Bank of Zambia Corporate Governance Directives, 2016

# Bank of Zambia Corporate Governance Directives

## 1.0 PREAMBLE

Corporate governance is the process and structure used to direct and manage the business and affairs of an institution with the objective of ensuring its safety and soundness and enhancing shareholder value. For banks and financial institutions the process and structure define the division of power and establish mechanisms for achieving accountability between the board of directors, senior management and shareholders, while protecting the interests of depositors and other stakeholders.

Banks and financial institutions occupy a special position of trust in the national economy and their governance is, therefore, a matter of paramount importance. These institutions are highly leveraged, with most of their funds coming from depositors and creditors. They provide basic financial services to the public, credit to commercial enterprises and access to the payment system. The safety and soundness of these institutions is key to financial stability and the manner in which they conduct their business, therefore, is central to economic health. Governance weaknesses at these institutions can result in the transmission of problems in the financial sector and economy as a whole. For these reasons the quality of corporate governance expected of these institutions is high.

Additionally, the institutions operate within an ever-changing framework of laws and are subject to the direct control of the board of directors. The board must ensure that the law is adhered to while simultaneously ensuring that strategies for long-term success are set and implemented. It is, therefore, necessary to achieve a balance and alignment among external and internal controls, risk management and competitive behaviour and at the same time operate within the principles of good corporate governance outlined in the Directives.

These Directives set forth a broad framework of fundamental corporate governance principles that must be complied with by the directors and managers of institutions operating in Zambia.

## 2.0 PURPOSE OF CORPORATE GOVERNANCE IN THE SUPERVISORY PROCESS

The boards of directors and senior management of the institutions play key control functions in the Bank of Zambia’s supervisory framework. Effective oversight by directors and senior management is an essential element in the safe and sound functioning of the institutions and maintenance of an efficient and cost-effective supervisory system. It also helps protect depositors and allows the Bank of Zambia to rely on the institutions’ internal processes, thereby reducing the amount of resources needed for the Bank of Zambia to discharge its supervisory mandate.

In addition, in situations where an institution is experiencing problems or where significant corrective action is necessary, the important role of the board is heightened and the Bank of Zambia requires significant board involvement in seeking solutions and in overseeing the implementation of corrective actions.

## 3.0 DEFINITIONS

In these Directives, unless the context otherwise requires—

- ‘bank’ shall have the same meaning as contained in the Banking and Financial Services Act;
- ‘board’ means a board of directors of a bank or financial institution as provided in the Banking and Financial Services Act;
- ‘chief executive officer’ means a person responsible, under the immediate authority of the board of directors, for the conduct of the business of a bank or financial institution;
- ‘chief financial officer’ means a person responsible for maintaining the accounts and related records of a bank or financial institution;
- ‘chief risk officer’ means an independent senior executive with distinct responsibility for a bank or financial institution’s risk management function and it’s enterprise-wide risk management framework;
- ‘compliance officer’ means a senior staff member with overall responsibility for coordinating the identification and management of the bank or financial institution’s compliance risk and for supervising the activities of staff discharging the compliance function;
- ‘duty of care’ means the duty of board members to decide and act on an informed and prudent basis with respect to the bank or financial institution. This imposes a duty on board members to approach the affairs of the company the same way that a “prudent person” would approach his or her own affairs. A “prudent person” is one who acts with care and foresight;
- ‘duty of loyalty’ means the duty of board members to act in good faith in the interest of the bank or financial institution. This duty prevents individual board members from acting in their own interest or the interest of another individual or group, at the expense of the bank or financial institution and shareholders;
- ‘executive director’ means a member of the board who is involved in the day-to-day management of a bank or financial institution and/or is in full time salaried employment of that institution or any of its subsidiaries or affiliates;
- ‘independent non-executive director’ means a member of the board who does not have any management responsibilities with the bank or financial institution and is not subject to any undue influence, internal or external, that may impede his or her exercise of objective judgement;

Such a person should be one that:

(i) is not nominated or otherwise affiliated to a shareholder that has the ability to control or influence management;

(ii) has not been employed by the bank or financial institution or the group of which it currently forms a part of, in any executive capacity for the preceding three financial years;

(iii) is not a member of the immediate family of an individual who is or has been in any of the past three financial years, employed by the bank or financial institution or the group in an executive capacity;

(iv) is not a professional advisor to the bank or financial institution or the group other than in a director capacity;

(v) whose independence, in the opinion of the Bank of Zambia, is not impaired by reason of being a customer or supplier of the bank or financial institution;

(vi) whose independence, in the opinion of the Bank of Zambia, is not impaired by reason of being in a contractual relationship with the bank or financial institution or group; or

(vii) is free from any business or other relationship which could be seen to materially interfere with the individual’s capacity to act in an independent manner.

- ‘insider’ shall have the same meaning as contained in the Banking and Financial Services (Insider Lending) Regulations;
- ‘financial institution’ shall have the same meaning as contained in the Banking and Financial Services Act;
- ‘internal control’ shall mean a process effected by the institution’s board of directors, management and other personnel designated to provide reasonable assurance regarding the achievement of the bank or financial institution’s objectives such as effectiveness of the risk management process, reliability of financial reporting and compliance with applicable laws and regulations;
- ‘internal audit’ means an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations and which helps an organization accomplish its strategic objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes;
- ‘non-executive director’ means a member of the board who is not involved in the day-to-day management of the bank or financial institution and is not a full time salaried employee of the institution;
- ‘politician’ means an individual who is active in politics if s/he is a member of parliament, councillor or member of the executive committee of the party or a member of any organ of a political party or any person who is publicly involved in party politics;
- ‘risk appetite’ means the aggregate level and types of risk a bank or financial institution is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan;
- ‘risk profile’ means a point in time assessment of the bank or financial institution’s risk exposures based on current or forward-looking assumptions;
- ‘senior management’ means the executive committee, or management team comprising a core group of individuals who are responsible and accountable to the board for effectively overseeing the day-to-day management of the bank or financial institution;
- ‘significant shareholding’ means any direct or indirect shareholding or beneficial interest in excess of five per cent of the share capital of a bank or financial institution;
- ‘stakeholder’ means an individual or group, in addition to shareholders, who have an interest in, and/or influence over, the institution’s operations and the achievement of the institution’s goals, such as creditors, employees, suppliers, customers and the community.

## 4.0 APPLICATION OF THESE DIRECTIVES

These Directives shall apply to banks and financial institutions operating in Zambia and regulated by the Bank of Zambia.

## 5.0 SHAREHOLDER RIGHTS AND RESPONSIBILITIES

### Principle I

Shareholders of the institutions shall protect, preserve and actively exercise their supreme authority over the institution in general meetings. The board shall foster constructive relationships with shareholders. Additionally, institutions shall treat all shareholders fairly and equitably.

### Directives

5.1 Shareholders shall ensure that the board is held accountable and responsible for the efficient and effective governance of the bank or financial institution.

5.2 Shareholders shall have a duty to change the composition of the board if it does not perform according to expectations or in accordance with the mandate of the bank or financial institution.

## 6.0 APPOINTMENT OF BOARD OF DIRECTORS

### Principle II

Directors should be appointed through a formal, rigorous and transparent process.

### Directives

6.1 Shareholders shall be responsible for all appointments to the board and shall ensure that the board is properly constituted. A person appointed to serve as a director shall not exercise his or her duties unless the Bank of Zambia has issued prior approval of the appointment.

6.2 A bank or financial institution shall have a written policy and procedures for the appointment of directors to the board. The policy shall include a process for conducting due diligence in relation to sourcing appropriately skilled and experienced directors.

6.3 A non-executive director of a bank or financial institution shall not serve on the board of a bank or financial institution for a cumulative period exceeding six years.

6.4 A director shall have the power to appoint an alternate director to represent him at board meetings. However, only one such alternate director may be appointed subject to prior written approval of Bank of Zambia provided that the alternate director shall not attend the majority of board meetings in any calendar year.

6.5 A person who has held a senior management position in a bank or financial institution shall only be eligible for appointment as chairperson of the board or board committee of that bank or financial institution after a cooling-off period of at least two years.

6.6 A person who has served on the board of a bank or financial institution shall only be eligible for appointment as director on the board of another bank or financial institution after a cooling-off period of at least two years.

6.7 A person with a significant shareholding in a bank or financial institution shall not at the same time serve on the board of another bank or financial institution.

6.8 A person who is a significant shareholder in a bank or financial institution shall not at the same time hold a senior management position in that bank or financial institution.

6.9 A person who has previously served as Board member, Governor, Deputy Governor, Senior Director, Registrar or Deputy Registrar of Banks, Financial Institutions and Financial Businesses, Director responsible for the supervision of financial service providers at the Bank of Zambia or any other position as may be determined by the Bank of Zambia shall only be eligible for appointment as director on the board of a bank or financial institution after a cooling-off period of at least two years.

6.10 An engagement partner of an audit or legal firm which has previously provided audit or legal services to a bank or financial institution shall only be eligible for appointment as director on the board of another bank or financial institution after a cooling-off period of at least two years.

6.11 A politician shall not be eligible for appointment as a director of a bank or financial institution.

6.12 A person eligible for appointment as director to the board of a bank or financial institution shall exhibit leadership, enterprise, integrity and judgement.

6.13 A director on the board of a bank or financial institution shall not be a member on more than six (6) boards of other companies. However, this shall not apply to a person who sits on the board of directors of a bank or financial institution on behalf of a lender or investor for the purpose of safeguarding a transitory interest such as observance of loan or investment covenant or as a transaction advisor.

6.14 Any person appointed as a director on a board of a bank or financial institution shall primarily have a duty of care and loyalty to the bank or financial institution.

6.15 In cases where board members are selected by a controlling shareholder, the board shall set out specific procedures or conduct periodic reviews to ensure the appropriate discharge of responsibility by all such board members.

## 7.0 BOARD RESPONSIBILITIES AND DUTIES

### Principle III

The board shall have overall responsibility for the bank or financial institution, including approving and overseeing the implementation of its strategic objectives, risk strategy, governance framework and corporate values and culture. The board shall also be responsible for providing oversight to senior management.

### Directives

7.1 The board shall approve the overall business strategy of the bank or financial institution, taking into account the bank or financial institution’s long term financial interests and its ability to manage risk effectively.

7.2 The board shall establish and oversee the implementation and embedment of the bank or financial institution’s:

- 7.2.1 Overall business objectives and strategy;
- 7.2.2 Corporate culture and values;
- 7.2.3 Risk culture;
- 7.2.4 Risk management function and an appropriate risk governance framework. The board shall develop, along with senior management and the Chief Risk Officer, the bank’s risk appetite, taking into consideration the competitive and regulatory landscape, long-term interests, exposure to risk and the ability to manage risk effectively; and

7.2.5 Corporate governance framework, principles and corporate values, including a code of conduct or comparable document and compensation system.

7.3 The board shall approve and oversee the implementation of the bank or financial institution’s capital adequacy assessment process, capital and liquidity plans, compliance policies and obligations and the internal control system.

7.4 The board shall be responsible for managing its relationships with management of the bank or financial institution and other relevant stakeholders.

7.5 The board shall ensure that shareholders have the opportunity to participate effectively and vote at general meetings of shareholders. Additionally, the board shall ensure that shareholders are informed of the rules, including voting procedures that govern general meetings of shareholders.

7.6 The board shall have clear policies for shareholder relations and, at least annually, review practices aimed at clearly communicating the objectives, strategies and achievements of the bank or financial institution.

7.7 The board shall be accountable to shareholders and be responsible for the efficient and effective governance of the institution.

7.8 The board shall facilitate questioning of external auditors on their opinion at annual general meetings or extraordinary meetings when deemed necessary by the shareholders.

7.9 The board shall ensure that a director who is found to have delinquent credit facilities vacates his or her position. In this regard, the board shall put in place appropriate mechanisms for identifying directors with delinquent credit facilities.

7.10 The board shall have a formal charter which sets out the roles, functions, responsibilities and powers of the board, shareholders, individual directors and senior management. The charter shall also set out the powers delegated to various board committees.

7.11 The board shall have a programme to replace directors in an orderly manner subject to performance and eligibility for re-appointment to ensure board continuity.

7.12 The board shall ensure that the annual report contains a statement on the responsibilities of the board.

7.13 The board shall have rigorous formal processes for evaluating its performance together with that of the board committees and individual directors.

7.14 The board shall establish an effective process for the selection and appointment of key senior management officers that are qualified, professional and competent to administer the affairs of the bank or financial institution, approve the succession planning policy and monitor senior management performance on an on-going basis.

7.15 The board shall ensure that the bank or financial institution operates prudently and complies with relevant laws, supervisory directives, codes of business practice and its own policies and directives.

7.16 The board shall ensure that management establishes an effective compliance function that monitors adherence to laws, regulations and policies to which the institution is subject and ensures that any deviations are reported and corrected.

7.17 The board shall ensure that senior management implements policies to identify, prevent or manage and disclose, as appropriate, any conflicts of interest that may arise.

7.18 The board shall establish a disclosure policy that enhances transparency.

7.19 The board shall establish specialized board committees to oversee critical and/or major functional areas of the bank or financial institution which require detailed review or in-depth consideration.

7.20 The board shall oversee the design and operation of the bank’s compensation system, and monitor and review the system to ensure that it is aligned with the bank or financial institution’s desired risk appetite and risk culture.

7.21 The board shall ensure that transactions with related parties (including internal group transactions) are reviewed to assess risk and are subject to appropriate restrictions (e.g. by requiring that such transactions are conducted at arm’s length terms).

7.22 In discharging these responsibilities, the board shall take into account the legitimate interests of depositors, shareholders and other relevant stakeholders.

7.23 The board shall ensure that the bank or financial institution maintains an effective relationship with supervisors.

7.24 The board shall have the ultimate responsibility for ensuring that senior management establishes and maintains an adequate, effective and efficient internal control system.

## 8.0 COMPOSITION OF THE BOARD

### Principle IV

There shall be a balance of skills, knowledge and relevant experience among directors in order to enhance the board’s effectiveness.

### Directives

8.1 The shareholders shall ensure that the majority of board members are non-executive directors, of which independent directors shall be in the majority.

8.2 When constituting the board, the shareholders shall ensure that the directors serving on the board have an appropriate mix of knowledge, skill and experience.

8.3 A balance should be sought between continuity in board membership, subject to performance and eligibility for re-election, as well as considerations of independence and the sourcing of new ideas through the introduction of new board members.

8.4 The chief executive officer shall be a non-voting member of the board.

8.5 The board shall be of sufficient size such that the requirements of the business can be met and shall not be so large as to be unwieldy.

8.6 A majority of the directors selected and appointed to the board shall be resident in Zambia.

## 9.0 BOARD COMMITTEES

### Principle V

The Board shall use committees where this would enhance its effectiveness in key areas while retaining its overall responsibility. Board committees are an aid to assist the board of directors in discharging its duties and responsibilities more effectively and efficiently. Committees should be made up of non-executive directors. Management shall not be included on these committees but may be invited to provide input on any matter that is of interest to the board.

### Directives

9.1 The Board shall, at a minimum, establish the following committees:

- (i) Audit Committee;
- (ii) Risk Management Committee;
- (iii) Loans Committee; and
- (iv) Nominations and Remunerations Committee.

9.2 Each board committee shall have a written charter that sets out its role, schedule of meetings and delegated responsibilities, whilst safeguarding the ultimate decision making authority of the board as a whole.

9.3 Each committee shall maintain appropriate records (minutes of the meetings and/or summary of matters reviewed and decisions taken) of their deliberations and decisions. Such records shall document the committees’ fulfilment of their responsibilities and help in the assessment, by those responsible for the control functions or the supervisor, of the effectiveness of these committees.

9.4 The proceedings of all committee meetings shall be reported back to the board to allow the other directors to be informed and to seek clarifications on matters deliberated on by the committee.

9.5 All board committees shall be chaired by an independent non-executive director.

9.6 All board committees shall be free to take independent, external professional advice, as and when they deem it necessary, at the bank or financial institution’s cost.

9.7 All board committees shall be subjected to regular evaluation by the board to ascertain their performance and effectiveness.

9.8 All board committees shall have relevant experience and shall possess a collective balance of technical skills and expert knowledge commensurate with the complexity of the institution and the duties to be performed.

9.9 The Nominations and Remuneration Committee shall only constitute of non-executive directors, of whom the majority shall be independent, and shall be chaired by the board chairperson.

9.10 The Nominations and Remuneration Committee shall ascertain whether potential new directors are suitable for the position and meet the requirements for appointment under the Banking and Financial Services Act.

9.11 The board shall consider occasional rotation of members and the chairperson of all board committees taking into account the technical skills, knowledge and experience required to sit on a particular committee.

9.12 The board chairperson shall not chair any of the board sub-committees except the Nominations and Remuneration Committee.

## 10.0 CONFLICT OF INTEREST

### Principle VI

The Board of directors shall put in place policies and processes to manage conflicts of interests.

### Directives

10.1 The board shall establish a formal policy to identify potential conflicts of interests and processes to manage them. The policy shall also include processes to ensure compliance with the policy. The policy shall include:

- 10.1.1 A member’s duty to avoid, to the extent possible, activities that could create conflicts of interest or the appearance of conflicts of interest;
- 10.1.2 Examples of where conflicts can arise when serving as a board member;
- 10.1.3 A review or approval process for board members to follow before they engage in activities that have the potential to lead to a conflict of interest (such as serving on another board) in order to ensure that such activities will not lead to a conflict of interest;
- 10.1.4 A member’s duty to disclose any matter that may result, or has already resulted, in a conflict of interest;
- 10.1.5 A member’s responsibility to abstain from voting on any matter where the member may have a conflict of interest, a potential conflict of interest or where the member’s objectivity or ability to properly fulfil duties to the bank or financial institution may be otherwise compromised;
- 10.1.6 Procedures for transactions with related parties to be made on an arms-length basis; and
- 10.1.7 The manner in which the board will deal with non-compliance with the policy.

10.2 The board shall ensure that appropriate public disclosures are made, and that information is provided to the Bank of Zambia, relating to the bank or financial institution’s policies on conflicts of interest.

10.3 Directors shall ensure that their personal interests, or the interests of persons closely associated with them, shall not take precedence over the interest of the bank or financial institution.

10.4 Directors and officers who have an interest in a transaction to which the bank or financial institution is an actual or potential party shall disclose their interest to the board.

10.5 A director shall, at the beginning of each financial year, submit a ‘disclosure statement’ setting forth all business relationships, as of the date of the statement, and a summary of transactions during the preceding financial year, which might be considered to present issues of conflict of interest.

## 11.0 EVALUATION OF BOARD PERFORMANCE

### Principle VII

Self-evaluation is a proactive measure and best practice by boards that intend to excel to higher levels of performance. The review seeks to identify specific areas in need of improvement or strengthening and the results of the evaluation and any actions to be taken shall be discussed by the full board.

### Directives

11.1 The board shall, through the Nominations and Remuneration Committee, review the mix of technical skills, expert knowledge and experience and their diversity in order to assess its effectiveness. Such a review shall be by means of a peer review and/or a self-evaluation of the board, its committees and each director including the chairperson.

11.2 The evaluation shall be conducted annually, and every bank or financial institution shall be required to disclose, in the annual report, that this has been done. The evaluation report on the board and directors’ effectiveness shall be submitted to the Bank of Zambia on request.

11.3 The review and evaluation shall include, among other things, an assessment of the board’s:

- 11.3.1 Composition and independence;
- 11.3.2 Performance against its objectives;
- 11.3.3 Performance against the board charter;
- 11.3.4 Effectiveness in achieving the bank or financial institution’s strategic objectives and direction;
- 11.3.5 Effectiveness in managing and providing oversight over all the risks that the bank or financial institution is exposed to;
- 11.3.6 Effectiveness in ensuring that the bank or financial institution complies with all the laws, regulations, supervisory directives, the code of banking practice and its own internal policies;
- 11.3.7 Effectiveness in responding to financial distress and crises;
- 11.3.8 Responsiveness to shareholders’ and stakeholders’ concerns;
- 11.3.9 Maintenance and implementation of the board’s governance principles; and
- 11.3.10 Access to and review of information from management and the quality of such information.

11.4 The board shall establish a formal procedure for regular assessment of the performance of the board, board committees and individual directors based on objective performance criteria, in line with key performance indicators.

11.5 The board shall formulate key performance indicators derived from the strategic plans, risk appetite and tolerance statement and its objectives and use them to measure its performance.

11.6 The effectiveness of the board shall be evaluated against its functions, key roles, and performance and attendance standards for directors, the board and board committees.

11.7 The Nominations and Remuneration Committee shall review the results of the board evaluation.

11.8 The board shall state in the annual report that the appraisals of the board and its committees have been conducted.

11.9 Where a deficiency is identified in a director’s performance, a plan shall be developed and implemented for the director to acquire the necessary skills or develop appropriate behavioural patterns.

11.10 The action plan arising out of the evaluation shall be reported and discussed by the board and a consolidated summary of the whole process shall be reported to the full board.

11.11 The board shall appoint an independent non-executive director from within its ranks to lead the process of evaluating the chairperson’s performance.

11.12 On a periodic basis, the Bank of Zambia may require submission of assessments of the board’s performance or individual director’s report or meet the board or individual directors, from time to time, to provide avenues for the board or directors to give feedback and views to the Bank. Where the assessment indicates that the director’s performance is persistently below the expected performance standard, even after a training intervention, the Bank shall deem such a director as not being fit and proper to continue serving on the board of the bank or financial institution.

## 12.0 TRAINING AND DEVELOPMENT OF DIRECTORS

### Principle VIII

In order to help board members acquire, maintain and deepen their knowledge and enhance their skills and to fulfil their responsibilities, the board shall ensure that board members have access to programmes of tailored initial (e.g. induction) and on-going training on relevant issues. The board shall dedicate sufficient time, financial and other resources to achieve this purpose.

### Directives

12.1 The board shall establish a formal orientation programme to familiarise incoming directors with the bank or financial institution’s operations and its business environment, and to introduce them to their fiduciary duties, responsibilities, powers and potential liabilities.

12.2 The board shall establish policies and programmes for on-going director development to enhance governance practices within the board and in the best interests of the bank or financial institution and of other stakeholders.

12.3 The chairperson of the board shall regularly review and may agree with each director his or her training and development needs.

12.4 Directors shall receive regular briefings on matters relevant to the business of the bank or financial institution such as its risk management processes and exposures, changes in laws and regulations, accounting standards and policies, and broader financial sector developments that have an impact on the bank’s operations.

## 13.0 ROLES OF SENIOR MANAGEMENT

### Principle IX

It is the responsibility of senior management to conduct the institution’s business and affairs in an effective, responsible and ethical manner, consistent with the principles and direction established by the board through the strategic plan.

### Directives

#### Senior Management

13.1 Senior management shall have the necessary skills to manage the business and provide appropriate oversight and control over the key functional areas.

13.2 Senior management shall implement policies and strategies approved by the board and communicate them to all relevant staff.

13.3 Senior management shall establish adequate internal controls which are supported by an effective internal control function.

13.4 Senior management shall establish an effective enterprise-wide risk management framework that identifies, measures, monitors and controls the major risks that the bank or financial institution is exposed to. Additionally, management shall establish an effective compliance function that will ensure that the bank or financial institution complies with all laws and regulations, supervisory directives, industry codes of conduct and internal policies and regulations.

13.5 Senior management shall provide the board with timely and relevant reports on, among other things, the financial performance and condition of the institution, risk management strategies, exposures and practices and extent of compliance to laws and regulations, supervisory directives, industry codes of conduct and internal policies.

#### Chief Executive Officer

13.6 The chief executive officer shall be a suitably qualified person with appropriate and relevant experience and shall possess a proven track record at senior management level.

13.7 The chief executive officer shall not discharge his duties as chief executive officer and no public announcements on the appointment shall be made without prior written approval by the Bank of Zambia.

13.8 The chief executive officer shall be directly responsible for the day-to-day operations of the institution. The chief executive officer shall be conversant with the operations of the institution, risks to which the bank or financial institution is exposed to, the state of internal controls, legal, regulatory and industry practice requirements that the bank or financial institution is supposed to comply with, as well as current issues and policies affecting the financial sector.

13.9 Where the chief executive officer is absent for a period of at least three months, the board shall nominate a person to act in that role and shall seek the prior written approval of the Bank of Zambia.

#### Chief Risk Officer

13.10 The board shall designate a senior officer as Chief Risk Officer (CRO) or equivalent with overall responsibility for the bank’s risk management function. The officer appointed as CRO shall not assume his/her responsibilities without the prior written approval of the Bank of Zambia.

13.11 The CRO shall, among others, be responsible for:

- 13.11.1 Overseeing the development and implementation of the bank or financial institution’s risk management function.
- 13.11.2 Supporting the board in its development of the bank or financial institution’s risk appetite and risk appetite statement and for translating the risk appetite into a risk limits structure.
- 13.11.3 Managing and participating in key decision-making processes (e.g. strategic planning, capital and liquidity planning, new products and services, compensation design and operation).
- 13.11.4 Together with management, setting risk measures and limits for the various business lines and monitoring their performance relative to risk-taking and limit adherence.

13.12 The board shall ensure that the CRO has appropriate organizational stature, authority and the necessary skills and experience to oversee the bank or financial institution’s risk management activities.

13.13 The board shall ensure that the CRO is independent and has duties which are distinct from other executive functions. This requires the CRO to have access to any information necessary to perform his or her duties.

13.14 The CRO shall not have management or financial responsibility related to any operational business lines or revenue-generating functions. In this regard, the CRO shall also not serve as the chief operating officer, chief financial officer, chief internal auditor or in other senior management function outside the second line of defense.

13.15 The CRO shall report and have direct access to the board or its risk committee without impediment. The CRO shall have the ability to engage with the board and with senior management on key risk issues. Interaction between the CRO and the board and/or the board risk committee should occur regularly, and the CRO shall have the ability to meet with the board or the board risk committee without executive directors being present.

13.16 The appointment, dismissal and other changes to the CRO position shall be approved by the board. The bank or financial institution shall also disclose the reasons for such removal to the Bank of Zambia.

#### Chief Financial Officer

13.17 The chief financial officer, in addition to the requisite academic and professional qualification, shall be a member, in good standing, of a recognised national professional association of accountants.

13.18 The chief financial officer shall not discharge his duties as chief financial officer without the prior written approval of the Bank of Zambia.

#### Head of Compliance

13.19 Every bank or financial institution shall appoint a suitably qualified officer as head of the compliance function who shall be responsible for co-ordinating the identification and management of compliance risk.

13.20 In order to ensure security of tenure, the head of compliance may be removed or transferred only with the approval of the Board or through an internal administrative procedure in which it has been established that there was negligence in discharging the compliance function or other serious acts of omission and commissions in other financial or administrative matters.

#### Company Secretary

13.21 The company secretary of a bank or financial institution shall be a lawyer, or chartered accountant or chartered secretary or any person of similar capabilities that the Bank of Zambia may deem fit. The company secretary shall be an executive officer of the institution.

13.22 The company secretary shall provide the board as a whole and directors individually with detailed guidance on how they shall discharge their responsibilities.

13.23 The company secretary shall be responsible for facilitating the induction and continuing training of directors, and for assisting the chairperson of the board and the chief executive officer in developing the annual board plan and the administration of other strategic issues.

13.24 The company secretary shall be a central source of guidance and advice to the board, and to the bank or financial institution in general on matters of ethics and good corporate governance.

## 14.0 RISK MANAGEMENT

### Principle X

A bank or financial institution shall have an effective and independent risk management function, which shall have sufficient stature, independence, resources and access to the board of directors or the risk committee of the board.

### Directives

14.1 The board shall establish an independent risk management function, which shall be a key component of the bank’s risk management architecture and shall be primarily responsible for overseeing risk-taking activities across the enterprise.

14.2 The enterprise-wide risk management function shall have authority within the organization to oversee the bank or financial institution’s risk management activities. Key amongst the activities includes:

- 14.2.1 Identifying material individual, aggregate and emerging risks;
- 14.2.2 Assessing these risks and measuring the bank or financial institutions’s exposure to them;
- 14.2.3 Supporting the board in implementing, reviewing and approving the enterprise-wide risk governance;
- 14.2.4 Establishing a framework which includes the bank or financial institution’s risk culture, risk appetite, risk appetite statement and risk limits;
- 14.2.5 Ongoing monitoring of the risk-taking activities and risk exposures to ensure that they are in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs (i.e. capital planning);
- 14.2.6 Establishing an early warning or trigger system for breaches of the bank’s risk appetite or limits;
- 14.2.7 Influencing and, when necessary, challenging material risk decisions; and
- 14.2.8 Reporting to senior management and the board or board risk committee, as appropriate, on all these items, including but not limited to proposing appropriate risk-mitigating actions.