The European Banking Authority (EBA) has published the final version of its revised Guidelines on Internal Governance. These Guidelines aim at further harmonising EU banks' internal governance arrangements, processes and mechanisms.

The revised Guidelines will enter into force on 30 June 2018, and replace the EBA's 2011 guidelines. CRD4 requires banks to have robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility; effective processes to identify, manage, monitor and report potential risk exposures; adequate internal control mechanisms, including sound administration and accounting procedures; and remuneration policies and practices consistent with, and promoting, sound and effective risk management.

The EBA Guidelines emphasise:

• The responsibility of the management body (unitary board or supervisory board) for sound governance arrangements, risk oversight, and challenge of management decision-making; 
• Establishing a risk culture, abiding by a code of conduct and managing conflicts of interest;
• Improving the status of the risk management function, enhancing the information flow between the risk management function and the management body and ensuring the effective monitoring of risk governance by an accountable management body; 
• The framework for the governance of business conduct; 
• Additional guidelines to further increase the transparency of banks' offshore activities; and 
• Additional guidelines on the consideration of risks within banks' change processes.

Implications

Banks are expected to comply with these Guidelines and therefore should take an early opportunity to inform, or refine, their risk strategy and strengthen their internal governance arrangements accordingly and proportionately. In particular, they should ensure that adequate internal governance provisions are in place in terms of a clearly defined and sufficiently well-communicated risk culture; the implementation of a robust risk management framework; demonstrable structures of risk oversight; effective risk assessment and monitoring mechanisms; and transparency of their broader organisational structure and commercial activities.

The ECB has already undertaken a significant amount of work in this area and it should be anticipated that its supervisory framework will incorporate these revised Guidelines.