The Six Key Themes of Internal Governance Harmonisation

As recent as 26 September 2017, the European Banking Authority (EBA) under the Directive 2013/36/EU published its revised guidelines on harmonising the internal governance arrangements of banks across the European Union. The EBA Guidelines will apply as of 30 June 2018 to competent authorities across the EU, as well as to institutions on an individual and consolidated basis. The previous EBA Guidelines on internal governance (GL44) will be repealed on the same date.

The last published guidelines on internal governance from the EBA was in 2011, which were reviewed again in 2013. These latest revised guidelines aim to further enhance and harmonise arrangements for internal governance, affiliated processes and mechanisms across EU banks.

The current guidelines have six key themes:


  1. Proportionality- The proportionality principle encoded in Article 74(2) of Directive 2013/36/EU aims to ensure that internal governance arrangements are consistent with the individual risk profile and business model of the institution, so that the objectives of the regulatory requirements are effectively achieved. Things to be considered under proportionality include balance sheet size and legal holding, geographical presence, risk strategy, ownership and funding.
  2. Role & composition of management bodies- In accordance with Article 88(1) of Directive 2013/36/EU, the management body must have ultimate and overall responsibility for the institution and defines, oversees and is accountable for the implementation of the governance arrangements within the institution to ensure effective and prudent management of the institution. The management bodies and committees are responsible for oversight, setting, approving and implementing key business functions, such as remuneration policies, risk culture and accounting, financial, operational and compliance reporting mechanisms and systems.
  3. Governance framework– The theme set out by EBA guidelines around governance framework lays emphasis around the organizational framework, structures and outsourcing policy.
  4. Risk Culture & Business conduct– Institutions should develop an integrated and institution-wide risk culture, based on a full understanding and holistic view of the risks they face and how they are managed, taking into account the institution’s risk appetite. The risk culture parameters might include, but not limited to tone from top, accountability and corporate values.
  5. Internal Control Framework & Mechanisms- The internal control framework of the institution concerned should be adapted on an individual basis to the specificity of its business, its complexity and the associated risks, taking into account the group context.
  6. Business Continuity Management and Transparency– Institutions should establish a sound business continuity management plan to ensure their ability to operate on an ongoing basis and to limit losses in the event of severe business disruption. There should be appropriate contingency and business continuity plans so that the financial firm can promptly respond to emergencies and sustain its business activities. The guideline also specifies that the recovery plan and mechanism should be in place for the firm to ensure that it returns to normality and ‘business as usual’ (BAU) within the desired timeframe. In relation to transparency, strategies, policies and procedures should be communicated to all relevant staff throughout an institution. An institution’s staff should understand and adhere to policies and procedures pertaining to their duties and responsibilities.

The reviewed guidelines are exhaustive and include governance components from the Capital Requirements Directive IV. The new guidelines emphasize and address the design element of governance arrangements so that banks can effectively manage risk. It underlines the importance and significance of the supervisory function of management bodies, for risk oversight and risk-based approach to business functions.

Through these six major themes, the EBA aims to strengthen the risk management functions of the bank through increased transparency of governance and information flow within management bodies and committees. What can be inferred is that, through appropriate interpretation and implementation of the guidelines, banks can identify and mitigate existing risk, be resilient over supervision of new risks that the banks take on and have a strong mechanism for ongoing monitoring over other risks and risk management functions. In addition to governance arrangements, the business conduct framework has also been developed. Risk culture, code of conduct and processes to manage conflict of interests have been deeply emphasized.

In a nutshell

The current guidelines were in light of the weak corporate governance structure and functioning in several instances in the banking sector which led to banks taking unnecessary risk, sometimes leading to problems in their organization. This phenomenon not only led to a competition in market, but gradually led to systemic problems in EU and global financial markets. The new guideline underlines the importance and significance of supervisory function of the management bodies within, for the risk oversight and risk based approach on business functions.

In wake of this guideline, banks might have to adopt a path of least resistance towards innovation and possibly a framework mechanism as illustrated, in pursuit to integrate the new internal governance guidelines in to their organization.

The adoption and migration towards the evolved framework may very well bring in a new normalcy in terms of how European Banks operate. This would certainly have a lasting and positive impact on product and services that banks will cater for their customers in a long-term financial eco system-going forward.

Reality Check

Understanding the high level picture, objective, scope and regulatory obligation is a significant step forward. However, in terms of applicability in real world scenario and next steps, it will be interesting to see how banks cope with the challenges such as blending the new guidelines into their everyday operational model, particularly as they have only 8 months before the new guidelines apply!

Article written by Swagat Bannick.


Emmanuel Dooseman

Partner, Global Head of Banking and Capital Markets - New York