Response to consultation on Guidelines on internal governance (revised)
Go back
Par. 24.i. provides that the management body should monitor the implementation of the audit plan. We think that this should be the task of audit committee rather than of the whole board. The reason we have committees is to allow them to assume a number of control tasks that would significantly cram the agenda of the whole board and deflect from its focus on strategy. Monitoring the implementation of the audit plan is one such task. While the board should receive a regular (quarterly) report from internal audit via the audit committee on significant audit findings, the task of continuous monitoring of audit plan implementation (and the quality of the audit function) should be delegated fully to the audit committee.
Par. 43. requires members of the risk committee to have individually (and collectively) appropriate knowledge, skills and professional experience concerning risk management, and/or control practices. We believe that by requiring each individual member of the risk committee to be a “risk technician” the Guidelines may unintentionally narrow the talent spectrum for the whole board. The need to maintain a broad spectrum (i.e. diversity of knowledge, skills and experience) might in turn result in an increase of the board’s size—something that supervisors clearly want to discourage. Expert-only composition may also render the committee more prone to group think. Our view is that the requirement to collectively possess such skills would suffice and would allow other skills on the committee (for example, an experienced finance academic, or a former bank CEO).
Par. 44. provides that, “members of the management body in its supervisory function should not chair as a general principle multiple committees unless this is justified taking into account the overall composition and experience, knowledge and skills of the management body.” While we are familiar with the BCBS guidance on this point, we believe that there should be no principle in this respect for a number of reasons.
Firstly, we feel that this approach belies a misunderstanding of the raison d’etre of committees. Committees are there to: (a) develop proposals in areas in which, if the whole board were to assume the relevant task, important conflicts of interest might arise; and (b) save the board time and “make its life easier” by probing deeper into certain categories of issues important to the board’s decision making. None of these two reasons justifies a prohibition of dual chairmanship. There do not seem to be any conflicts per se if the chairman of the audit committee were to also become the chairman of the risk committee or of the remuneration committee, as long as he or she has the time to do it. The view that committees should somehow control each other, expressed at the Guideline hearing in January by the EBA staff, is in our opinion misplaced. Committees are not and should not be “opposed” to each other nor are they there to control each other and the board. Challenge at board level comes from individual board members not from sub-bodies lest we end up with a perpetual talking shop and different “parties” within the board which significantly undermine effective decision making.
Secondly, we feel that some concentration of power (albeit not excessive) within the independent NED (supervisory) function on the board is a good rather than a bad thing. It allows the emergence of a true balance of power between NEDs and executives (or specific shareholder representatives) and therefore promotes effective challenge.
Thirdly, multiple committee chairmanship might be one way of avoiding silos within the board and ensuring that in certain key areas committee work is well-coordinated.
Fourthly, this practice might be yet another way to keep board’s size within reasonable levels.
Therefore, we suggest that the Guidelines should change the tenor of this provision, allowing multiple chairmanships as a general rule except when it may create conflicts.
We also believe that the Guidelines should explicitly state that the board chairman should not chair committees as his/her objectivity in guiding individual challenge at board level could be impaired. There should be an exception for the nomination committee whose sole task is to ensure adequate board composition and functioning. These are (or should be) also the primary tasks of the (non-executive) Chairman. He/she should therefore be allowed and even encouraged to “drive” the work of the nomination committee. This is the approach taken by the UK Code on Corporate Governance and it has proven to be very effective in practice.
We believe that many of the required processes enumerated in Par. 46. (we assume that they are required through the use of “should”), are mostly relevant for risk rather than nomination committees. The latter rarely need control function inputs or risk profile and control remedial information. In contrast they might require inputs from HR and others. We suggest that the two committees’ processes are treated differently in the Guidelines.
The same need to distinguish between the two functions of the management body might be detected in other parts of the Guidelines, for example in Par. 58 and 90. While the awkward distinction between the two “functions” (mostly unknown in the company law of unitary board jurisdictions) is imposed by CRD IV, we feel that the EBA should make an effort to be more precise in using this distinction. In fact, an alternative approach of treating unitary boards separately from two-tier ones throughout might have been more accurate and transparent.
According to Par. 125.c. “… the head of an internal control function is not subordinate to a person who has a responsibility for managing the activities that the internal control function monitors and controls.” Par. 176 requires the compliance function to be independent of the business lines and internal units, but allows it to be combined with risk management or the legal division. We agree that compliance could be slotted within other existing functions. It is however confusing to state that its head cannot be subordinate to the head of a function it controls. Clearly, both risk management and legal have compliance responsibilities that might (and should) be included in the compliance plan. In our view, the meaning/definition of “independence” as regards compliance and risk management is different from the one applicable to the internal audit function: in the former case, it is independence from business lines and client facing units combined with direct access to the board (via a committee); in the latter case, it is independence from executive management and direct reporting to the board and its audit committee.
Question 3: Are the guidelines in Title I regarding the role of the management body appropriate and sufficiently clear?
Par. 24.d. states that, “the management body in its supervisory function should challenge and review critically and constructively proposals and information provided by members of the management body in its management function as well as its decisions.” We agree with the EBA that good boards have strong board dynamics, characterised by openness, a spirit of collaboration between senior executives and board directors, and above all constructive challenge. The intellectual rigor created by challenging questions leads to reaching informed decisions and make the boards more effective. However, we think that the ad hoc challenge of decisions made by another properly delegated body, as this provision seems to suggest, is counterproductive. Firstly, it undermines the authority of the management board (or CEO/executive committee). Secondly, it creates more work for the non-executives on the board who are struggling to accommodate increasing oversight requirements and the need of a growing list of retained authorities. The ex-post assessment of the management decisions should be instead part of the regular executive evaluation process, not subject to constant second guessing by the (supervisory) board.Par. 24.i. provides that the management body should monitor the implementation of the audit plan. We think that this should be the task of audit committee rather than of the whole board. The reason we have committees is to allow them to assume a number of control tasks that would significantly cram the agenda of the whole board and deflect from its focus on strategy. Monitoring the implementation of the audit plan is one such task. While the board should receive a regular (quarterly) report from internal audit via the audit committee on significant audit findings, the task of continuous monitoring of audit plan implementation (and the quality of the audit function) should be delegated fully to the audit committee.
Par. 43. requires members of the risk committee to have individually (and collectively) appropriate knowledge, skills and professional experience concerning risk management, and/or control practices. We believe that by requiring each individual member of the risk committee to be a “risk technician” the Guidelines may unintentionally narrow the talent spectrum for the whole board. The need to maintain a broad spectrum (i.e. diversity of knowledge, skills and experience) might in turn result in an increase of the board’s size—something that supervisors clearly want to discourage. Expert-only composition may also render the committee more prone to group think. Our view is that the requirement to collectively possess such skills would suffice and would allow other skills on the committee (for example, an experienced finance academic, or a former bank CEO).
Par. 44. provides that, “members of the management body in its supervisory function should not chair as a general principle multiple committees unless this is justified taking into account the overall composition and experience, knowledge and skills of the management body.” While we are familiar with the BCBS guidance on this point, we believe that there should be no principle in this respect for a number of reasons.
Firstly, we feel that this approach belies a misunderstanding of the raison d’etre of committees. Committees are there to: (a) develop proposals in areas in which, if the whole board were to assume the relevant task, important conflicts of interest might arise; and (b) save the board time and “make its life easier” by probing deeper into certain categories of issues important to the board’s decision making. None of these two reasons justifies a prohibition of dual chairmanship. There do not seem to be any conflicts per se if the chairman of the audit committee were to also become the chairman of the risk committee or of the remuneration committee, as long as he or she has the time to do it. The view that committees should somehow control each other, expressed at the Guideline hearing in January by the EBA staff, is in our opinion misplaced. Committees are not and should not be “opposed” to each other nor are they there to control each other and the board. Challenge at board level comes from individual board members not from sub-bodies lest we end up with a perpetual talking shop and different “parties” within the board which significantly undermine effective decision making.
Secondly, we feel that some concentration of power (albeit not excessive) within the independent NED (supervisory) function on the board is a good rather than a bad thing. It allows the emergence of a true balance of power between NEDs and executives (or specific shareholder representatives) and therefore promotes effective challenge.
Thirdly, multiple committee chairmanship might be one way of avoiding silos within the board and ensuring that in certain key areas committee work is well-coordinated.
Fourthly, this practice might be yet another way to keep board’s size within reasonable levels.
Therefore, we suggest that the Guidelines should change the tenor of this provision, allowing multiple chairmanships as a general rule except when it may create conflicts.
We also believe that the Guidelines should explicitly state that the board chairman should not chair committees as his/her objectivity in guiding individual challenge at board level could be impaired. There should be an exception for the nomination committee whose sole task is to ensure adequate board composition and functioning. These are (or should be) also the primary tasks of the (non-executive) Chairman. He/she should therefore be allowed and even encouraged to “drive” the work of the nomination committee. This is the approach taken by the UK Code on Corporate Governance and it has proven to be very effective in practice.
We believe that many of the required processes enumerated in Par. 46. (we assume that they are required through the use of “should”), are mostly relevant for risk rather than nomination committees. The latter rarely need control function inputs or risk profile and control remedial information. In contrast they might require inputs from HR and others. We suggest that the two committees’ processes are treated differently in the Guidelines.
Question 6: Are the guidelines in Title IV regarding the internal control framework appropriate and sufficiently clear?
Par. 116. provides that “the management body is responsible for establishing and monitoring the adequacy and effectiveness of the internal control framework…”. We believe that it is important from the Guidelines perspective to separate and treat differently the two tasks (i.e. establishing and monitoring controls). The former is the task of the management body in its management function while the second one is the task of the management body in its supervisory function. Not separating the two might result in the wrong kind of supervisory pressure on unitary boards, i.e. to assign the establishment of controls to their audit committees. This is a slippery slope, which might lead to few non-executives assuming responsibility for important tasks that they cannot possibly fulfil, thus weakening rather than strengthening internal control.The same need to distinguish between the two functions of the management body might be detected in other parts of the Guidelines, for example in Par. 58 and 90. While the awkward distinction between the two “functions” (mostly unknown in the company law of unitary board jurisdictions) is imposed by CRD IV, we feel that the EBA should make an effort to be more precise in using this distinction. In fact, an alternative approach of treating unitary boards separately from two-tier ones throughout might have been more accurate and transparent.
According to Par. 125.c. “… the head of an internal control function is not subordinate to a person who has a responsibility for managing the activities that the internal control function monitors and controls.” Par. 176 requires the compliance function to be independent of the business lines and internal units, but allows it to be combined with risk management or the legal division. We agree that compliance could be slotted within other existing functions. It is however confusing to state that its head cannot be subordinate to the head of a function it controls. Clearly, both risk management and legal have compliance responsibilities that might (and should) be included in the compliance plan. In our view, the meaning/definition of “independence” as regards compliance and risk management is different from the one applicable to the internal audit function: in the former case, it is independence from business lines and client facing units combined with direct access to the board (via a committee); in the latter case, it is independence from executive management and direct reporting to the board and its audit committee.