Corporate Governance of Banks in Transition Countries

Abstract

This paper contributes to our understanding of corporate governance in the banking sector by focusing on transition countries. We examine to what extent transitional countries have embraced the wave of new standards introduced by the Basel Committee, the Financial Stability Board or the European Banking Authority. Our analysis focuses on the main governance weaknesses targeted by the new regulatory and governance best practice framework. Questionnaires and interviews cover board composition and functioning, bank’s strategy and risk appetite, risk governance, and incentives. The analysis is carried out in 16 countries in six regions. We show that governance practices of banks diverge within and across countries, shaped by different legislations, supervisory modes and governance frameworks. Responses to questionnaires indicate that board composition and functioning is the weakest governance part of the chain. Besides, board independence remains one of the biggest issues. In most cases, the board is also barely involved in setting and monitoring risk appetite. Finally, in most countries compensation is tied to short term business performance rather than to governance values and strategic goals. Overall, the large majority of surveyed banks present an embryonic risk culture and boards have a vast agenda ahead, beginning with strengthening risk management and changing incentives.

This paper is partially built upon the EBRD 2010–2012 Assessment on Corporate Governance of Banks.

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

1 Introduction

Recent years in the world of finance have been dramatic and turbulent. The existence of the modern financial system appears to be in jeopardy. In August 2009, the International Monetary Fund (IMF) calculated that the total cost of the global financial crisis reached $11.9 trillion, including cash injections into banks, the cost of purchasing toxic assets, guarantees over debt and liquidity support from central banks. That was equivalent to one-fifth of the entire world’s annual economic output. This estimate, only partially reflects the aggregate cost of the crisis and the painful effects that are being felt in the real economy. A substantial responsibility for the financial, then economic and now social and political crisis afflicting the world today comes from critical weaknesses in financial institutions and financial markets’ governance (see e.g. Mehran et al. 2011).

The financial crisis was a crisis triggered by banks from developed countries. Transition countries were not directly involved and proved rather to be resilient – at least till the end of 2008 – and a source of liquidity and revenues for some international financial groups that would have been otherwise hit more severely. The response to the 2008–2009 financial crisis and the underlying events has been an avalanche of legislations and new corporate governance proposals. In 2010, the Basel Committee on banking supervision updated its principles for enhancing corporate governance to respond to governance failures, in particular to “an insufficient board oversight of senior management, inadequate risk management and unduly complex or opaque bank organisational structures and activities” and, in 2012 revised its core principles for effective banking supervision to include a principle specifically dedicated to corporate governance.

The present paper contributes to our understanding of corporate governance in the banking sector by further examining to what extent transitional countries have embraced this wave of new standards and follow what is now considered as bank governance best practice. Our analysis focuses on the main governance weaknesses targeted by the new regulatory and governance best practice framework. Therefore, the questionnaires typically cover board composition and functioning, board role in setting strategy and risk appetite, risk governance, and incentives. The analysis is carried out in 16 countries in six regions including Central Europe, South-Eastern Europe; Eastern Europe, Central Asia; Russia, and Turkey.

A large and well established literature has shown that governance mechanisms have an influence on banks’ overall stability (e.g., Saunders et al. 1990; Gorton and Rosen 1995; Anderson and Fraser 2000; Caprio et al. 2007; Laeven and Levine 2009; Pathan 2009; Aggarwal et al. 2009). Other studies such as Bebchuk and Spamann (2010), DeYoung et al. (forthcoming), Fahlenbrach and Stulz (2011), and Bhattacharyya and Purnanandam (2012) focus on compensation structures in banks and risk taking behavior. Although these studies have clearly established a link between governance and bank stability, none of the studies investigates the influence certain governance characteristics might have on bank performance. In particular, lacking proper board involvement in strategy and risk appetite setting, insufficient board oversight over management, weak management of risks and inappropriate pay structures leading to excessive risk-taking and short-termism were named as significant weaknesses in the way financial institutions were run. This paper contributes to this corporate governance-related body of research by investigating each above mentioned governance aspect. Moreover, policy recommendations are provided where possible, although several issues have no clear answers.

Our analysis shows that governance practices of banks diverge within and across countries, shaped by different legislations, supervisory modes and governance frameworks, but also by widely varying ways of applying the governance framework. Responses to questionnaires and interviews indicate that board composition and functioning is the weakest governance part of the chain in transition countries. If boards are in general of adequate size, with directors considered being qualified enough, two-third of countries surveyed have a non-transparent and weak director nomination process. Also, director independence from management and controlling shareholders remains one of the biggest issues we found.

Overall, the board seems to serve mostly as an administrative and formalistic body. This in turn may partially explain why board’s ability to review risk management ranks very low in our survey. The board is also barely involved in setting and monitoring risk appetite in two-third of the cases and in most cases, the board’s approach to setting the risk appetite appears to consist solely of regulatory–driven credit. Turkey, Romania and Serbia are among the exceptions backed by a strict regulatory framework.

Regarding compensation, the current crisis has revealed that many banks organised incentives in a way that was inconsistent with their goals. In the majority of countries reviewed, chief risk officer and other senior managers compensation is tied to business performance. In addition, few banks demonstrate initiative and rather follow innovation of the regulatory framework.

The large majority of surveyed banks present an embryonic risk culture and boards have a vast agenda ahead, beginning with strengthening their risk management expertise, elevating the chief risk officer and changing her incentives.

The discussion of governance of banks in transitional countries begins with a look at the special case of banks and the consequences for the regulation and supervision of banks (Sect. 2). The paper then addresses board characteristics, which include the size of the board, the number of outside directors, the experience of the directors, and their other activities (Sect. 3). The next section explores the risk management function looking at the specific role of board in defining the banks’ risk appetite and implementing the overall risk strategy (Sect. 4). The next topic -risk governance – explores the regulatory framework, looking at two specific inputs that permit efficient risk management (Sect. 5). Last, the paper focuses on compensation, including trends in compensation packages and recent evidence demonstrating how compensation practices may reduce excess risk (Sect. 6). The paper ends with a conclusion.

2 The Governance of Banks: Context and Methodology of the Study

Corporate governance in banks differs from the corporate governance of non-financial companies. This is due to the nature of the banking business (that is, dealing with money), the need for protection of the weakest party in the chain (that is, the depositor) and the systemic risks that a bank failure might cause.¹ Bank failure might also undermine one of the core elements of the market economy, people’s confidence in banks. When depositor confidence is lost in a bank, its whole survival is put in jeopardy, and in turn, that of other interconnected banks as well. The potential externalities mean that the standards expected of corporate governance in a major life company should be in line with those for a major bank.²

Other substantial differences between banks and nonfinancial firms can be highlighted. First, the balance sheet of banks presents a much greater inherent opacity. This in turn makes it difficult for outsiders to evaluate the quality of the assets which a bank holds and, therefore, its true financial position (Freixas and Rochet 1998). Second, a bank serves several conflicting interests, from equity holders, to borrowers or depositors and good governance is important for balancing those interests (Bolton et al. 2007). Third, banks are very heavily leveraged, with a maturity mismatch between assets and liabilities. In addition, most of their liabilities are owed to a large number of atomized depositors who have the most to lose from abusive or negligent management. Finally, due to the potential negative externalities of bank failures banks are subject to strict regulation and supervision.

For this purpose, in 2007, jointly with the Organisation for Economic Co-operation and Development (OECD), the Legal Transition Team of the European Bank for Reconstruction and Development (EBRD) identified a number of key challenges affecting banks in Eurasia and proposed a set of recommendations to address them. Following the Eurasian experience, in 2009 the Legal Transition Team and the IFC-Global Corporate Governance Forum proposed a set of recommendations to implement sound corporate governance practices in banks in South East Europe. Under this background, the 2010–2012 assessment on corporate governance of banks aims at measuring the state of play³ in the banking sector in the EBRD countries. The assessment examines key benchmarks to ascertain how the corporate governance practices in banks are laid down by laws and regulations and, most importantly, how they are implemented and how the overall system works.

More specifically, the assessment is based upon a checklist built on international best practice standards that identifies 43 key corporate governance challenges that banks face. The checklist includes bank-specific issues as well as general corporate governance issues addressed within eight corporate governance areas. These issues are derived from selected international best practice standards (Basel Committee on Banking Supervision 2006, 2010).⁴ These issues were detailed in three separate but complementary questionnaires circulated to some among the largest banks in each jurisdiction, regulators, law firms and banking associations (see Exhibit 1.).

When analysing banks, we decided to follow the Basel Committee on Banking Supervision approach and focus on the internal governance aspects. Two main reasons explain this choice. First, the context and aim of this EBRD study, and second the oligopolistic nature of these markets, largely dominated by few top players.

The analysis, covering 60 banks, includes 16 countries in six regions:

• Croatia and Hungary in Central Europe;

• Albania, Bosnia and Herzegovina, Bulgaria, Former Yugoslav Republic (FYR) Macedonia, Romania, and Serbia in South-eastern Europe;

• Armenia, Azerbaijan, Georgia and Moldova in Eastern Europe and the Caucasus;

• Kazakhstan and Tajikistan in Central Asia;

• Russia, and

• Turkey.

In Azerbaijan, Georgia, Kazakhstan, Moldova, Romania, Russia, Serbia and Turkey responses to the questionnaires were complemented by face-to-face interviews where the EBRD assessment team met with bank representatives, lawyers and regulators.

Time constraints coupled with the amount of countries to be assessed limit the number of banks that could be reviewed and therefore banks covered were filtered based on the three criteria:

1. 1.

   the selected local banks rank among the top five banks of the country, measured by the size of their assets.

2. 2.

   among the top five banks, selected banks provide sufficient access to adequate information.

3. 3.

   when possible, banks with EBRD equity participation were selected.

This sample of banks, encompassing both private and listed institutions, was therefore not built on a voluntary basis. The largest banks in each country were reviewed, regardless of their governance quality. This selection method may bias upward the overall results, given larger financial institutions are likely to be more sophisticated and present a better governance framework. We did not notice a major difference between listed and non-listed banks, but as further discussed, foreign-bank ownership is a discriminating factor. One should note that for this work, our analysis mostly reviewed individually the different governance characteristics.

Exhibit 1

Assessment methodology

3 Board Composition and Functioning

Numerous studies have focused on the board of directors as the main element that shapes the quality of corporate governance practices (see e.g. Hermalin and Weisbach 2003; Adams and Mehran 2003, 2012; Adams et al. 2010; and Adams 2012).

3.1 Board Structure

Banks – and in general all joint stock companies – can be organised either under a one-or a two-tier governance system. In the unitary system, a single management body (or a board), ideally made of both executive and non-executive directors, is in charge of management, direction and oversight.⁵ In the dualistic system, the corporation is managed by a management body composed of executives who are supervised by non-executive directors sitting in the supervisory board. This entity is considered in our study as the board of directors.

Best practices suggest that the roles of chief executive officer and chairperson be separated or that other means be found to provide an appropriate counterbalance to the powers of the executive. In countries with two-tier boards, the roles should be separate by definition, since executives should not sit on supervisory boards. In countries where single-tier boards exist, there is continued discussion on whether the roles of chairperson and chief executive officer should be separated (see Junngmann 2006). The argument toward the one-tier board is that it provides a better understanding of the operational issues at board level and clearer direction. The arguments against are that it is hard for other board members to challenge a powerful chief executive officer who is also chairperson. As a result, the evaluation of board and executive performance might be biased. In the end, the discussion about the effectiveness of corporate governance in one-tier and two-tier board systems is related to the existence of conflicting incentives between the roles of monitor and executor.

The large majority of jurisdictions object of our analysis have a two-tier governance system but in some instances, substantial variations have been introduced.⁶ Few countries are offering companies – and sometimes banks – the option to choose between the one-tier and the two-tier systems (see Exhibit 2).⁷

Exhibit 2

Board structures of banks (Source: EBRD)

In an ideal two-tier structure, the general shareholders’ meeting is in charge of appointing and removing the members of the supervisory board. In turn, the supervisory board should hold supervisory powers over senior management and should be in charge for appointing the management. This structure is followed in Armenia, in both entities in Bosnia Herzegovina, Bulgaria, Croatia, FYR Macedonia, Georgia, Kazakhstan, Romania, Serbia and Tajikistan (see Exhibit 3).

Instead in Albania, Azerbaijan, Hungary, Moldova and Russia, the default rule established by law is that the members of management board are directly appointed by the general shareholders meeting. This solution is of concern, especially because the jurisdictions under analysis are characterised by concentrated ownership and weak – if any- role of independent directors. Indeed, the question is whether the supervisory board can effectively monitor the management board without having any influence over its appointment and removal. In such cases, the controlling shareholder is in full control of the bank’s activities, with little role for the board to provide some objective judgement on the bank’s direction.

Exhibit 3

Authority to appoint the board and management (Source: EBRD)

3.2 Board Size and Competence

A well-sized, trained, professional, and dedicated board is the most effective means to ensure sound bank governance. It is a key contributor to bank performance. Several empirical studies support the idea that large boards can be dysfunctional (Yermack 1996; Eisenberg et al. 1998). It is asserted that “communication, coordination of tasks, and decision making effectiveness among a large group of people is harder and costlier that in smaller groups”. Further, it has been concluded that when boards get beyond a dozen people, they are also easier for the chief executive officer to control, unless there are powerful and effective board committees. Yermack (1996) provides empirical support for these arguments by showing a negative relation between board size and firm valuation. Contrary to largest banks in Western Europe, banks have relatively small boards. The large majority of boards have less than ten members.

The next exhibit (Exhibit 4) shows that – on paper – boards are well sized for efficiently discharging their duties and allow adequate participation to all members.

Exhibit 4

Board size (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

Ideally, the board should also possess, both as individual board members and collectively, appropriate experience and competencies. These qualities should be in line with the bank’s strategy, risk appetite and the board’s oversight responsibilities.⁸

In all countries, banking regulation includes “fit and proper” requirements for members of the management (but much less for the board), and key officials in the bank. In most cases, the law tends to set forth rigorous qualification criteria for executives (i.e., management board members), while the criteria for non-executives (i.e., supervisory board members and board members committees) are limited. In addition, requirements towards supervisory board and committees’ members may not be sufficient to ensure quality supervisory boards in all banks since the implementation of the codes’ recommendations is generally voluntary and limited to listed entities (see Exhibit 5). The ultimate warrant for a “fit and proper” board should be the board and its nomination committee itself. However, the quasi-absence of such committees, perceived as barely needed given the ownership structure, limits banks in moving towards better equipped boards.

Exhibit 5

Presence of board nomination committees (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

4 Independence

The shift in board composition away from insiders toward independent directors has been one of the most important empirical developments in international corporate governance over the past half century. The literature is filled with studies that show that an increase in the representation of outside directors should improve firm performance because they are more likely than insiders to be strong monitors. In particular, boards consisting of a majority of independent outside directors are more likely to replace poorly performing CEOs (Weisbach 1988), better performance (Rosenstein and Wyatt 1990), and better acquisitions (Byrd and Hickman 1992).

4.1 The Definition of Independent Directors

In practice, none of the banks reviewed reported having truly independent directors on their boards. In some cases, independent directors are confused with “non-executives” and in the majority of countries under analysis the independence is associated with having no ongoing relationship with the bank, not even being director.

In Hungary, due to conflicting legal provisions, the concept of independent directors does not seem to be well developed. The Company Act requires that the majority of members of supervisory board or board of directors (in one tier system) in public companies is independent. The definition of “independence” is fairly comprehensive and includes independence from the executives, as well as from the significant shareholders. The banking law instead only requires that members of the supervisory are not in employment with the bank (i.e. non-executive), except for employee representatives on the board. Further, the independence requirement applies only to public companies while out of eight largest banks in the country only two are public companies.

When looking at the information available online it seems that independence is sometimes confused with the fact that directors are non-executive. In Croatia, the banking law requires all banks to include at least one independent director on the board. However, the law does not provide guidance on its role on the board and on board committees. Now, having only one independent director on the board may not be sufficient in order to bring this “independent judgement” as it may be difficult for one director to speak up or have sufficient stature to convince other directors. The Croatian Corporate Governance Code provides a definition of “independent supervisory board member” but it is not clear whether unlisted banks apply the definition of independence provided by the Code. The Code also recommends that the majority of board members are independent and that board committees are made by a majority of independent board members, but the assessment revealed that these Code’s recommendations are generally not complied with.

In Romania, there seems to be some confusion as to the mandatory nature of governance provisions included the company and banking framework. The Law on Commercial Companies requires the appointment of at least one independent non-executive director to all committees established by the board, including the audit committee. Instead, the banking regulation only requires fully non-executive audit committees as well as “independent judgement” from board directors. In practice, some banks had not appointed an independent director that met the independence criteria of company law despite the fact that the bank has established an audit committee.

Turkey, Kazakhstan, and FYR Macedonia appeared to be countries where banks have the most independent board among those revised. However, there are serious doubts about the real independence of boards. In Kazakhstan, the Law on Joint Stock Companies requires that one third of directors be independent and provides a definition of independence which includes independence from management and controlling shareholders. However, the role of independent directors on boards is not entirely clear. On 28 December 2011, the Joint Stock Company Law was deeply revised by the Law on Risk Minimisation which requires, among others, all joint stock companies to have a number of committees chaired by an independent director. This approach is questionable and might not provide the benefits that are hoped by the legislator. While these committees might be appropriate for systemically important banks, they are undoubtedly overburdening small joint stock companies. Moreover, the law still misses to regulate other aspects relating to the board committees (such as functions, reporting lines, etc.), which are key in making sure committees are working properly. As a result, there are many doubts that the law will provide substantial improvements in practice.

In FYR Macedonia, the law provides a definition of independence of board directors and establishes that at least ¼ of board members must be independent. Again, the framework does not stress sufficiently the value and role of independent directors and there is no requirement that independent directors sit on board committees. In Turkey, the corporate governance code issued by the capital markets board requires that one third of directors be independent and provides a definition of independence which includes independence from management and controlling shareholders. However, two of the four banks reviewed do not have independent directors that are both independent from management and majority shareholders. In the other two banks that have independent members, the independent directors account for no more than one third of the board. As in other jurisdictions, it seems that when respondents referred to their “independent” board members they referred in fact to non-executive directors as provided for by banking law and banking regulation.

4.2 The Role of Independent Directors

The EBRD survey has shown that regulators do not pose much attention on the role of independent directors and often this role is not fully understood.

In Moldova, the Law on Financial Institutions requires that the majority of the supervisory board is “non-affiliated” to the bank. The new regulation requires that members of the executive board may not be significant shareholders of the bank, nor affiliated to any such shareholder. Yet, the requirement to have independent directors usually applies to the supervisory board and not to the executive board. Executives should not be independent as they have the mandate to implement the strategy endorsed by shareholders.

In Tajikistan, Georgia, Bosnia and Herzegovina and Azerbaijan, there is no requirement for banks to appoint independent directors on the supervisory board.⁹ In Republika Srpska, the Corporate Governance Standards recommend supervisory boards to include a majority of independent directors. However, listed banks do not publish any corporate governance compliance reports and unlisted banks are not subject to the Standards. In Albania, the law requires the presence of “non-affiliated” directors in the board (steering council), but there is no guidance on their role and no requirement that they should sit in committees.

In practice, while all banks reviewed have created audit committees – as required by law – these do not necessarily include the non-affiliated steering council members. In Bulgaria, the Public Offering of Securities Act requires that one third of the board is comprised of independent directors and gives a definition of non-independent directors. However, the Act applies only to publicly traded companies and most of the largest banks in the country are privately held.

In Armenia, the banking law requires that “all board members must be independent from the management” and the provision has been interpreted in the sense that directors should not be executives (or related to the bank’s executives). Instead, the law does not tackle independence from controlling shareholders.

Exhibit 6

What percentage of the board is independent? (Note: question addressed to selected banks in 16 countries in the EBRD region. The definition of independence varies among jurisdictions. Corporate governance codes provide for definitions generally in line with best practices, but their implementation is limited, especially due to the high number of unlisted banks in the region. As illustrated by the chart below, about 35 % of the banks that participating in the EBRD survey declared to have no independent directors on their board. Source: EBRD)

5 Board Role in Setting Strategy and Risk Appetite

5.1 Bank’s Strategy

The board’s role is to provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed. It is generally accepted that the “job” of the board is not to take – or to pretend to take – executive decisions, it is to set the overarching policies within which such decisions should be taken and to hold managers accountable for the use of the decision making powers that have been delegated to them (Ladipo et al. 2008).

In this context, the activities ranked at the board’s top priorities are the (i) approval of the strategy, (ii) the definition of the budget for pursuing the strategy, (iii) the definition of the risks that the bank can face in attaining the strategy (so called “risk appetite”), and (iv) making sure the management decisions are taken in line with the strategy and within the risk appetite and budget outlined by the board. These key functions are clearly highlighted in the majority of the banks object of this analysis, but there are notable exceptions.

As outlined by the exhibit below, notwithstanding the clear recommendations by international standards that the board should be in charge for setting the strategy of the bank, this practice has not always been formalised in clear rules. This is especially the case for Azerbaijan, Bosnia and Herzegovina, Bulgaria, FYR Macedonia, Georgia, Hungary, Moldova, Romania and Serbia.

Exhibit 7

Authority to approve the bank’s strategy (Source: EBRD)

In Azerbaijan and Moldova, the default rule is that the general meeting of shareholders approves the strategy and the budget and, appoints senior management. Moreover, the law does not shed any light in defining the role of the strategic board in the governance structure of the bank. In Serbia, the major banks are all but one, subsidiaries of international banking groups whose boards seem to have a limited role in the development and approval of annual budgets. More specifically, targets are determined by the parent company and the budget is developed by senior executives of subsidiaries through a bottom-up process. In the Federation of Bosnia and Herzegovina, in FYR Macedonia and in Bulgaria¹⁰ the law does not attribute the approval of the strategy and budget to the supervisory board. In contrast, the Republika Srpska has recently adopted a new company law explicitly delegates the approval of the strategy and budget to the supervisory board. This was already the case in Armenia, Hungary, Russia and Turkey. In these countries, boards are legally responsible for approving the strategy of the bank and for monitoring management performance.

Given that the business of banks consists in taking risk, strategy and risk are inextricably linked. While boards of financial institutions do not manage risks, they are expected to play a key role in ensuring that the appropriate systems of risk measures and mitigation are in place – and that they are actually functioning as intended. Bank boards also play a key role in defining their institutions’ risk appetite and in balancing the different risk preferences of their various stakeholders; namely customers, employees, bondholders, shareholders and regulators. By defining its risk appetite, banks should arrive at an appropriate balance between uncontrolled innovation and excessive caution. It can guide management on the level of risk permitted and encourage consistency of approach across the bank.

5.2 Risk Appetite

The concept of risk appetite, as a forward looking, top-down process that guides risk taking in various areas of the bank activity is underdeveloped in the large majority of countries in the region.

Only few jurisdictions require banks to go the extra mile and make the effort to develop an autonomous and detailed forwarding looking assessment establishing the level of risk that the bank is prepared to accept. Bulgaria, Croatia and Hungary rank among the very few countries that have embraced the concept of risk appetite (see Exhibit 8).

This “acceptable level of risk” is generally embedded in the bank’s strategy or derived from the group’s risk appetite. Sometimes the law delegates the strategic decisions regarding risk management to the board, including approving the bank’s risk management strategies and policies. In most jurisdictions, the board’s approach to setting the risk appetite in their respective institution appears to consist solely of regulatory–driven credit and [sometimes] market risk limits. These limits often change upon management’s request. A bottom-up risk appetite approach, driven by front office credit officers is mostly in place. This seems especially important in small economies with significant concentration of economic interests. Without top down risk appetite boundaries to which the board is committed, credit will always be driven by the power of local economic interests over credit officers and committees.

Exhibit 8

Risk appetite. (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

In this respect, the assessment highlighted significant weaknesses especially in Azerbaijan, Tajikistan, Russia and Moldova. To be involved, a board needs to be adequately equipped. Too often, the composition of the boards does not include a sufficiently varied and mixed set of skills in order to be able to discuss issues related to risk taking and risk management. While approval of the risk appetite by the board should be part of the strategy and approved by the board, it is mostly prepared and discussed primarily by the management, with limited discussion and challenge at the board level.

The framing process of risk appetite, and more generally, risk governance, are at best addressed by guidelines released by central banks and so far poorly addressed by local banking regulation. This is for example the case of Russia, where the banking regulation does not address in much detail risk governance and risk management in banks. Boards are not explicitly responsible for approving the risk appetite and reviewing the risk profile of their banks. Also the Central Bank of Russia does not require the establishment of one or more management risk committee or the establishment of a risk committee at the level of the board.

6 Risk Governance

If the banks’ business is the business of taking risks, then it is clear that risk governance is at the core of banks’ good corporate governance. Risk governance is a relatively new term. The concept of “risk governance” is distinct from that of risk management. Risk management relates to how risks are identified, assessed and evaluated, controlled, communicated and monitored. Risk governance in turn, refers to an entity’s risk culture and focuses on the roles, responsibilities, interactions of all actors that are in charge of ensuring an effective risk management. Risk governance ought to be aligned with the entity’s risk appetite. It includes the skills, infrastructure (i.e., organization structure, controls and information systems), and culture deployed as directors exercise their oversight. Good risk governance provides clearly defined accountability, authority, and communication/reporting mechanisms. The Basel Committee recommends banks to have “an effective internal controls system and a risk management function (including a chief risk officer or equivalent) with sufficient authority, stature, independence, resources and access to the board”. The importance of the chief risk officer (CRO) and the risk committee is examined in depth by Ellul and Yerramilli (2013).

6.1 Risk Regulatory Framework

Within the last 4 years, the large majority of countries object of our analysis have enacted regulations on risk management thereby offering guidance to banks in setting up their risk management function. As a result, boards are now tasked with the approval of policies and main internal rules for risk management and its governance (for example in Albania, Armenia, Azerbaijan, Bosnia and Herzegovina, Bulgaria, Croatia, FYR Macedonia, Hungary, Turkey). The board is required to monitor the bank’s risk profile based on regular reports submitted by the senior management and to ensure that the bank has efficient risk management structure reporting both to the board and senior management.

In some countries such as Azerbaijan or Turkey, regulation sketches further the design of risk governance by requiring banks to set up an executive risk committee comprising members of the executive board and the head of the risk management function. On the contrary, in Tajikistan, there is no mandatory regulation setting the basic requirements on risk governance and risk management systems in banks. The National Bank has adopted a voluntary set of Guidelines on operational risk management in banks and it is assumed that banks follow such guidelines. However, it is not clear how these Guidelines are implemented in practice.

In most countries, the banking framework does not sufficiently highlight the need for the independence of the risk governance function and for the necessary checks and balances to ensure such independence. Ideally, the framework should provide guidance to banks regarding appointment of a chief risk officer (CRO) or equivalent senior executive function. The latter should be responsible for the risk management across the bank and should have direct access to the supervisory board. Instead, the law requires banks to appoint an independent chief risk officer with direct access to the board in few jurisdictions only such as Turkey, Romania or Croatia.

In most cases, there seems to be a perception that the risk function is not an integral part of the business but rather an additional “control”. Croatia is an inspiring example as banks are now required to create independent risk management functions reporting to the management board on the bank’s risk exposure. The regulation also requires banks to have clear lines of responsibility and communication so to ensure that senior executives have integrated and firm-wide perspective on risk. In Russia, instead the Central Bank does not explicitly require the appointment of a chief risk officer or the independence of the risk management function.

6.2 Risk Committees

It might be beneficial for financial institutions to establish a board-level committee focused on risk and the management of material business risks (as long as this committee does not take away from the board the overall responsibility for risk governance). The principal motivations for establishing such committee are as follows:

• the need to create a forum which is comfortable handling quite “specialised” discussions of risk;

• the need to ease the growing workload of the board and its audit committee; and

• the desire to sharpen the board’s focus on longer-term risks.

We witnessed a sharp difference of opinion displayed as to the benefits and disadvantages of such committees. Two main explanations are often advanced against a dedicated risk committee. First, board members often believe that it would unnecessarily increase the workload borne by the non-executive directors due to “possible overlaps between the work done by an audit committee and the work done by a risk committee”. Second, and more importantly, they are firmly of the belief that the board as a whole should carry out the kind of upstream risk analysis which is sometimes delegated to risk committees in other banks. We believe that it is hugely important for the board as a whole to retain this function.

On the management level, it is not a mandatory international practice to create senior risk committees. Yet, it is generally recommended that banks have a governance structure that has an integrated and firm-wide perspective on risk drawing on information available from all bank units. This ensures a more secure risk environment allowing a clearer picture of bank’s risk profile. Otherwise, organisational “silos” can impede effective sharing of information across the bank and can result in decisions being made in isolation from the rest of the bank. Having a senior executive risk committee or a board committee focusing on risk issues may assist the bank in having a more adequate response to market challenges.

It is important for the effective implementation of enterprise risk management that there is effective high-level sponsorship of risk management. Non-executive directors should be well informed on the material risks facing their business and able to effectively challenge executive management. A specific board level risk committee would provide a clear message that risk management is not a “compliance exercise” within a particular institution.

Exhibit 9

Risk committees (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

In a majority of countries (for ex. Albania, Armenia, Azerbaijan, Bosnia and Herzegovina, Croatia, Tajikistan), the banking legislation does not expressly require banks to set up board or executive specific senior risk committees. In Hungary, the banking legislation does not expressly require banks to set up a risk committee at the board level. On the other hand, Recommendation 11/2006 provides that “large organizations may set up risk committees or compliance committees in order to increase efficiency”. In Romania banking regulation allows banks to choose whether or not to establish risk committees, and whether to establish such committee at a board or management level.

Practices mirror the regulatory framework (see Exhibits 9 and 10). In Azerbaijan, for example, responses to questionnaires and interviews indicate that none of the three banks reviewed has established a risk committee at the supervisory board level responsible for regularly setting and reviewing the risk profile. This is not necessarily a bad thing in principle, given the small size of the boards. However, it must be noted that the risk management expertise of the board is generally low.

Fortunately, many financial institutions do not limit themselves to regulatory requirements and go beyond in adopting better practices. In Armenia for instance, the banking legislation does not expressly require banks to set up executive risk committees, but at least two banks reviewed have established senior executive risk committees which meet regularly and have an integrated view of all categories of risks and responsibility for the overall risk profile of the bank. We found similar examples in Bosnia and Herzegovina where three fourth of the banks reviewed have set up senior executive risk committees, having an integrated view of all categories of risks and responsibility for the overall risk profile of the bank. All banks have also established Assets and Liability Committees (ALCO) and Credit Committees and a few other executive committees. This is also the case in Croatia, Macedonia, Georgia, or Romania. The main driver for this extra mile step is related to the ownership structure of those banks that belong for many of them to international banking groups.

Exhibit 10

Risk committees (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

While boards should be allowed to determine the structure that best suits the needs of their banks, the establishment of a risk committee might ensure that there is adequate focus at board level on risk exposure and future risk strategy, as well as focused accumulation of expertise.

6.3 Chief Risk Officer

There is a significant role to be played by senior risk professionals in financial institutions. Recent crises have demonstrated that an independent executive view of the risks facing an organisation is crucial to management taking a balanced view. Keys et al. (2010) find that larger relative power for the chief risk officer implies lower default rates on loans (mortgages and home equity loans) originated by the bank. Chief risk officers are executive managers and as such should report to either the chief executive officer and where appropriate to the chairman of the board. Their day-to-day role is to be adviser and counsellor to the chief executive officer and assist management in better understanding and addressing material risks. It should also be close enough to businesses to understand how they function and to equip operational managers with adequate tools that facilitate decision making.

In order to achieve a significant improvement in the management of risk across the financial services sector, the appropriate qualifications for chief risk officers must include a detailed understanding of the bank’s different businesses, the enterprise wide risk management concepts as well as presenting strong quantitative skills. Chief risk officers need to be empowered where necessary to act as the ultimate ‘whistle blower’ bringing material risks to the attention to the board of directors. In order to have the authority, gravitas and reporting line to the board, chief risk officers should be able to report independently of management to the board.

In the countries under our review, regulation and practices tend to differ, and rather toward the right direction. Indeed, the presence of international banking groups that have themselves adopted good practices positively shape the practices of their subsidiaries.

In many countries such as Albania, Armenia, Croatia, FYR Macedonia, and Serbia, the law and banking regulations do not require banks to appoint a chief risk officer with direct access to the board. Although all banks reviewed reported that they appoint a chief risk officer, the chief risk officer’s access to the board varies. In Azerbaijan, often the head of the senior risk committee is considered the bank’s chief risk officer. In Bulgaria, the Guiding Principles on Risk Management require banks to appoint a chief risk officer with a bank-wide view of risk. In Turkey, the Regulation on the Internal Systems of Banks requires the establishment of independent risk management functions headed by a chief risk officer with a direct reporting line to the board.

Another important issue which might be affecting risk management objectivity and performance is the risk management function compensation. In particular, the variable payments for banks’ executives and senior management should reflect long-term results of the bank, by for example, deferring at least part of such payment. Many banks reported that their chief risk officer is paid based on the same criteria as other senior management. This may jeopardise the objectivity of the chief risk officers in their views on risk management. Best practice recommends that for compliance and risk functions employees the compensation is aligned with the objectives of their functions.

7 Incentives

Compensation practices at large financial institutions are one of the factors that contributed to the financial crisis that began in 2007. High short-term profits led to generous bonus payments to employees and executives without adequate or no regard to the longer-term risks they imposed on their banks. These incentives amplified the excessive risk-taking and left banks with fewer resources to absorb losses as risks materialised. Recent research has investigated the link between banker pay structures and bank performance and risk taking (Fahlenbrach and Stulz 2011; DeYoung et al. forthcoming).

Few – if any – observers believe that compensation was the sole cause of the crisis, nor do they believe that changes limited to compensation practice will be enough to limit the chance of future systemic crises. However, absent such changes, other reforms are likely to be less effective. As a practical matter, most financial institutions have viewed compensation systems as being unrelated to risk management and risk governance. Compensation systems have been designed to incentivise employees to work hard in pursuit of profit and to attract and retain talented employees. Risk management systems have been designed to inform senior management about risk postures and to be an element of risk controls.

The current crisis has revealed that many firms took actions that were inconsistent with their own goals and internally determined risk appetite. Recent research has investigated the link between compensation structures and bank taking and a number of thoughtful reform of banker pay proposals have emerged (Bebchuk and Spamann 2010; Becht et al. 2011). In April 2009 the Financial Stability Board (FSB) published nine principles for the achievement of sound compensation practices for financial institutions. This framework aims at ensuring effective governance of compensation practices, alignment of compensation with prudent risk taking and effective supervisory oversight and stakeholder engagement in compensation.

The principles also aim to redress deficiencies in compensation practices that contributed to the global financial crisis that began in 2007. Subsequently, in September 2009 the FSB introduced a set of standards that were designed to support the implementation of the principles. These were supplemented in January 2010 by an assessment methodology prepared by the Basel Committee to assist prudential supervisors in taking action.

7.1 Governance of Compensation

The firm’s board of directors is called to actively oversee the compensation system’s design and operation and ensure that the compensation system is not controlled by the chief executive officer and management team. In this respect, it is essential that board members have expertise in risk management and compensation and the objectivity to be able to exercise proper oversight. In addition, key staff engaged in financial and risk control must be independent, have appropriate authority, and be compensated in a manner that is independent of the business areas they oversee and commensurate with their key role in the firm.

To summarize, effective independence and appropriate authority of such staff are necessary to preserve the integrity of financial and risk management’s influence on incentive compensation.

In the majority of countries object of this review,¹¹ it emerged that banks adopt the same compensation criteria for their chief risk officer as other senior management (see Exhibit 11).

Exhibit 11

CRO compensation (Note: question addressed to selected banks in 16 countries in the EBRD region. Source: EBRD)

In Bulgaria and Hungary instead banks use different compensation criteria for the chief risk officer or include some other measures to align such remuneration with prudent risk management.

In Hungary, the banking law was recently amended to include detailed rules on remuneration policies and procedures in banks. According to the regulation, the supervisory board is responsible for the oversight of the remuneration for the senior risk and compliance officers, which should be linked to their functions’ objectives rather than the performance of the business lines. Accordingly, banks are required to have remuneration policies in line with their internal structure, nature, scope and complexity of their activities. Recommendation 1/2010 on the application of the remuneration policy points out that the control functions (such as risk control, compliance and internal audit) should be compensated in accordance with their own objectives and not according to the performance of the business unities they oversee. The general shareholders meeting or supervisory board must approve such policies. The banks reviewed confirmed that their boards adopted bank wide compensation policies and establish the remuneration for the senior executives. Banks reviewed appointed remuneration committees comprising all or a majority of non-executive directors to assist their boards.

Some countries are requiring a distinct remuneration committee. In Bulgaria, in line with the newly adopted ordinance on the requirements for remunerations in banks, all banks have to set up remuneration committees. The remuneration is linked to individual and bank’s performance. However, the board and its remuneration committees concentrate on the remuneration of the senior executives and do not design and approve the remuneration system across the bank.

On the other side of the spectrum one can find Russia. It is extremely weak on this matter, both in terms of framework and practices. Boards are not explicitly responsible for compensation practices and are not required to establish remuneration committees. In addition there are no requirements to link compensation to firm and individual performance or to link compensation to risk. Due to the ownership structure of the banks reviewed and their dual board structure, local management does not control its own compensation process which seems to be driven by the shareholders present on the board.

7.2 Effective Alignment of Compensation with Prudent Risk Taking

It is essential that compensation take account of the prospective risks and risk outcomes that are already realised on behalf of the firm. Profits and losses of different activities of a financial firm are realized over different periods of time. Variable compensation payments should be deferred accordingly. It is also essential that compensation payout schedules are sensitive to the time horizon of risks. Payments should not be finalized over short periods where risks are realized over long periods. Further, compensation systems should link the variable part to the overall performance of the firm. Finally, the mix of cash, equity and other forms of compensation must be consistent with risk alignment (see Exhibit 12).

Exhibit 12

Alignment of compensation to prudent risk management (Note: Question addressed to regulators in 16 countries in the EBRD region. Countries that answered NO to the question are: Albania, Azerbaijan, Bulgaria, Hungary, Romania and Tajikistan. Source: EBRD)

As a general matter, national legislations do not provide much guidance in relation to the principles of executive remuneration in banks and, in particular, the need to align compensation with prudent risk management. However, compensation practices do not encourage excessive short-term risk taking (see Exhibit 13).

Exhibit 13

Variable compensation (Source: EBRD)

A first group of countries present a low risk profile from this perspective with a limited variable part. In Albania, Armenia, Azerbaijan, Kazakhstan, Moldova and Tajikistan the variable part of the compensation is generally set at no more than 20–40 % of the annual salary. None of those countries do ask for deferred bonuses. Given the small amount of those bonuses, this point does not constitute an issue.

A second group of countries including countries such as Bulgaria, Croatia, FYR Macedonia, Georgia and Hungary, presents a slightly more risky profile with a variable part amounting to 40–70 % of senior executive’s annual compensation. Practices regarding deferral differ. In Bulgaria, Georgia, some banks defer 50 % of such compensation for a couple of years while in Croatia, FYR Macedonia and Hungary there is no deferral at all.

Finally, in Russia, responses to questionnaires and interviews indicate that performance-based variable compensation represents more than 70 % of total compensation for senior executives in four of the banks reviewed. This makes the need for transparent remuneration process and clear link to individual performance and prudent risk management all the more important.

7.3 Effective Supervisory Oversight and Engagement by Stakeholders

As with any other aspects of risk management and governance, supervisors should include compensation practices in their risk assessment. In turn, banks should disclose clear, comprehensive and timely information about the compensation policies and practices in place to facilitate constructive engagement by all stakeholders. Supervisors should have access to all information they need to evaluate the conformance of practice to prudent risk management. Regulatory framework considerably shapes local practices.

In Albania and Armenia, the law provides no guidance on remuneration practices in banks especially on the need to link compensation to prudent risk management. Here, the regulator does not seem to be entirely aware of banks’ remuneration practices despite a monitoring of bank remuneration policies. In Armenia, the law further requires banks to disclose information about payments to the board members and executive management and banks generally comply with the aggregate remuneration paid to their governance bodies or to the entire staff. In Azerbaijan, the amount of remuneration paid out to their senior executives can be found in annual reports. Despite the fact that such reports do not itemise which part represents the variable part, this is a good step towards transparency. The Central Bank of Azerbaijan does not seem to monitor executive remuneration, but it is considering introducing new legislation to link compensation to prudent management and would start monitoring compensation arrangements.

In Bulgaria, banks are required to submit to the regulator their remuneration policies and information about remuneration to bank employees that exceeds certain thresholds established in the ordinance, which is border-line with excessive payment.

In Croatia, all banks reviewed disclose in their annual reports the aggregate amounts of remuneration paid to their governance bodies, but only one bank itemises the payments and indicates the amount of bonus paid, as well as other variables of the compensation. The Central Bank monitors bank remuneration policies and bank practices. In FYR Macedonia, as prescribed by law, banks disclose in their annual reports the aggregated amounts paid to management. The National Bank does not seem aware of banks’ remuneration practices and does not regularly monitor the implementation of bank remuneration policies.

In Bosnia and Herzegovina although, not required by law, all banks reviewed disclose in their annual reports the aggregate amounts of remuneration paid to their governance bodies. In the same vein, in Georgia, at least two respondent banks have included in its financial statements the amount of equity based compensation to its top management and the total amounts paid to key management personnel. The National Bank does not monitor remuneration policies and does not seem to have a clear picture of the amount of variable compensation paid to executives. However, responses to interviews indicate that the regulator is currently considering the possibility of including new reporting requirements.

In Republica Srpska, the legal framework contains no guidance on the link between compensation and prudent risk management and responses to questionnaires indicate that the supervisory authority seems to have limited awareness of the banks’ compensation practices. The same is in Kazakhstan, Moldova, Russia and Serbia, the regulator does not closely monitor or gather information on banks’ remuneration practices. The link between compensation, performance and prudent risk management is not reviewed. Yet, supervisory authorities are also in the process of reviewing compliance with the regulation to ensure more transparency in this area.

In Tajikistan, the Corporate Governance Principles for banks recommend that banks should link their remuneration to corporate governance values, strategic goals and long-term results. However, it does not appear that the National Bank of Tajikistan encourages banks to develop remuneration policies that reflect the mentioned principles and does not closely monitor such policies. The new Commercial Code contains mandatory rules on executive remuneration and the requirement for all joint stock companies to disclose executive compensation. This should tackle the little transparency as regards executive remuneration, even to the supervisory authority. Responses to questionnaires and interviews indicate that boards’ involvement in setting compensation policies and practices is not reviewed as part of the supervisory process. In addition it does not appear that remuneration reports are part of the information that is filed with the supervisory authority each year.

8 Conclusions

Banks, due to their specific nature are subject to strict regulation and supervision. Since the financial crisis, they are even under deeper international regulatory pressure. As a result, one would expect a relatively high level of convergence between governance practices of banks within and across countries. Such convergence should theoretically be re-enforced by the influence of international financial institutions that own many local banks. Unfortunately, this does not seem to be the case for a number of banks in transition countries. Indeed, our analysis shows that governance practices of banks diverge, shaped by different legislations, supervisory modes and governance frameworks, but also by widely varying ways of applying the governance framework.

A sound governance framework creates clear and strong lines of accountability. It is considered a good and common practice that management is accountable to the board that is in turn accountable to shareholders. This fundamental line of accountability is not applied the same way. In five countries, management is directly appointed by the general shareholders meeting. The board is not only considerably weakened, but management is de facto aligned with shareholders while, and particularly for banks, it should be aligned with the long term interest of the firm and of its key stakeholders. This feature therefore conditions the governance of financial institutions.

In countries where boards are empowered to play a strategic and governance role, boards are rather well engaged in discussing strategy and budget and in evaluating management performance. The board role in shaping the governance of the institution is more subject to discussion, but one can note the positive impact of foreign parent banks in transferring good practices. Three-fourth of countries with dominant foreign owners ranks in the top half.

Further, if boards tend to be engaged they unfortunately often lack of adequate tools. Indeed, board composition and functioning is the weakest governance part of the chain. If boards are in general of adequate size, with directors considered being qualified enough (mostly thanks to boards of banks belonging to international financial groups), two-third of countries surveyed have a non-transparent and weak director nomination process. As a result, directors are very close to shareholders and management. Director independence from management and controlling shareholders remains one of the biggest issues we found. The concept itself of independence is not fully understood both by banks and by regulators. In several instances, independent directors are confused with “non-executives” and in the majority of countries under analysis the independence is associated with having no ongoing relationship with the bank. It then does not come as a surprise that board contribution and constructive challenge ranks also among the lowest. The picture then provided is that of a board serving mostly as an administrative and formalistic body. The poor support provided by company secretaries not senior enough, the lack of director training and development and the limited board evaluations unfortunately support this view.

The above can partially explain why board’s ability to review risk management ranks very low in our survey. Given bank’s business, risk governance is core to good governance. Legislation in most countries focuses on the risk management function but not on risk governance aspects. Hence, if all banks claim to have a risk officer, in half of the countries surveyed, the function is not senior enough. The board is also barely involved in setting and monitoring risk appetite in two-third of the cases and in most cases, the board’s approach to setting the risk appetite appears to consist solely of regulatory–driven credit and [sometimes] market risk limits. Turkey, Romania and Serbia are among the exceptions, backed by a strict regulatory framework. Board risk committees are far from being common, even for larger and more complex banks. The large majority of surveyed banks present an embryonic risk culture and boards have a vast agenda ahead, beginning with strengthening their risk management expertise, elevating the chief risk officer and changing her incentives.

Alignment is mostly done via compensation. The current crisis has revealed that many banks organised incentives in a way that was inconsistent with their goals. Alignment of compensation with prudent risk-taking is now considered as a good practice. The banks reviewed demonstrate only partial adherence to such good practices. In the majority of countries reviewed, chief risk officer compensation follows the same scheme as for other senior managers and is tied to business performance.

Limited guidance on compensation is provided in the reviewed countries and practices vary considerably. Half of the reviewed countries adopted a rather conservative approach with a variable compensation accounting for less than half of the annual salary. Our survey identified emerging positive practices with few countries that have adopted deferral bonuses. However, few banks demonstrate initiative and rather follow innovation of the regulatory framework.

Regulation drives most of bank disclosures and “Transparency to the market and regulators” is one of our highest ranked item. Most of banks are required to adopt IFRS and the regulator access to information is strong in almost all countries. Disclosure of governance, less subject to strict rules, is weaker, as expected.

With few exceptions, good governance practices are not driven yet by private initiatives and peer pressure but by the ownership of international groups and by voluntarist regulatory actions. Where there’s a will there’s a way.