Parliamentary Commission on Banking StandardsWritten evidence from Clydesdale Bank PLC

Introduction

Clydesdale Bank PLC, with its Yorkshire Bank operation, is part of National Australia Bank Group.

The business is managed within the UK and is headquartered in Glasgow. The bank holds a single banking licence covering both its Clydesdale and Yorkshire Bank brands. The bank has approximately 2.7m customers, of which approximately 200,000 are SMEs. It operates a network of over 300 retail branches along with over 40 ‘Business and Private Banking Centres’ providing specialist support for larger business customers. The bank offers traditional retail and SME banking products and has taken a strategic decision to focus on its heartland areas in Scotland and the North of England.

The bank is making substantial changes in response to the evolving regulatory and economic environment, including to its corporate governance arrangements. In the last twelve months the bank has introduced a new risk and control framework, refreshed the membership of its Board, and implemented a more rigorous process for developing and monitoring its Risk Appetite Statement. These changes have strengthened the overall corporate governance of the bank.

Clydesdale Bank is a founding member of the Chartered Banker Professional Standards Board (CB:PSB), a voluntary joint initiative by nine leading banks in the UK and the oldest banking institute in the world. The CB:PSB will:

Develop a series of professional standards to support the ethical awareness, customer focus and competence of those working in the banking industry.

Facilitate industry and public awareness and recognition of the standards.

Establish mechanisms for the implementation, monitoring and enforcement of the standards.

Help build, over time, greater public confidence and trust in individuals, institutions and the banking industry overall, and enhance pride in the banking profession.

The CB:PSB serves as a public demonstration of banks’ collective commitment to restoring trust in the banking profession and emphasises their responsibility to customers, colleagues and wider society. It is supported and staffed by the Chartered Banker Institute, a trading name of the Chartered Institute of Bankers in Scotland,—the oldest professional banking body in the world.

Together, the founding members of the CB:PSB serve more than 70 million UK customers, and employ more than 350,000 individuals working in banking in the UK. It is anticipated that other banking organisations will join as the CB:PSB progresses.

This submission sets out the steps that Clydesdale Bank is taking to accredit the professional standards of its employees, the improvements and changes that it has made to its risk and control framework, and the strength of the bank’s overall corporate governance arrangements.

Within this submission, Board refers to the board of Clydesdale Bank PLC and Principal Board refers to the board of National Australia Bank Limited.

Board Composition, Role And Effectiveness

1. How, if at all, have your selection criteria, recruitment process and succession planning for board members changed in response to the financial crisis? How has the FSA SIF Approved Persons regime influenced the selection of your board members and the composition of your UK Board?

During the financial crisis, the Board’s normal process for renewing and refreshing its membership was paused. Earlier this year, on conclusion of the bank’s strategic review and as part of the planned Board renewal process, a number of new directors were appointed to the Board.

Board recruitment

Appropriately skilled and experienced candidates have always been sought for appointment to the board and the bank’s selection criteria have not changed in response to the financial crisis. The bank seeks individuals who can contribute to its strong corporate governance, who have a substantial financial and executive management or consulting background and who understand and have experience of regulatory and market risks, and capital and funding risks.

We continue to use the services of a first-tier, international executive search company to assist in the recruitment of suitable candidates for appointment to the board. Extensive probity checking is conducted on all candidates before any offer of appointment is made.

A more rigorous process for assessing the performance and contribution of directors will be carried out as part of succession planning and to assist in identifying suitable candidates for appointment as “chair” of committees or of the board.

FSA SIF Approved Persons regime

While changes to the SIF approved persons regime have not resulted in any changes to the bank’s selection criteria and recruitment process, it has reflected changes to the overall regime by increasing its emphasis on ‘development plans’ for directors.

2. How does your organisation draw a distinction between the roles of executive and non-executive directors (NEDs)? Please provide a summary of the responsibilities of individual NEDs on your board, including the specific aspects of the business and operations that they are each responsible for challenging.

The role of the Board as a whole

The Board is responsible to the Principal Board for ensuring that effective products and services are developed and delivered, that customers are supported and treated fairly, and for creating sustainable shareholder value through the management of the bank. The Board has authorities delegated to it by the Principal Board, the most significant of which cover: strategy; operating performance review; integrity of external reporting; risk management and internal controls; corporate culture; stakeholder interests; and Board governance. While the Board is the decision making body for certain matters, it delegates responsibility for the day-to-day management of the bank to the Chief Executive Officer.

Under statute, executive and non-executive directors share the same responsibilities and are subject to the same constraints. Directors owe both fiduciary duties and general duties of reasonable care, skill and diligence to the company. Executive and non-executive directors are required to act in accordance with the statutory statement of directors duties contained in the Companies Act 2006.

The role of non-executive directors

The role of each non-executive director is to:

bring an independent and external perspective to the business of the Board including in relation to strategy, performance, treating customers fairly, risk and people matters; and

to constructively challenge, monitor and support executive directors to lead the business and to implement Board directives.

Non-executive directors have the following responsibilities:

apply knowledge and experience to support the CEO and executive directors to develop and shape the corporate strategy, including by raising relevant strategic issues and by testing executive proposals—for example, in relation to the amount of risk the Board is willing to take in achieving strategic objectives;

demonstrate independent judgement and give constructive challenge to established business practice and thinking;

support executive directors in leading the business, fully empowering executive directors to implement the decisions made by the Board;

oversee the implementation of corporate strategy by monitoring performance against agreed annual budgets, strategic plans, policies, operational plans, projects and targets, including Risk Appetite settings;

ensure that the bank acts having due regard to its reputation and that it does the right thing for its shareholder, employees, suppliers, customers, local communities and the environment;

draw on previous experience to identify and offer advice on alternative courses of action for executive directors, particularly where a change in strategic direction is required;

ask incisive questions to seek assurance that Board decisions are based on accurate and comprehensive information, supported where appropriate by external analysis or input, taking into account the views of all stakeholders;

assist in annual board effectiveness reviews and chairman appraisals;

uphold high standards of integrity and probity and actively support executive directors in promoting and instilling the bank’s beliefs and desired behaviours;

be satisfied as to the integrity of financial information and that financial controls and risk management systems are robust and defensible, and

maintain adequate knowledge and understanding of the business to enable them to contribute effectively.

The board has three principal committees (Audit, Risk, and Nominations) all of which are chaired by a non-executive director and all of which benefit from non-executive director membership. A specific responsibility for representing the bank’s Yorkshire Bank brand, and its customers and staff, has been assigned to a non-executive director.

The Board has appointed a Senior Independent Director (SID) who acts as a conduit for the views of non-executive directors on the board. The non-executive directors meet regularly and separately with the SID and the SID also meets with the Financial Services Authority (FSA) independently from the Chairman and executive directors.

The role of executive directors

The role of each executive director is to:

bring a commercial and internal perspective to the business of the Board including in relation to strategy, performance, treating customers fairly, risk, and people matters; and

to be accountable to the Chairman of the Board for the delivery of Board approved plans.

Executive directors have the following responsibilities:

implement the strategy decisions made by the Board and effectively lead the bank towards the achievement of the strategic objectives, ensuring that risks are effectively assessed and managed;

use specialist knowledge and experience, both of their own business area and of financial services generally, to assist Board deliberations;

help to ensure that the Board receives relevant, accurate, timely and high-quality information to support decision making;

participate in the Board’s collective decision making, putting the interests of the bank before those of any specific area of responsibility;

ensure that the bank acts having due regard to its reputation and that it does the right thing for its shareholder, employees, suppliers, customers, local communities and the environment;

keep the Board informed of business performance, and external developments including regulation, competition, marketplace and customer issues likely to have an impact over the longer term;

uphold high standards of integrity and probity and actively promote and instil the bank’s beliefs and desired behaviour, and

establish highly effective teams and have in place adequate executive management succession plans.

During 2012, five new non-executive directors were appointed to the Board replacing directors who retired, and one non-executive director remained in position. Each non-executive director has the responsibilities outlined above and brings different knowledge and experience to aid the work of the Board and its decision making.

3. What resources do NEDs use and what activities do they typically undertake in their role to exercise challenge? How has this changed since 2007?

Access to management.

Board members have complete and open access to management. In addition to regular presentations by management to Board and Board Committee meetings, directors may seek briefings from management on specific matters. The Board also consults with other bank employees and advisers and seeks additional information, where appropriate.

The Company Secretary provides advice and support to the Board and is responsible for managing the bank’s day-to-day governance framework.

Access to independent professional advice.

Each director is entitled to seek independent professional advice at the bank’s expense with the prior approval of the Chairman. The Board can conduct or direct any investigation to fulfil its responsibilities and can retain, at the bank’s expense, any legal, accounting or other services that it considers necessary from time-to-time to perform its duties.

Induction and continuing education.

Management, working with the Board, provides an orientation programme for new directors. The programme includes discussions with executives and management, reading material, tutorials, branch and other visits, and workshops.

These sessions cover the bank’s strategic plan, significant financial, accounting and risk management issues, compliance programmes, management structure, internal and external audit programmes, Code of Conduct, Enterprise Behaviours (which provide the foundation of the culture of the bank) and director’s rights, duties and responsibilities.

Management periodically conducts additional presentations and tutorial sessions for directors about the bank, and the factors impacting, or likely to impact, its business. These assist non-executive directors to gain a deeper understanding of the bank and to ensure they have the knowledge and understanding to enable them to contribute effectively at Board meetings and fulfil their responsibilities.

Personal Development Plans

The business awareness and development needs of each non-executive director will be reviewed annually as part of a newly introduced performance evaluation process and formal Personal Development Plans will be prepared, monitored and maintained.

Private Sessions

The agenda for Board and Board committee meetings includes time for non-executive directors to meet without management present.

Senior Independent Director

The Senior Independent Director acts as a conduit for the views of non-executive directors on the Board. The non-executive directors meet regularly with the Senior Independent Director.

Business information.

The Chairman works with executive management to ensure that the information about the bank’s performance that the Board receives is accurate, timely and high-quality to enable it to make sound decisions, monitor effectively and provide advice and challenge to executive directors and to promote the success of the bank.

Changes since 2007.

Since 2007, the education and training made available to non-executive directors has significantly increased in response to changes in the industry and economic environment, as have the general resources available to non-executives. Changes include:

substantial improvements to Board information, particularly in relation to its quality, timeliness, granularity and clarity;

increased oversight of risk profiles;

the appointment of a Senior Independent Director to provide the Chairman with support on governance issues and to act as conduit for the views of non-executive directors;

the use of professional advisers to support the development of business strategy and to challenge management proposals,

the introduction of more regular updates to non-executive directors between Board meetings on key developments and performance measures;

external as well as internal training sessions, and

the introduction of formal ‘deep dive’ review sessions on topics at board meetings.

4. What constraints do NEDs face in delivering their duties?

Non-executive directors face some challenges, rather than constraints, in fulfilling their duties.

Whilst recognising the knowledge and experience they already have, some newly appointed directors require more in-depth knowledge to complement their general understanding of the retail banking industry, for example in relation to the evolving UK regulatory framework, and issues specific to the bank.

Non-executives often have to spend considerably more than contractual minimum time on board business, particularly those non-executives who chair board committees.

The support available to non-executives to help enable them to deliver their duties are set out in response to question 3 and include: a tailored induction programme; personal training and development plans, board tutorials, and regular ‘deep dive’ sessions at each Board meeting.

5. Please provide or comment on the following in respect of NEDs: the average time spent per annum on the role and how the size of the time commitment is determined;

Non-executive directors are required to contribute sufficient time to their directorship to enable them to fulfil their responsibilities. Each non-executive director is expected to spend a minimum of 30 business days per annum on their work for the bank, exclusive of preparation and travel time, based on the number of meetings anticipated to be held each calendar year. This time commitment is set out in the Terms and Conditions of Appointment. Non-executive directors are expected to spend additional time if appointed to a role on a Board committee, to the role of Senior Independent Director, or in relation to any other assigned role.

the quality and average size of board briefing packs;

The size of board briefing packs is determined by the Board agenda. The Board agenda is comprised of standing agenda items (for example, reports from management on progress with the implementation of strategic initiatives; a report from both the Chief Executive Officer and from the Chief Financial Officer; and a report from the Chairman) and of matters reserved for the Board. The Company Secretary receives and reviews papers for inclusion in board briefing packs; and monitors and takes action to address the quality of board papers, ensuring that matters brought to the Board are relevant for the Board. Non-executive directors provide feedback on the quality and size of Board briefing packs via the Senior Independent Director or directly to management at Board meetings.

- the depth of knowledge achievable by executive and non-executive board members;

Executive directors have the most in-depth knowledge of the bank and its capabilities. The depth of knowledge of non-executive directors is commensurate with their general responsibilities and experience and will vary in depth and range to ensure that there is a good balance of skills, experience and knowledge in the Boardroom. The Board appoints Board committees (including an Audit Committee and a Risk Committee) to help it carry out its responsibilities and to apply in-depth oversight into matters within the committee’s remit. Non-executives appointed to these roles are expected to have and to demonstrate more specialist knowledge of the bank. As set out in response to question 3 above, there are a range of resources available to non-executive directors and they have direct access to senior management to enable and assist them to extend their knowledge, if necessary, of bank matters.

adequacy of board meetings as a forum to enact effective challenge on specific topics.

The board substantially renewed its membership recently and took the opportunity to review its meeting arrangements, the content and style of agendas, the culture that it wanted to develop within the board, and the relationship that it should foster between non-executive directors and management.

While board meetings are adequate as a forum to enact effective challenge on specific topics, where a complex matter arises, workshops are arranged to brief the Board on specific topics and to provide a forum for wider challenge, prior to a matter being formally presented for approval.

6. When and by whom was your last board effectiveness review carried out and what were the key observations arising from the review? Please attach a copy of your latest board effectiveness review.

The last board effectiveness review was carried out in June 2010 by Promontory Financial Group (UK) Limited. The Executive Summary (redacted slightly for reasons of commercial confidentiality) is attached as an appendix.

Risk Governance

7. What are the key principles your board has considered in determining your risk appetite and tolerance levels? How does the board monitor the effective implementation of the risk appetite and what tools do they use? What specific changes have been made within your risk governance structure since 2007?

In determining its Risk Appetite, the Board considers a number of inputs: the economic outlook and regulatory landscape; its three year financial plan, and its overall strategic direction.

Overarching Risk Principles are established that align to the strategy and provide the back-drop to overall appetite settings.

Risk Principles

1. The bank will operate within prudent risk parameters to maintain a robust and sustainable financial position, including in stressed conditions;

2. The bank will consider customer outcomes in all its decisions and be able to demonstrate it does;

3. The bank will only provide products/services to its customers that support their financial goals and the bank’s long-term relationship with them;

4. The bank will operate within clearly communicated risk settings signed off by the Board and consider both risks and reward implications in all material decision making;

5. The bank will have a well-balanced portfolio of assets; and

6. The bank will be transparent and open with its stakeholders—customers, regulators, staff, shareholders and community. The bank will escalate risk events quickly, resolve effectively and share information, and learn from its mistakes.

Reporting and Monitoring of Risk Appetite

As part of the continued strengthening of the risk and control framework, the Board has recently reviewed and revised the process for preparing, and monitoring, its Risk Appetite Statement (RAS). The executive management risk committee (Risk Committee) considers the RAS and recommends it to the Board, for formal consideration and approval. The overall process is managed from within the office of the Chief Executive Officer.

The Board will receive exception reporting against appetite settings, focussing on deteriorating trends, and breaches of appetite thresholds. Breaches of risk appetite settings are escalated immediately when identified to the Board by the Chair of the Risk Committee.

Changes to Risk Governance Structure

The remit and accountabilities of management risk governance committees was reviewed in 2012. The number of risk governance committees has been reduced to simplify the risk governance structure. The role and responsibilities of committees in the new framework has been clarified and documented in updated Charters and aligned to the management delegated authority framework. Committees monitor risk horizons and emerging issues, as well as reviewing past performance from which lessons learned are identified and related across business units to improve control frameworks.

The bank’s Governance Committee Framework is attached as an appendix.

The remit of the Risk Committee, appointed and chaired by the Chief Executive Officer, has been reviewed and the key areas of focus for that committee include: risk appetite; risk performance and control environment; regulatory environment; risk culture, capability and capacity, and risk policies, frameworks and tools. An annual operating schedule guides the agenda for committee meetings aligned to these responsibilities.

The membership of the committee has been changed to include the directors from each business unit who report to the committee on the risk profiles for their areas. Committee members from the Risk function provide challenge and oversight, and attendees from Internal Audit give an independent assurance perspective. The duration of committee meetings has been extended to incorporate the wider agenda.

Each major business area has established a Management Assurance Committee (MAC) to support the oversight and governance of risk at a business unit level. Each MAC is chaired by the relevant business unit director.

Business unit directors attend and report to the Board Risk Committee on business unit risk profiles. The Chief Risk Officer provides challenge and oversight from a Risk perspective and the Head of Internal Audit attends the Board Risk Committee from an independent assurance perspective.

Management and Board information has been improved and aligned to Risk Appetite and to improve management and Board oversight of risk.

8. Please provide an organisation chart of your Risk function, including the reporting lines of the Chief Risk Officer and the Risk team (it is not necessary to provide names).

The Chief Risk Officer UK reports jointly the Executive Director UK (a Board member) and the NAB Group Chief Risk Officer.

How are the fixed and variable elements of remuneration of your Risk personnel determined? Please specify the performance measures used.

Fixed and variable remuneration is determined in the same way as other areas of the bank (set out in question 10 below) with fixed salary based on a combination of experience and performance in relation to agreed salary bands.

Variable pay is discretionary with Risk personnel either on the Short Term Incentive (STI) scheme or linked to the General Bonus Scheme.

Performance is measured against a balanced scorecard that incorporates assessment of outcomes across four categories: financial and risk management; strategic initiatives; employees and culture, and customer and community (see response to question 13).

Shareholder Engagement

9. Have you experienced an increase or decrease in shareholder engagement in the last fiveyears? Please quantify your answer where possible. In which areas of your business and from which class of shareholders have you seen the most engagement?

CB PLC is a fully owned subsidiary of National Australia Bank Ltd.

Remuneration Reforms

10. What further reforms are planned to your remuneration policies, principles and arrangements? Briefly describe any deferment and the clawback principles which you have established, along with your reasons for establishing them.

The bank will review its performance and reward framework during 201213.

During 2012, we extended the performance period on the executive long-term incentive from three to five years.

The bank’s deferral framework allows:

time for performance to be assured after the allocation of performance based reward;

for the factoring of longer-term risks, and

for compliance breaches and poor performance consequences to be linked to reward outcomes.

A standard deferral framework applies across the Group for all performance based variable Short Term Incentive plans. Deferred amounts are provided wholly in company equity and, depending on the remuneration package and role of the employee, up to 75% of STI can be deferred for up to three years.

For Long Term Incentive (LTI) awards deferred amounts are provided wholly in company equity and 100% is deferred for a minimum of 4 years with up to 5 years deferral depending on the level of vesting at the end of year 4.

Both STI and LTI deferral is subject to forfeiture conditions, including as a result of resignation, termination of employment, or failure to meet performance or compliance requirements. Forfeiture of all or some deferred amounts can be applied by the Board if rewards are later considered to have been inappropriate given individual or business performance. An assessment of whether performance has been assured will be made prior to the release of any deferred amounts by the Remuneration Committee on an annual basis as part of determining the current performance year outcomes.

Employees who are classified under the FSA Remuneration Code as ‘Code Staff’ have deferral and retention arrangements in line with Code requirements.

Clawback

A reduction or forfeiture/clawback of deferred incentive amounts can be determined by the Principal Board, in its absolute discretion. Such a determination may be made in relation to the performance of NAB Group, a business unit, executive committee, role or individual. In making such a determination factors that may be taken into consideration include the Group’s management of business risk, shareholder expectations and quantitative factors such as misstatement of financials, capital and liquidity measures or protection of the financial soundness of the Group.

The Principal Board has exercised its forfeiture clawback discretion in the past.

Communicating Standards

11. Has the board considered and approved a statement of standards which sets out the values, behaviour, integrity and culture expected from the organisation and its staff? Please enclose a dated copy of the most recent statement.

The behaviours and standards expected of employees in the bank are set out in the bank’s Enterprise Behaviours Framework and Code of Conduct. Adherence to these is promoted and assessed through compliance training requirements and also as part of the bank’s performance management framework. An individual employee’s performance against the Enterprise Behaviours Framework and Code of Conduct is formally assessed at least twice per year and this has a material impact on remuneration.

The Board approved the current Enterprise Behaviours Framework in 2009. The behaviours and assessment tool are attached as an appendix.

The bank is also a founding member of the Chartered Banker: Professional Standards Board (CB:PSB) and was one of the first signatories to its Code of Conduct (Board meetings July and October 2011). See response to question 15.

How often does the board discuss and assess organisational culture and what evidence do you have to support this?

The Board discusses the implications of its decisions for customers, employees and for the overall culture of the bank as a matter of course at all of its meetings. In addition, there is an annual formal assessment of organisational culture that is informed by the bank’s annual ‘Speak Up, Step Up’ (SUSU) survey. This is designed to support continuous improvement in culture, including employee engagement, enablement, diversity, and risk.

The survey is the bank’s primary source of employee insights and is conducted across the entire NAB group globally in March/April every year. The UK response rate is 80%.

The survey allows results to be compared within and between business units, across different parts of NAB globally, and against best performing organisations across all industry sectors. The results are used to develop annual action plans.

Amongst a wide range of indicators, the survey measures progress realising the bank’s cultural aspirations and Enterprise Behaviours. In recent years, the survey has been adapted to help measure key indicators of the bank’s risk culture

The main findings of the SUSU survey are reported to the Board.

12. Please summarise how your organisation monitors these staff standards. What business function(s) is responsible for monitoring them? How are line managers incentivised to escalate concerns to the relevant function?

As indicated above, performance in demonstrating Enterprise Behaviours is an integral part of the bank’s performance management framework. People leaders are responsible for assessing their employees’ behaviour, conduct and compliance on a continuous basis and the performance management framework has a twice yearly formal appraisal point built in. Any individual who does not properly comply with either the Enterprise Behaviours or other aspects of the Code of Conduct is subject to a ‘Compliance Gateway breach’ and a performance improvement plan is implemented (see response to question 14). People leaders who do not appropriately manage compliance issues within their teams will be in breach of Group Policy and may also be subject to a performance improvement plan.

The bank’s internal compliance function monitors overall compliance outcomes and people leaders are assisted in managing behavioural/cultural issues by Human Resources.

13. How are these standards embedded in staff performance assessment and incentives? How are these objectives balanced against other targets and criteria?

Performance is measured against a balanced scorecard that incorporates assessment of financial and risk management, strategic initiatives, employees and culture, and customer and community. Individual performance consists of an assessment of the employee’s achievement of their performance objectives (set at the beginning of the performance year) as well as their behaviour.

The Behaviour Outcome is based on how well (quality) and how often (frequency) the individual has demonstrated the Enterprise Behaviours during the performance period, relative to peers. If an individual does not display, or rarely displays, appropriate behaviours, no incentive is paid. Conversely, better behaviour outcomes can lead to increased incentives being paid.

Compliance breaches result in a reduction of incentive paid. Serious breaches will result in the individual being ineligible to receive an incentive payment for that year and any unvested deferral components from prior periods forfeited.

14. Please provide statistics (such information as is held) on the number of breaches these standards both investigated and sanctioned, in the past 3 years, by staff grade and business function (limited to client facing, risk, compliance, internal audit and other). Please provide samples of any periodic management reporting on these standards.

As discussed at Question 12, the bank has a Compliance Gateway, which is an integral part of its performance and reward framework. The Gateway defines and measures the minimum level of compliance that is expected of employees and is determined by obligations set by laws, regulators, contracts, industry standards, internal policy, procedures and codes.

All employees have compliance requirements that must be met to ensure that they, and in turn the bank, fulfil compliance requirements. Not meeting minimum requirements may impact individual performance outcomes and any subsequent reward outcome.

Where an employee does not meet all of the required minimum standards, an Amber rating is given. For serious breaches, or where improvement is not demonstrated from a previous Amber rating, a Red compliance Gateway rating is given.

The outcomes from Compliance Gateway reviews over the last three financial years are shown below.

15. Which professional bodies or institutes does your organisation support or is it affiliated with? Are staff encouraged or required to join such groups and, if so, what proportion of those eligible does so?

The bank is a founding member of the Chartered Banker: Professional Standards Board (CB:PSB), which was created to enhance and sustain ethical and professional development across the UK banking industry. It was launched in October 2011 when it published the Chartered Banker Code of Professional Conduct, which the Board considered and committed to. A copy of the Code is attached as an appendix.1

The CB:PSB serves as a public demonstration of banks’ collective commitment to restoring trust in the banking profession and emphasises their responsibility to customers, colleagues and wider society. It is supported and staffed by the Chartered Banker Institute (CBI), a trading name of the Chartered Institute of Bankers in Scotland,—the oldest professional banking body in the world.

Together, the founding members of the CB:PSB serve more than 70 million UK customers, and employ more than 350,000 individuals working in banking in the UK. It is anticipated that other banking organisations will join as the CB:PSB progresses.

In July 2012, the CB:PSB published its first standard—the Foundation Standard for Professional Bankers. Those who reach the Foundation Standard have demonstrated a good knowledge of the purpose and function of banks, the economic environment in which they operate, products and services and regulatory and legal requirements. They must also demonstrate a commitment to take responsibility for acting ethically and professionally and to build relationships based on honesty, integrity, fairness and respect.

By September 2013, the bank will have taken c.1700 employees in Direct Banking, Retail, and Operations & IT, through the Foundation Standard, most of whom have already completed the Professional Banker Certificate (the entry level qualification offered by the CBI) or an internally accredited certificate developed in conjunction with the CBI. The bank plans to roll out the Foundation Standard, or more advanced standards once published by the CB:PSB, to the remainder of its employee population from July 2013 onwards when its initial deployment has been evaluated.

The CB:PSB intend to publish Professional Standards at Intermediate level, covering specialist roles, and Advanced level for experienced and senior bankers. These will also be adopted by the bank once they are available.

The bank believes that the commitment to professionalism in banking that some of the largest employers in the industry have made through the CB:PSB is a significant advancement that should be built on to further improve the professional standards and culture of the UK banking sector.

While the bank actively encourages and supports training and continuous professional development through the Chartered Institute of Bankers Scotland, employees are not required to join a specific body or institute unless it is a requirement of their role (eg Accountants may be required to join the CPA).

Staff Responsibilities

16. What incentives exist for staff to identify and report suspected risk and control issues? How do these compare with incentives for other aspects of good performance?

The performance of all staff is assessed against balanced scorecard outcomes across four categories: financial and risk management; strategic initiatives; employees and culture, and customer and community.

Weighting against each category is role dependant however must be balanced ie a minimum of 15% and a maximum of 50%.

The willingness of employees to raise risks and issues is monitored via the annual culture survey (see response to question 11).

In addition, the bank has a well-established “whistleblower” framework that allows and encourages employees to raise genuine concerns about undesirable business conduct in a protected and confidential manner.

17. What has been the impact of increased use of technology on the use of professional judgement of risks and controls day to day? How does your organisation equip staff to develop and exercise such judgement in identifying new and potential risks?

While there has been an increase in the use of technology across all bank functions, this has not replaced or diminished the role that individual professional judgement plays in the day to day management of risk and the bank’s overall risk and control framework.

The personal responsibility/accountability that all employees have for risk management is a central tenet of the bank’s new Risk and Control Framework and the breadth and depth of support for employees in fulfilling their risk responsibilities has increased (see answers to question 19–21 below).

18. How are client-facing staff incentivised to treat customer service and product transparency as their priority? How do these compare with incentives for other aspects of good performance?

As indicated in response to earlier questions, we have a number of behaviours, standards and compliance requirements that must be adhered to by all employees (including those that are client-facing) and which form an integral part of an individual’s balanced performance scorecard.

Following the publication of the FSA consultation document, ‘Risks to Customers from financial incentives’, the bank is reviewing and considering how/whether incentive schemes could be better structured in light of this latest guidance.

Risk and Compliance Functions

19. Please summarise the risk and control responsibilities of risk and compliance functions in your organisation.

The bank operates under a three lines of defence model. The model is based on the risk principles of first line (the business units) ownership of risk, second line (the Risk function) providing oversight and challenge, and the third line (Internal Audit) providing independent assurance.

In line with this model the bank’s Risk Management function (including a compliance function), is accountable for establishing and maintaining the enterprise risk management framework and for providing monitoring, challenge and oversight.

The Risk function is also responsible for developing and executing an oversight and monitoring plan that provides their opinion on the performance of the framework on an ongoing basis. In addition, risk management provides opinion and insight on risk matters through reporting to the key governance committee. Support is also provided by the parent Risk function in areas such as global risk framework development, policy setting, governance and overview.

The Risk function, via the authority delegated to the Chief Risk Officer by the Group’s Chief Risk Officer, has veto authority over any business transaction or matter and may escalate matters to the Chief Executive Officer and in turn to the Board’s risk committee and to the Group Chief Risk Officer.

20. How are risk and compliance staff incentivised to treat risk management as their priority? How do these compare with incentives for other aspects of good performance?

The performance and reward framework for risk and compliance staff is consistent with the bank’s overall approach to performance management and incentives as detailed in response to previous questions.

21. How do you foster a business perception of risk/compliance being ‘partners in creating sustainable value’ as opposed to ‘barriers to revenue’?

In the summer of 2011, the bank’s new CEO set out three new priorities for the bank.

These were:

Building on our distinctive customer experience and getting it right for our customers.

Strengthening our risk framework & maintaining a constructive relationship with the Regulator.

Delivering improved and sustainable shareholder returns.

As part of the drive to meet these priorities, and to strengthening the bank’s overall risk and control framework, the contribution that all employees of the bank, regardless of location or function, make towards good risk management has been consistently emphasised in CEO communications and through internal communications channels. A central resource for staff, the Risk Hub, has been launched on the bank’s intranet to provide a readily accessible one-stop shop to help employees manage risk within their role. It provides access to a range of key risk management support resources as well as news and updates on risk related developments across the bank. The Risk Hub also acts as a library for ‘Lessons Learned’ experiences from employees across the bank.

Internal Audit Function

22. Please summarise the objectives and responsibilities of internal audit in your organisation? How are the scope and focus areas of an internal audit plan determined and prioritised? Please provide a copy of the latest internal audit plan presented to the board and the most recent quarterly internal audit report.

Internal Audit’s role as the third line of defence is to provide independent, objective assurance to the Board and Executive Management on the internal control environment across the bank and the operation of risk management, control and governance processes.

The 201213 Audit Plan was based on a comprehensive risk assessment exercise incorporating a ‘bottom up’ and ‘top down’ assessment of business unit risks to identify the key risk areas and proposed audit coverage. The risk assessment is Internal Audit’s independent opinion based on inherent and residual risk.

The planning process considered:

Macro-economic and external business conditions.

Internal environment including the strategic change agenda.

Independent assessment of the banks risk profile.

Changes in the regulatory environment and areas of FSA focus.

Previous assurance activity.

Input was also obtained from the Non-Executive Directors and Executive Management, External Audit and the bank’s strategic alliance partner (PwC at the time).

The plan was subject to challenge from the Global Audit Leadership Team with insight from the Chair of the Principal Board Audit and Risk Committees and the Group Chief Risk Officer. The plan was presented for review and approval at the Board’s audit committee and for noting at the executive management Risk Committee.

On-going review is performed to ensure the Internal Audit planned assurance work remains aligned with known and emerging risks.

23. Please provide the organisation structure and reporting lines of the internal audit function. What is the size of the internal audit workforce (core-sourced and outsourced personnel)? How has this level of resourcing been determined and which individuals/committees are party to this judgement?

Internal Audit has private meeting sessions with the board’s audit committee as well as having a clear independent functional reporting line to it. The Head of Internal Audit also reports functionally to the NAB Chief Audit Officer. There is an administrative reporting line to the UK Chief Risk Officer, which is changing to the UK Chief Executive Officer with effect from 1 November 2012.

As shown in the organisational structure chart (attached as an appendix), the Audit function consists of 31 personnel and is part of the Group’s Global Internal Audit team. Audit also uses a strategic alliance partner (KPMG). This relationship enables Audit to access specialist skills (as required) and provides training and support for the Audit team.

The level of resourcing for the Audit team is considered as part of the annual planning process, when the capacity and skills of the team are formally reviewed to confirm they are adequate to deliver an effective plan. Resources are kept under review to take account of changes to the risk profile and specific assurance needs. Material changes to the size and structure of the team would be subject to approval by EBAC and the Group Chief Audit Officer.

24. How is the performance of internal audit assessed? How is the function incentivised to confront the largest risk and control issues?

Audit’s performance is assessed annually by the board’s audit committee and by Executive Committee members. This assessment is conducted by Group Governance and covers both quantitative scores and qualitative comments. Internal Audit supplies the aggregation of its assignment based surveys and all three results are tabled by Group Governance with the Principal Board Audit Committee. An extract of the UK Audit assessment is also tabled at a meeting of the board’s audit committee.

External Audit review Internal Audit’s work annually to consider whether they can place reliance on Internal Audit for external audit purposes. Confirmation of their reliance on Internal Audit was provided to the Principal Board Audit Committee early October 2012.

The Institute of Internal Auditors in Australia (IIA) has just completed an independent review of the adherence to professional standards by the Group’s internal audit function. This covered (among other things) the internal quality assurance program which operates globally. The IIA review covered the UK Internal Audit team in terms of application of methodology and regional quality assurance results. The assessment found that internal audit activity at the bank is operating well and is representative of better practice. It is highly regarded as providing effective internal services and is well-attuned to the needs of the business and audit committees.

Performance and behavioural scorecards articulate the performance expectations on Internal Audit from the Chief Audit Officer. Team members are formally assessed on their performance on a six monthly basis. There is no distinctive incentive programme for the Internal Audit team; they share the same general incentive arrangements set out earlier within this response.

On-Going Corporate Governance Developments

25. Which areas of corporate governance within your organisation need further development and reform? What are your priorities for the next twelve months regarding corporate governance?

Over the course of the last twelve months, the bank has reviewed and renewed its risk and control framework, conducted a Strategic Review of its business model and has substantially refreshed its Board composition and operation. Future governance reforms will relate to the operation of the Board and will include:

bringing greater definition to the relationship between the Board’s Audit and Risk committees and reviewing the remit of each committee;

review of the process for the annual assessment of the performance and effectiveness of the Board, its committees and of individual directors;

refreshing director training and development programmes;

improving Board information ensuring the Board receives the right information at the right time, and

on-going review of Board composition and succession planning.

31 October 2012

APPENDIX 1

THE PERFORMANCE OF THE BOARDS OF NAGE AND CLYDESDALE BANK (CB): REVIEW AND RECOMMENDATIONS JUNE 2010.

Executive Summary

A. The UK Boards (and the two key Committees for Risk and Audit) have acted as a cohesive and constructive unit through the 18 months reviewed, ably led by the Chairman.

B. The Boards perform their duties effectively and efficiently in the full Board and in the two main Board Committees. There is full engagement from all the NEDs and focused, well articulated, challenge in the areas for which the local Boards are clearly responsible. Interaction between executive and non-executive Board members is constructive but could be strengthened further. Since oversight of nabCapital’s London branch has been removed from the Boards’ remit, the number, experience and skill set of the present Directors has been appropriate (though see C below). The Boards obtain access to external resources as necessary.

C. The range of experience of those on the Boards and the fact that most members have been in post for some years has been helpful in the recent crisis. More formal planning to refresh the Boards’ independence for the future is needed, though the most desirable future composition of the Boards will depend in large part on key strategic decisions about the future of the UK operations, yet to be taken. One early action, which would in any event be desirable, is for the Board to recruit a suitable future chair of the Audit Committee. Other new independent NED appointments will need to be considered in the next two—three years.

D. The Boards have a number of distinctive features (such as the absence of a Deputy Chairman and a Senior Independent Director, SID), and a high overlap between the main Boards and the Committees). These features have not damaged performance to date. But, at the least, the formal selection of a SID would help avoid any vacuum in the event of the unexpected non-availability of the Chairman.

E. A number of Board processes, covering the succession, selection, induction and ongoing development of Directors, need to be formalised and put fully into operation. There should be a regular a1mual self-assessment of the Boards’ performance, facilitated every two or three years by an external party. This would include a formal evaluation of each member of the Board by the Chairman. These changes (with which the Chairman is in full agreement) will help identify agreed priorities for the skill sets that should be sought in new Directors, as well as maximizing the contribution of those already on the Board.

F. Over the period reviewed, a limited but important number of subjects have arisen where local Directors have not agreed in full with Group policies or where local Directors have felt they may not have enough say. Areas of initial disagreement (over [REDACTED] and the [REDACTED] have been dealt with constructively. There are other issues, particularly in respect [REDACTED] which remain more open. They are of potential interest to four parties: the parent and local Boards, the Australian prudential regulator APRA, and the FSA. This Report sets out possible paths to resolution.

G. We are satisfied that the Directors understand very well the need to maintain a clear distinction between their duties as directors of CB and as directors of NAGE. It is the Company Secretary’s duty to ensure the distinction is identified where necessary in the UK Boards; we saw that this had been effected appropriately in the very few issues of this kind which have arisen since the beginning of 2009. The current 100% overlap between the two local Boards is therefore no cause for concern; and does permit streamlined operation.

H. The performance of the Company Secretary and his team has contributed significantly to the effectiveness of the Board and is appreciated by it. The present reporting line (for both Legal Services and the Secretariat) is to the CEO. This has worked effectively, but it would be normal best practice for the Secretary to have a reporting line to the Chairman. We have advised the Company Secretary on ways in which the contribution of his team could be improved further.

1 Not printed. Chartered Banker Code of Professional Conduct Our Commitment to Professionalism in Banking October 2011. Online at: http://www.cbpsb.org/media/commitment_a5_-_final.pdf

Prepared 24th June 2013