Introduction

The Central Bank (Banque du Liban – BdL) issued three Intermediate Decisions on 21 April 2011 (Decisions Nos. 10706, 10707 and 10708, together the Decisions). Although only one of these Decisions is published under the heading “corporate governance”, all three of them relate to corporate governance to the extent that they address the “procedures and processes according to which an organisation is directed and controlled …” and that they contribute to the emergence of a “structure that specifies the distribution of rights and responsibilities among the different participants in the organisation – such as the board, managers, shareholders and other stakeholders – and lay down the rules and procedures for decision-making”1.

The Decisions amend and update the regulatory framework that the BdL has put in place and developed since 20002, in an effort to stay in line with the Basel Committee’s standards. The Decisions draw on general corporate law (the Commercial Code)3, as the Code of Currency and Credit4 does not include any substantive provisions in relation to sound governance.

To this day, the banking sector is the most tightly regulated sector in Lebanon when it comes to corporate governance5. It is worth noting that in many instances the scope of the existing regulations extends to units and branches of banks established abroad6, the focus being to capture the banks’ activities to the fullest extent possible. The effectiveness of the BdL’s regulations is mainly secured by the Banking Control Commission’s (BCC) supervisory role7.

Below is a short overview of what Decisions Nos.10706, 10707 and 10708 bring to the table.

  • Requiring compliance with the Basel Committee principles on good governance

The reference to the Basel Committee principles is in line with the BdL’s long-standing policy in this respect and merely reflects an effort to embrace the most recent updates of the Basel Committee standards8.

  • Establishing a Code of Corporate Governance

By 31 December 2011, all banks are required to issue a Code of Corporate Governance. This code is meant to improve transparency and facilitate the monitoring of banks by different stakeholders.

This code must notably outline the corporate structure, the methods of exchange, the broader relationships within the said structure9, the criteria adopted by the bank in relation to remuneration10 or to the assessment of board and senior management compliance with corporate governance rules11, information on the board as well as the orientations, rules and policies of the bank that aim to achieve good governance12.

A summary of this code must be published on the bank’s website and incorporated in its annual report. A copy must also be provided to the BCC.

  • Improving control and auditing mechanisms

Improving control and auditing mechanisms involves further regulation of the board functions and the strengthening of control and auditing bodies and systems13.

* The board

In addition to the mandatory compliance with the updated Basel principles that relate to the board’s qualifications, responsibilities and duties14, the BdL now requires the appointment of a sufficient number of independent and non-executive board members. This provision is expected to allow the board to play a more active role in reviewing management performance. Given that the audit and risk committees are required to include non-executive and independent board members, the new provision must also be understood as a means to strengthen their effective control over the banks. Also worthy of note are the clarifications set out by Decision No.10706 in relation to the notions of “non-executive board member” and “independent board member”. These aim to avoid any attempt to get round the regulatory requirements relating to the composition of the board, the audit committee and the risk committee.

Decision No.10706 also strives to improve the way boards operate. The board is for instance required to meet to hold at least four annual meetings, two of which must physically take place in Lebanon. The Decision also specifies that any board agenda and relevant documentation must be provided to members at least a week prior to any meeting in order for the board to be able to make informed decisions.

* Internal Control

The creation of internal control mechanisms in banks has been mandatory since as early as 2000. Basic Decision No.7737 already provided a list of the internal control systems that each bank must put in place and update as well as the benchmarks that must be taken into account when establishing such systems.

Decision No.10707 specifies that the internal control as defined by the senior management must be based on the size and risk profile of the bank and must rest on due knowledge of the organisation, a thorough risk assessment, policies and measures for internal control, the adoption of a series of control systems15, as well as independent monitoring mechanisms.

* The internal audit unit16

Basic Decision No.7737/2000 already required the creation of an internal audit unit and set out the requirements internal audit units must meet – particularly in terms of being independent from the operational and executive units in the bank – and the missions it must carry out (mainly auditing the financial operations, reporting and monitoring compliance with the laws and regulations in force)17. Subsequently Basic Decision No.9382/2006 specifically required that internal audit units assess the efficiency and implementation of corporate governance regulations, policies and procedures especially in the presence of mergers and acquisitions, and in situations where the bank has expanded its operations outside Lebanon.

Starting in January 2012, banks may no longer outsource the tasks of the internal audit unit. In addition Decision No.10607 specifies that the internal audit unit must be staffed with personnel whose number and qualifications are in line with the size and risk profile of the bank. The Decision further regulates and rationalises the work of the internal audit unit by requiring that the latter develops an internal audit charter, an audit cycle and an annual audit plan. The BBC’s control over such units is further strengthened: banks must now inform it not only of any changes regarding the head of the internal audit unit, but also of the reasons for these changes. The Decision highlights that the unit is in charge for monitoring the effectiveness of the internal control risk management systems, as well as the effectiveness of the work of the legal compliance unit and money laundering unit. It is worth noting that the Decision applies to outsourced activities as well as to any branch or unit located abroad.

* The risk committee and the audit committee

Basic Decision No.9956/2008 mandated the establishment of an audit committee composed of at least three non-executive board members having no administrative functions in the bank. The committee is meant to assist the board in fulfilling its tasks and carrying out its supervising role18. Basic Decision No.9956/2008 defines three sets of missions in relation to auditors, internal auditing and internal control.

Decision No.10706 attempts to improve the framework defined by the 2008 Basic Decision. It emphasises the committee’s duty in overseeing the senior management’s implementation of the remarks and observations of the internal audit unit, the regulating bodies and the statutory auditors with respect to the weaknesses of the internal control system. It also grants the committee authority to approve the audit charter, audit cycle and audit plans and to assess the performance of the internal audit unit and that of its chairman.

Decision No.10706 also provides for the establishment of a risk committee composed of at least three members and chaired by an independent and qualified member of the board. This committee is appointed by the board and the remuneration of its members is also determined by the board. Its mission is to monitor the compliance of the bank and its units and branches (including those abroad) with the BdL’s and BCC’s regulations relating to risk management.

Both the audit and risk committee are required to develop internal regulations, approved by the board, which specify the scope of their work as well as the missions and responsibilities of their members. Decision No.10706 further sets out requirements in relation to the qualifications of the members of the risk and audit committees and limits dual membership. In an effort to secure better efficiency, the Decision also sets out the rules that govern the meetings of these committees19.

Conclusion

The contribution of these three new Decisions to sound corporate governance is significant as regards board practices, transparency, risk management and internal controls. They are expected to increase public trust and further the development of a sector that is already doing well.