Instruction No. 04/GR/2022 on Corporate Governance in Banks

BANQUE CENTRALE DE MAURITANIE Nouakchott, 31 March 2022 [Contact Details]

INSTRUCTION NO. 04/GR/2022 ON CORPORATE GOVERNANCE IN BANKS

THE GOVERNOR OF THE CENTRAL BANK OF MAURITANIA: Having regard to Law No. 73-118 of May 30, 1973 establishing the Central Bank of Mauritania; Having regard to Law No. 2018-034 of August 8, 2018 on the statutes of the Central Bank of Mauritania; Having regard to Law No. 2018-036 bis of August 16, 2018 on the regulation of credit institutions; Having regard to Decree No. 08-2020 of January 21, 2020 appointing the Governor of the Central Bank of Mauritania; Having regard to Instruction No. 06/GR/2014 on corporate governance within credit institutions; Having regard to Instruction No. 001/GR/2012 defining internal control provisions for credit institutions; Having regard to Circular No. 07/GR/2020 governing the executive management function in banks; Having regard to the deliberations of the Prudential Resolution and Financial Stability Council dated March 30, 2022: DECIDES:

Chapter 1: General Provisions Section 1: Object, scope and definitions Article 1: This instruction determines the minimum governance rules to be observed by banks in application of commercial company law provisions and Law No. 2018-036 bis of August 16, 2018 on the regulation of credit institutions. It establishes principles of good corporate governance within banks as defined in Articles 41 to 58 of the aforementioned Law No. 2018-036. Article 2: The provisions of this instruction apply to banks, without prejudice to legislative and regulatory provisions imposing stricter rules. Article 3: For the purposes of this instruction, the following terms shall mean: Central Bank: The Central Bank of Mauritania established by Law No. 73-118 of May 30, 1973 and its amending statutes; Commercial Code: Law No. 2000-05 of January 18, 2000 establishing the Commercial Code and its subsequent amendments; Technical Committees: These committees include the management committee, credit committee, internal audit committee, risk committee, and any other committee created by the bank or mandated by the Central Bank; Risk Appetite: The overall risk that the board of directors is willing to assume to achieve the bank's objectives, defined by quantitative and qualitative elements; Executive Management or Executive Directors: The General Manager, the Deputy General Manager(s), and the Executive Director; Control Function: Independent structures from operational management. These include internal audit, risk management function, permanent control function, and compliance function; Corporate Governance: The set of principles and procedures for administration, management, and operation of the enterprise contributing notably to defining the bank's objectives, determining means to achieve them, and monitoring their implementation; Internal Control Instruction: Instruction No. 01/GR/2012 of January 9, 2012 defining internal control provisions for credit institutions; Banking Law: Law No. 2018-036 bis of August 16, 2018 on the regulation of credit institutions; Deliberative Bodies: The general meeting of shareholders, the board of directors, and specialized committees emanating therefrom; Executive Body: Members of structures contributing to the bank's day-to-day management and ensuring implementation of orientations defined by the board of directors. These include executive directors, other members of the management committee, the secretary general, heads of operational departments and committees, and heads of control functions; Governance Bodies: The entirety consisting of deliberative bodies and the executive body; General Risk Policy: The set of decisions establishing the bank's risk profile; Risk Profile: The assessment of the nature and degree of risks assumed by the bank.

Section 2: General governance principles Article 4: Banks must establish a robust governance framework adapted to their size, structure, nature and complexity of activities, and risk profile, through a clear organization ensuring well-defined and coherent sharing of responsibilities, and effective procedures for detecting, managing, monitoring and reporting risks to which they are exposed. Article 5: The banks' governance framework must in particular:

• be built on a strict separation of functions between deliberative and executive bodies;
• precisely define the responsibilities and obligations of members of these bodies;
• ensure the integrity and commitment of members, their competence, and their ability to understand the bank's activities, risks, and legal obligations;
• be developed and implemented ensuring consideration of all risks to which the bank is exposed, as well as the reliability and security of information systems;
• establish and formalize strategies, policies, and procedures to define and organize the various means necessary for achieving good governance;
• be adapted to the bank's organization, its structural diversity, and activity complexity;
• integrate mechanisms aimed at maintaining or restoring operations in case of disruption;
• continuously adapt based on changes resulting from strategy, policy, and external environment evolution, referencing best governance practices.

Chapter 2: Role of the General Meeting of Shareholders Article 6: The general meeting of shareholders must have access to complete, precise, and sincere information enabling it to exercise its statutory powers, notably regarding the appointment and determination of remuneration of directors and auditors, adoption of consolidated financial statements, approval of regulated agreements, and amendment of the articles of association. Article 7: The board of directors and executive management must ensure good organization of practical procedures for exercising shareholders' information and voting rights. They guarantee the sincerity and quality of information provided to shareholders. They must ensure access to information on bank operations in accordance with legal and regulatory provisions and statutory stipulations, particularly during annual general meetings. Article 8: The board of directors' annual management report to the general meeting, provided for in Articles 516 new and 517 of the Commercial Code, is a mandatory document containing all useful information for shareholders to assess bank activity during the past fiscal year, transactions carried out, difficulties encountered, results obtained, distributable result composition, proposed allocation of said result, financial situation, and growth prospects. The report must be supplemented with clear information on adopted strategy, incurred risks and their management, nature and results of controls performed, as well as elements to assess the bank's contribution to corporate social responsibility and sustainable development. When the bank has subsidiaries or participations, or controls other companies, the management report must contain the same information regarding them. Article 9: The notice of convocation to the general meeting addressed by the board of directors to shareholders specifies the agenda with a clear, precise, and detailed description of resolution proposals, and must be accompanied as needed by any relevant documents or information enabling shareholders to deliberate. The notice of convocation must be communicated to shareholders at least twenty-one (21) days before the holding of the general meeting.

Chapter 3: Role and responsibilities of the Board of Directors Section 1: General powers of the board of directors Article 10: The board of directors must facilitate shareholder participation in general meetings and consider minority shareholders' interests, notably through appropriate organization enabling them to exercise their right to question management. Decisions taken solely in the interest of majority shareholders to the detriment of minority shareholders, without being justified by the bank's interest, may be considered and sanctioned as abuse of majority power under Article 245 of the Commercial Code. The board of directors exercises its powers objectively vis-à-vis all stakeholders, considering the interests of the bank, shareholders, and other parties, promoting long-term growth and value creation prospects, and ensuring at all times the protection of depositors. Article 11: The powers of the board of directors are defined in Article 50 of the Banking Law. It is notably responsible, ultimately before shareholders and the Central Bank, for the institution's financial soundness, organization, risk management, internal control system, good corporate governance, and compliance with applicable laws and regulations. The board of directors defines and approves the bank's overall strategy, general governance framework, corporate culture, guiding principles, and values. It examines the proportionality of the governance framework provided in Article 4 of this instruction, periodically evaluates its effectiveness, and ensures corrective measures are taken to address identified shortcomings. It approves and regularly reviews strategies and policies governing risk taking, management, and monitoring. To enable this mission, the board of directors is informed by technical committees of all significant risks, risk management policies, and amendments thereto. The board of directors is responsible for the quality and reliability of financial information published and communicated by the bank. The management report is made available to shareholders at the bank's registered office at least twenty-one (21) calendar days before the general meeting. It is communicated to the Central Bank upon approval by the general meeting.

Section 2: Specific powers of the board of directors Article 12: In implementing its specific powers, the board of directors must in particular:

• continuously ensure the bank's situation regarding compliance with prudential ratios, and adequacy of equity and liquidity levels relative to the bank's risk profile;
• be informed and address dysfunctions identified following results of controls by internal structures, statutory auditors, external auditors, and the Central Bank;
• adopt annual financial statements in accordance with legal requirements;
• supervise the design and implementation of the bank's remuneration system, as well as related control processes;
• ensure transactions with related parties, including intra-group transactions, are identified, evaluated, and subject to appropriate requirements;
• ensure preservation and allocation of resources in accordance with the bank's corporate purpose;
• meet and exchange periodically (at least once a year) with heads of control functions, risk surveillance, and statutory auditors;
• avoid silos within the bank that could hinder information flow and lead to decisions made independently of a relevant structural part;
• promote a corporate culture valuing ethical behavior, adhere to these values, and ensure executive body and bank staff respect them;
• ensure the bank maintains regular relations with the Central Bank, notably within the framework of executive body implementation of requirements set in signed program contracts;
• review regulatory texts published by the Central Bank and monitor their implementation within required deadlines. The board of directors must in particular approve:
• all bank policies, procedures, internal regulations, and charters;
• the bank's risk appetite level and risk limits;
• decisions on activity outsourcing;
• projects for introducing new products or substantially modifying existing ones;
• important strategic initiatives and operations such as major acquisitions, changes affecting the business model, modifications to information systems and management processes;
• agency or representation office openings, as well as creation or acquisition of subsidiaries;
• governance, risk surveillance, and internal control frameworks. It must ensure implementation of said frameworks complies with all requirements set forth in internal control regulation.

Section 3: Obligations of the board of directors vis-à-vis the executive body Article 13: The board of directors must supervise management activities carried out by the executive body. To this end, it must in particular:

• select, supervise, and, where applicable, replace members of executive management;
• ensure the knowledge level and expertise of executive management members remain adapted to the nature of bank activities and risk profile;
• ensure executive management acts in accordance with defined and approved strategies and policies;
• monitor and evaluate performance of key executive body members, including heads of control functions;
• be informed of measures taken against heads of control functions, including disciplinary actions or transfers, and the reasons justifying them;
• hold regular meetings with executive management on bank situation, particularly to gather information and explanations informing its judgment;
• set performance objectives and remuneration levels for executive management adequate and coherent with long-term strategy and financial soundness. It is responsible under the same conditions for establishing corporate governance structures respecting this instruction's principles in subsidiaries located in Mauritania or abroad.

Chapter 4: Quality and composition of the Board of Directors Article 14: In application of Article 48 of the Banking Law, the board of directors consists of an odd number of members equal to or greater than seven (07). Regardless of the number of directors, no more than three (03) may be managers or employees of the concerned bank. It is prohibited for any person to serve as director in more than one Mauritanian credit institution, except where one is a subsidiary of the other.

Section 1: Appointment of board members Article 15: In application of Article 49 of the Banking Law, board members are appointed by the ordinary general meeting for a term not exceeding four (04) years, renewable unless statutes provide otherwise. The general meeting must select directors based on integrity and competence criteria, fixing their remuneration according to the bank's long-term interests and those of its shareholders. To this end, a formalized and transparent selection and appointment procedure for directors must be developed for shareholders and directors, setting criteria for selection and proposal to the director position. The procedure aims to define and ensure compliance with integrity, knowledge, competence, and experience criteria required for director functions, and to prevent conflicts of interest. Article 16: In addition to considering prohibitions under Article 46 of the Banking Law, integrity and competence criteria must be mandatorily examined before a director's appointment. Legal and regulatory capacity to sit on a board of directors must also be verified before appointment. Article 17: Each director's file is submitted to the Central Bank at least one (1) month before appointment, following the model attached to this instruction. Any updates to the director's file must be made during their term. In case of a vacancy before term expiration, the board president must promptly inform the Central Bank of departure reasons. If resulting from voluntary resignation or dismissal, this information must be accompanied by a detailed report. Article 18: The Central Bank may require modifications to the board composition if it finds certain members do not fulfill obligations per this instruction. The Central Bank may request to be heard by the board to present control results or governance quality assessments. The board may delegate a nomination committee with managing the appointment and training process for directors. In this case, the nomination committee prepares and proposes candidate files to the board, which informs shareholders through a transparent process, particularly during general meetings.

Section 2: Quality and independence of the board Article 19: Board members must at all times possess appropriate integrity and knowledge, notably in credit operations, financial analysis, information technology, strategic planning, governance, risk management, and internal control. They must possess necessary experience for their functions, particularly understanding all bank activities and main risks. Director competence is assessed based on training and experience relative to their powers. Article 20: The board must comprise members capable of forming independent judgments on bank activities. To this end, it must include at least one third independent directors. Article 21: A director is qualified as independent when they have no relationship with the controlling group to which the bank belongs or members of the bank's executive body, to avoid compromising their freedom of assessment and judgment. Criteria examined to qualify independence and prevent conflicts of interest include notably:

• not being a shareholder of the bank;
• not being an executive body member or employee of the bank, its parent company, a subsidiary, or affiliated company, and not having held one of these functions in the past five (05) years;
• not being an executive body member or employee, or having ceased these functions at least five (05) years ago, of a company in which the bank holds direct or indirect directorship;
• not being an executive body member or employee of a supplier or debtor client of the bank;
• not having been statutory auditor or external auditor of the bank in the past five (05) years;
• not being considered a related party under Article 23 of the Banking Law. The independent director qualification is reviewed annually by the bank's board and cannot be attributed to the same person beyond two terms. Remuneration received by an independent director, regardless of form, must not compromise independence. The Central Bank may decide that a director meeting the above criteria should not be qualified as independent when deemed to have an apparent or potential conflict of interest. It communicates the reasons for its decision to the bank. Article 22: Until the quota under Article 20 is met, all appointed or renewed directors must present characteristics qualifying them as independent directors.

Section 3: Continuous training of directors Article 23: The board ensures providing new members with appropriate training to enable them to quickly understand the nature of activities and risks, strategy, governance model, organization, as well as regulatory and institutional environment. The board ensures permanent updating of knowledge.