Circular C2/08: Meetings to be held during the 2008 calendar year with Boards of Directors, Audit Committees and External Auditors

# South African Reserve Bank
From the Office of  
the Registrar of Banks

Confidential  
2008-05-14  
C2/08

## TO ALL BANKS, CONTROLLING COMPANIES AND BRANCHES OF FOREIGN BANKS

**CIRCULAR 2/2008 ISSUED IN TERMS OF SECTION 6(6) OF THE BANKS ACT, 1990 - MEETINGS TO BE HELD DURING THE 2008 CALENDAR YEAR WITH:**

**BOARDS OF DIRECTORS**  
**AUDIT COMMITTEES AND EXTERNAL AUDITORS**

### Executive summary

This circular serves to inform all reporting banks of the flavour-of-the-year topics for meetings with the boards of directors of banks, as well as of the arrangements for the trilateral discussions to be held with the audit committees and external auditors during 2008.

## A. Meetings with boards of directors

### 1. Introduction

In order to assist the Office of the Registrar of Banks (Office) to discharge its responsibilities, the scope of the meetings with banks' boards of directors to be held during the 2008 calendar year will consist of a discussion of the following three important topics, which are currently receiving extensive international scrutiny:

1.1 The involvement of the board remuneration subcommittee (the subcommittee) in the incentive schemes of the bank (one hour).

1.2 Board members' involvement in the implementation of the bank/banking group's internal capital-adequacy assessment process (ICAAP) (one hour).

1.3 The board's involvement in the oversight of the banking institution's operational risk framework (one hour).

---

## 2. Format of the meetings with boards of directors

Unlike in previous years, this Office will not be presenting trend analyses based on statutory (risk) returns submitted by banks. This is due to the fact that there are no meaningful comparative trends available yet as a result of the revision in toto of statutory returns submitted to this Office in terms of the Regulations relating to Banks, which became effective on 1 January 2008.

All boards of directors of banks will be required to make a presentation and engage in discussion on the above flavour-of-the-year topics.

Owing to the importance of the issues to be discussed, it is necessary that sufficient time be allocated (at least three hours) for the items to be addressed comprehensively.

## 3. Incentive schemes (the schemes)

### 3.1 Background

The structure of the schemes is one of the important factors influencing the behaviour of the recipients of such compensation. It is therefore important that careful thought be given to the structure of such schemes so as to ensure that there is proper alignment with intended organisational objectives, both in the short and long term, and that there are adequate controls in place to manage risk appetite within the board-approved risk tolerance limits.

### 3.2 Format of presentation

Utilising the format outlined below, the chairperson of the subcommittee will be required to give a presentation on the following aspects:

3.2.1 The process followed for the consideration, adoption and implementation of an incentive scheme.

3.2.2 A detailed description of the salient details of the nature, type and functioning of all incentive schemes.

3.2.3 Demonstration of the practical role of the subcommittee in the approval process in considering the impact of the schemes on the following:

3.2.3.1 Alignment of the scheme with the bank's risk appetite and culture;

3.2.3.2 control environment of the organisation;

3.2.3.3 value system of the organisation; and

---

## 3.2.3.4 potential changed behaviour of participants (incentives drive behaviour).

3.2.4 Completion and discussion of Annexure A attached hereto.

3.2.4.1 List in descending order the monetary value of the top 50 incentives paid (whether in cash, shares, options, etc.) in each year for the past three financial years.

3.2.4.2 Map each payment into the particular area of identified business (e.g. investment banking, trading, etc.).

3.2.4.3 State the total incentive pool for the entire bank.

3.2.4.4 Express the investment banking and the trading incentive pool, separately, as a percentage of the total incentive pool for the entire bank.

3.2.4.5 Express the investment banking incentive pool as a percentage of the bank's net profit before and after tax.

Note: Annexure A will be required to be completed three times, i.e. one for each of the past three financial years.

## 4. Board members' involvement in the implementation of the bank controlling company or bank ICAAP

### 4.1 Background

4.1.1 The Regulations relating to Banks (the Regulations), effective from 1 January 2008, incorporate the requirements of the International Convergence of Capital Measurement and Capital Standards, a revised framework (Basel II) which consists of the following three mutually reinforcing pillars:

4.1.1.1 Pillar 1 – sets out the minimum capital requirements that banks are required to meet in respect of credit, market and operational risk.

4.1.1.2 Pillar 2 – prescribes the requirements for a “supervisory review”. It prescribes that banks must assess their capital adequacy relative to their overall risks. In addition, requirements are imposed on bank supervisors to review and take appropriate action in response to the assessments.

4.1.1.3 Pillar 3 – describes the requirements for “market discipline”. It requires and prescribes public disclosure requirements to be complied with by banks with respect to their risks and capital and risk management processes. It aims to strengthen market discipline through transparency and disclosure.

---

## 4.1.2 The Basel II, Pillar 2 framework comprises four principles which can be categorised as follows:

### Banks' responsibilities

4.1.2.1 As part of their responsibilities, banks should have in place a process for assessing their overall capital adequacy in relation to their risk profile and strategy for maintaining their capital levels (generally referred to as the ICAAP).

4.1.2.2 Furthermore, banks should operate above the minimum regulatory capital ratios.

### Supervisory responsibilities

4.1.2.3 Supervisors should review and evaluate the banks' compliance with the regulatory capital ratios and take appropriate action if they are not satisfied with the results of such review and evaluation process. They should also have the ability to require banks to hold capital in excess of the regulatory minimum ratios.

4.1.2.4 Supervisors should also intervene at an early stage to prevent capital from falling below the minimum levels and require rapid remedial action if capital is not maintained or restored.

4.1.3 With specific reference to the banks' responsibilities mentioned above, the Regulations incorporate the following provisions relating to the ICAAP:

4.1.3.1 Regulation 39(2) states, *inter alia*, that the process of corporate governance includes the maintenance of effective risk management and capital management by a bank.

4.1.3.2 Regulation 39(6)(d)(ii) states, *inter alia*, that as a minimum, the management of a bank shall develop and maintain an internal capital assessment process that responds to changes in the business cycle within which the bank conducts business.

4.1.3.3 Regulation 39(16) contains, *inter alia*, key features of a bank's policies, processes and procedures relating to the maintenance of adequate capital.

---

## 4.2 Format of discussion

Utilising the proposed format outlined below, the chairperson of the Risk and Capital Management Committee (as defined in section 64A of the Banks Act No. 94 of 1990) will be required to give a presentation on the board involvement in the implementation of the ICAAP, covering the following:

4.2.1 The governance process followed for approval of the ICAAP.

4.2.2 The internal controls, policies and procedures implemented.

4.2.3 A description of how the ICAAP forms part of the strategic approach.

4.2.4 A discussion on how tolerance levels for risk parameters are set. In this regard, also to be covered is the interaction between the board and the head of risk as it pertains to the latter's role in monitoring risk, specifically in investment banking activities.

4.2.5 The process followed to identify all material risks (regulation 39(3) of the Regulations).

4.2.6 The process followed for monitoring the changing nature of these risks.

4.2.7 Determination of the appropriate level of capital to cover such risks.

4.2.8 The treatment of risk aggregation, diversification and concentration.

4.2.9 The process of the assessment of capital adequacy under various stressed scenarios.

## 5. Boards' involvement in the oversight of banking institutions' operational risk framework

### 5.1 Background

Given the rising complexity of banking, which has resulted from internationalisation, change in business activities and environment, the increasing use of innovative financial products (for example, securitised products, credit derivatives, structured products, etc.) and the significance of modern information technology, the latest amendments to the Banks Act, 1990 (Act No. 94 of 1990 – the Act) and Regulations relating to Banks include, *inter alia*, requirements for risk management and public disclosure as well as a regulatory capital charge for operational risk.

Operational risk was previously partly addressed by banks in their internal risk analysis processes. Depending on the size and complexity of a bank or controlling company, adherence to regulatory requirements relating to operational risk may require considerable changes, such as the adaptation of systems and processes, the further development and integration of

---

## risk management methods and, above all, the board of directors' and/or relevant board subcommittees' active involvement in the oversight of the operational risk management framework of banking institutions.

### 5.2 The principle of proportionality

This Office recognises the principle of proportionality. In other words, the nature and extent of the operations and exposure of a bank or controlling company will influence the nature, timing and extent of the operational risk management within an institution or group. The bank and controlling company should have in place risk-management policies and processes to identify, assess, monitor and control/mitigate operational risk. These policies and processes should be commensurate with the size and complexity of the bank and controlling company.

### 5.3 Format of discussions

Utilising the proposed format outlined below, the board should demonstrate its active involvement in accordance with the following:

5.3.1 Awareness of the major aspects of the bank and controlling company's operational risks as a distinct risk category that should be managed.

5.3.2 Approval and periodic review of the bank's operational risk management framework. The framework should provide a definition of operational risk and detail the principles of how operational risk is identified, assessed, monitored and controlled/mitigated.

5.3.3 Involvement in ensuring that the bank's operational risk-management framework is subjected to effective and comprehensive internal audit by operationally independent, appropriately trained and competent staff. The internal audit function should, however, not be responsible for operational risk management.

5.3.4 A discussion of the three most severe operational risk events during the period from 1 January 2007 under the following headings:

5.3.4.1 Description of the operational risk event. (What happened?)

5.3.4.2 Cause of the operational risk event. (Why did it happen?)

5.3.4.3 Effect, financial and otherwise, of the operational risk event. (What is the impact thereof?)

5.3.4.4 Action taken to remedy the operational risk incident and future strategies to prevent or detect and mitigate similar incidents of operational risk.

---

## B. Meeting with audit committees and external auditors  
**(Trilateral discussions to be held during 2008 calendar year)**

The annual trilateral discussions to be held between this Office and each bank's audit committee and external auditors during the 2008 calendar year will consist of the following:

1. Tabling and discussion of the following in respect of the latest financial year-end:

1.1 The management letter

1.2 Internal audit reports submitted to the Audit Committee

1.3 Regulatory audit findings

## C. Acknowledgement of receipt

Two additional copies of this circular are enclosed for use by your institution's external auditors. The attached acknowledgement of receipt, duly completed and signed by both the Chief Executive Officer of the institution and the said auditors should be returned to this Office at the earliest convenience of the aforementioned signatories.

*Signature*  
E M Kruger  
Registrar of Banks

The previous circular issued was Banks Act circular 1/2008 dated 7 May 2008.

---

## ANNEXURE A

**Bank Name: ...........................................**  
**Financial Year End 200.....**

| | | **Area of business (eg)** | | | |
|---|---|---|---|---|---|
| | **Top 50 incentives paid (descending order)** | **Investment Banking** | **Sales – mortgages, credit cards** | **Trading (Treasury)** | **ETC** |
| | 1. Rxxxxxxxxx | | | | |
| | 2. Rxxxxxxx | | | | |
| | 3. Rxxxxx | | | | |
| | 50. Rx | | | | |
| | | | | | |
| 2 | **Total incentive pool for entire bank** | | | | R...... |
| | | | | | |
| 3 | **Investment Bank incentive pool as a % of incentive pool for the entire bank** | | | | |
| | | Rxxxx X 100 ..... Z% | | | |
| | | Ryyyy | | | |
| | | | | | |
| 4 | **Trading incentive pool as a % of incentive pool for the entire bank** | | | | |
| | | Rxxxx X 100 ..... Z% | | | |
| | | Ryyyy | | | |
| | | | | | |
| 5 | **Investment Bank incentive pool as:** | | | | |
| | (i) % of banks net profit before tax | | | | Rxxxx X 100 ..... Z% |
| | | | | | Ryyyy |
| | (ii) % of banks net profit after tax | | | | Rxxxx X 100 ..... Z% |
| | | | | | Ryyyy |

PO Box 8432 Pretoria 0001 · 370 Church Street Pretoria 0002 · South Africa · Tel +27 12 313391/0861 12 72721 · Fax +27 12 3133758 · www.reservebank.co.za