Corporate governance

Draft revised EU guidelines

Consultations have been recently launched on two draft EU guidelines: One dealing with the suitability of members of the management body and key function holders and the other one focusing on internal governance.

Regulatory Newsflash | 10 November 2016


On 28 October, the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) launched a consultation on draft guidelines on the assessment of the suitability of members of the management body (MB) and key function holders (KFH).

The guidelines were published in accordance with the new requirements introduced under the Capital Requirements Directive IV (CRD IV) and the Markets in Financial Instruments Directive II (MiFID II) and aim to improve and harmonise suitability assessments within the EU. Harmonisation of “fit and proper” assessments of the MB has been a focus area for the European Central Bank.

In parallel, the EBA launched a consultation on draft guidelines aimed at further harmonising firms’ internal governance arrangements, in line with the new requirements in this area introduced in CRD IV and also taking into account the proportionality principle.

Both consultation papers note that weaknesses in corporate governance have contributed to excessive and imprudent risk-taking in the financial sector which in turn has led to systemic problems.

Regulatory Newsflash

EBA/ESMA draft guidelines on suitability of the MB and KFH

The draft guidelines for assessment of suitability of the MB and KFH cover the following areas:

  • provide common criteria to assess the individual and collective knowledge, skills and experience of members of the MB as well as the good repute, honesty and integrity, and independence of mind of members of the MB;
  • require members of the MB to commit sufficient time to perform their duties and call for firms to consider the wider time commitments of MB members outside the firm;
  • reiterate the requirement to comply with the limits on the number of directorships held by members of the MB as set out CRD IV;
  • set out how different aspects of diversity, educational and professional background, age, gender and geographical provenance should be taken into account in the recruitment process; highlight the importance of induction and training to ensure the initial and ongoing suitability of members of the MB; and call for institutions to establish training policies and to allocate appropriate financial and human resources to induction and training.

The illustrative set of skills that are suggested in the Annex for firms to consider, for example Authenticity, Decisiveness, Judgement, Negotiating, Stress Resistance (resilience) is an interesting list and highlights the fact that EBA is encouraging consideration of MB suitability in its widest sense.

Previous speeches made by senior ECB officials have flagged the issue around inconsistency in fit and proper assessments across EU Member States and the need for harmonisation(*). The introduction of common criteria will require firms in some EU countries to revisit their framework for assessing both individual and collective competencies of members of their MB. 

Next steps

The Draft EBA/ESMA Guidelines will apply to Competent Authorities across the EU, as well as to credit institutions and investment firms and should be implemented by mid-2017.

The consultation closes on 28 January 2017 and a public hearing in London will take place at the EBA premises in London on 5 January 2017.


(*) The Single Supervisory Mechanism after one year: the state of play and the challenges ahead, Speech by Danièle Nouy, Chair of the Supervisory Board of the Single Supervisory Mechanism, Banca d’Italia conference “Micro and macroprudential banking supervision in the euro area”, at the Università Cattolica, Milan, 24 November 2015.

EBA guidelines on internal governance

Internal governance includes all standards and principles relevant to setting an institution’s objectives, strategies and risk management framework. CRD IV sets out requirements aimed at remedying weaknesses regarding internal governance arrangements including effective oversight by the MB, authority, stature, resources and accessibility and in particular the sound management of risks.

The draft guidelines complete the governance provisions in CRD IV and capture a number of areas that supervisors have previously highlighted as being important – understanding risks inherent in complex organisational structures and business activities, independence of internal control functions, robustness of new product approval policies and processes. Additional guidelines have been proposed to strengthen risk culture, improve management oversight over business activities and risk management, increase transparency in offshore activities and consideration of risks within change processes.

Complex structures – management oversight

In response to the “Panama papers” incident, the EBA has articulated certain new governance aspects relating to complex structures. We have summarised these points to highlight the changes – as per the previous EBA governance guidelines (issued in September 2011) there is an emphasis on management understanding and effectively overseeing complex legal entity structures.

The new aspects covered include governance expectations in the creation of new legal entities - institutions should base their decision to set up a new legal entity on a risk assessment that takes into account, amongst other things, the extent to which the jurisdiction in which it is to be established, complies with international standards on tax transparency, anti-money laundering and countering financing terrorism; the extent to which there is an obvious economic and lawful purpose; and the extent to which the structure impedes effective management oversight or supervision by competent authorities.

There is also an expectation that the MB understands the risks associated with the new structure, including reputational risks and ensures internal control functions are properly involved.

There is also an emphasis on adequate governance over new complex transactions and M&A activities, including the importance of the role of the risk management function in evaluating the impact of these changes on the group’s overall risk profile.

Culture and risk management

There is a renewed emphasis on risk culture and corporate culture, with the MB being held responsible for establishing and overseeing it. Detailed guidelines have been provided including defining acceptable and unacceptable behaviours and defining a corporate culture and values that foster responsible and ethical behaviour captured in a “Code of Conduct” or similar instrument.

The EBA notes that risks should be taken within a well-defined framework for the firm’s risk strategy and appetite. This includes the setting of limits and controls. The risk management function is to contribute to developing a framework for identifying, assessing, managing and monitoring risks arising in new business areas or through change in existing products, processes and systems.

Subsidiary and matrix structure governance 

The EBA’s position on the continuing debate on the extent of group oversight and control over subsidiaries is firmly set out in these guidelines. However business activities are organised in a group – by legal entity or a matrix of business lines – there should be specific mechanisms to ensure that group-wide internal governance policies are implemented and complied with. Robust governance arrangements should be established in each subsidiary. This is a clear signal that global groups need to be able to explain how a matrix business line structure works and how governance principles are consistently applied across a group. In response to increased supervisory focus in this space, we have seen a number of subsidiaries “tidy up” their subsidiary level governance principles to align with those of the group entity.

Documentation and procedures

A common theme throughout the new guidelines is an emphasis on documentation of policies and discussion and documentation of the impact of strategic decisions on risk, whether it be for new transactions, or for the creation of new legal entities. This will require firms to review and potentially update their current policy documentation, controls frameworks (including the role of the risk management function) and procedures for providing adequate supporting management information to the MB in good time.


Due regard has been paid to the concept of proportionality, with a list of criteria to help institutions and competent authorities to judge it when implementing the guidelines.

Criteria include size of the balance sheet, geographical footprint, funding and ownership structure, client base, use of outsourcing, and the use of internal capital models.

The guidelines also touch on a number of other areas that the EBA has previously highlighted as being important – good governance in relation to outsourcing, robust whistle blowing arrangements, and reporting of breaches of regulatory requirements to the competent authorities and composition and role of committees.

Next steps

The deadline for the submission of comments is 28 January 2017 and a public hearing will take place at the EBA premises in London on 5 January 2017.

Implications for firms

  • Firms should consider responding to both consultations by 28 January 2017;
  • Firms will need to consider the broad implications of the guidelines, and the suite of capabilities required, both for execution and maintenance of policies and procedures to meet the guidelines;
  • Firms, depending on the content of the final guidelines, will need to review their existing control framework, policies and procedures and documentation requirements to ensure they meet the internal governance standards outlined in the guidelines.
Did you find this useful?