Response to eBA launches consultation to revise its Guidelines on internal governance
Go back
- under ´Legal basis´, point 14, there is an addition made that ´For this purpose, parent undertakings and subsidiaries subject to Directive 2013/36/EU must ensure that internal governance arrangements, processes and mechanisms in their subsidiaries are consistent, well- integrated and adequate´. The first two requirements are prescribed in the Directive, and ´adequate´ is added to refer to ´and that any data and information relevant to the purpose of supervision can be produced´ (Article 109 (2)). ´Adequate´ might therefore not fully encompass the Directive requirement, but rather ´sound´, ´solid´ or similar.
- under ´Rationale and objectives of the guidelines´, point 21, the segment ´In this context, the guidelines clarifies in line with Directive 2013/36/EU that identifying, managing and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and credit institutions risk management framework´ would benefit from the addition of the word ´preventing´, so that it reads ´... that preventing, identifying, managing and mitigating money laundering ...´. The element of prevention is also added with the new Article 56 (g) in the Directive.
- under ´Definitions´, we find that adding a definition on ´Management Body´ and ´Senior Management´ would be helpful, after the definitions for ´Risk Appetite´, ´Risk Capacity´, and ´Risk Culture´; and before the definition of ´Staff´.
It is important to highlight that ensuring protection against retaliation and anonymity of employees who report breaches remains a challenge. Likewise, external threats from criminals engaged in AML/TF is also an important issue.
Additionally, we see the mention of the ESG considerations throughout the document to be quite limited, for example, further in elaborating the responsibilities of the different roles and committees.
Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?
NFU welcomes the possibility to answer to this consultation and provide input to the revised Guidelines. With that in mind, we find the following:- under ´Legal basis´, point 14, there is an addition made that ´For this purpose, parent undertakings and subsidiaries subject to Directive 2013/36/EU must ensure that internal governance arrangements, processes and mechanisms in their subsidiaries are consistent, well- integrated and adequate´. The first two requirements are prescribed in the Directive, and ´adequate´ is added to refer to ´and that any data and information relevant to the purpose of supervision can be produced´ (Article 109 (2)). ´Adequate´ might therefore not fully encompass the Directive requirement, but rather ´sound´, ´solid´ or similar.
- under ´Rationale and objectives of the guidelines´, point 21, the segment ´In this context, the guidelines clarifies in line with Directive 2013/36/EU that identifying, managing and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and credit institutions risk management framework´ would benefit from the addition of the word ´preventing´, so that it reads ´... that preventing, identifying, managing and mitigating money laundering ...´. The element of prevention is also added with the new Article 56 (g) in the Directive.
- under ´Definitions´, we find that adding a definition on ´Management Body´ and ´Senior Management´ would be helpful, after the definitions for ´Risk Appetite´, ´Risk Capacity´, and ´Risk Culture´; and before the definition of ´Staff´.
Question 2: Point (d) has been added, throughout the Guidelines references to money laundering and terrorism financing and the institutions obligations have been added, are those references sufficiently clear?
We find that it is positive to include the notion that AML/TF measures are part of the institutions´ governance arrangements. Further to the formulation, we would suggest including procedures and specific channels for reporting breaches. Such structures would further strenghten the efforts of institutions in preventing and managing AML/TF. Therefore, the sentence would read: ´d. an adequate and effective internal governance and internal control framework as defined in Title V, including procedures and specific, independent and protected channels for reporting breaches, to ensure compliance with applicable requirements also in the context of the prevention of money laundering and terrorism financing´.It is important to highlight that ensuring protection against retaliation and anonymity of employees who report breaches remains a challenge. Likewise, external threats from criminals engaged in AML/TF is also an important issue.
Question 3: Paragraph 24 regarding ESG factors has been added, is it sufficiently clear?
The addition of the ESG considerations is a good way forward for integrating sustianability-minded actions. However, we find that the aim should not only be a sustainable business model, but also the development of a long-term perspective and sustainable corporate governance, which would have a spill-over effect into all areas of work for the company, including the successful attraction, retention and re/up-skilling of employees.Additionally, we see the mention of the ESG considerations throughout the document to be quite limited, for example, further in elaborating the responsibilities of the different roles and committees.