A new cycle for bank governance: the update of the EBA guidelines

In a year marked by the enforcement of several regulations, banks have their hands full. Investor protection (MiFID II), online payment innovation (PSD2), clients’ data privacy (GDPR) are among the regulations 2018 has seen being enforced. The banking sector is also undergoing a significant change when it comes to internal governance.

The European corporate landscape differs both legally and politically and includes different perspectives on governance. In this circumstance, corporate law and codes of governance fall under the scope of individual member states. Since 2000, European authorities have created several initiatives aimed to improve corporate governance standards. While promoting economic growth, the EU is focusing its efforts also in reducing market deficiencies and effectively avoiding unnecessary financial risks of the European economies.

In 2010, the Basel Committee on Bank Supervision (BCBS) revised and published a set of principles crucial for an effective corporate governance. Safer and more reliable bank functions were the main goal. To ensure that European banks were transparent on risk management and decision-making the BCBS developed a principle-based framework in line with the different state governance codes. The objective was to stress the importance of risk management as part of banks’ corporate governance framework. Showing the value of a united board, board committees and their corresponding control functions was also a part of the goal. One year later, in September 2011, the European Banking Authority (EBA) also released its own set of internal governance requirements, the Guidelines 44 (EBA GL 44), transposed in Luxembourg in Circular CSSF 12/552. Those guidelines were revised in September 2017 and new ones are entering into effect on 30 June 2018. We are thus expecting a revision of Circular CSSF 12/552 over the next few weeks or months. In this article, we explain what these new guidelines are and what they mean for the Banking sector.

What is this internal governance upgrade?

The new EBA guidelines enhance the role and composition of the management body (i.e. Board of Directors and Executive Committee) and their sub-committees, the governance framework, the risk culture and business conduct, the internal control framework and related mechanisms, the business continuity management and transparency issues.

This internal governance upgrade focuses on the entire governance structure:

  1. Proportionality: Institutions should take into account their size, internal organisation and the nature, scale and complexity of their activities developing and implementing internal governance measures. The number of nominations in the Board of Directors should correspond to the size of the institution;
  2. Role and composition of the management body and committees: It determines how the management body sets, approves and oversees the implementation of a range of different procedures. They can go from business strategies, internal governance and internal control framework to risk and corporate culture, amongst others;
  3. Governance framework: It includes the organisational framework and structure, the organisation in a group context and the outsourcing policy;
  4. Risk culture and business conduct: It focuses on risk culture, corporate values and code of conduct, conflict of interest policy at institutional level and for staff, implementation of internal alert procedures (whistleblowing process) and the report of breaches to the competent authorities; this topic is specifically enhanced in the new guidelines;
  5. Internal control framework and mechanisms: It includes frameworks for risk management, internal control functions (risk management, compliance and internal audit) and a new product approval process;
  6. Business continuity management
  7. Transparency: It concerns the organisation of the management body and the clear distribution of their duties (see the infographic below) emphasing the need for communication.



This new set of internal governance measures wants to ensure the consistency of sound governance arrangements in financial institutions in the EU. It wants to make sure that the main challenges of credit institutions and investments firms on imprudent risk-taking are identified and solved.  In that respect, the European Central Bank (ECB) developed the Supervisory Review and Evaluation Process (SREP) to guarantee a full and thorough review of the risk profile of an institution and assess the needs of capital and liquidity. The SREP also aims to assess the adequacy of the internal governance and risk management processes of credit institutions, their strategic and capital planning, and the strength of their business models.

Under the new principles, how do the functions of the Board of Directors (BoD) and of the Executive Committee (or Management) differ?

In the supervisory function, the Board of Directors is responsible for supervising but also for the decision-making process and to challenge the system. Their responsibilities include:

  • Monitor and challenge the strategy;
  • Oversee and monitor decisions of the Management;
  • Challenge and review proposals and information provided by the Management;
  • Fulfil the duties and roles of the risk committee, the remuneration committee and the nomination committee, when such committees have not been setup;
  • Assess the effectiveness of the internal governance framework;
  • Oversee and monitor that the strategic objectives and risk strategy, including risk management framework and remuneration policy, are implemented correctly;
  • Monitor constantly the implementation of risk culture;
  • Oversee the integrity of financial information and reporting;
  • Ensure that the heads of internal control functions are able to act independently;
  • Monitor the implementation of the internal audit plan, after the prior involvement of the risk and audit committees if any.

In its management function, the Executive Committee has specific responsibilities:

  • Implement the strategies and discuss regularly their implementation and appropriateness with the BoD;
  • Report and inform regularly the BoD of the risks and developments affecting or that might affect the banks.
What we think
Emmanuelle Caruel-Henniaux, Partner at PwC Luxembourg


An effective corporate governance is key to the success of the banking sector and the economy as a whole. The EBA guidelines are to ensure that, by harmonising institutions’ governance arrangements, imprudent risk-taking decisions and choices in the banking sector are reduced significantly. A way to do that is improving the status of the risk management function, giving emphasis to the responsibilities of the management body in its supervisory function when it comes to risk governance.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top