New guidelines ask banks to rethink internal governance

in Regulatory/Compliance, 04.07.2018

The financial crisis was a wakeup call for the whole financial industry. Among other things, it highlighted weaknesses in banks’ internal governance frameworks that hugely affected their abilities to face adverse situations. In reaction, international supervisory authorities have increasingly been emphasising internal governance.

And this emphasis is still strengthening with the development of the supervisory review and evaluation process (SREP), central to which is the assessment of internal governance and institution-wide controls. In this area, the European Central Bank looks at how well a bank’s internal governance framework suits its business model, risk profile, complexity, and size. It also evaluates the degree to which institutions adhere to the requirements and standards of good internal governance and risk control.

New EBA guidelines on internal governance

In order to improve and further harmonise practices, processes, and mechanisms on internal governance within the EU, and in accordance with CRD IV,[1] the EBA has revised its Guidelines on Internal Governance. The new version entered into force on 30 June 2018.

The new guidelines enhance the roles and responsibilities of the management body in its supervisory function as well as those of the risk management function. They strengthen the information flow between risk management and the management body and give more emphasis to the “know your structure” principle (transparency of complex structures), the establishment of a sound risk culture and code of conduct, and managing conflicts of interest.

The adherence of the institutions’ internal governance framework to the new guidelines will be subject to the assessment of the ECB as part of the SREP.

ESMA and EBA’s joint guidelines on suitability

In the same context, and as required by MiFID II[2] and CRD IV,[3] ESMA and the EBA have jointly published guidelines on how to assess the suitability of the management body and of key function holders. These guidelines also went into force on 30 June 2018.

The criteria include consideration of, in both individual and collective terms, knowledge, skills, experience, repute, honesty, integrity, independence of mind, diversity, and time commitment.

Special attention is given to the behavioural skills of the management body members, both collectively and individually. Collectively, the management body in its supervisory function should be able to challenge the practices and decisions taken by the management body in its management function. Individually, members should possess “independence of mind”, a characteristic that goes beyond mere independence. It means that, in particular during discussion and decision-making, each member should be able to make his/her own sound, objective, and independent judgments and decisions; in other words, able to resist “group-thinking”.

Soft skills like authenticity, decisiveness, external awareness, strategic acumen, and stress resistance must also be generally assessed, which could prove challenging.

Furthermore, the guidelines identify training as a central element in ensuring the initial and ongoing suitability of management body members. Institutions are required to establish specific training policies for the management body and to allocate appropriate financial resources to training sessions.

Finally, the guidelines also oblige institutions to record in writing the roles, duties, necessary capabilities, and expected time commitment of each position within the management body.

How we can help

Need help meeting these new governance requirements? We offer the following services:

  • evaluation of the effectiveness of your existing governance framework and its compliance with the new requirements
  • evaluation of your current assessment processes and their compliance with the new requirements
  • help with designing new processes and policies
  • help with performing suitability assessments of board members and key function holders according to the new guidelines
  • collective and individual training modules specifically designed for management body members and key function holders

Next up on the KPMG Blog:


[1] Article 74
[2] Article 9 (1)
[3] Article 91 (12)


Leave a Reply

This blog is pre-moderated which means that all comments are reviewed by a moderator before they appear. KPMG reserves the right not to publish any comments made.