Banking StandardsWritten evidence from the Association for Financial Markets in Europe

Executive Summary

In response to the focus of the Commission’s inquiry—to establish whether there are shortfalls in professional standards and culture in the UK banking sector which have implications for the way business is conducted—the Association for Financial Markets in Europe (AFME) considers that it would be most helpful for us to contribute to the Commission’s deliberations at this stage by providing a high-level preliminary summary catalogue of a range of standards and regulatory measures (both domestic and international) applying to both individuals and firms and drawing out number of questions that are prompted by this analysis.

This preliminary summary is set out in the Annex to this submission.

Submission to the Parliamentary Commission

1. The Association for Financial Markets in Europe (AFME) welcomes the opportunity to respond to the Parliamentary Commission on Banking Standards’ (“the Commission’s”) initial call for evidence on 26 July 2012.

2. AFME represents a broad array of European and global participants in the wholesale financial markets: our Members comprise pan-EU and global banks as well as key regional banks, brokers, law firms, investors and other financial market participants. Whilst AFME is a European trade association, given the importance of the London markets, both to the European Union as a whole and to the many EU and international firms that have operations in, or provide services on a cross-border basis into London, we consider it important to engage proactively and constructively in debates that determine the environment in which our members undertake their business.

3. We welcome the appointment of the Commission, particularly given the importance of the banking sector to the UK economy.1 We recognise that the theme of the Commission’s work—to establish whether there are shortfalls in professional standards and culture in the UK banking sector which have the implications for the way business is conducted—is now the central question to be addressed against the background of significant regulatory change already underway.

4. Given AFME’s role, we have concluded that at this stage we can best contribute to the Commission’s work by providing a high-level preliminary summary catalogue of a range of standards and regulatory measures—covering both those applying to individuals and those applying to firms (but with application directly relevant to the behaviour of individuals) together with standards relating to the wider corporate/internal governance arrangements: this material is set out in the Annex to this submission and, we hope, provides a fact base to which the Commission might find it helpful to refer in its deliberations.

5. In particular, we hope that this compilation is helpful in highlighting the range of standards designed to shape and, indeed, determine the responsibilities—and therefore behaviour—of relevant staff in firms and also summarising corporate governance standards.

6. The drawing together of this material has prompted us to consider a number of areas which we think that it would be helpful for the Commission to explore, which we summarise below, but it is important also not to lose sight of the regulatory changes that have already been made or are underway when assessing the degree to which further changes are needed. At the same time it is essential to take into account the importance of achieving international alignment of standards so as to achieve good practice across global markets and remove the risk to good standards that can be posed by regulatory arbitrage: such alignment would also allow regulators to have confidence in each other’s judgments which would help to assist the maintenance of open, competitive markets from which customers benefit.

Issues for Consideration

7. In achieving good risk management, and in achieving the appropriate alignment of personal incentives with this objective, it is clear that firms must embrace the need to ensure that the working environment and the incentive structures in which staff operate are designed to foster responsibility and good personal conduct whilst also recognising, at the same time, the need to avoid environments which act to discourage behaviour with integrity.

8. The appropriate alignment of incentives with prudent risk management is fundamental in fostering an appropriate culture within banking and we believe that the FSB’s Principles and Implementation Standards for Sound Compensation Practices—which include, for example, arrangements for clawback—have set the right framework (indeed, the provisions in Europe as implemented in CRD3 go further).

9. As the Annex highlights, there are a wide range of standards that address standards of behavior, governance and culture and overall, we do not believe that the issues that have threatened financial markets that have arisen are due to the absence of professional standards per se. However, there are questions about the extent to which firms have sought to ensure that standards have been adequately embedded at all levels of the organisational hierarchy and the degree to which in practice, therefore, both individual and corporate standards act to assist firms in creating or maintaining a culture that fosters integrity.

10. Current professional standards for individuals, and the formal requirements of the FSA’s approved persons regime, together with the governance arrangements that apply to firms provide a strong foundation: but there may be questions about the extent to which governance standards at the group/firm level are sufficiently dovetailed with the standards that apply to individuals.

11. Firms recognise the importance of maintaining processes for ensuring good risk management but consideration should be given to the extent to which the arrangements in place give sufficient weight to “people risk” (the risk that people do not follow an organisation’s procedures, practices and/or rules); even in the best managed firms, systems and controls must be designed and implemented to determine whether the arrangements for identifying risks are functioning as intended—and work in Europe and Basel has sought to address the issue.

12. Serious as the shortcomings that have been identified have been, they were far from universal, and deficiencies that have been identified are not common to all firms, or, indeed, to all types of financial services businesses. And, as firms differ, there will not be a universal solution, so targeted supervision will be important in helping to ensure that all firms focus sufficiently on the risks that need to be addressed in their particular business; within this there is a role for enforcement.

13. The Boards of firms are responsible for ensuring that the appropriate cultural environment is established. This entails appropriate processes being in place to ensure that what is sought is achieved in practice as a firm undertakes business day to day. A range of disciplines are involved ranging from recruitment (careful selection of staff) to training and competence (with specific focus on ethics and integrity) together with arrangements for escalation—firms need to instil in their staff the importance of being aware that there can be occasions when the status quo should be challenged; and regulators could enhance firms’ focus on adequate people risk management, through, for example, the provision of guidance to signpost the importance of this (although for well managed firms, such guidance would not be strictly necessary and would have a limited role in consequence).


14. Overall, the Commission will wish to assess the best ways for ensuring that firms’ management inculcate “ownership culture”—in which people will take responsibility and raise their hands when they see that something is wrong—and for determining the role of governance arrangements at the corporate level in contributing to this.

15. The industry must strive to work with regulators and other market participants to restore confidence and trust in the sector and an appreciation of its important role.

16. We would be pleased, of course, to discuss the issues covered in this submission with the Commission or to provide further information about any of the matters which our members have raised if that would be helpful. (In particular, we would be pleased to share the underlying material that we summarise in the Annex or to extend the analysis if that would be helpful to the Commission: for example further work could be undertaken on the standards in other jurisdictions.)

7 September 2012



The Annex attempts to classify the standards into 1) those applying to individuals and to firms but with application to the behaviour of individuals; and 2) those relating to the wider corporate/internal governance arrangements, classified according to their “natural” hierarchy, linking Corporate Governance Standards, to Internal Governance Standards, to thematic codes.

Table 1—Legal and Regulatory requirements relevant to the behaviour of individuals and other Professional Codes

Table 2—Table 2: Corporate Governance/internal governance requirements/codes with application to banking

Table 3—Other ethical Codes/standards of potential interest

Table 1



Title and Publication

Summary/Key highlights

Status, indicative application and further observations (where appropriate)

UK—Legal requirements applying to directors and other individuals


Company Directors Disqualification Act 1986

Provisions relating to the disqualification of persons from, inter alia, being directors of companies and from being otherwise concerned with a company’s affairs.


Disqualifications, by a court, for general misconduct in connection with companies, unfitness (eg wrongful trading) and competition infringements.

Directors of UK incorporated companies

Observations/further remarks:
Used in respect of certain directors of Barings


Financial Services Markets Act
(2000) (FSMA) and secondary legislation

Includes offences that can be committed by individuals such as s.397: Misleading Statements and Practices and s.398: Misleading the Authority—residual cases.


Also provides that the FSA may issue statements of principle with respect to the conduct expected of approved persons and a code of practice for the purpose of helping to determine whether or not a person’s conduct complies with the statement of principle.

Authorised persons, approved persons and other persons more generally etc

Observations/further remarks:
The legal basis for FSA rules

UK FSA regulatory requirements applying to individuals

FSA Handbook

Statements of Principle and Code of Practice for Approved Persons—APER

APER sets out the statements of principle (and factors relating to all statement of principle) applying to the conduct of an approved person.


Includes descriptions of conduct which does not comply with these statements of principle; as well as factors which in the opinion of the FSA are to be taken account in determining whether or not an approved person complies with a Statement of Principle

Approved persons

FSA Handbook

Fit and Proper test for Approved Persons—FIT

FIT sets out and describes the criteria—(i) honesty, integrity and reputation; (ii) competence and capability; (iii) financial soundness—the FSA will consider when assessing the fitness and propriety of a candidate for approval to perform a controlled function and an approved person.


Approved persons and authorised persons etc.

HM Treasury

Consultation document: Sanctions for the directors of failed banks
(July 2012)—consultation closes 30 September 2012

In addition to (i) the FSA’s approved persons regime and (ii) the BIS’s power to seek disqualification of individuals as directors under a range of circumstances under the Company Directors Disqualification Act 1986, HM Treasury is consulting on introducing a rebuttable presumption that a director of failed bank is not suitable to be approved by a regulator to hold a senior position in a bank

Consultation—work in progress

Also consulting on the possibility of new criminal sanctions for the serious misconduct in the management of a bank

Directors of banks

UK FSA regulatory requirements applying to firms with relevance to the behaviour of individuals

FSA Handbook

Supervision Manual (SUP 10)

Amplifies the approved persons regime in FSMA and the FSA’s gate-keeping functions regarding applications for approval


Approved persons and authorised persons etc.

FSA Handbook

Training and Competence—TC

The TC sourcebook focuses on detailed requirements for certain retail activities including the need to attain a qualification where relevant


Authorised persons

Observations/further remarks
Retail focus
Links to the SYSC Sourcebook that sets high level competency requirements for wholesale markets.

FSA Handbook

Senior Management Arrangements, Systems and Controls (SYSC)

With respect to training and competence:


SYSC 5.1 sets out the obligations of firms with respect to employing personnel with skills, knowledge and expertise

SYSC 5.1 and 3.1 (which sets out high level responsibility of the firm to establish and maintain systems and controls appropriate to the business) cross reference TC sourcebook (see below for TC)

SYSC18 provides guidance on the Public Interest Disclosure Act and whistleblowing

Authorised persons

SYSC 19A sets out the Remuneration Code

Other UK Professional codes relating to individuals

Worshipful Company of International Bankers

The Lord George Principles for Good Business Conduct

High level code based on eight principles governing the relationship between financial service providers and their organisation, the financial services industry, other market participants, colleagues, clients, customers, counterparties, and themselves as professionals

Membership voluntary but Principles mandatory once a member

Members of the company

Chartered Institute for Securities and Investment (CISI)

CISI Code of Conduct

Follows the “Lord George principles of the Worshipful Company of International Bankers”.

Membership voluntary but Code mandatory once a member

Institute of Chartered Accountants in England and Wales (ICAEW)

Code of Ethics

Also see (for FRC Ethical Standards)

The ICAEW has an extensive Code of Ethics (the Code); its approach is particularly well developed.

Members of the CISI

The Code of Ethics applies to members, students, affiliates, employees of member firms and member firms, in their professional and business activities, remunerated or voluntary eg individual chartered accountants are bound by the Code of Ethics—albeit different sections of the Code—even when working in non-accountancy roles.


The Code sets out five fundamental, over-arching, principles which constitute the basis requirements of professional behaviour—integrity, objectivity, professional competence and due care, confidentiality and professional behaviour—and gives guidance, via illustrations, on how the principles are to be applied (ie what is expected of members) in specific situations that commonly arise.

Chartered Accountants

The Code—and those of other professional accountancy bodies—is based on the International Ethical Standards Board’s Code of Ethics for Professional Accountants, which also forms the basis of the FRC (formerly APB) Ethical Standards for Auditors and Ethical Standards for Reporting Accountants. All of these codes adopt a “threats and safeguards” approach whereby:

Observations/further remarks
Ethical and auditing standards for the accountancy profession are set after due process by a body with at least some public representation and, in the case of standards set by the FRC for auditors, a majority of members who are not auditors. This is designed to ensure acting in the public interest. The international standard setting bodies have some “public members”, but not a majority, and their standards are subject to approval by a Public Interest Oversight Board which checks that the public interest has been considered and due process has been followed;

threats to ethical behaviour should be identified;

The ICAEW has an ethics advisory service helpline to support members if in doubt as to their ethical position.

where appropriate, safeguards may be put in place;

ICAEW believes that integrity is fundamental to ethical behaviour.

if the threat is so great that no safeguards could mitigate the threat, or the safeguards are not sufficient, then the accountant should (a) withdraw from the engagement (in the case of an accountant in practice) or (b) resign from their employment (in the case of an accountant in business).

The ICAEW has produced several reports on integrity—Reporting with Integrity and Real Integrity: practical solutions for organisations seeking to promote and encourage integrity (with Leeds University).

For example, if an employee is being asked to act unethically then, having been through whatever internal channels they can (eg whistleblowing hotlines), they should resign.

The later report—Real Integrity: practical solutions for organisations seeking to promote and encourage integrity—examines the effectiveness of 10 different technique for promoting integrity—tone from the top; organisational values; open culture; whistleblowing; advice; codes of conduct; training rewards; discipline and monitoring—and sets out recommendations for organisations in the form of a framework for integrity. It also considers techniques used by professional bodies and makes a number of other general conclusions.

The Code requires that members shall be guided not merely by the terms but also by the spirit of the Code and the fact that a particular conduct does not appear among the list of examples does not prevent it from amounting to misconduct.

In the case of accountants in practice, there are monitoring and inspection regimes carried out either by the relevant professional body and overseen by the FRC, or, in the case of audits of public interest entities, carried out by the FRC.

In all cases, failure to comply with applicable codes (either discovered by the monitoring and inspection regime, or as a result of a complaint) is a disciplinary matter.

Members of professional bodies such as the ICAEW are also subject to a duty to report serious misconduct by fellow members of their body and failure to do so is itself a disciplinary matter;

Disciplinary arrangements of the ICAEW and other professional bodies for the accountancy profession (and, in the case of public interest entities, the FRC), can lead to censure, financial penalties and explusion from the professional body and/or removal or restriction of permission to carry out particular sort of work (eg audit registration, insolvency licence).

Law Society/Solicitors Regulation Authority (SRA)

SRA Code of Conduct (2011)

The SRA Code of Conduct (the Code) sets out outcomes-focused conduct requirements to allow solicitors to consider how best to achieve the right outcomes for clients taking into account the way that a firm works and its client base. The Code is underpinned by effective, risk-based supervision and enforcement.



Chartered Institute of Internal Auditors (IIA)

IIA Code of ethics

Provides principles and rules of conduct addressing integrity, objectivity, confidentiality and competency

Membership voluntary but Code mandatory once a member


The Chartered Banker Professional Standards Board (CB:PSB)

CB:PSB code of conduct

High level code aimed at supporting the ethical awareness, customer focus and competence of those working in the banking industry

Membership voluntary but Code mandatory once a member


Observations/further remarks
The CB:PSB was established in 2010 to develop industry-led, professional standards for the UK banking industry.

The Consortium of Investment Banking Institution Standards (CIBIS)

CIBIS Code of conduct

The Operational Mission of CIBIS is to improve the culture and climate of the investment banking sector, preventing abusive compliance practices which undermine national economies, to promote constructive use of compliance procedures to assist lawful transactions and boost international economies, by promoting the increased availability of anti-fraud and pro-success banking expertise to the private sector.

Membership voluntary but Code mandatory once a member

The Code which came into force in December 2011, consists of 22 rules which cover topics such as integrity, law abidance and cooperation with enforcement of rules

Banking Compliance officers, loan officers, risk management experts, bank executives, and smaller private banks , Chartered Accountants

CIBIS serves as a “think tank” style non-governmental organization (NGO), developing intellectual property in support of needed banking reform, and providing innovative proprietary tools to banking and finance institutions.

International Professional Codes of Practice

International Compliance Association (ICA)

Code of Ethics

ICA is a global provider of professional certificated qualifications and training in anti money laundering (AML), compliance and fraud/financial crime prevention.

Membership voluntary but Code mandatory once a member

All members are expected to abide by a high-level code of ethics that focuses on 5 high level principles including eg commitment to integrity, diligence and professionalism and confidentiality. Additionally there are requirements for members to undertake CPD and submit records online.

Compliance and anti-money laundering professionals

CFA Institute

Code of Ethics and Standards of Professional Conduct

The CFA global standards were created in 1960 to promote the integrity of CFA institute members and served as a model for measuring the ethics of investment professionals globally.

Membership voluntary but Code mandatory once a member

Violations of the Code and Standards may result in disciplinary sanctions by the CFA Institute and can include revocation of membership, revocation of candidacy of the CFA programme and right to use the CFA designation.

Investment professionals

Table 2



Title and Publication

Summary/Key highlights

Status, indicative application and further observations (where appropriate)

UK legal framework governing companies and UK Corporate Governance and Stewardship Codes


Companies Act 2006

Provides the legal basis for, inter alia, corporate governance and governance of risk (risk governance)


Under sections 172, 173 and 174 members of company boards have a clear responsibility to be attentive to the interests of shareholders

UK incorporated companies etc

UK Listing Authority (UKLA)(part of FSA)

UK Listing Rules
UK Disclosure and transparency Rules

Requirements for UK listed companies.


Requires publication of compliance with UK Corporate Governance Code

UK Listed companies and companies seeking admission to listing

Financial Reporting Council

The UK Corporate Governance Code (accounting periods beginning on or after 29 June 2010)—formerly the “combined code”

The first version of the UK Code on Corporate Governance (the Code) was produced in 1992 by the Cadbury Committee. Its paragraph 2.5 is still the classic definition of the context of the Code:

Mandatory under UK Listing Rules but applied on a “comply or explain” basis

“Corporate governance is the system by which companies are directed and controlled. Boards of directors are responsible for the governance of their companies. The shareholders’ role in governance is to appoint the directors and the auditors and to satisfy themselves that an appropriate governance structure is in place. The responsibilities of the board include setting the company’s strategic aims, providing the leadership to put them into effect, supervising the management of the business and reporting to shareholders on their stewardship. The board’s actions are subject to laws, regulations and the shareholders in general meeting.”

UK listed companies

Sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders.

Observations/further remarks
Code is not specific to BOFI, so complemented by financial regulation under the Financial Services and Markets Act 2000 and Companies Act 2006.
Codes includes principles relating to risk management and internal control, as well as the establishment and role of the audit committee, so the code helps to link corporate governance to risk governance
The FRC is consulting on proposed revisions to the UK Corporate Governance Code and International Standards on Auditing (UK and Ireland) to give effect to its Effective Company Stewardship proposals.

Financial Reporting Council (FRC)

Internal Control: Guidance to Directors (Oct 2005)—formerly “the Turnball report”

FRC is currently undertaking a limited review of this code to reflect 2011 discussions concerning the role of the board in determining the nature and extent of significant risks they are will to take.


Elaborates on Section C.2—Risk Management—of the UK Corporate Governance Code which states that “the board should maintain a sound system of internal control”

UK listed companies

Identifies the role of internal control (IC) in the:

Observations/further remarks
Helps to strengthen the link of corporate governance to internal control and risk governance.

management and control of risks in a risk-taking business

effectiveness and efficiency of operations

reliability of internal and external reporting

High level guidance identifying the:

responsibilities of the board in maintaining a system of IC and reviewing its effectiveness

elements of a sound system of (IC) the process for reviewing its effectiveness

Financial Reporting Council (FRC)

Guidance on Board Effectiveness (March 2010)

Guidance primarily on Sections A and B of the UK Corporate Governance Code (suggestions for Good Practice from Higgs Report withdrawn on issue of guidance).


UK listed companies

Financial Reporting Council (FRC)

Boards and Risk: A summary of discussions with companies, investors and advisers

A summary of the FRC’s findings from a series of meetings with major listed companies to learn more about how boards were approaching these responsibilities in rapidly changing markets.

Not guidance but “captures contributions from companies, investors and advisers in the belief that these may be helpful to other companies in thinking about their own approaches to risk.”

One conclusion was that a review of the FRC’s guidance on Internal Control was needed.

Findings cover:

UK listed companies etc.

The role of the Board (and it 6 responsibilities for), Committees and Management

The Company’s approach to risk (ie risk appetite and risk tolerance setting)

The changing nature of risk (eg distinguishing between operational and strategic risks and identifying categories such as project and catastrophic risks; and the interconnectedness and sequential nature of some significant risks)

Managing the quality and use of risk information that boards can use and act on

Sources of risk assurance

Risk and control culture

Public reporting

Financial Reporting Council (FRC)

Stewardship code
(July 2010)

Aims to set out good practice on shareholder engagement with investee companies thereby enhancing the quality of engagement between institutional investors and companies to improve long-terms returns to shareholders and the efficient exercise of their governance responsibilities

Voluntary—applied on comply or explain basis
However, firms—other than venture capital firms—managing investments for a professional client that is not a natural person are required to provide a disclosure of commitment to the Financial Reporting Council’s Stewardship Code required under FSA rules (COB 2.2)

Under the code shareholders are free to choose whether or not to engage with the investee company but this choice should be a considered one based on their investment approach

Firms who manage assets on behalf of institutional shareholders (such as pension funds, insurance companies, investment trusts and other collective investment vehicles) and Institutional investors.

Observations/further remarks
Code is not specific to banks but is particularly relevant to UK banking in light of the Kay review
FRC is currently consulting on changes in the code

UK legal framework governing financial services


Financial Services Markets Act
(2000) (FSMA) and secondary legislation

Sets out the framework for the regulation of banks and other firms carrying on regulated activities.


Specifies the FSA’s “gate keeping functions” ie the authorisation of firms and the approval of individuals to perform controlled functions.

Authorised persons, individuals etc.

Specifies the FSA’s enforcement powers.

Observations/further remarks:
The legal basis for FSA rules, applying to the financial services industry.

Sets out the threshold conditions for authorisation and continuing authorised.

Key requirements in the FSA Handbook relating to Corporate Governance/Internal Governance

FSA Handbook

Threshold Conditions (COND)

Amplifies threshold conditions set out in FSMA


Requires firms to have adequate resources—the FSA “will interpret the term ‘adequate’ as meaning sufficient in terms of quantity, quality and availability, and ‘resources’ as including all financial resources, non-financial resources and means of managing its resources; for example, capital, provisions against liabilities, holdings of or access to cash and other liquid assets, human resources and effective means by which to manage risks.”

Authorised persons

Requirements a firm to satisfy the FSA that it is “fit and proper” (this includes “conducting its business with integrity and in compliance with proper standards” and having “competent and prudent management and exercising due skill, care and diligence”).

FSA Handbook

Principles for Business (PRIN)

Set out the fundamental obligations of all firms under the regulatory system.


Principles express the main dimensions of the “fit and proper” standard set for firms in the threshold condition 5 (Suitability).

Authorised persons

Includes a requirement that a firm conduct its business with integrity.

FSA Handbook

Senior Management Arrangements, Systems and Controls (SYSC)

Senior Management Arrangements specified in SYSC2


SYSC3 sets out Systems and Controls requirements

Authorised persons

SYSC5—sets out the requirements for skills, knowledge and expertise

SYSC6—High level rules requiring the establishment of a compliance function, audit function, and financial crime function and the baseline requirements for all three functions

SYSC7—High level rules requiring firms to have effective processes to identify, manage, monitor and report the risks (relating to its activities) that it is or might be exposed to

SYSC18—Guidance on Public Interest Disclosure Act: Whistle-blowing

SYSC 19A Remuneration Code

EU Corporate Governance

EU Commission

Corporate governance framework for European companies: what needs to be improved? (April 2011)–

As part of a longer term review of the corporate governance framework of companies at large, the public consultation focused on how companies, not just financial institutions, work.

Work in progress

Corporate Governance roadmap expected autumn 2012

EU listed companies

Observations/further remarks
Note also existing Listing and Company Law Directives

Austrian Working Group for Corporate Governance
(Österreichischer Arbeitskreis für Corporate Governance)

Austrian Code of Corporate Governance
(January 2012)

This was prepared by the Austrian Auditors’ association (Institut Österreichischer Wirtschaftsprüfer (IWP) and the Austrian financial analyst and asset management association (Österreichische Vereinigung für Finanzanalyse und Asset Management (ÖVFA))

Statutory/mandatory since 2008 (according to the Austrian Business Code Amendment Act 2008)

The Code is available in German and English

Austrian listed companies including exchange-listed European companies registered in Austria. Declaration of commitment to the Code is mandatory for Austrian companies that want to be admitted to the Prime Market of the Vienna Stock exchange

It was first published in 2002 and has been amended a number of times

It is supported by a number of organisations/institutions including the Austrian Finance ministry, the Austrian Central Bank and the Vienna Stock exchange

The Code focuses on 5 key areas: shareholders and the general meeting, cooperation between supervisory and management board, management board, supervisory board and transparency and auditing)

The Code clearly distinguishes between mandatory Legal requirements, “comply or explain” provisions and recommendations (non-compliance requires neither disclosure nor explanation). Interpretations of certain provisions of the Code are also available in Germany only

The most recent revision has focused on the development of the diversity rule and new rules to improve cooperation between boards and auditors

Belgian Corporate Governance Committee

The 2009 Belgian Code on Corporate Governance
(March 2009)

The Corporate Governance Committee was established in 2004 based on an initiative of the Banking, Finance and Insurance Commission, the Federation of Enterprises in Belgium and Euronext Brussels. In 2009 the Code received legal recognition

Complementary to existing law, based on “comply or explain” principle

The Code is available in French, English and Dutch

Companies incorporated in Belgium whose shares are admitted to trading on a regulated market (“listed companies”)

The Code is based on 9 overarching principles such a “the company shall adopt a clear governance structure” or “the company shall have an effective and efficient board that takes decisions in the corporate interest”. The Code also contains provisions/recommendations and guidelines.

The Code also contains a number of appendices such as criteria for independence, or disclosure requirements

Observations/further remarks
Study on the compliance of the Belgian Corporate Governance Code 2009 of the BEL 20 is available in French and Dutch only. Overall suggestion is that compliance with the Code is “quite high”.

The Committee states that there are 5 reasons why the code will achieve better corporate governance: expression of commitment from Belgian leaders, more and faster transparency, higher levels of compliance as it will be harder to justify deviations, greater flexibility compared to law, complements existing legislation.

The 2009 revision advocates complete transparency re remuneration and severance pay towards shareholders and the outside world

Bulgarian Stock exchange

Bulgarian National Code For Corporate Governance

The Code contains 5 chapters: Corporate boards, Audit and Internal Control, Protection of shareholders’ rights, Disclosure of Information, Corporate Governance and Stakeholders.

Based on “comply or explain” principle. Takes into account and complements Bulgarian legislation without restating it

The Code sets out provisions for both one-tier and two-tier systems

All Bulgarian public companies including those that are planning to become public. Should also be adopted and applied by Bulgarian companies with predominant state and municipal ownership. “According to BSE-Sofia Rules and Regulations, issuers willing to be admitted to trading on the BSE Main Market, ‘Premium’ Equities Segment, are obliged to carry out their activity in conformity with the National Corporate Governance Code, approved by the Exchange. Adoption and implementation of the Code by the companies, traded on the other markets and market segments, is recommendable and depends on their own choice”

The Code is available in Bulgarian and English

The Code was developed in October 2007 and approved by the National Corporate Governance Committee (NCGC) and was amended in February 2012 by virtue of a decision by the NCGC

Cyprus Stock Exchange (CSE)

Corporate Governance Code
(March 2011)

The Code aims to “strengthen the monitoring role of the board of directors in listed companies, protect small shareholders, adopt greater transparency and provide timely information as well as [to] sufficiently safeguard the independence of the board of directors in decision making”

The Code is voluntary for the listed companies. Comply or explain disclosure required.

The Code is available in Greek and English

Companies listed on the Cyprus stock exchange

The Code contains 4 main sections: Board of Directors, Directors’ Remuneration, Accountability and Audit and Relationship with shareholders

Danish Commerce and Companies Agency (DCCA)

Recommendations on Corporate Governance
(August 2011)

The recommendations cover 9 key topics (Role of shareholders and their interaction with the management of the company, Role of shareholders including CSR, Openness and Transparency, Tasks and responsibilities of the supreme and central governing bodies, Composition and remuneration of supreme governing body, Remuneration of governing body, financial reporting, Risk management/internal control and audit)

Recommendation/“Soft law”

The Code is available in Danish and English

Danish companies whose shares are admitted to trading on a regulated market. NB as the activities of financial services companies are regulated by law, no specific recommendations for the financial services sector have been made

The Recommendations were first published in 2001 and have since been revised on 3 occasions to keep in line with developments on corporate governance

The DCCA believes that self-regulation is the best form of regulation but this places an obligation on society, companies and investors to get involved in the dialogue and take a positive attitude to corporate governance

Dutch corporate Governance Monitoring Committee

Dutch Corporate Governance Code: Principles of good corporate governance and best practice provisions
(December 2008)

The current Code stresses that the decisive factor in the operation of the Code is not strict compliance with the letter of the Code (box ticking) but the extent to which all concerned act in practice with the spirit of the Code.

Recommendation/self-regulation but should be viewed together with Dutch and European legislation. Overlaps with existing legislation are acknowledged. If a principle corresponds with a statutory rule this will mean the rule needs to be followed otherwise “comply or explain”

Compared to the previous Code of 2003, the Code has been amended eg to place greater emphasis on the importance of integral risk management, the importance of corporate social responsibility and executive remuneration

The Code consist of a preamble, principles, best practice provisions and an explanation on certain terms used in the Code. The Code contains 5 chapters each of which contains both principles and best practice provisions. The Chapters are: 1) compliance with the Code 2) the management board 3) the supervisory board 4) the shareholders and the general meeting of the shareholders and 5) the audit of financial reporting, internal and external audit.

Applies to all companies whose registered offices are in the Netherlands and whose shares or depositary receipts have been admitted to listing on a stock exchange or trading on a regulated market. It also applies to all large companies (balance sheet >Euro 500m) whose registered offices are in the Netherlands and whose shares are admitted to trading on a multi-lateral trading facility

The Code is based on the system in which a separate supervisory board exists alongside the management board, whether under the statutory two-tier rule or otherwise

Observations/further remarks
The Corporate Governance Code Monitoring Committee was established by the Minister of Finance, the State Secretary for Economic Affairs and the Minister of Justice in 2004. The Committee also publishes reports about compliance regarding a number of specific provisions as well as specific surveys on elements of the Code.

The code is available in Dutch and English

Estonian Financial Supervision Authority and Tallinn Stock Exchange

Corporate Governance Recommendations
(January 2006)

High-level objectives which are designed to help structure the work of the management board, supervisory board, cooperation between the two boards, general meeting, financial reporting and audit.
The Code is available in Estonian and English

Statutory—enforced by the regulations of the Tallinn Stock Exchange. “Comply or Explain” principle
Issuers admitted to trading on a regulated market operating in Estonia (except investment funds registered as public limited companies). Optional for other companies that may wish to comply

Finnish Securities Markets Association

Finnish Corporate Governance Code 2010
(15 June 2010)

The Code provides 55 detailed recommendations covering the general meeting, board, board committees, managing director and other executives, remuneration, internal control, risk management and internal audit, “insider administration”, audit and communications.

“Comply or explain” principle—several recommendations in the Code are based on legislation
Companies listed at the Helsinki stock exchange
Observations/further remarks
The Securities Market Association is a cooperation and self-regulatory body established in 2006 by the Confederation of Finnish Industries, the Central Chamber of Commerce and the NASDAQ OMX Helsinki

The Code is available in Finnish, Swedish and English

Recommendation—intended to set shareholder voting criteria for resolutions but not intended as basis for new legislation

As a rule Finnish listed companies use a “one-tier” governance model. Very few listed companies have supervisory boards.

Companies whose shares are listed for trading either on a regulated French market or on a multi-lateral trading platform. The principles also apply to all investments made aboard by investment managers

French Asset Management Association (Association Française de la Gestion Financière) (AFG)

Recommendations on Corporate Governance
(January 2012)

The AFG believes that there are 6 key principles of corporate governance: the AGM must foster shareholder democracy, appropriate and transparent compensation, one share/one vote, clear anti-takeover defences, independent, efficient and effective board of directors, must take into account strategic direction and environmental and employment policies

Observations/further remarks
AFG established a Code of Ethics in 1997
Voluntary but may be designated by listed companies as their legally required reference code

The Recommendations are divided into 2 main sections on I) the General shareholders’ meeting and ii) The Board of directors or supervisory board.


The Code is available in French and English

The 2012 edition represents the tenth edition of the Code

Association Française des Entreprises Privees (AFEP) and MEDEF (Mouvement des Entreprises de France)

Corporate Governance Code of Listed Corporations
(April 2010)

The Code consolidates a number of reports all which have been based on business initiatives with the objective of defining principles of good operation and transparency with a view to enhancing investor and public confidence

Companies whose securities are admitted to trading on a regulated market
Declarations of conformity required on a comply or explain basis)
German listed companies (recommendation that non-listed companies also adopt the code)

The Code sets out recommendations in 21 specific areas as well as providing information on the implementation of the recommendations

Observations/further remarks
Not a banking code as such, although signatories include Deutsche Bank and Commerzbank
Has a legal basis in German Corporate law

The Code is available in French and English

Commission of the German Corporate Governance Code

German Corporate Governance Codex
(Adopted in 2002 and updated in 2010)

(2012 version of the code)

Developed to address the major criticisms—especially from the international community—of German corporate governance, namely:

inadequate focus on shareholder interests

the two-tier system of executive board and supervisory board

inadequate transparency of German corporate governance

inadequate independence of German supervisory boards

limited independence of financial statement auditors

Explains the dual board structure and sets out the relationship of the supervisory board and the management board as well as the [codes] relating to their respect roles and responsibilities, compensation and composition and conflicts of interest

Sets out the management board’s insider information disclosure requirements and obligations to report and disclosure share dealings

Sets out the requirements for the reporting and auditing of financial statements

The Code is available in German and English

Hellenic Federation of Enterprises (SEV)

SEV Corporate Governance Code For Listed Companies
(March 2011)

Prepared by the SEV as part of its mandate to promote the continuous enhancement of the Greek corporate institutional framework as well as improve the competitiveness of its members and the Greek economy

Voluntary but some corporate governance requirements enshrined in Greek Law

Until the publication of the Code there was no “comply or explain” corporate governance code which was at odds with most other EU states

All Greek SAs as defined in law 2190/1920 whose registered offices are in Greece

The Code is available in Greek and English

The Code is divided into general principles which are addressed to all companies, whether listed or not and special practices which concern only listed companies

Corporate Governance Committee of the Budapest Stock Exchange

Corporate Governance Recommendations
(May 2008)

The Recommendations are considered to be an addition to relevant Hungarian legislation (predominantly Act IV of 2006 on business associations, hereinafter Company Act). The Recommendations contain recommendations, suggestions and related explanations. Those issues regulated by law are not covered by the Recommendations.

Recommended but not mandatory for companies listed on the stock exchange

The Recommendations replace an earlier version published in February 2004

Public limited Companies listed on the Budapest stock Exchange and registered in Hungary

The Recommendations are available in Hungarian and English

The recommendations are divided in 4 key areas: The shareholders’ rights and treatment of shareholders, responsibilities of the Managing Body and the Supervisory Board, Committees and Transparency and disclosure.

The text of the recommendations is divided into R (Recommendations), S (Suggestions) and E (Explanations).

Bourse de Luxembourg

Corporate Governance: The Ten Principles of Corporate Governance of the Luxembourg Stock Exchange
(October 2009)

The Bourse states that good corporative governance has the following characteristics: creates a proper balance between entrepreneurship and control, facilitates performance driven management, determines the company’s objectives, the means of obtaining them and provides tools for evaluating performance

Intended to provide guidance without being too prescriptive. Based on “comply or explain” principle. Complementary to Luxembourg law

“The 10 corporate governance principles cover the role and composition of the boards of directors of companies, as well as committees which may emanate from the boards, such as audit, remuneration and nominating committees, and the companies’ senior management. They also deal with the relations to be maintained with shareholders and investors.”

Principles apply to all Luxembourg companies the shares of which are admitted for trading on a regulated market operated by the Luxembourg Stock Exchange
NB Focus on Limited companies with a unitary structure of governance. For other forms of company eg dual structured of governance, the principles must be interpreted

The Principles of Corporate governance contain the general principles (“comply”), the recommendations (“Comply or explain”) and the guidelines.

Observations/further remarks
The Bourse also publishes regular reports on the application of the principles by Luxembourg companies listed for trading on the regulated market of the Stock Exchange

The Principles are available in French and English

Warsaw Stock Exchange (WSE)

Code of Best Practice for WSE Listed companies
(effective January 2012)

Intended to strengthen the competitiveness of the market and intended to promote innovation and international competitiveness

Voluntary—“comply or explain” principle

The Code is split between 4 sections: Recommendations for best practice for listed companies, best practice for management boards of listed companies, best practice for supervisory board members and best practices for shareholders

Companies listed on the WSE

The Code is available in Polish and English

Observations/further remarks
The Warsaw stock exchange has set up a specific website with a view to creating an active dialogue for effective application of the best practices; promoting best practices through information on conferences and other initiatives including educational programmes by certified so-called “Edupartners”

Portuguese Securities Markets Commission
Comissão do Mercado de Valores Mobiliários (CMVM)

CMVM Corporate Governance Code 2010: Recommendations
(January 2010)


Consolidation of the Legal Framework and the Corporate Governance Code 2010

The Code focuses on arrangements for the general meeting, the board of directors and supervisory board, Information and auditing and conflicts of interest


Available in Portuguese and English

Not stated

The Consolidation document intends to provide an integrated and accessible overview of the rules on corporate governance through a consolidation of the national sources of both legal and recommendatory rules

Bucharest Stock Exchange

Corporate Governance Code (2008)

The Code contains 11 Articles and 19 Principles. The Articles cover a range of issues including the need for a clear and transparent corporate governance framework, formal, rigorous and transparent procedures for appointing directors and the importance of corporate social responsibility

Voluntary—issuers that adopt the Code wholly or partially shall yearly submit to the stock exchange a Corporate Governance Statement. “Comply or explain” principle. Recommendations are supplementary provisions to legal obligations under Romanian law.

The Code is available in Romanian and English

Companies admitted to trading on the regulated market of the Bucharest Stock exchange

In March 2010, Implementation guidelines for the corporate governance code were issued which provide a non-exhaustive set of suggestions for the implementation of the recommendations. These are based on international good practice.

Lljubljana Stock Exchange,

Slovenian Directors’ Association

The Managers’ Association of Slovenia

Slovene Corporate Governance Code (December 2009–effective January 2010)

Incorporates Slovene legislation, EU guidelines, principles of business and internal bylaws of the three institutions as well as internal standards on corporate governance

Voluntary/not binding but “comply or explain”

Compared to the previous version (2005) the Code does not contain principles governing boards of directors due to the relative pre-dominance of two--tier system of governance

Companies listed on the Slovene regulated market

The Code is available in Slovene and English

Observations/further remarks
Also supported by the Ministry of Economy and Ministry of Finance

Swedish Corporate Governance Board

The Swedish Corporate Governance Code
(February 2010)

The Swedish Corporate Governance Board states that Swedish corporate governance differs in certain significant areas, both from the Anglo-Saxon one-tier model and the two-tier model which is more typical in Europe. “The differences include matters concerning attitudes to the role of owners, the division of power and responsibilities between the different governance bodies, the formation of boards and the role of the auditor”.

Voluntary/self-regulation. “Comply or explain” principle. Acts as complement to legislation and other regulations by specifying norm for good corporate governance “at a higher level of ambition than the statutory regulation”.

The Code sets out rules for corporate governance in 10 key areas. Most of the rules in the Code are formulated to allow non-compliance to be identified objectively and explained, however, it also contains certain rules for “pedagogical reasons” for which non-compliance is unlikely to be reported.

All Swedish companies whose shares are traded on a regulated market in Sweden (NASDAQ OMX Stockholm and NGM Equity)

The Code is available in Swedish and English

Observations/further remarks
The Swedish Corporate Governance Board was set up in 2005 in order to promote good corporate governance in Swedish stock exchange listed companies.

Spanish Comisión Nacional del Mercado de Valores (CNMV)

Report of the Special working group on the good governance of listed companies
(May 2006)

In addition to the recommendations for firms, the working Group has also made specific recommendations for the government, CNMV and financial institutions specifically. With regard to financial institutions there are 2 specific recommendations relating to the exercise of voting rights by institutional

Voluntary subject to the “comply or explain” principle. The Code does not replicate legal duties or binding rules.

The report is available in Spanish and English

All listed companies regardless of size or market capitalisation

EU Internal [risk] Governance standards

European Banking Authority (EBA)

EBA Guidelines on Internal governance
(Sept 2011 came into effect March 2012)

Differentiates internal governance from corporate governance.

See below

The EBA states that corporate governance is a broad concept that can be described as the set of relationships between an institution, its management, its shareholders and other stakeholders (see para 28 of the EBA’s Guidelines on IG).

Supervisors and regulators

Restates that the definition of internal governance is in accordance with Article 22 of Directive 2006/48/EC (as specified in CEBS’s high level principles for risk management principles (above)).

EBA guidelines underline EU’s attempt to link corporate governance to the risk and control environment of the firm
In EU Member States usually use one of two governance structures—a unitary or a dual board structure, so the EBA guidance adopts language to accommodate both structures referring to a management body which has a management function and supervisory function. The management body proposes the direction for the institution and the supervisory function oversees the management function and provides advice to it.
Incorporated in FSA’s supervisory approach

Enhances the CEBS’s high level principles (Feb 2010) with guidelines concerning:

the functioning and composition of the management body

management responsibilities such as “know-your-structure”

the qualifications, appointment and succession of its management body

specialised committees (ie Risk and Audit) of the management body

the institutions’ framework for business conduct

the institutions’ out sourcing and remuneration policies

the institution’s risk culture and risk management framework

the institution’s new products approval policy

the institution’s internal control framework and its risk control function and improved principles for dealing with internal control covering its role in:

transactions with related parties

strategy and decisions

complexity in legal structure

material changes

measurement and assessment


unapproved exposures

the need for a Chief Risk Officer (CRO should be appointed

the need for Compliance and Audit functions should be established (with a definition of compliance tabled)

Information systems and business continuity

Internal and external transparency


EBA Consultation Paper on draft Guidelines For assessing the suitability of members of the management body and key function holders of a credit institution (April 2012)

The proposed Guidelines set out the process, criteria and minimum requirements for assessing the suitability of members of the management body and key function holders of a credit institution.

Consultation—Work in process

Similar to FSA’s approach

EU banks

Non-EU/International Corporate Governance Standards


Corporate Governance and the Financial Crisis: Conclusions and emerging good practices to enhance implementation of the Principles’
(Feb 2010)

Report represents the third phase of the OECD Steering Group on Corporate Governance action plan on corporate governance and the financial crisis

See below

Via the publication of emerging practices and conclusions, the report aims to encourage and support the implementation of already agreed international and national standards


On the gap between existing standards and implementation, the report

confirms the need to promote an outcome based approach

underlines the importance for jurisdictions to regularly review the sufficiency of supervisory, regulatory and enforcement resources and promote forward looking capacities

suggests that authorities make full use of ex ante and ex post regulatory impact assessments when deciding to introduce new regulation

suggests that where jurisdictions use voluntary corporate codes (in conjunction with public laws and other public regulation) adequate monitoring and compliance mechanisms are important

On the governance of remuneration and incentives, the report

reinforces the responsibility of the board

underlines the importance of connecting the structure of compensation to the company’s strategic goals and risk appetite

confirms the importance of transparency

On improving the governance of risk management , the report

strongly concludes that the board’s responsibility for defining strategy and risk appetite needs to be extended to establishing and overseeing enterprise risk management systems

confirmed that independent risk and control functions is good practice and that chief risk officers (or equivalent) should report to the board

confirmed that the process of risk management and the results of risk assessments should be appropriately disclosed

underlined that the risk management and reporting functions system should consider risks that may be related to the company’s remuneration and incentive (eg promotion) systems

On improving board practices, the report

underlines the importance of the Chair in ensuring that the board tackles the most important issues facing a company

underlines the need to promote competent boards, with for example training, periodic evaluations, and the extension of “fit and proper” tests to the technical and financial competence of board members, including general governance and risk management skills

On the exercise of shareholder rights, the report examines a number of dimensions to this question noting, in particular, that it is good practice for investors to disclose voting records to control for potential conflicts of interest


Principles for enhancing corporate governance
(Oct 2010)

Reinforces the OECD (2010) corporate governance principles.

See below

Corporate governance:


is defined as “a set of relationships between a company’s management, its board, its shareholders and other stakeholders”

Has a wide definition to corporate governance (which goes beyond bank shareholders) and arguably conflates/connects corporate governance with internal governance
EBA’s guidelines are similar to the BCBS’s in a number of ways including the adoption of the “know your structure” concept

seen as providing the structure through which the objectives of the company are set and the means of attaining those objectives and monitoring them are determined

Based on lessons learnt during the crisis, the principles set out best practice for banking organisations. Areas of focus include:

the role of the board (including establishing the “tone at the top”)

the qualifications and composition of the board

the importance of independent risk (including a chief risk officer or equivalent), compliance and audit functions where each has sufficient authority, stature and resources to access the board

board oversight of compensation functions

board and senior management’s understanding of the bank’s operational structure and risks


The internal audit function in banks
(June 2012)

Builds on the BCBS’s (2010) Corporate Governance principles that state that banks should have an internal audit (IA) function with sufficient stature, independence, resources and access to board members

See below

Addresses supervisory expectations for the IA function, the relationship of the supervisory body with IA and the supervisory assessment of that function


Encourages internal auditors to comply with national and international professional standards (such as the Institute of Internal Auditors)

Financial Stability Board (FSB)

Thematic review on risk governance (April 2012)

The FSB Standing Committee on Standards Implementation (SCSI) agreed to undertake a peer review on risk governance.

Work in progress

There is currently no single comprehensive set of principles and standards that fully address and integrate corporate and risk governance requirements. The review therefore will not assess compliance with any specific standard, but will use existing standards and recommendations (as appropriate) in order to evaluate progress as well as identify good practices and remaining gaps in firms’ risk governance frameworks, and in the assessment of those frameworks by supervisory authorities.

“The peer review will focus on the roles and interplay between the firm’s Board members that oversee risk management, the enterprise risk management function and relevant aspects of the process for assessing the risk governance framework, processes and practices, either by internal audit or by third parties”

Group of Thirty (G30)

Toward effective governance of financial institutions
(April 2012)

Drawing lessons from the financial crisis, the G30 calls on boards of directors of financial institutions to do more to strengthen governance.


The report stresses that values influence the behaviour of those with governance responsibilities. The key to reform is to promote changes in the ways in which these individuals think about their responsibilities

Financial institutions

The report focuses on 7 key themes: the essential question of function, the Board, Risk governance, Management, Supervisors, shareholders and values and culture.

The Group of Thirty, established in 1978, is a private, non-profit, international body composed of very senior representatives of the private and public sectors and academia. It aims to deepen understanding of international economic and financial issues, to explore the international repercussions of decisions taken in the public and private sectors, and to examine the choices available to market practitioners and policymakers

Non-EU/International Enterprise Risk Management/Internal [risk] Corporate Governance Standards

PwC for The Committee of Sponsoring Organisations of the Treadway Commission (COSO)1

Enterprise Risk Management framework
Three documents:

COSO framework is underpinned by the premise that every entity exits to provide value for its stakeholders and that value is maximised when management sets strategy and objectives to strike an optimal balance between growth and returns goals and related risks, and efficiently and effectively deploys resources in pursuit of the entities objectives



Executive summary
Application techniques

(Obtainable with the purchased of a license at a reasonable fee—

The COSO ERM framework is illustrated by a matrix that depicts the direct relationship between the objectives of the firm (specifying four categories—strategic, operations, reporting, compliance), the firm’s units (subsidiary, business unit, division, and entity level), and its internal environment (specifying eight components—objective setting, event identification, risk assessment, risk response, control activities, information & communication, and monitoring)

Auditors but COSO also suggests it will be read (and acted upon) by: Board of directors, senior management, other personnel within the firm, regulators, professional organisations and educators
Although COSO is not aimed specifically at BOFIs, it is used, to varying degrees by BOFI risk management and compliance professionals and auditors to, for example, inform (i) enterprise risk management framework design (ii) approaches to operational risk management or (ii) the testing of the BOFI internal controls [addressing its prudential and non-prudential risks]

Observations/further remarks
The adoption of the framework has been facilitated by its documentation of detailed application techniques that can be used to help inform the building of an ERM framework or measure its robustness.
Integrity and ethics values are explicitly discussed in the framework and in the application standards respectively in terms of the overall internal environment and objective setting. Integrity and ethics are viewed as by products of the corporate culture.
Corporate culture is stated as encompasses ethical and behavioural standards and how they are communicated with top management—starting with the CEO—playing a key role in determining the corporate culture (page 30)
Arguably its emphasis on internal control and internal structures reveals its accounting and auditing origins

Joint Standards Australia/Standards New Zealand Committee 0B-0072

(New Zealand Standards)

(Australian Standards)

AS/NZS ISO 13000:2009
Risk management—Principles and guidelines
(Obtainable with the purchased of a license—

Note: supercedes AS/NZ 4360:2004

The standard provides a generic set of principles and guidelines for managing risk in a systematic, transparent and credible manner and within any scope and context


It defines “risk” as the uncertain effect of internal and external factors and influences on the achievement of the organisation’s objectives (or whether they exceed them)

Not specific to any industry or sector, so intended to be used by any public, private or community enterprise, associate, group or individual.
[Although AS/NZS ISO 13000:2009 is not aimed specifically at BOFIs, the predecessor standard has been used by BOFI risk management and compliance professionals and auditors to help inform (i) enterprise risk management framework design (ii) approaches to operational risk management or (ii) the testing of the BOFI internal controls [addressing its prudential and non-prudential risks]

It states that all activities involve risk and organisations manage risk by anticipating, understanding and deciding whether to modify it. And that throughout this processes organisations communicate and consult with stakeholders and monitor and review the risk and the controls that are modifying the risk. So the Standard describes this process in detail.

The Standard establishes a number of principles that need to be satisfied before risk management will be effective. It recommends that organizations should have a framework that integrates the process for managing risk into the organizations overall governance, strategy and planning, management, reporting processes, policies, values and culture

It is intended that the Standard should be utilised to harmonise risk management processes in existing and further standards, thereby providing “a common approach in support standards dealing with specific risks and/or sectors”. Nevertheless, it is also “not intended to promote uniformity of risk management across organizations”

Table Notes:

1 COSO is a joint initiative of give private sector organisations dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. The supporting organisations are: The institute of Internal Auditors (IIA), the American Accounting Association (AAA), the American Institute of Certified public accountants (AICPA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA). COSO was originally formed in 1985 to sponsor the [US] National Commission on Fraudulent Financial Reporting. The first chairman of the National Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber Incorporated and a former Commissioner of the U.S. Securities and Exchange Commission. Hence, the popular name “Treadway Commission”. Currently, the COSO Chairman is David Landsittel.

2 Standards Australia——is a non-government organisation charged by the Commonwealth Government of Australia to meet the country’s needs for contemporary, internationally aligned Standards and related services. Standards New Zealand——is the operating arm of the Standards Council, an autonomous Crown entity operating under the [New Zealand] Standards Act 1988.

Table 3



Title and Publication

Summary/Key highlights

Status, indicative application and further observations (where appropriate)

Wittenberg Centre for Global ethics

Code of Responsible Conduct for Business
(Nov 2010)

(English version of the code)

The Code of Responsible Conduct establishes verifiable standards which are supposed to become an integral part of the participating companies’ organizational culture

Voluntary Code

The code is motivated by a concern that, from a social perspective, the larger public has limited confidence in that actions of entrepreneurs and managers

German industry representatives

Signatories to the code commit to establish the code within their firms

Not a banking code as such, although signatories include Deutsche Bank, Allianz and HSBC Trinkhaus & Burkhardt AG and Unicredit
The Wittenberg Center for Global Ethics is an independent, international and interdenominational initiative of individuals and organizations from government, business, academia, churches and civil society. The founders (former Foreign Minister Hans-Dietrich Genscher, and retired UN Ambassador Andrew Young) formulated the basic idea of the centre in the fall of 1998.

The codes principles state that business must serve the good of the people and that this:

Requires competition that is fairs (profit may not be made by damaging third parties)

Is based on merit (recognition that performance must be rewarded, the demand for other ways of working is increasing, the role of business in providing for the welfare state and the role business plays in offering in-house training and related opportunities)

Takes place globally (so fair and reliable rules are needed “to ensure that all people [across global markets] gain an advantage”)

Must be sustainable (“ie passing on an intact ecological, social and economic fabric to future generations”)

Demands responsible conduct by decision makers (ie [decision markers] are reliable and keep promises which means keeping to the rules, pursuing any infringements of the rules, demand new rules when these are absent and participate in the drawing up these rules)

University of St Gallen, Institute for Business ethic

Various publications

The Institute for Business Ethics (IWE) was founded in 1989 and is an internationally known centre focusing on research and teaching in the field of business ethics


It aims to offer a holistic view on corporate responsibility, including the political role of business, business models and strategies, as well as the role of responsible consumers and civic duties.

Swiss and international organisations, academics

Institute of Business Ethics

Developing a Code of business ethics: A guide to best practice

The document sets out to provide a practical and comprehensive guide to producing, implementing and maintaining an effective code of business ethics.

Best Practice Advice

Additionally the Institute has published a wide range of other publications on ethical topics

Firms in the UK and internationally

The Institute was founded in 1986 and aims to advance public education in business ethics and related subjects with particular reference to the study and application of ethical standards in the management and conduct of industry and business generally in the United Kingdom and elsewhere

1 The CityUK: Key facts about UK financial and Professional Services March 2011: “Over one million people work across the UK in financial services, nearly 4% of total UK employment. Over 400,000 people are employed in banking. The UK is the world’s leading exporter of financial services, earning more than 10 times US exports of financial services in 2008. The UK’s financial services industry contributed £124 billion to the UK economy in 2009, accounting for 10% of total economic output. UK financial services contributed £53 billion in tax revenue 2009–10, 11% of total UK tax receipts.”

Prepared 19th June 2013