CHAPTER II.

CORPORATE GOVERNANCE
Ms. Sovannara Roeung

1
 CONTENT
1. Corporate Governance Principles
2. Major Developments in Corporate Governance
Principles.
3. The Shareholders
4. The Board of Directors
5. First Line of Defense
6. Second Line of Defense
7. Third Line of Defense
8. External Auditors
9. Regulatory and Supervisory Authorities:
Establishing a Risk-Based Framework

2
 Setting
1. CORPORATE GOVERNANCE PRINCIPLE Bank risk
profile

Oversee Setting
personnel Corporate
objectives

What is corporate governance ?

Corporate governance relates to the manner in which the
business of the bank is governed. Are these Running
Establish parts of day-to-
control
function corporate day
operation
governance ?
It is defined by a set of relationships between the bank’s
management, its independent board, its shareholders, and
other stakeholders
Operate Compliance
in safe with Law
and sound and
manner Regulation
Protecting
Depositor’s
interest

3
4
 2. MAJOR DEVELOPMENTS IN CORPORATE GOVERNANCE PRINCIPLES

he Basel Committee - initially named the Committee on Banking Regulations and Supervisory Practices - was
established by the central bank Governors of the Group of Ten countries at the end of 1974 in the aftermath of
serious disturbances in international currency and banking markets (notably the failure of Bankhaus Herstatt in
West Germany). Up till now, there are 48 members.
The Basel Committee on Banking Supervision (BCBS, or Basel
Committee) is the primary global standard setter for the prudential
regulation of banks and provides a forum for regular cooperation on
banking supervisory matters and improvements of banks’ practices.

Aware of the critical importance of bank governance, the BCBS

originally published a guidance paper in 1999 (updated in 2015) to
assist banking regulators and supervisors in promoting the adoption of
sound corporate governance principles and practices (BCBS 1999,
2015). https://www.bis.org/bcbs/membership.htm

5
2.1 Basel Committee Guidance on Corporate Governance
Principle 1: Board’s overall responsibilities
Principle 2: Board qualifications and composition
Principle 3: Board’s own structure and practices
Principle 4: Senior management
Principle 5: Governance of group structures
Principle 6: Risk management function
Principle 7: Risk identification, monitoring and controlling
Principle 8: Risk communication
Principle 9: Compliance
Principle 10: Internal audit
Principle 11: Compensation
Principle 12: Disclosure and transparency
Principle 13: The role of supervisors
https://www.bis.org/bcbs/publ/d328.pdf
6
 2.1 BASEL COMMITTEE GUIDANCE ON CORPORATE GOVERNANCE

Four important forms of oversight should be included in the organizational structure of any
bank to ensure appropriate checks and balances (BCBS 2015):
1. Oversight by the board of directors or supervisory board
2. Oversight by individuals not involved in the day-to-day running of the various business
areas
3. Direct line supervision of all business areas
4. Independent risk management, compliance, and audit functions.
In addition, it is important that key personnel be “fit and proper” for their positions—a
standard further discussed later in this chapter.
Supervisors have a keen interest in sound corporate governance, as it is an essential element
in the safe and sound functioning of a bank and may affect the bank’s risk profile if not
implemented effectively.

7
 2.2 BANK GOVERNANCE: KEY PLAYERS AND
PARTNERSHIPS

The players directly involved in corporate

governance and risk management include:

• Parties who determine the regulatory

and public policy environment within
which a bank operates;
• Parties who are directly responsible
for bank business strategy, operation,
and risk management; and
• Banking markets-related parties such
as bank customers and market
participants

8
2.3 RESPONSIBILITIES OF KEY PLAYERS IN PARTNERSHIP FOR CORPORATE GOVERNANCE AND RISK
MANAGEMENT OF BANKS
“The tone at the top outlines that
the board of directors and
management team should embody
and not merely pay “lip service” to
compliance and upholding ethics. It
states that those at the top of the
organization should be honest, show
integrity, and uphold an ethically-
correct corporate culture.

The tone at the top, as the name

implies, starts at the top and trickles
down into middle-management and
eventually to the bottom line. A
company with a poor tone results in a
company that is more likely to display
unethical behavior, engage in
fraudulent activity, and not support
internal controls.”

https://corporatefinanceinstitute.com/resources/management/tone-at-
the-top/

9
2.3 RESPONSIBILITIES OF KEY PLAYERS IN PARTNERSHIP FOR CORPORATE GOVERNANCE AND
RISK MANAGEMENT OF BANKS

10
 select a competent board
of directors whose
members are
experienced and
3. THE SHAREHOLDERS-KEY ROLES qualified to set sound
policies and objectives.

determine a Shareholders should Elect the audit

bank’s business play a key role in committee, and
Explicit approval of the supervisory authority is required for a strategy and overseeing a bank’s external auditors,
person to become a bank’s founder or “larger” shareholder, which direction affairs.
normally implies owning a certain percentage of the bank’s shares
(typically 5–10 percent).
select a competent board
Such approval is based on the shareholder’s ability to meet a of directors whose
certain set of predefined criteria. members are experienced
and qualified to set sound
policies and objectives.
These criteria are designed to reassure the public that shareholders
are able and willing to effectively exercise their fiduciary
responsibilities, can provide additional capital to the bank in times
of need, and do not see the bank as a provider of funds for their Fiduciary principles—Directors of the bank must always act in its
business or related businesses. interests even in the face of a competing obligation. They must act in
good faith. It would be a breach of faith to be disloyal to it (for
instance by imparting its confidential or secret information), or to put
one’s personal interests (or those of family or friends) before its
interests. (Guidance on Director of the bank, 2003)
11
CAMBODIA REGULATION -SHAREHOLDER
Law on Banking and Finance (1999)

12
4. THE BOARD OF DIRECTORS AND SUPERVISORY ASSESSMENT

Who are the Board of Directors of the bank ?

The body that supervises management and Some countries use a two-tier board structure,
oversight over the performance
The of the bank
Board of Directors as the where
and Supervisory the supervisory function of the board is
assessment
whole. performed by a separate entity known as a
The structure of the board differs among countries. supervisory board, which has no executive functions.

The use of “board” in the different national models
that exist and should be interpreted in accordance
with applicable law within each jurisdiction. (BCBS
2015)
Other countries, in contrast, use a one-tier board
structure in which the board has a broader role.
(BCBS 2012): Core Principles for Effective Banking
Supervision

13
4.1 RESPONSIBILITIES AND DUTIES OF THE BOARD

The board of directors is responsible for

reviewing and guiding:
▪ corporate strategy,
▪major plans of action,
▪risk policy, and
▪annual budgets and business plans;
▪monitoring corporate performance; and
▪overseeing major capital expenditures,
▪acquisitions and disposals,
▪information technology (IT), and stakeholder
relations

What’s else?
14
 CAMBODIA CASE
ROLE AND RESPONSIBILITY OF BOARD
?
Prakas on Corporate Governance in Banks and Financial Institutions

https://www.nbc.gov.kh/download_files/legislation/prakas_eng/2160B7-08-211.pdf
15
4.2 BOARD COMPOSITION

▪A banking institution needs a board that is both

strong and knowledgeable. It is essential that the
board encourages open discussion and, even more
important, tolerates conflict well because conflict
indicates that both sides of the coin are being
considered.
▪A board must be independent, and actively involved
in its bank’s affairs. Both the bank directors and the
executive management must adhere to high ethical
standards and be “fit and proper” to serve.
▪Although the bank’s directors will not necessarily be
experts on banking, they should have the skills,
knowledge, and experience that enable them to
perform their duties effectively

16
4.2 BOARD COMPOSITION
The board should be comprised of individuals with a balance of skills, diversity and expertise, who collectively
possess the necessary qualifications commensurate with the size, complexity and risk profile of the bank.
(BCBS 2012): Core Principles for Effective Banking Supervision
The chair of the board should be an independent or non-executive.

What about member?

Nonexecutive board members who
are independent should have no
material interest in the bank. Such
board members do not represent
any specific major shareholder and
are therefore assumed to exercise
independent judgment.
Board
Composition
Executive board members usually
hold senior positions in the bank,
often as chief executive officer or
chief financial officer.
Nonexecutive board members who
are deemed non-independent are
often executives of a major
shareholder and are elected to the
board to ensure that such
shareholders’ interests are
safeguarded.
17
 CAMBODIA
–
BOARD
COMPOSITION

https://www.nbc.gov.kh/download_files/legislation/prakas_eng/2160B7-08-211.pdf

18
5.FIRST LINE OF DEFENSE: Management and Staff,
Responsible for Bank Operations and Implementation
of Risk Management Policies

• From the global system perspective, senior management is

the first line of defense in ensuring a good business
perspective and financial condition of a bank and, ultimately,
of the banking system and markets.
• Regulators take several different approaches to ensuring that
management is “fit and proper”—most establishing standards
that a manager must meet.
• The strategic positioning of a bank; the nature of a bank’s risk
profile; and the adequacy of the systems for identifying,
monitoring, and managing the profile reflect the quality of
both the management team and the directors’ oversight of the
bank.

19
5.FIRST LINE OF DEFENSE: Management and Staff, Responsible for Bank Operations and
Implementation of Risk Management Policies

• Business units are the first line of defense.

• They take risks and are responsible and accountable for the
ongoing management of such risks.
First line of defense • This includes identifying, assessing and reporting such
by BCBS exposures, taking into account the bank’s risk appetite and
its policies, procedures and controls.
• The manner in which the business line executes its
responsibilities should reflect the bank’s existing risk
culture.

(BCBS 2012): Core Principles for Effective Banking Supervision

20
5.1 ROLE OF MANAGEMENT

• appointment to middle-level management positions of people with adequate

professional skills, experience, and integrity;
• establishment of adequate performance incentives and personnel management
systems; and staff training.

• ensure that the bank has an adequate management information system and that the
information is transparent, timely, accurate, and complete

• ensure that all major bank functions are carried out in accordance with clearly
formulated policies and procedures and that the bank has adequate systems in place
to effectively monitor and manage risks
5.2 FIT AND PROPER ASSESSMENT

22
 5.3. CAMBODIA- FIT AND PROPER ASSESSMENT

https://www.nbc.gov.kh/download_files/legislation/prakas_eng/738B7-08-212.pdf

23
 6. SECOND LINE OF DEFENSE: Chief Risk Officer and Risk Committee, Responsible for
Risk Management Oversight

Regulatory authorities reacted by requiring bank boards to appoint a chief risk officer (CRO) and establish risk
committees, reporting directly to the board. The CRO must be able to act independently and have direct access to
the independent board member chairing the risk committee, whose responsibilities normally include the following:

• Support and conduct oversight of the CRO

• Oversee the risk management infrastructure
• Address risk and strategy simultaneously, including consideration of risk appetite
• Monitor risks and oversee risk exposures, which includes evaluating the design of risk
processes
• Advise the board on risk strategy
• Review and discuss with management the bank’s compliance with laws and regulations,
including major legal and regulatory initiatives
• Evaluate significant risk exposures of the company and assess management’s actions to
mitigate the exposures in a timely manner (including one-off initiatives and ongoing
activities such as business continuity planning and disaster recovery planning and testing)
6. Second Line of Defense: Chief Risk Officer and Risk
Committee, Responsible for Risk Management Oversight

• Coordinate risk committee activities with the audit committee in instances where there is any overlap
with audit activities (for example, an internal or external audit issue relating to risk management policy
or practice)
• Approve risk and compliance management policies, frameworks, strategies, and processes
• Monitor containment of risk exposures within the risk appetite framework
• Report assessment of the adequacy and effectiveness of the risk appetite, risk management, internal
capital adequacy and assessment process (ICAAP), and compliance processes to the board
• Monitor implementation of risk and compliance management strategy, risk appetite limits, and
effectiveness of risk and compliance management
• Initiate and monitor corrective action, where appropriate
• Monitor that the group acts appropriately to manage its regulatory and supervisory risks and complies
with applicable laws, rules, codes, and standards in a way that supports the group toward being an
ethical and good corporate citizen
• Approve regulatory capital models and risk and capital targets, limits, and thresholds
• Monitor capital adequacy (solvency) and ensure that a sound capital management process exists
• Receive reporting that alerts the committee to other possible areas of developing risks.
25
 6.1 RISK APPETITE AND RISK LIMIT

The bank’s risk appetite—the level of risk the bank can accept in pursuit of its objectives before action is deemed
necessary to reduce risk should be clearly conveyed and easily understood by all relevant parties: the board of
directors, senior management, bank employees, and bank supervisors.

The aggregate level and types of risk a bank is willing to

assume, decided in advance and within its risk capacity, to
achieve its strategic objectives and business plan.
(BCBS 2012): Core Principles for Effective Banking
Supervision

The risk governance framework should outline

actions to be taken when stated risk limits are
breached, including disciplinary actions for excessive
risk taking, escalation procedures, and board of
director notification.
26
6.2 STRESS TEST

• When the BCBS introduced the concept of stress testing in

2009, it emphasized that stress testing is expected to be a
critical tool used by banks as part of their internal risk
management and capital planning (BCBS 2009).
• Stress tests and scenario analyses aim to assess the
(unanticipated) losses that a bank may incur under certain
stress scenarios and the impact on its business plans, risk
management strategies, liquidity planning, or capital
adequacy.
• A stress test is also used as a tool to analyze how a bank
would cope with an economic crisis.
• Stress testing also serves as a key component of the
supervisory assessment process to identify vulnerabilities
and assess the capital adequacy of banks.

27
 THINK OUTSIDE THE BOOK Compliance function

An independent compliance function is a key component of the bank’s second line of defense. This function is
responsible for, among other things, ensuring that the bank operates with integrity and in compliance with applicable,
laws, regulations and internal policies.

The compliance function is independent from management to avoid undue

influence or obstacles as that function performs its duties. The compliance
function should directly report to the board, as appropriate, on the bank’s efforts
in the above areas and on how the bank is managing its compliance risk.

To be effective, the compliance function must have sufficient authority,

stature, independence, resources and access to the board. Management
should respect the independent duties of the compliance function and
not interfere with their fulfilment.

(BCBS 2012): Core Principles for Effective Banking Supervision

28
CAMBODIA CASE

29
30
 7. THIRD LINE OF DEFENSE:
AUDIT COMMITTEE AND
INTERNAL AUDITORS,
An audit committee is primarily
responsible for :
• ensuring an effective internal control
framework and the preparation and
presentation of financial statements to
conform with International Financial
Reporting Standards (IFRS) and
• oversees the third line of defense and is
a valuable tool to help management
with the identification and handling of
risk areas in complex organizations.

The audit committee must be chaired by

an independent board member, and the
chief audit executive should have a direct
reporting line to the audit committee
chair.
31
 The Internal Audit Function in Banks’ role and responsibilities (BCBS 2012b)

• Assess the effectiveness and efficiency of the internal control, risk

management, and governance systems and processes created by the
business units and support functions, and provide assurance on these
7. THIRD LINE OF systems and processes
DEFENSE: AUDIT • Provide an independent assurance to the board of directors and senior
management on the quality and effectiveness of a bank’s internal
COMMITTEE AND control, risk management, and governance systems and processes
INTERNAL • Be independent of the audited activities, which requires the internal
audit function to have sufficient standing and authority within the bank
AUDITORS,
• Act with integrity
• Articulate its purpose, standing, and authority in an internal audit
charter
• Ensure that every activity of a banking group (including outsourced
activities and those of interest to the regulators) and every entity of the
bank falls within the overall scope of the internal audit function

32
 • Communicate regularly with bank supervisors to discuss the risk areas
identified by both parties, understand the risk mitigation measures taken
by the bank, understand the weaknesses identified, and monitor the
bank’s responses to these weaknesses.
• Oversee internal and external audits, including review and approval of
internal and external audits
• Review significant audit findings and monitor progress reports on
7. THIRD LINE OF corrective actions
DEFENSE: AUDIT • Rectify reported internal control shortcomings
COMMITTEE AND • Ensure the assessment adequacy and effectiveness of processes,
practices, and systems reporting to the board
INTERNAL • Ensure that a combined model is applied, providing a coordinated
AUDITORS, approach to assurance activities
• Oversee financial risks and internal financial controls, including the
integrity, accuracy, and completeness of the annual integrated report
(both financial and nonfinancial reporting)
• Receive reports on fraud and IT risks as these relate to financial reporting
• Provide independent oversight of the integrity of the annual financial
statements and other external reports issued by the bank.

33
CAMBODIA CASE

34
8. EXTERNAL AUDIT

The primary objectives of an audit are to

enable the auditor to express an opinion on
whether the bank’s financial statements fairly
reflect its financial condition and to state the
results of its operations for a given period.

The external audit report is normally

addressed to shareholders, but it is used by
many other parties, such as supervisors,
financial professionals, depositors, and
creditors.

Apart from the audit of the income statement, certain line items on the balance sheet are
audited through the use of separate programs (for example, fixed assets, cash, investments,
or debtors)
35
9.REGULATORY AND SUPERVISORY AUTHORITIES: ESTABLISHING A RISK-BASED FRAMEWORK

Countries use different organizational structures for regulation and supervision—sometimes separating regulation
from supervision and housing the regulatory function in a ministry and the supervisory function in the central
bank or an independent financial markets authority.

The primary role of bank regulators and supervisors is to facilitate the process of risk management and to enhance and
monitor the statutory framework for risk management.

Bank regulators and supervisors cannot prevent bank failures. However, by creating a sound, enabling environment, they
have a crucial role to play in influencing the other key stakeholders.

The Core Principles for Effective Banking Supervision are the de facto minimum standard for sound prudential regulation
and supervision of banks and banking systems. Originally issued by the BCBS in 1997 and updated in 2006 and 2012, they
are used by countries as a benchmark for assessing the quality of their supervisory systems and for identifying future work
to achieve a baseline level of sound supervisory practices.
CAMBODIA
CASE
CAMBODIA CASE
Supervisory Review and Evaluation Process

The SREP methodology relies extensively on quantitative and

qualitative analysis. It combines data and supervisor’s judgement
following a principle of “constrained judgement”, with a view to
ensuring that the SREP decision fits best with an institution’s risk
profile while also ensuring consistency and accountability across
the supervisors in charge of assessing the financial institutions.

The SREP is built on four elements:

i) a business model and profitability assessment;

ii) an assessment of risks to capital: credit risk but in the coming

years others risks as market risk, operational risk, and interest
rate risk in the banking book could be added;

iii) an assessment of risks to liquidity and funding: short term funding

and long-term funding and

iv) a corporate governance and risk management assessment.

Cambodia SREP addresses only the Risk Assessment System (RAS).

38