The enhanced focus on risk and supporting governance framework in banks should include three lines of defense, notes BIS.

Bank for International Settlements has published its updated guidelines on “Corporate Governance Principles for Banks” in July 2015 to underscore the critical role of the BoD and the board risk committees in strengthening risk governance at banks.

Bank’s Risk Governance Framework Needs Three Lines Of Defense: BIS

BIS’ revised CG principles for banks

The Basel Committee published “Principles for enhancing corporate governance” in October 2010 to reflect key lessons from the global financial crisis that began in 2007. However, in the light of ongoing developments in corporate governance, the committee has decided to revisit the 2010 guidance.

The revised guidance aims to explicitly reinforce the collective oversight and risk governance responsibilities of the board, besides emphasizing key components of risk governance such as risk culture, risk appetite and their relationship to a bank’s risk capacity.

The revised guidance includes 13 principles which should be implemented commensurate with the size, complexity, structure, economic significance, risk profile and business model of the bank and the group (if any) to which it belongs.

The first principle highlights a board’s overall responsibility for the bank, including approving and overseeing management’s implementation of the bank’s strategic objectives, governance framework and corporate culture.

The first principle envisages a risk governance framework to include well defined organizational responsibilities for risk management, typically referred to as the three lines of defense viz.: (a) the business line, (b) a risk management function and a compliance function independent from the first line of defense and (c) and internal audit function independent from the first and second lines of defense.

According to the revised guidance, the board should ensure that the risk management, compliance and internal audit functions are properly positioned, staffed and resourced and carry out their responsibilities independently, objectively and effectively.

Stressing the importance of board qualifications and composition, the second principal suggests a suitable board to carry out its responsibilities and have a composition that facilitates effective oversight through a sufficient number of independent directors.

Crucial role by the chair

The revised guidance emphasizes the chair of the board plays a crucial role in the proper functioning of the board. It suggests the chair encourage and promote critical discussion and ensure that dissenting views can be freely expressed and discussed within the decision-making process.

Thus, the third principle envisages the board to structure itself in terms of leadership, size and use of committees so as to effectively carry out its oversight role and other responsibilities.

Focusing on the role of senior management, the fourth principle suggests that under the direction and oversight of the board, senior management should carry out and manage the bank’s activities in a manner consistent with the business strategy, risk appetite, remuneration and other policies approved by the board.

Highlighting the importance of governance of group structures, the fifth principle suggests the board of the parent company should be aware of the material risks and issues that might affect both the bank as a whole and its subsidiaries.

The sixth principle envisages banks to have an effective independent risk management function, under the direction of a chief risk officer with sufficient stature, independence, resources and access to the board, while the seventh principle highlights risk identification, monitoring and controlling.

Underscoring the importance of risk communication, the eighth principle emphasizes ongoing communication about risk issues throughout the bank to promote strong risk culture, while the ninth principle suggests the bank’s board of directors to be responsible for overseeing the management of the bank’s compliance risk.

The tenth principle envisages bank to have a strong internal audit function with a clear mandate ro be accountable to the board and be independent of the audited activities, while the eleventh principle underscores the importance of compensation whereby the bank’s remuneration structure should support sound corporate governance and risk management.

Focusing on disclosure and transparency, the twelfth principle suggests banks in general should apply the disclosure and transparency section of the OECD principles. The last principle envisages supervisors to evaluate whether the bank has in place effective mechanisms through which the board and senior management execute their respective oversight responsibilities.

See full PDF below.