Response to eBA launches consultation to revise its Guidelines on internal governance

Go back

Question 1: Are subject matter, scope of application, definitions and date of application appropriate and sufficiently clear?

NFU welcomes the possibility to answer to this consultation and provide input to the revised Guidelines. With that in mind, we find the following:
- under ´Legal basis´, point 14, there is an addition made that ´For this purpose, parent undertakings and subsidiaries subject to Directive 2013/36/EU must ensure that internal governance arrangements, processes and mechanisms in their subsidiaries are consistent, well- integrated and adequate´. The first two requirements are prescribed in the Directive, and ´adequate´ is added to refer to ´and that any data and information relevant to the purpose of supervision can be produced´ (Article 109 (2)). ´Adequate´ might therefore not fully encompass the Directive requirement, but rather ´sound´, ´solid´ or similar.
- under ´Rationale and objectives of the guidelines´, point 21, the segment ´In this context, the guidelines clarifies in line with Directive 2013/36/EU that identifying, managing and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and credit institutions risk management framework´ would benefit from the addition of the word ´preventing´, so that it reads ´... that preventing, identifying, managing and mitigating money laundering ...´. The element of prevention is also added with the new Article 56 (g) in the Directive.
- under ´Definitions´, we find that adding a definition on ´Management Body´ and ´Senior Management´ would be helpful, after the definitions for ´Risk Appetite´, ´Risk Capacity´, and ´Risk Culture´; and before the definition of ´Staff´.

Question 2: Point (d) has been added, throughout the Guidelines references to money laundering and terrorism financing and the institutions obligations have been added, are those references sufficiently clear?

We find that it is positive to include the notion that AML/TF measures are part of the institutions´ governance arrangements. Further to the formulation, we would suggest including procedures and specific channels for reporting breaches. Such structures would further strenghten the efforts of institutions in preventing and managing AML/TF. Therefore, the sentence would read: ´d. an adequate and effective internal governance and internal control framework as defined in Title V, including procedures and specific, independent and protected channels for reporting breaches, to ensure compliance with applicable requirements also in the context of the prevention of money laundering and terrorism financing´.
It is important to highlight that ensuring protection against retaliation and anonymity of employees who report breaches remains a challenge. Likewise, external threats from criminals engaged in AML/TF is also an important issue.

Question 3: Paragraph 24 regarding ESG factors has been added, is it sufficiently clear?

The addition of the ESG considerations is a good way forward for integrating sustianability-minded actions. However, we find that the aim should not only be a sustainable business model, but also the development of a long-term perspective and sustainable corporate governance, which would have a spill-over effect into all areas of work for the company, including the successful attraction, retention and re/up-skilling of employees.
Additionally, we see the mention of the ESG considerations throughout the document to be quite limited, for example, further in elaborating the responsibilities of the different roles and committees.

Question 4: Paragraph 84 and 86 have been amended to reflect changes to CRD. Are those paragraphs sufficiently clear?

N/A

Question 5: Are Paragraphs 98 and 99 sufficiently clear?

N/A

Question 6: Point (c) of paragraph 101 has been amended to reflect the EBA’s work on dividend arbitrage schemes. Is point (c) sufficiently clear?

N/A

Question 7: Section 11 has been added to provide guidelines on loans and transactions with members of the management body and their related parties, reflecting changes to CRD. Is the section appropriate and sufficiently clear?

N/A

Question 8: Paragraph 126 has been added, is it sufficiently clear?

N/A

Question 9: Paragraph 140 has been added, is it sufficiently clear?

Given the dynamics of ML/TF developments, in the phrasing of the last paragraph concerning staff, it would be beneficial to expand to continuous efforts by companies i.e. so it reads ´Credit institutions should take continuous measures to ensure that their staff is made aware of such ML/TF risks and the impact that ML/TF has on the credit institution and the integrity of the financial system´.

Upload files

Name of the organization

NFU - Nordic Financial Unions