The recent financial crisis has accentuated the importance and relevance of sound and robust internal governance systems for credit institutions. It is therefore pertinent to consider the general framework of internal governance applicable to credit institutions licensed in Malta.

Internal governance is entrenched in the Banking Act (Chapter 371 of the Laws of Malta). Article 17B of the act establishes that every credit institution must put in place robust governance arrangements, which include:

  • a clear organisation with well-defined, transparent and consistent lines of responsibility;
  • effective processes to identify, manage, monitor and report the risks that it is (or might be) exposed to;
  • adequate internal control mechanisms, including sound administrative and accounting procedures; and
  • remuneration policies and practices that are consistent with and promote sound and effective risk management.

Such arrangements, processes and mechanisms must be comprehensive and proportionate to the nature, scale and complexity of the credit institution's activities.

Internal governance is also one of the main facets of Banking Rule 12 - the supervisory review process of credit institutions authorised under the act. Under the rule, internal governance aims to ensure that an institution's management body is explicitly and transparently responsible for the bank's business strategy, organisation and internal control. The rule further provides that the main building blocks of internal governance are:

  • setting the bank's business objectives and its appetite for risk;
  • the manner in which the business of the organisation is organised;
  • the manner in which responsibilities and authority are allocated;
  • the manner in which reporting lines are organised and the information they convey; and
  • the organisation of internal controls.

Appendix 1 of the rule details the general framework of internal governance applicable to credit institutions licensed in Malta. The appendix is divided into four sections:

  • corporate structure and organisation;
  • the management body;
  • internal controls; and
  • public disclosure and transparency.

In the context of internal controls, credit institutions should have a corporate structure that is transparent and organised in a way that promotes and demonstrates the effective and prudent management of the credit institution, both on a solo basis and at a group level. Reporting lines and allocation of responsibilities should be clear, precise, well defined, transparent, coherent and enforced.

The appendix also covers the responsibilities of the management body with respect to internal governance. The importance of documented procedures setting out the institution's business objectives, risk strategies and risk profile is also highlighted. These strategies and the policies should be transmitted and made available to all relevant staff in order to ensure effective implementation thereof.

Systematic and regular review of these strategies and policies is another central aspect of internal governance systems and their effectiveness. Internal control systems developed by the management body must ensure adequate segregation of duties to prevent conflicts of interest. The relationship between internal controls and the distribution of both internal capital and funds necessary and adequate to cover the risks of the credit institution is also emphasised.

The management body's role in the context of internal governance is also extended to:

  • the selection, compensation, monitoring and planning of the succession of key executives; and
  • the promotion of high ethical and professional standards and an internal control structure.

Based on the principle of proportionality, banks should establish the following three control functions:

  • compliance;
  • internal audit; and
  • risk management.

As described in Appendix 1, these three functions should be independent of other business lines that they monitor in order to ensure effective supervision. The three functions should also be independent of each other.

Internal controls can be effective only if the bank establishes and maintains management information systems that cover the full range of the bank's activities. Naturally, management decision-making could be adversely effected by unreliable or misleading information.

Finally, credit institutions should meet the generally agreed transparency requirements in the conduct of their business and present their current position and future prospects in a balanced, accurate and timely manner. This ensures that internal governance systems are subject to the necessary scrutiny, in addition to the applicable supervisory requirements to which the credit institution itself is subject.

For further information on this topic please contact Adrian Cutajar at Simon Tortell and Associates by telephone (+356 21 227974), fax (+356 21 223567) or email ([email protected]).