Response to consultation on revised Guidelines on internal governance under CRD
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
Asset Management Companies do not fall within the scope of application of the draft Guidelines as described in paragraph 5(a). Nevertheless, paragraph 85 specifies that, on a consolidated basis, the consolidating entity shall ensure that all entities within the scope of consolidation comply with the group’s governance policies and internal control framework.
Accordingly, it is the responsibility of the parent undertaking to define the content of the internal policies in line with the provisions of the Guidelines, and such policies shall also apply to subsidiaries, including Asset Management Companies.
In the case of an Asset Management Company that is part of a banking group and authorised to provide investment services, we would request clarification on how the same obligations are to be applied to such entities, taking into account their specific features and regulatory framework.
Question 2: Are the changes made in Titles I (proportionality) and II (role of the manamgnet body and committees) appropriate and sufficiently clear?
Members of the management body have a general legal responsibility to act in an informed manner and to actively participate in the bank’s corporate governance processes, ensuring its sound and prudent management.
In light of this provision, we seek clarification on how the individual statement of roles and duties should be interpreted. Specifically, we ask whether, from now on, a board member’s responsibility will be limited to the roles and duties set out in the statement, or whether the general responsibilities established under the applicable legal framework will continue to apply.
If, as we assume, the individual statement does not exclude the general responsibilities of board members, then its practical usefulness may be limited. In such a case, institutions might simply draft the statement by including broad clauses on the directors’ duties, covering all the general responsibilities.
Furthermore, with regard to the individual statement, paragraph 68.b(c) provides that – where an individual holds multiple roles, including within the same group – the institution shall prepare a separate individual statement for each role.In such cases, we believe that, since the subsidiaries are controlled and consolidated, a single statement should be sufficient, where appropriate structured in separate sections to reflect the different roles held by the individual.
Question 3: Are the changes made in Title III (governance framework) section 6 appropriate and sufficiently clear?
Non-Applicable
Question 4: Are the changes made in Title III section 7 (third-country branches) appropriate and sufficiently clear?
Non-Applicable
Question 5: Are the changes made in Title IV (risk culture) appropriate and sufficiently clear?
Non-Applicable
Question 6: Are the changes made in Title V (internal control framework) appropriate and sufficiently clear?
With regard to the scope of the Compliance Function’s responsibilities, we would like to seek confirmation that the draft Guidelines do not intend to extend the remit of this function to include the oversight of “legal risk,” understood in supervisory practice as the risk of losses resulting from contractual or non-contractual liability or from other types of disputes.
In the Association’s view, paragraph 204 should be interpreted consistently with:
(i) other sections of the same draft, such as paragraph 36 of the Introduction to EBA Guidelines, which states that the Compliance Function “monitors compliance with legal requirements and internal policies, provides advice on compliance to the management body and other relevant staff, and establishes policies and processes to manage legal risk stemming from non-compliance events and to ensure compliance”;
(ii) other regulatory texts of equal standing, such as the “Guidelines on the authorisation of credit institutions”, which in paragraph 9.4.4. specify that the Compliance Function manages the “compliance risk,” defined as “the risk of failure to comply with applicable laws, rules, regulations and standards”; and
(iii) supervisory practices, including national ones, under which the Compliance Function is responsible for managing “compliance risk,” understood as the risk of failure to comply, among other things, with the laws and regulations governing financial activities (e.g. banking activity), customer protection and transparency rules, management of risk-taking and conflicts of interest with related parties, consumer protection provisions, and remuneration policies.
Similarly, with respect to monitoring the risk of non-compliance with tax regulations, the Association believes that the draft Guidelines do not entail any change in the Compliance Function’s scope of responsibilities. In line with current supervisory practices, we consider that the Compliance Function only should (i) contribute, through its specialist expertise, to the design of procedures aimed at preventing breaches or circumvention of tax laws, in order to minimise both sanction-related and reputational consequences arising from improper application of tax regulations; and (ii) assess the adequacy of such procedures and their effectiveness in actually preventing compliance risk.
Question 7: Are the changes made in Title VI (business continuity managment) appropriate and sufficiently clear?
Non-Applicable