Address by Patrick Brady, Assistant Director General, Policy & Risk, to Irish Banking Federation

11 November 2010 Speech

Good morning ladies and gentlemen.

Corporate Governance: Two words that seem to generate so much reaction.

But why is it that something that should be so relatively straightforward to implement and is, in my view, in the best interests of all stakeholders, widely derided in practice? Why do firms, and particularly financial services firms, apparently find it so demanding to have robust systems and procedures in place to ensure the proper oversight of their business and proper internal reporting?

I ask these questions because there are sufficient examples of significant cases both internationally and domestically that point to a simple fact. Inadequate corporate and internal governance leads to scandal or, worse, failure. The only difference in practice is the relative cost.

Of course, some people can live in their own little worlds and ignore the facts. For example, an article in the September issue of Finance Dublin magazine said the following in relation to the current crisis and with reference to our consultation paper on corporate governance, CP41.

“It therefore would be more accurate to say that the cause of the global (and Irish) credit crisis was inadequate control and oversight of money supply, and monetary policy by the responsible regulators (the main Central Banks of the world, of which the Irish Central Bank was an integral and integrated part, organisationally), starting in the 1990s, but accelerating, with further inappropriate easing, as it happened, in the months and years following 9/11.

It follows that the looser (CP41) formulation of the problem ‘that one of the causes of the international financial crisis was inadequate oversight of credit institutions and insurance companies’ leads nowhere in particular, and leads potentially in a direction of sanctioning useless and meddlesome engagement by bureaucrats in the business of banking and insurance, when all that is, and will be needed is the proper and effective conduct of a modernised monetary policy that gets to grips with the new and innovative forms of money that an innovative world has devised.”

So there you have it! It was all the fault of loose monetary policy. And if we fix that, all will be well.

Those of us in the real world, of course, will be all too familiar with corporate scandals like Enron, Equitable Life, Worldcom, Parmalat, HIH, and so on. Indeed, I could name a few closer to home but these have yet to play out. I’m sure you all have your own examples in mind.

Why Corporate Governance?

In the 1990’s there was no single authoritative definition of corporate governance. In that decade, however, there were a number of respected reports such as the Cadbury Report in 92, the Greenbury Report in 95, the Hampel Report in 98 and the Turnbull Report in 1999.

Given that the Cadbury Report is internationally recognised as having been seminal in the development of corporate governance not only in the UK but elsewhere, the definition therein is a reasonable starting point.

The Cadbury Report or to give it its full title, the Report of the Committee on the Financial Aspects of Corporate Governance, defined corporate governance as the system by which companies are directed and controlled. An important theme of corporate governance, as advocated by Cadbury, is the issue of accountability and fiduciary duty. In terms of economic efficiency, maximising profits and bottom line reporting, corporate governance should also aim to optimise economic results, which is key to leveraging competitive advantage and sustainable growth.

There are, therefore, financial, economic and managerial disciplines underpinning corporate governance and this is evidenced in the various definitions. Although the definitions have been expanded since the Cadbury Report, the value of that Report, and the longevity of the definition is reflected in the manner in which the direction and control aspect of corporate governance is restated in more recent definitions.

In 1999, the Australian National Audit Office defined corporate governance as “the process by which organisations are directed, controlled and held to account. It encompasses authority, accountability, stewardship, leadership, direction and control exercised in the organisation. Key elements of corporate governance include transparency of corporate structures and operations, the implementation of effective risk management and internal control systems; the accountability of the Board to stakeholders through, for example, clear and timely disclosure; and responsibility to society.”

More recent thinking advocates Enterprise Governance. This develops the strategic role and offers that the formulation of strategy requires more than just a broad statement of intended results: the strategy must be regularly reviewed, tested and performance measured against results. It suggests that governance constitutes the entire accountability framework of the organisation and the two dimensions - conformance and performance - need to be in balance. Board structures and roles and executive remuneration require controls, audit and assurance (conformance oriented corporate governance). These are rightly regarded as critical but need to be balanced with the performance dimension which focuses on strategy and value creation.

In terms of corporate governance, the implications for governance frameworks are considerable and, increasingly, as stakeholder interests need to be taken into account explicitly, decision-making models which focus on enterprise and performance are characterised by extensive stakeholder analysis and engagement. Thus, the growing significance of intangible assets and the accompanying rise of stakeholder influence, the manner in which a company responds to stakeholder pressure and harmonises its value system and incorporates these into strategic planning and risk management and creating sustainable value, is the key challenge for organisations.

Identifying and responding to strategic risks and ensuring strategic oversight can be problematic. Structures and processes can be audited but this has an historic focus. The challenge for organisations is to be able to respond at the right time and in possession of all the relevant information: this has a forward-thinking dimension which is not comprehended by traditional conformance mechanisms.

The objective of strategic oversight is performance and the mechanism, structure or process by which it is delivered becomes almost secondary. There is a danger that effecting complex structures detracts from the objective and ignores the potential to develop and exploit existing and well-established structures and processes.

This point is underscored by recent developments in the more traditional or established conformance mechanisms. Accountability measures have also developed to meet the challenge in pursuing strategies designed to create sustainable value which, in turn, emphasises the mutuality of corporate governance mechanisms and the whole-of-organisation approach.

These developments serve to demonstrate that whereas corporate governance - both theory and practice - has developed in recent years and, particularly since the turn of the century, the core or original elements have not merely been supplemented: they too have been developed and should not be regarded as static or rigid structures and processes.

This confirms the view that governance arrangements need to evolve and underscores the dynamic and need for balance between organisational performance and mechanisms to assure that performance, whether falling neatly or otherwise into pre-labelled performance or conformance mechanisms.

What of enforcement?

There can be little doubt that there has been considerable emphasis on addressing fraud or poor governance through strengthening specific aspects of corporate governance such as internal controls, financial reporting and external disclosure.

But, as a number of writers on the subject point out, there have been concerns that reform has generally been driven by responses to high-profile failures of governance resulting in a tendency to concentrate on the wrong issues and/or the wrong solutions. Sarbanes Oxley in the United States and the rules based approach of compliance is symptomatic of this concern, wherein tick-box compliance can obfuscate the objective of strategic direction and oversight.

The principles based approach adopted elsewhere, the “comply or explain” approach, while less prescriptive, is as likely to encourage responsible behaviour and organisational performance. Nevertheless, full compliance is rare and many significant principles are often observed more in the breach.

There is, therefore, in my view, a need for a statutory code that sets out clear requirements that can be enforced either through administrative sanctions or through the courts, while at the same time allowing firms introduce regimes appropriate to the nature, scale and complexity of their business.

Only last month, the Institute of directors published findings of a survey showing, among other things, that 70% of directors believe that increased regulation is the only way that corporate governance standards in Ireland can improve.

I want to repeat here what we said in the introduction to our consultation paper on corporate governance requirements.

“It is now widely recognised that one of the causes of the international financial crisis was inadequate oversight of credit institutions and insurance companies. Many Boards did not seem to analyse critically the strategy/business models that credit institutions and insurance undertakings adopted and they did not fully understand the associated risks and costs not only to the firms themselves, but also to the economy and society at large.”

It may well be that many of you in the room here today did recognise the risks but simply were not listened to, or there were no appropriate procedures in place for you to ensure that your message was received and understood.

CP41

Our consultation paper was published with a view to both addressing the lack of a statutory corporate governance regime for banks and insurers and to introducing a clear set of transparent requirements. Some of you may recall the June 2010 findings of both the Regling and Watson and Honohan reports which reiterated the need to reform corporate governance.

The response to our consultation was remarkable, attracting over 130 responses. This was the highest response on any consultation which we have carried out to date and underpins my comments earlier about how corporate governance is viewed and the almost diametrically opposed views that are held.

We received responses from an incredibly wide range of sources including banks, insurance and reinsurance companies, the funds industry, stockbrokers, trade and industry associations, academics, State/semi-State bodies, the accountancy and legal professions, management consultants and individuals. All the contributions are available on our website.

I’ll not go into all of the responses received. But if any of you are interested in a research topic for a thesis (be it on regulation or psychology!), there is a wealth of views and opinions expressed.

One major theme which emerged from the responses was the request for clarity on the basis upon which we would adopt a proportionate approach towards imposing the proposed requirements on different types of entities. As a result, we altered our proposal so as to adopt a dual approach of imposing minimum core requirements on all institutions covered by the Code and also imposing additional requirements upon those institutions which we deem to be major institutions.

We have adopted this approach recognising, on the one hand, that it is impossible to develop a one-size-fits-all regime that is neither insufficient nor excessive, while on the other hand, recognising that it is essential to have some minimum statutory requirements that all institutions must adhere to. This approach also takes account of the diverse range of banks and insurers operating in the jurisdiction.

  • The other key themes that emerged from responses to the consultation generally revolved around:

    Board composition (and in particular the proposed requirement to have a majority of independent non executive directors).
  • The requirement for a minimum of one meeting per calendar month.
  • The limit of directorships which could be held in financial institutions.
  • The limit of directorships which could be held in non financial institutions.
  • The restrictions on the Chairman, particularly in the context of a wholly owned subsidiary of a parent.
  • The requirement for an annual compliance statement.
  • The requirement to establish separate Audit and Risk Committees.
  • The requirement for a balance between executive and non executive directors to be present at meetings. And....
  • The proposed obligation on directors to report concerns to the Central Bank and the lack of protection for Whistleblowers.

As well as the dual approach that we have adopted we have taken account of some of those concerns raised by respondents and have altered the code by:

  • Adopting a carve-out for captive insurers;
  • Allowing for the Chairman to be either an INED or in the case of subsidiaries to be a Group non executive director;
  • Reducing the minimum number of meetings per year to quarterly, while requiring 11 (1 per month for 11 months) for major institutions;
  • Allowing some leeway for institutions to use group committees, for example audit and risk, but subject to boards satisfying themselves that the institution’s relevant functions are adequately discharged.
  • Increasing the limits for directors of (non major) institutions to five financial directorships and eight non financial directorships generally.
  • And, when calculating the number of directorships held, agreeing to exclude directorships held in the public interest on a voluntary and pro bono basis provided that they do not interfere with the director’s ability to fulfil properly his or her role and functions as a director.

There are a number of requirements which we have retained, including:

  • The proposed limit on directors of major institutions holding more than three directorships of financial institutions and more than five directorships of non-financial companies;
  • The requirement to submit compliance statements. In this context we will liaise with industry prior to issuing guidelines on compliance statements;
  • The prohibition upon a Chairman or CEO holding such a position for more than one institution at any one time;
  • We continue to require directors and boards to report concerns regarding the overall corporate governance framework or any deviations from the code to the Central Bank. However, we have allowed directors to report concerns to the board in the first instance (without prejudice to their ability to make a report to the Central Bank) so as to give the board an opportunity to address such concerns. Finally,
  • In the absence of relevant legislation, we have not provided protection for Whistleblowers. However we will revisit the position in the event of any relevant legislation being introduced in this area.

Internal Governance

Of course, it’s all well and good to have a governance code at board level. However, for it to be truly effective, it has to be supplemented by sound requirements for internal governance. We have to ensure that there are systems and controls in place that allow the board and the executive to work together to deliver on the strategy within the risk appetite set by the board. We have promised to bring forward proposals on internal governance early next year.

Both the Committee of European Banking Supervisors – CEBS - and the Committee of European Insurance and Occupational Pensions Supervisors – CEIOPS - have carried out considerable work in relation to internal governance, deriving in large part from provisions under the Capital Requirements and the Solvency II Directives.

In October 2009, CEIOPS presented firm proposals for legislative requirements on systems of governance to the European Commission covering, amongst other things, the risk management function, the actuarial function, internal audit and outsourcing.

CEBS meanwhile has already published papers addressing broad issues of corporate structure and organisation, roles of the management body, internal control, responsibilities of the risk control function, compliance and internal audit functions, public disclosure and transparency. They are currently updating that work.

We will build on this work, and learn also from the results of surveys regarding the implementation of the guidelines already conducted by CEBS and CEIOPS. We will, of course, consult on our proposals.

Fitness and Probity

Needless to say, improving corporate and internal governance is not just a question of introducing new codes and regulatory requirements, although clearly they are key. We also have to ensure that those directors, senior managers and others in senior roles within institutions have the integrity, professionalism, skills and experience necessary to fulfil their tasks.

We have already commenced an interview process as part of our “fitness and probity” assessments for appointments at senior management levels within institutions. Initially, our focus is on the domestic retail banks but we do intend to roll this out across a number of institutions on a risk-based approach and consistent with the resources available to us.

We have also started to look at board performance and how individual directors conduct themselves at the largest institutions.

We’re doing this in two ways.

First, we are conducting interviews with the directors to assess their grasp of their institution’s strategy and key risks. Secondly, supervisors now attend at selected board and other committee meetings, for example the risk committee or the asset and liability committee. In this way we are not focusing solely on individuals but we’re also getting a good handle on the overall quality of boards, including the skill sets, management oversight and adherence to the requirements proposed for corporate governance.

The recently passed Central Bank Reform Act provides for a statutory Fitness and Probity Regime for directors and senior management of financial institutions. The Act provides that the Central Bank may issue standards of fitness and probity with which firms must comply regarding officers and employees performing “controlled functions”.

In addition, the Act provides that the Bank will prescribe controlled functions as well as specifying which functions require pre-appointment approval by us. These “controlled functions” may include, for example, the CFO, the head of risk, head of credit, Money Laundering Reporting Officer and so forth.

We are currently working on a draft Code on Standards of Fitness and Probity. In essence, this will involve considering what additions or deletions are required to the current non- statutory Code. The new statutory Code will set out specific, but not exhaustive, high ethical standards on fitness and probity. We intend to consult publicly on this code in December.

Conclusion

While, ultimately, any system of governance is dependent on people, and particularly on the culture of organisations, the approach that we are adopting; focusing on board governance, internal governance and the fitness and probity of directors, senior managers and key personnel, in addition to day-to-day prudential supervision, is aimed at mitigating the potential for the types of behaviour and outcomes that we are all too well familiar with today.