On 23 December 2013, the Central Bank of Ireland (Central Bank) published a revised Corporate Governance Code for Credit Institutions and Insurance Undertakings 2013 (the 2013 Code). The 2013 Code contains the minimum requirements that a relevant institution must meet in order to promote strong and effective governance.
The 2013 Code will apply to all credit institutions and insurance undertakings (including reinsurers but excluding captives) licenced by the Central Bank and will replace the existing Corporate Governance Code for Credit Institutions and Insurance Undertakings 2010 (the 2010 Code).
The 2013 Code will apply from 1 January 2015 (on a mandatory, rather than a 'comply and explain' basis).
Institutions within scope (the Institutions) should carry out a gap analysis to assess what action needs to be taken in order to implement the 2013 Code's provisions within the timeframe mentioned above. Further details regarding the revisions made in the 2013 Code are set out under 'Synopsis of Key Changes' and 'Additional Points of Interest' below.
Consultation and Feedback Statement
The Central Bank has published all submissions received in response to its consultation on the revisions, as well as a Feedback Statement (FS). The FS sets out the Central Bank's rationale for the inclusion/exclusion of certain of its proposed changes. It also incorporates a number of questions (and responses) which will be included in a frequently asked questions (FAQ) document to be published by the Central Bank (no indication has been given as to timing).
In many cases, the Central Bank has reflected stakeholder concerns/comments (e.g. in relation to the Chief Risk Officer, the required minimum annual number of Board meetings and cross-membership of Board Committees (Committees)). In a number of areas, stakeholder concerns/comments were not reflected (e.g. regarding suggestions by stakeholders relating to large international groups having Irish subsidiaries, such as proposals to further relax the position regarding the holding of multiple positions by a Chairman or Chief Executive Officer (CEO)).
Synopsis of Key Changes
The Central Bank has aligned certain of the terminology in the 2013 Code with PRISM (the Central Bank's Probability Risk and Impact SysteM). The 2013 Code restricts the applicability/flexibility of certain provisions of the 2013 Code to particular categories of institution under PRISM (i.e. High Impact, Medium-High Impact, Medium-Low Impact and Low Impact).
- Chief Risk Officer
Institutions within scope must appoint a Chief Risk Officer (CRO) with:
- Distinct responsibility for the risk management function, for maintaining and monitoring effectiveness of the institution's risk management system and promoting sound and effective risk management.
- 'Relevant expertise, qualifications and background' or to undertake 'relevant and timely' training.
- Sufficient seniority and independence to influence proposals or challenge decisions which affect the institution's exposure to risk.
- Responsibility for (a) ensuring that the institution has effective processes in place to identify and manage risks to which the institution is (or may be) exposed and (b) maintaining effective processes to monitor these.
- Responsibility for providing 'comprehensive and timely' information on the institution's material risks to the Board to enable it to understand the overall risk profile of the institution and to report to the Board 'periodically' and to the Risk Committee 'on a regular basis' (appropriate frequency of reporting not addressed).
Flexibilities set out in the 2013 Code relating to the CRO include the following:
- Where the nature, scale and complexity of an institution's operations do not justify a dedicated CRO function, in the case of Medium-High, Medium-Low or Low Impact Institutions, another pre-approval control function (e.g. Head of Compliance/Risk) may fulfil the CRO role. Prior approval of the Central Bank is required. The Central Bank had initially proposed a requirement that there be no 'conflict of interest' arising in the combination of the CRO role with another PCF. However, due to the level of comments and requests for clarity on the remit of this concept, the prior approval requirement was incorporated instead.
- Following stakeholder comments, the Chief Actuary of High Impact (re)insurers within scope may fulfil the role of CRO, where appropriate. Prior approval of the Central Bank is required.
- Stakeholders queried whether the role of CRO could be performed at group level. The FS confirms that, while Institutions are required to have a CRO at local level, there may be scope (in limited circumstances) for the institution to apply to the Central Bank to permit this, on a case by case basis.
The Chairman of Medium-High, Medium-Low or Low Impact institutions (which are subsidiaries of groups) may hold the position of Chairman or CEO of other Institutions within the group, as long as:
the Chairman has sufficient time available to fulfil the role of Chairman of the institution to which the 2013 Code applies; and
- approval of the Central Bank is obtained prior to the Chairman assuming any such additional role(s).Stakeholder suggestions that the exception be extended to High Impact Institutions were not reflected. While the Central Bank originally indicated that it would consider derogation requests from High-Impact Institutions on a case by case basis, this has not been reflected in the 2013 Code itself.
- Chief Executive Officer
The CEO of Institutions designated as Medium- Low or Low Impact may hold up to two additional positions as CEO of another institution, as long as:
- the other Institutions concerned are designated as Medium-Low or Low Impact Institutions;
- the CEO has sufficient time available to fulfil his/her role as CEO of the (main) institution; and
- approval of the Central Bank is obtained prior to the CEO assuming any such additional role(s).The FS clarifies that this does not entitle a CEO to take up other CEO positions in Institutions authorised outside the State. A requirement for the Board to appoint a CEO in the first instance, and providing that the CEO must be appointed to the Board, has also been inserted in the 2013 Code.
- Frequency of Board Meetings
- Medium-High, Medium-Low or Low Impact Institutions – Must hold meetings a minimum of four times per calendar year and at least once in every six month period.
- High-Impact Institutions – Must hold a minimum of six meetings per year (three meetings to be held in each six month period). The Central Bank had initially proposed retaining the requirement for 11 meetings annually, but stakeholders commented that this could impose an inappropriate administrative burden on directors and senior managers. However, the Central Bank has reserved the right to require an institution to increase the frequency of its Board meetings, should it deem this necessary.
- Directorship Limits
No change has been made to the numbers of directorships which give rise to a rebuttable presumption that the director has insufficient time available to fulfil the role of director of the institution to which the 2013 Code applies. For directors of High Impact Institutions, this is three directorships of Institutions and five directorships outside of Institutions. For directors of Medium-High Impact, Medium-Low Impact and Low Impact Institutions, this is five directorships of Institutions and eight directorships outside of Institutions. However, some key changes connected to directorship limits/thresholds are as follows:
- The FS confirms that Institutions may apply for an exemption from the limits where individual circumstances merit this (in particular, directorships for independent non-executive directors (INEDs) in run-off Institutions is mentioned).
- For directorships held in Institutions, the number of directorships giving rise to the rebuttable presumption mentioned above does not now apply to other directorships held within the same 'group'. The 2010 Code provided that the restriction did not apply to directorships within a 'financial services group'.
- For directorships held outside of Institutions, the number of directorships giving rise to the rebuttable presumption mentioned above does not now apply to other directorships held within the group. The 2010 Code did not include this provision.
- While directorships held in the public interest on a voluntary and pro bono basis remain excluded from being counted as directorships for the purpose of the limits, such directorships must still be notified to the Central Bank at the time of appointment to such positions.
- The requirement for formal review of the Board membership of any director who has held this role for nine years will only apply to INEDS (and not all directors). The FS clarifies that reviews should be comprehensive and not lead to automatic renewal.
- Risk Committees (See also 'Board Committees' below)
- Membership– Must be sufficient to handle the 'nature, scale and complexity of the business' and be composed of at least three members (having a majority of non-executive directors (NEDs), INEDs or a combination of both). While objections were received from a number of stakeholders, the FS confirmed the Central Bank's view that the provisions of the 2013 Code allowing (a) a Board comprised of only 5 members including the Chairman and the CEO to act as the Committee and (b) the institution to rely on a group Committee, provided a sufficient level of proportionality to address those concerns;
- Chairman – Must be a NED or an INED. The Central Bank's original proposal was that the Chairman would be required to be an executive director. Following stakeholder submissions, the provision was amended to clarify that the Chairman may be either a NED or an INED.
- Expertise - Committee as a whole to have 'relevant risk expertise'. Original proposed changes referred to the Committee having 'relevant financial experience'. This was amended by the Central Bank following suggestions from stakeholders. No guidance is provided by the Central Bank as to what constitutes the appropriate level or type of expertise.
- Audit Committees (See also 'Board Committees' below)
- Membership – Must be sufficient to handle the 'nature, scale and complexity of the business' and be composed of at least three members.
- Expertise - Committee as a whole to have 'relevant financial experience' (existing requirement) and at least one member to have 'an appropriate qualification' (new requirement). The FS clarifies that this does not mean that every member must have financial experience, but rather that the Committee collectively must have relevant financial experience. The FS also states that it is not appropriate to define 'appropriate qualification' and it is for the institution to determine this.
- Board Committees
- Audit/Risk Committees - Where a Board comprised of only five members acts as the Audit Committee and/or the Risk Committee, the CEO must be included in this number. Stakeholder suggestions that the provision allowing a Board to so act should not be limited to Institutions which have only five Board members were not reflected.
- Cross-Committee Membership – There must be one shared member between the Audit and Risk Committees. It was initially proposed that the Chairman of the Audit Committee would be required to be a member of the Risk Committee, and vice versa. However, the Central Bank accepted that this approach could be difficult (in particular, for smaller Institutions) to implement.
- High Impact Institution Committees – There must be one shared member between the Remuneration Committee and the Risk Committee. No individual is permitted to hold the position of Chairman of the Audit Committee and Risk Committee simultaneously.
- Group Committees – Where an institution relies on a group Committee, a member of the Board of the subsidiary institution must sit on the relevant group Committee.
- Board Diversity
Institutions must establish a written Board diversity policy. Either the Board or, where one exists, the Nomination Committee will be responsible for the preparation of the policy. As the Central Bank did not elaborate on the content of the policy, it would appear that it has reflected stakeholder comments that an overly prescriptive approach/the application of quotas or targets would not be appropriate.
- Board Responsibilities
The responsibilities of the Board set out in the 2010 Code have been expanded and enhanced. The key responsibilities can be summarised as setting and overseeing:
- business strategy;
- amounts, types and distribution of internal capital and own funds;
- a robust and transparent organisational structure with effective communication and reporting channels;
- a remuneration framework that is in line with the risk strategies of the institution;
- an adequate and effective internal control framework that includes well-functioning risk control, compliance and internal audit functions as well as an appropriate financial reporting and accounting framework; and
- strategy for on-going management of material risks including, inter-alia, liquidity risk.
- Additional Obligations for High Impact Institutions
In addition to the changes highlighted elsewhere in this bulletin, the Boards of High Impact Institutions must put a formal skills matrix in place to ensure that there is an appropriate skills mix across members of the Board. Potential new members must be assessed against the skills matrix during the appointment process.
- Additional Corporate Governance Obligations on Credit Institutions which are Deemed Significant for the Purposes of the Capital Requirements Directive
The 2013 Code provides that in respect of credit institutions that are designated as "Significant Institutions" for the purposes of CRD IV, provisions in the 2013 Code relating to (i) composition of the board, (ii) risk committee, (iii) remuneration committee and (iv) nomination committee, shall all be replaced by the relevant provisions of CRD IV.
- Annual Compliance Statement
Where an institution has a non-calendar year financial reporting period, it can submit a compliance statement for the period of its financial year (rather than for each calendar year, as per the 2010 Code).
Additional Points of Interest
- Institutions in Run-Off - The Central Bank originally indicated that it would consider 'case by case' requests from run-off Institutions to dis-apply aspects of the Code. This was not reflected in the 2013 Code itself but the FS indicated that this would be dealt with in the FAQ.
- Conflicts - The Central Bank initially proposed the addition of wording dealing with conflicts of interest between the Code and other corporate governance obligations/standards (such that, where any such conflict arises, the stricter of the obligations/standards should be met). This was not included as a provision in the 2013 Code but the FS states that this is the approach to be taken by the institution.
- Board Responsibility for Reporting to the Central Bank – The Central Bank originally proposed the addition of wording such that the Board would be responsible for determining (in the first instance), whether a breach is material (and therefore required to be reported to the Central Bank). Following submissions from stakeholders, the Central Bank did not include this, but clarified its view that this is the correct position in the FS. The FS also confirms that, while a practical approach should be taken, 'the Board is ultimately responsible for such matters'.
- Video/Teleconferencing – The 2013 Code now itself provides that, while directors should attend each Board meeting (and Committee meeting of which they are a member) in person wherever possible, where physical presence is not possible, holding the meeting by videoconference or teleconference is permissible.
- Director Training Requirements – Wording has been added to the 2013 Code to make clear that all directors must receive (a) adequate induction training and (b) adequate on-going training which is required to be routinely updated, as necessary.
- Risk Appetite Contingency Plans – A new provision in the 2013 Code requires the Board to ensure that it identifies risks to be addressed by contingency plans (which are to be reviewed, updated and tested on a regular basis). Following stakeholder comment, the Central Bank identified certain areas which an institution should consider when devising contingency plans. These are (a) areas where it considers the institution to be especially vulnerable, (b) the risk appetite of the institution and (c) the risk management framework of the institution.