LogoRegulatory Alerts
2025-03-28

GFSC Guidance Note on Corporate Governance: Board Responsibilities for Banks and Insurers

The Gibraltar Financial Services Commission issued this guidance to define specific board responsibilities for banks, insurers, and their branches, emphasizing prudent management and regulatory compliance. The document mandates that boards establish sustainable strategies, articulate measurable risk appetites, and maintain a culture of ethical behavior supported by robust internal controls. It further requires independent non-executive directors to effectively challenge management, ensures adequate board resources and succession planning, and enforces strict governance standards for subsidiary boards to safeguard financial stability.

Gibraltar Financial Services Commission logo

Gibraltar

Gibraltar Financial Services Commission

Click to view thumbnail

Version: 2 Publication Date: 28/03/2025 www.gfsc.gi GFSC Guidance Note Corporate Governance: Board Responsibilities for Banks and Insurers

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 2 for Banks and Insurers Table of Contents

  1. Introduction..................................................................................................................................... 3
  2. Setting strategy ............................................................................................................................... 4
  3. Culture............................................................................................................................................. 4
  4. Risk appetite, risk management and internal controls................................................................... 4
  5. Board composition .......................................................................................................................... 5
  6. The respective roles of executive and non-executive directors...................................................... 5
  7. Knowledge and experience of non-executive directors.................................................................. 6
  8. Board time and resources ............................................................................................................... 7
  9. Management information and transparency.................................................................................. 7
  10. Succession planning......................................................................................................................... 7
  11. Remuneration.................................................................................................................................. 8
  12. Subsidiary Boards............................................................................................................................ 8
  13. Board Committees........................................................................................................................... 8

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 3 for Banks and Insurers

  1. Introduction 1.1. The purpose of this Guidance Note is to identify, those aspects of governance to which the GFSC attaches particular importance and to which the GFSC may devote particular attention in the course of its supervision. It is not intended to provide a comprehensive guide for boards1 of what constitutes good or effective governance. There is more general guidance for that purpose in the GFSC’s Corporate Governance Guidance.2 1.2. This Guidance Note applies to all: • Gibraltar credit institutions, building societies, and systemically important investment firms (hereafter ‘banks’); • insurance and reinsurance firms and groups (hereafter ‘insurers’); and • Gibraltar branches of overseas banks and insurers. Entities in scope of this Guidance Note are collectively referred to as ‘firms’. 1.3. However, it is recognised that different governance models may apply depending on the nature and size of the firm and any wider group and that expectations of boards should also be proportionate. 1.4. The GFSC expects the boards and management of regulated firms to run the business prudently, consistent with the firm’s own safety and soundness and operate in accordance with regulatory requirements and the continuing stability of the financial system. The desired outcome from a regulatory standpoint is an effective board, which is one that: • establishes a sustainable business model and a clear strategy consistent with that model; • articulates and oversees a clear and measurable statement of risk appetite against which major business options are actively assessed; and • meets its regulatory obligations, is open with the regulator and sets a culture that supports prudent management. 1.5. Strong and effective governance is an intrinsic element of the Threshold Conditions in Schedule 12 to the Financial Services Act 20193 and particularly: (1) the Suitability Threshold Condition which requires, among other things, that a firm is a fit and proper person and that those that manage a firm’s affairs have adequate skills and experience, and; (2) the Appropriate Resources Threshold Condition, which requires that the business of a firm be conducted in a sound and prudent manner.4 1.6. To be an effective board, the skills and experience of the individuals that make up a firm’s board must be up to date and cover the firm’s major business areas in order to allow informed decisions to be made and any relevant risks to be effectively overseen. This also requires robust and well-targeted management information. 1.7. The specific accountabilities of individual directors are additional and complementary to the collective responsibility shared by directors as members of the board. 1 ‘Board’ refers to all of the executive and non-executive directors 2 Pages 21-28 - https://www.fsc.gi/publications/2018/12/GFSC%20Corporate%20Governance%20Paper(2).pdf 3 https://www.gibraltarlaws.gov.gi/legislations/financial-services-act-2019-4690 4 Firms should also take into account the Threshold Conditions within the relevant sector-specific regulations.

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 4 for Banks and Insurers 1.8. Where the collective responsibilities of directors set out in this Guidance Note relate directly to individual responsibilities under Gibraltar law and within any other GFSC guidance, the GFSC’s expectations of firms and the requirements on individuals should be interpreted as being complementary. For instance, while the GFSC recognises that culture is the collective responsibility of the board, it also requires the chair to lead the development of the firm’s culture and standards by the board as a whole. 1.9. Good governance is important for all regulated firms, although the degree of supervisory attention paid to governance issues for particular firms may vary according to the risk profile of the firm and the potential impact of failure. Equally, judgements on the adequacy of governance arrangements may be influenced by the culture, management incentives and business goals of the firm and the extent to which the GFSC judges that these may otherwise lead to outcomes inconsistent with the GFSC’s statutory objectives. 1.10. The GFSC’S expectations of boards will also be influenced by the recovery and resolution strategies for the firm or the group, taking account of the extent to which the GFSC would need to be satisfied that the board of a significant GFSC-regulated subsidiary is constituted and performs in a way that shows that they are capable of independent action. 2. Setting strategy 2.1. A key role for any board is to set the firm’s strategy, to ensure that the key goals in that strategy are within the agreed risk appetite and to oversee executive implementation of that strategy. 2.2. For all firms within scope of this Guidance Note, the GFSC will expect to see evidence that the board has established, and takes decisions consistent with a sustainable business model, ensures that the firm is managed to a clear and prudent strategy and risk appetite, and ensures that the firm meets its regulatory obligations. 2.3. The setting of the corporate strategy is core to the responsibilities of the board and it is important that the strategy is owned by the board as a whole. However, the chair of the governing body (‘the chair’) and chief executive have leading individual roles to play in the board’s development and maintenance of the firm’s business model. These roles include giving all the directors, and particularly any non-executive directors, the time and opportunity to contribute to the development of the strategy, and to provide appropriate challenge, before final sign off by the board. 3. Culture 3.1. The board should articulate and maintain a culture of risk awareness and ethical behaviour for the entire organisation to follow in pursuit of its business goals. The GFSC expects the culture to be embedded with the use of appropriate incentives, including but not limited to remuneration, to encourage, and where necessary require, the behaviours the board wishes to see, and for this to be actively overseen by the board. The non-executives have a key role to play in holding management to account for embedding and maintaining this culture. 4. Risk appetite, risk management and internal controls 4.1. The business strategy should be supported by a well-articulated and measurable statement of risk appetite (expressed in terms that can be readily understood by employees throughout the

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 5 for Banks and Insurers business), which is clearly owned by the board, integral to the strategy the board has signed off and actively used by them to monitor and control actual and prospective risks and to inform key business decisions. All the directors should have the time and opportunity to contribute to the development of the risk appetite, and to provide appropriate challenge, before final approval by the board. The GFSC will expect to see evidence of this active oversight of risks according to the risk appetite. The risk control framework should flow from the board’s risk appetite. 4.2. The GFSC will also expect to see evidence that the board and its relevant sub-committees exercise effective oversight of risk management and controls, supported with meaningful and well-targeted management information used to inform board discussions. It is the responsibility of the board to ensure that the effectiveness of the risk control framework is kept actively under review, that it remains aligned with the board’s risk appetite, and that the board has the management information it needs. 4.3. Where firms have dedicated risk and/or audit committees, the chairs of these committees will be deemed responsible for safeguarding the independence and overseeing the performance of the firm’s executive risk and audit functions respectively, including the Head of Risk Management and Head of Internal Audit. The board also needs to ensure that it has robust arrangements for oversight of other regulated functions under Part 8 of the Financial Services Act 2019 (‘Regulated Functions’, such as compliance. 5. Board composition 5.1. The principles of good governance should apply to all boards, including parent and subsidiary companies. A cornerstone of best practice is for the non-executives to be able to hold management to account effectively and to ensure that the executives are discharging their responsibilities properly. The board should include a sufficient number and quality of non￾executives who are independent and who between them have sufficient breadth of understanding of the firm’s business to provide effective challenge to the executives. The GFSC will expect firms to record and be able to evidence effective challenge by independent non￾executives in the course of discharging their responsibilities, in particular in relation to key strategic decisions. 5.2. In the case of listed firms, established best practice is that at least half of the board, excluding the chair, is comprised of independent non-executives, but even smaller firms are required to have at least two independent non-executives. 5.3. Firms are also required to ensure that the Regulated Functions of Chair, Chair of Audit Committee and Chair of Risk Committee are carried out by an independent non-executive director. 5.4. The GFSC is likely to consider the independence of a non-executive director to be impaired where they have served on the board of a firm for more than nine years from the date of their first appointment. 6. The respective roles of executive and non-executive directors 6.1. Unitary boards comprise a combination of executive and non-executive directors. Executive directors have specific management responsibilities for which they are accountable to the

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 6 for Banks and Insurers board. It is their responsibility to manage the firm’s business on behalf of the board and exercise judgement in the running of the business on a day-to-day basis. They should exercise that judgement within the strategy, risk appetite and other assessment and control frameworks set and overseen by their board. Non-executive directors’ responsibilities require them to both support and oversee executive management. As board members, they all share in the wider board duty to promote the success of the regulated firm for which they are responsible and to ensure that it continues to meet the Threshold Conditions. 6.2. In discharging their responsibilities boards should act in a cooperative and collegiate manner whereby the non-executives support and encourage executive management and vice versa. But this should not inhibit the non-executive directors from challenging executive management and holding them to account effectively. The GFSC expects the chair to play a pivotal role in facilitating this culture. 6.3. Executive management manage the firm’s business on behalf of the board. Boards therefore delegate a wide range of duties and responsibilities to the chief executive or to executive management. The GFSC expects boards to be precise over what they delegate to the executive management and the limitations and accountabilities associated with each of the matters that are delegated. In doing so the GFSC expects boards to articulate clearly and unambiguously the matters reserved to the board and the manner in which executive management must report and escalate matters to them, including the exercise of judgement in escalating matters of particular significance even if within the delegated mandate. 6.4. Accordingly, the board and particularly the non-executive directors on the board should hold management to account against the matters delegated and be able to challenge the executive effectively and promptly. Firms should make a record any such challenge, and be able to evidence it to the GFSC, if required. 7. Knowledge and experience of non-executive directors 7.1. Between them the non-executive directors need to have sufficient current and relevant knowledge and experience, including sector experience, to understand the key activities and risks involved in the business model and to provide effective challenge across the major business lines of the firm. The GFSC expects to see evidence of effective challenge, particularly in relation to key strategic decisions. It is the role of the chair to ensure that all views are heard and that the executives are not able to control the board discussion. However, board responsibility is collective and an effective board is not simply a collection of specialists. So just as the board should not delegate responsibility for major decisions to particular directors, the non-executives should not simply delegate responsibility for challenging the executives on particular issues to individuals among them who are considered specialist in the area. 7.2. Even a broadly constituted and well-experienced board cannot necessarily be expected to have expertise in every aspect of a broad and complex financial business. The point is to have the diversity of experience and capacity to provide effective challenge across the full range of the firm’s business and the opportunity to explore key business issues rigorously. Sometimes that may require the board to understand and reach decisions on complex technical, legal, regulatory or other issues. It is the responsibility of the executives to explain such issues in clear and transparent terms that enable the board to exercise their collective judgement and, where necessary, non-executive directors should be able to call on appropriate professional advice, although the directors will always remain ultimately and collectively accountable for all the board’s decisions.

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 7 for Banks and Insurers 8. Board time and resources 8.1. Non-executive directors should ensure they have sufficient time to fulfil their duties and boards should set clear expectations when recruiting new non-executives. Meetings should be organised to provide adequate time to deal with each of the matters to be covered. Discussions may take place outside formal board meetings, but the board meetings should be genuine, open discussions and not stage-managed, and the chair has a particular responsibility to ensure that this is the case. 8.2. The GFSC expects non-executive directors to be given adequate support to enable them to carry out their duties. Such support should include appropriate and relevant induction and ongoing training and professional advice (as mentioned above) as well as other practical assistance including office accommodation and staff support. The GFSC expects5 the chair to lead the development and monitoring of effective policies and procedures for the induction, training and ongoing professional development of board members, in particular non￾executives. 9. Management information and transparency 9.1. The GFSC considers the provision to the board by executive management of timely, accurate, complete and relevant management information, including the aggregation of exposures across businesses, to be a fundamental component in supporting the board to fulfil its duties and responsibilities. The nature, specific content and frequency of the management information provided to the board and its committees should be actively managed by the chair and non-executives, taking into account their particular needs. The chair and non-executives should also actively guard against the risk that they are provided with such extensive and unwieldy amounts of data which render it unworkable in a practical sense. 9.2. The GFSC expects management to be open and transparent with the board to ensure the board is adequately apprised of all significant matters about which the board should be made aware. Management should not simply confine such information to matters formally reserved for the board or falling outside the board’s stated risk appetite, but should raise issues where, for example, the size, nature or impact suggest that disclosure or escalation is appropriate. Non-executives should have unrestricted access to a firm’s employees and information as needed to enable them to carry out their duties. 9.3. As noted above, the board is responsible for the oversight of, but not for managing the business, which is the responsibility of the executives. But the GFSC expects executive management to exercise judgement and actively to apprise their boards of key business developments, decisions and activities at an appropriate but early stage. Executives have a responsibility to ensure that their boards are able to exercise their role and are provided with the necessary information and support. 10. Succession planning 10.1. The GFSC expects boards to pay close attention to the skills, experience and effectiveness of its members. Boards should ensure they have robust succession plans that recognise current and future business needs and requirements. 5 Page 8 of the Corporate Governance Paper https://www.fsc.gi/publications/2018/12/GFSC%20Corporate%20Governance%20Paper(2).pdf

Gibraltar Financial Services Commission Guidance Note on Corporate Governance: Board Responsibilities 8 for Banks and Insurers 10.2. Boards should maintain succession plans that address the unexpected loss of key individuals, particularly those conducting Regulated Functions, including arrangements covering immediate and short term situations as well as longer term replacements. 6 11. Remuneration 11.1. The GFSC expects boards to oversee the design and operation of the firm’s remuneration system ensuring the incentives are aligned with prudent risk taking. 12. Subsidiary Boards 12.1. The GFSC recognises the fiduciary duties of directors of subsidiaries, including the duty of company directors to promote the success of the company for the benefit of its shareholders. However, subsidiary boards must be capable of acting in the best interests and safeguarding the safety and soundness of the firm for which they are responsible. 12.2. In general, therefore, the principles of good governance also apply to significant GFSC￾regulated subsidiaries, including independence of the chair and having a substantial and effective independent presence across the board. This will help ensure that the subsidiary board is alert to the potential for conflicts of interest and able to take decisions independently where required to meet its own legal and governance responsibilities or in the interests of the safety and soundness of the subsidiary. 12.3. The extent to which the GFSC believes the boards of significant regulated subsidiaries need to be independent will be influenced by a number of factors, including the size, scope and nature of the subsidiary’s business, its business model and the degree of strategic and operational dependence between the subsidiary and the wider group. Other possible factors include the subsidiary’s recovery and resolution plans, and the need for the board of an insurer to have regard to the effect of its business decisions on those who are, or may become, policyholders. The objective is to ensure that the governance of the subsidiary is effective and that its board is capable of taking decisions in the interests of the safety and soundness of that firm. 12.4. The GFSC also considers it generally undesirable for some key positions on the board of such a subsidiary, such as chair, chair of the key board sub-committees, chief executive or finance director, to be occupied by executive members of the group or parent board. This does not prevent group executive and non-executive board members from sitting on the subsidiary board as non-executive directors, so long as the overall independent balance of the board is satisfactory. Nor does it preclude independent group non-executive directors from chairing the board of the subsidiary or its sub-committees. 13. Board Committees 13.1. The role of a board sub-committee is to support the board. The committees are accountable to the board but should not relieve the board of any of its responsibilities. 6 Section 90 of the Financial Services Act 2019

Published by: Gibraltar Financial Services Commission PO Box 940 Suite 3, Ground Floor Atlantic Suites Europort Avenue Gibraltar www.gfsc.gi © 2025 Gibraltar Financial Services Commission

Share