply increased its participation in the domestic financial sector through equity stakes, subordinated debt and deposit placements. In order to justify the government’s role in the financial sector, to identify and convey to the public the market gaps it intends to fill, and to assure clear objectives and an exit strategy, each IDBRS related bank investment should be supported by a specific financial institution mandate or comprehensive management plan and exit strategy. 11. Rigorous surveillance of the government’s financial sector exposures by the IDBRS is warranted. While the IDBRS has a long established investment monitoring process for each of its historic holdings, specific performance thresholds have not been developed to provide feedback on the financial and qualitative performance of financial institution investment(s). A rigorous performance evaluation methodology, including key performance indicators (KPIs) and linked management performance contracts, should be developed and mutually agreed by the IDBRS, the relevant bank supervisory board and bank management. Once adopted, these should be regularly monitored to hold accountable the banks’ supervisory boards and management. 12. The recommendations below are aimed at helping to strengthen the framework through which state-owned commercial and development banking institutions are overseen. Whilst much has been accomplished in terms of improving the regulatory framework of corporate governance in both entities, the role of the state as the owner of investments in the financial sector has yet to be defined. 6 13. The authorities of both entities should establish its objectives for participating in the commercial banking sector and define the mandate, policy objectives and ownership and exit strategy for each bank investment. With a clearer ownership strategy, supervisory boards and the management of these state banks will be able to deliver better results and the state will be able to monitor more effectively its investments and justify its presence in the financial sector. Bosnia and Herzegovina: State Bank Corporate Governance Key Recommendations Recommendations and Authority Responsible for Implementation Time3 State Banks – Common Recommendations Strengthen the regulatory framework: FBiH: MoF, I  Amend the Law on Banks and the Law on Enterprises to make the audit board a subcommittee of RS: MoF, IDBRS the supervisory board instead of distinct corporate body.  Amend the law on accounting to reflect the most current version of IFRS.  Treat material transactions with state-owned enterprises and other government entities (including municipalities) as related-party transactions and disclose them in compliance with internationally recognized accounting standards. Strengthen the supervisory board member selection process: FBiH: MoF, I  Modify the selection criteria for supervisory board members to include nature of professional RS: MoF, experience, sector specific skills; review remuneration policies to attract talented professionals to state bank boards. Strengthen the composition and role of the supervisory board of state commercial banks: FBiH: MoF, I  Change the composition of state banks’ supervisory boards to be composed of a majority of RS: MoF, IDBRS independent members with sector specific skills.  Through the selection process and the mandate given state bank boards, enable the supervisory board to hold management accountable in the context of an agreed performance contract. Strengthen the audit function: FBiH: MoF, I  Assign specific responsibility to the supervisory board to strengthen its internal audit function RS: MoF, IDBRS and ensure adequate resources commensurate with the complexity and size of the bank.  Assign specific accountability to the supervisory board for an adequate external audit and for receiving and reviewing audit results directly from the audit firm. Federation of Bosnia and Herzegovina – Specific Recommendations Professionalize the ownership function of the MoF: MoF I  Establish and publicly disclose specific, concrete objectives that justify each government investment / intervention in banks. In addition, public policy mandates should be separately identified, costed, financed, and disclosed.  Create an adequately resourced MoF ownership division or entity to oversee financial sector holdings.  Sign performance agreements with supervisory boards and management members of state banks and monitor and evaluate performance. . Republic of Srpska - Specific Recommendations Professionalize the ownership function conducted by the IDBRS: MoF, IDBRS I 3 I-Immediate” is within one year; “NT-near-term” is 1–3 years; “MT-medium-term” is 3–5 years. 7  Establish and publicly disclose specific, concrete objectives that justify each government investment / intervention in banks.  Establish a dedicated monitoring unit composed of qualified staff to focus solely on monitoring financial sector exposures, to evaluate institutional performance, mitigate risks and define an exit strategy for each equity or debt exposure.  Execute and monitor performance agreements with supervisory boards and managements bodies of banks wherein a controlling stake is held. 8 INTRODUCTION4 14. This Technical Note evaluates state bank corporate governance practices in Bosnia and Herzegovina. The analysis was completed during October 27-November 18, 2014. This TN is not a formal assessment against the Basel Committee’s Principles for Enhancing Governance; rather, it assesses key issues and provides a set of recommendations to the authorities with the view to strengthen state bank governance and the State’s ownership structures in Bosnia and Herzegovina. Objective and Scope of this Bank Governance Review 15. This review was prepared at the request of the MoF of the Federation of Bosnia and Herzegovina and the MoF of the Republic of Srpska as a part of the 2014 FSAP. This review evaluated the governance structures and practices of state-owned banks in both States: BiH: the Development Bank and Union Banka; RS: Srpska Banka, Bobar Banka, and Pavlovic Banka. The review did not evaluate governance in the other private commercial banking institutions. The governance of the IRBRS was also reviewed given its role as state’s equity investor in the banking system. The prevailing laws on the institutions were also reviewed, and discussions were held with the subject institutions as well as with the Banking Agencies, MOF representatives, and audit firms. Bank Governance Review Methodology 16. The Review Methodology was developed in response to requests by World Bank client countries to evaluate and communicate governance risks potentially affecting the performance and stability of their banking sectors. As such, the Review Methodology approaches bank governance from the perspective of a risk based policy framework that is key for the comprehensive assessment of system vulnerabilities. 17. The Methodology is based on the Basel Committee’s Principles for Corporate Governance in banking institutions and OECD Corporate Governance Principles and is also grounded in best practices emanating from the banking industry as a whole and World Bank experience. Moreover, since the scope of the review focused on state-owned banks, the Corporate Governance Guidelines for State-Owned Enterprises of the OECD were also used as a reference for the completion of the assessment. Using a set of focused questionnaires, a survey of a sample of banks was conducted. A high level review of the country’s bank supervisory process was also performed, focusing on the supervisor’s emphasis on board and management oversight and risk issues. The importance of corporate governance 4 This Technical Note was prepared by Laura Ard and Jean Michel Lobet (GFMDR). 9 18. Corporate governance is commonly defined as the structures and processes for the direction and control of corporations, specifying the distribution of rights and responsibilities among the main participants in the corporation and spelling-out the rules and procedures for making decisions on corporate affairs.5 Specific to banks, corporate governance is defined as the manner in which the business and affairs of banks are governed by their boards and senior management which affects how they: (i) set corporate objectives; (ii) operate the bank’s business on a day-to-day basis; (iii) meet the obligation of accountability to their shareholders and take the interests of stakeholders into account; (iv) align corporate activities and behavior with the expectation that banks will operate in a safe and sound manner and in compliance with applicable laws and regulations; and (v) protect the interests of depositors.6 In the case of State-owned banks, the corporate governance structure also captures the role of the State as owner and the process through which it fulfills its associated responsibilities. 19. Improving corporate governance can serve a number of important public policy objectives. Numerous studies have shown that good corporate governance practices lead to significant increases in economic value-added from higher productivity of firms and lower risk of systemic financial failures for countries.7 Implementing good bank governance is of particular significance in creating a robust and stable banking sector in support of sustained financial and private sector development, and economic growth. Indeed, banks:  Manage a significant portion of a nation’s wealth through savings and must therefore be governed appropriately in order to uphold the public trust; if governed poorly, people’s livelihoods could be at stake, potentially turning public opinion against current political leadership.  Provide the preponderance of financing for the great majority of enterprises and individuals, particularly in emerging markets; therefore, the strength and capacity of banks take on greater importance in terms of funding economic growth.  May well be expected to make credit and liquidity available in what are likely to be difficult market conditions in the years ahead. 20. With this in mind, it is important to note that banks generally have specific governance challenges and complexities since they take on significant volumes of risk- bearing assets. Hence, weak risk management frameworks and internal controls can cause severe and rapid financial crises. The collapse of a single bank cannot only destroy shareholder value but also value for its depositors and may require a costly bail-out or liquidation by the authorities (and ultimately the tax payers). Ensuring that banks are well governed is thus of central concern to not only banking regulators, but to the Government more broadly and other stakeholders. 5 The Organization for Economic Cooperation and Development (OECD): OECD Principles of Corporate Governance; 2004. 6 The Basel Committee on Banking Supervision: Principles for enhancing corporate governance; October 2010. 7 Corporate Governance and Performance Around the World: What We Know and What We Don’t. Inessa Love, The World Bank Group, June 2008. 10 21. These country-specific and more general bank-related risks make well developed governance frameworks and practices of banks in Bosnia and Herzegovina a key condition for financial market stability, judicious credit allocation, and growth. 11 KEY TENENTS OF EFFECTIVE CORPORATE GOVERNANCE IN STATE OWNED BANKS8 Current Setting 22. Evaluating and restructuring the corporate governance of state banks in Bosnia and Herzegovina, if accomplished in its entirety, will call for an evaluation of the objective and the role of the State, and therefore the role of state banks, in the country’s financial market. Some state banks may possess questionable ability to operate as viable commercial banks with sufficient customer bases and effective business strategies. 23. In practice, putting in place sound governance arrangements for state banks requires a significant investment in people, processes and technology with substantial up-front and ongoing costs. When considered in the context of the government’s objectives for state banks and the problems governance arrangements are expected to solve, the costs often may not be justified or affordable. In such circumstances the answer is not to shortchange corporate governance, but rather to design alternative, more economical and efficient means for government intervention. Selected Elements of a State Bank Governance Structure 24. Some of the key functions of a state bank governance platform include, inter alia, clarification of policy mandates and operational objectives, the state ownership function, the role of the board, chairman of the board, and the CEO. The following enumerates certain aspects to consider when evaluating and building a state bank governance arrangement.  Objectives of State Owned Financial Institutions (SFI):  To ensure the institution’s long-run financial sustainability (i.e., ensure that it continues as a going concern, without need for extraordinary financial support from the state).  To achieve certain financial performance objectives (which may be defined in terms of return on equity and dividend payment targets, for example).  For SFIs with a mandate to pursue public policy objectives, an additional overarching objective is the achievement of those policy objectives. (See below)  Organizing the State Ownership Function 25. Establish or review and revise the state bank ownership policy. Such a policy defines the state’s overall ownership objectives, prescribes the legal forms for the given institutions, defines the state’s role in governance, and how that role and policy will be implemented. This includes: 8 Distilled from the Basel Committee’s Corporate Governance Principles for Banking Organizations and relevant selected OECD Corporate Governance Guidelines for State-owned Enterprises. 12  Considering whether an incorporated financial institution is the most effective means of state intervention, as compared to, for example, a more economical institutional arrangement such as a specialized government department or unit.  Explicitly identifying and/or assigning who is responsible for acting as the state’s shareholder representative (separate government department, entity) and the method of interaction, typically with the Chairperson of the board.  Defining the shareholder representative’s role and accountabilities.  Assuring professional support to the shareholder representatives.  Establishing and requiring separation of ownership from regulation and supervision.  Assigning the responsibility of board(s) appointments and defining the process:  ensuring a structured, transparent process that adheres to explicit policies and procedures that seek to ensure the ability of the board to exercise its responsibilities in an independent manner, including the use of competence and experience requirements consistent with the strategy and business of the institution(s).  considering limiting the number of public servants on the boards and gradually introduce and appoint an increasing mix of private, independent individuals.  specifying the required mix of skills and experience of all individuals, both public and private.  considering whether the CEO should be prohibited from serving as the chairperson of the board.  defining the role and responsibilities of the chairperson, method of performance evaluation and remuneration (i.e. specific skills, experience required, ability to locate and hire domestically or internationally, etc.)  Defining, documenting, and monitoring clear objectives and performance measures and targets.  Periodically re-evaluating the state bank’s given mandate, in part to address potential “mission creep” and redefine where evolution of markets, client needs and public policy objectives may have rendered the existing mandate no longer valid or appropriate.  Document such policy through the existing and/or prospective mix of laws, regulations, and state policy.  Role of the Supervisory Board The principle role of the board of directors should be to:  Appoint key executives, evaluate management performance, and develop a succession plan for key managers (depending on the current quality and composition of the board(s) the appointment of the CEO may be introduced over time with at least the board taking the lead in the recruitment process before becoming wholly responsible for the formal appointment. The board should also establish, approve, and maintain a remuneration policy for senior executives and provide information to shareholder(s) and the public on such policy. Key committees should also be appointed including, inter alia, audit, nomination / remuneration, risk management, and corporate governance.);  Help formulate, monitor and approve the institution’s strategy (in context of the objectives set out in the ownership policy); 13  Approve key policies;  Ensure that internal financial and operational controls are in place;  Establish performance indicators and benchmarks;  Monitor disclosure and public communications processes to ensure financial statements and other disclosures fairly present the institution’s performance, financial condition, business and risks.  Information, Reporting, and Disclosure Regime Ensuring adequate reporting at all levels requires an investment in accounting and information systems, in internal controls, and in internal and external auditing. It involves formulating and documenting policies and procedures, putting in place hardware and software systems, and recruiting and training qualified staff, among other tasks:  The Audit Committee should have explicit responsibility for oversight of internal and external audit functions; ensuring the accuracy of required reporting to the regulatory and supervisory authorities; and ensuring management takes appropriate action in response to identified deficiencies.  The internal audit function should be (established and) accountable to the audit committee and have unrestricted access to the chairperson of the full board and all board members.  The external audit should be conducted according to international standards.  State Development Institutions For those state banking institutions that also possess a public policy / development mandate, additional organizational and governance challenges exist. Institutionalizing the means by which to make tradeoffs between policy and financial objectives and to efficiently fulfill policy mandates is a key governance challenge facing the institution. Public policy mandate must be well defined as explicitly and narrowly as feasible based on a thorough analysis of the market gaps they intend to address. The authorities will have to evaluate how the mandate will be financed along with the various pros and cons of funding alternatives. Once decided, the shareholder representative will need to agree specific policy, financial and operational performance targets with the board and executive management. 14 MAIN FINDINGS I. Main Findings in the Federation of Bosnia and Herzegovina A. Market Setting 26. The Federation of Bosnia and Herzegovina (FBiH) owns two banks. One, the Development Bank of the Federation of Bosnia and Herzegovina (DBFBiH). The DBFBiH began its operations in July 2008 as the legal successor to the FBiH Investment Bank which had been operating since 1997. The second, Union Bank, is a commercial bank which started its operations in 1997 and is the successor of Jugobanka. Together, both institutions represent less than 6 percent of the banking sector of the FBiH. 27. The DBFBiH has the objective to promote social and economic development in the FBiH. The institution is owned by the government of the FBiH (Prime Minister’s office and all the ministries); however, the Ministry of Finance (MoF) has been delegated the ownership rights over the bank. The DBFBiH has been incorporated under a separate law (Law on the DBFBiH), and, therefore, is subject to different regulations compared to regular commercial banks. The Banking Agency of the Federation of Bosnia and Herzegovina (FBA) can only supervise the DBFBiH based on the Decree of the DBFBiH and not the Law on Banks. As a result, the FBA has limited powers to supervise the DBFBiH (see Section Legal and Regulatory Framework). Moreover, the DBFBiH does not take deposits nor provides retail banking services. According to Article 3 of the Law on the DBFBiH, the DBFBiH has an operating capital of 400,000,000 KM (approximately 254,000,000 USD). However, in practice, due to the financial limitations of the government of FBiH, this capital has not been higher than 180,000,000 KM (approximately 114,000,000 USD). This one of the reasons why the DBFBiH has not been able to fulfill its development mandate. 28. In practice, the DBFBiH behaves more like a commercial lender than a development lender. The DBFBiH has not set targeted strategies or policies to support specific sectors of the economy (e.g. Small and Medium Enterprises (SMEs) or agriculture). Eighty percent of the lending is directed to companies which not always have development objectives. The DBFBiH does not have a specific methodology to calculate interest rates; it decides on an interest rate below regular commercial rates. It lends directly to borrowers rather than through intermediary banks, and as a result bears all the risk of its lending operations. The DBFBiH has substantial concentration risk; NPLs represent 15% of total loans.9 29. At least fifty percent of the DBFBiH activities are “commissioned activities.”10 Funds for these lending operations come from different ministries, and the DBFBiH acts as an advisor to the ministries by performing the risk analysis of the transaction. The final approval of the loans is 9 NPL industry average is fifteen percent. 10 Lending programs with funding provided by specific ministries (e.g. Ministry of Entrepreneurship provide credit lines to SMEs through the DBBH). 15 by done by the ministry who provided the funds and the risk is borne by the ministry and not the bank. 30. Union Bank operates as a commercial bank with over 90% government ownership. Union Bank inherited the assets of Jugobanka (including litigation on the pre-war liabilities of Jugobanka) which have hindered its further development of the bank. Until recently, Union Bank was not part of the deposit insurance scheme because the law did not allow banks with more than 10 percent state ownership to join the scheme. The law was modified recently and Union Bank is now part of the deposit insurance scheme. The Union Bank is fully supervised by the FBA. 31. Union Bank is undergoing an important reform process that includes appointment of a new management team with strong banking sector experience, the introduction of a more rigorous risk culture, and important IT upgrades. As a result of these changes, the institution has generated operational profits for the first time in more than ten years. In the past, profits primarily emanated from leasing revenues rather traditional banking operations.11 32. Union Bank faces a competitive environment with little critical mass. The banking system is dominated by foreign banks, accounting for 90 percent of sector assets. In comparison, Union Bank represents less than 3 percent of assets with minimal long-term financial resources. The bank has high concentration risk with its customer base composed of close to 80% corporate clients. NPLs total 11%, below the industry average of 15 % with a capital adequacy ratio of 36%. B. Legal and Regulatory Framework 33. The corporate governance framework for commercial banks, including those owned by the state, is set forth by the Law on Banks (LoB) and complemented by the Law on Enterprises (LoE). The LoE sets forth shareholders’ rights, structure and liability of the management and members of the supervisory board, structure and responsibilities of the audit board, and regulation of related-party transactions. The Law on Banks outlines, inter alia, the requirements to become a shareholder or a supervisory board member of a bank, conflict of interest regulations, and disclosure requirements. The Law on Banks also charges the banks’ supervisory board members with a fiduciary obligation to act in the best interest of the bank and its shareholders. Commercial banks, including state commercial banks, are under the supervision of the FBA. 34. State-owned commercial banks have a clear legal form. According to Article 1 of the Law on Banks12, all commercial banks, including those that are owned by the state, are incorporated as joint-stock companies. Moreover, commercial banks are also required to list and register their securities at the Sarajevo Stock Exchange. 11 Union Bank owns real estate that has been leased to large global organizations. Thus, providing a significant source of income for the bank. 12 Official Gazette of the Federation of BiH, number 39/98, 32/00,48/01, 27/02, 41/02, 58/02, 13/03, 19/03 and 28/03. 16 35. The DBFBiH is incorporated under separate legislation, the Law on the DBFBiH, and is partially supervised by the FBA. The Law on the DBFBiH sets forth the corporate governance framework of the DBFBiH including the ownership, supervisory board and management. The law outlines the special regime for the DBFBiH, including profit tax and liquidation exemptions; and unlimited guarantee by the government of the DBFBiH’s liabilities. Moreover, the Law on the DBFBiH exempts it from regular supervision. The FBA supervises the DBFBiH in accordance with the Decree on DBFBiH. The Decree has similar provisions as the Law on Banks; nevertheless, it does not allow the FBA to issue sanctions in case of violations of the regulations or to vet the fitness and propriety of the supervisory or management board members. The FBA can only issue recommendations to the government in case of violations of the law, significantly undermining its regulatory mandate. The DBFBiH must inform the FBA about the appointment of new supervisory or management board members. 36. Law and regulation separate the role of the state as an owner of financial institutions and the role of the state as policy-maker and regulator. In the case of Union Bank, the MoF has been delegated the ownership rights of the institution. Union Bank is supervised as any private bank by the FBA. In the case of the DBFBiH, the institution is owned by the government of the FBiH (all ministries are owners) and is only partially supervised by the FBA. The FBA is an independent entity separate from the MoF. The FBA is self-funded and its senior management is elected by the Parliament of the FBiH. 37. Overall, the legal and regulatory framework provides for a level playing field among private and state commercial financial institutions. However, the DBFBiH benefits from both supervision and tax exemptions. Both state and private commercial banks operate under the same rules and are extensively supervised by the regulator without any limitations. Both private and state institutions are not exempt of any fiscal obligations. Union Bank is subject to annual external review by an independent auditor. However, DBFBiH is exempt from profit taxes. Tax exemptions in the case of development banks are not uncommon globally. These institutions have to fulfill public policy mandates and the associated costs are usually covered by the tax exemptions savings. 38. In the case of the DBFBiH, the accountability structure is lacking. The FBA has only partial scope of oversight authority, as it cannot sanction the institution, vet candidates or take other action against board members and management. No other oversight process exists apart from periodic reviews by the Supreme Audit Authority, however, the bank is subject to an annual external audit by an independent auditor. As long as the DBFBiH engages in direct lending activities and competes with other commercial banks by providing below market interest rates, a robust, regular oversight function should promptly be established. In that context, either the Supreme Audit Authority should accept clear responsibility for a full-scope annual review, or alternatively, the FBA should be empowered to use its full supervisory authorities to address and take actions on the fitness and propriety of new and existing board members, and to issue sanctions in case of violation of the law. 17 39. The legal and regulatory framework is silent regarding the government’s objectives for participating in the banking sector and does not define the mandate, policy objectives and ownership strategy for each bank. The government has set very broad goals for the DBFBiH that go from financing infrastructure to issuance of letter of credits to exporters. In the case of the Union Bank, these mandates and objectives have not been defined. In order for the government to efficiently manage financial institutions, it must, first, justify the public sector’s presence in the financial sector. In other words, the government must demonstrate the market gaps or failures that the private sector has not been able to fill. For example, in the case of the Canadian Development Bank (CDB), its mandate has been clearly defined by the government, which is to be the prime financier of SMEs. Small businesses are considered high risk by private banks and access to credit is very difficult globally. Therefore, the CDB fills a specific gap that the private sector banks have not been able to fill due to the high associated risk. In the case of state banks of the FBiH, such a justification has not been articulated in the law or regulation. 40. The laws and regulations are silent regarding how the costs associated with the provision of public policy objectives of both institutions are covered. In the event that either the state commercial or development bank engages in public policy activities, the law is silent regarding the funding sources to cover the expenses with these tasks. Currently, these are usually covered by the operational profits of these institutions. However, it is a better practice and more transparent to clearly identify and cost the activities, ensure separate funding for them from the government budget and disclose them to the public. For example, in the case of the South African Development Bank, public policy activities are financed through profit tax exemptions. In the case of Kiwi Bank in New Zealand (commercial state bank), public policy objectives are financed by the government’s budget. C. The State’s Ownership Role 41. The state fulfills some of its obligations as the owner of banks. The MoF is the representative shareholder for both Union Bank and DBFBiH. The MoF actively participates in the annual shareholder meetings and elects and removes supervisory board members. The MoF also has set up a structured process for the nomination of supervisory board members. 42. However, the state has not developed a clear ownership policy for either the Union Bank or DBFBiH. Neither institution has developed clear goals and strategies for their operation. The State has not identified the market gap and mandate it intends to address by participating in the commercial banking sector. In the case of Union Bank, a well-defined mandate and objectives are important to ensure its commercial and competitive focus is preserved. In the case of the “commissioned activities” of the DBFBiH, it is unclear what government programs are appropriate to accept and manage, how such programs are assigned to the bank, and what the prioritization process is. A well-defined mandate which helps measure and manage those programs it accepts, as well as a structured process through which various ministries approach the bank is necessary. 18 43. MOF does not actively monitor the performance of either institution. An evaluation methodology with key performance indicators has not been developed, making the supervisory board and the management unaccountable for delivering results. The MoF does not have a dedicated monitoring unit composed of qualified staff with an understanding of the banking sector. In addition, specific reporting requirements between the bank and the MOF as owner do not exist. As shareholder representative, MOF should communicate the specific financial and non-financial objectives to the board. These objectives should be endorsed annually by the shareholder, board and the management. Finally, an evaluation methodology and key performance indicators should be developed to assess the performance of the banks in meeting financial and non-financial objectives and to hold board and management accountable. 44. Despite the existence of a structured recruitment process for supervisory board members, the selection procedures could be further strengthened. The MoF has set up a structured process to select supervisory board members. The vacancies are publicly advertised by the MoF in the official gazette and in major newspapers. A recruitment committee composed of staff from the MoF is in charge of the shortlisting and interview process. After the process is completed a short-list with a ranking is submitted to the Minister of Finance for final selection. According to the interviewed banks, the MoF usually follows the advice of the recruitment committee; however, there have been instances where this has not been the case. 45. During the selection process, the recruitment committee does not engage with the existing supervisory board. The LoE and the LoB does not limit the number of civil servants appointed to the supervisory board. In order to make this process more effective, the recruitment committee should be composed of professional and experienced supervisory board members from both private and public sectors (Box 1). For example, Poland introduced an independent accreditation committee to support the Treasury with the nomination process of board members of SOEs.13 Moreover, the recruitment committee should engage more effectively with the existing boards to understand what the specific profiles or skill sets needs are to make the supervisory board more effective. Finally, to ensure the independence of the supervisory board, the number of supervisory board members representing the state (civil servants) should be restricted to the strict minimum by the law (e.g. less than 50 percent). Box 1: Board nominations in two state-owned development banks 13 The Committee consists of 10 members recommended by key ministries such as treasury, economy, public finance, financial institutions, transport, communications and the President of the Polish Financial Authority and appointed by the Prime Minister on the basis of their knowledge and experience (OECD 2011, State-Owned Enterprise Reform: An Inventory of Recent Change). 19 The Development Bank of Canada (DBC) and Development Bank of South Africa (DBSA) operate with a one board system and have a well-developed framework for the selection of board members. The law establishes general fit and proper requirements for selection of board members. In both cases, a board committee prepares an assessment of the skill requirements of the board members, recommends skill requirements for the selection of new directors and assesses the capacities of the current board members. A shortlist is typically prepared by professional headhunters and the list of candidates is presented to the shareholder representative (the government). Although the government may decide not to select a candidate from the shortlist, and appoint an outsider, shareholders have typically accepted candidates from the shortlist. And when selecting outsider candidates, the government gets exposed to criticism for lack of transparency. In both cases the Chairman and the CEO are different positions. While no government officials participate on the board of BDC, the Ministry of Provincial and Local Government is represented on the DBSA board (but this Ministry does not have a direct role in the ownership function). In both cases, however, the CEO is not appointed by the board, which is an important shortcoming. Source: Rudolph 2009 C. The supervisory board function 46. The supervisory board is where key responsibilities of a bank converge. Given that banks are considered special interest entities that play a key role in all economies, bank supervisory boards are charged with the public’s trust to act responsibly and with integrity. Supervisory boards have special duties to act in the best interest of all stakeholders, not only the owners. The supervisory board must set the appropriate “tone at the top” through which it directs the manner in which the bank conducts its business - through strategic planning, risk parameters, and policies. It must set clear risk parameters within which management and staff execute the business plan. It must ensure that key control functions are established and independent so that it can monitor the bank’s existing and prospective risks, the overall success of its business strategy, and financial performance and soundness. As a result, the board must be composed of a balanced mix of skills and experience, must be objective, and must fulfil its fiduciary duty through prudently guiding the bank. The supervisory boards of the two state banks have yet to fulfil the full scope of these responsibilities. 47. The LoE and LoB provides the basic criteria for the proper operations of the supervisory board. The supervisory board duties are explicitly articulated in the different commercial and banking regulations. Moreover, there is a clear separation between the roles of managing director and chairman of the supervisory board. The board is in charge of appointing the members of the audit board, the managing director and the internal auditor (including its remuneration). Members representing the state are subject to the same liability regime as directors from the private sector. Finally, supervisory board members are required to be certified board members by the chamber of commerce before being appointed board members. 20 48. However, supervisory boards are not performing their intended leadership role. Boards are focused on determining compliance with internal and external policies, conducting quality control, reviewing bank policies and changes thereto, and monitoring credit activity reports. Supervisory boards provide little strategic direction (in terms of business approach and risk appetite) and do not actively monitor the risk and control environment through the critical functions of internal audit, risk management, and compliance. Given the role the supervisory board performs in practice, the management board assumes a stronger leadership role in the banks’ strategy and operations, resulting in a blurring of the roles of strategic direction and operational management. 49. Supervisory board appointments in the DBFBiH appear to be influenced by the elections calendar. The term of the previous board expired 2 years ago. However, the government was only able to appoint the new supervisory board in May/June 2014. A new government has been recently elected; therefore, there is no guarantee that the current supervisory board will not be dismissed again by the new government. As a result, the DBFBiH has been operating with interim arrangements for the last 2 years, and the institution has operated without strategic oversight and committed management. The recruitment and nomination process of supervisory board members of state-owned enterprises as a whole including state banks should not be affected by the elections calendar of the government. 50. Board committee structures are non-existent and therefore, no mechanism exists to assist boards in more technical and demanding matters. Board audit committees do not exist; instead, there is the audit board that is separate from the supervisory board. According to the law, the audit board is tasked with overseeing the internal and external audit functions. The internal auditor reports to the audit board and not the supervisory board. However, the supervisory board is responsible for appointing, evaluating and remunerating the internal auditor. Under the current structure, the supervisory board is not fully accountable for the integrity of the internal audit function as it should be. Due to the existence of the audit board, the internal auditor does not interact with the supervisory board in practice. For that reason, to make the audit board more effective and the supervisory board fully accountable for the internal audit, the audit board should become a subcommittee of the board instead of a separate corporate body. Moreover, the audit subcommittee should be chaired and composed of independent board members only. D. Transparency and Disclosure Financial reporting 51. Both Union Bank and the DBFBiH prepare financial statements in compliance with internationally recognized accounting standards, and they are disclosed to the public. According to the Law on Accounting of 2005, all private and public companies, including financial institutions, are required to prepare their financial statements in compliance with IFRS standards. However, since 2005, a few IFRS standards have been updated and the Law on Accounting has not been amended accordingly. The lack of translation of the updated accounting standards has 21 impaired the ability of enterprises to prepare quality financial statements.14 Moreover, the FBA has focused more over the years on controlling prudential requirements rather than on the quality of IFRS-based financial statements. Finally, both banks are using the services of external audit firms with international foot print to perform the annual external audit of the bank. The external auditor also provides a management letter. 52. In practice, the DBFBiH selects external audit firms on an annual basis instead of a period of at least 3 years. The DBFBiH is bound by public procurement rules. Therefore, public tenders are organized to appoint the external auditor; in practice, the lowest bid is typically selected. In the case of the DBFBiH, public tender procedures to select the external auditor are organized annually to save costs. As a result, the bank is audited by different external auditors every year. External audit firms’ services should be contracted for terms of at least three years (with maximum duration of five years) to ensure continuity and consistency in the evaluation process. Moreover, the selection criteria should not be based solely on cost. As a result of the changes in management that have taken place over the last two years, Union Bank has appointed a reputable external auditing firm for the next three years. 53. The FBA’s powers towards external audits are limited. In practice, the firm in charge of the external audit of the DBFBiH is not always appointed during the annual shareholders meeting. For example, as of today, the external auditor of the DBFBiH has not been appointed. The FBA has no powers to appoint by default an external audit firm at the bank’s expense if the bank has not appointed one after a certain date. Moreover, state commercial banks are required to obtain approval from the banking agency on the appointment of the external auditor. However, the banking agency has not developed clear and transparent criteria for approving audit firms (such as qualification of the auditors, reputation of the firm, size of the firm). 54. Transactions with state-owned enterprises are not treated as related party transactions. According to both banks, transactions with the MoF are treated as related-party transactions. However, transactions with municipalities or state-owned enterprises are treated as normal transactions, which in the case of the DBFBiH represent close to 30 percent of the loan portfolio and close to 10 percent in Union Bank. The management of both institutions explained, however, that any loan application, including related-parties or any other government entity, go through the same credit approval process. If the applicant (even if it is the state) does not meet the credit worthiness and risk criteria, a loan will not be extended. Related party transactions can have serious implications on the financial stability of the bank if not properly monitored. Therefore, specific disclosure rules could be applied to all transactions, including with SOEs, depending on the size or level of materiality of the transaction. For example, material related party transactions (e.g. transactions representing 10 percent of the assets of the company) should be properly disclosed in compliance with internationally recognized standards, go through a specific approval process (i.e. approved by independent directors only). 14 ROSC Accounting and Auditing 2010. 22 55. Non-financial disclosure by both banks requires significant improvement. Banks are required to produce financial statements in compliance with IFRS; however, non-financial disclosures are poor. Consistently, disclosures in annual financial reports or on individual websites do not present supervisory board members and biographical information, individual supervisory board and senior management remuneration. E. Audit Function 56. While both banks report they have an internal audit function that reports to the supervisory board, as required by the laws and regulations, in practice, the functions appear to lack adequate independence. Consistent with the law, both banks indicated that the head internal auditor is appointed, remunerated and evaluated by the supervisory board. However, the audit board monitors internal audit operations and external audit results, but does not interact regularly with the supervisory board. In most cases, the internal auditor does not interact with the supervisory board. 57. Virtually all internal audit departments of state banks suffer from understaffing. The staffing and professional requirements of banks’ audit departments reflect the broader auditing profession in the FBiH which has been slow to develop. The DBFBiH has only one internal auditor and Union Bank has three. Given the level of staffing and low level of experience, internal audit departments are not likely to have the resources necessary to comprehensively cover bank operations with a high level of quality. F. Risk Function 58. The development of risk strategy, effective risk oversight, and a sound control framework is one of the most critical roles for which bank boards are responsible. Independent risk oversight processes (internal audit, risk management, compliance) are an important instrument of the board to ensure that its strategies, risk thresholds, and policies are communicated, monitored, and respected. If boards are adequately empowered to set business strategy and the risk parameters necessary to accomplish that strategy, then the risk management function becomes an important tool for it to understand the success of its directions and the soundness of the institution. Having a strong risk management function allows the board, then, to discharge its duty to oversee the performance of the institution. 59. Risk management is a very nascent function in state banks and should urgently be further strengthened. The functions have been formed but currently conduct a credit analysis role for the lending function along with periodic portfolio monitoring. Banks also indicate that the function also determines the classification of credit. The process provides an opinion or credit analysis support rather than performing formalized monitoring and reporting function. The head of the functions are accountable to senior management and currently are not independent. Sound credit risk management practices are typically constituted by a secondary surveillance function with a direct communication link to the board and which continually monitors and periodically 23 tests portfolio credit quality. There is no legal requirement requiring banks to establish an independent risk management function that reports directly to the supervisory board. Over time, supervisory boards should assure an independent risk management function and should regularly interact with the risk management apart from management. II. Main Findings in the Republic of Srpska A. Market Setting 60. During the last two years, the government of the RS has sharply increased its participation in the domestic banking sector through liquidity and capital support. The government participates in the sector through a 100% stake in Banka Srpska and through preferred, convertible shares in two other commercial banks, Pavlovic Banka (21% stake) and Bobar Banka (8% stake). These shares carry an 8% dividend rate and if not paid, can be converted to common voting shares. Additionally, the RS also holds subordinated debt in Nova Banka and Srpska Banka. The institutions represent approximately 10% of the banking sector of the RS. 61. The RS holdings are owned by the Investment Development Bank of RS (IDBRS) which has been delegate the ownership rights by the Government. The IDBRS is set up as a joint stock company under the Law on the IDBRS which provides a broad mandate including financial sector support. The IDBRS operates as a fund manager and oversees six funds, with a total asset value of approximately 2.2 bn KM, through which its activities are conducted.15 The funds are individual joint stock companies, each formed under its own law, and hold the shares owned by the IDBRS. They have no individual governance structure but are fully managed by the IDBRS. The institution is not a licensed commercial bank and is not subject to supervision by the Banking Agency of the RS (BARS). 62. The Banka Srpska is a commercial banking operation previously owned by foreign nationals. At the time the government rescued the bank in July, 2013, it represented approximately 4.0% of banking system assets. Mounting losses, insufficient capital and inability or unwillingness of previous owners to inject additional capital prompted the State to inject fresh capital and take over the institution. Among the first steps taken by the government was appointment of a new general manager and management team, closure of foreign branches, and solicitation for a new audit board. 63. Banka Srpska operates under the Law on Banks (LoB) and is required to have all the attendant governance structures. The Supervisory Board, as of October 2014, had met sporadically. Three members resigned due to the adoption of a recent decree that disallows supervisory board members in SOEs from holding more than one such board membership. The government is in the process of finalizing decisions on new members following a public 15 Development and Employment Fund, Eastern Republic of Srpska Development Fund, Housing Fund, Share Fund, Restitution Fund, Real Estate and Claims Fund (for more information, please visit: http://www.irbrs.org/azuro3/a3/?id=88 24 solicitation. Since the full supervisory board has not been in place, neither the head internal auditor nor the audit board have been appointed. 64. Bobar Banka and Pavlovic Banka, where the government has non-voting minority shares, are commercial banking operations and have close ties with their founders. Bobar Banka has made important efforts to strengthen its overall corporate governance and internal processes16. A new chairman of the supervisory board was appointed in March 2014, and three new members were appointed to the management board. The risk management department was recently re-organized and is taking a more active role in the credit review process. The bank is managing its NPLs through work out plans and by rescheduling selected exposures. Pavolvic Banka indicated that it is focused on agricultural lending and SME. The management team changed in May/June 2014. Importantly, Bobar Banka received a disclaimer opinion in its 2013 external audit while Pavlovic received an unqualified auditor opinion for the same date. B. Legal and Regulatory Framework 65. The corporate governance framework for commercial banks, including those owned by the government, is set forth by the LoB and complemented by the Law on Enterprises (LoE). The LoE sets forth shareholders’ rights, structure and liability of the management and members of the supervisory board, structure and responsibilities of the audit board, and regulation of related-party transactions. The Law on Banks outlines, inter alia, the requirements to become a shareholder or a supervisory board member of a bank, conflict of interest regulations, and disclosure requirements. The Law on Banks also charges the banks’ supervisory board members with a fiduciary obligation to act in the best interest of the bank and its shareholders. Commercial banks, including state commercial banks, are under the supervision of BARS. 66. Commercial banks have a clear legal form. According to the LoB, all commercial banks are incorporated as joint-stock companies. Moreover, commercial banks are also required to list and register their securities at the Banja Luka Stock Exchange. 67. The laws and regulations make a clear separation between the role of the state as an owner of financial institutions and the role of the state as policy-maker and regulator. In the case of Srpska Banka, government ownership is represented by the government’s owner-agent, the IDBRS. The government is a minority shareholder in Bobar and Pavlovic banks through nonvoting shares. All banks are subject to BARS supervision without legal exemptions. BARS is established as an independent entity separate from the MoF. It is self-funded and its senior management is elected by the Parliament of the RS. 68. The legal framework is silent regarding how the costs associated with the provision of public policy objectives would be covered if a state bank was to engage in such activities. In the event that a state bank conducts public policy activities, the law is silent regarding the 16 Nevertheless, Bobar Bank was intervened by the authorities at end-2014, after the FSAP mission. 25 funding sources to cover the expenses with these tasks. Clear funding sources for these activities should be identified from the beginning and be disclosed to the public. C. Governance of the IDBRS as the government’s ownership entity 69. The structure of the IDBRS is established to operate at an arm’s length from the government. The owner of the IDBRS is the Government of the RS. Its supervisory board is elected by Parliament but the recruitment process follows that for other government-owned entities. Supervisory board members are mostly from the public sector and are appointed for a term of four years. Terms can be renewed an unlimited number of times. No formal performance contract is signed among the supervisory board, management board, and the government. 70. The supervisory board performs a number of compliance oriented activities. These include ensuring compliance with internal policies and preparing reports for the shareholders (financial reports, semiannual reports, business plan). At the end of the year, the MoF presents the institution’s financial results to the government as well as the annual report of its activities. These are then approved by Parliament. If the government or Parliament are not satisfied with the results, they may not sign the annual report, however, disapproval has never occurred. 71. Both the audit board and management board are appointed by the supervisory board following a competitive process. The MoF is responsible for interviewing and shortlisting candidates. Thereafter, a final list is presented to the supervisory board for its approval. The audit board appoints the internal auditor who is not, however, a full time employee of the institution, but is contracted by the audit and supervisory boards. The head auditor indicated that she dedicates approximately 30% of her time to IDBRS audit tasks. 72. The internal audit department follows an annual plan based on a risk matrix which is approved by the audit board. It has the scope to audit the six funds and reports its findings to the MoF and the Supreme Audit Commission. 73. Related Party Transactions are disclosed in the financial statements without detail. All borrowers are published on the website, including the amount and date approved. The state sector can apply for loans through bank intermediaries subject to the same conditions as other borrowers. However, SOEs are disallowed from borrowing from certain funds due to policy conditions. Nevertheless, the IDBRS is allowed to invest in municipal bonds. 74. The IDBRS receives an annual external audit by an international audit firm. Each fund under its management is also audited by the same firm. Following approval by the shareholders, the audits are presented on the IDBRS website. An annual report of activity is also prepared and presented to Parliament for approval. Once approved, it is posted on the website. 75. The IDBRS is also subject to audit by the Supreme Audit Commission; however, it has not audited the institution since 2011 as a function of the Commission’s scheduled audit 26 cycle. Moreover, the Commission does not audit the entire institution, but only two or three funds. Given the significance and complexity of the IDBRS’ activity, an annual audit cycle is recommended. D. The State’s Ownership Role 76. While broad mandates are provided for both the IDBRS and each fund through their respective laws, the specific objectives, strategies, and exit plans for the government’s role in the financial sector in general and for each financial sector investment have not been enumerated. The mandate provided by the Law on the IDBRS highlights twelve objectives including “support to the financial sector”. However, the rationale for such support is not presented. In the existing cases, the government has provided both liquidity and capital support in seemingly distressed or weak bank situations. Capital injections are not supported by a “least cost” resolution analysis. In order to justify the government’s role in the financial sector and prudent use of public resources, to identify and convey to the public the market gaps it intends to address, and to assure clear objectives and an exit strategy, each intervention should be directed by a specific mandate and comprehensive oversight plan. 77. In addition to its development activities (e.g. housing finance, SME finance), the IDBRS is charged with certain governance responsibilities for the government’s investments. The IDBRS conducts certain governance responsibilities for the government’s investments in the real and financial sectors and manages the portfolio of existing state-owned enterprises. A dedicated corporate governance department is responsible for, inter alia, participating and voting in shareholder meetings and monitoring the financial results of the investees. The MOF conducts the recruitment process for its representatives on the supervisory boards of its investee companies, approves the voting position of the representatives in the subject companies’ annual meetings, and approves fund investments over a given threshold. 78. Rigorous surveillance of the government’s financial sector exposures is particularly warranted. While the IDBRS has a long established investment monitoring process for each of its historic holdings, specific performance thresholds have not been developed to provide feedback on the financial and qualitative performance of its banking interests held. A rigorous performance evaluation methodology, including key performance indicators (KPIs) and linked management performance contracts, should be developed and mutually agreed by the IDBRS, the relevant bank supervisory board(s) and bank management. Once adopted, these should be regularly monitored to hold accountable the banks’ supervisory boards and management. 79. Active monitoring of the banks in which the government holds a passive stake is still necessary. Given the condition of the banks and the difficult market conditions they face, the government could become a strategic owner if the conversion feature is triggered. Important and rapid decisions will need to be made about the institution(s) at that point and in collaboration with BARS. 27 80. The IDBRS, as the government’s owner agent, assumes important responsibilities for financial sector investments. Particularly in cases of majority ownership (such as the case of Srpska Banka) it must ensure that the government’s stake is protected by acting quickly to position the skills necessary to assess the existing condition of the bank and to provide critical decisions on the continued viability of the given institution(s). Sprska Banka’s supervisory board as well as its audit board met sporadically in 2014. The first supervisory board following the government’s intervention in July 2013 was appointed during a shareholders’ meeting as in any commercial bank, but was never fully constituted due to the resignation of three members. The search for and appointment of board members follows the process prescribed by the Civil Service Law. The final decision on a new supervisory board is believed imminent. However, the length of time taken to position a new supervisory board has prolonged important decisions on Srpska Banka, including appointment of the audit board, a permanent head auditor, a workout strategy and new business plan. In insolvency situations such as this, the government’s ability to act swiftly to stem any additional loss and preserve value is critical. 81. Despite the existence of a structured recruitment process for supervisory board members of both the IDBRS and government investments, the selection process does not result in boards with a mix of public, private, and independent members and with relevant financial skills and experience. The government has a structured process to select supervisory board members wherein vacancies are publicly advertised in the official gazette and in major newspapers. A recruitment committee composed of staff from the MoF is in charge of the shortlisting and interview process. After the process is completed, a list with a ranking is submitted to the MoF for final selection. In the case of the IDBRS, Parliament makes the final selection. During the recruitment process, the recruitment committee does not engage with the existing supervisory board to determine needed skills and experience. The IDBRS makes an annual report to parliament after the report’s acceptance by the Minister of Finance. 82. The law does not limit the number of supervisory board members representing the government nor does it limit the number of terms members can serve. In order to make this process more effective, the recruitment committee should be composed of professional and experienced supervisory board members from both private and public sectors. Moreover, the recruitment committee should engage with the existing boards to understand what the specific profiles or skill sets needs are to make the supervisory board more effective. Particularly, the supervisory board of the IDBRS would benefit from a broader mix of financial sector skills and independent members. Finally, to ensure the independence of the supervisory board, the number of supervisory board members representing the state should be restricted to the strict minimum by the law (e.g. less than 50 percent). The number of term renewals should be limited to two. E. Governance Practices in RS State Commercial Banks The supervisory board function 28 83. The supervisory board is the function where key responsibilities of a bank converge. Given that banks are considered special interest entities that play a key role in all economies, bank supervisory boards are charged with the public’s trust to act responsibly and with integrity. Supervisory boards have special duties to act in the best interest of all stakeholders, not only the owners. The supervisory board must set the appropriate “tone at the top” through which it directs the manner in which the bank conducts its business - through strategic planning, risk parameters, and policies. It must set clear risk parameters within which management and staff execute the business plan. It must ensure that key control functions are established and independent so that it can monitor the bank’s existing and prospective risks, the overall success of its business strategy, and financial performance and soundness. As a result, the board must be composed of a balanced mix of skills and experience, must be objective, and must fulfil its fiduciary duty through prudently guiding the bank. The supervisory boards of the two state banks have yet to fulfil the full scope of their responsibilities. 84. Commercial and banking regulation provides the basic criteria for the proper operations of the supervisory board. Supervisory board duties are articulated in the different commercial and banking regulation, and there is clear separation between the roles of managing director and chairman of the supervisory board. The supervisory board is in charge of appointing the members of the audit board, the managing director and the internal auditor (including its remuneration). 85. In all three cases, supervisory boards are not performing their intended leadership role. Boards are focused on determining compliance with internal and external policies, conducting quality control, reviewing bank policies and changes thereto, and monitoring credit activity reports. Supervisory boards provide little strategic direction (in terms of business approach and risk appetite) and do not actively monitor the risk and control environment through the critical functions of internal audit, risk management, and compliance. Given the role the supervisory board performs in practice, the management board assumes a stronger leadership role in the bank’s strategy and operations, resulting in a blurring of the roles of strategic direction and operational management. 86. As well, Bobar and Pavlovic Banks have strong controlling shareholders who, when combined with a board that is not performing its leadership role, exerts significant influence on the daily operations of the bank, resulting in further overlap of roles. In both of these cases, the volume related party transactions is inordinately high, and many are classified as nonperforming loans. Boards require a greater mix of relevant financial sector skills and experience and should have a minimum number of independent members. Board member terms should be limited to two. 87. Board committee structures are non-existent and therefore, no mechanism exists to assist the respective banks’ boards in more technical and/or demanding matters. Board audit committees do not exist; instead, there is the audit board that is separate from the supervisory board. According to the law, the audit board is tasked with overseeing the internal and external 29 audit functions. The internal auditor reports to the audit board rather than to the supervisory board. However, the supervisory board is responsible for appointing, evaluating and remunerating the internal auditor. 88. Under the current structure, the supervisory board is not fully accountable for the integrity of the internal audit function as it should be. Due to the existence of the audit board, the internal auditor does not interact with the supervisory board in practice. For that reason, to make the audit board more effective and the supervisory board fully accountable for the internal audit, the audit board should become a subcommittee of the board instead of a separate corporate body. Moreover, the audit subcommittee should be chaired and composed of independent board members only. F. Transparency and Disclosure 89. The three state commercial banks prepare their financial statements in compliance with internationally recognized accounting standards, and they are disclosed to the public. According to the Law on Accounting, all public interest companies, including financial institutions, are required to prepare their financial statements in compliance with IFRS standards. However, 2009 IFRS is the most recent translation; subsequent amendments have not been translated. The lack of translated amendments has impaired the ability of enterprises to prepare quality financial statements.17 The external auditor also provides a management letter, though it is not clear how the Supervisory Boards evaluate or act upon its findings. 90. In practice, the state commercial banks select external audit firms late in the year and on an annual basis, instead of for a period of at least 3 years. Banks request bids every year and typically base their selection decisions on the lowest cost. However, two of the three banks are using the services of international external audit firms: one, to better determine necessary reform steps, and two, at the prompting of external parties. Banks do not appoint the external auditor during the shareholders’ meeting, but in the third or fourth quarter. This causes important audit work to be rushed and bypasses any periodic work that might be performed during the financial year. As a matter of practice, external audit firms’ services should be contracted for terms of at least three years (with maximum duration of five years) to ensure continuity and consistency in the evaluation process. Moreover, the selection criteria should not be based solely on cost and selection should be made during the first or early second quarter of the year. 91. Supervisory boards in the state commercial banks, as a matter of practice, do not meet with the external auditors in order to receive audit results and to discuss audit concerns. Interaction with the audit board is also limited or not at all. The point of contact for the external auditors is most often bank management. This indicates a lack of recognition by these bodies of the importance of this function to the prudent operation of the bank as well as to their ability to conduct their business responsibly. It also compromises the independence of the function. BARS 17 ROSC Accounting and Auditing 2010. 30 should require such meetings, if the bodies do not initiate it themselves. Record of such meetings could be disclosed in banks’ annual report. 92. BARS has no power to appoint an external audit firm at the bank’s expense if the bank has not selected its auditor by a certain date. However, banks are required to obtain approval from BARS for the appointment of their external auditor. Moreover, BARS has not developed clear and transparent criteria for approving audit firms (such as qualification of the auditors, reputation of the firm, size of the firm). The “Decision on the scope, form and content of the audit report” enumerates required details for the external audit report. However, BARS needs to further develop staff specialized in IFRS and relevant international audit standards in order to assess quality of banks’ external audit reports. 93. Transactions with state-owned enterprises are not treated as related party transactions. According to the banks, transactions with the MoF are treated as related-party transactions. However, transactions with municipalities or state-owned enterprises are treated as normal transactions. The management of the institutions explained, however, that all loan applications, including related-parties and government entities, go through the same credit approval process. If the applicant (even if it is the state) does not meet the credit worthiness and risk criteria, a loan will not be extended. Definitions of related parties for state banks’ should be expanded to include all governmental entities. Related party transactions should be disclosed in compliance with internationally recognized standards, go through a specific approval process (i.e. approved by independent directors only). 94. Non-financial disclosure by the three banks requires significant improvement. Banks are required to produce financial statements in compliance with IFRS; however, non-financial disclosures are poor. Consistently, disclosures in annual financial reports or on individual websites do not present supervisory board members and biographical information, individual supervisory board and senior management remuneration. G. Audit Function 95. While the three banks report they have an internal audit function that reports to the supervisory board, as required by law and regulation, in practice, the function appears to lack adequate independence. Consistent with the law, all banks indicated that the head internal auditor is appointed, remunerated and evaluated by the supervisory board. However, the audit board monitors internal audit operations and external audit results, but does not interact regularly with the supervisory board. In most cases, the internal auditor does not interact with the supervisory board. 96. Virtually all internal audit departments of state banks suffer from understaffing. The staffing and professional requirements of banks’ audit departments reflect the broader auditing 31 profession in the RS which has been slow to develop. Audit department staff range from one to three. Given the level of staffing and low level of experience as well as the condition of some of the institutions, internal audit departments are not likely to have the resources necessary to comprehensively cover bank operations with a high level of quality. H. Risk Function 97. The development of risk strategy, effective risk oversight, and a sound control framework is one of the most critical roles for which bank boards are responsible. Independent risk oversight processes (internal audit, risk management, compliance) are an important instrument of the board to ensure that its strategies, risk thresholds, and policies are communicated, monitored, and respected. If boards are adequately empowered to set business strategy and the risk parameters necessary to accomplish that strategy, then the risk management function becomes an important tool for it to understand the success of its directions and the soundness of the institution. Having a strong risk management function allows the board, then, to discharge its duty to oversee the performance of the institution. 98. Risk management is a very nascent function in state banks and should be further strengthened. The risk management function in the state domestic sector is a relatively new concept; the functions have been formed but currently conduct a credit analysis role for the lending function along with periodic portfolio monitoring. Banks also indicate that the function also determines the classification of credit. The process provides an opinion or credit analysis support rather than performing formalized monitoring and reporting function. The head of the function is accountable to senior management and currently are not independent. Sound credit risk management practices are typically constituted by a secondary surveillance function with a direct communication link to the board and which continually monitors and periodically tests portfolio credit quality. There is no legal requirement requiring banks to establish an independent risk management function that reports directly to the supervisory board. Over time, supervisory boards should assure an independent risk management function and should regularly interact with the risk management apart from management. 32 DETAILED RECOMMENDED ACTIONS Table 1. Bosnia and Herzegovina: FSAP Key Recommendations – Federation of Bosnia and Herzegovina Recommendations and Authority Responsible for Implementation Time18 Legal, Regulatory and Supervisory Recommendations Regulatory and Supervisory Powers: FBA, I  Either amend the Law on DBFBiH and the Decree on DBFBiH to allow the FBA full MoF supervisory responsibilities or oblige the Supreme Audit Authority to annually undertake a full-scope review of DBFBiH accounts.  Amend the Law on Banks and its implementing regulations to require the FBA to issue clear, objective and transparent criteria for the approval process of external auditing firms and for what constitutes an adequate external audit.  Amend the Law on Banks and its implementing regulation to allow the FBA to appoint an external audit firm by default in case banks have not appointed an external audit firm 30 days after the annual shareholders meeting. Bank Ownership – Professionalization of investment management: MoF I Ownership Entity  Create a centralized ownership entity in charge of overseeing all the state’s enterprises including those in the financial sector. Monitoring Performance:  In order to efficiently monitor the performance of state banks and SOEs in general, the state should create a monitoring unit within the ownership entity. Taking into consideration that the monitoring unit will be analyzing data that comes from financial and non-financial indicators, particularly in the case of state banks, it is paramount that it is properly staffed and is composed of professionals with the right skills and qualifications to effectively perform its mandate.  For each investment or intervention, develop specific mandates, strategies and goals to clarify accountability, identify the scope of public policy objectives or other special obligations, and provide a basis for discussing more specific targets for the bank’s operations.  Sign performance agreements between the ownership unit and the supervisory board with key performance indicators to formalize the commitment of the enterprise to meet the goals and objectives set by the ownership unit. Selection Criteria of supervisory board members – policy measures:  Strengthen the supervisory board member selection process of state banks and development banks by changing the composition of the recruitment committee to include competent and independent individuals from both private and public sectors and consult existing board members to target needed skills.  Reduce the number of civil servants serving as directors to a strict minimum and appoint more independent directors from the private sector (both national and foreigners).  In case the pool of candidates from the private sector is limited and directors must be civil servants, they should be appointed on the basis of skills relevance, and should not serve as 18 I-Immediate” is within one year; “NT -near-term” is 1–3 years; “MT-medium-term” is 3–5 years. 33 chairman of the board or CEO of the company. Moreover, they must go through similar performance evaluation procedures.  Limit the number of terms to a maximum of two terms of three years each and ensure that terms are staggered. Selection Criteria of supervisory board members – implementation measures:  As a first step, an independent selection panel could be set up, composed of independent board members from the private and public sectors.  Where qualified individuals are not available due to the size and development of the private sector, non-conflicted civil servants from other parts of the government that are not otherwise connected to the state bank could be allowed as an “independent” director on the board to bring a different perspective.  Independent directors can be phased-in, starting with the most important state banks, and, over time, be gradually increased to a significant number of such directors and eventually to a majority of directors.  Build databases of potential directors. Such databases can be one of the ownership unit’s most valuable tools for professionalizing state bank and SOE boards in general. Strengthening the Law on Banks, the Law on Enterprises, Law on DBFBiH and Law on MoF, Accounting: FBA  The laws on banks, enterprises and DBFBiH should be modified to make the audit board a subcommittee of the supervisory board instead of distinct corporate body.  The laws on banks, enterprises and DBFBiH should be amended to require the appointment of at least two independent supervisory board members in bank boards.  The laws on banks, enterprises and DBFBiH should limit to 40 percent the number of supervisory members representing the state in state-owned banks.  The Law on Banks should be modified to require banks to appoint the external audit firm for a term of at least three years (and no more than five years).  The Law on Accounting should be updated to reflect the latest amendments to IFRS standards since 2005. Moreover, the updated IFRS standards should be properly translated into local language to ensure its proper compliance and implementation. Corporate Governance Code/Regulation for Banks: 19 FBA NT The FBA should lead a collaborative effort (among banks and market participants) to develop a corporate governance regulation for the banking system. The regulation should leverage existing legislation but address the gaps that exist. It should holistically convey the nature and objectives of sound governance and enumerate key requirements for sound governance.  Training for bankers and the FBA should be conducted, in part to explain the benefits and repercussions of implementing or not implementing the regulation.  The FBA should require banks to evaluate the status of their own corporate governance against the new regulation and prepare reform plans that are forwarded to the FBA. The FBA should convey to the banks its process of monitoring and follow up.  The regulation should address, inter alia: 19 The FBA has issued a number of corporate governance-related Decisions (Conscientious Behavior of Members of Bank's Bodies, Assessment of Members of Bank's Bodies, Remuneration Policy and Practices for Bank Employees). Banks are expected to implement the abover mentioned Decisions at the beginning of 2014. 34  Expectations for a strong governance environment and risk culture, i.e. the need for the bank’s key parties (owners, board members, management) to act with integrity and in the best interest of all stakeholders, not only owners.  The proper, distinct roles of ownership, supervisory board oversight, and management to establish the responsibilities and accountabilities of each function. The separation of ownership and control should be clearly set out.  Board professionalism, objectivity, and independence. The code should encourage banks to identify ways to enhance board professionalism including identifying ways to attract the necessary talent to boards, particularly independent board members – possibly from abroad. Over the medium term, the proportion of independent, qualified members should be increased.  The role and importance of a strong strategic planning process at the board level. The process should explicitly address the risk considerations of business plans and projected growth areas, the adequacy of existing risk and internal control functions, and the need to correlate risk management and internal audit capacity with growth. Success and performance indicators should be established.  The requirement for independent control functions that are adequately staffed and resourced and which can serve as a tool for the board to monitor the management, condition, and performance of the bank.  Improved transparency and disclosure of financial and nonfinancial information – throughout the year as well as annually.  The requirement to rotate audit firms – or lead audit partners assigned to the subject bank - to help preserve the independence of the external audit function.  The requirement for boards to conduct a self-assessment of the board function and its effectiveness at least annually. Outside parties might be considered for this as well.  The requirement for boards to evaluate the overall corporate governance structure and function periodically. Outside parties might be considered for this as well. State Bank-Specific Recommendations Board Induction Training: MoF, NT  Although all supervisory board members of state banks go through a complex certification FBA process at the chamber of commerce, both state banks should organize at the bank level induction trainings for newly recruited supervisory board members. This way, new supervisory board members will better understand the institutions and be up to speed rapidly to fulfill effectively their mandate. Supervisory Board Composition MoF, I  Modify the role of the supervisory board to evolve into a leadership role away from a FBA compliance oriented function.  Change the composition of state banks’ supervisory boards to be composed of a majority of independent members with sector specific skills. Risk Management: MoF, I  Commensurate with the size and complexity of the bank, credit accountability systems should FBA be implemented which require relationship managers to flag borrower issues early in the life of the credit. Risk management functions should serve as “second lines of defense” and evaluate, monitor, and report risk issues. 35  Risk management should not be directly involved in the approval of credit. This compromises the unit’s ability to independently flag risk concerns.  Operational and market risks should be addressed (measured and monitored) by an independent risk management function.  Risk control and management reporting lines to the board should be established; commensurate with the size and complexity of the bank, a chief risk officer should be appointed and his/her independence from the business line should be assured by the board.  All control functions (risk management, internal audit, and compliance) should meet periodically with the board without executive directors or management present. Internal Audit: MoF, I Internal audit functions require substantial upgrade: FBA  Independent reporting lines directly to the supervisory board should be emphasized.  The chief internal auditor should periodically, at least twice a year, report directly to the supervisory board without the presence of the managing director, other executive board members, or management.  The stature and authority of the chief internal auditor and audit department should be elevated and assured, including:  filling vacant chief internal auditor positions in banks;  board (or audit committee) appointment and board involvement if the chief internal auditor is dismissed;  Supervisory board-conducted performance evaluation for the chief internal auditor ;  sufficient remuneration of the chief internal auditor and audit staff;  adequate resources including staffing and systems;  appropriate organizational positioning of the audit department;  auditing access to all areas of the bank; and  auditing risk management and compliance functions as well as subsidiary operations  Audit planning should also consider the business activity planned in the strategic plan.  Audit staff should receive periodic and ongoing training. Related Party Transactions (including transactions with state-owned enterprises and other MoF, I government entities): FBA  Transactions with state-owned enterprises and other government entities (including municipalities) should be treated as related-party transactions and disclosed in compliance with internationally recognized accounting standards.  Banks should likewise be responsible for implementing a methodical system through which related parties are identified, flagged in the course of banking business, evaluated, and monitored.  The FBA should monitor these transactions and take appropriate action in case of violations. Disclosure and Transparency: FBA, I Disclosure standards should be upgraded. Nonfinancial disclosures are insufficient and should be MoF expanded to address, inter alia:  Related party transactions, transactions with state-owned enterprises and other government entities (including municipalities)  Board member and management biographical information  Director and senior management remuneration (direct and indirect) 36 Table 2. Bosnia and Herzegovina: FSAP Key Recommendations – Republic of Srpska Recommendations and Authority Responsible for Implementation ¶ Time1 Legal, Regulatory and Supervisory Recommendations Regulatory and Supervisory Powers: BARS, I  Amend regulations to include clear, objective and transparent criteria for the approval process MoF of external auditing firms; BARS should continue its efforts to monitor external audit quality by building staff specialized in IFRS and relevant international standards that govern banks’ audit reports. Amend the Law on Banks and its implementing regulations to allow the BARS to appoint an external audit firm by default in case banks have not appointed an external audit firm 30 days after the annual shareholders meeting. Strengthening the Law on Banks, the Law on Enterprises, Law on IDBRS and Law on MoF, Accounting: BARS  The laws on banks, enterprises and IDBRS should be modified to make the audit board a subcommittee of the supervisory board instead of distinct corporate body.  The laws on banks, enterprises and IDBRS should be amended to require the appointment of at least two independent supervisory board members in bank boards.  The laws on banks, enterprises and IDBRS should limit, to 40 percent, civil servants serving as supervisory board members.  The Law on Banks should be modified to require banks to appoint the external audit firm for a term of at least three years (and no more than five years).  The Law on Accounting should be updated to reflect the latest amendments to IFRS standards since 2009. Moreover, the updated IFRS standards should be properly translated into local language to ensure its proper compliance and implementation. Corporate Governance Code/Regulation for Banks: BARS NT The BARS should lead a collaborative effort (among banks and market participants) to develop a corporate governance regulation for the banking system. The regulation should leverage existing legislation but address the gaps that exist. It should holistically convey the nature and objectives of sound governance and enumerate key requirements for sound governance.  Training for bankers and the BARS should be conducted, in part to explain the benefits and repercussions of implementing or not implementing the regulation.  The BARS should require banks to evaluate the status of their own corporate governance against the new regulation and prepare reform plans that are forwarded to the BARS. The BARS should convey to the banks its process of monitoring and follow up.  The regulation should address, inter alia:  Expectations for a strong governance environment and risk culture, i.e. the need for the bank’s key parties (owners, board members, management) to act with integrity and in the best interest of all stakeholders, not only owners.  The proper, distinct roles of ownership, supervisory board oversight, and management to establish the responsibilities and accountabilities of each function. The separation of ownership and control should be clearly set out.  Board professionalism, objectivity, and independence. The code should encourage banks to identify ways to enhance board professionalism including identifying ways to attract the necessary talent to boards, particularly independent board members – possibly from abroad. Over the medium term, the proportion of independent, qualified members should be increased. 37  The role and importance of a strong strategic planning process at the board level. The process should explicitly address the risk considerations of business plans and projected growth areas, the adequacy of existing risk and internal control functions, and the need to correlate risk management and internal audit capacity with growth. Success and performance indicators should be established.  The requirement for independent control functions that are adequately staffed and resourced and which can serve as a tool for the board to monitor the management, condition, and performance of the bank.  Improved transparency and disclosure of financial and nonfinancial information – throughout the year as well as annually.  The requirement to rotate audit firms – or lead audit partners assigned to the subject bank - to help preserve the independence of the external audit function.  The requirement for boards to conduct a self-assessment of the board function and its effectiveness at least annually. Outside parties might be considered for this as well.  The requirement for boards to evaluate the overall corporate governance structure and function periodically. Outside parties might be considered for this as well. IDBRS – Specific Recommendations Bank Ownership – Professionalization of the Management of State’s Investments - IDBRS Ownership entity IDBRS Monitoring of Investee Banks :  Expand the role of the monitoring unit, using staff with relevant and current skills, to monitor the government’s financial sector exposures, to evaluate financial institution performance, and to define an exit strategy for each equity and/or debt exposure.  Develop or refine the banks’ mandates, strategies and goals to clarify executive management accountability, identify the banks’ public policy objectives or other special obligations, and provide a basis for discussing more specific performance and business targets for the bank’s operations.  Sign agreements between the IDBRS ownership unit and the banks’ boards with key performance indicators to formalize the commitment of the subject bank (represented by the board) to meet the goals and objectives set by the ownership unit. Selection Criteria of Supervisory Board Members – Policy Measures:  Strengthen the supervisory board member selection process of state banks and the IDBRS by changing the composition of the recruitment committee to include competent and independent individuals from both private and public sectors and consult existing board members to target needed skills.  Reduce the number of civil servants serving as board members to a strict minimum and appoint more independent directors from the private sector (both national and foreigners).  In case the pool of candidates from the private sector is limited and directors must be civil servants, they should be appointed on the basis of skills relevance, and should not serve as chairman of the board or CEO of the company. Moreover, they must go through similar performance evaluation procedures.  Limit the number of terms to a maximum of two terms of four years each and ensure that terms are staggered. 38 Selection Criteria of supervisory Board members – Implementation Measures:  As a first step, an independent selection panel could be set up, composed of independent board members from the private and public sectors.  Build databases of potential directors. Such databases can be one of the ownership unit’s most valuable tools for professionalizing state bank and SOE boards in general. Disclosure and Transparency:  In the case of the IDBRS, the annual report and funds’ laws should also be presented in English consistent with the rest of the website and international best practice. Internal and External Audit  The IDBRS, including all the funds, should be subject to annual reviews by the supreme audit agency. The position of Chief Internal Auditor at the IDBRS should become a full time position. State Commercial Bank-Specific Recommendations Board Induction Training: MoF, NT  State banks should organize induction training for newly recruited supervisory board IDBRS members. This way, new supervisory board members will better understand the institutions and be up to speed rapidly to fulfill effectively their mandate. Board Member Training:  As a part of boards’ ongoing efforts to remain abreast of current developments and issues within the financial sector as well as to gain additional insights into more technical aspects of the sector and their banks, members and senior executives should identify and attend (or host) periodic workshops and relevant knowledge updates on a regular basis. Supervisory Board Composition MoF, I  Modify the role of the supervisory board to evolve into a leadership role away from a compliance IDBRS oriented function.  Change the composition of state banks’ supervisory boards to be composed of a majority of independent members with sector specific skills. Risk Management: IDBRS, I  Commensurate with the size and complexity of the bank, credit accountability systems should BARS be implemented which require relationship managers to flag borrower issues early in the life of the credit. Risk management functions should serve as “second lines of defense” and evaluate, monitor, and report risk issues.  Risk management should not be directly involved in the approval of credit. This compromises the unit’s ability to independently flag risk concerns.  Operational and market risks should be addressed (measured and monitored) by an independent risk management function.  Risk control and management reporting lines to the board should be established; commensurate with the size and complexity of the bank, a chief risk officer should be appointed and his/her independence from the business line should be assured by the board.  All control functions (risk management, internal audit, and compliance) should meet periodically with the board without executive directors or management present. Internal Audit: IDBRS, I Internal audit functions require substantial upgrade: BARS  Supervisory boards should fully implement the Decision on Internal Audit.  Independent reporting lines directly to the supervisory board should be emphasized. 39  The chief internal auditor should periodically, at least twice a year, report directly to the supervisory board without the presence of the managing director, other executive board members, or management.  The stature and authority of the chief internal auditor and audit department should be elevated and assured, including:  filling vacant chief internal auditor positions in banks;  board (or audit committee) appointment and board involvement if the chief internal auditor is dismissed;  Supervisory board-conducted performance evaluation for the chief internal auditor ;  sufficient remuneration of the chief internal auditor and audit staff;  adequate resources including staffing and systems;  appropriate organizational positioning of the audit department;  auditing access to all areas of the bank; and  auditing risk management and compliance functions as well as subsidiary operations  Audit planning should also consider the business activity planned in the strategic plan. Related Party Transactions (including transactions with state-owned enterprises and other MoF, I government entities): BARS  Transactions with state-owned enterprises and other government entities (including municipalities) should be treated as related-party transactions and disclosed in compliance with internationally recognized accounting standards.  Banks should likewise be responsible for implementing a methodical system through which related parties are identified, flagged in the course of banking business, evaluated, and monitored.  The BARS should monitor these transactions and take appropriate action in case of violations. Disclosure and Transparency: MoF I  Disclosure standards should be upgraded. Nonfinancial disclosures are insufficient and should be expanded to address, inter alia:  Related party transactions, transactions with state-owned enterprises and other government entities (including municipalities)  Board member and management biographical information  Director and senior management remuneration (direct and indirect) 40 Annex 1: Basel Committee Principles for Enhancing Corporate20 Governance in banking organizations, October 2010 Principle 1 The board has overall responsibility for the bank, including approving and overseeing the implementation of the bank’s strategic objectives, risk strategy, corporate governance and corporate values. The board is also responsible for providing oversight of senior management. Principle 2 Board members should be and remain qualified, including through training, for their positions. They should have a clear understanding of their role in corporate governance and be able to exercise sound and objective judgment about the affairs of the bank. Principle 3 The board should define appropriate governance practices for its own work and have in place the means to ensure that such practices are followed and periodically reviewed for ongoing improvement. Principle 4 In a group structure, the board of the parent company has the overall responsibility for adequate corporate governance across the group and ensuring that there are governance policies and mechanisms appropriate to the structure, business and risks of the group and its entities. Principle 5 Under the direction of the board, senior management should ensure that the bank’s activities are consistent with the business strategy, risk tolerance/appetite and policies approved by the board. Principle 6 Banks should have an effective internal controls system and a risk management function (including a chief risk officer or equivalent) with sufficient authority, stature, independence, resources and access to the board. Principle 7 Risks should be identified and monitored on an ongoing firm-wide and individual entity basis, and the sophistication of the bank’s risk management and internal control infrastructures should keep pace with any changes to the bank’s risk profile (including its growth), and to the external risk landscape. Principle 8 Effective risk management requires robust internal communication within the bank about risk, both across the organization and through reporting to the board and senior management. Principle 9 20 For more information, please visit: http://www.bis.org/publ/bcbs176.htm 41 The board and senior management should effectively utilize the work conducted by internal audit functions, external auditors and internal control functions. Principle 10 The board should actively oversee the compensation system’s design and operation, and should monitor and review the compensation system to ensure that it operates as intended. Principle 11 An employee’s compensation should be effectively aligned with prudent risk taking: compensation should be adjusted for all types of risk; compensation outcomes should be symmetric with risk outcomes; compensation payout schedules should be sensitive to the time horizon of risks; and the mix of cash, equity and other forms of compensation should be consistent with risk alignment. Principle 12 The board and senior management should know and understand the bank’s operational structure and the risks that it poses (ie “know-your-structure”). Principle 13 Where a bank operates through special-purpose or related structures or in jurisdictions that impede transparency or do not meet international banking standards, its board and senior management should understand the purpose, structure and unique risks of these operations. They should also seek to mitigate the risks identified (ie “understand-your-structure”). Principle 14 The governance of the bank should be adequately transparent to its shareholders, depositors, other relevant stakeholders and market participants. 42 Annex 2: OECD Guidelines on Corporate governance for State-Owned Enterprises21 Guideline 1: The legal and regulatory framework for state-owned enterprises should ensure a level-playing field in markets where state-owned enterprises and private sector companies compete in order to avoid market distortions. The framework should build on, and be fully compatible with, the OECD Principles of Corporate Governance. Guideline 2: The state should act as an informed and active owner and establish a clear and consistent ownership policy, ensuring that the governance of state-owned enterprises is carried out in a transparent and accountable manner, with the necessary degree of professionalism and effectiveness. Guideline 3: The state ownership policy should fully recognize the state-owned enterprises’ responsibilities towards stakeholders and request that they report on their relations with stakeholders. Guideline 4: The boards of state-owned enterprises should have the necessary authority, competencies and objectivity to carry out their function of strategic guidance and monitoring of management. They should act with integrity and be held accountable for their actions. 21 For more information, please visit: http://www.oecd.org/corporate/ca/corporategovernanceofstate- ownedenterprises/34803211.pdf 43