August 10, 2015
I. Introduction: Corporate Governance relates to the processes and structures that should be put in place in order to direct and manage the business and affairs of an institution with the objective of ensuring its safety and soundness while enhancing shareholder value. It defines the division of power and establishes mechanisms for achieving accountability between the board, management and shareholders, taking into account the interests of other stakeholders such as customers, employees and the community at large. It also provides the structure through which the objectives of the institution are developed and implemented and the means by which the performance of the institution in relation thereto is monitored and controlled. With the advent of increased globalization, advanced cross border businesses, unprecedented innovations and improved technology together with the growing sophistication of financial products, financial institutions are now challenged with the need to adopt a more systematic approach to risk management. A crucial element of risk management is strong corporate governance. II. Risk Management: Financial institutions shall have corporate governance structures that promote effective identification, monitoring, measurement and management of risks. The board shall:
- ensure that the financial institution’s policies and systems are effective and aim to achieve prudential balance between the risks and potential returns to the shareholders;
- specify the methods of authorization, limits and delegation as well as a dual control system to ensure accuracy of risk exposure limits;
- require management to implement a comprehensive and rigorous process for risk management and internal control which identifies, monitors, measures and controls different types of risks;
- receive regular reports on the operations and the nature and magnitude of the risks, the financial institution is exposed to and a regular assurance that all the risk management systems and internal controls are being properly applied at all times;
- review the adequacy of the risk management policies, systems and procedures proposed by management to conform to any changes in strategies, products and market conditions; and
- ensure that the compliance function forms part of the overall risk management framework and management is appraised of compliance related issues in a timely manner.
- The major tasks of the Risk Management Committee include the following:
- review of the principal risks, including but not limited to credit, market, liquidity, operational, legal, compliance and reputational risks and the actions taken to mitigate the risks;
- formulate and make recommendations to the board in respect of risk management issues;
- receive periodic information on risk exposures and risk management activities from senior officers;
- ensure that the CEO facilitates training programmes for directors and senior management to enable them to have a robust understanding of the nature of the business, the nature of the risks, the consequences of risks being inadequately managed and the techniques for managing the risks effectively; and
- review and approve discussions and disclosure of risks.
- The chairperson of the Risk Management Committee shall preferably be an independent director and in the case of a subsidiary of a foreign bank elects to have a Risk Management Committee in Mauritius, the chairperson shall be a non-executive director. A subsidiary of a foreign bank, however, wishing to be dispensed of the requirement of a non-executive director, shall seek the prior approval of the Bank and consideration thereof will be given on a case to case basis.
- The CEO of the financial institution shall be a member of the Risk Management Committee.
- The committee shall meet at least once every quarter. The interval between any two meetings shall not be more than 110 days, with a minimum of 4 meetings during each financial year.
- The Risk Management Committee may perform the function of the Conduct Review Committee, provided its composition meets the requirement of the Conduct Review Committee. In such cases, the committee shall be named as the Risk Management/Conduct Review Committee and the chairperson shall be either an independent or a non executive director, as the case may be.