Response to consultation on Guidelines on internal governance (revised)
Go back
As a general comment, the FBF would like to recall that EBA guidelines should comply with CRD IV requirements. The guidelines should clarify the interpretation of CRD IV provisions without undermining the national law transposing the Directive as provided for Recitals 55 and 56 of CRD IV. Moreover, no requirement should be added to the CRD IV provisions.
Art. 74 CRD IV mandates the EBA to develop guidelines on internal governance. The Authority cannot go beyond this specific mandate given by the EU legislator.
• The notion of “Senior management” as provided for in CRD IV is missing from the draft guidelines. It should be clarified that the Senior management is included in the notion of “management body in its management function” (cf. our comments below).
• We do not support the introduction of the notion of “key function holders”, which is not used in CRD IV (cf. our comments below).
• Given the high complexity of the notions used and the diversity of governance models, it seems very important to ensure that the guidelines fit with any model (one-tier or two-tier).
• The specific case of entities within a Group should be more taken into account and specified (proportionality principle). Duplication of formalities and documentation required at the different levels of a Group organization should be avoided. For subjects handled by the Group, subsidiaries and regional banks should have rules allowing them to benefit from exemptions or at least lighter requirements.
As an example, when an entity is incorporated in a country, its shareholder incorporated in another EU Member State, and the shareholder of its shareholder in another different Member State, it is too burdensome to apply cumulatively the rules of each of those countries. It should be clear in such case that only the rules of the top mother company shall apply, hence excluding the application of the rules of each country of the shareholding chain.
As a complement to proportionality principle, adaptations and flexibilities should be granted within a Group; different levels of entities concerned should be distinguished: fully owned subsidiaries should not have all the same requirements to fulfill as heads of Groups or listed entities. This should be specified in the guidelines.
• Regarding Article 109 of CRD IV, the distinction between the implementation of CRD IV rules “on an individual basis” and their application “on a consolidated basis” should be clarified in the Guidelines. The application on a consolidated basis cannot result in the same level of constraint than the application on an individual basis for consolidated entities. Only entities subject to CRD IV should apply CRD IV rules on an individual basis, i.e. apply all rules directly within the entity. Entities which are not subject to CRD IV but which are parts of the consolidated perimeter of an entity subject to CRD IV, should only apply CRD IV rules on a consolidated basis, i.e. as if the consolidated group is an entity.
• The independence criteria of the members of the management body should not be introduced in these guidelines and be left to national law or national soft law. Indeed, CRD IV does not require the members of the committees to be independent. Thus, the draft guidelines go beyond the directive on this matter.
I. No definition of Senior management
The notion Senior management, as provided for in CRD IV , is missing from the draft guidelines.
It should be clarified that the Senior management is included in the notion of “management body in its management function” (as further developed in section III. below).
To our opinion, the “Senior management” covers:
(i) the CEO, and deputy CEOs in one-tier systems;
(ii) the management board in two-tier systems.
The guidelines should therefore reintroduce the notion of « senior management » and clarify the terms « management body in its management function » as noted above.
II. Introduction of a new notion : key function holders
We do not support the introduction of the notion of key function holders, which is not used in CRD IV. Such a notion should therefore be deleted from the guidelines.
III. Clarification of the notions of management body in its supervisory function and management body in its management function
The notions of management body in its supervisory function and management body in its management function need to be clarified, being understood that whatever the form of the corporate legal system in each country is, the aim of CRD IV rules is to ensure a clear separation between the daily management of the institution (Executive Function) and the supervision of such daily management (Supervisory Function).
Indeed, the different corporate legal systems within Europe can be synthesized as follows:
- One-tier system (ex. UK or Spain): one single collective body performs both Executive and Supervisory Functions; or
- Two-tier system (ex. German or France for system with supervisory board and management board): one collective body is in charge of the Executive Function and one other separate collective body is in charge of Supervisory Function.
- “In between” system (ex. France): one collective body (i.e. the Board of Directors) is in charge of the Supervisory Function and some Management Functions (including the determination of the institution’s strategy); whereas the Executive Function (i.e. the daily management of the institution) is ensured by one or more physical persons (i.e. the CEO and Deputy CEOs). In such system, the CEO and Deputy CEOs can be allowed to be members of the Board of Directors but when acting as such members, they do not conduct executive missions (they act as every other board member).
According to our understanding of CRD IV, a distinction should be made between the management function (i.e. covering the daily executive and the overall direction functions) and the supervisory function, irrespective the corporate legal system applicable. This general principle is observable throughout the whole CRD IV and can be illustrated in particular in article 88, 1. d) according to which “the management body must be responsible for providing effective oversight of senior management”.
This being said, we welcome the EBA draft Guidelines on internal governance as they distinguish the management Function and the supervisory Function of the management body. We understand those guidelines as putting forward three definitions:
- The management body in its supervisory function: corresponds to the supervisory function;
- The management body in its management function: combines some functions of the management function (i.e. Board of Directors in one-tier system) and the executive function (i.e. CEO and Deputy CEOs in one-tier system);
- The management body: corresponds to either the supervisory or the management function (including the executive function) (see inter alia recital 56 of CRDIV).
This is the way article 70 seems to define these Management body functions: “The management body should define, adopt and maintain a governance policy to implement a clear organizational and operational structure with well-defined, transparent and consistent lines of responsibility taking into account the aspects set out in Annex I of these guidelines. The management body in its management function is responsible for the implementation of that policy. The management body in its supervisory function is responsible for overseeing its implementation and that it is fully operating as intended and should ensure that the institution’s policy is aligned with the institution’s overall internal governance arrangements, corporate culture and risk appetite”.
This example clearly shows the allocation of functions between the Management body in its Supervisory function and the Management body in its Management function.
Those definitions clearly match with the objectives of CRD IV as regards the separation of functions between Executive and Supervisory Functions.
However, as each national law is different and because CRD IV expressly mentions in Recital 55 that “the definitions used should not interfere with the general allocation of competences in accordance with national company law”, we strongly recommend that the guidelines expressly clarify that when the term “management body” is used without reference to the supervisory or the management function, the missions allocated to the “management body” shall be allocated to the right body under applicable national law.
As example, article 106 of the draft guidelines states that: “The management body should approve and regularly review and update the outsourcing policy of an institution, ensuring that appropriate changes are implemented in a timely manner”. In France, the role of the Board of directors is to review this policy but not to update such policy. The update of such policy is clearly within the role of the management function (in France, the CEO and its deputies (or, as the case may be, by way of delegation)).
IV. Scope of the guidelines
As regards paragraph 12, the scope of these guidelines should be specified, taking into account entities belonging to a Group. It is critical for effective risk management and level playing field with non-EU groups (cf. Question 8) that duplication of formalities and documentation required at the different levels of a Group organization must be avoided. According to the proportionality principle, for subjects handled by the Group, subsidiaries should have rules allowing them to benefit from exemptions – especially when developing low - or non-regulated activities - or at least lighter requirements. The very practical consistency and efficiency of the Guidelines but also sometimes their legality vis-à-vis local Law are at stake here.
A general principle should be added to give the possibility to rely on existing processes or rules defined at Group level.
For instance, one could question the obligation to setup board committees at every and each level in a banking group which can be very burdensome for certain smaller and non-complex group entities. Many issues could be handled at the parent company level from a group perspective.
Another example of this duplication of rules, formalities and documentation for subsidiaries is when an entity is incorporated in a country, its shareholder incorporated in another EU Member State, and the shareholder of its shareholder in another different Member State. Indeed, it is too burdensome to apply cumulatively the rules of each of those countries to the entity. It should be clear in such case that only the rules of the top mother company shall apply, hence excluding the application of the rules of each country of the shareholding chain.
As a complement to proportionality principle, adaptations and flexibilities should thus be granted within a Group; different levels of entities concerned should be distinguished: fully owned subsidiaries should not have all the same requirements to fulfill as heads of Groups or listed entities. This should be specified in the guidelines.
Pursuant to Article 109 of CRD IV, “[c]ompetent authorities shall require the parent undertakings and subsidiaries subject to this Directive to meet the obligations set out in Section II [“Arrangements, processes and mechanisms of institutions] on a consolidated or sub-consolidated basis, to ensure that their arrangements, processes and mechanisms required by Section II [“Arrangements, processes and mechanisms of institutions] are consistent and well-integrated and that any data and information relevant to the purpose of supervision can be produced”. The distinction between the implementation of CRD IV rules “on an individual basis” and their application “on a consolidated or sub-consolidated basis” should be clarified in the Guidelines. The application on a consolidated basis cannot result in the same level of constraint, for consolidated entities, than the application on an individual basis.
Furthermore, only entities subject to CRD IV should apply CRD IV rules on an individual basis, i.e. apply all rules directly within the entity. Entities, not subject to CRD IV but which are parts of the consolidated perimeter of an entity subject to CRD IV, should only apply CRD IV rules on a consolidated basis, i.e. as if the consolidated group is an entity.
If we take the example of board committees, it is clear that an entity subject to CRD IV on an individual basis has to setup committees set forth in CRD IV (unless it is not required to subject to the proportionality principle, cf. above). For entities not subject to CRD IV on an individual basis but on a consolidated basis, the setup of such committees cannot be imposed. In addition, committees of the consolidating entity have a view over such subsidiaries’ corporate issues.
However, it shall also be kept in mind that in certain specific situations, the consolidating company is not in a position to impose the application of specific rules to other group entities (ex. existence of a shareholder agreement with veto right).
For instance, there should be no discrepancies between the provisions on internal alert procedures contained in the Guidelines and the whistleblowing rules existing under each national law such as, in France, with the newly adopted law “Sapin 2”or with social law and data protection law.
Furthermore, regarding paragraph 24.a, we understand that the management body in its supervisory function should include some members that do not perform any executive function in the institution. It should be clarified that CEO/deputy CEOs shall not be prevented from being part of the management body in its supervisory function if it is allowed under national law. Paragraph 17 of the draft guidelines also raises concern on the matter. Under French law due to the “collective responsibility of the management body”, executive members can belong to the management body in its supervisory function: paragraph 17 & 24 a) do not match with applicable law. Therefore, it should be clarified that some members of the management body in its supervisory function could perform an executive function.
Our understanding is consistent with article 27 of the draft guidelines which states that “the chair of the management body in its supervisory function should be an independent or non-executive member. Where the chair is permitted to assume executive duties, the institution should have measures in place to mitigate any adverse impact on the institution’s checks and balances (e.g. by designating a lead board member, a senior independent board member or having a larger number of non-executives members within the management body in its supervisory function)”. This article seems to allow some members of the Management body in its supervisory function to perform executive functions.
In France, the CEO and its deputies can be members of the Board of directors but when acting as such, they do not conduct executive missions.
Moreover, as already said, the specific case of entities within a Group should be more taken into account, according to the proportionality principle: this should avoid duplications within a Group and overload of management bodies of subsidiaries with subjects and formalities of low added value.
When a responsibility is assigned to the “management body”, we strongly recommend that the guidelines expressly clarify that when the term “management body” is used without reference to the supervisory or the management function, the missions allocated to the “management body” shall be allocated to the right body under applicable national law.
For instance, the Guidelines provide that:
- the management body should define, adopt and maintain a governance policy to implement a clear organizational and operational structure with well-defined, transparent and consistent lines of responsibilities (paragraph 70); and
- the management body should develop, adopt, adhere and promote a code of conduct, e.g. high ethical and professional standards taking into account the specific needs and characteristics of the institution and promote the implementation of such standards (paragraph 85)
without specifying whether the management body in its management function or the management body in its supervisory function should assume such responsibilities.
In such cases, national law should apply.
II. The role and composition of the audit Committee is out of scope
The reference to the audit committee is out of scope.
Indeed, CRD IV does not refer to the audit committee which is covered by other directives and national laws.
Therefore, points 5.5 and 5.6 should be removed from the guidelines.
III. The independence criteria of committee members goes beyond CRD IV
The CRD IV does not require the committees to be composed of independent members.
We suggest, in paragraph 42, that instead of “[…] the specialised committees should be composed of a sufficient number of independent members […]” there should be “[…] the specialised committees may be composed of a sufficient number of independent members […]”.
These requirements, as they stand at present, go beyond what is provided for by CRD IV.
Should the requirement of independence be maintained in the guidelines, it should only refer to the independence of mind. Furthermore, the notion of independence should be adapted for fully owned subsidiaries; an independent member could be a Parent company employee who does not report to the Business Line of the subsidiary in which he is appointed.
In any case, the independence criteria should be left to national law or soft law and deleted from these guidelines.
Indeed, requesting systematic appointment of “independent members” under a restrictive approach in all regulated entities of a group, could be difficult to implement with little benefit: difficulty to find adequate profiles or to apply in case of limited number of board members, costs induced, additional burden, slow decision processes, etc...
For fully owned subsidiaries of groups, the notion of independence should be adapted; an ”independent member” could, for instance, be a Parent company employee who does not report to the Business Line of the subsidiary in which he/she is appointed. The restrictive approach may only be efficient and appropriate, for heads of groups or listed entities. Thus this should be applied according to national rules.
In France, for listed companies, independence criteria are already provided for by soft law.
If the company does not comply with these requirements, it has to explain why in its publicly available registration document. If the independence criteria are maintained in the guidelines, and because those criteria differ from the ones it has to apply according to French soft law, listed companies will not be able to apply both set of rules.
IV. The respective role of the nomination committee and the risk committee should be clarified
• In paragraph 46, it should be specified that the rights and the duties set out in subparagraphs b) (e.g. reporting on risk profile, risk culture and risk limits) and c) (e.g. review and decisions on the content of the information on risk to be reported) mostly relate to the risk committee.
In addition, the guidelines described in this paragraph may not be applicable to subsidiaries fully integrated in a Group and it should be specified that for such entities, the Committees can rely on the existing processes of their parent company.
• It should not be part of the tasks of the risk committee to review the proposed appointment of the external consultants that the supervisory function may decide to engage for advice or support but only to receive regular information on the appointed external consultants (paragraph 47 e).
• Similarly, the risk committee should not have to examine the alignment between all financial products and services offered to clients and the business model as well as the risk strategy of the institution but should only receive, on an annual basis, a reporting on such alignment and for significant risk (i.e. credit risk), issued by the specialized internal committees which are in charge of such assessment (paragraph 47 g).
• Paragraph 53: In a Group context, according to the proportionality principle, our view is that the written, clear and detailed description of the operational structure should be mainly applicable to heads of Group, significant entities and listed entities, but not necessarily to all entities within the Group. The requirements appear too in-depth in the guidelines. They should be soften.
V. The “Know-Your-Structure” should be amended and should refer to risk approach and the proportionality principle
Management body at Group level should not necessarily “understand the purpose and activities of its different entities and the links and relationships among them”, especially “intra-group exposures” (§ 60). Such detailed knowledge entity by entity - especially regarding the very technical subject of intra-group exposures - would induce our top executives to micro-management and to lose a risk approach and a focus on critical issues. Group management body should be knowledgeable on the risks that can have a meaningful impact at global level. An exhaustive approach is not only unrealistic for significant EU financial group: it will trigger counter-productive effects.
Please make clear that such a binding consultative advice will not be mandatory as, under French law, it would be contrary to the prior authorization by the Board and the special report on authorized agreements prepared by statutory auditors as part of the “related party transaction procedure” provided for by French company law.
• Internal Governance policy should be set at Group level and not per entity, according to the proportionality principle. This should be clearly specified in a separate paragraph in Chapter 7 (« Internal governance policy ») or in paragraph 70.
• Paragraph 77: The guidelines requirement is too extensive and demanding. National legal requirements should obviously be taken into account at the national level but are clearly not manageable directly by the parent company and therefore should not systematically be taken in account un a group-wide policy. The Guidelines not only have to acknowledge such situation but draw all consequences out of it in terms of differentiated requirements at Group and subsidiary level.
• Apart from these comments, the guidelines in Title II are appropriate and clear, assuming that our proposal to clarify that when the term “management body” is used, it refers globally to both the management and the supervisory functions and that the missions allocated by the “management body” shall be allocated to the right body under applicable national law and not to both bodies, is accepted (cf. our comments above).
• Paragraph 116: In a Group context, when entities are fully integrated in the different processes of their parent company, the internal control framework of an entity may depend on the internal control framework of its parent company. Thus, for efficiency sake and better risk management, the guidelines should leave the possibility for subsidiaries to rely on the internal control framework of their parent company.
• Besides, the legal mandate of the management body in its supervisory function is not to approve all specific procedures and mechanisms on internal control.
• Paragraph 189: For the parent company of the Group, the IAF does not have an automatic access to minutes of the management body in its supervisory function.
• Apart from these comments, we believe the guidelines in Title IV are appropriate and clear.
However, such costs are currently hardly predictable. Indeed, such costs depend on the basis on which the guidelines will have to apply: consolidated or individual basis. Should the guidelines have to be implemented at the level of each subsidiary, it will lead to extensive direct costs for institutions (administrative burden…) and indirect costs (inefficient time allocation of managers for instance). A financial Group should define the general principles. Its local subsidiaries should focus on adjusting such principles. For proper running of Groups, it should not pretend that it has to re-discuss all aspects listed in the guidelines.
In this respect, it is necessary to highlight once again the contradiction entailed in the Guidelines that are supposed to be applied undifferentiated at both Group and the (sub)consolidated subsidiaries. In the Guidelines, a subsidiary is sometimes considered as if its individuality were diluted into a seamless Group. In some other respect, it is considered as an independent entity.
Such a contradiction is bound to very significantly expand duplications of set-ups and an unnecessary formalism that will use a lot of managers time for no-added value exercises. Why should the management body of a subsidiary go through all detailed items of an agenda almost as if it were an independent entity, whereas most aspects have already been decided at Group level: the assignment of the local management body should be to focus on adjusting Group principles to local environment.
The mechanical outcome of the draft guidelines would be a paradoxical deterioration of internal governance and risk management.
Another unwelcome consequence of the reporting and formalism burden unnecessarily created for subsidiaries within an EU financial Group will be some breaches in the level playing field, whether it be:
1. for such EU financial group as opposed to similar non-EU groups. We doubt that US, UK or Asian financial groups have to comply with such formalism in the management of their international subsidiaries. Therefore, EBA Guidelines as they are worded today will represent a hurdle in the international development of European banks. Even in the European market where US banks are global players, credit institutions owned by a UK, US or any non-EU holding or shareholder will not have to manage the burdensome inconsistencies between Group and Subsidiary level. This will not be an insignificant advantage for them.
2. for subsidiaries involved in low- or non-regulated activities . Already today because of existing regulations on internal controls and governance, such subsidiaries often are in a detrimental situation vis-à-vis their competitors that do not belong to a credit institution be it in terms of customers’ service, speed of answer, cost of doing business… Such situation will further deteriorate including vis-à-vis subsidiaries belonging to a non-EU credit institution. It will create an additional competitive disadvantage for EU banking groups to develop rental, leasing, consumer finance activities for instance … whereas they add value for private individuals or SMEs thanks to their specific synergies, international coverage, funding capacities they bring to such markets.
Proportionality principle is not sufficient to reestablish a fair level playing field. It would be only natural that such activities are more easily exempted of prudential consolidation when a pure risk approach does not require it. We would suggest that EBA enrich its guidelines towards EU regulators with a view to facilitate exemptions for low- or non-regulated business.
However, we believe it is possible for EBA Guidelines to really add value in the internal governance of financial groups, provided their specific organization including with for instance matrix organisation is acknowledged in the Guidelines and by all regulators at least with the Single Supervision Mechanism (SSM). A financial Group headed by a Credit Institution should define its general governance principles that should indeed apply to the whole Group. Its subsidiaries should only focus at adjusting such principles to local considerations. They should not have to pretend that their management bodies completely re-discuss all aspects listed in the Guidelines.
It is therefore of upmost importance that EBA takes into account separately these two different levels in its future Guidelines, and that it is fully accepted by all regulators within SSM.
Question 1: Are the guidelines regarding the subject matter, scope, definitions and implementation appropriate and sufficiently clear?
Preliminary remarksAs a general comment, the FBF would like to recall that EBA guidelines should comply with CRD IV requirements. The guidelines should clarify the interpretation of CRD IV provisions without undermining the national law transposing the Directive as provided for Recitals 55 and 56 of CRD IV. Moreover, no requirement should be added to the CRD IV provisions.
Art. 74 CRD IV mandates the EBA to develop guidelines on internal governance. The Authority cannot go beyond this specific mandate given by the EU legislator.
• The notion of “Senior management” as provided for in CRD IV is missing from the draft guidelines. It should be clarified that the Senior management is included in the notion of “management body in its management function” (cf. our comments below).
• We do not support the introduction of the notion of “key function holders”, which is not used in CRD IV (cf. our comments below).
• Given the high complexity of the notions used and the diversity of governance models, it seems very important to ensure that the guidelines fit with any model (one-tier or two-tier).
• The specific case of entities within a Group should be more taken into account and specified (proportionality principle). Duplication of formalities and documentation required at the different levels of a Group organization should be avoided. For subjects handled by the Group, subsidiaries and regional banks should have rules allowing them to benefit from exemptions or at least lighter requirements.
As an example, when an entity is incorporated in a country, its shareholder incorporated in another EU Member State, and the shareholder of its shareholder in another different Member State, it is too burdensome to apply cumulatively the rules of each of those countries. It should be clear in such case that only the rules of the top mother company shall apply, hence excluding the application of the rules of each country of the shareholding chain.
As a complement to proportionality principle, adaptations and flexibilities should be granted within a Group; different levels of entities concerned should be distinguished: fully owned subsidiaries should not have all the same requirements to fulfill as heads of Groups or listed entities. This should be specified in the guidelines.
• Regarding Article 109 of CRD IV, the distinction between the implementation of CRD IV rules “on an individual basis” and their application “on a consolidated basis” should be clarified in the Guidelines. The application on a consolidated basis cannot result in the same level of constraint than the application on an individual basis for consolidated entities. Only entities subject to CRD IV should apply CRD IV rules on an individual basis, i.e. apply all rules directly within the entity. Entities which are not subject to CRD IV but which are parts of the consolidated perimeter of an entity subject to CRD IV, should only apply CRD IV rules on a consolidated basis, i.e. as if the consolidated group is an entity.
• The independence criteria of the members of the management body should not be introduced in these guidelines and be left to national law or national soft law. Indeed, CRD IV does not require the members of the committees to be independent. Thus, the draft guidelines go beyond the directive on this matter.
I. No definition of Senior management
The notion Senior management, as provided for in CRD IV , is missing from the draft guidelines.
It should be clarified that the Senior management is included in the notion of “management body in its management function” (as further developed in section III. below).
To our opinion, the “Senior management” covers:
(i) the CEO, and deputy CEOs in one-tier systems;
(ii) the management board in two-tier systems.
The guidelines should therefore reintroduce the notion of « senior management » and clarify the terms « management body in its management function » as noted above.
II. Introduction of a new notion : key function holders
We do not support the introduction of the notion of key function holders, which is not used in CRD IV. Such a notion should therefore be deleted from the guidelines.
III. Clarification of the notions of management body in its supervisory function and management body in its management function
The notions of management body in its supervisory function and management body in its management function need to be clarified, being understood that whatever the form of the corporate legal system in each country is, the aim of CRD IV rules is to ensure a clear separation between the daily management of the institution (Executive Function) and the supervision of such daily management (Supervisory Function).
Indeed, the different corporate legal systems within Europe can be synthesized as follows:
- One-tier system (ex. UK or Spain): one single collective body performs both Executive and Supervisory Functions; or
- Two-tier system (ex. German or France for system with supervisory board and management board): one collective body is in charge of the Executive Function and one other separate collective body is in charge of Supervisory Function.
- “In between” system (ex. France): one collective body (i.e. the Board of Directors) is in charge of the Supervisory Function and some Management Functions (including the determination of the institution’s strategy); whereas the Executive Function (i.e. the daily management of the institution) is ensured by one or more physical persons (i.e. the CEO and Deputy CEOs). In such system, the CEO and Deputy CEOs can be allowed to be members of the Board of Directors but when acting as such members, they do not conduct executive missions (they act as every other board member).
According to our understanding of CRD IV, a distinction should be made between the management function (i.e. covering the daily executive and the overall direction functions) and the supervisory function, irrespective the corporate legal system applicable. This general principle is observable throughout the whole CRD IV and can be illustrated in particular in article 88, 1. d) according to which “the management body must be responsible for providing effective oversight of senior management”.
This being said, we welcome the EBA draft Guidelines on internal governance as they distinguish the management Function and the supervisory Function of the management body. We understand those guidelines as putting forward three definitions:
- The management body in its supervisory function: corresponds to the supervisory function;
- The management body in its management function: combines some functions of the management function (i.e. Board of Directors in one-tier system) and the executive function (i.e. CEO and Deputy CEOs in one-tier system);
- The management body: corresponds to either the supervisory or the management function (including the executive function) (see inter alia recital 56 of CRDIV).
This is the way article 70 seems to define these Management body functions: “The management body should define, adopt and maintain a governance policy to implement a clear organizational and operational structure with well-defined, transparent and consistent lines of responsibility taking into account the aspects set out in Annex I of these guidelines. The management body in its management function is responsible for the implementation of that policy. The management body in its supervisory function is responsible for overseeing its implementation and that it is fully operating as intended and should ensure that the institution’s policy is aligned with the institution’s overall internal governance arrangements, corporate culture and risk appetite”.
This example clearly shows the allocation of functions between the Management body in its Supervisory function and the Management body in its Management function.
Those definitions clearly match with the objectives of CRD IV as regards the separation of functions between Executive and Supervisory Functions.
However, as each national law is different and because CRD IV expressly mentions in Recital 55 that “the definitions used should not interfere with the general allocation of competences in accordance with national company law”, we strongly recommend that the guidelines expressly clarify that when the term “management body” is used without reference to the supervisory or the management function, the missions allocated to the “management body” shall be allocated to the right body under applicable national law.
As example, article 106 of the draft guidelines states that: “The management body should approve and regularly review and update the outsourcing policy of an institution, ensuring that appropriate changes are implemented in a timely manner”. In France, the role of the Board of directors is to review this policy but not to update such policy. The update of such policy is clearly within the role of the management function (in France, the CEO and its deputies (or, as the case may be, by way of delegation)).
IV. Scope of the guidelines
As regards paragraph 12, the scope of these guidelines should be specified, taking into account entities belonging to a Group. It is critical for effective risk management and level playing field with non-EU groups (cf. Question 8) that duplication of formalities and documentation required at the different levels of a Group organization must be avoided. According to the proportionality principle, for subjects handled by the Group, subsidiaries should have rules allowing them to benefit from exemptions – especially when developing low - or non-regulated activities - or at least lighter requirements. The very practical consistency and efficiency of the Guidelines but also sometimes their legality vis-à-vis local Law are at stake here.
A general principle should be added to give the possibility to rely on existing processes or rules defined at Group level.
For instance, one could question the obligation to setup board committees at every and each level in a banking group which can be very burdensome for certain smaller and non-complex group entities. Many issues could be handled at the parent company level from a group perspective.
Another example of this duplication of rules, formalities and documentation for subsidiaries is when an entity is incorporated in a country, its shareholder incorporated in another EU Member State, and the shareholder of its shareholder in another different Member State. Indeed, it is too burdensome to apply cumulatively the rules of each of those countries to the entity. It should be clear in such case that only the rules of the top mother company shall apply, hence excluding the application of the rules of each country of the shareholding chain.
As a complement to proportionality principle, adaptations and flexibilities should thus be granted within a Group; different levels of entities concerned should be distinguished: fully owned subsidiaries should not have all the same requirements to fulfill as heads of Groups or listed entities. This should be specified in the guidelines.
Pursuant to Article 109 of CRD IV, “[c]ompetent authorities shall require the parent undertakings and subsidiaries subject to this Directive to meet the obligations set out in Section II [“Arrangements, processes and mechanisms of institutions] on a consolidated or sub-consolidated basis, to ensure that their arrangements, processes and mechanisms required by Section II [“Arrangements, processes and mechanisms of institutions] are consistent and well-integrated and that any data and information relevant to the purpose of supervision can be produced”. The distinction between the implementation of CRD IV rules “on an individual basis” and their application “on a consolidated or sub-consolidated basis” should be clarified in the Guidelines. The application on a consolidated basis cannot result in the same level of constraint, for consolidated entities, than the application on an individual basis.
Furthermore, only entities subject to CRD IV should apply CRD IV rules on an individual basis, i.e. apply all rules directly within the entity. Entities, not subject to CRD IV but which are parts of the consolidated perimeter of an entity subject to CRD IV, should only apply CRD IV rules on a consolidated basis, i.e. as if the consolidated group is an entity.
If we take the example of board committees, it is clear that an entity subject to CRD IV on an individual basis has to setup committees set forth in CRD IV (unless it is not required to subject to the proportionality principle, cf. above). For entities not subject to CRD IV on an individual basis but on a consolidated basis, the setup of such committees cannot be imposed. In addition, committees of the consolidating entity have a view over such subsidiaries’ corporate issues.
However, it shall also be kept in mind that in certain specific situations, the consolidating company is not in a position to impose the application of specific rules to other group entities (ex. existence of a shareholder agreement with veto right).
Question 2: Are there any conflicts between the responsibilities assigned by national company law to a specific function of the management body and the responsibilities assigned by the Guidelines, in particular within paragraph 23, to either the management or supervisory function?
It is indeed essential to ensure consistency of the Guidelines with national company law but also with other applicable national laws.For instance, there should be no discrepancies between the provisions on internal alert procedures contained in the Guidelines and the whistleblowing rules existing under each national law such as, in France, with the newly adopted law “Sapin 2”or with social law and data protection law.
Furthermore, regarding paragraph 24.a, we understand that the management body in its supervisory function should include some members that do not perform any executive function in the institution. It should be clarified that CEO/deputy CEOs shall not be prevented from being part of the management body in its supervisory function if it is allowed under national law. Paragraph 17 of the draft guidelines also raises concern on the matter. Under French law due to the “collective responsibility of the management body”, executive members can belong to the management body in its supervisory function: paragraph 17 & 24 a) do not match with applicable law. Therefore, it should be clarified that some members of the management body in its supervisory function could perform an executive function.
Our understanding is consistent with article 27 of the draft guidelines which states that “the chair of the management body in its supervisory function should be an independent or non-executive member. Where the chair is permitted to assume executive duties, the institution should have measures in place to mitigate any adverse impact on the institution’s checks and balances (e.g. by designating a lead board member, a senior independent board member or having a larger number of non-executives members within the management body in its supervisory function)”. This article seems to allow some members of the Management body in its supervisory function to perform executive functions.
In France, the CEO and its deputies can be members of the Board of directors but when acting as such, they do not conduct executive missions.
Moreover, as already said, the specific case of entities within a Group should be more taken into account, according to the proportionality principle: this should avoid duplications within a Group and overload of management bodies of subsidiaries with subjects and formalities of low added value.
Question 3: Are the guidelines in Title I regarding the role of the management body appropriate and sufficiently clear?
I. Clarification of the role of the management body : whether supervisory or management functionWhen a responsibility is assigned to the “management body”, we strongly recommend that the guidelines expressly clarify that when the term “management body” is used without reference to the supervisory or the management function, the missions allocated to the “management body” shall be allocated to the right body under applicable national law.
For instance, the Guidelines provide that:
- the management body should define, adopt and maintain a governance policy to implement a clear organizational and operational structure with well-defined, transparent and consistent lines of responsibilities (paragraph 70); and
- the management body should develop, adopt, adhere and promote a code of conduct, e.g. high ethical and professional standards taking into account the specific needs and characteristics of the institution and promote the implementation of such standards (paragraph 85)
without specifying whether the management body in its management function or the management body in its supervisory function should assume such responsibilities.
In such cases, national law should apply.
II. The role and composition of the audit Committee is out of scope
The reference to the audit committee is out of scope.
Indeed, CRD IV does not refer to the audit committee which is covered by other directives and national laws.
Therefore, points 5.5 and 5.6 should be removed from the guidelines.
III. The independence criteria of committee members goes beyond CRD IV
The CRD IV does not require the committees to be composed of independent members.
We suggest, in paragraph 42, that instead of “[…] the specialised committees should be composed of a sufficient number of independent members […]” there should be “[…] the specialised committees may be composed of a sufficient number of independent members […]”.
These requirements, as they stand at present, go beyond what is provided for by CRD IV.
Should the requirement of independence be maintained in the guidelines, it should only refer to the independence of mind. Furthermore, the notion of independence should be adapted for fully owned subsidiaries; an independent member could be a Parent company employee who does not report to the Business Line of the subsidiary in which he is appointed.
In any case, the independence criteria should be left to national law or soft law and deleted from these guidelines.
Indeed, requesting systematic appointment of “independent members” under a restrictive approach in all regulated entities of a group, could be difficult to implement with little benefit: difficulty to find adequate profiles or to apply in case of limited number of board members, costs induced, additional burden, slow decision processes, etc...
For fully owned subsidiaries of groups, the notion of independence should be adapted; an ”independent member” could, for instance, be a Parent company employee who does not report to the Business Line of the subsidiary in which he/she is appointed. The restrictive approach may only be efficient and appropriate, for heads of groups or listed entities. Thus this should be applied according to national rules.
In France, for listed companies, independence criteria are already provided for by soft law.
If the company does not comply with these requirements, it has to explain why in its publicly available registration document. If the independence criteria are maintained in the guidelines, and because those criteria differ from the ones it has to apply according to French soft law, listed companies will not be able to apply both set of rules.
IV. The respective role of the nomination committee and the risk committee should be clarified
• In paragraph 46, it should be specified that the rights and the duties set out in subparagraphs b) (e.g. reporting on risk profile, risk culture and risk limits) and c) (e.g. review and decisions on the content of the information on risk to be reported) mostly relate to the risk committee.
In addition, the guidelines described in this paragraph may not be applicable to subsidiaries fully integrated in a Group and it should be specified that for such entities, the Committees can rely on the existing processes of their parent company.
• It should not be part of the tasks of the risk committee to review the proposed appointment of the external consultants that the supervisory function may decide to engage for advice or support but only to receive regular information on the appointed external consultants (paragraph 47 e).
• Similarly, the risk committee should not have to examine the alignment between all financial products and services offered to clients and the business model as well as the risk strategy of the institution but should only receive, on an annual basis, a reporting on such alignment and for significant risk (i.e. credit risk), issued by the specialized internal committees which are in charge of such assessment (paragraph 47 g).
• Paragraph 53: In a Group context, according to the proportionality principle, our view is that the written, clear and detailed description of the operational structure should be mainly applicable to heads of Group, significant entities and listed entities, but not necessarily to all entities within the Group. The requirements appear too in-depth in the guidelines. They should be soften.
V. The “Know-Your-Structure” should be amended and should refer to risk approach and the proportionality principle
Management body at Group level should not necessarily “understand the purpose and activities of its different entities and the links and relationships among them”, especially “intra-group exposures” (§ 60). Such detailed knowledge entity by entity - especially regarding the very technical subject of intra-group exposures - would induce our top executives to micro-management and to lose a risk approach and a focus on critical issues. Group management body should be knowledgeable on the risks that can have a meaningful impact at global level. An exhaustive approach is not only unrealistic for significant EU financial group: it will trigger counter-productive effects.
Question 4: Are the guidelines in Title II regarding the internal governance policy, risk culture and business conduct appropriate and sufficiently clear?
• Among the procedures that could be established for transactions with related parties, the Guidelines mention the request for a “binding consultative advice by independent members of the management body” (paragraph 94 f).Please make clear that such a binding consultative advice will not be mandatory as, under French law, it would be contrary to the prior authorization by the Board and the special report on authorized agreements prepared by statutory auditors as part of the “related party transaction procedure” provided for by French company law.
• Internal Governance policy should be set at Group level and not per entity, according to the proportionality principle. This should be clearly specified in a separate paragraph in Chapter 7 (« Internal governance policy ») or in paragraph 70.
• Paragraph 77: The guidelines requirement is too extensive and demanding. National legal requirements should obviously be taken into account at the national level but are clearly not manageable directly by the parent company and therefore should not systematically be taken in account un a group-wide policy. The Guidelines not only have to acknowledge such situation but draw all consequences out of it in terms of differentiated requirements at Group and subsidiary level.
• Apart from these comments, the guidelines in Title II are appropriate and clear, assuming that our proposal to clarify that when the term “management body” is used, it refers globally to both the management and the supervisory functions and that the missions allocated by the “management body” shall be allocated to the right body under applicable national law and not to both bodies, is accepted (cf. our comments above).
Question 5: Are the guidelines in Title III regarding the principle of proportionality appropriate and sufficiently clear?
• Paragraph 112: concerning the purpose of the principle of proportionality, it should be clarified that this is a list of indicators which is not binding.• Paragraph 116: In a Group context, when entities are fully integrated in the different processes of their parent company, the internal control framework of an entity may depend on the internal control framework of its parent company. Thus, for efficiency sake and better risk management, the guidelines should leave the possibility for subsidiaries to rely on the internal control framework of their parent company.
• Besides, the legal mandate of the management body in its supervisory function is not to approve all specific procedures and mechanisms on internal control.
Question 6: Are the guidelines in Title IV regarding the internal control framework appropriate and sufficiently clear?
• Paragraph 178 & 179: The role of the compliance function is not to act as advisor to the management body regarding the interpretation of laws, rules, regulations and standards but to ensure that the operations and internal procedures of a Group comply with such laws, regulations, professional standards and internal standards applicable to its activities. The compliance function may ensure an advice to the management body to that extent only. Legal watch is part of the mandate of legal department and not of the compliance department. The description of the role of the compliance function should be amended accordingly.• Paragraph 189: For the parent company of the Group, the IAF does not have an automatic access to minutes of the management body in its supervisory function.
• Apart from these comments, we believe the guidelines in Title IV are appropriate and clear.
Question 7: Are the guidelines in Title V regarding transparency of the organization of the institution appropriate and sufficiently clear?
We believe the guidelines in Title IV are appropriate and clear.Question 8: Are the findings and conclusions of the impact assessments appropriate; please provide to the extent possible an estimate of the cost to implement the Guidelines differentiating of one-off and ongoing costs?
Due to the number of policies and procedures that an institution will have to adopt, implement, monitor and assess, the implementation of the Guidelines will probably involve additional staff costs.However, such costs are currently hardly predictable. Indeed, such costs depend on the basis on which the guidelines will have to apply: consolidated or individual basis. Should the guidelines have to be implemented at the level of each subsidiary, it will lead to extensive direct costs for institutions (administrative burden…) and indirect costs (inefficient time allocation of managers for instance). A financial Group should define the general principles. Its local subsidiaries should focus on adjusting such principles. For proper running of Groups, it should not pretend that it has to re-discuss all aspects listed in the guidelines.
In this respect, it is necessary to highlight once again the contradiction entailed in the Guidelines that are supposed to be applied undifferentiated at both Group and the (sub)consolidated subsidiaries. In the Guidelines, a subsidiary is sometimes considered as if its individuality were diluted into a seamless Group. In some other respect, it is considered as an independent entity.
Such a contradiction is bound to very significantly expand duplications of set-ups and an unnecessary formalism that will use a lot of managers time for no-added value exercises. Why should the management body of a subsidiary go through all detailed items of an agenda almost as if it were an independent entity, whereas most aspects have already been decided at Group level: the assignment of the local management body should be to focus on adjusting Group principles to local environment.
The mechanical outcome of the draft guidelines would be a paradoxical deterioration of internal governance and risk management.
Another unwelcome consequence of the reporting and formalism burden unnecessarily created for subsidiaries within an EU financial Group will be some breaches in the level playing field, whether it be:
1. for such EU financial group as opposed to similar non-EU groups. We doubt that US, UK or Asian financial groups have to comply with such formalism in the management of their international subsidiaries. Therefore, EBA Guidelines as they are worded today will represent a hurdle in the international development of European banks. Even in the European market where US banks are global players, credit institutions owned by a UK, US or any non-EU holding or shareholder will not have to manage the burdensome inconsistencies between Group and Subsidiary level. This will not be an insignificant advantage for them.
2. for subsidiaries involved in low- or non-regulated activities . Already today because of existing regulations on internal controls and governance, such subsidiaries often are in a detrimental situation vis-à-vis their competitors that do not belong to a credit institution be it in terms of customers’ service, speed of answer, cost of doing business… Such situation will further deteriorate including vis-à-vis subsidiaries belonging to a non-EU credit institution. It will create an additional competitive disadvantage for EU banking groups to develop rental, leasing, consumer finance activities for instance … whereas they add value for private individuals or SMEs thanks to their specific synergies, international coverage, funding capacities they bring to such markets.
Proportionality principle is not sufficient to reestablish a fair level playing field. It would be only natural that such activities are more easily exempted of prudential consolidation when a pure risk approach does not require it. We would suggest that EBA enrich its guidelines towards EU regulators with a view to facilitate exemptions for low- or non-regulated business.
However, we believe it is possible for EBA Guidelines to really add value in the internal governance of financial groups, provided their specific organization including with for instance matrix organisation is acknowledged in the Guidelines and by all regulators at least with the Single Supervision Mechanism (SSM). A financial Group headed by a Credit Institution should define its general governance principles that should indeed apply to the whole Group. Its subsidiaries should only focus at adjusting such principles to local considerations. They should not have to pretend that their management bodies completely re-discuss all aspects listed in the Guidelines.
It is therefore of upmost importance that EBA takes into account separately these two different levels in its future Guidelines, and that it is fully accepted by all regulators within SSM.