1. About this section

This note aims to provide guidance on best practice in governance of financial institutions such as commercial banks and non-banking financial institutions. This note is not intended to be a technical guidance document.

2. Definition of corporate governance

The Organisation for Economic Co-operation and Development (OECD) defines Corporate Governance in its 1999 Principles of Corporate Governance as the system by which businesses are directed and controlled. The approach to governance of financial institutions differs from that of other institutions due to the nature of financial activities, its impact on the economy and society, and the complexities associated with their regulatory environments.

3. Why is corporate governance important in financial institutions?

Financial institutions, as regulated entities, are subject to specific corporate and risk governance rules, regulatory oversight and disclosure requirements in an increasing number of jurisdictions. The skills set and expertise of board members of financial institutions are closely scrutinised by regulators. Regulators also place much emphasis on the involvement of the board in risk oversight.

Further, financial institutions, as deposit takers and commercial lenders, also play an important role in creating value for their clients and the economy.  Understanding and mitigating the specific regulatory and governance risks and complexities associated with an financial institution’s business objectives and operating environment is important in mitigating against governance failures, notably those linked to ineffective risk oversight and lack of accountability that can ultimately result in the destruction of value for shareholder and other stakeholders.

Effective corporate governance in financial institutions should focus on safeguarding the long-term interests of all stakeholders. This means ensuring that the responsibilities and authorities by which the board and management carry out the organisation’s business activities are well defined, including how the financial institution:

  • Sets strategy and objectives;
  • Selects and oversees management;
  • Operates on a day-to-day basis in a sound manner, with integrity and in compliance with applicable laws and regulations;
  • Protects stakeholders and take their long-term interests into account;
  • Aligns corporate culture with the institution’s purpose; and
  • Establishes control functions.

Depending on the business activities of a financial institution, understanding the corporate governance practices of their borrowers and investees may be an area of interest to manage their own risk profile.

4. Corporate governance recommendations for financial institutions

Since the global financial crisis of 2007-2008, regulatory and supervisory expectations for financial institutions to demonstrate effective board oversight, rigorous risk management, strong internal controls, and compliance have gained prominence. As a consequence, financial institutions have had to strengthen key components relating to risk governance, such as risk culture, risk appetite, and risk tolerance and clearly define the specific roles of the board, board risk committees, senior management, and the control functions in understanding and managing their risk exposure and its implications on the long-term interests of the financial institution.

  • The basic principles of good governance in an FI

    The basic principles of good governance that financial institutions should consider are:

    • Board responsibilities: the overall responsibilities of the board for the institution’s business strategy and financial soundness, key personnel decisions, internal organisation and governance structures and practices, risk management and compliance obligations, and corporate culture.
    • Board composition: the board should comprise of individuals with a balance of skills, diversity, and expertise who individually and collectively possess the qualifications proportionate to the size, complexity, and risk profile of the financial institution. For larger FIs, consideration should be given to board members covering risk management with specific expertise in compliance/financial crime and environmental & social (E&S) risk management.
    • Board structure: the board should structure itself to allow it to effectively carry out its oversight role and responsibilities.
    • Senior management: the board should provide guidance to senior management to allow them to carry out and manage the bank’s activities in a manner consistent with the organisation’s strategy priorities, risk appetite, incentive structure and corporate culture.
    • Risk management function: The financial institution should have an effective risk management function with sufficient independence, resources and access to the board.
    • Risk identification, monitoring and control: The board should ensure that management implements an organisational structure and internal control infrastructure to identify, monitor and control risks on an ongoing basis.  This should include establishing risk committees to cover relevant areas including credit, operational, financial crime and E&S risks.
    • Risk communication: The board should promote a culture of risk awareness and encourage open communication and challenge about risk across the institution.
    • Compliance: The board should ensure that an independent compliance function, with adequate resources and access to the board, is established to manage compliance risk.
    • Internal audit: An independent internal audit function should be established with a clear mandate and accountable to the board.
    • Incentive structure: The design and implementation of the incentive plan should promote good performance and align with the risk culture of the organisation.
    • Disclosure and transparency: The governance of the financial institution should be adequately transparent to its shareholders, depositors, other material stakeholders and market participants.

5. Further resources

Some guidance issued by regulators and standard setters can be accessed below: