Discussion paper on Governance in Commercial Banks in India - RBI - Reserve Bank of India
Discussion paper on Governance in Commercial Banks in India
1. Growing size and complexity of India’s financial system underscores the significance of strengthening governance standards in banks. Recent events in a dynamic and rapidly evolving financial landscape have led to increasing scrutiny of the role of promoter(s), major shareholder(s) and senior management vis-a-vis the role of a board. In the context where management plays the role of an agent of a board and the board in turn plays the role of an agent of shareholders, governance failures have brought to fore the impact of quality of governance on efficiency in allocation of resources, protection of depositors’ interest as well as maintaining financial stability. 2. Shareholders of any entity have an objective to maximise return on their capital. However, in financial intermediation this objective is predominantly realised through raising of financial resources from depositors and other debt providers. It is the trust reposed in these entities by providers of financial resources, largely depositors – a key stakeholder, which casts a very high and unique ‘fiduciary’ responsibility on entities such as banks. 3. Therefore, an approval to undertake financial intermediation involves a grant of public policy and public utility privilege. Against this privilege is an expectation of a higher order of responsibility on individuals while in search of returns. Naturally, with this privilege comes a higher order of accountability. 4. Against this backdrop, this document in the form of a ‘Discussion Paper’ has been drafted for being placed in public domain for seeking feedback and suggestions. The objective is to align current regulatory framework with global best practices while being mindful of the context of domestic financial system. 5. The contents in the paper have been compiled after reviewing extant instructions/guidelines/directions of the Reserve Bank and relevant guidance available in public domain including those issued by Basel Committee of Banking Supervision (BCBS), Financial Stability Board (FSB) as well as the Banks Board Bureau. 6. The unique characteristic of financial intermediation and spill over impact of governance failures on real sector has not been missed while drafting the paper. Therefore, the approach has been to set higher aspirational standards in governance for entities engaged in financial intermediation. Such higher standards in turn can create positive impact on providers of capital to these entities. 7. The contents in the paper straddle between principle-based regulation and rule-based regulation, with emphasis on the latter wherever warranted. 8. Relevant provisions of extant statutes/regulations have been reproduced in the interest of compiling different sources in one document. 9. This paper is drafted to encourage discussion and intended for seeking stakeholder feedback. The Reserve Bank will issue the guidelines/directions after considering the feedback. 1. Applicability of the contents herein will be to entities mentioned below:
3. Definitions1 1. In this paper, unless the context otherwise requires: -
2. All other expressions unless defined herein shall have same meaning as have been assigned to them under various statutes or notifications / instructions / rules / regulations / guidelines/directions issued under various statues or used in commercial parlance. 4. Overall responsibilities of the board of directors 1. The board of a bank has overall responsibility for the bank, including culture, governance framework and approving as well as overseeing management’s implementation of the bank’s strategic objectives. Directors have responsibilities to the bank’s overall interests, regardless of who appoints them4. 2. These responsibilities5 articulated in following paragraphs in substantive terms are to be met by the board/committees of the board by setting agenda for its meetings and actions emanating therefrom as recorded in minutes of the meetings. The board/ committees of the board shall maintain appropriate records of their proceedings at each meeting, including minutes of meetings, summaries of matters reviewed, main discussions, individual director’s views, dissenting opinions, decisions taken, recommendations made and board resolutions. Minutes of the meetings of the board/committees of the board are to be signed by the chair of the meeting. In all matters related to meetings of the board and its committees’ compliance shall be ensured inter alia with guidance issued from time to time by the Institute of Company Secretaries of India (ICSI). 4.1 Responsibilities of the board - culture and values6 1. A fundamental component of good governance is a culture of reinforcing appropriate norms for responsible and ethical behaviour. These norms are especially critical in terms of a bank’s risk awareness, risk-taking behaviour and risk management. To promote a sound culture, the board shall reinforce the “tone at the top” by7:
2. To put all the above into practice the board shall have oversight of: i. a code of conduct or comparable policy, which shall:16
ii. bank’s values which shall recognise critical importance of17:
iii. A whistle-blower policy which shall be well operationalised and widely communicated:
3. Material concerns19 shall also be communicated to the Department of Supervision, Reserve Bank of India. 4. The ultimate responsibility for ensuring accountability for misconduct lies with the board. Therefore, boards shall also oversee compensation system that promote prudent risk-taking behaviour, business practices and identify tools which mitigate / address misconduct20 (e.g. in year adjustment, malus, claw back arrangement, etc.). 4.2 Responsibilities of the board – recognising and managing conflict of interest 1. Conflicts of interest may arise because of various activities/ roles of a bank, or between the interests of a bank or its customers and those of a bank’s directors or senior managers. Conflicts of interest may also arise when a bank is part of a broader group. For example, where the bank is part of a group, reporting lines and information flows between bank, its parent and/or other group entities can lead to emergence of conflicts of interest21. 2. Where these conflicts cannot be prevented, they shall be properly managed based on permissibility of relationships or transactions under sound policies consistent with existing statutes and provisions prescribed here22. 3. Accordingly, the board shall ensure that adequate policies, procedures and measures are implemented to identify actual/potential/perceived conflicts of interest. Thereafter, assess their materiality, decide on mitigating measures and communicate any material actual/potential/perceived conflicts of interest to the board. The scope of policies, procedures and measures shall include various categories of staff, directors, shareholders, service providers, business partners and other stakeholders as well as legal or natural persons closely linked to the various categories mentioned23. 4. The board shall have a formal written ‘conflicts of interest’ policy and an objective compliance process to ensure implementation of the policy. The policy shall inter alia include24: -
5. The board shall ensure that transactions with related parties are reviewed to assess risk. These shall be subject to appropriate restrictions to ensure that resources of the bank are not misappropriated or misapplied27. 6. The board shall also oversee and be satisfied with the process by which appropriate public disclosure is made, and/or information is provided to supervisors, relating to the bank’s policies on actual/potential/perceived conflicts of interest. This shall include information on the bank’s approach to disclosing as well as managing actual/potential/perceived conflicts of interest that are not consistent with such policies, and conflicts that could arise because of the bank’s affiliation or transactions with other entities within the group28. 4.3 Responsibilities of the board - risk appetite, management and assurance 1. As part of overall governance framework, the board is responsible for overseeing a strong risk governance framework. A risk governance framework shall include well defined organisational responsibilities for risk management, typically referred to as ‘three lines of defence’29 viz.,
2. Depending on the bank’s nature, size, complexity and risk profile of its activities, specifics of how these three lines of defence are structured can vary. However, regardless of the structure, responsibilities for each line of defence shall be well defined and communicated. This shall include those functionaries who do not have any revenue generating role and are part of the first line of defence30. 3. Business units are the first line of defence. They take risks, are responsible and accountable for ongoing management of such risks. This includes identifying, assessing, reporting such exposures considering the bank’s risk appetite, its policies, procedures and controls. The way business line executes its responsibilities shall reflect the bank’s existing risk culture. The board shall promote a strong culture of adhering to limits and managing risk exposures31. 4. In this context, the board shall require that the bank maintains a robust finance function which is responsible for accounting and financial data. The finance function, inter alia, plays a critical role in ensuring that business performance is accurately recognised and reported to the board, management as well as business lines that will use such information as a key input to risk as well as business decisions. Therefore, even though being part of the first line of defence, the finance function shall have sufficient authority, stature, independence, resources and access to the board32. 5. The second line of defence includes an independent and effective risk management function. The risk management function complements the first line of defence through its monitoring and reporting responsibilities. Among other things, it is responsible for overseeing the bank’s risk-taking activities, assessing risks and issues independently from the first line of defence. The function shall promote importance of business line managers i.e. those having revenue generating responsibilities, in identifying and assessing risks critically rather than relying only on surveillance conducted by the risk management function33. The function shall also have sufficient authority, stature, independence, resources and access to the board34. 6. The second line of defence also includes an independent and effective compliance function. The compliance function shall, inter alia, routinely monitor compliance with all applicable statutes, governance rules, regulations, codes and policies. The board shall approve compliance policies that are communicated to all staff. The compliance function shall assess extent to which policies are observed and inform to the first line of defence as well as the board on how the bank is managing its ‘compliance risk’. The function shall also have sufficient authority, stature, independence, resources and access to the board 35. 7. The third line of defence consists of an independent internal audit function, as well as an independent vigilance function. An internal audit function, among other things provides independent review together with objective assurance on effectiveness of the bank’s first and second lines of defence. Internal auditors must be competent, appropriately trained and not involved in developing, implementing or operating the first or second line of defence functions. As for the vigilance function, its main objective is to assist the board to achieve its goal by ensuring that all transactions are carried out as per systems, procedures while minimising the scope of malpractices/misconduct and misuse of funds36. 8. Within the above scheme of things, an effective risk governance framework must be operated through37:
9. The bank’s risk appetite shall be developed and conveyed to reinforce a strong risk culture. The risk governance framework shall outline actions to be taken when stated risk limits are breached, including disciplinary actions for excessive risk-taking, escalation procedures and board of director notification38. 10. The board shall take an active role in defining the risk appetite, ensuring its alignment with the bank’s strategic, capital, financial plans and compensation practices. The bank’s risk appetite shall be defined by considering the competitive along with regulatory landscape as well as the bank’s long-term interests, risk exposure and ability to manage risk effectively 39. 11. The bank’s risk appetite shall be clearly conveyed through a RAS that can be easily understood by all relevant parties viz., the board itself, senior management, employees and the Reserve Bank40. The bank’s RAS shall:
12. The development of an effective RAS shall be driven by both top-down board leadership and bottom-up management involvement. While leadership for setting up the risk governance framework will rest with the risk management function, successful implementation depends upon effective interactions between the board, senior management, operating businesses, finance function and risk management. The board must oversee the bank’s adherence to the RAS, risk policy and risk limits41. 13. The board shall approve an approach, oversee the implementation of key policies pertaining to the bank’s capital adequacy assessment process including capital raising plans, liquidity plans, compliance policies/obligations, and the internal control system42; 14. The RAF and risk culture must include a framework for identifying misconduct followed by remedial measures. The process for managing misconduct risk through compensation system must include at minimum, ex ante process that embed non-financial assessment criteria such as the quality of risk management, degree of compliance with laws and regulations43. 15. The board shall ensure that the second and third lines of defence are properly positioned, staffed, resourced to carry out their responsibilities independently, objectively as also effectively. In the board’s oversight of the risk governance framework, the board shall regularly review key policies and controls with senior management. The reviews shall include the heads of second and third lines of defence. These reviews shall identify significant risks, determine areas that need improvement and undertake remedial measures where needed 44. 16. To achieve desired objective at least one meeting of the board must be exclusively focussed towards fulfilling this responsibility of the board towards ‘risk appetite, management and assurance’, details of which have been articulated above. 4.4 Responsibilities of the board - oversight of senior management45 1. When it comes to oversight of management, responsibilities of the board are as follows: (i) Determine role/responsibilities of the CEO, WTDs and other senior management functionaries46; (ii) Select as well as oversee performance of WTDs, CEO and other senior management functionaries of all the three lines of defence47; (iii) Provide oversight of senior management, hold members of senior management accountable for their actions. Enumerate possible consequences (including dismissal) if those actions are not aligned with the board’s performance expectations. This includes adhering to the bank’s values, risk appetite and risk culture, under all circumstances. In doing so, the board shall48 -
4.5 Other responsibilities of the board 1. A board also has ultimate responsibility for the bank’s business strategy, financial soundness, key personnel decisions and internal organisation50. 2. The board shall establish and be satisfied with the bank’s organisational structure. This will enable the board to carry out its responsibilities, facilitate effective decision-making and good governance. This includes clearly laying out key responsibilities along with authorities of the board itself, followed by that of senior management including those in the second and third line of defence 51. In other words, ensure that there is a clear demarcation of duties/responsibilities between the board and management52, as also between each of the three lines of defence53; 3. The members of the board shall exercise their ‘duty of care’ and ‘duty of loyalty’ to the bank under applicable regulatory/supervisory standards54. 4. Accordingly, the board shall55: -
5. The board as well as the senior management shall facilitate the independent directors to perform their role effectively as a member of the board and as a member of a committee of the board63. 6. In discharging its responsibilities, the board shall consider legitimate interests of depositors, shareholders and all other stakeholders. Further, it shall also ensure that it maintains an effective relationship with the regulators and supervisors64. 4.6 Duties of a director 65 1. To discharge various responsibilities, duties of a director shall inter alia include: -
5. Board’s structure and practices84. 1. To fulfil its responsibilities, the board shall define appropriate governance structures and practices for its own work. It shall put in place the means for such practices to be followed as well as periodically review the same for ongoing effectiveness. 2. The board shall structure itself in terms of leadership, size and the use of committees to effectively carry out its oversight role/other responsibilities. To ensure that the board has the time and means to cover all necessary subjects in sufficient depth with robust discussion of issues, the board shall appoint members to committees with the goal of achieving an appropriate mix of skills and experience. The combination of skills along with experience shall allow the committees to fully understand, objectively evaluate and bring fresh thinking to the relevant issues. 3. Towards setting out its organisation, rights, responsibilities and key activities, the board shall maintain/periodically update bank's memorandum or articles of association, or any resolution passed by the bank in general meeting. 4. To support its own performance, the board shall carry out regular assessments – alone or with the assistance of external experts – of the board, its committees and individual board members. The board shall:
1. One such important structure and practice is through the formation of committees of the board. The decision taken by a committee of the board will be considered as a decision of the board unless and until the board or the committee specifically requires the final decision on a matter to be taken by the board85. While it is for the board to decide on the number, type, composition and responsibility of the committees, the composition as well as mandate at the minimum of committees which have a supervisory role such Audit Committee, Risk Management Committee as well as the Nomination and Remuneration Committee of the board are detailed as follows86. 5.1.1 Audit Committee of the Board (ACB) 1. The board shall constitute the ACB made up of only NEDs. The ACB shall meet with a quorum of three members of which two-thirds will be independent directors. Accordingly, the ACB will be made up of at least three NEDs and two-thirds independent directors87. 2. All members shall be financially literate (i.e. will have the ability to understand a balance sheet, an income statement, a cash flow statement as well as the notes attached thereto), have at least one member with accounting or related financial management expertise (i.e., experience of applying accounting standards to arrive at various financial statements and the understanding of internal controls/ procedures of financial reporting or requisite professional certification in accounting, or any other comparable experience or background which results in the individual’s financial sophistication, including having been a CEO, CFO or head of internal audit (HIA)88. 3. The meetings of the ACB will be chaired by an independent director89 who shall not chair any other committee of the Board90. The chair of the bank shall not be a member of the committee91. The chair of the committee shall be present at Annual General Meeting to answer shareholder queries92. The committee shall meet at least six times a year and not more than sixty days shall elapse between two meetings93. The head of the internal audit function shall act as the secretary to the committee and will report to the committee94. 4. The committee shall normally meet without the presence of the executives or senior management functionaries except for the secretary. However, at its discretion and as/when needed shall invite any of the WTDs, head of finance function, vigilance function, risk function, compliance or any senior management functionary or any executive or a representative of an auditor/ audit firm including statutory auditor to be present at its meetings in whole or in part95. 5. The role of the ACB is to assist the board, inter alia, in the following: i. oversight of bank’s financial reporting process, timely disclosure of its financial information to ensure that the financial statements are correct, sufficient, credible and seek the highest levels of transparency96; ii. satisfy the adequacy of internal financial controls97 as well as provide oversight in financial risks. To do so put in place a framework of internal financial controls/attendant compliance systems to ensure timely and accurate recording of all transactions98; iii. reviewing accounting policies/systems in the bank with a view to ensuring greater transparency in the bank's accounts and adequacy of accounting controls99; iv. reviewing with the management, the annual/half yearly/quarterly financial statements and auditor's report, wherever applicable, thereon before submission to the board for approval, with reference to100: -
v. reviewing, with the management, the statement of uses / application of funds raised through an issue (public issue, rights issue, preferential issue, etc.), the statement of funds utilised for purposes other than those stated in the offer document / prospectus / notice together with the report submitted by the monitoring agency monitoring the utilisation of proceeds of a public or rights issue, and making appropriate recommendations to the board to take up steps in this matter101; vi. approving the appointment of CFO after assessing the qualifications102, experience and background, etc. of the candidate103; vii. appointment, reappointment, removal, remuneration and terms of appointment of auditors/firms/consultants engaged to provide independent assurance over the correctness as well as adequacy of the financial reporting104; viii. reviewing/monitoring auditor’s independence, performance and effectiveness of audit process105; ix. discussion with auditors, about the nature and scope of audit as well as post-audit discussion to ascertain any area of concern106; x. specifically focus on reconciliation of various accounts with transactions undertaken within the bank as well as interbank, arrears in balancing of books and all other major areas of house-keeping107; xi. reviewing/overseeing the operation of the internal inspection/audit function in the bank - the system, its quality and effectiveness in terms of follow-up108; xii. reviewing adequacy of the internal audit function, including the structure of the internal audit function, staffing, seniority of the official heading the function, reporting structure, coverage and frequency of internal audit109; xiii. conduct periodical reviews, of the internal audit undertaken by it vis-à-vis the approved audit plan. The performance review shall also include an evaluation of the effectiveness of internal audit in mitigating identified risks110; xiv. to ensure that internal audit reports are made available to the ACB without management filtering111; xv. investigate any matter under its mandate as also any matter referred to it by the board112; xvi. reviewing the findings of any internal investigations by the internal auditors or/and the vigilance functionaries into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board113; xvii. reviewing information on violations by various functionaries in exercise of discretionary powers114; xviii. put in place as well as implement a policy for fixing accountability for breach of internal controls, unsatisfactory compliance, delay in compliance, non-rectification of deficiencies, omissions, gross negligence on the part of even internal audit and external audit officials/firms/agencies to detect serious irregularities (which come to light later)115; xix. if any serious acts of omission or commission are noticed in the working of the appointed external firms, their appointments may be cancelled after giving them reasonable opportunity to be heard and the fact shall be reported to Department of Supervision, RBI as well as The Institute of Chartered Accountants of India (ICAI)116. xx. reviewing penalties imposed / penal action taken against bank under various statutes and action taken for corrective measures117; xxi. reviewing report on revenue leakage detected by Internal / External Auditors, status of recovery thereof - reasons for undercharges and steps taken to mitigate revenue leakage118; xxii. approving or any subsequent modification of transactions of the bank with related parties119; xxiii. put in place an effective fraud risk assessment as well as management system which inter alia involves monitoring/reviewing all the frauds of Rs. One Crore and above to120;
xxiv. every year review and approve the policy/plan/ scope of various forms of audit inter alia including Statutory Audit, Concurrent Audit, Information System Audit, EDP Audit, Migration Audit etc., as well as the performance of the auditors besides take necessary measures to suitably strengthen the system121 122. xxv. ensure that all transactions undertaken by the bank together with the information flow there to are covered by an external audit and that all transactions are indeed reflected in the books of accounts of the bank123. xxvi. important features brought out during audits both internal as well as external shall be placed before the ACB in all its meetings124. xxvii. approve policies, processes as well as supervise implementation to recognise and approve related party transactions to ensure that the transactions meet the ‘arm’s length’ test125 126. xxviii. approve policies in relation to the implementation of the Insider Trading Code and to supervise implementation of the same127. xxix. ensure implementation of a credible whistle blower mechanism that allows employees, directors or any other person to report concerns about unethical behavior, violation of code of conduct, actual or suspected fraud. This mechanism (a) shall also include acceptance of anonymous complaints that appear prima facie bona-fide and (b)shall deny protection to whistleblowers if the disclosures are made directly to the media. This mechanism to be reviewed at least annually128. xxx. ensuring that senior management is taking necessary corrective actions in a timely manner to address control weaknesses, non-compliance with policies, laws, regulations, other problems identified by auditors and other control functions129. xxxi. reviewing at least once in three years, through third-party opinions on the design and effectiveness of the overall financial risk governance framework as well as internal control system130. xxxii. formulate/maintain a quality assurance and improvement programme. It should cover all aspects of the internal audit function including both internal and external assessment of the internal audit function for adherence to the internal audit policy, objectives together with expected outcomes. The internal assessments may be undertaken every year and external assessments at least once in three years131. 6. To perform its role, ACB shall have power to obtain professional advice from external sources, have full access to information contained in the records of the bank, seek information from any employee, obtain outside legal or other professional advice and secure attendance of outsiders with relevant expertise, if it considers necessary132. 5.1.2 Risk Management Committee of the Board (RMCB) 1. The board shall constitute a RMCB made up of only NEDs. The RMCB shall meet with a quorum of three members and two-thirds will be independent directors. Accordingly, the RMCB will be made up of at least three NEDs. Two-thirds will be independent directors of which one member shall have risk management expertise (i.e., direct/supervisory/regulatory oversight of the risk management function in the banking, financial services and insurance industry)133 134. 2. Meetings of RMCB will be chaired by an independent director who shall not be a chair of any other committee of the Board. Chairperson of the bank shall not be a member of the committee. The committee shall meet at least six times a year and not more than sixty days shall elapse between two meetings135. CRO shall function as the secretary of RMCB and will report into the committee136. Head of Compliance shall also report to the RMCB137. 3. The role of the RMCB is to assist the board, inter alia, in the following: i. ensure accurate internal as well as external data to be able to identify, assess, mitigate risk, make strategic business decisions, determine capital and liquidity adequacy ii. set the ‘Risk Appetite’ of the bank based on its ‘Risk Capacity’. This is to be done by way of formulation of the RAF and RAS of the bank138; iii. based on the “Risk Appetite” agreed upon, allocate business unit wide and risk taker wise risk limits139. iv. hold the first line of defence accountable for breaches in the risk limits140; v. ensure a system where:
vi. decide the composition as well as the mandate of various senior management level sub committees for specific risks including Asset Liability Management Committee144. vii. ensure that risk management function reports material exemptions, monitor positions to ensure that risk assumed remain within the framework of limits and controls or within exception approval145. viii. put in place governance structures that helps avoidance of potential possibility of compromise by officers/executives of unequal stature in a committee system of assuming risk leading to the senior most officer deciding the issue and the rest merely falling in line146. ix. ensure clear segregation between risk origination (front office), risk underwriting (mid-office) and risk documentation/operations functions (back office). These functions shall have separate reporting lines and are geographically separated – thus reducing the ability to influence the other147. x. if need be, allocate to a committee of the board which will undertake management function, the sanctioning powers to assume risk.148 xi. reassure that there is no excessive, unquestioned dependence on the opinions of third parties including but not limited to advocates, valuers, auditors, etc., by ensuring that the opinions are verified properly and cautiously by, inter alia, cross checking the opinion by mandating that more than one opinion is sought. Further, put in place a process of black listing of third parties with suspected credentials including alerting other entities in the financial intermediation space149. xii. put in place and review a technology enabled system to track adherence to covenants. It shall be possible to do so before as well as after assuming exposure to ensure necessary compliance and to ensure that waivers granted are as per laid down guidelines150. xiii. evaluate internal controls and risk management systems151; xiv. regularly evaluate the risk faced by the bank through the overall risk profile152. xv. reassure that internal controls153:
xvi. introduce oversight of a risk culture dash board with reports to track progress across key culture attributes, indicators to track the frequency along with the treatment of both self-reported control and risk problems as well as whistle-blowing incidents154. xvii. ensure that adequate risk management processes are in place to assess risk and performance relative to initial projections. To adapt the risk management treatment as the business matures and before, a new product, service, business line or third- party relationship or major transaction is undertaken155. xviii. ensure that reputation risks including conduct risks are captured across various businesses of the bank through quality data and systems156. xix. put in place risk reporting systems which are dynamic, comprehensive, accurate and draws on a range of underlying assumptions. xx. ensure that risk monitoring and reporting shall not only occur at the disaggregated level (including material risk residing in subsidiaries or other group entities on which there is exposure) but shall also be aggregated to allow for an integrated perspective of risk exposures to convey bank-wide risk, individual portfolio risks besides other risks in a concise as well as meaningful manner157. xxi. ensure that reports accurately identify external environment, market conditions, trends that may have an impact on the bank’s current or future risk profile, communicate risk exposures and results of stress tests or scenario analyses158. xxii. provoke a robust discussion of, for example, the bank’s current exposures, prospective exposures (particularly under stressed scenarios), risk/return relationships, risk appetite and limits159. xxiii. risk reporting systems shall be clear about any deficiencies or limitations in risk estimates, as well as any significant embedded assumptions160. xxiv. challenge the assumptions used in and potential shortcomings of risk models as well as various analyses161. xxv. ensure a sufficiently robust data infrastructure, data architecture, information technology infrastructure – that is in sync with developments such as balance sheet and revenue growth; increasing complexity of the business, risk configuration or operating structure; geographical expansion; mergers and acquisitions; or the introduction of new products or business lines162. xxvi. ensure that the ultimate responsibility for the assessment of risks is with the bank even while tools such as external credit ratings or externally purchased risk models and data are used as inputs into a more comprehensive assessment163. xxvii. promote a strong risk culture by164:
xxviii. establish effective communication/coordination with the audit committee to facilitate the exchange of information, effective coverage of all risks, including emerging risks, and any needed adjustments to the risk governance framework of the bank165. xxix. formulate the compliance policy of the bank, containing the basic principles, the main processes by which compliance risks are to be identified and managed through all levels of the organisation166. xxx. undertake quarterly reviews, to make an informed judgment on whether the bank is managing its compliance risk effectively. In doing so review the scope of compliance procedures and processes, mechanism for measurement/ assessment of compliance risk of the bank, reporting requirements, compliance risk, change in the compliance risk profile167. 5.1.3 Nomination and Remuneration Committee (NRC) 1. The board shall constitute the NRC made up of only NEDs. The NRC shall meet with a quorum of three members of which not less than one- half will be independent directors of which one will be a member of the RMCB. Accordingly, the NRC will be made up of at least three NEDs of which at least half will be independent directors. The meetings of the NRC will be chaired by an independent director. The Chairperson of the bank shall not chair the Committee168. The committee shall meet at least six times a year and at least once every sixty days169. The head of the human resource function will report into the committee and shall act as the Secretary to the Committee170. 2. The role of the NRC is to assist the board, inter alia, in the following: i. in ensuring that the structure, size, competencies, skills at the board and its committees support the strategic objectives as well as statutory/ regulatory requirements171; ii. to put in place an induction/ orientation process for newly appointed non-executive directors172; iii. The induction process shall include reviewing whether board candidates: (i) possess the knowledge, skills, experience and, particularly in the case of non-executive directors, independence of mind given their responsibilities on the board and in the light of the bank’s business as well as risk profile;(ii) have a record of integrity and good repute; (iii) have sufficient time to fully carry out their responsibilities; and (iv) have the ability to promote a smooth interaction between board members173 iv. to help directors understand their duties as well as to discharge their duties to the best of their abilities, once every year, based on a gap assessment, undertake a formal programme for the board of directors. The programme shall also inter alia include content on changes in applicable laws, regulations, compliance requirements, macroeconomic policy, financial markets, risk management, emerging developments / challenges facing the financial services sector, latest managerial techniques and technological developments174; v. through a diversity policy inter alia ensure that committees of the board175:
vi. for determining qualifications, positive attributes and independence of a director176; vii. Specifically reviewing whether board candidates177 have any conflict of interests that may impede their ability to perform their duties independently and objectively, are subject to undue influence from other persons (such as management or other shareholders), past or present positions held as well as personal, professional or other economic relationships with other members of the board or management (or with other entities within the group); viii. notifying after the review inter alia the Department of Supervision, Reserve Bank of India, when a board member ceases to be qualified or is failing to fulfil his or her responsibilities178 ix. formulate/adopt a comprehensive compensation policy for the board of directors179 and the management functionaries. x. formulation of criteria and policy:180
xi. identifying the minimum and desirable qualification182 as well as persons who are qualified to take on board level or senior management level roles in accordance with the criteria laid down, and recommend to the board of directors their appointment along with the terms of appointment183; xii. based on the annual performance evaluation decide to extend/not to extend/terminate the term of appointment of184:
xiii. put in place a policy on learning and development for the directors as well as senior management185; xiv. as per the laid down policy, conduct annual evaluation of performance of the board, board committees, chair of the board, chair of the committees, board members, WTDs, NEDs, senior management functionaries and other employees186. xv. facilitate the performance evaluation of independent directors which shall be done by the entire board of directors, excluding the director being evaluated187; xvi. carry out due diligence to determine if such person is considered ‘fit and proper’ as per its own laid down criteria for being appointed as director of the bank;188 xvii. Based on the outcome of periodical assessment of functioning of board members, and various committees, take appropriate corrective measures e.g. through training, skill development interventions, change in assignment, removal from committee/board189; xviii. devote sufficient time, budget, other resources for this purpose, and draw on external expertise as needed190. xix. review all the above at least on an annual basis against the charter/ mandate given by board and submit an annual report to the board191 xx. Further, as a quality assurance, effectiveness measurement and enhancement initiative, external assessments shall be undertaken at least once in three years192. 5.1.4 Stakeholders Relationship Committee (SRC)193 1. In addition to its extant mandate, the SRC shall also have oversight on matters of depositor interest, customer service, suitability and appropriateness as well as various grievance redressal mechanism thereto. 5.1.5 Committees of the board performing management function194 1. Should the board constitute/have constituted committee(s) such as Management Committee and/or Executive Committee and/or Credit Committee and/or Investment Committee or any other committee by whatever name called which has a mandate to assume risks, then it shall consist of directors who are not part of either ACB, RMCB or NRC. These committees which has a mandate to assume risks will exercise powers delegated by the board as recommended by the RMCB. The non – executive Chairperson of the board shall not be part of the Committee. Should such committee(s) include more than one WTD, then no WTD shall have a role in the performance appraisal of the other WTD. 1. Board of directors of a bank shall comprise not less than six directors and not more than 15 directors with majority being independent directors195. The board shall meet at least six times a year and at least once every sixty days196. All meetings of the board should have a majority of independent directors197 and shall meet with a quorum of five members198. The board shall not have more than three directors who are directors of companies which among themselves are entitled to exercise more than 20% of the total voting rights of all the shareholders of the bank199; 2. It must be ensured that the minutes of the meeting of the board as well as its committees are so recorded that it shall be possible to appreciate the quality of deliberations including individual directors view on the matter, independence of directors, critical decisions made, dissenting views expressed and discussed within the decision-making process200. In this regard, the Department of Supervision, RBI will specifically require to be satisfied that the independence of the director is not just in form but also in substance201. 3. Within six months of issuance of the guideline/directions on the matter by the Reserve Bank (basis this discussion paper), the composition of board and its committees shall be complied with. 1. The chair provides leadership to the board and is responsible for its effective overall functioning, including maintaining a relationship of trust with board members. The chair shall possess the requisite experience, competencies and personal qualities to fulfil these responsibilities. The chair shall ensure that board decisions are taken on a sound and well-informed basis. The chair shall promote critical discussion, ensure that dissenting views can be freely expressed and discussed within the decision-making process. The chair shall dedicate sufficient time to the exercise of his or her responsibilities202. 2. The bank shall ensure that the chair of its board shall be an independent director203. The Chairman of the Board shall also be present at Annual General Meeting. The appointment of the Chair of a banking company shall be with the previous approval of the Reserve Bank and be subject to such conditions as the Reserve Bank may specify while giving such approval. 6. Qualification and selection of board members 1. Board members shall remain qualified, individually and collectively, for their positions. They shall understand their oversight and governance role. They shall be able to exercise sound and objective judgment about the affairs of the bank204. 6.1 Board members’ qualifications 1. The board shall comprise of individuals with a balance of skills, diversity and expertise. The board shall collectively possess the necessary qualifications commensurate with size, complexity and risk profile of the bank205. Some of the other considerations of a statutory and regulatory nature to be mindful of are as follows. 2. At least half the number of members of the board of a banking company shall consist of persons206 207, who: - (i) have special knowledge or practical experience in respect of one or more of the following matters namely accountancy, agriculture and rural economy, banking, co-operation, economics, finance, law, small scale industry, information technology, payment and settlement systems, human resources, risk management, business management, any other matter in the opinion of the Reserve Bank, be useful to the banking company:
(ii) shall not
3. After ruling out any conflicts of interest due to two entities operating in the same competitive space, and ensuring adherence to other statutory requirements, a director on the board of an entity other than a bank may be considered for appointment as director on the board of a bank, subject to the following conditions208 209: -
4. In addition to the disqualifications prescribed in Banking Regulation Act, 1949 and Companies Act, 2013 or other applicable statutes for being appointed as director, the additional standards212, at a minimum are as follows: -
5. The total continuous tenure of an NED on the board, including the tenure as a Chair shall not exceed eight years. Thereafter, if considered necessary and desirable by the board, the person could be considered for re-appointment in the same bank after a minimum gap of three years. All NEDs including the Chairman can be on the board of a bank till attaining 70 years of age214 215. 1. From the personage who is being considered for appointment/re-appointment as director, the bank shall obtain necessary information, a ‘Declaration and Undertaking, containing at least the contents in the format listed by RBI216. 2. Thereafter, the NRC, basis the information provided in the signed declaration, shall carry out due diligence/ scrutiny to determine if such person is considered ‘fit and proper’ as per its own laid down criteria for being appointed as director of the bank217. These criteria shall include suitability for the post by way of qualifications, technical expertise, track record, integrity, and other ‘fit and proper’ criteria. 3. For assessing integrity and suitability features like criminal records, financial position, civil actions initiated to pursue personal debts, refusal of admission to or expulsion from professional bodies, sanctions applied by regulators or similar bodies, previous questionable business practices etc should be considered. The Board of Directors may, therefore, evolve appropriate systems for ensuring ‘fit and proper’ norms for directors, which shall include calling for information by way of self-declaration, verification reports from market, etc. As part of the due diligence/scrutiny references shall be made, where considered necessary to the appropriate authority / persons to establish compliance or otherwise with the ‘fit and proper’ criteria218. 4. In case where a member of the NRC has either proposed or seconded the name of a person for appointment as a director on the bank’s board, such member of the NRC shall not be part of the exercise of conduct of due diligence in respect of the person proposed to be appointed as a director. In all such cases, the bank shall nominate another director, as a temporary member of the NRC, to conduct the exercise of due diligence, to avoid conflict of interest and ensure adherence to good governance principles219. 5. The board through the NRC must draw assurance beyond doubt that actual/ potential / perceived conflict has been disclosed as well as recognised, following which adequate measures have been taken to mitigate the perception of possibility of a director influencing a decision220. 6. The NRC’s discussions shall be properly recorded as formal minutes of the meeting and the voting, if done, shall also be noted.221 7. Before a person assumes the role of a director, a ‘Deed of Covenant’ must be signed between the director and the CEO or any other person authorised by the board. The covenant, a document approved by the board, shall inter alia incorporate the contents of the guideline/directions to be issued on the matter by the Reserve Bank (basis this discussion paper) setting clearly the obligations/responsibilities of the director as well as the obligations/responsibilities of the bank and its management222. 8. Every year as on 31st March, a declaration to the effect that the information already provided by a director has not undergone any change shall be taken on record. Where the director informs that there is change in the information provided earlier, the bank shall obtain from such director a fresh ‘Declaration and Undertaking’ incorporating the changes. Thereafter, NRC shall re-examine his/her being ‘fit and proper’ to continue as director. The due diligence in respect of the members of the NRC shall be carried out by the board itself and the members of the NRC (being interested parties) shall not be involved in the process223. 9. The bank shall ensure compliance to Section 20 of the B R Act as well as the restrictions on grants of loans and advances to directors which shall be governed by the Circular DBR.No.Dir.BC.10/13.03.00/2015-16 dated July 1, 2015 as updated from time to time. 10. In addition, the bank shall put in place a system of safeguards, including proper disclosure of the director’s or director’s firm’s clients, and not participating in bank’s decisions involving director’ or directors firm’s clients. The director shall be required to compulsorily dissociate from the entire process and this shall be part of the covenant to be signed between with the director by the bank224. 11. A director must make a full and proper disclosure of his interests including directorships in business entities, with the director personally distancing from including not participating in decisions involving entities in which one is interested225. 12. It shall be ensured not to award any professional work to a person who was a director of the bank, for a period of two years after demitting office as such director226. 13. While scrutinising the application of candidates being considered for appointment/re-appointment as directors, the NRC of a banking company shall at the minimum adopt the criteria prescribed by RBI in August 2019 for elected directors of PSBs and suitably modified for a banking company. However, existing directors may be allowed to complete their current terms as per the pre-revised criteria227. 14. The matters regarding composition of the board of the banking company228 including changes as and when they happen, shall continue to be referred by the bank to the Department of Supervision, Reserve Bank of India. 1. The senior management functionaries are responsible/ accountable to the board for sound and prudent management of day-to-day operations of the bank. These functionaries shall necessarily be clearly identified as belonging to one of the three lines of defence. To avoid conflict of interest within first line of defence, a functionary in non-revenue generating function shall not be sub-ordinate to a functionary who has revenue generating responsibilities. However, the head of a non-revenue generating function within first line of defence can report into the CEO of the bank229. 2. To ensure independence of non-revenue generating function following conditions shall be met230:
3. Senior management shall provide adequate oversight of those they manage besides ensuring that their activities are consistent with the business strategy, risk appetite and policies approved by the board231. 4. Senior management must contribute substantially to a bank’s sound governance through personal conduct i.e. by helping establish the “tone at the top” along with the board232. 5. Senior management is also responsible for delegating duties to staff and shall establish a management structure that promotes accountability as also transparency throughout the bank. This includes ensuring that appropriate remedial or disciplinary action is taken if breaches are identified233. 6. Consistent with the directions given by the board /committees of the board, the senior management is responsible for implementation of business strategies, risk management systems, risk culture, processes, controls for managing risks – both financial and non-financial – to which the bank is exposed to as also concerning which it is responsible for complying with laws, regulations as well as internal policies. This includes an effective overall system of internal controls as well as comprehensive and independent risk management, compliance, audit and vigilance functions234. 7. Senior management functionaries who are part of first line of defence shall respect the independent duties of the risk management, compliance, internal audit, vigilance functions and shall not interfere in their exercise of such duties235. 8. A senior management functionary shall provide the board with information it needs to carry out its responsibilities, including to supervise senior management and to assess the quality of performance of a senior management functionary. In this regard, the concerned senior management functionary shall keep the board regularly and adequately informed of material matters, including236:
9. Senior management shall be adherent to the board approved code of conduct, meet the expectations of operational transparency to stakeholders while at the same time maintaining confidentiality of information to foster a culture of good decision-making237. 10. Senior management shall make disclosures to the board of directors relating to all, financial and commercial transactions where they have personal interest that may have an actual/potential/perceived conflict of interest with the bank238. 11. Restrictions on grants of loans and advances to senior management shall be governed by the Circular DBR. No. Dir.BC.10/13.03.00/2015-16 dated July 1, 2015 as updated from time to time. 12. The CEO and/ or senior management functionaries of the bank shall inter alia239: - i. apprise a NED about: -
ii. provide to the board including the director all information which is reasonably required for them to carry out their functions/ duties as a director of the bank and to take informed decisions in respect of matters brought before the board for its consideration or entrusted to the director by the board or any committee thereof; iii. make the following disclosures on –
iv. provide to director’s periodic reports on the functioning of internal control system including effectiveness thereof; v. communicate outcome of board deliberations to directors/ concerned personnel; and vi. prepare and circulate to directors in a timely manner the individual agendas as well as minutes of the meetings of the board/committees of the board. 1. Senior management functionaries shall be selected based on standards of knowledge and/or experience as well as a search and selection criteria established for the position by the NRC with approval of the board. The selection can be through an appropriate internal promotion and / or lateral hiring process to identify an internal or external candidate suitable for the position. The process for identification of each senior management functionary is to be vested with the NRC of the board with the approval of the board. The identification shall also include assessment of ‘fit and proper’ requirement as carried out for directors of the board. 2. The bank shall have an internal policy regarding succession planning in senior management. Senior management functionaries shall have the necessary experience, competencies and integrity to manage the businesses including people under their supervision240. They shall receive access to regular training to enhance their competencies and stay up to date on developments relevant to their areas of responsibility241. 3. The organisation, procedures, decision-making of senior management shall be clear, transparent and designed to promote effective management of the bank. This includes clarity on role, authority and responsibility of various positions within senior management, including WTDs and CEO242. Entities incorporated in India shall have a CEO who can also be the MD of the bank243. 4. Appointment/re-appointment/termination of appointment of WTDs and CEO of a banking company shall be with the previous approval of the Reserve Bank244. The application for re-appointment must be made to RBI at least six months245 prior to completion of tenure of current incumbent and at least four months prior in case of appointment. The application of appointment shall have names of two personages in the order of preference. Before submitting the applications, banks shall complete its own assessment including the ‘fit and proper’ requirement as carried out for directors of the board246. 5. The upper age limit for CEO/WTDs of banks is 70 years. Beyond this nobody can continue in the post. Within the overall limit of 70 years, individual bank’s board can prescribe, as an internal policy, a lower age limit for CEO/WTDs247. 6. To build a robust culture of sound governance practice, professional management of banks and to adopt the principle of separating ownership from management, it is desirable to limit the tenure of the WTDs or CEOs. Therefore, it is felt that 10 years is an adequate time limit for a promoter / major shareholder of a bank as WTD or CEO of the bank to stabilise it’s operations and to transition the managerial leadership to a professional management. This will not only help in achieving the separation of ownership from management but also reinforce a culture of professional management. Further, in the overall interest of good governance, a management functionary who is not a promoter / major shareholder can be a WTD or CEO of a bank for 15 consecutive years. Thereafter, the individual shall be eligible for re-appointment as WTD or CEO only after the expiration of three years. During this three-year period the individual shall not be appointed or associated with the bank in any capacity, either directly or indirectly, advisory or otherwise. On the date of issuance of the guideline/directions on the matter by the Reserve Bank (basis this discussion paper), banks with WTDs or CEO who have completed 10 or 15 years shall have two years or upto the expiry of the current tenure, whichever is later, to identify and appoint a successor. 7. The CEO shall be a person who has special knowledge and practical experience of the working of a bank or a financial institution, or financial, economic or business administration. However, a person shall be disqualified for being a CEO248, if he/she
1. An independent risk management function is one of the key elements in the governance structure and is part of the second line of defence. This function is responsible for ensuring that the bank operates within its risk -appetite249. 2. Should a bank be part of a group, then the board of the bank, through its RMCB, is responsible for establishing a group wide enterprise risk management system. 3. The risk management function and its functionaries shall:
4. The head of the risk management function, to be designated as ‘Chief Risk Officer’(CRO), shall report to the RMCB which will be responsible for selection, oversight of performance including performance appraisals and, if necessary, dismissal of the CRO. Any premature removal of the CRO shall only be with prior approval of the board and shall be disclosed publicly. The reasons for such removal shall be disclosed to the Department of Supervision, Reserve Bank of India269. 5. The role and responsibilities of the CRO shall be clearly defined. The CRO shall inter alia have the overall responsibility for coordinating the identification, management, mitigation of the bank's risk and supervising the activities of other risk management staff. The CRO has responsibility for overseeing development and implementation of the bank’s risk management function. This includes ongoing strengthening of staff skills and enhancements to risk management systems, policies, processes, quantitative models, reports as necessary to ensure that the bank’s risk management capabilities are effective to fully support its strategic objectives and all its risk-taking activities270. 6. The CRO’s responsibilities also include managing/ participating in key decision-making processes (e.g. strategic, capital and liquidity planning, new products/services, compensation design/operation). The CRO is expected to support the board in oversight of the bank’s RAF and translating it into a risk limits structure. The CRO, together with RMCB, shall be actively engaged in monitoring performance relative to risk-taking and risk limit adherence271. 7. The CRO shall be a senior official in hierarchy with equivalence no less than those at one level below the WTDs/CEO. The CRO shall have the ability to interpret as well as articulate risk in an understandable manner as well as an ability to effectively engage the board, RMCB and management in constructive dialogue on key risk issues. The CRO will function as a secretary to the RMCB. The CRO shall have the necessary and adequate professional qualification /experience in the areas of risk management. The risk management functions budget shall be proposed by the RMCB and approved by the board. The compensation of risk management functionaries shall be proposed jointly by RMCB as well as NRC and approved by the board272. 8. The risk management functionaries shall have direct access to the RMCB273. 9. In foreign banks operating in India as branches, the CRO in India shall play the role played by RMCB as far as the risk management function is concerned and shall report to risk management function in the controlling office/ head office274. 10. Incorporating all the above requirements, the board of the bank, through RMCB, is responsible for establishing a comprehensive risk management policy. This policy inter alia shall contain the basic principles, explain the main processes by which risks are to be recognised, measured, monitored, mitigated and managed across the organisation. The activities will be subject to periodic and independent review by the RMCB annually in addition to an independent assessment of the risk management function by the internal audit function. Further, as part of quality assurance, once in three years an external assessment shall also be undertaken. 9. Compliance275 1. An independent compliance function is a key element in the governance structure and is also part of the second line of defence. This function is responsible for ensuring that the bank operates with integrity in compliance with applicable laws and regulations276. 2. In supporting values, policies, processes that help ensure that a bank acts responsibly and fulfils all applicable obligations, the compliance function shall proactively assess compliance risk faced by various activities undertaken by the first line of defence together with ensuring remediation on gaps observed during the assessment277. 3. Compliance risk278 is "the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer because of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards and codes of conduct applicable to its activities". 4. Should a bank be part of a group, then the board of the bank, through its RMCB, is responsible for establishing a group wide enterprise compliance management system. 5. The compliance function and its functionaries shall279:
6. The head of compliance function, to be designated as ‘Chief Compliance Officer (CCO)’, shall report to the RMCB which will be responsible for selection, oversight of performance including performance appraisals and, if necessary, dismissal of CCO. Any premature removal of the CCO shall only be with prior approval of the board and shall be disclosed publicly. The reasons for such removal shall be disclosed to the Department of Supervision, Reserve Bank of India280. 7. The role and responsibilities of the CCO shall be clearly defined. The CCO shall have the overall responsibility for identification, management, mitigation of the bank's compliance risk and supervising activities of other compliance function staff. The CCO shall have the ability to interpret and articulate compliance risk in an understandable manner as well as to effectively engage the board, RMCB, management in constructive dialogue on key compliance risk issues281. 8. The CCO shall be a senior official in hierarchy with equivalence no less than those at one level below the WTDs or one level below the CEO. The CCO shall have necessary and adequate professional qualification /experience in areas of compliance risk management. The compliance functions budget shall be proposed by the RMCB and approved by the board. The compensation of compliance functionaries shall be proposed jointly by the RMCB as well as NRC and approved by the board282. 9. Compliance functionaries shall have direct access to the RMCB283. 10. In foreign banks operating in India as branches, the CCO in India shall play the role played by RMCB as far as the compliance function is concerned and shall report to the compliance function in the controlling office/ head office284. 11. Incorporating all the above requirements, the board of the bank, through the RMCB, is responsible for establishing a compliance policy. This policy inter alia shall contain basic principles and shall explain the processes by which compliance risks are to be identified and thereafter managed across the organisation. The effectiveness of the compliance function will be subject to independent review by the RMCB at least annually. This will be in addition to the annual independent assessment of the compliance function by the internal audit function285. Further, as part of quality assurance, once in three years an external assessment shall also be undertaken. 12. In cases where a bank is present across multiple jurisdictions, compliance with applicable laws and regulations in all such jurisdictions be ensured. The organisational structure of the compliance function as well as its responsibilities shall be consistent with host country legal and regulatory requirements. It must be ensured that compliance responsibilities specific to each jurisdiction are carried out by individuals with appropriate knowledge and expertise of the host country requirements, with oversight of the CCO286. 10. Secretary to the board287 1. All banks whether listed or otherwise, shall have a Company Secretary who is bound by the professional standards of a Company secretary. The secretary shall report to the Chair of the board. 2. The management of the bank shall not be involved in performance assessment of the company secretary. The performance assessment of the company secretary shall be undertaken by the NRC based on the feedback provided by the Chair of the board. The company secretary shall work closely with the compliance function of the bank. However, there shall be a distinct separation of roles, duties and reporting lines. The role of the head of compliance function is specific to the role expected of the bank being an RBI regulated entity while the role of the company secretary is to be defined by the fact that a bank is also a company or body corporate. 3. The company secretary must ensure that the management makes available the agenda items within the time frame stipulated by the board, its committees and the minutes of the meetings of the board as well as the committees of the board are recorded as per the professional standards required. 4. All banks including those not listed and/ or operating as branches shall undertake secretarial audit in line with provisions of section 204 of the Companies Act, 2013 the scope of which shall include compliance to guidelines/directions emanating from this Discussion Paper. The Secretarial Audit report shall be made available to the ACB which shall have an oversight over compliance to various gaps reported by the audit288. 5. The budget as well as the compensation of the functionaries in the Company Secretariat shall be recommended jointly by ACB as well as NRC and approved by the board. 1. An effective and efficient internal audit function constitutes the third line of defence in the system of controls. Unlike the second line of defence which though independent, also have an advisory role, the internal audit function shall not have any advisory role289. 2. The internal audit function and its functionaries shall:
3. The ACB can choose to receive internal audit reports with or without management filtering300. 4. The communication channels between internal audit and all the other functions shall encourage reporting of negative as well as sensitive findings. All serious deficiencies shall be reported to the appropriate level of functionaries in the first and second line of defence as soon as they are identified. Significant issues posing a threat to the bank’s business shall be promptly brought to the notice of ACB and thereafter to the board301. 5. The internal audit function shall not be outsourced. However, where required, experts including former employees can be hired on contractual basis subject to the ACB being reassured that such expertise do not exist within the audit function of the bank. Any conflict of interest in such matters shall be recognised and effectively addressed. Ownership of audit reports in all cases shall rest with regular functionaries of the internal audit function302. 6. In addition to the extant instructions of the Reserve Bank on statutory audit, and in the interest of auditor independence, an external auditor / audit firm undertaking any assignment in a bank should not be given any other assignment in the same bank for a period of at least one year from the completion of the assignment303. 7. The head of internal audit function to be designated ‘Head – Internal Audit (HIA)’, with reporting line to the ACB304. The ACB will be responsible for selection, oversight of performance including performance appraisals and, if necessary, dismissal of the HIA. Any premature removal of the HIA shall only be with prior approval of the board and shall be disclosed publicly. The reasons for such removal shall be disclosed to the Department of Supervision, Reserve Bank of India305. 8. The role and responsibilities of the HIA shall be clearly defined. The HIA shall have overall responsibility for coordinating the identification of control gaps in the first line of defence, the second line of defence, the vigilance function as well as supervising the activities of other internal audit function staff. The HIA shall have the ability to interpret and articulate the various control gaps in an understandable manner to effectively engage the board, ACB, management in constructive dialogue on key control gap issues306. 9. The HIA shall be a senior official in hierarchy with equivalence no less than those at one level below the WTDs / CEO. The HIA shall have necessary professional qualification /experience in areas of audit functions. The budget of internal audit function shall be recommended by ACB and approved by the board307. The compensation of the internal audit functionaries shall be recommended jointly by ACB as well as NRC and approved by the board308. 10. Internal audit functionaries shall have direct access to the ACB309. 11. Incorporating all the above requirements, the board of the bank, through the ACB, is responsible for establishing an internal audit policy. This policy inter alia shall contain the basic principles and explain main processes by which internal control gaps are to be identified through all levels of the bank310. 12. In foreign bank’s operating in India as branches, the HIA in India shall play the role played by ACB as far as the audit function is concerned. The HIA shall report into the internal audit function in the controlling office/ head office and shall be subject to the superintendence, control, direction of the controlling / head office. The CEO shall be responsible for effective oversight of statutory, regulatory and audit compliance in respect of all operations in India.311 12. Vigilance312 1. The vigilance functions shall broadly include (i) Preventive vigilance; (ii) Surveillance and detection; and (iii) Punitive vigilance313. 2. The bank shall formulate a vigil/whistle blower policy for directors, employees and third parties to report genuine concerns. The vigil mechanism shall provide for adequate safeguards against victimisation of director(s) or employee(s) or any other person who avail the mechanism and in appropriate or exceptional cases provide for direct access to the chair of the ACB/ chair of the board314. 3. Specifically,315: (i) appropriate procedures shall exist for all staff to report potential or actual breaches of regulatory requirements, internal governance arrangements, through a specific, independent and autonomous channel; (ii) reporting to take place outside regular reporting lines viz.,
(iii) the integrity, independence, effectiveness of internal alert policies, procedures including those policies and procedures intended to protect staff who raise concerns from being victimised, e.g. retaliation, discrimination or other types of unfair treatment, because they have disclosed reportable breaches as also take appropriate measures against those responsible for any such victimisation; (iv) staff who raise internal flags that lead to material risks being mitigated is rewarded without disclosing the identity; (v) information provided by staff via alert procedures is, if appropriate, made available to the concerned functions, the committees of the board and the board in an anonymised way; (vi) internal alert procedures:
(vii) the risk management, compliance and the internal audit function shall each independently verify that these policies, mechanisms, procedures are correctly implemented besides provide requisite feedback to the Vigilance Function; (viii) a process shall be in place to identify material risk takers within the bank as also to identify high risk roles across functions in the bank and have the vigilance personnel randomly audit material risk takers and employees in high risk roles, transactions or business units; (ix) have a recognition and tracking process to attribute revenue generated by each employee; (x) advanced analytics shall be implemented so that employee specific information such as updates of income as well as assets/wealth is captured, and preventive/pro-active vigilance can be initiated; (xi) specific default limits for staff accountability assessment is reviewed and amounts lower than the default limit is subject to employee specific pattern monitoring; (xii) a tracking process in place for number of risk limit breaches for each employee per year; (xiii) an undercover surveillance team is operational to observe behaviour of those employees in front line who engage with customers and other stakeholders; (xiv) there shall exist a carefully designed feedback exercise which provides robust insight on each employee with capability to expose questionable behaviours; (xv) the conventional wisdom on legal impediments which too often lead to “no action” being recommended by internal teams shall be demonstrably challenged; (xvi) process in place to review/ revisit all policy documents, standard operating procedure manuals to ensure that there are no instructions which are vague, incomplete and are capable of multiple interpretations; (xvii) employees shall be trained/retrained on function/desk specific standard operating procedures, processes through e-learning modules, contents of which are prepared based on policy, processes, manuals and the concerned employee is required to complete the same successfully before taking up the assigned function/job; (xviii) decisions which prima facie are not in tune with extant instructions are recorded with the reasons behind the decisions. This shall be practiced across all levels including the board; (xix) employees shall be empowered to report instances of oral instructions based on which they have been compelled to undertake any actions that would be a breach of any laid down policy/process/guideline/statute/regulations etc; (xx) intelligent alerts, MIS, warnings on suspect transactions, intelligence, etc. shall be in place in every aspect of operations; and (xxi) systematic annual assessments shall be undertaken on whether employees are aware of escalation processes and believe the environment is open to critical challenge. 4. The vigilance function of the bank shall be headed by an officer to be designated as Chief of Internal Vigilance (CIV). CIV shall be a senior official in hierarchy with equivalence no less than those at one level below a WTD or one level below a CEO. CIV shall have necessary professional qualification /experience in areas of vigilance function and ability to inspire confidence among personnel in the bank. The budget of vigilance function shall be recommended by ACB and approved by the board. The compensation of the vigilance functionaries shall be recommended jointly by the ACB as well as NRC and approved by the board. 5. The CIV’s reporting line shall be to ACB. Vigilance functionaries shall have direct access to the ACB316. ACB shall be responsible for selection, oversight of performance including performance appraisals and, if necessary, dismissal of the CIV. Any premature removal of the CIV shall only be with the prior approval of the board and shall be disclosed publicly. The reasons for such removal shall be disclosed to the Department of Supervision, Reserve Bank of India317. 6. Incorporating all the above requirements at a minimum, the board of the bank, through the ACB, is responsible for establishing an internal vigilance policy. This policy inter alia shall contain the basic principles as well as explain the main processes by which preventive vigilance, surveillance/detection and punitive vigilance is to be practiced318. 7. In foreign bank’s operating in India as branches, the CIV in India shall play the role played by ACB when it comes to matters of vigilance. The CIV shall report into the vigilance function in the controlling office/ head office319. 1. Compensation systems form a key component of governance incentive structure through which a board promotes good performance, conveys acceptable risk-taking behaviour and reinforces a bank’s culture. The board, through its NRC, is responsible for oversight of management’s implementation of compensation system for the entire bank. In addition, the board, through its NRC, shall regularly monitor and review outcomes to assess whether the bank-wide compensation system is creating desired incentives. The NRC shall review the compensation plans, processes and outcomes at least annually320. 2. While compensation of WTDs as well as other employees321 of a banking company shall be governed by the guidelines in DOR.Appt.BC.No.23/29.67.001/2019-20 dated November 04, 2019 as amended from time to time, the NRC shall, with the approval of the board of directors also formulate and adopt a comprehensive compensation policy for the NEDs322. 3. In addition to sitting-fees as also expenses related to attending meetings of the board and its committees as per extant statutory requirements/practices, the policy shall provide for payment of compensation to NED’s as per the provisions in the Banking Regulation Act, 1949 and the Companies Act, 2013. 4. For granting remuneration to a part-time non-executive Chairman, prior approval of the RBI will be required under Section 10B(1A) (i) and 35B of the Banking Regulation Act, 1949. Banks are required to make disclosure on remuneration paid to the directors on an annual basis at the minimum, in their Annual Financial Statements. The basis including the performance metrics used to determine the remuneration of the directors shall also be disclosed323. 1. Based on stake holder feedback, the Reserve Bank will issue necessary directions/ guidelines and subsequently, if it considers necessary, issue clarifications in respect of any matter covered in the directions/guidelines. The interpretation of any provision of the directions/guidelines given by the Reserve Bank shall be final and binding on the parties concerned. 1. The new guidelines/ direction shall come into effect within a period of six months after being placed on website of the Reserve Bank (i.e. https://www.rbi.org.in) or April 01, 2021, whichever is later. During the period banks shall ensure that its Memorandum of Association/Articles of Association/ any agreements/ board of director or shareholder resolutions/ composition of the board and the committees of the board are consistent with the new guidelines/directions as well as applicable statutes/regulations. 16. Disclosure and transparency 1. Disclosure and transparency is also an important tenet of good governance. Various disclosure requirements prescribed by regulators are the minimum standards. Therefore, banks are encouraged to voluntarily push the boundaries on this front. 1. With the issue of the directions/guidelines on Governance in commercial banks, basis the feedback received to this paper, some of the extant instructions/guidelines/directions issued by the Reserve Bank could stand repealed. 1 BCBS –Corporate governance principles for banks, July 2015 with modifications for emphasis and clarity. 2 See the glossary of corporate governance-related terms in Organisation for Economic Co-operation and Development (OECD), Experiences from the Regional Corporate Governance Roundtables, 2003. 3 In the case of nationalised banks, directors nominated by the Government under clauses (g) and (h) of sub-section (3) of section 9 of the Banking Companies (Acquisition and Transfer of Undertakings) Acts, 1970/1980 -are treated as independent directors as per instructions issued by Ministry of Finance, Government of India to these banks on August 30, 2019. 4 BCBS –Corporate governance principles for banks, July 2015 – para # 56 5 DBR No.BC.93/29.67.001/2014-15 dated May 14, 2015 and DBR No.BC.95/29.67.001/2014-15 dated May 28, 2015 articulates ‘seven critical themes’ in place of ‘calendar of reviews’. These themes have already been included as part of the responsibilities. 6 Culture includes risk culture. As per Guidance on ‘Supervisory Interaction with Financial Institutions on Risk Culture - A Framework for Assessing Risk Culture’, April 2014, indicators for assessing risk culture can be grouped under four broad criteria viz: (i) Tone from the top; (ii) Accountability; (iii) Effective Communication and Challenge; and (iv) Incentive Structure. This discussion paper covers the four criteria. While the ‘tone from/at the top’ is specifically articulated in 4.1, the remaining categories are covered in different segments across the paper. 7 BCBS –Corporate governance principles for banks, July 2015 – para # 30; 8 Recommendations of the Banks Board Bureau, March 2018 9 Banking conduct and culture- a call for sustained and comprehensive reform – Group of 30, July 2015 10 Banking conduct and culture- a call for sustained and comprehensive reform – Group of 30, July 2015 11 The word ‘compensation’ and the word ‘remuneration’ are used interchangeably and has the same meaning in this document. 12 Banking conduct and culture- a call for sustained and comprehensive reform – Group of 30, July 2015 13 Recommendations of the Banks Board Bureau, March 2018 14 Banking conduct and culture- a call for sustained and comprehensive reform – Group of 30, July 2015 15 Banking conduct and culture- a call for sustained and comprehensive reform – Group of 30, July 2015 16 BCBS –Corporate governance principles for banks, July 2015 – para # 31 17 BCBS –Corporate governance principles for banks, July 2015 – para # 32 18 BCBS –Corporate governance principles for banks, July 2015 – para # 32 19 BCBS –Corporate governance principles for banks, July 2015 – para # 32 20 Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, March 2018 21 BCBS –Corporate governance principles for banks, July 2015 – para # 80 22 BCBS –Corporate governance principles for banks, July 2015 – para # 82 23 Recommendations of the Banks Board Bureau, March 2018 24 BCBS –Corporate governance principles for banks, July 2015 – para # 83 25 Added for emphasis and clarity 26 Added for emphasis and clarity 27 BCBS –Corporate governance principles for banks, July 2015 – para # 27 28 BCBS –Corporate governance principles for banks, July 2015 – para # 84&85 29 BCBS –Corporate governance principles for banks, July 2015 – para # 38 30 BCBS –Corporate governance principles for banks, July 2015 – para # 39. Added for emphasis and clarity 31 BCBS –Corporate governance principles for banks, July 2015 – para # 40 32 BCBS –Corporate governance principles for banks, July 2015 – para # 41 & 26. Added for emphasis and clarity. 33 BCBS –Corporate governance principles for banks, July 2015 – para # 41 34 Added for emphasis and clarity 35 BCBS –Corporate governance principles for banks, July 2015 – para # 42 36 BCBS –Corporate governance principles for banks, July 2015 – para # 43; Content added for emphasis and clarity. 37 BCBS –Corporate governance principles for banks, July 2015 – para # 33; Content added for emphasis and clarity. 38 BCBS –Corporate governance principles for banks, July 2015 – para # 34 39 BCBS –Corporate governance principles for banks, July 2015 – para # 35 & 26 40 BCBS –Corporate governance principles for banks, July 2015 – para # 36 41 BCBS –Corporate governance principles for banks, July 2015 – para # 37 & 26; Content added/modified for emphasis and clarity. 42 BCBS –Corporate governance principles for banks, July 2015 – para # 26 43 Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices, March 2018 44 BCBS –Corporate governance principles for banks, July 2015 – para # 44 45 BCBS –Corporate governance principles for banks, July 2015 – para # 45 & 46 46 Added for emphasis and clarity 47 BCBS –Corporate governance principles for banks, July 2015 – para # 45; Content added/modified for emphasis and clarity 48 BCBS –corporate governance principles for banks, July 2015 – para # 46 49 Added for emphasis and clarity 50 BCBS –Corporate governance principles for banks, July 2015 – para # 23 51 BCBS –Corporate governance principles for banks, July 2015 – para # 24. Content modified for emphasis and clarity. 52 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 53 Content modified for emphasis and clarity. 54 BCBS –Corporate governance principles for banks, July 2015 – para # 25 55 BCBS –Corporate governance principles for banks, July 2015 – para # 26 56 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 57 BCBS –Corporate governance principles for banks, July 2015 – para # 26; Content modified for emphasis and clarity. 58 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 59 BCBS –Corporate governance principles for banks, July 2015 – para # 26; 60 BCBS –Corporate governance principles for banks, July 2015 – para # 26 61 DBR No.BC.93/29.67.001/2014-15 dated May 14, 2015 and DBR No.BC.95/29.67.001/2014-15 dated May 28, 2015 articulates ‘seven critical themes’ in place of ‘a calendar of reviews’. 62 DBS. CO.PP. BC 6/11.01.005/2006-07 dated April 20, 2007 on compliance function in banks. 63 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 64 BCBS –Corporate governance principles for banks, July 2015 – para # 28 65 DBOD. No.BC. 116 / 08.139.001/2001-02 dated June 20, 2002 implementation of recommendations of Dr. Ganguly Group Report including a model form of "Deed of Covenants " to be signed between a director and the bank; 66 Contents modified for emphasis and clarity. 67 Contents added/modified for emphasis and clarity. 68 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 74 Companies Act, 2013; The content “particularly depositors” added for emphasis. 78 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 79 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 80 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 82 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 83 DBOD.No.BC.94/16.13.100/92 dated March 9, 1992 on Do's and Don’t's for directors 84 BCBS –Corporate governance principles for banks, July 2015 – Principle # 3 and Para #57, 58, 59 & 78 85 Added for emphasis and clarity 86 Added for emphasis and clarity 87 DOS.No.BC.14/Admn. /919/16.13.100/95 dated September 26, 1995; SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; BCBS - Corporate governance principles for banks, July 2015 – para # 68; 88 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; the content “notes attached thereto” has been added for emphasis and the content “other senior officer with financial oversight responsibilities” appearing in the regulation has been substituted with the content “or head of internal audit (HIA)” 89 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 90 BCBS –Corporate governance principles for banks, July 2015 – para # 68 91 BCBS –Corporate governance principles for banks, July 2015 – para # 68 which inter alia states that chair of the board cannot be a chair of any other committee. Further, countries such as United Kingdom do not allow the chair of board to be a member of the ACB. 92 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 93 Added for emphasis; As per SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, the audit committee shall meet at least four times in a year and not more than one hundred and twenty days shall elapse between two meetings 94 As per SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, the Company Secretary shall act as the secretary to the audit committee 95 As per SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, the audit committee at its discretion shall invite the finance director or head of the finance function, head of internal audit and a representative of the statutory auditor and any other such executives to be present at the meetings of the committee, provided that occasionally the audit committee may meet without the presence of any executives of the listed entity 96 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 97 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 99 RBI Circular DOS.No.5/16.13.100/94 dated April 09, 1994 on ooverseeing the Internal Audit Function in Banks - Setting up of Audit Committee of Boards 100 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 101 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 102 DBR.Appt.No.BC.68/29.67.001/2016-17 dated May 18, 2017 prescribes the Minimum Qualification and Experience for CFO & CTO 103 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 104 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 105 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 106 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 107 DOS.No.BC.14/Admn./919/16.13.100/95 dated September 26, 1995 on Audit Committee of the Board of Directors – Reconstitution 108 DOS.No.BC.14/Admn./919/16.13.100/95 dated September 26, 1995 on Audit Committee of the Board of Directors – Reconstitution 109 DBS.ARS.BC.No.4/08.91.020/2010-11 dated November 10, 2010 on Calendar of Reviews of ACB 110 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 111 BCBS –Corporate governance principles for banks, July 2015 – para # 142 113 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 114 DBS.ARS.BC.No.4/08.91.020/2010-11 dated November 10, 2010 on Calendar of Reviews of ACB 115 DOS.No.5/16.13.100/94 dated April 09, 1994 116 DBS.CO.ARS.No.BC.2/08.91.021/2019-20 dated September 18, 2019 117 DBS.ARS.BC.No.4/08.91.020/2010-11 dated November 10, 2010 (Calendar of Reviews) 118 DBS.ARS.BC.No.4/08.91.020/2010-11 dated November 10, 2010 (Calendar of Reviews) 119 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 120 DBS.FGV(F).No.1004/23.04.01A/2003-04 dated January 14, 2004 121 DBS.ARS.BC.No.4/08.91.020/2010-11 dated November 10, 2010 (Calendar of Reviews) 124 DBS.CO.ARS.No.BC.2/08.91.021/2019-20; dated September 18, 2019 125 Added for emphasis; Also refer to Guidance Note on Related Party Transactions issued by ICSI 126 Alternatively, banks could consider an independent ‘Conduct Review Committee’ to be constituted for approval/reporting of such transactions. 128 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; certain contents added for emphasis and clarity 133 Considering that the risk management function performs a key role in the overall governance framework, the RMCB is entrusted with a very critical supervisory role. Hence, composition of the RMCB, which leads the second line of defence, is now being upgraded to the same lines of that of the ACB, which leads the third line of defence in a bank. As per DBOD.No.BP.520/21.04.103/2002-03 October 12, 2002, the Risk Management Committee will be a Board Level Subcommittee including CEO and heads of Credit, Market and Operational Risk Management Committees. As per SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015: The majority of Risk Management Committee shall consist of members of the board of directors and two-thirds shall be independent directors in case of a listed entity. 134 BCBS –Corporate governance principles for banks, July 2015 – para # 71 135 Modelled on the lines of the ACB as risk management is a key supervisory function of the board especially in the financial intermediation space. 138 BCBS –Corporate governance principles for banks, July 2015 – para # 36 139 BCBS –Corporate governance principles for banks, July 2015 – para # 36 140 BCBS –Corporate governance principles for banks, July 2015 – para # 40 141 BCBS –Corporate governance principles for banks, July 2015 – para # 107 142 BCBS –Corporate governance principles for banks, July 2015 – para # 107 and contents added for emphasis and clarity 143 Added for emphasis and clarity 144 Added for emphasis and clarity 145 BCBS –Corporate governance principles for banks, July 2015 – para # 122 146 Recommendations of the Banks Board Bureau, March 2018 147 Recommendations of the Banks Board Bureau, March 2018 148 DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 07, 1999 on risk management inter alia on credit approving authority 149 Recommendations of the Banks Board Bureau, March 2018 150 Recommendations of the Banks Board Bureau, March 2018 151 BCBS –Corporate governance principles for banks, July 2015 – para # 115 152 BCBS –Corporate governance principles for banks, July 2015 – para # 113 153 BCBS –Corporate governance principles for banks, July 2015 – para # 115 & 116 154 Recommendations of the Banks Board Bureau, March 2018 155 BCBS –Corporate governance principles for banks, July 2015 – para # 123 156 BCBS –Corporate governance principles for banks, July 2015 – para # 114 157 BCBS –Corporate governance principles for banks, July 2015 – para # 129 158 BCBS –Corporate governance principles for banks, July 2015 – para # 129 159 BCBS –Corporate governance principles for banks, July 2015 – para # 129 160 BCBS –Corporate governance principles for banks, July 2015 – para # 130 161 BCBS –Corporate governance principles for banks, July 2015 – para # 120 162 BCBS –Corporate governance principles for banks, July 2015 – para # 117 163 BCBS –Corporate governance principles for banks, July 2015 – para # 118 164 BCBS –Corporate governance principles for banks, July 2015 – para # 126,127,128,131 165 BCBS –Corporate governance principles for banks, July 2015 – para # 75 166 DBS.CO.PP.BC 6/11.01.005/2006-07 dated April 20, 2007 on compliance function in banks 167 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 (where responsibility is assigned to the Board) 168 Companies Act, 2013; SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; RBI - Compensation Guidelines November 2019; BCBS –Corporate governance principles for banks, July 2015; Content added for emphasis and clarity 169 In line with the other key committees viz., ACB and RMCB 170 Added for emphasis and clarity 171 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 and Companies Act, 2013 172 Added for emphasis and clarity 173 BCBS –Corporate governance principles for banks, July 2015 – para # 51 174 Added for emphasis and clarity 175 BCBS –Corporate governance principles for banks, July 2015 – para # 77 176 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 Part D 177 DBOD.No.BC.116/08.139.001/2001-02 dated June 20, 2002 implementation of recommendations of Dr. Ganguly Group Report 178 Added for emphasis and clarity 179 DBR.No.BC.97/29.67.001/2014-15 on Compensation of Non-executive Directors of Private Sector Banks dated June 1, 2015 places a cap on non-executive Director compensation. 180 Companies Act, 2013; SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; DBOD.No.BC.105/08.139.001/2003-04 dated June 25, 2004 on 'fit and proper' criteria for directors of banks 181 DBOD.No.BC.105/08.139.001/2003-04 dated June 25, 2004 on 'fit and proper' criteria for directors of banks 182 DBR.Appt.No.BC.68/29.67.001/2016-17 dated May 18, 2017 on Minimum Qualification and Experience for CFO & CTO vide its circular and DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria for elected directors in PSBs 183 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (PART D) 185 Added for emphasis and clarity 188 Various instructions/ guidelines on ‘fit and proper’ issued by RBI being the minimum requirement. 189 Added for emphasis and clarity 190 Added for emphasis and clarity 191 Added for emphasis and clarity 193 DBOD.No.BC.116/08.139.001/2001-02 dated June 20, 2002 implementation of recommendations of Dr. Ganguly Group Report; SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 (regulation No. 20); other requirements added for emphasis and clarity. 194 Added for emphasis and clarity in the interest of separating the supervisory function of the board from the management function of the board 195 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015; Companies Act, 2013. 196 As per Companies Act, 2013, the board of directors shall meet at least four times a year, with a maximum time gap of one hundred and twenty days between any two meetings 197 Added for emphasis and clarity considering the licensing conditions for small finance banks, payment banks and universal banks require a majority of independent directors. 198 Added for emphasis and clarity considering the extant instructions of RBI already prescribe a minimum quorum of three for certain committees of the board such as ACB and NRC. 200 Added for emphasis and clarity 201 Added for emphasis and clarity 202 BCBS –Corporate governance principles for banks, July 2015 – para # 61 203 Added for emphasis and clarity 204 BCBS –Corporate governance principles for banks, July 2015 – principle 2 205 BCBS –Corporate governance principles for banks, July 2015 – para # 48 207 DBR.Appt.BC.No.39/29.39.001/2016-17 dated November 24, 2016 on Special Knowledge or Practical Experience useful to Banking Companies 208 DBOD.No.BC.116/08.139.001/2001-02 dated June 20, 2002 on Ganguly Committee 209 DBOD.No.BC.No.21/08.95.005-94 dated March 5, 1994 and DBOD.No.BC.82/08.95.005/94 dated July 1, 1994 and on Board of Directors 210 Non-banking financial institutions (NBFI) are entities engaged in hire purchase, financing, investment, leasing, money lending, chit/kuri business and other para banking activities such as factoring, primary dealership, underwriting, mutual fund, insurance, pension fund management, investment advisory, portfolio management services, agency business etc. 211 DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria for elected directors in PSBs with added emphasis and clarity 212 DBOD.No.BC.116/08.139.001/2001-02 dated June 20, 2002 on implementation of recommendations of Dr. Ganguly Group Report and DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria for elected directors in PSBs with contents added for emphasis and clarity 213 bodies such as Notified Area Council, City Council, Panchayat, Gram Sabha, Zila Parishad, etc. 214 Added for emphasis and clarity. 215 In case of nationalised banks, a non-official director cannot continuously serve beyond a period of six years as per the clause 9 (2) & (4) of the Nationalised Banks Scheme 216 RBI Circular DoR.Appt.No.58/29.67.001/2019-20 dated March 31, 2020 217 RBI guidelines on ‘fit and proper’ being the minimum requirement 218 DBOD.No.BC.116/08.139.001/2001-02 dated June 20, 2002 on implementation of recommendations of the Consultative Group of Directors of Banks / Financial Institutions (Dr. Ganguly Group) and DBOD.No.BC.105/08.139.001/2003-04 dated June 25, 2004 on 'fit and proper' criteria for directors of banks 219 DBOD.No.913/08.139.001/2007-08 dated June 19, 2006 on ‘fit and proper’ criteria for directors of banks 220 Added for emphasis and clarity 221 RBI Circular on 'fit and proper' criteria for directors of banks DBOD.No.BC.No.47/29.39.001/2007-08 dated November 01, 2007 222 DBOD.No.BC.105/08.139.001/2003-04 dated June 25, 2004 on 'fit and proper' criteria for directors of banks and content added for emphasis and clarity 223 DBOD.No.BC.60/08.139.001/2004-2005 dated December 16, 2004 on 'fit and proper' criteria 224 DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria 225 DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria 226 DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria 227 DBR.Appt.No: 9/29.67.001/2019-20 dated August 2, 2019 on 'fit and proper' criteria 228 Section 10A of the B R Act 229 BCBS –Corporate governance principles for banks, July 2015 – para # 87; Recommendations of the Banks Board Bureau, March 2018 ; Contents added for emphasis and clarity. 230 Recommendations of the Banks Board Bureau, March 2018 231 BCBS –Corporate governance principles for banks, July 2015 – para # 91 232 BCBS –Corporate governance principles for banks, July 2015 – para # 91 233 BCBS –Corporate governance principles for banks, July 2015 – para # 92 and DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function; 234 BCBS –Corporate governance principles for banks, July 2015 – para # 93 235 BCBS –Corporate governance principles for banks, July 2015 – para # 93 236 BCBS –Corporate governance principles for banks, July 2015 – para # 93 & 94 237 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 238 SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 with added emphasis and clarity 239 DBOD. No.BC. 116 / 08.139.001/2001-02 dated June 20, 2002 on implementation of recommendations of Dr. Ganguly Group Report 240 BCBS –Corporate governance principles for banks, July 2015 – para # 90; 241 BCBS –Corporate governance principles for banks, July 2015 – para # 50, 88 & 89 242 BCBS –Corporate governance principles for banks, July 2015 – para # 88 243 Added for emphasis and clarity 244 Section 35B of BR Act, 1949 245 DoR.Appt.No.58/29.67.001/2019-20 dated March 31, 2020 on appointment of CEO/MD/PTC 246 Added for emphasis and clarity 247 DBOD.APPT.BC.No.40/29.39.001/2014-15 dated September 9, 2014; 248 Section 10B(4) of BR Act, 1949 249 BCBS –Corporate governance principles for banks, July 2015 – para # 105 250 BCBS –Corporate governance principles for banks, July 2015 – para # 105; DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 07, 1999 on risk management 251 BCBS –Corporate governance principles for banks, July 2015 – para # 106 252 BCBS –Corporate governance principles for banks, July 2015 – para # 36 253 BCBS –Corporate governance principles for banks, July 2015 – para # 105 &112 254 BCBS –Corporate governance principles for banks, July 2015 – para # 36 255 Principles for An Effective Risk Appetite Framework, Financial Stability Board 256 BCBS –Corporate governance principles for banks, July 2015 – para # 106 257 DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 07, 1999 on risk management 258 BCBS –Corporate governance principles for banks, July 2015 – para # 107; DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 07, 1999 and DBOD. No. BP. 520 /21.04.103/2002-03 dated October 12, 2002 on risk management 259 BCBS –Corporate governance principles for banks, July 2015 – para # 106 260 BCBS –Corporate governance principles for banks, July 2015 – para # 141 261 BCBS –Corporate governance principles for banks, July 2015 – para # 123 262 BCBS –Corporate governance principles for banks, July 2015 – para # 105 263 BCBS –Corporate governance principles for banks, July 2015 – para # 105 264 BCBS –Corporate governance principles for banks, July 2015 – para # 105 265 BCBS –Corporate governance principles for banks, July 2015 – para # 105 266 DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 07, 1999 and DBOD. No. BP. 520 /21.04.103/2002-03 dated October 12, 2002 on risk management 267 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function in the bank 268 BCBS –Corporate governance principles for banks, July 2015 – para # 34&126 269 DBR.BP.BC.No.65/21.04.103/2016-17 dated April 27, 2017, with modifications for emphasis and clarity. 270 BCBS –Corporate governance principles for banks, July 2015 – para # 109 271 BCBS –Corporate governance principles for banks, July 2015 – para # 109 272 BCBS –Corporate governance principles for banks, July 2015 – para # 108; DBR.BP.BC.No.65/21.04.103/2016-17 dated April 27, 2017 with modifications for emphasis and clarity 273 DBR.BP.BC.No.65/21.04.103/2016-17 dated April 27, 2017 274 Added for emphasis and clarity 275 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function 276 BCBS –Corporate governance principles for banks, July 2015 – para # 132 277 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 with modifications for emphasis and clarity 278 BCBS paper on Compliance and the Compliance Function in Banks (April 2005) 279 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance functions; with modifications modeled on similar principles for Risk Management function 280 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance functions with modifications modelled on similar principles for Risk Management function 281 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance functions with modifications modelled on similar principles for Risk Management function 282 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance functions with modifications modelled on similar principles for Risk Management function 283 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance functions which requires reporting to ACB – which has third line of defence mandate, as against compliance function which is a second line of defence function. 284 Added for emphasis and clarity 285 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function; BCBS –Corporate governance principles for banks, July 2015 – para # 133, and modifications for emphasis and clarity 286 DBS.CO.PP.BC.6/11.01.005/2006-07 dated April 20, 2007 on compliance function 287 DBOD. No.BC. 116 / 08.139.001/2001-02 dated June 20, 2002 on implementation of recommendations of Dr Ganguly Group Report has coverage of the role of Secretary to the Board. Contents added for emphasis and clarity. 288 Added for emphasis and clarity 289 Added for emphasis and clarity 290 BCBS –Corporate governance principles for banks, July 2015 – para # 139 291 BCBS –Corporate governance principles for banks, July 2015 – para # 139 292 Added for emphasis and clarity 293 BCBS –Corporate governance principles for banks, July 2015 – para # 139 294 BCBS –Corporate governance principles for banks, July 2015 – para # 141 295 BCBS –Corporate governance principles for banks, July 2015 – para # 141 296 BCBS –Corporate governance principles for banks, July 2015 – para # 141 297 BCBS –Corporate governance principles for banks, July 2015 – para # 138; content added for emphasis and clarity 298 BCBS –Corporate governance principles for banks, July 2015 – para # 138 299 Added for emphasis and clarity 300 BCBS –Corporate governance principles for banks, July 2015 – para # 142 with partial modification 301 Added for emphasis and clarity 302 DBOD.NO.BP. 40/ 21.04.158/ 2006-07 dated November 03, 2006 on outsourcing and DBS.CO.PPD.05/11.01.005/2016-17 dated August 25, 2016 on internal audit with modifications for emphasis and clarity 303 Content added for emphasis and clarity in the interest of enhancing auditor independence. As per DBS.ARS.No.BC. 02/ 08.91.001/ 2008-09 dated December 31, 2008 “Audit firms should not undertake statutory audit assignment while they are associated with internal assignments in the bank during the same year. In case the firms are associated with internal assignment it should be ensured that they relinquish the internal assignment before accepting the statutory audit assignment during the year” and DBS.ARS.No.BC.7/08.91.001/2006-07 dated April 24, 2007 as per which “'Banks may take their own decision in this regard, in consultation with the Audit Committee of the Board / Board in the matter of allotment of special assignments to their statutory auditors.' 304 DBS.CO.PP.BC . 10 /11.01.005/2002-03 dated December 27, 2002 guidance note on Risk Based Internal Audit 305 BCBS –Corporate governance principles for banks, July 2015 – para # 142 306 Added for emphasis and clarity 307 Added for emphasis and clarity 308 Added for emphasis and clarity 309 BCBS –Corporate governance principles for banks, July 2015 – para # 142 310 Added for emphasis and clarity 311 To be read along with DBS.ARS.BC.No.3/08.91.020/2011-12 dated October 04, 2011 312 To be read along with DBS.CO.FrMC. BC.No.9/23.04.001/2010-dated May 26, 2011. 313 DBS.CO.FrMC. BC.No.9/23.04.001/2010 dated May 26, 2011 on Internal Vigilance in Private Sector / Foreign Banks 314 Recommendations of the Banks Board Bureau, March 2018 315 Recommendations of the Banks Board Bureau, March 2018 316 Added for emphasis and clarity 317 Added for emphasis and clarity 318 Added for emphasis and clarity 319 Added for emphasis and clarity 320 BCBS –Corporate governance principles for banks, July 2015 – para # 143 with modifications for emphasis and clarity 321 Sections 10 (1) (b) (iii), 10 (2) and 35B of BR Act, 1949 322 DBR.No.BC.97/29.67.001/2014-15 dated June 1, 2015 323 DBR.No.BC.97/29.67.001/2014-15 dated June 1, 2015 with modifications for emphasis and clarity. |