Corporate Governance Guidelines (Revised May 2013)

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 1 of 25 SUPERVISORY AND REGULATORY GUIDELINES: PU44-0508 Corporate Governance Guidelines Issued: 13 December 2001 Last Amended: 8 May 2013 GUIDELINES FOR THE CORPORATE GOVERNANCE OF BANKS AND TRUST COMPANIES LICENSED TO DO BUSINESS WITHIN AND FROM WITHIN THE BAHAMAS

1. INTRODUCTION 1.1 The Central Bank of The Bahamas (“the Central Bank”) is responsible for the licensing, regulation and supervision of banks and trust companies operating in and from within The Bahamas, pursuant to the Central Bank of The Bahamas Act, 2000 (“the CBA”) and the Banks and Trust Companies Regulation Act, 2000 (”the BTCRA”). Additionally, the Central Bank has the duty, in collaboration with financial institutions, to promote and maintain high standards of conduct and management in the provision of banking and trust services. 1.2 All licensees are expected to adhere to the Central Bank’s licensing and prudential requirements, ongoing supervisory programmes and regulatory reporting requirements, and are subject to periodic on-site examinations. Licensees are expected to conduct their affairs in conformity with all other Bahamian legal requirements.
2. PURPOSE 2.1 Corporate governance refers to the processes, structures and information used for directing and overseeing the management of an organization. In general, corporate governance involves the relationships between an organization’s Board of Directors (the Board), management, shareholders and other stakeholders, including its clients and employees. It provides the structure through which the objectives of the organization are determined, the strategies by which those objectives are developed and implemented, and the means by which the performance of the organization to achieve those objectives is monitored and controlled. 2.2 Corporate governance processes will differ from organization to organization. However, the fundamental elements of good governance always include active concern about, understanding of, and diligent discharge of responsibilities in a prudent manner. The care, diligence, skill, and prudence exhibited by a financial institution’s directors and senior management has a critical influence on its

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 2 of 25 viability, safety and soundness; its ability to execute its business strategy and achieve its business objectives; and its ability to engender confidence in and protect the interests of its depositors, creditors and other stakeholders. 2.3 For banks and trust companies, corporate governance relates to the manner in which the business affairs of each individual organization are directed and managed by its board of directors and senior management, and for branches of foreign banks, by the senior management of the parent foreign bank. For all of these organizations, it also includes the effective management of compliance with applicable laws, regulations and guidelines. Unlike other companies, these organizations are generally highly leveraged and most of the resources used by them to conduct their businesses belong to others, in particular to their depositors and other clients. Also unlike other companies, the operations of individual financial institutions can have systemic impact on the financial system as a whole. Consequently, as effective governance promotes the general stability and successful functioning of the overall financial system, the Central Bank of The Bahamas (the “Central Bank”) expects the corporate governance processes of its licensees to be effective and of a high standard. 2.4 These Guidelines focus on accepted best practices for effective organization-wide corporate governance and risk management. Good governance is not only essential to the operating effectiveness of an organization; it is good business and can enhance the reputation of that organization. In addition, good corporate governance is often associated with sound and profitable corporate performance. Consequently, it is sound business practice for an organization to be able to demonstrate at any point in time that it is adhering to the principles of an effective corporate governance regime. As such, disclosure of information about the organization to the public, shareholders and investors, where appropriate, should include a summary description of the licensee’s corporate governance process and risk management program, in addition to any required financial and other disclosures. 3. APPLICABILITY 3.1 These Guidelines apply to all banks and/or trust companies and branches of foreign banks [the “licensee(s)”], except nominee trust companies or restricted trust companies whose operations are limited to conducting business on behalf of one client or clients who are members of the same family. 3.2 These Guidelines set out the minimum standards that the Central Bank expects its licensees to adopt in respect of their corporate governance. The Guidelines are based on the premise that the directors are stewards of the organization, responsible for providing overall direction and oversight, and that senior management is responsible for carrying out the day-to-day operations of the organization and implementing an appropriate governance process and control program designed to produce a sound and profitable organization.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 3 of 25 3.3 These Guidelines are not intended to be prescriptive, but to provide direction and basic principles from which a corporate governance process can be developed and implemented, based on the unique character of each licensee. Failure to adhere to the basic principles set out in these Guidelines may call into question whether the licensee continues to satisfy the criteria necessary for the continuation of licensing. Such failure may also raise questions regarding the suitability of the members of the Board and senior management. 3.4 Licensees that are part of large international financial groups may be able to take advantage of the availability of group-structured governance processes that are generally in keeping with the basic principles articulated in these Guidelines. If the Board of a licensee chooses to put in place alternative measures, it must demonstrate to the Central Bank that such alternative measures have at least an equivalent effect on ensuring sound corporate governance. 3.5 Where a licensee is incorporated in The Bahamas and is a publicly listed company, it will also have to meet standards set by the Securities Commission of The Bahamas. In the event that a disparity exists between the standards set for such a company by the Central Bank and the Securities Commission, the higher of the two standards will have to be met by the licensee. 3.6 These Guidelines are to be read in conjunction with the following guidelines that relate to issues concerning the Board: a. Guidelines for Assessing the Fitness and Propriety of Applicants for Regulated Functions; b. Guidelines for the Minimum Physical Presence Requirements; and c. Guidelines for Managed Licensees. 4. THE PROCESS OF CORPORATE GOVERNANCE 4.1 Generally, the Board of a licensee should comprise (except where specific exemption has been granted) both executive and non-executive members, as appropriate to the organisation's needs, who are able to act independent of undue influence from internal and external sources. An individual may hold no more than four non-executive directorship positions in licensees of the Central Bank. However, the Bank may make an exception where a licensee is a part of a banking group that comprises two or more licensees, if the individual serves as a non￾executive director only for that banking group. Where an individual serves as a non-executive director for various entities within a banking group, comprising two or more licensees, such appointment will be counted as one of the four permitted by the Central Bank.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 4 of 25 4.2 The Board should separate the roles of Chairman of the Board and the Chief Executive Officer (CEO)/Senior Official I. This is regarded as a good practice as it contributes to achieving an appropriate balance of power by increasing accountability and enhancing the Board’s capacity for decision making independent of senior management. Where a licensee does not have this separation, the appropriate controls must be in place to ensure that management is sufficiently accountable to the Board (e.g. appointing sufficient independent non￾executive directors to ensure the leadership and independence of the Board is maintained). 4.3 The Board should exercise leadership, enterprise, integrity, independence and judgment in directing the affairs of the licensee. The Board is ultimately responsible for ensuring that an adequate, effective, comprehensive and transparent process of corporate governance, which is consistent with the unique character of the licensee and the nature, complexity and risks inherent in the licensee’s business activities, and which is able to respond to changes in the licensee’s business environment, is implemented and maintained. The members of the Board should understand their accountabilities to various stakeholders of the licensee, and be committed to their interests, so that they can successfully fulfil their fiduciary responsibilities to them. In that regard, the organization’s corporate governance process should be effectively communicated to its appropriate internal and external stakeholders. 4.4 The Board is initially responsible for setting and confirming the organization’s strategic direction, business focus and corporate values. As such, it is critical for a licensee to be able to proactively identify and understand the significant risks that it faces in achieving its business objectives through its business strategy and plans, as well as to be able to demonstrate appropriate, effective and prudent management of those risks. Such understanding is fundamental to establishing appropriate business strategies and plans, to decision-making, and to implementing risk management policies, procedures and controls. The process of corporate governance includes the responsibility to maintain appropriate and effective risk management and encourage safe and sound business practices. The Board may appoint supporting committees and engage management to assist it in fulfilling these responsibilities. The Board may delegate authority to management, but not its ultimate responsibility. 4.5 The licensee’s senior management is responsible for the day-to-day operations of the business, serving as a link between the Board and staff. The senior management is responsible for: a. Implementing the licensee’s strategic plan; b. Keeping the Board adequately informed about the performance of the licensee through financial and management reports and the reports prepared by internal auditors, external auditors, the compliance officer and regulators;

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 5 of 25 c. Advising the Board on the appropriate organisational structure, and ensuring that the quantity and quality of staff resources are available to carry out all tasks, including internal audit and compliance; d. Implementing and maintaining risk management systems appropriate to the scale, nature and complexity of the licensee; e. Delineating and documenting the areas of responsibility for each staff member, and ensuring that reporting lines are clear and appropriate, in the context of the scale, nature and complexity of the licensee; f. Communicating the licensee’s strategic direction, reporting lines and risk tolerances throughout the organization; and g. Overseeing management information systems to enable timely and accurate dissemination of information to the Board and regulators. 4.6 Where a licensee is a branch of a foreign bank physically located in The Bahamas, the local senior management is expected to: a. Assume the responsibilities set forth in these Guidelines for the Board of Directors of an organization; b. Ensure that the principles of good governance and risk management in these Guidelines are appropriately adapted to and addressed in the management of the branch, in a manner suitable to the nature of their individual operations; c. Satisfy the requirements, where applicable, of the responsibilities of senior management as outlined above ; d. Ensure compliance with the local laws and regulations; e. Ensure that appropriate organisational structure and accountability framework are in place to ensure effective oversight of all key inherent risk areas of the branch’s local operations; and f. Ensure that the management processes and risk control systems and procedures that have been implemented for the parent bank and utilised by the local branch are compatible with the requirements of these Guidelines. 4.7 Management, under the general direction of and oversight by the Board, should develop and implement a comprehensive risk management system commensurate with the scope of the licensee’s activities, incorporating continuous identification, measurement, monitoring and controlling of risk. The Board itself should specifically address significant issues in the system’s development and implementation, as well as implement an effective process to independently determine that the risk management system is appropriate and ensure that its effectiveness is regularly assessed.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 6 of 25 4.8 Such systems use: a. accurate and reliable management information systems; b. timely and relevant risk analysis and reporting; c. thorough control standards, processes, and programs; and include: a. oversight through external auditors; and b. where the size and nature of a licensee’s businesses warrant, as determined by the Board, separate and independent risk management and internal audit functions. 4.9 Using these systems, the Board, utilizing the advice of management, should periodically: a. obtain reasonable assurance that the organization has an ongoing, appropriate, and effective strategic management process; b. obtain reasonable assurance that the organization has an ongoing, appropriate and effective risk management program; c. obtain reasonable assurance that the organization operates within an appropriate and effective control environment; d. reassess the organization’s business objectives, strategies and plans; and e. discuss and approve all significant policies and procedures for the organization.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 7 of 25 Risk Management 4.10 The conduct of the business of a licensee entails the management of strategic, business, and process-level risks throughout the organization on a consolidated basis. Depending on the specific types of businesses conducted by individual licensees, such risks1 may include: a. credit risk b. liquidity risk c. market risk d. interest-rate risk e. fiduciary risk f. reputation risk g. operational risk h. technology risk i. compliance risk j. settlement risk k. legal risk l. other risks (e.g., country risk and transfer risk) that are identified as material to the particular business of a licensee. 4.11 These risks are generally associated with the businesses conducted by banks and may not always be applicable to the activities of trust companies. The Board and management of each licensee should analyze its own existing and prospective business, products and services to identify and measure the types and significance of the current and potential risks that must be managed and controlled, both individually and taken together. The Board and management should develop and implement appropriate and prudent risk management policies and procedures and monitor their effectiveness through timely, accurate, relevant and complete information systems. Provision should also be made for appropriate action to deal with extraordinary events; i.e., contingency plans. 4.12 The overall effectiveness of the process of corporate governance and risk management should be continuously monitored and periodically evaluated by the Board, either directly or possibly through committees thereof. Committees that might be considered include, as appropriate, an executive committee, risk management committee, credit committee, trust/fiduciary committee, asset and liability committee, audit committee, compliance committee, compensation

1 A brief description of key risks is provided in Appendix 1.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 8 of 25 committee, nominations committee or other committees responsible for other specific aspects of a licensee’s business.2 Annual Review 4.13 At least annually, the Board, utilizing the advice of management, should assess and document whether the corporate governance process that it has implemented successfully achieves its objectives and, consequently, whether the Board itself is fulfilling its own responsibilities. The Board should also regularly assess the effectiveness of its overall governance process and make changes, as necessary. 4.14 In addition, the Board should also determine that the licensee’s capital level is adequate for the nature and level of risks assumed throughout the entire organization. In this regard, the Board and management should consider and plan for the licensee’s current and prospective capital adequacy, through evaluation of projected capital needs and profitability, implementation of an appropriate earnings retention policy, and recognition of external sources of additional capital. 4.15 In its review, the Board should determine that: a. the licensee’s overall risk profile is sound and prudent and that risk is properly managed; b. new (or significant changes to) policies and procedures are appropriately reviewed and approved; c. the licensee’s internal controls provide reasonable assurance of the integrity and reliability of its records; safeguard, verify and maintain accountability for its assets; and, properly recognize its liabilities, both on and off-balance sheet; d. the internal controls are based on established policies and procedures and are implemented by trained, skilled personnel whose duties have been segregated appropriately; e. adherence to the established internal controls is continuously monitored; f. the management information systems and accounting records are complete, accurate, and timely; g. issues of concern are identified and addressed and corrective action taken in a timely manner; h. all management and staff are required to maintain high corporate values and ethical standards, pursuant to the licensee’s established code of conduct; and i. independent non-executive directors have met the requirements for independence as set out in Section VII of these Guidelines.

2 A brief description of key committees that might be considered is provided in Appendix 2.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 9 of 25 4.16 The Board should assess whether the licensee’s control environment is appropriate and effective, taking into account the licensee’s unique character, approach to governance, management and communications style, organizational structure, resource availability, procedures and controls, and the conduct of its staff. 4.17 Through such a review, the Board and management will demonstrate to the Central Bank: a. the overall effectiveness of their program to protect the interests of depositors, creditors and other stakeholders; b. their ability to effectively identify, measure, manage and control significant business activities and the risks associated with those activities; and, c. their ability to address risk and control issues raised through internal and external audit, relevant supervisory authorities and other sources. 4.18 The annual review should document the Board of Directors’ remuneration scheme. Generally, Non-Executive Directors are not paid a salary, but rather, are paid a fee for their services. In the instance where non-executive directors have received or receive additional remuneration from the company apart from a director's fee, the same should be documented in the annual review along with the rationale and disclosed to the Central Bank by way of the annual Corporate Governance Certificate. Annual Certification 4.19 Annually, within 120 days of the end of each calendar year, the Board will be required to provide a certification3 to the Central Bank’s Inspector of Banks and Trust Companies (the “Inspector”), as to the licensee’s compliance or otherwise with the contents of these Guidelines. Additionally, the certification should also state that, using the advice and assistance of management, the Board has independently assessed and documented whether the licensee’s corporate governance process is effective and whether it has successfully achieved its objectives. The Board must report any material deficiencies and problems that are identified within the licensee, along with action plans and timetables for their correction.

3 An example of an Annual Certification that might be considered is provided in Appendix 3.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 10 of 25 5. THE RESPONSIBILITIES OF THE BOARD OF DIRECTORS 5.1 In order to ensure effective management of risk and meet its overall corporate governance responsibilities to the licensee’s clients and other stakeholders, including the Central Bank. 5.2 The Board should ensure competent management by: a. appointing a chief executive with integrity, technical and managerial competence, and appropriate experience; b. overseeing and participating in the appointment of other senior executives with the skills necessary to manage and supervise the licensee’s business and staff; c. setting performance-based compensation policies, programs, goals and standards for senior management and reviewing the compensation programs established by senior management for other management and staff; d. establishing a comprehensive framework for and then overseeing management’s setting and enforcing clear lines of responsibility and accountability throughout the organization; e. effectively evaluating management’s performance; f. developing and regularly updating a management succession plan; and g. establishing standards of business conduct and ethical behaviour. 5.3 The Board should clearly define and document its own authorities and responsibilities, including those of its Chair, as well as those of senior management and provide checks and balances over the actions of senior management. 5.4 Effective corporate governance requires a high level of cooperation between the Board and management. Management supervision is one of the Board’s most direct responsibilities. The Board should ensure that the licensee’s day-to-day operations are in the hands of qualified, honest and competent management and that managers understand their responsibilities. Management should be fully accountable to the Board. 5.5 The Board of each licensee should ensure that the organization has clearly established its objectives and developed a strategy to achieve them. Business plans should be established to direct the day-to-day activities of the licensee. The Board should approve these objectives, strategies and plans and ensure that performance against them is regularly reviewed, providing for necessary corrective action and redirection. The annual budgeting process and periodic reviews of budget performance is an integral part of any planning and performance monitoring

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 11 of 25 process. The Board should also approve budgets and review performance against those budgets. In addition, the overall operating policies, standards and procedures that govern the licensee’s day-to-day business activities should be periodically reviewed, revised and updated when necessary, and receive Board approval. Comprehensive contingency plans, addressing all significant risks identified in the organization, should be put in place and tested and updated regularly. 5.6 The Board, utilizing the advice of management, should ensure that the internal control systems of the licensee are effective and that the licensee’s operations are properly controlled and comply with policies and procedures approved by the Board, with laws and regulations of The Bahamas, and with guidelines and other regulatory and supervisory requirements of the Central Bank. The Board and management should consistently demonstrate their strong commitment to implementing an effective risk control environment throughout the organization. The Board should ensure that management implements an effective, independent reporting and assessment process (i.e. internal audit or equivalent) to confirm to the Board the appropriate application of control policies and procedures. The Board should ensure that management takes corrective action when deficiencies are identified in the licensee’s control and compliance systems. 5.7 The Board should ensure that management develops, implements and oversees the effectiveness of comprehensive know-your-customer standards, including appropriate policies and procedures that address customer acceptance and identification, as well as ongoing monitoring of accounts and transactions, in keeping with the requirements of relevant law, regulations and guidelines. 5.8 The Board must also appoint a Compliance Officer (CO), who may also function as the Money Laundering Reporting Officer (MLRO), in keeping with regulation 5 of the Financial Intelligence (Transactions Reporting) Regulations, 2001, to be responsible, under its guidance, for ensuring that the licensee is in full compliance with the laws of The Bahamas. The CO and MLRO should be independent and free from influences that may affect his/her ability to perform his/her duties objectively. In particular, senior management (i.e. Senior Officer I & II/Senior Official I & II) of licensees, exclusive of restricted licensees, should not be appointed to such posts. Licensees that are subject to this requirement may request a waiver, provided that they are able to demonstrate to the Central Bank that: a. there is sufficient independence; b. no client interfacing relationship role is assumed by the individual; c. all business is introduced by the group (as an eligible introducer); and d. the individual is in a position to act independently. Where a waiver is granted in this instance, the licensee will be required to submit an annual formal attestation by the Board that these conditions continue to apply. Furthermore, domestic commercial banks should have an independent compliance resource in each branch or an independent compliance resource, which supports a

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 12 of 25 centralised compliance function. The CO and MLRO should also have direct, unrestricted access to the Board and/or Group Compliance. 5.9 The Board may also use the determinations of the licensee’s independent risk management and internal audit functions, if they are used, to provide information on and safeguards for control effectiveness. 5.10 The Board should ensure that the licensee complies with established Bahamian financial services industry codes of conduct and practice. It should also set the licensee’s own standards of business conduct and ethical values that are communicated throughout the entire organization. The Board should establish procedures to identify, monitor, and manage potential conflicts of interest of Board members, management and significant shareholders, and abuses in related party transactions, as well as an overall process to monitor adherence to established standards of business conduct and ethical behaviour. Specifically, transactions with related parties and the write-off of material related party exposures or those which pose special risks should be subject to prior approval by the licensee’s Board. Additionally, Board members with conflicts of interest should be excluded from the approval process of granting and managing related party transactions. Of particular importance would be the Board’s policies regarding “self-dealing” (i.e., the policies and controls on business conducted with related parties and the directors themselves), the potential misuse of corporate assets, or the possible use of privileged information for personal advantage. It should likewise require that systems be in place to ensure that necessary confidentiality is maintained and that the privacy of the organization itself and its clients is not violated, that clients rights and assets are properly safeguarded, that no benefit can be gained from the improper use of confidential information, and that preferential treatment is not permitted. The Board should also ensure that the organization’s compensation and benefits policies are consistent with its ethical values, objectives, strategies, business operations and control environment. 5.11 The Board should regularly review the licensee’s financial statements and supporting documentation to ensure that they properly reflect the organisation’s underlying current and prospective financial condition and the status of its business plans. The Board’s review should include an assessment of the effectiveness and reliability of the organization’s financial reporting and analysis function. 5.12 The Board should determine that the licensee can demonstrate that its operations, individually and collectively: a. are subject to effective governance and managed in accordance with appropriate, effective and prudent risk management processes; b. are supported by an appropriate control environment; c. effectively make use of the work of the internal (if used) and external auditors; and

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 13 of 25 d. identify significant issues related to the overall governance process and that appropriate, timely actions are taken to address issues of concern. 5.13 Such determinations might be made through the use of self-assessments, stress/scenario tests, and/or independent judgments made by external advisers. 6. OPERATIONS OF THE BOARD OF DIRECTORS 6.1 As stated above, the full Board is ultimately responsible for the overall conduct of a licensee’s business affairs. The full Board should meet with such frequency as reflects the complexity, volume of activity and condition of the licensee. The Board should document its decision as to the frequency of its meetings. However, the Central Bank may request, based on examination findings, more frequent meetings of the Board. Boards may wish to take advantage of technological advances in modern telecommunications, such as for example, video conferencing, as this may obviate the need for Directors from different jurisdictions to be physically present in the same locale for Board meetings. A licensee’s Board should ensure that its meetings are regulated in compliance with the licensee’s articles or byelaws. 6.2 Instead of involving the full Board in every management matter, the full Board may choose to supervise major functional areas through specialized committees of the Board and/or committees comprising directors and appropriate senior management, while still ensuring that the full Board remains fully knowledgeable of the affairs of the licensee and is ultimately responsible for the decisions of each committee. The use of such committees should be dictated by the complexity and type of business activities of the licensee. To be effective, such committees should meet regularly as the needs of their particular responsibilities dictate. 6.3 The Board should periodically reconstitute itself and its committees, if any, by selecting new directors to replace long-standing members or those whose contribution to the organization or the committees is not adequate. In this regard, licensees should have in place a formal and transparent procedure for the appointment of new directors. 6.4 Committees, when used, should be established with clearly defined objectives, authorities, responsibilities, and tenure and the requirement that they report regularly to the full Board. The Board should ensure that the structure of each committee is suitable to the licensee’s size and business activities, the Board’s composition, and each individual director’s expertise. Typical specialized committees that might be considered are described in Appendix 2. 6.5 Particular attention should be given to establishing appropriate methodologies for the Board’s direct and indirect oversight of the management of significant areas of risk exposure; e.g., management of credit risk, liquidity, capital adequacy, compliance, control systems, audit, etc.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 14 of 25 6.6 The Central Bank recommends that, where it is appropriate for a licensee’s board to constitute the following committees, such committees should be composed entirely or predominantly of INEDS [in the absence of other corporate governance protections in the group, such as group-wide specialized committees whose reports are also being made available to the full Board], given that these committees cover particularly sensitive areas where a potential for conflict of interest exists: a. Nominations Committee; b. Audit Committee; and c. Compensation Committee. 7. THE ROLE OF INDEPENDENT NON-EXECUTIVE DIRECTORS (INEDS) 7.1 INEDs are intended to provide checks and balances to ensure that licensees operate in a safe and sound manner and that the interests of the institution are protected. It is considered sound practice for licensees to consider direct reporting of the internal audit function to the Board through an audit committee or other structure comprising a majority of independent members. It may be beneficial for INEDs to meet in the absence of bank management at least annually with the external auditor and the heads of the internal audit, compliance and legal functions. This can strengthen the ability of a bank’s Board to oversee management’s implementation of the Board’s policies and to ensure that a licensee’s business strategies and risk exposures are consistent with risk parameters.4 7.2 A Board should regularly re-evaluate the mix of skills that it needs to be effective and be willing and able to change its composition accordingly over time5 . Therefore, rigorous reviews should be undertaken before INEDs who have served for a period of six years or more are considered for reappointment or re-election, as the case may be. 7.3 All directors, including INEDs are encouraged to make contact with the Central Bank via the Inspector, to discuss matters of mutual concern. Further, upon resigning from the board, all directors, including INEDs are encouraged to inform the Central Bank and provide an explanation for the decision, either by way of written correspondence or in person, by scheduling a meeting with the Inspector.

4 See Enhancing corporate governance for banking organization, the Basel Committee on Banking Supervision, February, 2006, which is a revised version of the 1999 paper and was published to assist supervisors in promoting the adoption of sound corporate governance practices by banks in their countries. 5 See A Review of the Role and Effectiveness of Non-Executive Directors, Derek Higgs Report, 2003

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 15 of 25 8. REQUIREMENTS FOR INDEPENDENT NON-EXECUTIVE DIRECTOR 8.1 An INED is a member of the Board who is not materially dependent on the licensee, and so not prejudiced in his/her ability to exercise independence of judgment or action. Hence, an INED is a member of the Board who is not an officer or employee of the licensee and does not have any business or other relationship, which could interfere with the exercise of his/her independent judgment. Licensees should be aware that the Central Bank places the onus on the Board to explain the reasons why it considers a director independent, notwithstanding the existence of relationships or circumstances (listed a-i below) which may suggest otherwise. 8.2 It is important for an INED to be free from any situation that might compromise his/her ability to be objective. Generally, any banking relationship between a licensee and an INED should be conducted at arm’s length and under normal commercial terms. 8.3 In particular, the following persons are not independent: a. an individual who holds the position of Senior Official I or II/Senior Officer I or II of another licensee; b. an individual who is, or at any time in the past three years was, employed by the licensee or a parent or subsidiary of the licensee; c. an individual whose immediate family member6 is or was employed as an executive officer of the licensee, its parent or subsidiary in the past three years; d. an individual who, or whose immediate family member, has received compensation from the licensee within the past three years, with the exception of: i. fees for Board or Board committee service; ii. payments arising solely from investments in the company’s securities; iii. compensation paid to an immediate family member who is a non-executive employee of the licensee, its parent or subsidiary; and iv. pension or other forms of deferred compensation that is for prior service and not contingent upon continued service. e. an individual who, or whose immediate family member is a current partner in, or a controlling shareholder or executive officer of any organization to

6 Immediate family member refers to a person’s spouse, parents, children, and siblings, whether by blood, marriage, or adoption, or anyone residing in such person’s home.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 16 of 25 which the licensee made, or received payments for property or services in the current or any of the past three years, that exceed 5% of the recipient’s consolidated gross revenues7 ; f. an individual who, or whose immediate family member exercises voting control of 5% or more of the share capital of the licensee; g. an individual who, or whose immediate family member is, or at any time during the past twelve months, was a partner or professional employee of an accounting firm engaged as the licensee’s external auditor8 ; h. an individual who has obtained a loan from the licensee under special circumstances or conditions; i. an individual who has obtained a loan that has fallen into arrears; and j. an individual who represents any shareholder. 8.4 Licensees should note that this list is not exhaustive and the Governor may set additional criteria or grant specific exemptions under special circumstances. 9. DISCLOSURE 9.1 When seeking the approval of the Central Bank for the appointment of an INED, the licensee should clearly state whether, in its opinion, the proposed individual meets the test of independence as outlined in these Guidelines. 9.2 Each licensee’s annual Corporate Governance Certificate should disclose the names of all INEDs. Additionally, the Board should certify that the INEDs continue to meet the requirements of independence as stated in Section VII of these Guidelines. In the event that a director does not meet these requirements, an explanation should be given. 10. DUTIES OF DIRECTORS 10.1 All directors of a licensee have a duty to perform their functions with diligence and care and with such degree of competence as can reasonably be expected from persons with their knowledge and experience.

7 It follows that, for example, a lawyer who acts for his firm in providing legal services to the licensee could still be regarded as “independent” if the 5% limit is not breached. 8 The Central Bank recognizes that public accountants are guided by international and local codes of conduct that provide direction with respect to the independence and objectivity of relationships with clients. The code and regulations prohibit an accountant performing the attestation function, or any person with whom the accountant has a direct or material indirect relationship from serving as an officer or director of a client. It is generally expected that an auditor would not serve as a director at any time while his firm is engaged to perform the audit, including periods subsequent to the actual year-end date, but before the audit report is completed and signed. Notwithstanding these provisions, the Central Bank will impose a one-year cooling-off period that will apply specifically to external auditors.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 17 of 25 10.2 All directors of a licensee have a duty to ensure that the risks that are of necessity undertaken by the licensee in the conduct of its business are managed in a prudent manner. 10.3 All directors of a licensee have a duty to require that management provide them with adequate, appropriate and substantive information on the activities and operations of the licensee. 10.4 All directors of a licensee have a duty to independently assess and question the policies, processes and procedures of the licensee, with the intent to identify and initiate management action on issues requiring improvement. 10.5 All directors of a licensee should have a basic knowledge and understanding of the conduct of the business of the licensee and the laws, regulations, guidelines, other regulatory requirements, and the customs and practices that govern that business. Although not every director is expected to be fully conversant with every aspect of the business of the licensee, the competence of every director should be commensurate with the nature and scale of the overall business. Directors should work to acquire the knowledge and skills necessary to perform their functions on assigned specialized committees of the Board effectively, if such committees are used. 10.6 All directors, in exercising any authorities of a director or discharging any of their duties as a director should: a. act with honesty, integrity and good faith with the view to the best interests of the licensee and its clients; b. exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances; c. exercise independent judgment in their approach to decision-making and problem-solving; d. act on a fully-informed basis; e. understand and devote sufficient time to their responsibilities; f. act only within the scope of their authority; and g. recognise and guard against conflicts of interest in dealing with the licensee, taking into account the interests of all stakeholders.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 18 of 25 Appendix 1 Key Risks for Banks and Trust Companies Credit Risk The risk to earnings or capital arising from the potential that a borrower or counterparty will fail to perform on an obligation. Liquidity Risk The risk to earnings or capital arising from the potential that an organization will be unable to meet its obligations as they come due because of an inability to liquidate assets or obtain adequate funding, or that it cannot easily unwind or offset specific exposures without significantly lowering market prices because of inadequate market depth or market disruptions. Market Risk The risk to earnings or capital resulting from adverse movements in market rates or prices, assessed based on consideration of the interaction between market volatility and the organization’s business strategy. Interest-Rate Risk The risk to earnings or capital resulting from adverse movements in interest rates. Fiduciary Risk The risk to earnings and capital resulting from a breach of duty in advising on, or in holding, administering, managing or investing the assets of a client or other third party. Reputation Risk The risk to earnings or capital arising from the potential that negative publicity regarding an organization’s business or ethical practices will cause a decline in the customer base, costly litigation or revenue reduction; such risk often arises from the mismanagement of other risks.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 19 of 25 Operational Risk The risk to earnings or capital arising from the potential those inadequate information systems, operational/transactional problems in service and product delivery, breaches in internal controls, fraud, failure to adjust properly to changes in the operating complexities of the markets, or unforeseen catastrophes will result in unexpected losses. Settlement Risk The risk to earnings or capital arising when the completion or settlement of a financial transaction fails to take place as expected. Settlement risk is often associated with credit risk, liquidity risk, market risk, operational risk and reputation risk. Technology Risk The risk to earnings or capital arising from inadequate, obsolete, or mismanaged technology or from a failure or interruption in technology caused by events within or outside the organization. Outsourcing/Third-Party Relationship Risk The risk to earnings or capital arising from a decline in service quality, accuracy, security or response time on the part of a third party that provides products and services that the organization would otherwise provide for. Compliance Risk The risk to earnings or capital arising from violations, or non-compliance with, laws, regulations, guidelines, other regulatory directives, prescribed business practices or ethical standards. Legal Risk The risk to earnings or capital arising from the potential that unenforceable contracts, lawsuits or adverse judgments may disrupt or otherwise negatively affect the operations or financial condition of the organization. People Risk The risk to earnings or capital arising from the inadequacies in the competencies, capabilities or performance of an organization’s personnel, failure to provide for management succession or staff back-up, or human error, negligence or misconduct.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 20 of 25 Strategic Risk The current and prospective impact on earnings or capital arising from faulty business strategies and decisions, improper implementation of strategies and decisions, or lack of response to industry changes. Country Risk and Transfer Risk Country (or Sovereign) Risk is the risk to earnings and capital arising from the effects on business activities of trends and movements in the economic, social, and political conditions in a country. Country Risk is a factor often associated with the evaluation of Credit Risk. Transfer Risk focuses specifically on the availability of foreign exchange to service cross-border obligations.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 21 of 25 Appendix 2 Key Specialized Committees of the Board of Directors Executive Committee The Executive Committee usually manages matters that require the Board’s review, but arise between full Board meetings. It can relieve the full Board of the responsibility of detailed review of information and operational activities. Generally, all major functions of the organization will be subject to review and approval by the committee, and the work of the other Board committees will be coordinated by it. The committee would usually be composed of both executive and independent9 , non-executive directors. The Central Bank recommends that where it is appropriate for a licensee’s Board to be constituted of the following committees, INEDs should have a leading and influential role. Risk Management Committee The Risk Management Committee provides general oversight of senior management’s activities in managing the overall range of risks to which the organization is subject. It monitors and reports to the full Board on the process of risk identification, measurement, monitoring and control. Credit Committee The Credit Committee ensures that the organization’s credit policies are adequate and activities related to extending credit, in all forms and types, are conducted in accordance with established policies and relevant laws, regulations, guidelines, accepted business practices and ethical standards. It also serves a vital role in monitoring credit quality throughout the organization and ensures that the management of the credit process is appropriate and effective. It may also participate in evaluating certain credit applications and making significant credit decisions. Trust/Fiduciary Committee The Trust/Fiduciary Committee ensures that the organization’s activities related to advising on, or holding, administering, managing or investing the assets of clients or other third parties, are conducted in accordance with established policies and procedures and relevant laws, regulations, guidelines, accepted business practices and ethical standards.

9 Members of committees are considered independent if they have no relationship to the organization that would interfere with the exercise of their autonomy from the organization and its management.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 22 of 25 Asset and Liability Committee The Asset and Liability Committee oversees the organization’s operations relating to interest-rate risk, market risk and liquidity risk and, in particular, ensures that the organization has adequate funds to meet its obligations. Other functions of the committee are dependent on the organization’s lines of business and asset/liability mix. Audit Committee The Audit Committee provides direct oversight of the organization’s internal and external audit functions, supervising the quality and integrity of all external financial reporting, and assisting the Board in providing for independent review of the effectiveness of the reporting processes and internal control systems. The Committee may also oversee the activities of the independent risk management function, if any. The majority of the members of this committee should usually be INEDs; managers and staff of the organization should not be included as members of this committee. The committee may also oversee the activities of the independent risk management function, if any. Compliance Committee The Compliance Committee oversees senior management’s activities, through the Compliance Officer, to ensure that the organization complies with all laws, regulations, guidelines, other regulatory and supervisory requirements, accepted business practices and ethical standards. Compensation Committee The Compensation Committee reviews and advises the Board on compensation policies, programs, goals and standards for senior management and reviews the compensation programs established by senior management for other management and staff. This committee should also be responsible for establishing the compensation policy for the Board itself, including appropriate compensation for work on committees of the Board. All of the members of this committee would usually be INEDs. Nominations Committee The Nominations Committee oversees the periodic assessment of the effectiveness of Board members and directs the process of renewing and replacing Board members. The composition of this committee should represent a balance of both executive and non￾executive directors. The committee should be made up of entirely or predominantly INEDs. The board may also wish to implement term limits for all directors to allow new members to be regularly introduced to the Board. Additionally, the licensee needs provisions in place to handle the smooth transition between the departure of directors whose tenure has expired, and the induction of new board members.

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 23 of 25 Appendix 3 [Name of Institution] Board of Directors’ Annual Certification To the Central Bank of The Bahamas [The objective of these Corporate Governance Guidelines is to reassert the role of the Board of Directors. The rationale behind the type of certification described below is to reinforce accountability at the Board level, but to leave the certification sufficiently non￾prescriptive so that the Board and senior management are approaching the certification from a high-level analytic viewpoint versus a mechanistic approach that may not cover all aspects of corporate governance. The written certification, required annually, within 120 days of the end of each calendar year, shall contain the following:] a. A statement to the effect that the Board is familiar with the contents of the applicable Central Bank guidelines and acknowledges its role and responsibilities under those guidelines; b. A list showing the names of all INEDs indicating whether the Board considers that each INED continues to meet the requirements for independence set out in Section 8 of these Guidelines. Where, for any individual, there is a change in categorization from the previous year, a brief explanation for the change should be provided. In the instance where the INED has received or receives additional remuneration from the company apart from a director's fee, it should be disclosed along with the rationale; c. A statement indicating whether the Board is performing its functions and fulfilling its responsibilities under these Guidelines; d. A statement indicating whether the Board has carefully considered the reporting of senior management and other information relevant to forming an opinion as to whether the organization is following these Corporate Governance Guidelines; e. A statement indicating whether the Board has implemented policies and procedures in compliance with these Corporate Governance Guidelines;

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 24 of 25 f. Where the Board is of the opinion that the organization is not following the Corporate Governance Guidelines or that the organization is following the Corporate Governance Guidelines except for identified deficiencies, it should provide: i. an explanation of the reasons for the opinion that relate to deficiencies; ii. a statement confirming that an action plan to correct those deficiencies has been prepared and is being implemented; and iii. a statement confirming that a copy of the action plan has been or will be submitted to the Inspector; g. A statement confirming that the Board is satisfied that the recovery strategies adopted in the licensee’s Business Continuity Plan (BCP) are still valid, and that the licensee’s BCP management team and/or an independent party have properly tested the BCP during the period; h. A statement confirming that the Board is performing its functions and fulfilling its obligations under the Guidelines for the Minimum Standards for the Outsourcing of Material Functions (the Outsourcing Guidelines) and that any deficiencies in respect of these Guidelines have been noted and an action plan to remedy these deficiencies has been prepared and submitted to the Inspector; i. A statement confirming that the Board has taken account of their obligations to comply with the Guidelines for Licensees on the Prevention of Money Laundering and Countering the Financing of Terrorism (AML/CFT Guidelines) and that any deficiencies in respect of these Guidelines have been noted and an action plan to remedy these deficiencies has been prepared and submitted to the Inspector and indicating whether the necessary remedial action has been taken; j. A statement indicating whether an internal audit has been completed and whether the issues identified have been implemented or corrected; k. Licensees that have undergone an on-site examination should include a statement that an action plan to remedy the deficiencies stated in the licensee’s Report of Examination has been prepared and submitted to the Inspector and that the agreed remedial action(s) has(have) been taken; l. A statement confirming that the Board is satisfied that the licensee has appropriate policies, procedures, processes and controls in place to ensure that inherent business risks [including that of market, credit, liquidity, operational, reputation/KYC/AML legal, and human resources risks], where they exist, are effectively managed;

The Central Bank of the Bahamas Corporate Governance BANK SUPERVISION DEPARTMENT Page 25 of 25 m. A statement confirming that the Board has reviewed its large exposure policy statement and that it considers it appropriate to the licensee’s operating circumstances; and n. A statement confirming that, where a licensee that is not a restricted licensee has been granted a waiver to allow its senior management (i.e. Senior Officer I & II/Senior Official I & II) to be appointed as a compliance officer/money laundering reporting officer, the conditions for the waiver being granted continues to apply.