This document is an excerpt from the EUR-Lex website
Document 52010SC0669
Commission staff working document - Corporate Governance in Financial Institutions: Lessons to be drawn from the current financial crisis, best practices Accompanying document to the Green Paper Corporate governance in financial institutions and remuneration policies {COM(2010) 284 final}
Commission staff working document - Corporate Governance in Financial Institutions: Lessons to be drawn from the current financial crisis, best practices Accompanying document to the Green Paper Corporate governance in financial institutions and remuneration policies {COM(2010) 284 final}
Commission staff working document - Corporate Governance in Financial Institutions: Lessons to be drawn from the current financial crisis, best practices Accompanying document to the Green Paper Corporate governance in financial institutions and remuneration policies {COM(2010) 284 final}
/* SEC/2010/0669 final */
Commission staff working document - Corporate Governance in Financial Institutions: Lessons to be drawn from the current financial crisis, best practices Accompanying document to the Green Paper Corporate governance in financial institutions and remuneration policies {COM(2010) 284 final} /* SEC/2010/0669 final */
EN (...PICT...)|EUROPEAN COMMISSION| Brussels, 2.6.2010 SEC(2010) 669 COMMISSION STAFF WORKING DOCUMENT Corporate Governance in Financial Institutions: Lessons to be drawn from the current financial crisis, best practices Accompanying document to the GREEN PAPER Corporate governance in financial institutions and remuneration policies {COM(2010) 284 final} Table of contents 1. Introduction 3 1.1. A response from the European Commission 4 1.2. Scope 5 2. Boards 6 2.1. Background and key findings 6 2.2. Examples of best practices 10 3. Risk management 17 3.1. Background and key findings 17 3.2. Examples of best practices 20 4. Shareholders 23 4.1. Background and key findings 23 4.2. Examples of best practices 26 5. Supervisors 30 5.1. Background and key findings 30 5.2. Examples of best practices 31 6. External auditors 32 6.1. Background and key findings 32 6.2. Examples of best practices 34 Annex 1 – The methodology applied for the establishment of this paper 36 Annex 2 – Summary of Findings 37 Annex 3 – Bibliography 42 1. Introduction The collapse of financial markets in autumn 2008 and the credit crunch that followed can be attributed to multiple, often inter-related, factors at both macro- and micro-economic levels, as identified in the De Larosière Report The Report of the High-Level Group on Financial Supervision in the EU published on 25 February 2009. The Group was chaired by Mr Jacques de Larosière. . Excessive liquidity, credit and leverage in the market; the difficulty for central banks to control inflationary asset prices; the speed of diffusion of complex financial innovation (good or bad) in global financial markets; inadequate risk control and risk pricing by a series of economic agents (banks, brokers, investors) notably in relation to debt securitisation, all these factors combined with an expectation of double digit returns on the part of investors, weaknesses in supervision and ineffective governance. [1] The Report of the High-Level Group on Financial Supervision in the EU published on 25 February 2009. The Group was chaired by Mr Jacques de Larosière. Corporate governance Corporate governance is understood in this paper as encompassing the standards for decision-making within a financial institution, the duties of the board and the management, the internal structure of the financial institution and the relationships between the financial institution and its stakeholders. This concept is in line with the Basel Committee's understanding of corporate governance as embodied in its guidance Enhancing corporate governance for banking institutions , February 2006. weaknesses in financial institutions were not per se the main causes of the financial crisis. However, timely and effective checks and balances in governance systems might have helped mitigate the worst aspects of the crisis. In many instances, as underlined by the De Larosière Report, boards and senior management of financial firms failed to understand the characteristics of the new, highly complex financial products they were dealing with and were often unaware of the aggregate exposure of their companies, and consequently largely underestimated the risk they were running See De Larosière report (2009), p. 8. . The "herd instinct" prevailed too often driving many firms into a race to inflate profit without paying proper attention to risk. In many cases, board oversight or control of management was insufficient and non-executive directors "absent" or unable to challenge executive directors. The risk management function was weak and lacking in independence. Inadequate remuneration structures for both directors and traders led to excessive risk-taking and short-termism. Shareholders too had become "accustomed to returns on equity which hugely outpaced for many years real economic growth rates" and institutional investors in particular showed too little engagement with boards of financial institutions For all these issues, see, for instance, OECD , Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009; Walker, D. , A Review of Corporate Governance in UK Banks and Other Financial Industry Entities, Final Recommendations , 26 November 2009; Institute for International Finance (IIF), Reform in the Financial Services Industry: Strengthening Practices for a More Stable System , December 2009., De Larosière report (2009). .[2][3][4] Corporate governance is understood in this paper as encompassing the standards for decision-making within a financial institution, the duties of the board and the management, the internal structure of the financial institution and the relationships between the financial institution and its stakeholders. This concept is in line with the Basel Committee's understanding of corporate governance as embodied in its guidance Enhancing corporate governance for banking institutions , February 2006. See De Larosière report (2009), p. 8. For all these issues, see, for instance, OECD , Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009; Walker, D. , A Review of Corporate Governance in UK Banks and Other Financial Industry Entities, Final Recommendations , 26 November 2009; Institute for International Finance (IIF), Reform in the Financial Services Industry: Strengthening Practices for a More Stable System , December 2009., De Larosière report (2009). This reality, as revealed by the crisis, is in stark contradiction with what, on the face of it, seems already to be a well developed and sophisticated corporate governance framework for financial institutions. At international level, the basis for this framework is found in the OECD 1999 Principles of Corporate Governance revised in 2004, the Basel 1999 guidelines on " Enhancing corporate governance for banking organisations " revised in February 2006, the OECD 2002 Corporate Governance Guidelines for Pension Funds, the IAIS and OECD 2005 Guidelines for Insurers’ Governance (currently under revision) . In principle, as stated above, the observance of the existing corporate governance principles by financial institutions should at least have contributed to mitigating the financial crisis. It did not. Were these corporate governance principles of too high level, too lax or too ambiguous allowing for a too flexible interpretation, while permitting boards of banks to keep up appearances of good governance? Or was it that those principles were not, or only partially, observed and that neither the shareholders, nor supervisors actually monitored their application? The question of the adequacy and appropriateness of the current corporate governance framework for financial institutions is a challenging one for stakeholders and public authorities alike. There is no straightforward answer. A meticulous and careful examination of the failure of the current system of checks and balances is needed. The purpose of this review is not to recast entirely the existing corporate governance framework for financial institutions. It is rather about adjustments to expand and detail further corporate governance principles where needed, fine-tune the balance between soft and hard law, and ensure a strict monitoring of voluntary practices and adequate enforcement of legislation. The current system of checks and balances must be significantly strengthened, duly applied and enforced so that all involved will have a greater awareness of their accountability and liability, without undermining the spirit of entrepreneurship and risk-taking that is necessary to economic growth. 1.1. A response from the European Commission In its Communication of 4 March 2009 for the Spring European Council on driving European recovery Commission Communication of 4 March 2009 to the Spring European Council, "Driving European Recovery" - COM(2009) 114. , the European Commission announced that it would : (i) as a matter of urgency, address the impropriety of the remuneration framework in the financial sector with a view to curbing excessive risk-taking and short-termism, and (ii) as a second step, examine more broadly and report on current corporate governance practices in financial institutions, making recommendations including for legislative initiatives, where appropriate.[5] Commission Communication of 4 March 2009 to the Spring European Council, "Driving European Recovery" - COM(2009) 114. As regards point (i), in April 2009, the Commission issued two recommendations, one strengthening its 2004 Recommendation on remuneration directors of listed companies Commission Recommendation 2009/385/EC of 30 April 2009 complementing Recommendations 2004/913/EC and 2005/162/EC as regards the regime for the remuneration of directors of listed companies (OJ L 120, 15.5.2009). and the second one addressing remuneration of risk-taking staff in the financial sector Commission Recommendation 2009/384/EC on remuneration policies in the financial services sector of 30 April 2009 (OJ L 120, 15.5.2009). . These Recommendations, which are the subject of monitoring reports as to their application in Member States In parallel to this staff working paper, the Commission is adopting two reports on the application to date by Member States of the two 2009 Commission Recommendations on remuneration. , have been followed by legislative proposals to include remuneration schemes within the scope of prudential oversight, notably in the banking sector through the third revision of the Capital Requirements Directive Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/48/EC and 2006/49/EC as regards capital requirements for the trading book and for re-securitisations, and the supervisory review of remuneration policies - SEC(2009) 974 and SEC(2009) 975. . With regard to asset management, similar considerations are currently being examined by the Council and the European Parliament for alternative investment fund management See Proposal for a of the European Parliament and of the Council on Alternative Investment Fund Managers and amending Directives 2004/39/EC and 2009/…/EC - SEC(2009)576 and SEC(2009) 577. and the same approach should be adopted for undertakings collective investment in transferable securities (UCITS) early 2011. A comparable approach should also be followed in the insurance area in relation to the implementation of the Solvency II Directive Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009). for the end of 2010. [6][7][8][9][10][11] Commission Recommendation 2009/385/EC of 30 April 2009 complementing Recommendations 2004/913/EC and 2005/162/EC as regards the regime for the remuneration of directors of listed companies (OJ L 120, 15.5.2009). Commission Recommendation 2009/384/EC on remuneration policies in the financial services sector of 30 April 2009 (OJ L 120, 15.5.2009). In parallel to this staff working paper, the Commission is adopting two reports on the application to date by Member States of the two 2009 Commission Recommendations on remuneration. Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/48/EC and 2006/49/EC as regards capital requirements for the trading book and for re-securitisations, and the supervisory review of remuneration policies - SEC(2009) 974 and SEC(2009) 975. See Proposal for a of the European Parliament and of the Council on Alternative Investment Fund Managers and amending Directives 2004/39/EC and 2009/…/EC - SEC(2009)576 and SEC(2009) 577. Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009). The Commission staff working paper should be read in conjunction with the Commission Green Paper (COM(2010) 284) on corporate governance in EU financial institutions. The Green Paper sets out possible ways forward to reinforce the corporate governance framework for financial institutions at EU level and launches a public consultation on this basis. 1.2. Scope The analysis and best practices gathered in this working paper may be of relevance for all regulated financial institutions. Nonetheless, its primary focus is banks and life insurance companies. It should further be noted that whilst this paper addresses neither the transient and specific governance situations that might result from substantial state ownership in bailed-out banks, nor the governance arrangements of some financial institutions (such as the Landesbanken in Germany or regional savings banks in Spain), some if not all issues - e.g. those concerning the composition and role of the boards - would be worth considering in those situations too. In the course of the preparation of this paper, the issue has also arisen as to whether the considerations laid down here would extend to all listed companies. There may, of course, be lessons learnt from this crisis that might be of relevance for corporate governance in listed companies in general. However, the scope of this paper is essentially limited to financial institutions, due to circumstances – the crisis is a financial one - and to the specificity of corporate governance in financial institutions. In addition to their responsibilities to shareholders, financial institutions have responsibilities to depositors or policy holders. 1.3 Structure of the paper The Commission staff working paper examines and lays down a series of considerations regarding (i) the composition, the duties and the functioning of boards For the purposes of this report, it should be kept in mind that some Member States use a dual or two-tier board structure, where the supervisory function of the board is performed by a separate body known as a supervisory board, which has no executive functions. Other Member States use a unitary or one-tier board structure in which the board is composed of executive as well as of non-executive directors and which has an oversight function but can also intervene in management decisions. Finally, in some Member States either structure or a mix of them is possible. of financial institutions as well as the specific position of non-executive directors; (ii) the definition of the risk management function and its reporting lines; (iii) the role and expected behaviour of shareholders, particularly institutional shareholders For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. , as well as the possible impact of the forthcoming measures on crisis management; (iv) the powers and related duties of supervisors; (v) the role of statutory auditors as regards risk management; and more generally, the issue of effective application, monitoring and enforcement of corporate governance. The methodology of this paper is described in Annex 1.[12][13] For the purposes of this report, it should be kept in mind that some Member States use a dual or two-tier board structure, where the supervisory function of the board is performed by a separate body known as a supervisory board, which has no executive functions. Other Member States use a unitary or one-tier board structure in which the board is composed of executive as well as of non-executive directors and which has an oversight function but can also intervene in management decisions. Finally, in some Member States either structure or a mix of them is possible. For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. 2. Boards 2.1. Background and key findings The current financial crisis revealed serious flaws and shortcomings in board The term "board" used in this report refers to the board in the unitary board system, in particular in its oversight function and to the supervisory board in the dual board system. Where the executive management is concerned, it is clearly specified in the report. The terms "management" or "executive board members/executive directors" cover the executive members of the unitary board as well as the members of the management board in the dual board structure. Where the text refers to "non-executive board members/non-executive directors", it covers non-executive members of the unitary board and the members of the supervisory board in the dual structure. performance at a number of financial institutions See, for instance, OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). . In particular, for different reasons, many non-executive directors were not in a position to form objective and independent judgements on management decisions. In consequence, in many instances they failed to act as an effective check on, and challenge to, executive managers. [14][15] The term "board" used in this report refers to the board in the unitary board system, in particular in its oversight function and to the supervisory board in the dual board system. Where the executive management is concerned, it is clearly specified in the report. The terms "management" or "executive board members/executive directors" cover the executive members of the unitary board as well as the members of the management board in the dual board structure. Where the text refers to "non-executive board members/non-executive directors", it covers non-executive members of the unitary board and the members of the supervisory board in the dual structure. See, for instance, OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). In addition, duties of the board are complex and imply arbitrating between constituencies. Shareholders have widely diverging views and the notion of acting in the best interests of the company is not clear cut See OECD (June 2009). . The crisis has revealed that interests of shareholders and boards do not necessarily match with the long-term interests of the financial institution. Especially, the interests of stakeholders, such as depositors or, to a certain extent, employees, have not been sufficiently taken into account by shareholders and boards. [16] See OECD (June 2009). This section lists the most significant weaknesses which have been revealed and identified during recent events. 2.1.1. Expertise and time commitment of non-executive board members In many cases, non-executive board members did not devote sufficient time to fulfil their duties. For instance, according to one study, a non-executive director without any committee membership would, until recently, typically expect to work about fifteen days per annum Nestor Advisors, Report on Bank Boards and the Financial Crisis: A corporate governance study of the 25 largest European banks , May 2009, p. 43. . The model of part-time boards with board members combining a number of mandates in different companies is under severe stress, particularly in large complex financial institutions See OECD (June 2009); Nestor Advisors (May 2009); Walker, D. (November 2009); Also, answering questions of House of Commons Treasury Committee, Lord Turner stressed that "Having been a non-executive of a bank, I realised that to do it professionally you really do have to put a hell a lot of time into it. In future I think we are going to have to think about how much time effectively even very competent people can give to really go into the detail", see House of Commons Treasury Committee, Banking crisis: Reforming corporate governance and pay in the City , 2009. . The crisis has revealed the difficulties which non-executive directors face understanding all dimensions of risks being taken by financial institutions within the time commitments It is worth noting that in Germany whilst members of the management board are prohibited from serving as executive directors in other companies without the consent of the supervisory board, this does not prevent them from taking a position on the supervisory board(s) of other companies. The general principle is however that each member of the management board has to devote his or her full service and engagement to the company in question. In practice, executive directors of holding companies serve quite frequently on boards of subsidiaries. The German Code of Corporate Governance states that members of the management board of a listed company shall not accept more than a total of three supervisory board mandate in non-group listed companies. typically required from them.[17][18][19] Nestor Advisors, Report on Bank Boards and the Financial Crisis: A corporate governance study of the 25 largest European banks , May 2009, p. 43. See OECD (June 2009); Nestor Advisors (May 2009); Walker, D. (November 2009); Also, answering questions of House of Commons Treasury Committee, Lord Turner stressed that "Having been a non-executive of a bank, I realised that to do it professionally you really do have to put a hell a lot of time into it. In future I think we are going to have to think about how much time effectively even very competent people can give to really go into the detail", see House of Commons Treasury Committee, Banking crisis: Reforming corporate governance and pay in the City , 2009. It is worth noting that in Germany whilst members of the management board are prohibited from serving as executive directors in other companies without the consent of the supervisory board, this does not prevent them from taking a position on the supervisory board(s) of other companies. The general principle is however that each member of the management board has to devote his or her full service and engagement to the company in question. In practice, executive directors of holding companies serve quite frequently on boards of subsidiaries. The German Code of Corporate Governance states that members of the management board of a listed company shall not accept more than a total of three supervisory board mandate in non-group listed companies. Moreover, many non-executive board members lacked relevant financial expertise and skills to be able to perform their duties and efficiently challenge dominant chief executives pursuing aggressive growth strategies See Financial Services Agency, The Turner Review: A regulatory response to the global bank crisis , March 2009; Nestor Advisors (May 2009). . As showed by different studies, the presence of a sufficient number of experienced and informed non-executives encourages challenge as opposed to boards whose members do not question management decisions because the subject is too technical for them See, for example, Nestor Advisors (May 2009). .[20][21] See Financial Services Agency, The Turner Review: A regulatory response to the global bank crisis , March 2009; Nestor Advisors (May 2009). See, for example, Nestor Advisors (May 2009). Participants in the seminar organised by the European Commission on 12 October 2009 and several of the interviewed board members See Annex 1 on methodology. shared the view that lack of expertise of non-executive board members prevented them from carrying out checks on the plausibility of information presented to them and explained in part the over reliance on ratings For example, during the seminar of 12 October 2009, one of the panellists stressed that there was a general lack of risk appreciation due to the lack of experience and understanding of board members. One of the interviewees of the case study firmly stated that "there are not enough people with expertise in banks" and that "the industry is leaking talent because many managers leave the industry early and do not become non-executives". Another interviewee recognised that "it is difficult for supervisory board members without a background in banking to understand the range of different complex products offered by the financial institution". See also Lord Myners citing as example the advertisement of Citibank seeking to recruit non-executives which stated that "some financial expertise would be helpful" as demonstration that some banks were not focusing on the need to recruit non-executives with specific technical expertise and experience in the banking sector, House of Commons Treasury Committee (2009). . In addition, nomination process of non-executives often did not sufficiently assess their capacity to carry out non-executive functions, including the ability to challenge the management One of the panellists, for instance, stressed during the seminar of 12 October 2009 that "the main problem with actual functioning of financial institutions is that boards are not challenging enough vis-à-vis the management". . In this context, the legal systems with mandatory co-determination present specific challenges vis-à-vis the expertise and independent behaviour of board members in financial institutions For instance in one of the financial institutions subject to the case study, only 2 out of 20 supervisory board members have banking expertise. During the interview with another financial institution, the CFO stressed that " mandatory employee representation on board makes it difficult for shareholderrepresentatives to criticise management during the meetings in front of employees". . [22][23][24][25] See Annex 1 on methodology. For example, during the seminar of 12 October 2009, one of the panellists stressed that there was a general lack of risk appreciation due to the lack of experience and understanding of board members. One of the interviewees of the case study firmly stated that "there are not enough people with expertise in banks" and that "the industry is leaking talent because many managers leave the industry early and do not become non-executives". Another interviewee recognised that "it is difficult for supervisory board members without a background in banking to understand the range of different complex products offered by the financial institution". See also Lord Myners citing as example the advertisement of Citibank seeking to recruit non-executives which stated that "some financial expertise would be helpful" as demonstration that some banks were not focusing on the need to recruit non-executives with specific technical expertise and experience in the banking sector, House of Commons Treasury Committee (2009). One of the panellists, for instance, stressed during the seminar of 12 October 2009 that "the main problem with actual functioning of financial institutions is that boards are not challenging enough vis-à-vis the management". For instance in one of the financial institutions subject to the case study, only 2 out of 20 supervisory board members have banking expertise. During the interview with another financial institution, the CFO stressed that " mandatory employee representation on board makes it difficult for shareholderrepresentatives to criticise management during the meetings in front of employees". 2.1.2. Board composition Diversity on boards, especially of non-executive board members is one of key issues of corporate governance, including in the financial services sector. Arguments in favour of diversity remain valid even in the light of arguments favouring greater expertise of boards of financial institutions. Empirical evidence highlights the benefits of diversity for corporate governance both in terms of efficiency and better monitoring See Mateos de Cabo, R., Gimeno, R., Nieto, M.J., Gender Diversity on European Banks' Board of Directors: Traces of Discrimination, July 2009; Hagendorff, J. and Keasey, K., Value of Board Diversity in Banking: Evidence from the Market for Corporate Control, December 2008; Higgs, D., Review of the role and effectiveness of non-executive directors , January 2003. . D iversity, not just of gender but also of race and social background, and the presence of employee representatives, broadens the debate within the boards and helps, as some say "to avoid the danger of narrow “group think”" See, for instance, Financial Times Editorial, 19 November 2009. , to which boards drawn from a narrow social range are prone However, this diversity should not be at the expense of loss of expertise by the board as a whole. . Generally, the selection of candidates for non-executive positions in financial institutions seems to have drawn on a too narrow pool of people See House of Commons Treasury Committee (2009); Walker, D., (2009). . This meant a lack of diversity in the composition of boards with regard to cultural, educational professional and legal background and also with regard to age and gender For instance, the 2009 Female FTSE report from Cranfield School of Management, that details the number of women directors in the top 100 FTSE companies, reveals that within the five banks among the FTSE 100 companies, just 9% of board members are female. . As a consequence, there was a lack of diversity of views within boards which may in some cases have contributed to the failure of non-executive board members to effectively challenge management decisions. [26][27][28][29][30] See Mateos de Cabo, R., Gimeno, R., Nieto, M.J., Gender Diversity on European Banks' Board of Directors: Traces of Discrimination, July 2009; Hagendorff, J. and Keasey, K., Value of Board Diversity in Banking: Evidence from the Market for Corporate Control, December 2008; Higgs, D., Review of the role and effectiveness of non-executive directors , January 2003. See, for instance, Financial Times Editorial, 19 November 2009. However, this diversity should not be at the expense of loss of expertise by the board as a whole. See House of Commons Treasury Committee (2009); Walker, D., (2009). For instance, the 2009 Female FTSE report from Cranfield School of Management, that details the number of women directors in the top 100 FTSE companies, reveals that within the five banks among the FTSE 100 companies, just 9% of board members are female. 2.1.3. Performance of the Board One of the issues that have arisen during the financial crisis was the complexity of financial institutions and the challenge that this poses for boards to discharge their duties. Organisational complexity has particular implications for the oversight by non-executive board members of senior management and for the structure and operation of the board and its resources See OECD (June 2009); CEBS, Report on a case study analysis of how European banks have implemented CEBS Guidelines on Internal Governance , 12 January 2010; IIF (December 2009). . In particular, in many cases information was not communicated to the board by the management in a timely, clear and understandable way During the conference, one of the panellists stressed that "questioning the quality of the management using available information is an important thing; however, challenging the accuracy and the depth of information received by the board is equally important and represents a real issue revealed by the current crisis". In the interviews one company secretary mentioned that board evaluations revealed the following issues: documents for the meeting of the supervisory board were not received sufficiently in advance to prepare the meetings; there were too many charts, not enough time for discussion during the meeting, and high time pressure for ad hoc announcements which made it difficult to examine documents in depth. In response, company secretary made a proposal for standards of communication for different types of documents to the supervisory board. .[31][32] See OECD (June 2009); CEBS, Report on a case study analysis of how European banks have implemented CEBS Guidelines on Internal Governance , 12 January 2010; IIF (December 2009). During the conference, one of the panellists stressed that "questioning the quality of the management using available information is an important thing; however, challenging the accuracy and the depth of information received by the board is equally important and represents a real issue revealed by the current crisis". In the interviews one company secretary mentioned that board evaluations revealed the following issues: documents for the meeting of the supervisory board were not received sufficiently in advance to prepare the meetings; there were too many charts, not enough time for discussion during the meeting, and high time pressure for ad hoc announcements which made it difficult to examine documents in depth. In response, company secretary made a proposal for standards of communication for different types of documents to the supervisory board. In general, financial institutions seem to have attached little, if any, importance to a proper evaluation of board performance. Several studies reveal that the majority of banks did not use external and independent facilitators for the assessment of their performance. 2.1.4. Risk oversight by the Board One of the most profound failures during the financial crisis was the widespread failure of risk governance. Executive and non-executive board members were unwilling or unable to adhere to a level of risk sustainable by the financial institution. Often the board failed adequately to identify and constrain excessive risk-taking. In particular, in a number of cases boards of financial institutions did not understand the characteristics of the new, highly complex financial products with which they were dealing. Nor were they aware of the aggregate exposure of their firms, seriously underestimating the risks of their operations. This seems to have been due part to the inadequate nature of board involvement in approving and overseeing the risk strategy (risk appetite) and risk management structure. Often, there were no clear lines of responsibility with regard to risk identification and management and lack of direct lines of reporting of the risk management function to the board See, for instance, Kirkpatrick, G. (2009); OECD (June 2009). . For instance, the Senior Supervisors Group (SSG) The Senior Supervisors Group gathers representatives from the French Banking Commission, the German Federal Financial Supervisory Authority; the Swiss Financial Market Supervisory Authority, the U.K. Financial Services Authority, the Canadian Office of the Superintendent of Financial Institutions, the Japanese Financial Services Agency, and, in the United States, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Federal Reserve Bank of New York, and the Board of Governors of the Federal Reserve System. found that "in some cases, hierarchical structures tended to serve as filters when information was sent up the management chain, leading to delays or distortion in sharing important data with senior management" See Senior Supervisors Group (SSG), Risk on Management Lessons From the Global Banking Crisis of 2008 , 21 October 2009. .[33][34][35] See, for instance, Kirkpatrick, G. (2009); OECD (June 2009). The Senior Supervisors Group gathers representatives from the French Banking Commission, the German Federal Financial Supervisory Authority; the Swiss Financial Market Supervisory Authority, the U.K. Financial Services Authority, the Canadian Office of the Superintendent of Financial Institutions, the Japanese Financial Services Agency, and, in the United States, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Federal Reserve Bank of New York, and the Board of Governors of the Federal Reserve System. See Senior Supervisors Group (SSG), Risk on Management Lessons From the Global Banking Crisis of 2008 , 21 October 2009. There seems also to have been a general lack of appropriate presentation of information on risks to the board. Firms rarely compile for their boards relevant measures of risk, a view of how risk levels compare with limits, the level of capital that the firm would need to maintain after sustaining a loss and the actions that management could take to restore capital after sustaining a loss. 2.1.5. Remuneration Effective governance is a prerequisite condition for putting into place sound remuneration policy. However, the current economic and financial crisis has exposed significant (corporate) governance deficiencies of remuneration policies' decision-making in financial institutions. Several existing reports highlight that there has been in many cases a severe mismatch between remuneration policy, risk management and internal control systems and that, in the case of banks, the Basel guidance on remuneration policy See the Principle 6 of BCBS guidance Enhancing corporate governance for banking institutions. was not applied in practice Furthermore, in some cases, banks which have received significant amount of state aid continued to pay bonuses to management and other employees. . Boards did not play there role in ensuring that remuneration policies promoted the long-term performance of financial institutions and were consistent with sound and effective risk management. [36][37] See the Principle 6 of BCBS guidance Enhancing corporate governance for banking institutions. Furthermore, in some cases, banks which have received significant amount of state aid continued to pay bonuses to management and other employees. 2.1.6 Dialogue with supervisors The financial crisis revealed weaknesses in the understanding by supervisors regarding the state of both individual financial institutions and systemic interconnections See De Larosière report (2009); see also for central banks, Bank for International Settlements, Issues in the Governance of Central Banks , A report from the Central Bank Governance Group, May 2009. Also, interviewed financial institutions were in general very critical about the quality of supervision; however it seems to result form the interviews that central banks are less criticised than other independent prudential supervisors. . Also, executive and non-executive board members did not sufficiently take into account systemic dimension of risk in order to determine their risk exposure. [38] See De Larosière report (2009); see also for central banks, Bank for International Settlements, Issues in the Governance of Central Banks , A report from the Central Bank Governance Group, May 2009. Also, interviewed financial institutions were in general very critical about the quality of supervision; however it seems to result form the interviews that central banks are less criticised than other independent prudential supervisors. In addition, in many cases there was a lack of sufficient dialogue between boards and supervisors regarding corporate governance issues. This could be one of the factors which prevented financial institutions from the timely identification of weaknesses in their corporate governance practices and their remedy. 2.2. Examples of best practices Boards are currently changing their practices and are in process of rethinking their modes of operation. However, they continue to be captured by their own histories, and management or individual board members are seldom changed by being voted out of office by shareholders See OECD (November 2009). . Nevertheless, there is some positive experience of financial institutions that have withstood the crisis. Also, several (international) reports have identified specific remedies to address issues such as lack of expertise and time commitment of board members, risk oversight by the boards and board duties For instance, Basel Committee on Banking Supervision, Consultative document on Principles for enhancing corporate governance , March 2010; OECD, Corporate Governance and the Financial Crisis: Conclusions an emerging good practices to enhance implementation of the Principles , 24 February 2010; Walker, D. (November 2009). . [39][40] See OECD (November 2009). For instance, Basel Committee on Banking Supervision, Consultative document on Principles for enhancing corporate governance , March 2010; OECD, Corporate Governance and the Financial Crisis: Conclusions an emerging good practices to enhance implementation of the Principles , 24 February 2010; Walker, D. (November 2009). The extent to which a specific best practice outlined below could be relevant for a particular financial institution may vary according to the size of the financial institution, the nature and the complexity of its activities. 2.2.1. Time commitment of the Board It has been argued that greater time commitment of non-executive board members could be promoted by limiting the number of mandates or by specifying a minimum number of days per year they should devote to their functions in their letter of appointment. In any case, board members should effectively spend sufficient time to perform their tasks. It has been suggested that the Chairman could play a role in ensuring adequate attendance of board meetings as well as sufficient involvement of board members in the discussions. Example In one of the interviewed financial institutions See Annex 1 on methodology. , p ursuant to the rules and regulations of the board, the remuneration committee regularly reviews the directors’ other professional obligations in order to assess whether those duties might interfere with the dedication required of them for the effective performance of their work.[41] See Annex 1 on methodology. 2.2.2. Expertise and independence Research conducted reveals that all or a proportion of non-executive board members should have sufficient financial expertise. In this connection, it has been argued that boards (or the Chairman, if appropriate) should develop specific policies for the identification of the best skill composition of the board, indicating the professional qualities which may favour an effective and competent board. However, the search for expertise should not prejudice the independence and objectivity of the boards. Example In one of the interviewed financial institutions, the skills and experience of non-executive directors are kept continually under review and a questionnaire is regularly sent to the board members to assess their skills and to see in which areas the board is missing expertise. In order to ensure that boards have appropriate skills in the context of continuously evolving financial innovation, it has been suggested that non-executive board members should receive appropriate regular tailor-made training, taking into account committee memberships. Especially, an example of best practice is that at least one member of the risk committee should have expertise in risk. It has further been suggested that the training and personal development should be reviewed annually with the Chairman. Example One of the interviewed financial institutions held nine training sessions in 2008 with an average attendance of eleven directors. Each session lasted on average one hour and thirty minutes. The topics covered in more depth were the hedge fund industry both from the perspective of control and risk management and their influence on the banking industry, the new Basel II international capital framework, and in particular, the concept of economic capital, the market valuation of financial institutions and interest rate risk management processes. The Chairman plays a crucial role in the proper functioning of the board and in ensuring board effectiveness. It appears to be best practice that he or she should provide leadership to the board and should ensure that board decisions are taken on a well-informed basis. Consequently, the Chairman should combine financial expertise and experience with leadership skills Participants and speakers to the seminar on 12 October 2009 were of the opinion that Chairman's role is essential to ensure that the right behaviour is in place within the board. Finding the right balance between constructive leadership of the Chairman and too much authority was considered as an issue. .[42] Participants and speakers to the seminar on 12 October 2009 were of the opinion that Chairman's role is essential to ensure that the right behaviour is in place within the board. Finding the right balance between constructive leadership of the Chairman and too much authority was considered as an issue. In order to strengthen the objectivity of the board and its independence from management, it has been argued that functions of CEO and Chairman should be separated. Therefore, a CEO should not become Chairman immediately after retirement. 2.2.3. Composition of the Board When seeking new members, it appears to be best practice to make efforts to ensure a diversified representation on boards. Occupational diversity, when board members come from different types of functional backgrounds, may be considered to give boards access to a wider pool of resources. Boards whose members are different in terms of the time they have served on a board may be perceived to combine the wealth of experiences and expertise accumulated by longer tenured members with the ‘fresh perspective’ that the more recently-appointed members bring to the board. Increasing the number of female appointments may lead to a more balanced board. Resulting from the experiences and knowledge that different age groups bring to the board, increasing levels of age diversity may improve the overall level of knowledge on the board See Jens Hagendorff and Kevin Keasey Leeds (December 2008). .[43] See Jens Hagendorff and Kevin Keasey Leeds (December 2008). Example One of the interviewed financial institutions stated specifically that a key aspect of its corporate governance that enabled it to withstand the crisis was a good mix in the board composition with regard to skills, experience, background and gender. 2.2.4. Functioning of the Board It has been argued that the structure, compositions and working procedures of the boards must take into account and accommodate the complexity of the financial institution. Further, boards should be in a position to know, understand and guide the overall corporate structure of the financial institution and its evolution. Given that a non-executive board member can devote only a limited time to exercise its responsibilities and taking into account the growing complexity of financial institutions' activity, it has been suggested that non-executive board members should be able to resort if needed to external expertise and be provided with adequate budget for this purpose. Example In one of the interviewed financial institutions, the rules and regulations of the board expressly provide that a board member may request the board to contract the services of an external expert to assist with specific problems or issues of a special nature or particular complexity. This request may only be dismissed by the board with good reason. Another financial institution spoke of its decision to have an independent risk consultant for Risk Committee due to the complexity of a particular issue on which a decision was required. In order to improve the board's effectiveness, an example of best practice is that the Chairman does all in his/her power to facilitate the work of the board and ensure genuine debate and good cooperation between executive and non-executive members of the board. It has further been argued that the board should have a formal written conflicts of interest policy Directives 2004/39/EC (MiFID) and 2006/73/EC (Implementing MiFID) already require investment firms and credit institutions providing investment services and activities to establish, implement and maintain an effective conflicts of interest policy which cover all relevant persons in the firm, including directors. However, these Directives are of recent application and it will be crucial to examine how they have been applied in practice and if their requirements are sufficient. setting out principles and procedures aiming to avoid, disclose and deal properly with conflicts of interest in order to preserve board objectivity and integrity. In this connection, the conflict of interest policy should be disclosed in the annual report. [44] Directives 2004/39/EC (MiFID) and 2006/73/EC (Implementing MiFID) already require investment firms and credit institutions providing investment services and activities to establish, implement and maintain an effective conflicts of interest policy which cover all relevant persons in the firm, including directors. However, these Directives are of recent application and it will be crucial to examine how they have been applied in practice and if their requirements are sufficient. 2.2.5. Evaluation of the Board's performance It has been suggested that the board should undertake a formal and rigorous evaluation of its annual performance focussing notably on its overall functioning and balance During the seminar of 12 October 2009, several panellists emphasised that external independent assessment on a multi-year basis (each 3-4 years) based on in-depth interviews of board members and the management should replace self-evaluation based on a questionnaire. . [45] During the seminar of 12 October 2009, several panellists emphasised that external independent assessment on a multi-year basis (each 3-4 years) based on in-depth interviews of board members and the management should replace self-evaluation based on a questionnaire. In this connection, it has been argued that the use of an external facilitator on a regular basis (e.g. every third year) should " improve board evaluation by bringing an objective perspective and sharing best practices from other financial institutions " OECD (March 2010), p. 20. . It has been argued that board evaluation should at a minimum cover the board's performance against pre-set objectives, its contribution to the testing and development of strategy and to the establishment and maintenance of consistent organisational and operational arrangements and internal control mechanisms, its contribution to risk strategy and risk management, the board's response to crises, composition of the board and its committees, whether matters reserved to the board are the right ones, communication with management and shareholders, the effectiveness of board committees. It should also cover the quality and timeliness of information received by the board, response of management to requests for clarification and the role of the Chairman. See Higgs, D. (January2003). [46][47] OECD (March 2010), p. 20. See Higgs, D. (January2003). Example In one of the interviewed financial institutions, evaluation is conducted by an external contractor on the basis of a questionnaire. The results are then discussed in depth with individual board members. On that basis, the consultant draws up specific recommendations to improve the performance of the board. The Chairman then examines these recommendations with the board with a view of their implementation. Further, parties contacted suggest that the results of the evaluation should be part of the annual report and/or be disclosed to supervisors and shareholders. The evaluation statement should show that there is an ongoing process of search of relevant skills to tackle the challenges, risks in front of the board. It should also show the nature of the dialogue between the Chairman and shareholders. Such an approach would help improve the capacity of the board and its members to review critically its modus operanda , effectiveness and efficiency. 2.2.6. Duties of the Board An example of best practice is that the board has overall responsibility for the financial institution, including providing oversight over executive management, approving the strategic objectives and overseeing their implementation through consistent organisational and operational measures, approval of risk strategy, corporate governance and corporate values. In this connection, it has been suggested that it would be useful to define clearly the respective responsibilities of the board members which could be then reviewed by shareholders and/or supervisors. Moreover, it has been suggested that boards could develop terms of reference for key positions, including the Chairman, and their roles. Example In one of the interviewed financial institutions, duties of the board are described in terms of reference of the board and in letters of appointment of individual directors. The terms of reference have been recently reviewed following recommendations of different national and international reports on corporate governance in financial institutions. It has been argued that boards should ensure that there are clear lines of responsibility and accountability throughout the organisation, including subsidiaries, affiliated entities and other contractual relations See Basel Committee on Banking Supervision (BCBS), Enhancing corporate governance for banking institutions , February 2006. . In this connection, the board should take a lead in establishing a "tone at the top" and setting corporate values, professional standards or codes of conduct and ensure that they are effectively communicated throughout the financial institution.[48] See Basel Committee on Banking Supervision (BCBS), Enhancing corporate governance for banking institutions , February 2006. Parties contacted consider that the board should regularly review the complexity of the structure of the financial institution including the activities of the different parts of it, and design policies for the establishment of new structures. They should also review the main features and inherent risks of new products. It has further been argued that executive and non-executive directors should have a general duty of assurance Nestor Advisors (May 2009). and act in the best interests of the financial institution. However, as evidenced by the recent financial crisis, t he duty of loyalty to the financial institution alone might not be enough to focus the boards of financial institutions on the protection of the interests of their depositors and those of the tax payer. As a way of addressing this problem, it has been suggested that executive and non-executive directors should take into account the interests of depositors and other stakeholders by, for instance, creating a specific fiduciary duty towards depositors and public or by incorporating these interests into the corporate objective of the financial institution by mandatory law See Peter O. Mülbert, Corporate Governance of Banks, European Business Organisation Law Review, 12 August 2008 , p. 434. It should be noted that with regard to the provision of investment services and activities, the existing EU regulatory framework already provides for a general obligation for firms to act honestly, fairly and professionally in accordance with the best interest of their clients (Article 19 of Directive 2004/39/EC). .[49][50] Nestor Advisors (May 2009). See Peter O. Mülbert, Corporate Governance of Banks, European Business Organisation Law Review, 12 August 2008 , p. 434. It should be noted that with regard to the provision of investment services and activities, the existing EU regulatory framework already provides for a general obligation for firms to act honestly, fairly and professionally in accordance with the best interest of their clients (Article 19 of Directive 2004/39/EC). An enhanced duty of this kind may also help ensure that executive and non-executive directors pursue a less risky business strategy and raise the quality of long term risk management leading, for instance, to new obligations as regards the profile and competence of bank directors and as regards a comprehensive and systematic oversight of risk management. However, it should be noted that these matters may be dealt with differently in the legal environment in individual Member States. Financial and criminal liability of executive and non-executive directors, both collectively and individually, is perceived to be an area of controversy. If too strong, it might discourage board members and make it difficult to find competent, talented and strong people for this position or merely be offset by insurance. However, even nominal liability, if efficiently enforced, might be a deterrent for non-compliant practices. Consequently, it has been argued that the board should be liable for failure to ensure that appropriate assurance mechanisms are in place and functioning effectively See, for example, Nestor Advisors (May 2009). and that effective enforcement mechanisms should be in place.[51] See, for example, Nestor Advisors (May 2009). 2.2.7. Risk oversight by Boards a) Role of the Board in risk oversight It has been argued that the board should approve the risk appetite IIF proposes the following definition of risk appetite: "the amount and type of risk that a company is able and willing to accept in pursuit of its business objectives", see IIF (December 2009). of the financial institution and oversee the alignment of the corporate strategy with the risk appetite. It should also approve the parameters of risk oversight. Both executive and non-executive board members should have important duties with this respect In two-tier boards executive and non-executive members should jointly establish the risk appetite: the executive directors should define it and the non-executive directors should approve it. Similarly, non-executive directors should approve the main parameters of risk oversight. . It has also been suggested that executive directors should facilitate the board exercising its responsibility to oversee the full risk exposure and deciding on risk appetite.[52][53] IIF proposes the following definition of risk appetite: "the amount and type of risk that a company is able and willing to accept in pursuit of its business objectives", see IIF (December 2009). In two-tier boards executive and non-executive members should jointly establish the risk appetite: the executive directors should define it and the non-executive directors should approve it. Similarly, non-executive directors should approve the main parameters of risk oversight. Further, an example of best practice is that boards assess the appropriateness of the risk governance systems in the financial institution with regard to the corporate strategy and the defined risk appetite. It has been suggested that the assessment should focus on the existence of clear reporting lines and accountability within the function, the existence of separate reporting line of the Chief Risk Officer (CRO) to the board, the sufficient authority granted to the function at different levels of the decision-making, the organisational gravitas and the culture of the function See Nestor Advisors (May 2009). .[54] See Nestor Advisors (May 2009). Example In one of the interviewed financial institutions, the CRO has a close relationship with the Risk Committee and meets with the Chairman of the Risk Committee once a month to discuss, inter alia , the functioning of risk management. As a result of these discussions, the status of the risk management function is currently being reviewed because it appeared in practice that on the operational level risk officers do not always have sufficient level of authority. An example of best practice is that boards ensure that, before agreeing any major change regarding the business model of the financial institution, all associated risks are properly identified, assessed and reported. It has been argued that the board should regularly review the complexity of the structure of the financial institution, including the different parts of it, and design policies for the establishment of new structures. It has further been suggested that boards should put in place the new product approval process and should scrutinise product development and new business activity irrespective of the size of the capital commitments entailed, in order to identify risks from a forward looking perspective and ensure that the risks involved are consistent with the risk appetite and strategy of the financial institution. Research conducted reveals that boards should be closely involved in the preparation and analysis of stress-testing programmes and assessment of the effectiveness of proposed mitigating actions, to ensure that there is full integration of stress testing into risk and capital decision-making processes. A Risk Statement See section 3 "Risk Management" of this staff working paper. , including the risk appetite determination, which is publicly disclosed, is considered by some as a useful tool to show the market "how rigorous and robust the risk management framework is" IIF (December 2009), p. 33. in the financial institution. Such statement allows the stakeholders to rely on the information provided to them on the available risk architecture that reconciles bottom-up business and risk management practices and output with target risk appetite and results See, for example, Global Association of Risk Professionals, "Risk Governance: let us start with the Board of Directors”, June 2009. . It also allows the public to see whether the board not only understands current business risks but assesses the changing marketplace, identifies new risks, monitors the business and is prepared to respond rapidly. [55][56][57] See section 3 "Risk Management" of this staff working paper. IIF (December 2009), p. 33. See, for example, Global Association of Risk Professionals, "Risk Governance: let us start with the Board of Directors”, June 2009. b) Risk Committee at Board level Conducted research reveals that, depending on the size of the financial institution and the size of the board, the nature of the business areas of the financial institution and its risk profile, a mandatory risk committee or a similar arrangement should be established at board level Most of the interviewed financial institutions as well as participants to the conference believed that a stand-alone risk committee brought an added value to the effective risk management. However, they also stressed that the need for specialised committees implies even greater expertise of board members. It also poses certain challenges as regards remuneration of those who are members of specialised committees. . It has been argued that the Risk committee should discuss and prepare any decision of the board on risk issues but the overall responsibility with regard to risk should remain with the board in its entirety During the conference, a number of participants emphasised that delegating too much authority to different committees within the board may dilute the responsibility of the board as a whole and may mean not all board members have an in depth understanding of key issues, including risk positions of the financial institution. In order to avoid any dilution of responsibility, key issues should still be approved by the whole board and information on risk has to be distilled comprehensively to all board members. .[58][59] Most of the interviewed financial institutions as well as participants to the conference believed that a stand-alone risk committee brought an added value to the effective risk management. However, they also stressed that the need for specialised committees implies even greater expertise of board members. It also poses certain challenges as regards remuneration of those who are members of specialised committees. During the conference, a number of participants emphasised that delegating too much authority to different committees within the board may dilute the responsibility of the board as a whole and may mean not all board members have an in depth understanding of key issues, including risk positions of the financial institution. In order to avoid any dilution of responsibility, key issues should still be approved by the whole board and information on risk has to be distilled comprehensively to all board members. It has been suggested that the Risk Committee should be composed of a majority of independent non-executive directors and at least one member of the Risk Committee should have sufficient expertise in risk matters. Moreover, the Chair of the Risk Committee should be an independent non-executive director. In order to improve accountability, it has been suggested that the Chairman of the Risk Committee should attend the general meeting. Also, to avoid creating gaps in responsibilities, the Chairman of the Audit Committee should sit on the Risk Committee and vice versa Most of the interviewed financial institutions with a separate risk committee have a practice of cross participation between audit and risk committees. . [60] Most of the interviewed financial institutions with a separate risk committee have a practice of cross participation between audit and risk committees. 2.2.8. Governance of remuneration policies An example of best practice is that boards of financial institutions take responsibility for establishing the remuneration policy for the whole financial institution and monitoring its implementation, as it is the boards that will ultimately determine and validate the strategy and risk profile of their financial institutions . It is perceived by some that where the board takes overall responsibility for the design and operation of remuneration policy backed by expertise of human resources and internal control functions, it is more likely that remuneration policies are consistent with effective risk management and non-biased by undue influence of business units. Furthermore, an example of best practice is that members of remuneration committees have relevant expertise and thus are capable of forming an independent judgement on the suitability of the remuneration policy, including the implications for risk and risk management. 2.2.9. Dialogue with supervisors Financial institutions are generally subject to supervisory oversight. While the nature of the oversight functions of boards and supervisors are quite different, the discharges of their respective responsibilities are complementary See Counterparty Risk Management Group III (CRMPG III), Containing Systemic Risk: the Road to Reform , August 2008. . In order to reinforce the effectiveness of these oversight responsibilities, it has been suggested that supervisors should meet at least annually with boards of financial institutions of systemic importance to share with them their views of the conditions of the institution, with regard to the macro-prudential and systemic context. Also, it has been suggested that boards should regularly communicate clear and understandable selected information to supervisors, in particular on risk strategy and material risks which have a systemic implication. Maintaining an effective relationship with supervisors should be the duty of the board.[61] See Counterparty Risk Management Group III (CRMPG III), Containing Systemic Risk: the Road to Reform , August 2008. Example In one of the interviewed financial institutions, the regular dialogue between the board and the supervisors is channelled through the audit and compliance committee, which is comprised only of non-executive directors . Among its duties, the audit and compliance c ommittee is responsible for reviewing compliance with m easures proposed by the supervisory authorities, as result from reports issued or inspection proceedings carried out by the administrative authorities. The audit and compliance c ommittee has access to the reports issued by supervisory authorities. In addition, the committee regularly receives follow-up reports on the most relevant matters, and verifies proper implementation of measures proposed by supervisory authorities . 3. Risk management 3.1. Background and key findings Financial institutions' effective risk management is crucial for the sustainable success of their operations. After all, profits are usually sourced from risk-taking activities. Risk management is therefore not about eliminating risk but rather about ensuring optimal risk-taking without endangering the viability of the financial institution. This is a delicate balance to strike and hence the tone in this respect should be set at the top. As demonstrated by the financial crisis, failure of risk management systems in financial institutions can have significant consequences not just for shareholders but also for depositors and for the economy at large, in particular of systemic financial institutions. The De Larosière Report De Larosière Report (2009), pp. 8 to 9. notes that there were fundamental failures in assessment of risk, both by financial firms and those who regulated and supervised them. These failures were due to misunderstandings about the interaction between credit and liquidity, weaknesses in model-based risk assessments, which led to an overestimation of the ability of financial firms as a whole to manage their risk and a corresponding underestimation of the capital they should hold. [62] De Larosière Report (2009), pp. 8 to 9. But there were also weaknesses in governance aspects of risk management See, for example, SSG (2009), the Turner Review (March 2009), p. 92. . Such weaknesses were due to inadequate oversight of risk and definition of risk appetite by boards (see section 2 above on boards). Moreover, the existing analysis shows that firms did not have comprehensive and systematic approach towards risk management, with appropriate internal checks and balances See, for example, Kirkpatrick, G. (2009). .[63][64] See, for example, SSG (2009), the Turner Review (March 2009), p. 92. See, for example, Kirkpatrick, G. (2009). 3.1.1. Lack of understanding of risk by the actors of the risk management chain The evidence gathered shows that in several of the financial institutions, as already set out above, there was a lack of understanding at the board level of the risk certain transactions implied, while the risk appetite was either not properly defined or not defined at all. There was no effective monitoring of whether the limits set by the risk strategy and the risk appetite were respected. Lack of independence or skills and experience of all the actors involved in the risk management chain may have prevented them from effectively identifying excessive risk-taking. Over-sophisticated risk evaluation models and complex financial reporting have exacerbated this problem. With hindsight, it appeared that the models used and related stress-tests were incomplete. Tail risks and their systemic effect were overlooked. Risk was often appraised on too short time horizons. What is worse is that in some instances, the Chief Executive Officer (CEO) sought to obscure understandable information about risk being provided to the board, investors and supervisors See the cases of UBS and RBS. . At the same time, there is no certainty that shareholders and potential investors, even if properly informed, will act or react in a proactive way. This potentially imposes on supervisors a heavy duty of vigilance.[65] See the cases of UBS and RBS. Further consideration could thus be given to how to ensure firms more fully consider the risks to their overall business model including 'tail risks' – low probability, high impact events that cause significant risk to the viability of the firm. For example, this could include ensuring risk management functions to have an adequate understanding of 'tail risks' the institution is facing. 3.1.2. Inappropriate standing of the risk management function In many cases, the risk function in financial institutions does not seem to have been given proper weight in decision-making. Moreover, the risk function as such has often not been respected and regarded at the same level as the operational/trade function. The highest representative, generally the Chief Risk Officer (CRO), in the institutions where such position existed, was not always in a position to speak up or raise concerns due to hierarchical constraints For example, the CRO was placed under rather than at equal level to the CFO. . As a result, risk issues were often not given appropriate consideration in major management decisions. Furthermore, there seem to have been a lack of existing structures at board level, with which the CRO was able to interact and to ensure that the forward-looking aspects, as well as the backward-looking aspects of risk were appropriately considered. [66] For example, the CRO was placed under rather than at equal level to the CFO. Example In the case of one interviewed financial institution, the CRO was an Executive Director (of equal rank to the CFO) and thus member of the Executive Committee. This has enabled the CRO to raise any important issue related to risk at the level of CEO and the board. Consequently, risk issues have been given adequate consideration. Conversely, in another case, the CRO was neither part of the board nor of Executive Committee. Although, this seems not have been the cause of any failure in terms of risk taking, it has been recognised by the Chairman as a major risk undermining the independence of the CRO. According to the Chairman, this is about to be reviewed with the objective to make the CRO completely independent from the CFO, while reporting directly to the CEO and the board, and becoming member of the Executive Committee. 3.1.3. Lack of timely information on risks Reporting on risks has not been in all situations timely, comprehensive and understandable for decision-making or control bodies, limiting thereby the capacity of reaction of executive management and/or the board. Staff of the risk function has not always been directly involved into the day-to-day monitoring of risk exposures together with operational staff. Moreover, in many financial institutions the risk management system failed in following the pace of sophistication and growth in the financial industry. As a result, financial institutions were not in a position to integrate and act on deviations to the risk profile defined by the board. Example In the case of one interviewed financial institution, the supervisory board declared that it realised only with a long time lag the real level of aggregated exposures due to the lack of a comprehensive reporting system. This resulted in a situation when some exposures remained hidden for sometime, while the board relied only on the distorted information coming from the CEO. In another case, the financial institution has taken the decision to enter a new line of business in the USA (notably including subprime products) which was not consistent with its traditional profile, focusing on public financing in Europe. Taking into consideration the specifics of this type of financial product and geographical exposure, the financial institution did not dispose of the necessary resources to assess and understand properly the risks involved. The end result was significant losses for the financial institution. 3.1.4. Lack of appropriate expertise by risk management function Proper and timely risk assessment/ monitoring has not always been possible in some financial institutions due to failure to master the complexity of risk issues. Many financial institutions failed to understand the actual level of risk associated with new products, major changes in existing ones or any major business decision with a significant impact on their overall risk exposure. This seems some times to have resulted from insufficient expertise of the risk management staff. It has been also difficult to recruit talented people for these positions since the risk function often did not have a clear carrier prospective within the organisation and was underpaid compared to operational staff. Finally, not enough focus has been given to risk matters throughout the organisation. 3.1.5. Inadequate remuneration policy Inadequate remuneration schemes with a disproportionately large variable part based on short-term bonuses seem to have contributed significantly to excessive short-term risk taking by financial institutions. Furthermore, the absence of any "malus" or "clawback" as well as the lack of risk adjustment of annual bonuses have exacerbated the situation since recipients could cash part of profits they generated without bearing the consequences of any losses in case of materialisation of the risk. These problems in the financial services sector are not only limited to directors´ and managers´ pay, but also extend to remuneration schemes at other levels in the financial institution, notably for those persons whose work involves risk-taking (e.g. traders) and whose remuneration for a variable part is a function of performance, measured only against financial indicators. 3.2. Examples of best practices Conducted research reveals that a sound risk cultureneeds to be embedded in each organisational part or each process of the corporate structure of financial institutions For recommendations in this field see for instance: Basel Committee on Banking Supervision (March 2010); OECD (February 2010); Walker, D. (November 2009). . It appears that the risk management and internal controls systems should be both effective and exhaustive in their coverage of risk, and able to adequately cater for the structural complexity of the financial institutions at stake. At the same time, it must be recognised that in applying these principles, financial institutions would probably need flexibility to shape their risk management and internal control systems in line with the specific requirements of their business. Furthermore, it has been argued that dynamic and evolutionary nature of risk management must be taken into account and processes and procedures must serve as a tool to assist risk measurement not become an end in themselves. [67] For recommendations in this field see for instance: Basel Committee on Banking Supervision (March 2010); OECD (February 2010); Walker, D. (November 2009). 3.2.1. Definition, validation and disclosure of the risk appetite / profile / the parameters of the risk management system through a Risk Statemen t A Risk Statement, which sets out the risk appetite together with the parameters of the risk management system, as defined by the management and which is endorsed by the board is often perceived as a useful tool, to assist in ensuring that risk issues are adequately considered in financial institutions. It has been argued that such Risk Statement should be included in the annual report (see also risk oversight section of the chapter on boards). In this connection, the Risk Statement should define the risk appetite of the firm as reflected in the type of financial services/ products provided by the financial institution together with its geographical exposure. In addition, the Risk Statement should provide an overview of the existing risk management governance system in the financial institution and how this corresponds to the typology of risks to be managed and the structures and procedures established to manage them. Further, it has been argued that the Risk Statement should provide benchmarks (respective levels of permissible aggregate exposures) for the implementation and monitoring of the risk by the management/board. It should also state the effective aggregated amounts of exposure for the different financial products and regions (including off-balance sheet exposures), in order to demonstrate that the established risk appetite has been respected by the financial institution. Any deviations and/or planned amendments of these benchmarks should also be presented and explained. Moreover, it has been suggested that the definition of a standardised minimum content/format of such a risk statement could facilitate its take-up Regarding risk exposure, IASB is currently working on the "Management Commentary" which is an element of communication from companies to capital markets adding information to the financial statements. IASB issued draft guidance in June 2009 which should help financial statements users to understand "the entity's risk exposures, its strategies for managing risks and the effectiveness of those strategies". The comments received should be processed mid-2010. . [68] Regarding risk exposure, IASB is currently working on the "Management Commentary" which is an element of communication from companies to capital markets adding information to the financial statements. IASB issued draft guidance in June 2009 which should help financial statements users to understand "the entity's risk exposures, its strategies for managing risks and the effectiveness of those strategies". The comments received should be processed mid-2010. 3.2.2. Independence and authority of the Chief Risk Officer (CRO) position Research conducted reveals that the CRO position (or equivalent) should be set up at a sufficiently high level (preferably at the level of executive director) in the sense that the CRO should be at par with the CFO in terms of institutional gravitas (i.e. at board level if the CFO is a board member) and not depend on his/her instructions See, for example, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, July 2008, pp. 36-38. . This approach is based on the assumption that it would ensure that risk considerations can be raised at the level of the executive management and duly taken into account in management decisions. Therefore, the CRO should be a member of the management committees within the financial institution whose decisions might have an impact on risk and its effective management in the firm. Thus, the CRO should be able to monitor and express his/her view on any issue having an impact on individual or global risk exposures See also SSG (2009). .[69][70] See, for example, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, July 2008, pp. 36-38. See also SSG (2009). Further, persons contacted consider that direct formal as well as informal/ day-to-day working level contacts should be established between board members (Risk Committee), the CRO and key staff from risk function See also CRMPG III (August 2008). . It has also been argued that the format, type of information and timing of submission of the risk monitoring reports should be defined by the board. Moreover, the CRO should attend all meetings of the RC.[71] See also CRMPG III (August 2008). 3.2.3. An effective and efficient risk management and risk reporting system A strong internal capacity for risk assessment within financial institutions is generally considered to be of great importance. This capacity is often seen to enable financial institutions to evaluate risk in financial products independently so that they would not need to rely solely on external evaluation of risks. In this sense, it has been argued that executive management and board should not launch new financial products, approve significant modifications of existing ones or enter into new markets or lines of business, whose risk can not be adequately assessed by internal risk capabilities See, for example, IIF (July 2008), pp. 41-42. .[72] See, for example, IIF (July 2008), pp. 41-42. It is generally perceived that the monitoring of risk exposures vis-à-vis the established risk appetite/ profile would be facilitated through risk assessments produced by the risk function aiming at a clear and balanced view of all aggregated risk exposures (on- and off- balance sheet as well as at group-level, portfolio and business line level). In this connection, it has been argued that these assessments should be monitored by the Risk Committee and cross checked with feed-back from supervisors and any other sources of information/ expert opinion (statutory auditors, credit rating agencies, etc.). In this respect, operational committee procedures and the role of risk managers in the daily business should be strengthened, while risk managers should have direct access to business lines and operational staff. The participation of the risk managers in the respective operational committees is perceived to ensure their direct involvement in decision-making transactions. Further, risk managers should have the right to intervene and block at their level any strategic decision related to risk they disagree with. Since this is an ex-ante procedure, it should not be applied to transactions but only to more strategic decisions (ex. engaging into new market or new financial products). It has also been argued that, in case of disagreement through an "escalating procedure" the decision should be taken at a higher level, while final arbitrage decision should be taken at the level of CEO Ibid, pp. 34-38. . [73] Ibid, pp. 34-38. It has been suggested that direct reporting lines from risk managers to senior risk officers and the Chief Risk Officer should be established, while risk management staff could retain a secondary reporting obligation to business line executives to ensure consistency of reporting flows See also SSG (2009). . [74] See also SSG (2009). Examples In the case of one interviewed financial institution, the risk function is independent but at the same time directly connected to the operational part of the business. It embraces around 6000 people, while 2000 out of them are directly working with the business lines. The operational business line is considered as ultimately responsible but the risk function has always a say on any transaction. In case of disagreement with the operational line through the so called escalation procedure the final arbitrage decision is taken at the level of CEO. One of the main strengths of the risk management system of another financial institution is the focus on good cooperation between operational revenue-generating lines and risk management function in the overall monitoring of risk. It is ensured by a set of executive committees, which cover the different types of risk as well as operational issues. In these committees there are representatives of both operational and risk management functions. Conducted research reveals that the risk management system should be backed by an IT system, which provides real time information on all aggregated risk exposures (including off-balance exposures) against in-built benchmarks and exposure limits. This system should also ensure that there is real time information on profits and loss linked to transactions. In this connection, the financial institution should use forward looking stress tests and scenario analysis to better understand potential risk exposures. In addition to these forward looking tools, it has been argued that banks should also regularly review actual performance ex post relative to risk estimates (i.e. back-testing) to assist in gauging the accuracy and effectiveness of the risk management process . See also IIF (July 2008), p.40. [75] See also IIF (July 2008), p.40. Parties contacted also consider that, the CRO together with the Risk Committee/ board and executive management should establish appropriate practices and procedure to regularly review the effectiveness and efficiency of the risk management system in line with the evolution of best practices and technological development in the financial industry. 3.2.4. Allocation of resources for building up of adequate risk management culture It has been argued that adequate resources should be allocated to the establishment of a sound risk culture, based on performance benchmarks, promoting sustainable creation of value for the financial institution. This starts with a proper understanding of risk identification/ evaluation at the top. As mentioned in the section above, further down the institution this would imply that sufficient resources should be allocated to recruiting and training staff of the risk function. Further, it has been argued that the board should ensure that risk function remuneration policy rewards staff at a sufficiently high level. It has been suggested that exchange of staff between operational and risk functions would have a positive effect on mutual understanding. 3.2.5. Appropriate remuneration policy schemes across financial institutions to motivate staff and management to focus on sustainable value creation rather than short-term risk taking Following the financial crisis, several countries and institutions have concluded that financial undertakings should establish, implement and maintain a remuneration policy which is consistent with and promotes sound and effective risk management and which does not induce excessive risk taking. They have also concluded that remuneration policy should be in line with the business strategy, objectives, values and long-term interests of the financial undertaking, such as sustainable growth prospects, and consistent with the principles relating to the protection of clients and investors in the course of services provided. Where remuneration includes a variable component or a bonus, it has been concluded that remuneration policy should be structured with an appropriate balance of fixed and variable remuneration components. The Commission has already sought to address these issues in the Commission Recommendation on remuneration policies in the financial services sector Commission Recommendation 2009/384/EC. and the Commission Recommendation as regards the regime for the remuneration of directors of listed companies Commission Recommendation 2009/385/EC. . Research conducted reveals that the above considerations with regard to the risk management function and the Chief Risk Officer to a very large extent equally apply to the internal control/audit function and the Internal Auditor, notably concerning independence, resources, remuneration structure, the existence of escalation procedure and access, in this case, to the Audit committee.[76][77] Commission Recommendation 2009/384/EC. Commission Recommendation 2009/385/EC. 4. Shareholders 4.1. Background and key findings Shareholders do not seem to have fulfilled their role of "responsible owners", which entails actively monitoring companies and using shareholder rights to ensure long-term viability of companies and improve their corporate governance and strategy. More specifically, in many cases, they failed to identify weaknesses in boards and management and curb very aggressive growth strategies and did not prevent remuneration policies which included incentives for excessive risk taking and short term profitability OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). . Shareholders who did engage with companies often did so behind closed doors. [78] OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). Generally, shareholders accrue all the gains from risk-taking, but their losses are capped by the amount of equity they hold, which incentivises them to take risk. In the context of the current crisis, they seem to have at least acquiesced to high leverage in banks, while some banks even report about pressure from shareholders to increase short-term profitability See also FT article "Don't blame shareholders for the crisis" by Anthony Bolton, president, investment at Fidelity International: "…If we are to blame for anything, it is for pushing bank boards to pursue aggressive growth strategies." . [79] See also FT article "Don't blame shareholders for the crisis" by Anthony Bolton, president, investment at Fidelity International: "…If we are to blame for anything, it is for pushing bank boards to pursue aggressive growth strategies." Institutional shareholders For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. , which form the largest portion of financial institutions' shareholders, seem to have contributed to excesses, rather than curbing them. There is some evidence that banks with more institutional ownership took more risk before the crisis and experienced larger losses Erkens, D., Hung, M., Matos P., Corporate Governance in the 2007-2008 Financial Crisis: Evidence from Financial Institutions Worldwide , November 2009 . Furthermore, passive, short-term oriented investment strategies create "ownerless companies" where too much power is concentrated in the hands of the management or/and certain shareholders with larger stakes and the management is not being held accountable for what they do. [80][81] For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. Erkens, D., Hung, M., Matos P., Corporate Governance in the 2007-2008 Financial Crisis: Evidence from Financial Institutions Worldwide , November 2009 The reasons behind insufficient shareholder engagement with investee companies seem to be the following: 4.1.1. Business model Many institutional investors' investment policy consists of a high level of portfolio diversification and frequent turning of portfolio with performance measured on a short-term basis against a peer group or benchmark index. Even institutional investors with long-term liabilities (such as pension funds) often follow short-term investment strategies. Such investors' assets are often managed by asset managers which are usually selected on the basis of relatively short-term results. Furthermore, the incentive arrangements of asset managers included in the asset manager's mandate are also often short-term oriented creating a mismatch between the interests of the investor and those of the asset manager. In this business model, the share in the company is considered as a pure investment and the shareholder is a highly passive "owner". Only very few of the biggest EU pension funds Only 28 of the 100 biggest European pension funds (including Switzerland and Norway) are signatories of the UN PRI. Regarding EU countries the distribution is the following: Sweden-6, Denmark-5, The Netherlands-4, UK- 4, Finland-3, Ireland-1, Belgium-1, France-1. (www.unpri.org) and asset management companies Out of the biggest 5 asset management companies per countries the following are signatories of the UN PRI: 3 in Austria, 2 in Denmark and Sweden, 1 in Finland, Ireland and Italy, 0 in the Czech Republic, Germany, Greece, Hungary, Poland, Portugal, Slovakia, Slovenia, Spain, UK. (www.unpri.org) are signatories of the UN Principles for Responsible Investment, membership of which implies some level of engagement. [82][83] Only 28 of the 100 biggest European pension funds (including Switzerland and Norway) are signatories of the UN PRI. Regarding EU countries the distribution is the following: Sweden-6, Denmark-5, The Netherlands-4, UK- 4, Finland-3, Ireland-1, Belgium-1, France-1. (www.unpri.org) Out of the biggest 5 asset management companies per countries the following are signatories of the UN PRI: 3 in Austria, 2 in Denmark and Sweden, 1 in Finland, Ireland and Italy, 0 in the Czech Republic, Germany, Greece, Hungary, Poland, Portugal, Slovakia, Slovenia, Spain, UK. (www.unpri.org) One report from the UK suggests that even fund managers with a responsible investment approach seem to value the time they spend with company directors for the investment information they get, rather than promoting better corporate governance FT article "Tackling ownerless corporations" by Pauline Skypala of November 8 2009, report of the University of Exeter Business School: Responsible investment in fund management: it works, but when? . [84] FT article "Tackling ownerless corporations" by Pauline Skypala of November 8 2009, report of the University of Exeter Business School: Responsible investment in fund management: it works, but when? 4.1.2. High costs, free rider problem Institutional shareholders have indicated that the costs of shareholder engagement, certainly in situations where the investor has only a small stake in the company, is too high, while engagement may not be successful or would benefit other investors. Moreover, they have indicated that it is complicated and costly to engage with a company outside their home market, due to lack of knowledge of the language and cultural differences. On the other hand, there are indications of a trend towards reduction of the average holdings per investor, which would make engagement more cost-effective. 4.1.3. Conflicts of interest Conflicts of interests within the financial sector seem to be one of the reasons for reluctance from investors to be active owners. There is some evidence that they occur less frequently with regard to an institutional investors´ holdings outside its home market. Conflicts of interests arise for example in financial groups where the asset management branch may not want to be seen to actively exercise its shareholder rights in a company for which its parent company provides services or in which it has a shareholding. In such cases the shareholder would be concerned to avoid negatively influence the commercial interests of the parent company. 4.1.4. Lack of appropriate information on risk Information made available to shareholders by financial institutions, particularly on risk, is considered to be too lengthy and complicated for shareholders to assess and understand. There is a need to make company information more "shareholder-friendly" See also Section 3 above. . [85] See also Section 3 above. 4.1.5. Inappropriate legal framework for shareholder cooperation Shareholders have indicated that uncertainty about the scope of national and EU acting in concert regulations prevents them from cooperating with other shareholders Shareholders have mentioned a number of problems associated with European acting in concert rules which can be summarised as legal uncertainty on the scope of the rules and include: - the existence of different definitions of acting in concert in the Transparency Directive, Takeover Bids Directive and (Level 3 guidance to the) Acquisitions Directive; - differences in interpretation of the definitions by national competent authorities; - uncertainty about the scope of the rules, for instance on when cooperation between shareholders should be regarded as a ´lasting common policy´ (TD), when a (tacit or oral) agreement between shareholders should be regarded to be aimed at acquiring control of the company or frustrating the successful outcome of a bid (TBD) and whether an understanding in good faith between shareholders, solely aimed at exerting influence intended to promote generally accepted principles of good corporate governance constitutes acting in concert (Acquisitions Directive). . Some shareholders mentioned that a lack of trust with regard to other shareholders is another reason not to cooperate. However, there seems to be agreement amongst shareholders that cooperation is an effective tool to force the management of a company to listen to their concerns. Further, cooperation could significantly reduce the costs of monitoring corporate governance issues. [86] Shareholders have mentioned a number of problems associated with European acting in concert rules which can be summarised as legal uncertainty on the scope of the rules and include: - the existence of different definitions of acting in concert in the Transparency Directive, Takeover Bids Directive and (Level 3 guidance to the) Acquisitions Directive; - differences in interpretation of the definitions by national competent authorities; - uncertainty about the scope of the rules, for instance on when cooperation between shareholders should be regarded as a ´lasting common policy´ (TD), when a (tacit or oral) agreement between shareholders should be regarded to be aimed at acquiring control of the company or frustrating the successful outcome of a bid (TBD) and whether an understanding in good faith between shareholders, solely aimed at exerting influence intended to promote generally accepted principles of good corporate governance constitutes acting in concert (Acquisitions Directive). 4.1.6. Insufficient rights/ obstacles to exercising rights Shareholders have indicated that there is a lack of appropriate shareholder rights in certain jurisdictions regarding corporate governance, for example regarding approval of remuneration policy, and that despite the Shareholder Rights Directive Directive 2007/36/EC , there are obstacles to cross border voting See Part II of the Second Advice of the Legal Certainty Group, August 2008. , which prevent them from exercising existing rights. With regard to the latter issue, t he European Commission is currently preparing a proposal for a d irective on legal certainty of securities holding and transactions (Securities Law Directive – SLD), which is expected to address amongst others the legal framework governing the exercise of investors' rights flowing from securities through a "chain" of intermediaries, in particular in cross-border situations. [87][88] Directive 2007/36/EC See Part II of the Second Advice of the Legal Certainty Group, August 2008. 4.2. Examples of best practices During the preparatory work for this report, the Commission´ services have been informed of some evidence that institutional investors seem to have somewhat changed their attitude. Following the financial crisis, a number of institutional investors have changed/ are considering changing their investment model, including reducing the number of shares in their portfolio and increasing their potential for engagement. However, there is a lack of transparency on institutional investors' and their agents' commitment to engagement and on whether such engagement policies are effectively implemented. Transparency on shareholder engagement may not only be seen as useful in companies where shareholder ownership is dispersed (i.e. a large number of shareholders individually own only a very small part of the shares) and therefore there is a bigger risk of companies becoming "ownerless", but also in companies with a "block-holder" model where there is one dominant shareholder with a relatively large stake. In this latter model, it has been argued that minority shareholders may feel underweight which could discourage them from engaging. The inactivity of minority shareholders may be seen to reinforce the power of the block-holder and management and can lead to strong board entrenchment. There is some evidence that CEO´s are more likely to be replaced following large losses in the credit crisis if the company had lower block-holder ownership Erkens, D., Hung, M., Matos P., (November 2009). . [89] Erkens, D., Hung, M., Matos P., (November 2009). 4.2.1. Stewardship principles and transparency on voting policies A number of international and national sets of principles regarding shareholder responsibility already exist. There is for instance the ICGN Statement of Principles on Institutional Shareholder Responsibilities. Example In the UK, the Institutional Shareholder Committee (ISC) updated its Code on the Responsibilities of Institutional Investors in November 2009 to take into account lessons learned from the financial crisis. The new code is aimed to help investors to become more effective in their dealings with companies in which they invest. The code operates on a ´comply or explain´ basis and calls on institutions to state publicly how they apply its principles. The Financial Reporting Council has begun a public consultation in January 2010 on a stewardship code for institutional investors. Questions include whether the ISC Code could form the basis for such code and what monitoring arrangements should be put in place. These principles address a number of key issues, such as disclosure of a voting policy, actively monitoring companies, making use of voting rights and communication with management. However, in some EU member states, adherence to these principles is low See www.unpri.org , adherence to these principles is particularly low in southern and central Europe. and the only monitoring mechanism in place consists of self-evaluation. Wider adherence to such principles on a "comply or explain" basis, by institutional investors and asset managers may be beneficial to both shareholders and companies. Compliance with such principles is however not always closely monitored. Finally, it should be noted that the scope of the existing codes/sets of principles differs considerably. The exercise of voting rights in a considered way is a key indicator that an institutional investor is effectively implementing its engagement policy. Even where institutional investors/asset managers do adhere to a stewardship code, publishing a voting policy may give beneficiaries and investee companies the opportunity to better understand what criteria are used to reach decisions. Publishing information on voting records ex post of the shareholder meeting, may give beneficiaries greater clarity about whether the votes were cast for or against the recommendations of the company management. Disclosure of the institutional investors' voting record may also be seen as a way of demonstrating that conflicts of interest are being properly managed.[90] See www.unpri.org , adherence to these principles is particularly low in southern and central Europe. 4.2.2. Transparency of asset managers' incentives and engagement Not only asset owners, but also their asset managers can exercise ownership responsibilities. It has been argued that long-term investors, such as pension funds, should seek to avoid the selection of asset managers based solely on short-term results. After the selection process, an example of best practice is that asset managers clearly and comprehensively report towards their clients on the exercise of their mandate, including on engagement with investee companies. In this connection, it may be helpful if asset owners communicate with their asset managers, in order to clarify their investment and engagement policy. It has been argued that asset owners have a responsibility for the content of the mandates. It has also been argued that mandates should include remuneration and incentive arrangements that are not too short-term and reflect their client´s investment horizon, including evaluation based over a multi-year period, in order to respect the client´s investment policy. Institutional investors could disclose information on the general terms of the remuneration of their agents and be more transparent on the mandates given to asset managers. 4.2.3. Costs of active engagement Long-term oriented investment with active engagement may offer extra returns and therefore more transparency resulting from the "comply or explain" approach may help recruiting new mandates for asset managers and thus result in "market rewards" Walker, D. (November 2009). . However, engagement is costly and the benefits may be difficult to calculate. Governance improvements may not always result in better performance as performance depends on many factors. In certain circumstances (e.g. very small shareholding or existence of a controlling shareholder) the costs of engagement can indeed be perceived as outweighing the potential benefits. It has been argued that the creation of fora for shareholder cooperation and information sharing, including internet fora could help overcome these obstacles. [91] Walker, D. (November 2009). 4.2.4. Conflicts of interest Conflicts of interest and identification with the interest of companies for commercial reasons seem to contribute to the passivity of shareholders. Conflicts of interests apparently arise most often because of lack of sufficient independence of institutional investors or their asset managers within financial groups See, for example, "Rémunérations incontrôlées, les bases financiers de effet de cliquet", Pierre-Henri Leroy in "Enjeux éthiques de la crise", 2009 . However, conflicts of interest can arise within institutional investors and asset managers too in numbers of ways, for instance on a personal level, as a consequence of the existence of "old boys' networks". [92] See, for example, "Rémunérations incontrôlées, les bases financiers de effet de cliquet", Pierre-Henri Leroy in "Enjeux éthiques de la crise", 2009 To mitigate more effectively such conflicts of interest, some institutional shareholders and asset managers have adopted policies with regard to conflicts of interest, which include the obligation to identify, manage and disclose such conflicts. It has further been suggested that a requirement that the majority of the members of the asset managers' governing body should be independent from the parent company in the financial group could also protect the interests of the beneficial owners of the equity The ICGN Statement of Principles on Institutional Shareholder Responsibilities considers it good practice that institutional investors recognise and address conflicts of interest to safeguard the interest of beneficiaries. . [93] The ICGN Statement of Principles on Institutional Shareholder Responsibilities considers it good practice that institutional investors recognise and address conflicts of interest to safeguard the interest of beneficiaries. 4.2.5. Disclosure by and communication with financial institutions Financial institutions have a duty to ensure that information provided to shareholders is comprehensive, but at the same time accessible and understandable for shareholders, who are not necessarily experts. Shareholders have indicated that more comprehensive information is needed on risk appetite, key risk exposures and the risk management system See also Section 3 above. , to allow them to better monitor companies. [94] See also Section 3 above. Example One of the financial institutions of the case study mentioned that they have chosen to publicly disclose additional information with regard to risk following the financial crisis in order to better inform shareholders. The representative said that it would be important to ensure that the additional reporting would become permanent. The representative also indicated that there are other financial institutions which have not taken this approach, which could form a possible competitive disadvantage for financial institutions which perform additional disclosure. The financial institution also confirmed that some additional disclosures were made after intervention from shareholders. Furthermore, it has been argued that a more regular dialogue between the shareholders and companies, in which problems are be discussed and diffused before reaching confrontation, would probably contribute to the effectiveness of shareholder engagement. Such dialogue is only useful if companies are open to it. However, care should be taken to maintain a balance between public disclosure and engaging in bilateral meetings with shareholders, to ensure equivalent treatment of shareholders. It has been suggested that companies should disclose bilateral contacts with shareholders. 4.2.6. More clarity on acting in concert Institutional investors have indicated that uncertainty about the scope of EU and national acting in concert provisions prevents them from cooperating with other investors, and thus reduces possibilities for active engagement. Better possibilities for cooperation between investors would also reduce costs of active engagement. The matter could be considered in the context of the ongoing review of the Transparency Directive Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC, OJ L 390 of 31.12.2004, p.38. and the report on the Takeover Bids Directive Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on Takeover bids. OJ L142, 30.4.2004, p.12 due in 2010, including the interrelationship between the Takeover Bids Directive and the Acquisitions Directive Directive 2007/44/EC of the European Parliament and of the Council of 5 September 2007 amending Council Directive 92/49/EEC and Directives 2002/83/EC, 2004/39/EC, 2005/68/EC and 2006/48/EC as regards procedural rules and evaluation criteria for the prudential assessment of acquisitions and increase of holdings in the financial sector, OJ L 247, 21.9.2007 , p. 1. . [95][96][97] Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC, OJ L 390 of 31.12.2004, p.38. Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on Takeover bids. OJ L142, 30.4.2004, p.12 Directive 2007/44/EC of the European Parliament and of the Council of 5 September 2007 amending Council Directive 92/49/EEC and Directives 2002/83/EC, 2004/39/EC, 2005/68/EC and 2006/48/EC as regards procedural rules and evaluation criteria for the prudential assessment of acquisitions and increase of holdings in the financial sector, OJ L 247, 21.9.2007 , p. 1. 4.2.7. Shareholder rights The financial crisis has shown that shareholders have not been vocal on a number of key issues, such as remuneration policy, strategy and risk appetite. Some shareholders have indicated that in certain jurisdictions they do not have sufficient rights or information to be able to monitor these issues. It is indeed the case that shareholders do not have a say on directors´ remuneration in all jurisdictions and rights regarding the strategy of the company, risk appetite and risk management differ among jurisdictions. The Commission recommended in 2004 that shareholders should have the possibility to vote on the remuneration policy The European Commission recommended an advisory or mandatory shareholder vote on remuneration in paragraph 4.2 of the Commission Recommendation 2004/913/EC. See also the Commission Report on the application by Member States of the EU of the Commission Recommendation on directors´ remuneration, July 2007 in all Member States. This issue is considered in the report on the application of the Commission's recommendations on directors' remuneration published alongside this report.[98] The European Commission recommended an advisory or mandatory shareholder vote on remuneration in paragraph 4.2 of the Commission Recommendation 2004/913/EC. See also the Commission Report on the application by Member States of the EU of the Commission Recommendation on directors´ remuneration, July 2007 5. Supervisors 5.1. Background and key findings The financial crisis revealed serious limitations in the existing supervisory framework globally, both in a national and cross-border context. Supervisors did not enjoy sufficient resources and an adequate mix of skills which lead to a lack of understanding and proper monitoring of financial institutions' activities. Also, the existence of different national systems of supervision has lead to inconsistent supervisory powers across Member States, regulatory competition and supervisory capture. This prevented the authorities from exercising efficient supervision in the context of expansion of investment bank business model See De Larosière report (2009), pp. 41 to 42; Guido Tabellini, Why did bank supervision fail? in The First Global Financial Crisis of the 21st Century, June 2008; . In general, the evidence tends to show that the crisis prevention function of supervisors has not been performed well. [99] See De Larosière report (2009), pp. 41 to 42; Guido Tabellini, Why did bank supervision fail? in The First Global Financial Crisis of the 21st Century, June 2008; At European level, the De Larosière report suggested different policy measures in order to remedy to these deficiencies. It recommended in particular strengthening national supervisory authorities in order to upgrade the quality of supervision in the European Union and creating a European System of Financial Supervision. As a follow-up to these recommendations, the Commission adopted in September 2009 an important package of draft legislation in order to significantly strengthen the supervision of the financial sector in Europe by creating a new European Systemic Risk Board (ESRB) to detect risks to the financial system as a whole and a European System of Financial Supervisors (ESFS), composed of national supervisors and three new European Supervisory Authorities for the banking, securities and insurance and occupational pensions sectors. The Commission is also currently reflecting on other issues, in particular with regard to the harmonisation of supervisory powers across Member States and other issues relating to accountability of supervisors. However, these measures do not address the issue of the involvement of supervisors in monitoring effective corporate governance, while deficiencies have also been observed with regard to the role of supervisors in the review of corporate governance practices of financial institutions. The financial crisis highlighted a poor enforcement of existing rules and regulations on corporate governance and inadequate supervisory control of governance practices in financial institutions. In many cases, supervisors did not monitor whether risk management frameworks and internal organisation were well-adapted to changes of business model and financial innovation. They also failed to ensure appropriate expertise of boards and to apply "fit and proper" test, focusing essentially on probity test See, for example, OECD (November 2009), p.27. . [100] See, for example, OECD (November 2009), p.27. Supervisors were too much focused on formal compliance by financial institutions rather than on the proper functioning of the boards and on effective implementation by financial institutions of sound corporate governance principles. In a number of cases supervisors did not or could not take account of existing guidelines for corporate governance of banks and insurance which are intended, inter alia, to guide supervisors, in the lightly regulated non-banks sector Ibid. . The governance of supervisors themselves has not been adequately debated, especially taking into account that supervisors’ jurisdiction and areas of competence are increasingly failing to align with the actual operations of financial firms, creating, at the minimum, complexity in risk management and regulatory compliance Ibid. . [101][102] Ibid. Ibid. 5.2. Examples of best practices Supervisory authorities are key in ensuring a sound corporate governance framework in financial institutions and have a keen interest in sound corporate governance as it is an essential element in the safe and sound functioning of a financial institution and may affect its risk profile if not implemented effectively See, for example, BCBS (March 2010). For possible recommendations see also, for instance, BCBS (March 2010); OECD (February 2010). . [103] See, for example, BCBS (March 2010). For possible recommendations see also, for instance, BCBS (March 2010); OECD (February 2010). 5.2.1. Involvement of supervisors with regard to corporate governance practices in financial institutions It has been argued that supervisory authorities should take measures to ensure that all existing national and international principles on sound corporate governance (such as the OECD and Basel principles) are known and effectively implemented. Moreover, governance matters should become an important topic of discussions between boards of financial institutions and their supervisors. However, not all national supervisory authorities may be sufficiently resourced and empowered to deal with corporate governance weaknesses that have become apparent. In addition, it has been argued that supervisors should be aware of legal and institutional impediments to sound corporate governance, and take steps to foster an effective basis for corporate governance See BCBS (March 2010), p. 6. . In the context of the new EU supervisory architecture, it is important to ensure that each supervisory authority is provided with sufficient resources and powers to deal with corporate governance issues in their respective areas.[104] See BCBS (March 2010), p. 6. 5.2.2. The "fit and proper" test The "fit and proper test" of board members performed by supervisors takes the form essentially of probity requirements. It does not include a review of technical and professional competence of candidates, such as general governance and risk management skills and behavioural and other qualities, and does not clarify their strategy and personal objectives as board members. It has been argued that the assessment by competent authorities of fit and proper criteria should be done through interviews of candidates. In that connexion, supervisory authorities should disclose their procedures and criteria, and where candidates are rejected, provide written explanation to the board of the proposing company. The test should also address the independence and objectivity of the candidates. Example The UK Financial Services Authority decided in 2009 to extend the scope of its "fit and proper test" with a view to check, besides honesty, integrity, reputation and financial soundness, the competence and capability of candidate executive/non-executive directors. This extended check will at least concern such functions as those of chairman, chief executive, senior independent director, finance director/chief finance officer, risk director/chief risk officer, and non-executive directors whose responsibilities include chair of audit, risk or remuneration committees. This assessment will be performed through interviews involving a panel of senior advisors on governance with a view to evaluate a range of competences and notably the degree of awareness, understanding and ability of the candidate with regard to such competence areas as market knowledge; business strategy, risk management and control; financial analysis and controls; governance, oversight and controls; regulatory framework and requirements. Non-technical skills and behaviours will be considered as part of the FSA assessment of the candidate's competences and ability. 5.2.3. The role of the supervisor in the review the functioning of the board Some supervisors attend board meetings, to assess if non-executive directors function effectively and are sufficiently challenging vis-à-vis management. However, supervisors do not always have access to these meetings. Moreover, some supervisors do not make use of the right to attend board meetings.. Feedback from supervisors of their assessments after participation in board meetings is often seen as helpful with a view to improving the functioning of the board. Supervisors could also be consulted on draft terms of reference of the external evaluation of performance of the board before they are adopted. 5.2.4. Supervisory review of the governance arrangements of risk management It has been argued that supervisors should frequently inspect financial institutions' internal risk management systems to ensure that they function properly, have sufficient standing and authority and appropriate to the size and the complexity of the financial institution's activities. 5.2.5. The role of the supervisors with regard to remuneration schemes It has been mentioned on several occasions that supervisors should pay particular attention to remuneration schemes to ensure that they are properly aligned with sound risk management and long term interest of financial institutions. 5.2.6. Supervisory cooperation Exchanges between national supervisory authorities enable them to share the best supervisory practices as well as information on systemic issues specifically related to larger cross-border financial institutions with systemic importance. It has been argued that corporate governance issues could be part of the agenda of the supervisory colleges' meetings in the context of supervision of these financial institutions. Sufficient cooperation could also be beneficial at national level between authorities responsible for different supervisory areas or different institutions which are part of the same group. 6. External auditors 6.1. Background and key findings External auditors play an important role in the corporate governance framework through their duty to ensure that the information provided by companies in their financial statements actually presents a “true and fair view” of those companies' performance and financial position. By expressing their independent opinion on accounts, external auditors provide assurance both to shareholders and the market at large on the quality and soundness of the financial information produced by issuers. The contribution of auditors to the confidence that markets and particularly financial markets need to function in an optimal manner, is therefore crucial. There seems to have been a tacit consensus that the problems at stake and their systemic nature were beyond the control of financial institutions' auditors. Nevertheless, questions have arisen A report released on 11 March 2010 by the US examiner, Anton Valukas, about the Lehman Brothers bankruptcy, expressed serious concerns about the use of repurchase agreements made by Lehman to present its end-year balance sheet in a too favourable light, as well as the silence of Lehman's auditors in this respect. , that still need to be addressed, as to whether auditors could have done more to prevent it, why some of the mechanisms in place did not function and accordingly, how to strengthen them. [105] A report released on 11 March 2010 by the US examiner, Anton Valukas, about the Lehman Brothers bankruptcy, expressed serious concerns about the use of repurchase agreements made by Lehman to present its end-year balance sheet in a too favourable light, as well as the silence of Lehman's auditors in this respect. 6.1.1. There was no timely or sufficient alert given by bank auditors to supervisors on the situation of certain banks before they collapsed Directive 2006/48/EC requires auditors of financial institutions to report to the competent authorities if they become aware of certain facts which are likely to have a serious effect on the financial situation of the institution. The Commission has no information on whether this provision has been effectively respected during the crisis and whether such reporting to competent authorities by auditors took place in individual cases. 6.1.2. Disclosure of financial information to shareholders regarding risks aspects is not informative and reliable enough In many instances, the serious difficulties and failures of banks occurred only a few months after their accounts had been issued without any qualification, emphasis of matter or even indication in the auditors' reports regarding such risks in the financial statements. However, accounting frameworks and/or legislation require companies, including financial institutions, to assess whether they are a going concern over at least the next twelve months from the balance sheet date. Auditing standards require the auditors to judge, based on information available by the time the auditor's report is issued, whether the company's assessment is correct. Auditors argue that it is difficult for them to predict potential circumstances that may in the near future affect the going concern of financial institutions, because of the oft unforeseeable nature of markets' behaviour. Furthermore, auditors have tended to justify their "hands-off" attitude by their fear that the issuing of statements on the going concern of companies, a fortiori financial institutions and notably banks, could become self-fulfilling prophecies: financial markets could overreact and hence trigger catastrophic events particularly for banks, ranging from a loss of inter-banking confidence, a possible reduction in lending to depositors' runs on banks. This explains the auditors' strong reluctance vis-à-vis public early warnings that would be issued by banks and/or their auditors on the going concern. As a result of this, shareholders and markets are to some extent deprived of some information on the risks taken by financial institutions. 6.2. Examples of best practices 6.2.1. Cooperation with supervisory bodies See FRC answer to the House of Commons Treasury Committee (2009), on links between auditors and the FSA: "we support… an increase dialogue between the FSA and audit firms".[106] See FRC answer to the House of Commons Treasury Committee (2009), on links between auditors and the FSA: "we support… an increase dialogue between the FSA and audit firms". Knowledge gathered by external auditors through their work may be useful to supervisors, whilst acknowledging that there might be some limitations to take into account certain professional secrecy obligations which auditors have towards their clients . Besides the knowledge that external auditors hold about individual banks, this approach is based on the assumption that they are in a good position to assist supervisors in developing a better understanding of the banking and financial services sector. Communications from external auditors to management and other reports submitted by auditors can provide supervisors with valuable insight into various aspects of the bank’s operations. It is the practice in many countries for such reports to be made available to the supervisors. Where this is applied, it is perceived as an effective means for both auditors and supervisors to cross-check information. It has been argued that such enhanced cooperation between supervisors and auditors could also be achieved through more frequent meetings. 6.2.2. Reporting of serious facts by external bank auditors to both the Board and the supervisor In principal, external auditors have a duty to report their key findings to the board The ISAs standards (ISA 260, ISA 250.22) and probably most sets of auditing standards in the EU include such duty. However, neither the frequency nor the specific situations are spelled out in these standards. . However, the timing and specific duties of the auditor in this respect are often seen as not clear enough. [107] The ISAs standards (ISA 260, ISA 250.22) and probably most sets of auditing standards in the EU include such duty. However, neither the frequency nor the specific situations are spelled out in these standards. In addition, it is perceived unclear in which risk circumstances, auditors of financial institutions would be obliged to alert the supervisory authorities. Research conducted sofar reveals that the board or supervisory authorities are indeed probably the best placed to take urgent action in the public interest in the case of an imminent crisis. This channel is essential for ensuring that the problem is addressed, without unduly spreading panic in the market and triggering systemic consequences. In many banks, the external auditors attend the Audit Committee's meetings. There is in fact a growing tendency towards regular attendance by bank auditors also at the Risk Committee's meetings See Walker, D. (November 2009), Recommendation 25 : " The board risk committee should be attentive to the potential added value from seeking external input to its work as a means of taking full account of relevant experience elsewhere and in challenging its analysis and assessment"; However some financial institutions of the case studies disagree on the use of external advice from statutory auditor because of potential conflict of interest. .[108] See Walker, D. (November 2009), Recommendation 25 : " The board risk committee should be attentive to the potential added value from seeking external input to its work as a means of taking full account of relevant experience elsewhere and in challenging its analysis and assessment"; However some financial institutions of the case studies disagree on the use of external advice from statutory auditor because of potential conflict of interest. 6.2.3. The role of bank auditors in the assurance providing connected to risk related financial information Some users of financial information consider that confidence in financial statements could be reinforced if parts of financial statements connected to risk, such as capital ratios and / or Basel II "pillar 3" information, were audited. There is an ongoing debate about the level of involvement of auditors with regard to corporate governance information and the practices vary across Europe See FEE (2009), p. 7: "we concluded that there was not one "right answer" as to the desirable level of involvement by an auditor. . The focus here is on practical improvements in the area of risk disclosure within financial information, as this is the shortcoming most relevant for investors.[109] See FEE (2009), p. 7: "we concluded that there was not one "right answer" as to the desirable level of involvement by an auditor. It has been argued that bank auditors should play a role, as far as risks disclosure is concerned, in providing stakeholders with assurance on the quality of financial data and hence help boost investor confidence in the vision of a bank's risks House of Commons Treasury Committee (2009), Mr Hayward (Independent Audit):"financial statements… had headed for compliance rather than communication". .[110] House of Commons Treasury Committee (2009), Mr Hayward (Independent Audit):"financial statements… had headed for compliance rather than communication". In that connexion, it has also been suggested that the mandate of auditors should be expanded to provide some assurance, or conduct specific procedures on: · parts of existing regulatory returns requested by supervisors which form part of the financial statements but are not yet audited (such as some capital ratios included in the Basel II "pillar 3" section) House of Commons Treasury Committee (2009) Article 239 " From 2009, banks will be required to report greater detail of their risk positions under new regulations introduced by Basel II, called ‘Pillar 3’ disclosures. Basel II includes an option to require Pillar 3 disclosures to be audited. The Government and FSA took the view that it would not require an audit of these disclosures. The ICAEW suggested that the FSA reconsider that decision in the light of changed circumstances". ; and/or[111] House of Commons Treasury Committee (2009) Article 239 " From 2009, banks will be required to report greater detail of their risk positions under new regulations introduced by Basel II, called ‘Pillar 3’ disclosures. Basel II includes an option to require Pillar 3 disclosures to be audited. The Government and FSA took the view that it would not require an audit of these disclosures. The ICAEW suggested that the FSA reconsider that decision in the light of changed circumstances". · relevant parts of financial institutions' reporting on benchmark/risk profile defined by boards (see Risk Management section dealing with the "Risk Statement"). Annex 1 – The methodology applied for the establishment of this paper This Commission staff working paper draws on the analyses and studies that have been performed or are still carried out by public or private organisations, at the international level (OECD, FSB, Basel Committee, IAIS, IIF, etc) as well as the European (CEBS, CESR, CEIOPS) and national (among others: Turner Review, Walker Report, Maas Report, Nestor Report) levels. An extensive bibliography is provided in Annex 3. In their work, the Commission staff benefited from the advice of the European Corporate Governance Forum (ECGF) and of the ad hoc advisory group on corporate governance composed of some members of the ECGF and other renowned corporate governance specialists. This paper also builds on the outcome of a seminar organised by the Commission on 12 October 2009 about corporate governance in financial institutions in order to gather stakeholders' views on the role and competence of the board of directors, governance issues related to internal control and risk management, the respective role of shareholders, supervisors and statutory auditors. Questionnaires on their corporate governance practices were also addressed to a diverse cross-section of 10 major listed banks or insurance companies established in the EU. Some of these had been more affected than others by the financial crisis. The ensuing desk work was supplemented by about 30 follow-up interviews with board members, company secretaries, chief financial officers, chief risk officers, internal controllers. Whilst these case studies have an anecdotal character due to the small size of the sample, they nevertheless provided a better understanding of what best practices emerged as a result of the firms' own reflection and stakeholders' feedback about their future course of action. A questionnaire was also addressed to the European banking, insurance and securities markets supervisors about their views and role regarding corporate governance of financial institutions. Similarly, a cross-section of major European institutional investors and shareholders' associations were the recipient of a questionnaire on their practices and expectations regarding corporate governance of financial institutions. A follow-up meeting with about 30 investors was held on 2 February 2010. A limited series of open interviews also took place with a few financial analysts, asset managers, and statutory auditors. Annex 2 – Summary of Findings boards| Key Findings|Examples of best practices| Lack of time commitment and independent judgement|Limiting the number of mandates of non-executive board members to ensure effective fulfilment of duties | Lack of expertise and diversity in the board|Ensuring that recruitment policies identify clearly the profile of non-executive directors, including the Chairman (where he/she is non-executive), and ensure sufficiently strong financial expertise and diversity| |Regular, tailor-made training of non-executive board members | |Recourse to external advice for non-executive board members | |Clear identification of profile and expected contribution of non-executive board members in terms of reference/letter of appointment | Ineffective functioning of the board|Clarify the role of the Chairman in organising the board's work | |The board should have a formal written conflicts of interest policy which should be disclosed in the annual report.| Lack of challenge of management decisions|Separation of the role of the Chairman and the CEO| Unsatisfactory board performance|Regular external independent evaluation of the board, e.g. every 3 years against terms of reference communicated to the supervisors. The results of the evaluation should be part of the annual report and/or be disclosed to supervisors and shareholders| boards| Lack of effective risk oversight and accountability on risk matters|Stand-alone Risk Committee at board level, expertise in risk in the Risk Committee| |To ensure coherence in examination of connected issues, cross participation in the Risk Committee/Audit Committee| |Attendance of and report by the Chairman of Risk Committee to the AGM| |Role of the board with regard to approving risk appetite and the parameters of risk oversight and overseeing their implementation | |Role of the board with regard to regularly reviewing the complexity of the structure of the financial institution including the activities of the different parts of it, and designing policies for the establishment of new structures. | |Boards to review the main features and inherent risks of new products through a new product approval process. | |Boards closely involved in the preparation and analysis of stress-testing programmes and assessment of the effectiveness of proposed mitigating actions. | |Risk alert for board executive or non-executive board members should notify supervisors of material risks they become aware of and which have a systemic implication| |Executive and non-executive board members should take into account the information from the supervisor regarding systemic risks when determining and overseeing the implementation of the risk appetite and risk strategy.| Lack of accountability |Duty of care of the executive and non-executive board members for the long-term sustainability of the FI| |Examine enforcement-related issues, in particular obstacles to holding executive and non-executive board members responsible for excessive risk-taking| Lack of board oversight on remuneration|Governance of remuneration policies | risk management| Key Findings|Examples of best practices | Lack of understanding of risk at board level, risk profile and appetite not or improperly defined and not effectively monitored|Definition, validation and disclosure of the risk appetite/ profile/ the parameters of the risk management system through a Risk Statement being part of the Annual Report. | Lack of accountability on risk matters|Duty for executive directors to sign off on the effectiveness of the internal control framework for risk management| Proper weight not been given to risk function (RF). RF often not respected at the same level as operational/ trade function. CRO not always in a position to speak up or to bring upwards any concern due to hierarchical limitation|Strengthening the independence and authority of the CRO by setting up its position at a level at par with the CFO in terms of institutional gravitas. The CRO should be member of the executive committees and should not be instructed by the CFO. CRO to attend all meetings of the Risk Committee at the board and this way have direct reporting line to it. | Reporting on risks not always timely, comprehensive and understandable for decision-making or control levels; staff of the risk function not always directly involved into the day-to-day monitoring of risk exposures|Establishment of an effective and efficient risk management and risk reporting system, backed by IT system; Involvement of risk staff into daily operations through "escalation procedure" to enable assessment of risk with internal capabilities; Direct reporting lines of risk managers to senior risk officers and CRO.| Proper and timely risk assessment/ monitoring not always possible due to complexity of the issue, understaffing and not enough existing expertise of the risk teams |Allocation of adequate resources for building up of adequate risk management culture:recruitment/ training of risk management staff sufficiently high level of remuneration; | Inadequate remuneration schemes with a large variable part based on short-term bonuses greatly contributed to the excessive short-term risk-taking|Set up appropriate remuneration schemes across financial institutions to motivate staff and management to focus on sustainable value creation rather than short-term risk taking.| shareholders| Key Findings|Examples of best practices | Short-term investment strategies, lack of adequate shareholder engagement|Adherence by institutional investors and asset managers to a stewardship code such as the ICGN Statement of Principles on Institutional Shareholder Responsibilities or a similar national Code on shareholder responsibility on a "comply or explain" basis. | High costs, free rider problem |Creation of shareholder cooperation fora. | Short-term investment strategies|Disclosure of voting policies by institutional investors and asset managers, including disclosure of voting records ex post of the shareholder meeting.| |Disclosure by asset managers whether their mandates from major clients, such as insurance companies and pension funds include provisions in support of engagement activity| Short-term oriented incentives of asset managers |Disclosure by institutional investors of information on the general terms of the remuneration of their agents | Conflicts of interest|Institutional investors identify, mitigate and disclose conflicts of interests which may have an impact on their engagement activity. A majority of the members of the asset managers' governing body should be independent from the parent company in the financial group. | Lack of appropriate information on risk|Financial institutions ensure that information provided to shareholders on risk is comprehensive, accessible and understandable for shareholders| Inappropriate legal framework for shareholder cooperation|Consider possibilities for clarification of acting in concert rules in the context of ongoing reviews of legislative texts where relevant| supervisors| Key Findings|Examples of best practices | Lack of appropriate exchange of information between supervisors|Improve supervisory cooperation| Inadequate supervisory control of governance practices in financial institutions|Improve the involvement of supervisors with regard to oversight of corporate governance systems | Focus on formal compliance by financial institutions rather than on the proper functioning of the boards|Enhance the role of the supervisor in the review of the functioning of the board | Failure to ensure that management frameworks and the internal organisation were adapted to changes of business model |Improve the supervisory review of the governance arrangements of risk management| Failure to ensure appropriate expertise |Strengthen the "fit and proper" test| Inadequate supervision of remuneration schemes|Enhance the role of the supervisors with regard to remuneration schemes | external auditors| Key Findings|Examples of best practices | No alert given by auditors on banks' situation before they collapsed|Strengthen cooperation with supervisory bodies| |Strengthen compulsory reporting of serious facts by external auditors to the supervisors | |Strengthen compulsory reporting of serious facts by external auditors to the board| Disclosure of financial information regarding risk is not informative and reliable enough |Strengthen the role of auditors in the assurance providing connected to risk related financial information | Annex 3 – Bibliography Bank for International Settlements, Issues in the Governance of Central Banks, A report from the Central Bank Governance Group, May 2009 Bank of England, Haldane, A., Why banks failed the stress test, 2009 Basel Committee on Banking Supervision, Enhancements to the Basel II Framework, July 2009. Basel Committee on Banking Supervision, Enhancing corporate governance for banking institutions, February 2006 Basel Committee on Banking Supervision, Framework for Internal Control Systems in Banking Organisations, 1998. Becht, M., Corporate Governance and the Credit Crisis, Macroeconomic Stability and Financial Regulation, Key Issues for the G20 , 2009 Borio, C., The financial turmoil of 2007: a preliminary assessment and some policy considerations”, BIS Working Papers 2008, 251. CEBS, Report on a case study analysis of how European banks have implemented CEBS Guidelines on Internal Governance, 12 January 2010 Chen, C. et al., “Does stock option-based executive compensation induce risk taking? An analysis of the banking industry”, Journal of Banking and Finance 2006, 30 Erkens, D., Hung, M., Matos P., Corporate Governance in the 2007-2008 Financial Crisis: Evidence from Financial Institutions Worldwide, November 2009 FEE, Discussion Paper for Auditor's Role Regarding Providing Assurance on Corportae Governance Statements, November 2009 F.Guerrera and P. Thal-Larsen, Gone by the Board: why the directors of big banks failed to spot credit risk, Financial Times, 26 June 2008 Felton, A. and Reinhart, C., The First Global Financial Crisis of the 21st Century, February 2009, CEPR, London, VoxEU.org Female FTSE report, Cranfield School of Management, 2009 Financial Services Agency, The Turner Review: A regulatory response to the global bank crisis, March 2009 Financial Services Authority, Final notice to Credit Suisse First Boston, August 2008 Financial Services Authority, The FSA’s internal audit review of its supervision of Northern Rock, and the FSA’s management response, London, April 2008 Financial Stability Forum, FSF Principles for Sound Compensation Practices, April 2009 Financial Stability Forum, Report of the Financial Stability Forum on Enhancing Market and Institutional Resilience, 2008. Findings on the interaction of market and credit risk- BIS/ Basel Committee on Banking Supervision, Working Paper No. 16, May 2009 Global Association of Risk Professionals, Risk Governance: let us start with the Board of Directors, June 2009, http://www.garpriskexchange.com/2009/07/risk-governance-let-us-start-with-board.html Gup, B., Corporate Governance in Banking: A Global Perspective, Elgar, 2007 Hagendorff, J. and Keasey, K., Value of Board Diversity in Banking: Evidence from the Market for Corporate Control Leeds University Business School, The University of Leeds, LS2 9JT, UK, December 2008 Hau H., Steinbrecher J. and Thum M., Board (in)competence and the subprime crisis, 2009 Heller, D., Three ways to reform bank bonuses, Financial Times, 3 February 2008 Higgs, D., Review of the role and effectiveness of non-executive directors, January 2003 Honohan, P., Bank failures: the limitations of risk modelling, Institute for International Integration Studies, Discussion Paper 263, 2008. Honohan, P., Risk Management and the Costs of the Banking Crisis, Institute for International Integration Studies, Discussion Paper 262, 2008 House of Commons Treasury Committee, Banking crisis: Reforming corporate governance and pay in the City, 2009 Institute for International Finance, Reform in the Financial Services Industry: Strengthening Practices for a More Stable System, December 2009. Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, 2008 Institute of International Finance, Interim Report of the IIF Committee on Market Best Practices, 2008. IOSCO, Report on the sub-prime crisis, 2008 Issues in the Governance of Central Banks- BIS/ Report from the Central Bank Governance Group Chair: Guillermo Ortiz, Governor of the Bank of Mexico May 2009 Kirkpatrick, G., The Corporate Governance Lessons from the Financial Crisis, OECD, February 2009 KPMG (2008), Audit committees put risk management at the top of their agendas, www.kpmg.co.uk/news/detail.cfm?pr=3120 Ladipo, D. et al., Board profile, structure and practice in large European banks, Nestor Advisors, 2008 See Mülbert, P. O., Corporate Governance of Banks, European Business Organisation Law Review, 12 August 2008 Nestor Advisors, Report on Bank Boards and the Financial Crisis: A corporate governance study of the 25 largest European banks, May 2009 OECD, Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009 OECD, Corporate Governance and the Financial Crisis: Recommendations, November 2009. OECD, Corporate Governance and the Financial Crisis: Conclusions and emerging good practices to enhance implementation of the Principles, 24 February 2010 Ricol, R., Report to the President of the French Republic on the Financial Crisis, 2008 Mateos de Cabo, R., Gimeno, R., Nieto, M.J., Gender Diversity on European Banks' Board of Directors: Traces of Discrimination, July 2009 Senior Supervisors Group (SSG), Risk on Management Lessons From the Global Banking Crisis of 2008, 21 October 2009 Senior Supervisors Group (SSG), Observations on Risk Management Practices During the Recent Market Turbulence, March 2008 Société Générale, Summary of PwC diagnostic review and analysis of the action plan, 2008 Tabellini, G., Why did bank supervision fail?, in The First Global Financial Crisis of the 21st Century, ed. Felton, A. and Reinhart, C., June 2008, VoxEU.org The Higgs Report, Review of the Role and Effectiveness of Non-Executive Directors, commissioned by the British Department of Trade and Industry, 2008 The Report of the High-Level Group on Financial Supervision in the EU chaired by Mr Jacques de Larosière, 25 February 2009. Van den Berghe, L., To what extent is the financial crisis a governance crisis? June 2009 Walker D., A Review of Corporate Governance in UK Banks and Other Financial Industry Entities, Final Recommendations, 26 November 2009 Walker D., Review of Corporate Governance in UK banks and Other Financial Industry Entities, 16 July 2009 [1] The Report of the High-Level Group on Financial Supervision in the EU published on 25 February 2009. The Group was chaired by Mr Jacques de Larosière. [2] Corporate governance is understood in this paper as encompassing the standards for decision-making within a financial institution, the duties of the board and the management, the internal structure of the financial institution and the relationships between the financial institution and its stakeholders. This concept is in line with the Basel Committee's understanding of corporate governance as embodied in its guidance Enhancing corporate governance for banking institutions , February 2006. [3] See De Larosière report (2009), p. 8. [4] For all these issues, see, for instance, OECD , Corporate Governance and the Financial Crisis: Key Findings and Main Messages, June 2009; Walker, D. , A Review of Corporate Governance in UK Banks and Other Financial Industry Entities, Final Recommendations , 26 November 2009; Institute for International Finance (IIF), Reform in the Financial Services Industry: Strengthening Practices for a More Stable System , December 2009., De Larosière report (2009). [5] Commission Communication of 4 March 2009 to the Spring European Council, "Driving European Recovery" - COM(2009) 114. [6] Commission Recommendation 2009/385/EC of 30 April 2009 complementing Recommendations 2004/913/EC and 2005/162/EC as regards the regime for the remuneration of directors of listed companies (OJ L 120, 15.5.2009). [7] Commission Recommendation 2009/384/EC on remuneration policies in the financial services sector of 30 April 2009 (OJ L 120, 15.5.2009). [8] In parallel to this staff working paper, the Commission is adopting two reports on the application to date by Member States of the two 2009 Commission Recommendations on remuneration. [9] Proposal for a Directive of the European Parliament and of the Council amending Directives 2006/48/EC and 2006/49/EC as regards capital requirements for the trading book and for re-securitisations, and the supervisory review of remuneration policies - SEC(2009) 974 and SEC(2009) 975. [10] See Proposal for a of the European Parliament and of the Council on Alternative Investment Fund Managers and amending Directives 2004/39/EC and 2009/…/EC - SEC(2009)576 and SEC(2009) 577. [11] Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009). [12] For the purposes of this report, it should be kept in mind that some Member States use a dual or two-tier board structure, where the supervisory function of the board is performed by a separate body known as a supervisory board, which has no executive functions. Other Member States use a unitary or one-tier board structure in which the board is composed of executive as well as of non-executive directors and which has an oversight function but can also intervene in management decisions. Finally, in some Member States either structure or a mix of them is possible. [13] For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. [14] The term "board" used in this report refers to the board in the unitary board system, in particular in its oversight function and to the supervisory board in the dual board system. Where the executive management is concerned, it is clearly specified in the report. The terms "management" or "executive board members/executive directors" cover the executive members of the unitary board as well as the members of the management board in the dual board structure. Where the text refers to "non-executive board members/non-executive directors", it covers non-executive members of the unitary board and the members of the supervisory board in the dual structure. [15] See, for instance, OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). [16] See OECD (June 2009). [17] Nestor Advisors, Report on Bank Boards and the Financial Crisis: A corporate governance study of the 25 largest European banks , May 2009, p. 43. [18] See OECD (June 2009); Nestor Advisors (May 2009); Walker, D. (November 2009); Also, answering questions of House of Commons Treasury Committee, Lord Turner stressed that "Having been a non-executive of a bank, I realised that to do it professionally you really do have to put a hell a lot of time into it. In future I think we are going to have to think about how much time effectively even very competent people can give to really go into the detail", see House of Commons Treasury Committee, Banking crisis: Reforming corporate governance and pay in the City , 2009. [19] It is worth noting that in Germany whilst members of the management board are prohibited from serving as executive directors in other companies without the consent of the supervisory board, this does not prevent them from taking a position on the supervisory board(s) of other companies. The general principle is however that each member of the management board has to devote his or her full service and engagement to the company in question. In practice, executive directors of holding companies serve quite frequently on boards of subsidiaries. The German Code of Corporate Governance states that members of the management board of a listed company shall not accept more than a total of three supervisory board mandate in non-group listed companies. [20] See Financial Services Agency, The Turner Review: A regulatory response to the global bank crisis , March 2009; Nestor Advisors (May 2009). [21] See, for example, Nestor Advisors (May 2009). [22] See Annex 1 on methodology. [23] For example, during the seminar of 12 October 2009, one of the panellists stressed that there was a general lack of risk appreciation due to the lack of experience and understanding of board members. One of the interviewees of the case study firmly stated that "there are not enough people with expertise in banks" and that "the industry is leaking talent because many managers leave the industry early and do not become non-executives". Another interviewee recognised that "it is difficult for supervisory board members without a background in banking to understand the range of different complex products offered by the financial institution". See also Lord Myners citing as example the advertisement of Citibank seeking to recruit non-executives which stated that "some financial expertise would be helpful" as demonstration that some banks were not focusing on the need to recruit non-executives with specific technical expertise and experience in the banking sector, House of Commons Treasury Committee (2009). [24] One of the panellists, for instance, stressed during the seminar of 12 October 2009 that "the main problem with actual functioning of financial institutions is that boards are not challenging enough vis-à-vis the management". [25] For instance in one of the financial institutions subject to the case study, only 2 out of 20 supervisory board members have banking expertise. During the interview with another financial institution, the CFO stressed that " mandatory employee representation on board makes it difficult for shareholderrepresentatives to criticise management during the meetings in front of employees". [26] See Mateos de Cabo, R., Gimeno, R., Nieto, M.J., Gender Diversity on European Banks' Board of Directors: Traces of Discrimination, July 2009; Hagendorff, J. and Keasey, K., Value of Board Diversity in Banking: Evidence from the Market for Corporate Control, December 2008; Higgs, D., Review of the role and effectiveness of non-executive directors , January 2003. [27] See, for instance, Financial Times Editorial, 19 November 2009. [28] However, this diversity should not be at the expense of loss of expertise by the board as a whole. [29] See House of Commons Treasury Committee (2009); Walker, D., (2009). [30] For instance, the 2009 Female FTSE report from Cranfield School of Management, that details the number of women directors in the top 100 FTSE companies, reveals that within the five banks among the FTSE 100 companies, just 9% of board members are female. [31] See OECD (June 2009); CEBS, Report on a case study analysis of how European banks have implemented CEBS Guidelines on Internal Governance , 12 January 2010; IIF (December 2009). [32] During the conference, one of the panellists stressed that "questioning the quality of the management using available information is an important thing; however, challenging the accuracy and the depth of information received by the board is equally important and represents a real issue revealed by the current crisis". In the interviews one company secretary mentioned that board evaluations revealed the following issues: documents for the meeting of the supervisory board were not received sufficiently in advance to prepare the meetings; there were too many charts, not enough time for discussion during the meeting, and high time pressure for ad hoc announcements which made it difficult to examine documents in depth. In response, company secretary made a proposal for standards of communication for different types of documents to the supervisory board. [33] See, for instance, Kirkpatrick, G. (2009); OECD (June 2009). [34] The Senior Supervisors Group gathers representatives from the French Banking Commission, the German Federal Financial Supervisory Authority; the Swiss Financial Market Supervisory Authority, the U.K. Financial Services Authority, the Canadian Office of the Superintendent of Financial Institutions, the Japanese Financial Services Agency, and, in the United States, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Federal Reserve Bank of New York, and the Board of Governors of the Federal Reserve System. [35] See Senior Supervisors Group (SSG), Risk on Management Lessons From the Global Banking Crisis of 2008 , 21 October 2009. [36] See the Principle 6 of BCBS guidance Enhancing corporate governance for banking institutions. [37] Furthermore, in some cases, banks which have received significant amount of state aid continued to pay bonuses to management and other employees. [38] See De Larosière report (2009); see also for central banks, Bank for International Settlements, Issues in the Governance of Central Banks , A report from the Central Bank Governance Group, May 2009. Also, interviewed financial institutions were in general very critical about the quality of supervision; however it seems to result form the interviews that central banks are less criticised than other independent prudential supervisors. [39] See OECD (November 2009). [40] For instance, Basel Committee on Banking Supervision, Consultative document on Principles for enhancing corporate governance , March 2010; OECD, Corporate Governance and the Financial Crisis: Conclusions an emerging good practices to enhance implementation of the Principles , 24 February 2010; Walker, D. (November 2009). [41] See Annex 1 on methodology. [42] Participants and speakers to the seminar on 12 October 2009 were of the opinion that Chairman's role is essential to ensure that the right behaviour is in place within the board. Finding the right balance between constructive leadership of the Chairman and too much authority was considered as an issue. [43] See Jens Hagendorff and Kevin Keasey Leeds (December 2008). [44] Directives 2004/39/EC (MiFID) and 2006/73/EC (Implementing MiFID) already require investment firms and credit institutions providing investment services and activities to establish, implement and maintain an effective conflicts of interest policy which cover all relevant persons in the firm, including directors. However, these Directives are of recent application and it will be crucial to examine how they have been applied in practice and if their requirements are sufficient. [45] During the seminar of 12 October 2009, several panellists emphasised that external independent assessment on a multi-year basis (each 3-4 years) based on in-depth interviews of board members and the management should replace self-evaluation based on a questionnaire. [46] OECD (March 2010), p. 20. [47] See Higgs, D. (January2003). [48] See Basel Committee on Banking Supervision (BCBS), Enhancing corporate governance for banking institutions , February 2006. [49] Nestor Advisors (May 2009). [50] See Peter O. Mülbert, Corporate Governance of Banks, European Business Organisation Law Review, 12 August 2008 , p. 434. It should be noted that with regard to the provision of investment services and activities, the existing EU regulatory framework already provides for a general obligation for firms to act honestly, fairly and professionally in accordance with the best interest of their clients (Article 19 of Directive 2004/39/EC). [51] See, for example, Nestor Advisors (May 2009). [52] IIF proposes the following definition of risk appetite: "the amount and type of risk that a company is able and willing to accept in pursuit of its business objectives", see IIF (December 2009). [53] In two-tier boards executive and non-executive members should jointly establish the risk appetite: the executive directors should define it and the non-executive directors should approve it. Similarly, non-executive directors should approve the main parameters of risk oversight. [54] See Nestor Advisors (May 2009). [55] See section 3 "Risk Management" of this staff working paper. [56] IIF (December 2009), p. 33. [57] See, for example, Global Association of Risk Professionals, "Risk Governance: let us start with the Board of Directors”, June 2009. [58] Most of the interviewed financial institutions as well as participants to the conference believed that a stand-alone risk committee brought an added value to the effective risk management. However, they also stressed that the need for specialised committees implies even greater expertise of board members. It also poses certain challenges as regards remuneration of those who are members of specialised committees. [59] During the conference, a number of participants emphasised that delegating too much authority to different committees within the board may dilute the responsibility of the board as a whole and may mean not all board members have an in depth understanding of key issues, including risk positions of the financial institution. In order to avoid any dilution of responsibility, key issues should still be approved by the whole board and information on risk has to be distilled comprehensively to all board members. [60] Most of the interviewed financial institutions with a separate risk committee have a practice of cross participation between audit and risk committees. [61] See Counterparty Risk Management Group III (CRMPG III), Containing Systemic Risk: the Road to Reform , August 2008. [62] De Larosière Report (2009), pp. 8 to 9. [63] See, for example, SSG (2009), the Turner Review (March 2009), p. 92. [64] See, for example, Kirkpatrick, G. (2009). [65] See the cases of UBS and RBS. [66] For example, the CRO was placed under rather than at equal level to the CFO. [67] For recommendations in this field see for instance: Basel Committee on Banking Supervision (March 2010); OECD (February 2010); Walker, D. (November 2009). [68] Regarding risk exposure, IASB is currently working on the "Management Commentary" which is an element of communication from companies to capital markets adding information to the financial statements. IASB issued draft guidance in June 2009 which should help financial statements users to understand "the entity's risk exposures, its strategies for managing risks and the effectiveness of those strategies". The comments received should be processed mid-2010. [69] See, for example, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, July 2008, pp. 36-38. [70] See also SSG (2009). [71] See also CRMPG III (August 2008). [72] See, for example, IIF (July 2008), pp. 41-42. [73] Ibid, pp. 34-38. [74] See also SSG (2009). [75] See also IIF (July 2008), p.40. [76] Commission Recommendation 2009/384/EC. [77] Commission Recommendation 2009/385/EC. [78] OECD (June 2009); Kirkpatrick, G. (2009); Walker, D. (November 2009). [79] See also FT article "Don't blame shareholders for the crisis" by Anthony Bolton, president, investment at Fidelity International: "…If we are to blame for anything, it is for pushing bank boards to pursue aggressive growth strategies." [80] For the purpose of this report, institutional shareholders/investors are considered to be professional investors which invest on behalf of or for the benefit of beneficiaries, including but not limited to pension funds, hedge funds, insurance companies and banks. [81] Erkens, D., Hung, M., Matos P., Corporate Governance in the 2007-2008 Financial Crisis: Evidence from Financial Institutions Worldwide , November 2009 [82] Only 28 of the 100 biggest European pension funds (including Switzerland and Norway) are signatories of the UN PRI. Regarding EU countries the distribution is the following: Sweden-6, Denmark-5, The Netherlands-4, UK- 4, Finland-3, Ireland-1, Belgium-1, France-1. (www.unpri.org) [83] Out of the biggest 5 asset management companies per countries the following are signatories of the UN PRI: 3 in Austria, 2 in Denmark and Sweden, 1 in Finland, Ireland and Italy, 0 in the Czech Republic, Germany, Greece, Hungary, Poland, Portugal, Slovakia, Slovenia, Spain, UK. (www.unpri.org) [84] FT article "Tackling ownerless corporations" by Pauline Skypala of November 8 2009, report of the University of Exeter Business School: Responsible investment in fund management: it works, but when? [85] See also Section 3 above. [86] Shareholders have mentioned a number of problems associated with European acting in concert rules which can be summarised as legal uncertainty on the scope of the rules and include: - the existence of different definitions of acting in concert in the Transparency Directive, Takeover Bids Directive and (Level 3 guidance to the) Acquisitions Directive; - differences in interpretation of the definitions by national competent authorities; - uncertainty about the scope of the rules, for instance on when cooperation between shareholders should be regarded as a ´lasting common policy´ (TD), when a (tacit or oral) agreement between shareholders should be regarded to be aimed at acquiring control of the company or frustrating the successful outcome of a bid (TBD) and whether an understanding in good faith between shareholders, solely aimed at exerting influence intended to promote generally accepted principles of good corporate governance constitutes acting in concert (Acquisitions Directive). [87] Directive 2007/36/EC [88] See Part II of the Second Advice of the Legal Certainty Group, August 2008. [89] Erkens, D., Hung, M., Matos P., (November 2009). [90] See www.unpri.org , adherence to these principles is particularly low in southern and central Europe. [91] Walker, D. (November 2009). [92] See, for example, "Rémunérations incontrôlées, les bases financiers de effet de cliquet", Pierre-Henri Leroy in "Enjeux éthiques de la crise", 2009 [93] The ICGN Statement of Principles on Institutional Shareholder Responsibilities considers it good practice that institutional investors recognise and address conflicts of interest to safeguard the interest of beneficiaries. [94] See also Section 3 above. [95] Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC, OJ L 390 of 31.12.2004, p.38. [96] Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on Takeover bids. OJ L142, 30.4.2004, p.12 [97] Directive 2007/44/EC of the European Parliament and of the Council of 5 September 2007 amending Council Directive 92/49/EEC and Directives 2002/83/EC, 2004/39/EC, 2005/68/EC and 2006/48/EC as regards procedural rules and evaluation criteria for the prudential assessment of acquisitions and increase of holdings in the financial sector, OJ L 247, 21.9.2007 , p. 1. [98] The European Commission recommended an advisory or mandatory shareholder vote on remuneration in paragraph 4.2 of the Commission Recommendation 2004/913/EC. See also the Commission Report on the application by Member States of the EU of the Commission Recommendation on directors´ remuneration, July 2007 [99] See De Larosière report (2009), pp. 41 to 42; Guido Tabellini, Why did bank supervision fail? in The First Global Financial Crisis of the 21st Century, June 2008; [100] See, for example, OECD (November 2009), p.27. [101] Ibid. [102] Ibid. [103] See, for example, BCBS (March 2010). For possible recommendations see also, for instance, BCBS (March 2010); OECD (February 2010). [104] See BCBS (March 2010), p. 6. [105] A report released on 11 March 2010 by the US examiner, Anton Valukas, about the Lehman Brothers bankruptcy, expressed serious concerns about the use of repurchase agreements made by Lehman to present its end-year balance sheet in a too favourable light, as well as the silence of Lehman's auditors in this respect. [106] See FRC answer to the House of Commons Treasury Committee (2009), on links between auditors and the FSA: "we support… an increase dialogue between the FSA and audit firms". [107] The ISAs standards (ISA 260, ISA 250.22) and probably most sets of auditing standards in the EU include such duty. However, neither the frequency nor the specific situations are spelled out in these standards. [108] See Walker, D. (November 2009), Recommendation 25 : " The board risk committee should be attentive to the potential added value from seeking external input to its work as a means of taking full account of relevant experience elsewhere and in challenging its analysis and assessment"; However some financial institutions of the case studies disagree on the use of external advice from statutory auditor because of potential conflict of interest. [109] See FEE (2009), p. 7: "we concluded that there was not one "right answer" as to the desirable level of involvement by an auditor. [110] House of Commons Treasury Committee (2009), Mr Hayward (Independent Audit):"financial statements… had headed for compliance rather than communication". [111] House of Commons Treasury Committee (2009) Article 239 " From 2009, banks will be required to report greater detail of their risk positions under new regulations introduced by Basel II, called ‘Pillar 3’ disclosures. Basel II includes an option to require Pillar 3 disclosures to be audited. The Government and FSA took the view that it would not require an audit of these disclosures. The ICAEW suggested that the FSA reconsider that decision in the light of changed circumstances".