1. About this note

This note is designed to help financial institutions (FIs) understand the roles and responsibilities of executive management and board members in setting and leading environmental and social (E&S) and business integrity (BI) agendas at the board level in the FI. It is not intended to be a detailed technical guidance document.

  • Additional considerations

    This note provides an overview and general guidance. Board directors should consider the specific characteristics and circumstances of the FI they serve, including its activities, jurisdiction, scale and complexity, management capacity and commitment, and track record. This note relates to the E&S and BI aspects of board oversight. Please refer to the Business Integrity Page for advice about broader corporate governance issues.

2. Introduction

Understanding an FI’s E&S and BI management capacity has become an increasingly important lens to assess its performance and long-term sustainability. Environmental criteria look at how the FI performs as a steward of the natural environment; social criteria examine how it manages relationships with its employees, suppliers, customers, and the communities in which it operates. Meanwhile, governance relates to internal decision-making processes, the quality of leadership and the board’s oversight of day to day operations, including matters relating to incentive structures, internal controls and management of financial and non-financial risks, corporate culture, and the FI’s relationship with its shareholders and stakeholders. BII’s definition of BI takes in a broader scope than simply governance, incorporating the systems and processes that help to manage BI exposure and risks, but also the underlying behaviours, ethics, and values.

E&S and BI are complementary disciplines. However, at all levels in an FI, different sets of skills are needed if both functions are to be effectively managed. It is therefore important to clearly distinguish between the two areas.

  • Environmental and social

    E&S issues include:

    • Environmental & social risk management systems to guide lending activities;
    • Labour and working conditions.;
    • Business continuity and crisis management;
    • Emergency preparedness;
    • Community health, safety, and security;
    • Human rights;
    • Client Protection.; and
    • Data Security and Privacy.

  • Business integrity

    BI encompasses a broad range of subjects. It also requires the development and promotion of an ethically oriented culture. The Business Integrity section of this Toolkit provides guidance on key governance and BI topics. Core areas of BI are:

    • Anti-bribery;
    • Anti-corruption;
    • Anti-money laundering;
    • Countering the financing of terrorism;
    • Fraud prevention;
    • Insider dealing/trading;
    • Whistleblowing;
    • Tax avoidance;
    • Politically exposed persons (PEPs); and
    • Ethical messaging.

3. Why FIs should address this topic

E&S and BI issues occur in all aspects of an FI’s business, from its commercial focus to managing its own and its client’s reputation and brand, ensuring that societal expectations are managed and met, and complying with all relevant regulatory obligations. Addressing E&S and BI risks, impacts and opportunities ultimately helps to support the long-term success of the FI and its licence to operate.

  • Risks for FIs

    By failing to incorporate E&S and BI considerations in its operations and lending activities, an FI puts itself at risk of events occurring that can include:

    • Reduced return on investment;
    • Increased exposure to financial risks within its investment portfolio;
    • Client businesses defaulting on their commitments;
    • Exposure to risks and impacts that could negatively affect its brand or reputation in the market;
    • Lack of trust and reduced customer retention rates;
    • Increased cost of doing business;
    • Negative financial consequences, e.g. penalties, fines, loss of revenue;
    • Negative operational impacts, e.g. employee strikes;
    • Higher staff turnover;
    • Individual director liabilities;
    • Reputational damage to the FI and individual directors;
    • Reduced access to investors; and
    • Loss of licence to operate.

  • Opportunities for FIs

    The opportunities for an FI that effectively addresses E&S and BI matters include:

    • Reduced uncertainties in FI’s business and associated third parties;
    • Risk reduction and impact avoidance/mitigation, including avoiding costs associated with E&S and BI incidents and potential remedial actions;
    • Avoidance of penalties for non-compliance;
    • Increased operational efficiency;
    • Reduced costs in areas such as energy consumption;
    • Greater employee retention and productivity;
    • Reduced insurance premiums;
    • Lower cost of capital;
    • Increased access to markets and investors who demand robust E&S and BI risk management;
    • Innovation to move into new markets and products;
    • Generating revenue from new streams e.g. impact investing products;
    • Attracting human talent on the merits of responsible practices;
    • Enhanced brand reputation;
    • Improved stakeholder relations; and
    • Securing and maintaining a licence to operate.

    The E&S Sector Profiles section of this Toolkit explains further some of the risks and opportunities to be considered at the FI and client level for various sectors.

4. Advice for Board Members in FIs

Although an appointed director may not have part or full ownership of the FI, it is imperative for them to understand their role and fiduciary responsibilities in ensuring proper E&S/BI management within the FI. As stated in an earlier section of this guidance, the board is responsible for overseeing management’s implementation of the FI’s strategy while day-to-day decisions are made by management (the executive team).

Board members/directors have fiduciary responsibilities which are generally broken down into a duty of loyalty and a duty of care. The duty of loyalty requires a director to act in the best interests of the FI, act with the utmost good faith, and avoid conflicts of interest. The duty of care requires the director to act with diligence, care, and skill. This is often referred to as the ‘business judgement rule’.

  • Roles and responsibilities of a board and individual directors in setting and overseeing the E&S and BI agenda of an FI
    The core roles and responsibilities of a board and individual directors in setting and overseeing the E&S and BI agenda of an FI include:

    • Steering the organisation’s strategy and the way in which specific governance areas are to be approached, addressed, and conducted;
    • Providing guidance to management;
    • Approving policies that operationalise the strategy and set the direction;
    • Overseeing implementation and execution of the strategy by management, and
    • Upholding organisational performance by means of, among other things, reporting and disclosure.

    Ultimately, the board member should be comfortable that the FI has in place:

    • A ‘fit-for-purpose’ E&S and BI management system and internal controls which support consistent delivery of business objectives;
    • The financial and human resources available to deliver the agreed programme; and
    • An effective monitoring and evaluation process which tracks E&S and BI performance of the FI and its portfolio against key metrics, delivering valuable information which can enhance business decision making and drive better practices.

5. General advice

  • Oversight commensurate with the level of risks and impacts

    The board and management should be clear about the FI’s risk thresholds and tolerances. If the FI has a robust risk identification and management process, which adequately allocates responsibility and accountability for E&S and BI matters, the material risks should be evident. There also needs to be a clear understanding of how strategic business decisions may impact the E&S and BI practices and performance of an FI and its clients. Conversely, how these issues influence strategic business decisions should also be understood. It is therefore important to consider the E&S and BI risks for the day to day activities of the FI (including its value chain) and its lending activities when assessing the impacts of a decision, operation, or activity.

    There are certain factors to consider in assessing the level of risk and potential impact. While taking these into account, it’s important to focus on the quality of governance and recognise that governance is a process of continual learning and improvement – there’s no perfect model. Some of the factors to consider in assessing the level of risk associated with an FI’s operations and the appropriate system of oversight includes:


    • Size of FI and its subsidiaries
    • Diversity and complexity of products, services, and/or client portfolio
    Culture and societal dynamics

    • Expectations on FIs and their clients from key stakeholders, including investors, policy makers, members of the public, societal values, etc.
    Vision and strategy

    • Ambition
    • Growth strategy: organic/mergers and acquisitions/divestment
    Emerging sector/industry trends

    • Sector/industry changes in environmental footprint, technological developments, sector and industry reputation

    • The FI’s growth history significantly influences its culture: entrepreneurial start-up or single sponsor/family owned and controlled may differ from state-owned FIs or publicly listed ones.
    Investor/lender requirements and shareholder rights

    • Investor and lender expectations of board and sub-committee structures
    • Investor demand for board representation
    Capacity/access to skills and resources

    • Large local industry skills base vs limited local skills base.
    Local legislative requirements or voluntary codes

    • Financial reporting and disclosure
    • Local regulatory regime
    Material risks (legacy, current, and future)

    • Inherited legacy issues (e.g. acquired environmental liabilities, outstanding fines, legal proceedings, public/employee health liabilities) in transactions financed or collateral covering a credit line
    • Portfolio E&S risks
    Listing rules and regulatory requirements

    • Stock exchange-specific processes, structures and standards, jurisdiction-specific requirements on establishing a separate risk management committee and/or appointing a money laundering reporting officer (MLRO)
    Market economics and outlook; Political and regulatory stability

    • Recognition of the differences between emerging economies and more developed/OECD economies
    • Predictability, stability, volatility, and uncertainty of the political context and regulatory environment

    • Access to markets, particularly when the FI has operational footprints and value chains in multiple jurisdictions

  • Oversight versus implementation

    The board’s primary role is one of oversight. It needs to be comfortable that the FI’s risk management and controls are sufficient to ensure compliance and sound stewardship of its core business and assets. The board’s oversight of E&S and BI issues is reflected in the strategy and policies drawn up by the board. As the board approves policy (under recommendation from management), they must have the right skillset to understand the implications of the policy for the business. Their scope of oversight on E&S and BI issues must therefore be well-defined, comprehensive, and encompass the entire FI’s jurisdictions/areas of operations and products. This may sometimes be articulated in the board’s mandate or documented separately in a charter.

    Based on the policy approved by the board, management is typically tasked with implementing mandatory standards and procedures which support policy objectives, especially internal and external communication. These policies and processes are usually endorsed by the board too. Management is also responsible for implementing and executing the strategy in accordance with policies and plans, which are overseen and supervised by the board.

6. Elements of a board E&S and BI oversight framework

  • Board composition

    When considering issues of composition and structure in E&S and BI oversight, it is important to bear in mind ‘quality over quantity’. Diversity in its broadest sense has proven to be a critical factor in improving not just the quality of an FI’s leadership and decision making, but also its overall financial, E&S, and BI performance. Diverse skillsets, experiences, and perspectives help boards to discharge their oversight obligations more effectively, avoid ‘group think’, and, when necessary, provide robust counsel on E&S and BI issues and other matters. The Organisation for Economic Co-operation and Development (OECD) and the Association of Chartered Certified Accountants (ACCA) have both made efforts to address the need for diversity in board composition. The OECD revised its Principles of Corporate Governance in 2015 and ACCA has included board diversity in its course syllabus. Diversity can include:

    • Industry/business experience;
    • Tenure;
    • Age;
    • Ethnicity;
    • Gender;
    • Geography; or
    • Stakeholder experience.

    When operating in different markets, boards need to be sensitive to the ethnic mix in their geography. Having a diverse representation of different ethnicities in their geographies allows boards to better understand stakeholder claims, particularly those of their clients, and therefore make more informed decisions. The same applies to the need for female representation on a company board.

    Female board members have been proven to contribute to increasing the financial performance of companies. For example, in sectors where women are often the largest consumers – such as healthcare, automobiles, home improvement products, and consumer electronics – boards benefit from the additional consumer perspective of their female board members. Female board members also help to challenge and steer discussions, often have strong relationship-building skills, have been shown to act in the interest of shareholders, and make fair and ethical decisions. They also act as role models for employees, which can positively affect employee performance. Having female representation on a board also positively affects corporate reputation. Companies such as Safaricom, MTN, East African Breweries, and Sasko have been recognised as admired brands by Brand Africa 100 for having more than 30 per cent female representation on their respective boards.

    In the financial services sector, regulators have also begun to take note of the importance of diversity, particularly female representation, and are encouraging FI’s boards to become more diverse. In 2013, the Central Bank of Nigeria issued a directive requiring that 30 per cent of board positions in Nigerian banks be reserved for women. Similarly, the 2013 Companies Act in India mandates that all listed companies have at least one female director.

    It is important to avoid tokenism when looking at diversity on a board. In certain circumstances, a quota requirement can be an effective way to encourage and benefit from diversity. However, it can lead to non-merit-based recruitment which can critically affect the profitability of the FI and render a board ineffective. Quotas without a significant-enough strength in number or without qualified candidates can also negatively impact the dynamics of a board, especially if a forward-thinking attitude is not adopted and board members are not accepting of the new directors. To address the issue of tokenism, FI’s should address diversity from a strategic perspective rather than from a compliance standpoint. Adopting a merit-based recruitment selection based on a 50:50 male to female candidate ratio, broadening the assessment criteria in which candidates are selected, tapping into female business networks and building a pipeline of next generation female leaders, are ways FIs can financially and strategically benefit from the positive contribution that female diversity can bring to a board.

  • Board structure

    Typical E&S and BI oversight models are:

    Full board oversight

    A decision to oversee E&S and BI issues at full board level will depend on the size of the FI and risk assessment of the issues. For smaller FIs with limited capacity, E&S and BI issues will typically be included as an agenda item for the board meeting. The key to success is to tackle the issues head on.

    Delegation to existing committee

    When it’s decided that E&S and BI issues need to be discussed at sub-committee level and a separate dedicated committee is not needed, the usual practice is to delegate this to either the audit or risk committee with a mandate to oversee E&S and BI matters and report to the full board. The committee terms of reference should include its E&S and BI responsibility. The relevant committee would discuss the issues in more depth, provide feedback to the full board, and recommend approval of any policies by the full board. Regardless of how the FI structures oversight of E&S and BI matters, the full board retains collective responsibility.

    A dedicated committee

    When deciding to establish a dedicated committee, a sustainability, E&S or health and safety committee is established to provide oversight of E&S and BI matters and report to the full board (and other sub-committees when necessary). Dedicated committees can have an allocated budget and devote attention to particular ‘change agendas’ which would not be appropriate for a full board discussion. In some jurisdictions, it has become a requirement for certain businesses to have a dedicated committee. In South Africa, the Companies Act 2008 authorised the Minister of Trade and Industry to require companies that have an impact on public interest to have a Social and Ethics Committee.

    FIs can establish a dedicated sustainability committee. However, the type of committee is less important than the scope and ambition of its mandate, which may include company-wide oversight of issues such as BI policy, E&S performance, and health and safety. While there can be overlap across committees, there are also distinct differences, for example, between audit, risk, and sustainability committees. It is important to note that committees do not make decisions but advise and enable the board to make better informed decisions. Decision-making authority and accountability remain with the board.

    Things to consider when deciding on an oversight model for an FI include:

    • Is your board focused on the salient E&S and BI risks and issues? Or are they partial in their coverage and focus?
    • Is your board structured in such a way as to discharge its E&S and BI oversight responsibilities adequately and effectively?
    • Has your board been effective in its oversight of E&S and BI matters? Do they have sufficient time to consider these issues? Do they have the right expertise?
    • Would a dedicated committee strengthen the governance of the E&S and BI risks?
    • Would introducing a dedicated committee increase or decrease the complexity of E&S and BI risk governance?

  • Board capacity and competency

    It is critical that the board has the right skills and competencies to effectively discharge its oversight obligations and provide guidance (when necessary) to the FI on material E&S and BI risk management. Boards should have the expertise to understand the agendas and decision-making processes of key stakeholders and include members who are familiar with emerging industry E&S and BI trends, standards, and benchmarks. Where necessary, a board should seek external expertise to support them in this role.

  • Information adequacy

    Information adequacy refers not only to the quality of information provided but the ability to interpret and understand the information. Management must raise E&S and BI matters at board level in a timely manner and in a format that the board can interpret and digest to accurately address E&S and BI matters. It is also important that:

    • Relevant E&S and BI issues are included in the committee and board meeting agendas;
    • The level of information reflects the reporting structure being used, i.e. committee level or board level;
    • Directors are comfortable in requesting the information they need;
    • At least one director is fully conversant with the issues;
    • Subject experts are used where needed, i.e. operational E&S managers or consultants;
    • Directors are kept informed of regulatory changes; and
    • Directors are provided with regular training to ensure they can fulfil their responsibilities.

    Information presented to the board may include:

    • Lagging and leading E&S/BI indicators. Key performance indicators can be defined by the board and management, with support from consultants, where needed;
    • Serious incidents, such as fatalities and environmental incidents;
    • Compliance metrics and breaches;
    • Emerging trends;
    • Performance against benchmarks/targets;
    • FI and industry standards; and
    • Reputational risks, including material criticism from NGOs, the media, and social media.

  • Oversight of regulatory compliance and business integrity

    The role of the board is to:

    • Ensure policies are in line with associated risks, such as anti-corruption and anti-bribery, and that there is effective communication of the policies in the business;
    • Set minimum standards and approve the policies;
    • Ensure effective record-keeping and monitoring of compliance; and
    • Ensure policies are in place to counter the financing of terrorism and prevent fraud.

    The board and management also need to determine the FI’s key anti-money laundering (AML) risks and oversee compliance with relevant AML regulations. The Anti-Money Laundering and Counter Terrorist Financing section of this Toolkit provides guidance on this.

  • Codes of conduct

    An FI’s code of ethical conduct is a critical tool in managing BI risks as it provides a clear benchmark for ethical behaviour. It guides and supports people in making decisions and carrying out their work in ways that are compatible with the organisation’s values.

    For a code of ethical conduct to be effective, it must be promoted and championed throughout the organisation. Managers and staff, at all levels, must be provided with the necessary training and support, and the code must be supported by appropriate disciplinary and whistleblowing procedures. The ‘tone at the top’ should permeate through the FI, and the code must be owned by all employees.

    Each FI should develop a code of conduct that suits the needs of employees and other associates in defining behaviours and addressing the risks, challenges, and customs in operational areas. A code should also reflect the attributes of the industry.

    A code of conduct can be a key step in establishing an inclusive culture, but it’s not a comprehensive solution on its own. An ethical culture is created by the FI’s leadership team who manifest their ethics in their attitudes and behaviour. As the highest governing authority in the FI structure and with responsibilities for the oversight of corporate culture, the board of directors plays a critical role. An FI’s leaders need to practise and demonstrate the values and guidelines in their code of conduct, providing positive, authoritative examples for employees to emulate. Boards must ensure that mechanisms are implemented to allow them to effectively monitor the culture of the organisation. They also need to ensure the code is reviewed and updated regularly to comply not only with the applicable legal framework but also with the values and purpose of the organisation.

    There is guidance on the process for developing a code of conduct but critical steps for the board and management to follow include the following:

    • Define the operational and reputational risks the FI faces.
    • Establish the purpose for the code and why it matters.
    • Focus on principles by first highlighting the FI’s ethical commitments and values followed by its expected behaviours.
    • Build a framework.

  • Stakeholder engagement

    Understanding stakeholder perspectives is critical to determining, assessing, and managing key risks and issues. As such, FIs must have an active interest in the views, concerns, and perspectives of key stakeholders, including employees, clients, investors, policy makers, third parties affected by projects they may be financing, etc. An FI can proactively manage both current and expected stakeholder issues via a comprehensive stakeholder management strategy and plan.

    It is the board’s responsibility to approve policies on stakeholder engagement and external communication. Management must therefore make the board aware of key, and often competing, stakeholder issues raised in engagement and consultation processes through agreed reporting structures and raise awareness of any major changes in the composition or views of key stakeholders. The board needs to provide guidance to management on the type of issues it would like to discuss.

  • Role of leadership and culture

    Directors occupy important leadership roles in an organisation and quite often within the broader industry. Establishing the culture, values, and ethics of the FI is a central part of the board’s mandate. It is also important to recognise that good corporate governance depends on the personal integrity of those on a board and in management. Directors and executive management, individually and collectively, must ‘set the tone’ at the top – leading by example and ensuring that good standards of behaviour permeate all levels of the FI.

    Fostering a culture of mutual respect and trust is another critical success factor – trust among the board, between the board and management, and externally with stakeholders. Openness between non-executives and executives is essential, with confidence that information is openly shared, and differences of opinion are discussed and resolved in a collegiate manner, making sure the vision and values truly permeate the FI.

  • Monitor and review

    Poorly managed E&S and BI issues can result in crisis situations, affecting the FI’s management, culture, and financial well-being. Managers and the board need to understand these risks and how they impact the business model. Once the material risks of the business have been identified and thresholds set, the board and executive management can then decide how they are monitored and reported on an ongoing basis.

    As the operating context and the process of managing E&S and BI risks evolves over time, it is important that both current and future risks are accounted for and regularly reviewed. FIs often fall short during periods of major change, such as mergers and acquisitions or divestment. Investors will typically also have an interest in the FI’s preparedness for the known and unknown.

    FIs must adopt an active approach to managing E&S and BI issues. It is best practice to have a quarterly internal report on key E&S and BI metrics from the internal audit, compliance, and risk functions to the relevant board committees. Following the discussion at committee level, the full board can then be updated on key issues, especially those requiring approval or follow-up. There must also be a mechanism for flagging key issues which can affect short- and long-term performance, reputation, and ultimately value to relevant committee chairs and board chair for inclusion in the main board meetings. This includes Business Integrity hotlines (often managed by external independent parties) and grievances mechanism/whistle blowing policies.

    Another function of the board is to approve policies. Policies is one of the mechanisms via which compliance is assessed, specifically where an FI may have a contractual, legal, or regulatory obligation towards E&S performance standards or BI practices. It is therefore important that a system is in place for the continuous review and monitoring of policies and performance. Integrating sustainability performance data into executive-level scorecards informs decision making at the highest level, underpins robust leadership, and helps to ‘set the right tone’ for the rest of the organisation. The board can also link remuneration to E&S and BI performance and integrate performance into SMART key performance indicators. SMART indicators – specific, measurable, attainable, relevant, and time-bound – help create accountability in organisations.

7. Further resources

  • Guides to broader corporate governance good practice

    OECD Guidelines for Multinational Enterprises

    In a global environment, it is important for companies to make sure they adhere to all relevant regulatory obligations. These guidelines provide a global context of a non-binding standard for responsible business practice.

    Subsidiary board governance

    When considering the effectiveness of board governance, it is important to remember all aspects of an FI’s operations, which includes subsidiaries.

    Institute of Directors’ Corporate Governance Code

    Corporate governance has many definitions. The Institute of Directors provides a factsheet that discusses the definition of corporate governance and the legal framework around the concept, outlining the main principles of the UK Corporate Governance Code.

    IFC Corporate Governance Progression Matrix

    IFC provides a toolkit to help assess current governance in a company.

    Ethics Resource Centre

    Board members have a responsibility to act with diligence, care, and skill, in the best interests of a company. The Ethics Resource Centre provides organisations with a platform to engage with peers and learn new insights into ethics and compliance.

    UK CCAB’s guidelines

    An organisation’s code of ethical conduct is a critical tool in managing BI risks. The Consultative Committee of Accountancy Bodies provides a guide for businesses on developing and implementing a code of ethical conduct.

    IFAC’s guide Defining and Developing an Effective Code of Conduct

    A company’s ethical code of conduct must be effective and implemented with the support of the board. The International Federation of Accountants provides guidance on developing and implementing a code of conduct in a value-based culture.

    EY’s Global Code of Conduct

    A code of conduct must reflect a company’s operating environment. The EY Global Code of Conduct provides an example of a company’s ethical framework forming the basis of its business decisions in its operating context.

    Unilever Committee TORs

    A company that has sub-committees must clearly state its terms of reference (TORs), which should include the scope of its E&S and BI responsibility. An example of clearly outlined TORs can be seen in Unilever sub-committees.