RBNZ and FMA Governance Thematic Review report

GOVERNANCE THEMATIC REVIEW

1 CONTENTS Foreword________________________________________________________________ 2 Executive summary _______________________________________________________ 3 Introduction 3 What We Reviewed 4 What We Found 4 Recommendations 6 Next Steps 8 Detailed Findings _________________________________________________________ 9 Roles and Responsibilities of the Board 9 Board and Committee Structure and Composition 12 Conflicts of Interest 22 Board Capacity 23 Challenge 26 Performance Evaluation 27 Board and Committee Meetings 30 Appendix 1 - Scope and Methodology _______________________________________ 33 Sample Size 33 Review 34 Upcoming Regulatory Policy Reviews 34 Limitations 35 Appendix 2 - Legislation and Guidance Referenced ___________________________ 36

2 FOREWORD Boards of financial institutions are ultimately responsible for the sound and prudent management of their institutions and ensuring that they deliver good customer outcomes. That truism came into sharp focus when the global financial crisis exposed governance failures and shortcomings that deeply undermined confidence and trust in financial systems. Notwithstanding concerted efforts on the part of boards, shareholders and supervisors since then to lift governance standards, the market tremors set off by recent bank failures abroad are a reminder that confidence can still be easily shaken. There is no ‘one size fits all’ governance framework for financial institutions; frameworks reflect the history, size, activities and cultures that are unique to each institution. There is no single best practice for governance. Nonetheless, there are essential foundational elements in governance policies, processes and practices that underpin good decision-making at board level. These elements are the subject of the RBNZ and FMA Thematic Review. Governance frameworks are not set in stone, either. Boards need to remain responsive to an ever-changing external environment and pay attention to how frameworks are being implemented. Boards need to be continually learning. In this regard, the good practice findings in the Thematic Review point to areas where all boards can lift the bar on governance. Strong foundations cannot ensure good governance unless they promote and reinforce appropriate behaviours. Boards have a critical role to play in articulating their institution’s purpose and desired cultural features, and championing awareness and stewardship of that culture throughout their institution. Though outside the scope of the Thematic Review, these behavioural dimensions also demand constant board vigilance. John F. Laker1

---

1 Refer to the Appendix for Dr John Laker’s bio.

3 EXECUTIVE SUMMARY Introduction Effective governance is critical to the financial soundness, success and long-term sustainability of New Zealand’s financial institutions and to ensuring their customers are treated fairly. It ensures sound risk management and fosters a culture of accountability and transparency. Inadequate governance has often been the root cause of financial entity failures, highlighting the key role effective governance plays in reducing risks to financial stability and promoting fair and transparent markets and public confidence. The governance of financial institutions is therefore of profound interest to the Reserve Bank of New Zealand (RBNZ) - Te Pūtea Matua and the Financial Markets Authority (FMA) - Te Mana Tātai Hokohoko; it lies at the heart of both the prudential and conduct regulatory regimes. Governance comprises the principles, practices, processes and behaviours that determine how an entity is directed and controlled. Central to this is the role of boards, which are responsible for setting the strategic direction; establishing the tone and culture of the entity through core policies such as remuneration; approving the entity’s risk appetite; and holding management to account. The RBNZ and FMA expect regulated entities to have effective governance arrangements to support boards in their crucial role. Such arrangements enable boards to make well-informed decisions, based on sound judgement and in the best interest of the entity, its customers, and its key stakeholders. These expectations are outlined in more detail in our respective governance requirements and guidance2 , which are now supplemented by this report. As this is our first joint thematic review of governance across New Zealand’s financial sector, our focus is the foundational elements of governance, which includes frameworks, policies and processes necessary to assist boards to meet their obligations and help drive good governance outcomes. The Review examines these key areas of governance to:  Determine the extent to which these are aligned to our regulatory requirements and guidance;  Understand how these allow boards to provide effective oversight; and  Promote effective board practices by outlining areas of good practice that all boards should consider, clarifying our expectations and highlighting areas for improvement. We encourage all regulated entities to consider the principles, expectations and good practices outlined in this report and assess them against their own governance arrangements. In this exercise, it is important that entities take a holistic view of governance arrangements and ensure they:  Adhere to all principles and expectations outlined in the report; and

---

2 Refer to Appendix 2 for relevant RBNZ and FMA legislation and guidance.

4  Consider the appropriateness of the good practices based on the size, nature and complexity of their operations and risk profile. What We Reviewed We reviewed a sample of 29 entities regulated by the RBNZ and/or the FMA, across the banking, insurance, non-bank deposit taking and investment management sectors. For each entity, we reviewed a range of documents related to board and governance policies, procedures and record keeping. This was followed up with in-depth onsite reviews where we interviewed board members and executive management. We assessed the entities against our expectations for governance, as set out in relevant legislation, regulatory requirements (for example Conditions of Registration or Licensing), and RBNZ and FMA guidance. Where we do not have guidance on a specific area, we considered other local and international guidance3 to determine good practice. Findings in this report are not attributed to individual entities; they focus on themes identified from the sample. Our review was limited to the assessment of corporate governance practices at the board level and whether these enabled the board to govern effectively. Given this is our first thematic review into governance practices, and to manage the scope of the Review, we did not explicitly seek to review the culture or behaviour of the participating boards and their entities. However, these are critical elements of effective governance that boards need to consider alongside the robustness of their governance frameworks, processes and practices. Culture and behaviour are likely to become an area of increasing focus in the future. What We Found We observed a variety of governance practices in this Review; a number of good practices, as well as some that were below our expectations. There is still room for improvement in most entities to ensure robust and comprehensive governance frameworks, policies and processes are in place. While these foundational improvements are essential, it is equally important boards give adequate attention to culture and behaviour to foster good governance. Some good practices we saw across the sample included:  Formal and clear processes for planning and formulating strategy.  Strong processes for selecting and appointing new directors and the CEO.  Boards being composed of a majority of independent directors.  Clearly documented succession planning for CEOs and senior management.  Formal standalone conflict of interest policies.

---

3 Refer to Appendix 2 for relevant legislation and guidance referenced.

5  Formal annual planning processes and work plans for the board and committees.  Regular education sessions for the board, including in-depth sessions on specific risk topics. While we observed good practices across the sample, a key finding was that many were not embedded into policies and processes, and those that were documented often lacked sufficient detail and clarity. While board practices evolved, changes were often not reflected in the entity’s governance frameworks. Formalising practices into processes fosters transparency and accountability, which strengthens governance and sets boards up for future success. The processes themselves also need to be robust and comprehensive, and regularly reviewed to ensure they are fit for purpose as the operating environment changes. Some of the specific areas for improvement across the sample included:  Processes for selecting and appointing the board chair and committee members were not robust. Although selection and appointment processes for new directors were generally strong, several entities did not have clear or comprehensive processes specifically for the chair and board committee members.  Formal frameworks to assess ongoing board training needs were generally absent. In the absence of a formal framework, entities generally had an inconsistent and ad-hoc approach to identifying the ongoing training needs of the board.  Succession planning for the board was not as formal and rigorous as we expected. Succession planning discussions were taking place and processes existed; however, almost none of the locally incorporated entities had documented succession plans for the board, board committees, individual directors or the board chair.  Diversity policies did not apply to the board. While most entities had diversity policies for the wider organisation, a large number did not have a diversity policy that applied to the board.  Capacity of directors was not assessed in a consistent and robust manner. Although director capacity was assessed prior to appointment and on an ongoing basis, these assessments were mostly informal and not comprehensive. This was due to the absence of a formal framework to ensure consistent and robust assessment of capacity.  Internal board performance evaluations were inadequate. While the Review identified that most entities were performing some form of internal evaluation of the board, the evaluations lacked formal, clearly defined and comprehensive criteria. In most entities, the performance of the board was not independently reviewed. Some of these areas were also highlighted in prior reviews such as the 2017 Attestation Review4 , which outlined the importance of performance evaluations and succession planning for the board.

---

4 Reserve Bank of New Zealand Review of the bank directors’ Attestation regime.

6 Recommendations Strong and sustainable governance policies, processes and practices are essential drivers of effective governance, along with good organisational culture. Boards should ensure that a well-functioning corporate governance framework is in place that appropriately identifies and manages financial and non-financial risks in a timely manner. Such a framework underpins the effective and prudent functioning of a financial institution. It is important that boards embed good practices into their governance frameworks and proactively identify opportunities for continuous improvement. Boards also need to be future￾focused and take appropriate measures to strengthen their governance frameworks. Having appropriate processes, practices and capabilities allows boards to ask the right questions and provide appropriate direction, challenge and oversight. This in turn will drive good decision making and outcomes. The board also plays a key role in developing, reinforcing and supporting an effective organisational culture. Boards should ensure that the organisation’s culture is aligned with its values and strategy in order for the entity to succeed. The tone set by the board and reinforced through its behaviours is an integral part of effective governance. The Conduct and Culture Reviews5 of banks and life insurers conducted in 2018 and 2019 highlighted the importance of the board’s role in setting an entity’s values and culture, while being responsible and accountable for reflecting those values. It is imperative boards maintain oversight of an entity’s conduct and culture to ensure it continues to deliver good customer and stakeholder outcomes.

---

5 Bank Conduct and Culture 2018 and Life Insurer Conduct and Culture 2019.

7 While both the RBNZ and the FMA have issued guidance on governance, boards should be considering and adopting good practices over and above those minimum standards. Key principles from the Review that all boards should consider are as follows:  The roles and responsibilities of boards, board and committee chairs and their members are clearly defined, understood and remain fit for purpose. These should be outlined in a comprehensive governance framework that is subject to regular and holistic reviews.  Boards maintain the collective skills and experience to guide and oversee the implementation of the entity’s long-term strategy and to discharge their roles and responsibilities effectively. This includes undertaking robust and ongoing suitability assessments of directors, robust selection process and ensuring appropriate induction and ongoing training and development of directors.  Succession planning is a priority for the chair. The board chair should ensure that succession planning is thorough and well thought out to mitigate future composition risks, maintain an appropriate balance of skills, experience and diversity, and ensure continuity in case of unexpected departures.  Boards have sufficient independence to support good decision making. This can be achieved by establishing clear criteria for independence and undertaking robust and regular assessments. Entities should aim to maintain a majority of independent directors on the board.  Boards have sufficient diversity to support their role. The diversity needs of the board should be actively considered, including having board-specific diversity policies and targets.  Directors have sufficient capacity to fulfil their obligations. There should be regular assessment of director capacity against a formal framework to ensure directors have sufficient time to be effective in their role. This is especially important in times of crisis, when the time commitment of directors is likely to be at its highest.  Boards provide effective and appropriate challenge. The responsibility for challenge should be clearly outlined in key documents and assessed through performance evaluations. Challenge should be appropriately evidenced in minutes.  A focus on continuous improvement and regular evaluation drives board performance. Boards should ensure robust performance evaluations are undertaken, which includes having clearly defined and comprehensive criteria, and ensuring improvements are identified and implemented. Boards should also undertake periodic independent evaluations.

8 Next Steps In addition to this report, we have provided specific detailed feedback to individual entities in the sample, outlining our observations and recommendations. We will be engaging further with those entities on our findings. We encourage boards of regulated entities that were not part of this Review to assess their governance arrangements against the principles, expectations and good practices outlined in this report. Boards should discuss the outcome of the self-assessment, including which practices they are working towards implementing or have implemented. We will also be considering the findings from this Review in upcoming policy reviews such as the Standards development for the Deposit Takers Act and review of the Insurance (Prudential Supervision) Act 2010 (IPSA). A review of the FMA Corporate Governance Handbook may be undertaken once the relevant RBNZ policy has been finalised.

9 DETAILED FINDINGS Roles and Responsibilities of the Board The board is responsible for ensuring there is an appropriate governance framework in place. This should remain fit for purpose and hold the board accountable for meeting its duties. For local branches6 of an international parent, the governance role in New Zealand is taken on by the CEO. In this Review, branches are covered in relation to the role of the CEO and the appropriateness of the branch’s governance policies and processes in the context of its New Zealand operations. Governance Framework and Policies 1.1. The roles and responsibilities of boards, board and committee chairs and their members are clearly defined, understood and remain fit for purpose. We expect firms to have comprehensive governance frameworks that are subject to regular and holistic reviews7 . Frameworks include charters and key policies and practices that outline the roles and responsibilities of boards and how they will be discharged. The governance framework covers all fundamental policies, processes and practices that support the board’s role in governing and providing oversight. It represents the underlying structure that allows boards to ensure accountability and transparency within the entity. As entities evolve over time, the governance framework needs to be updated to reflect the changing size, nature and complexity of the entity and ensure that critical supporting structures and practices are in place for the board to function effectively. There needs to be a holistic consideration of all components of the framework to ensure they work together to remain relevant and fit for purpose. We found:  Entities had not undertaken a holistic review of their governance framework. While entities looked at parts of their framework during the audit of a particular risk topic, the framework as a whole was not being reviewed to ensure it was fit for purpose.  Often when a policy was reviewed and updated, entities were not considering impacts on other parts of the framework.

---

6 In the context of this report, a local branch is a division of a legal entity incorporated overseas that operates in New Zealand. 7 A holistic review means a review of all components of the framework at the same time and considering the wider context. This could either be an internal or external review.

10 Good practices we observed:  Entities had an overarching framework document that outlined the governance structure and the key support documents. This was used for referencing and accessing policies and processes when needed.  Wholly owned subsidiaries had their own policies and procedures that were fit for purpose for their own operations, while aligning with group policies.  For local branches, governance policies and processes were well outlined and designed to be effective globally while still tailored for the New Zealand jurisdiction. Delegations 1.2. Delegations policies and procedures support the management of associated risks. We expect delegated authorities to be clearly outlined and understood, and there to be processes in place to enable effective monitoring, reporting, and managing of breaches, including consequence management. Boards can delegate their authorities to committees and individuals in line with the provisions set out in their constitution or charter. Delegations enable timely and effective actions to be undertaken to ensure efficient running of the entity. Delegations from the board to committees, the CEO and, where relevant, senior management should be clearly set out in the board charter or delegation policy. This should include circumstances in which the delegated authorities can be exercised. Delegates should have a clear understanding of the responsibilities delegated to them to ensure accountability and transparency. Good governance requires authorities delegated by the board to be clearly defined and recorded, and regularly reviewed as appropriate. While boards can delegate their authorities, they cannot delegate their responsibilities. Boards are still ultimately accountable for any of the powers exercised by delegates, and it is essential that delegations are appropriately reviewed, monitored, reported and managed. We found:  Many entities did not have clearly documented processes for monitoring, managing and reporting on delegations and breaches of delegations. Some examples were: ◦ No policies or processes outlining how delegations would be monitored and how breaches would be managed. ◦ Lack of clarity on what constitutes a material breach of delegations.

11 Good practices we observed:  Delegations from the board to its committees and CEO were clearly outlined in charters and policies.  Delegations were reviewed on an annual basis.  There was strong monitoring and reporting of financial delegations, including the use of automated systems and controls for monitoring and reporting breaches.  There was a robust sub-delegation framework outlining delegations from the CEO to senior management. This was contained either in a policy or manual.  Delegations exercised by the CEO were reported in line with the delegation policy at each board meeting. Strategy 1.3. The roles and responsibilities for setting, implementing and monitoring the strategic plan are clear and understood. Boards should have a formalised strategic planning and monitoring process outlined as part of the governance framework (see 1.1 above). Boards are responsible for guiding the strategic direction of the entity. An entity’s strategy can change over time depending on internal and external factors such as change in ownership, nature of business, risk profile and business environment. It is essential that entities undertake thorough strategic planning to ensure their strategy remains appropriate to achieve the goals of the entity. The strategic planning process involves setting strategic objectives and identifying the actions necessary to achieve them to form a strategic plan. It is standard practice for the CEO to be responsible for developing and implementing the strategic plan, while the board approves and oversees its implementation. The governance framework should clearly outline the responsibilities of the board and management in setting the strategy, executing the plan and monitoring performance against it. Entities need to review and reflect on the strategic plan on an ongoing basis to ensure it remains appropriate, is meeting stakeholder needs and is aligned to the vision of the entity. We found:  Strategy was generally well planned and documented, with clear roles and responsibilities outlined in the board charter. Good practices we observed:  Boards of wholly owned subsidiaries set and owned their strategy and had formal processes and engagement with their parent entity board to ensure alignment.

12  Strategy sessions were held throughout the year in addition to an annual strategic planning meeting.  Strategy was included as a standing agenda item to ensure it was reviewed and discussed at every board meeting. Board and Committee Structure and Composition Board and board committee structure and composition is critical, as it sets out who governs the entity and sets the strategy, as well as who drives culture and corporate values. Skills and Experience 2.1. Boards maintain the collective skills and experience to guide and oversee the implementation of the entity’s long-term strategy and to discharge their roles and responsibilities effectively. Ensuring boards maintain the skills and experience necessary is a combination of selection, ongoing assessment and training and development. Selection, Appointment and Renewal Processes 2.2. Selection and appointment processes ensure the board has the appropriate skill, background and knowledge to effectively govern the entity. We expect entities to have formal and rigorous criteria and processes for selecting, appointing and renewing/reappointing the chair, directors, committee chairs and members and the CEO. The process should be led by the chair but decisions should be collectively agreed.8 Getting the right people onto the board is critical to its effectiveness, so entities need to ensure they have clear and rigorous processes for selecting, appointing and reappointing

---

8 In group structures, although it is within the parent entity’s right to appoint and select directors, the subsidiary should be involved in the process to ensure the best outcome for its board.

13 directors. While the collective skills and experience of directors is important to the overall performance of the board, their ability to work together and communicate effectively is equally important. This is because the board works collectively to make decisions, approve policies and processes and set the values, tone and culture of the entity. A well-outlined and clearly thought-out process ensures the needs of the entity are appropriately considered and the process is fair and transparent. This includes determining the criteria for selection, appointment and reappointment, the technical skills and competencies required, personal attributes and values, and necessary fit and proper checks as well as the roles of the participants in the process. Additionally, the outcome of the appointment and reappointment process should involve the wider board and be a collective decision. We found:  Responsibility for the selection and appointment process varied across entities. Most large entities had a board committee responsible for the selection and appointment process, either a standalone nominations committee or a joint remuneration and appointments committee.  Most entities had strong processes in place to select and appoint new directors and the CEO; however, these processes were not always well documented. Just over half of all entities did not have documented processes for the appointment of the CEO, and half of the locally incorporated entities did not have formally documented processes for selecting and appointing directors.  Several entities had no clear process for selecting the chair apart from outlining in the charter where the responsibility for selecting the chair lies.  Most entities did not appear to have rigorous processes for ensuring the most effective composition of committees.  There are additional challenges for member-based9 mutual entities, such as friendly societies and credit unions, where members can nominate and vote for directors. This creates a risk that the board may not have the skills and experience required. Good practices we observed:  Charters outlined a collective responsibility for selection and appointments, and boards and committees work together to decide on a candidate.  The selection and appointment process were led by the board chair or committee chair.  The CEO was selected and appointed by the board, with views sought from shareholders where appropriate.

---

9 Entities that operate for the benefit of their members. These entities are owned and controlled by the individuals (members) who use their products.

14  Larger entities and member-based entities used a nominations or appointments committee to ensure appropriate focus is given to selections and appointments.  Succession plans were taken into consideration in selecting candidates.  Use of a suitably qualified external recruiter.  Candidates interviewed by multiple directors; shortlisted candidates interviewed by the full board and if applicable the group chair and CEO.  Shortlisting process involved the board or a board committee.  Strong fit and proper processes and due diligence checks.  Papers and minuted discussions showing the process that was undertaken, including the recommendations and approvals.  There was a board appointment or renewal policy.  Following new director appointments, the board reflected on the appropriateness of the selection and appointment policies and processes.  For member-based entities, to mitigate the challenges of membership noted above, a number have rules that allow co-opted10 directors, who are appointed by the board. In addition, many of these entities actively seek suitable member candidates and highlight to their members the fit and proper/suitability requirements for directors. Suitability, Training and Development 2.3. An ongoing focus on suitability, training and development ensures directors and boards remain appropriately skilled. We expect entities to be able to evidence they are:  Assessing suitability of directors, both on appointment and on an ongoing basis.  Outlining and regularly updating the skills and capabilities required of directors, the board chair and committee chairs and members.  Ensuring induction, ongoing training and development of directors. It is necessary that directors have the appropriate skills, experience and knowledge to meet their fiduciary duties and be effective in their roles. A broad mix of skills and experience that is aligned with the strategy and needs of the entity is crucial. This ensures boards are equipped to deliver and make sound decisions that add value to the entity. It is especially important that non-executive directors have the collective skills and knowledge to

---

10 Directors appointed to the board by existing board members and not the members of the entity.

15 constructively challenge the CEO and executives. This includes having an appropriate level of industry and financial knowledge. A skills matrix is a valuable tool to assess the skills and experience needs of the board and identify any gaps that need to be addressed. It should outline the current and future skills and diversity needs of the board, including skills for particular roles and committees. Updating the skills matrix on a regular basis and after appointments and retirements ensures it is accurate at all times. Skills assessments should incorporate outcomes from performance evaluations, and inform appointments and renewals, succession planning, training and development. For subsidiaries, the results of a skills assessment should be shared with the parent entity board to ensure their appointees to the subsidiary board have the appropriate skills. We found:  Most entities we reviewed had a skills or competencies matrix that is updated annually. ◦ Entities used a skills matrix to create a brief for the appointment of new directors, but very few entities used the matrix beyond this. Current needs are considered, but not necessarily the future skills required to fulfil the entity’s strategy and vision.  Most of the entities had a fit and proper policy outlining the skills, experience and criteria for directors and the CEO. For some, these were outlined in either appointment policies, position descriptions or charters, in the absence of a fit and proper policy.  Many of the entities did not outline criteria for the chair over and above what is required of other directors.  Most of the entities did not have documented skill and capability assessments of board committees, or rigorous processes for assessing the skills and capabilities of committees.  The difficulty finding directors with deep industry knowledge was highlighted as a concern by some entities. This depth of knowledge is important to appropriately challenge and gain comfort over the information coming to the board from management and in considering potential consequences when making decisions.  Many of those in group structures work with their parent boards to find directors who have the skills required. Good practices we observed:  Detailed descriptions of the skills/capabilities necessary, including how the skills/capabilities were linked to the strategy of the entity.  Skills and capabilities were categorised into core components such as governance, entity- and industry-specific skills and attributes. This shows those skills that are non￾negotiable and a high priority for future board appointments.  There was visibility of skills of individual directors as well as the board.

16  Diversity and tenure were incorporated into the skills matrix, or there was a separate diversity matrix.  Skills assessments were revised and reported alongside performance evaluations. These were also considered in succession planning reporting and discussions. Training Entities should have practices and processes in place to ensure directors receive appropriate training to enable them to fulfil their responsibilities and keep up with a changing environment. This starts with inductions and carries on through each director’s tenure. Induction The induction process should commence as soon as possible following appointment, with the aim of imparting foundational knowledge of the entity’s operations and risk profile, as well as its governance framework, policies and processes and board operations. Induction processes should be tailored to meet the needs of individual directors and the board, with a clearly outlined programme and information pack. We found:  Almost all the entities had induction programmes, but some did not have a documented process or appropriately tailored content. Good practices we observed:  Responsibility for induction was outlined in the corporate governance framework.  Inductions for directors and the CEO included meetings with key executives.  Executive directors had appropriate inductions for their director role.  Site visits to parent headquarters, relevant branches and contact centres enabled a better understanding of operations and customer needs.  New directors had access to previous board and committee papers and training content, enabling them to gain an understanding of current issues and actions, and recent decisions and discussions.  New directors were paired with an existing director to act as a mentor for their first few months. Ongoing training Ongoing training helps foster good governance, as it ensures directors remain appropriately skilled for their roles and are up-to-date with relevant market, environment and legislative changes. Ongoing training should address any gaps in the board’s skills and knowledge. It is important that boards consider the outcomes of their skills assessment, performance evaluations and succession planning to understand their collective and individual training needs. Entities should maintain appropriate records of all forms of relevant board member training.

17 We found:  Many entities scheduled education sessions in their annual work plans, as well as in￾depth sessions on specific risk topics requested by the board.  The nature of training provided to directors was often determined through a combination of senior management recommendations, board member requests and compulsory ongoing training, driven by regulatory or internal policy requirements.  Most entities had a register to track training undertaken by individual directors and the board, although many entities were not tracking and monitoring continuous professional development or external training. Good practices we observed:  Ongoing training was provided both internally by staff and through external experts.  Directors considered their future training needs at each board meeting and incorporated these into the annual work plan.  Some entities had continuous professional development requirements in their charter.  The training register included detailed commentary on the date, timing, nature and provider of training. Succession Planning 3. Succession planning is a priority for the chair. Succession planning should include aspects such as:  Proactively understanding and documenting succession needs, including the process and timing for finding future directors.  Emergency succession plans for critical roles to ensure continuity and maintain adequate independence on the board. Succession planning is a strategic way to ensure the board is set up to maintain the best possible composition, now and in the future. Good succession planning considers the skills matrix, tenure and diversity, and requires regular performance assessments of individual directors. The board is also responsible for setting the succession plan for the CEO as well as overseeing succession planning for key executives who report information to them. For larger boards, a separate nomination committee can help to focus resources on maintaining an appropriately sized and skilled board, as well as advising on tenure and succession planning for existing directors.

18 We found:  None of the locally incorporated entities had a clear, documented succession plan in place for the board chair.  Almost none of the locally incorporated entities had documented succession plans for the board, board committees and individual directors.  Only half of the entities had clearly documented the board’s succession planning responsibility in their charter.  Most entities had clearly documented succession plans for the CEO and senior management. The plans generally included emergency successors, a pipeline of potential successors, and areas they need to develop to be ready for the role. The plans also highlight where there is no successor and where external support would be required.  Many of the discussions on succession planning were in board-only time and private sessions that were not minuted. Good practices we observed:  Good development plans for potential successors for senior management roles included time to meet and present to the board. This created visibility of the individuals and allowed them to develop an understanding of the role they may be stepping into.  The board had clear oversight of and reviewed succession planning for key executives who report information to them.  The board or appropriate committee received succession plan reporting, and minutes of the discussions and decisions were taken.  When planning for succession, some boards considered the following factors: ◦ Composition and size of the board. ◦ Skills and capabilities required for the board to meet the strategic plan. ◦ Requirements for key roles such as board and committee chairs, including identifying current directors who are potential successors for these roles and any skills gaps they have, and whether additional suitable candidates need to be identified. ◦ Current and future needs of the entity. ◦ Identifying directors coming up to the end of their tenure or planning to retire. ◦ Tenure staggering to ensure consistency and smooth transitioning.  Succession plans for the board and management were actively reviewed and updated on an annual basis.

19 Independence 4. Boards have sufficient independence to support good decision making. We expect entities to have clear criteria for independence and undertake robust and regular assessment. Assessing independence should include aspects such as:  Tenure.  The ability to challenge information provided by management.  Performance evaluations.  Continuous professional development.  Maintaining a majority of independent directors free from cross-group directorship. Director independence is essential in ensuring boards make fair and unbiased decisions and provide effective challenge. Independent directors bring a breadth of skills and experience to a board, along with fresh perspectives and objectivity, which help avoid the risk of groupthink. Guidance and good practice highlight the importance of independence of mind, judgement and diversity of thought when it comes to effective decision making. Important ways of supporting this are through composition requirements and guidance on criteria for assessing director independence. Recommended good practice locally and internationally is for entities to maintain a majority of independent directors on the board. This enables the entity to meet requirements and maintain independent judgement if a director is unable to perform their duties for some reason. RBNZ guidance for banks and insurers outlines minimum criteria to consider when assessing director independence. These focus on financial obligations, remuneration, related parties and relationships. We found:  Most boards in the sample had a majority of independent directors on the board. Figure 1: Board independence compositions of the locally incorporated entities in the sample 0% 10% 20% 30% 40% 50% 60% 70% < 50% independent 50% independent Majority independent % of locally incorporated entities in the sample Large Entities Smaller entities

20  Almost all entities were following the minimum independence criteria set out in our guidance. However, appropriate consideration should be given to assessing independence of thought on an ongoing basis, as discussed below in the tenure section. Good practices observed:  A majority of independent directors on the board.  Annual declaration of independence by directors preceded by a robust assessment.  The process and considerations used in assessing independence were documented. Tenure There is a balance to be struck between a director’s experience and knowledge the relationships they have built up with the board and management and maintaining independent judgement. Tenure limits can support this balance by embedding the importance of fresh ideas, perspectives and independence of thought. Both RBNZ and FMA guidance asks boards to consider whether the length of service on the board impacts a director’s ability to be independent. There is a risk that as a director’s tenure increases, they will reach a point where it is likely to impair their independence. Some international guidance suggests that the independence of non-executive directors may be impaired if they have served on the board for more than nine years. We found:  Some entities had ‘soft’ tenure limits; however, circumstances where extensions to tenure could be granted were not always documented.  Some entities did not have any requirement to assess independence when tenure was extended. Good practices we observed:  Many entities in our sample had tenure limits for directors. Most of these were three terms, totalling nine years, with the option to extend tenure under certain circumstances.  Directors who were extended beyond their tenure limit had yearly assessments of independence. Diversity 5. Boards have sufficient diversity to support their role. We expect boards to actively consider their own diversity, including board-specific diversity policies and targets, and include diversity considerations as part of succession planning, skills and capabilities assessments and appointments.

21 Diversity includes aspects such as gender, ethnicity, cultural background, age and skills. It can have positive outcomes on challenge, debate and effective decision-making. Diversity is also an important factor when considering fresh thought and perspectives. We encourage boards to ensure they are not limiting the diversity pool in their director criteria, selection, appointment and composition requirements and practices. Some securities exchanges have guidance for listed entities that include having a diversity policy and measurable gender diversity targets for large entities. The below charts show the percentage of female and male directors and board chairs in the sample. Figure 2: Gender of directors of locally incorporated entities in the sample Female directors made up at least 30% of the board of most large entities. Gender composition was varied across the smaller entities. Figure 3: Gender composition of locally incorporated entities in the sample We found:  Most entities had diversity policies for the wider organisation, but 75% did not have a diversity policy that applied to the board.  Those with a diversity policy applicable to the board focused on the consideration of diversity in the selection, appointment and renewal of directors, but did not necessarily have measurable targets. 0% 5% 10% 15% 20% 25% 0 0 -10% 10% - 20% 20% - 30% 30% - 40% 40% - 50% 50% - 60% 60% - 70% % of locally incorporated entities % of the board that is female Large entities Smaller entities

22  Entities with measurable targets used the 40:40:20 (40% men, 40% women and 20% open) gender target. There can be challenges implementing this target, particularly for smaller boards.  Reaching diversity targets was seen as challenging, and it was emphasised that skills are more important.  Many directors spoke about the challenges of finding skilled women in areas with skills gaps, such as Information Technology.  There were divided views on whether younger directors offered the right skills and experience. Good practices we observed:  Gender diversity was front of mind when looking for new directors.  Broader diversity factors beyond gender, such as ethnicity, culture, iwi, age and tenure were considered.  Diversity was considered annually as part of the board composition review process. Conflicts of Interest 6. Conflicts of interest are identified and managed effectively. We expect entities to have formal and robust policies for managing conflicts and be able to evidence appropriate mitigation. Actual and perceived conflicts can influence the ability to exercise independent judgement. Directors should have a clear understanding of their responsibility to proactively identify and manage conflicts to ensure they are acting in the best interest of the entity and should be appropriately held to account. A conflicts of interest register can be used to appropriately monitor and track all conflicts and the actions agreed to mitigate them. We found:  Almost all entities had a standalone conflict of interest policy. Where entities did not have a formal policy, procedures were outlined in the board charter, code of conduct and other parts of the corporate governance framework.  Many entities did not have clear, detailed procedures for declaring and managing conflicts outlined in their policies.  Some entities had practices that were not documented or contrary to the policy.  Some entities had procedures in multiple parts of the corporate governance framework that were not aligned.

23  Most entities had some form of interest register in place, although some were not being updated correctly or regularly, and many had insufficient detail or lacked essential information. For example, in some circumstances only directorships held by directors, or a list of companies they had an interest in were recorded.  Some interests were recorded in the conflict of interest register whether a conflict existed or not, suggesting a lack of clarity or understanding of what a conflict is. Good practices we observed:  Subsidiary boards created their own conflict of interest policy and ensured it aligned to the group policies.  The interest register was added to the board meeting agenda as a standing item.  Board packs and minutes were redacted for conflicted directors, and procedures included a conflicted director leaving the meeting so they do not influence discussions.  Actions taken to manage actual or potential conflicts were recorded in minutes.  A paper outlining the potential conflicts that may arise during upcoming board meetings was presented to the board ahead of the meeting. The paper proposed mitigating actions the board could undertake to manage the conflict.  New directorships that board members were contemplating were assessed for potential conflicts.  Expectation was set for the board chair to disclose their conflicts and discuss potential conflicts with the chair of the Audit/Risk Committee.  Regular checks of the conflicts of interest register, including external checks, were undertaken to provide assurance and accuracy.  The conflicts of interest register included details of the interest, including why it is a conflict, the date the conflict was disclosed, and any actions taken to manage the conflict.  The conflict of interest register was maintained and regularly reviewed by the board or company secretary.  A secondary register was maintained for all other interests that are not necessarily a conflict, to provide greater clarity over conflicts that are being actively managed. Board Capacity 7. Directors have sufficient capacity to fulfil their obligations. We expect director capacity to be reviewed regularly against a formal framework. Directors’ duties and responsibilities require them to ensure they have adequate capacity to work effectively, as individuals and collectively as a board.

24 RBNZ and FMA guidance states that boards should ensure directors are able to commit the necessary time and effort to be effective in their roles. FMA guidance suggests a written statement of expectations on time commitments will assist board members to be effective in their roles. The amount of time a director needs to dedicate to their role depends on the size and complexity of the entity’s operations, and the type of role they hold. For example, we expect board chairs to have a considerably greater time commitment compared to other directors. Many directors hold multiple directorships and have outside commitments that can impact their ability to be effective in their role. Holding multiple directorships allows directors to strengthen their skills and experience, and ultimately add value to an entity. However, there is a risk of having insufficient time or capacity to be effective in their role on each board. Directors put the boards they serve at risk if they overextend themselves. Balancing these benefits and risks needs to be factored in when assessing director capacity both at the time of appointment and on an ongoing basis. There is no set limit on the number of directorships a director may hold; entities should consider this on a case-by-case basis, taking into account the director’s capabilities, knowledge, experience and time commitments. We found:  Most entities had written expectations on time commitments; however, these lacked sufficient detail and clarity, and were mainly limited to spending time preparing for and attending scheduled board and committee meetings.  Most entities assessed the capacity of their directors prior to appointment and/or on an ongoing basis; the assessments mainly involved informal discussions between the board chair and individual directors. Due to the absence of a formal framework to evaluate director capacity these assessments lacked robustness and consistency.  There was an implicit expectation for board members to dedicate sufficient time to their role during normal times and be available at short notice in times of crisis.  Onsite visits revealed that almost all directors had capacity to attend multiple ad-hoc or out-of-cycle meetings, for example during the recent Covid-19 crisis. Good practices we observed:  The board chair discussed time commitment expectations with potential directors as part of the appointment process.  Directors resigned from other boards to ensure they had adequate capacity.  Letters of appointment set out clear expectations on the approximate number of days directors might spend on board matters per year.  Potential directors disclosed other directorships with an indication of time involved as part of the appointment process.

25  Formal expectation was set out in the board charter for directors to discuss and seek approval from the board chair prior to accepting an additional directorship. Expectation was also set for the board chair to have a similar discussion with relevant committee chairs and the group board prior to taking up an additional directorship.  Expectations on time commitments for directors included time needed for: ◦ Preparing for meetings, including considering papers and circular resolutions. ◦ Attending scheduled and ad-hoc meetings. ◦ Extra capacity in times of crisis, including where certain events may impact directors across multiple governance roles. ◦ Ongoing education and training. Annual Planning The annual planning process for the board and its committees involves setting aside time each year to discuss, develop and schedule their work plans. The work plans outline all the regular, periodic and special items that need to be considered by the board and its committees. They are useful for ensuring the board devotes sufficient time to high-priority matters and for giving an indication of their workload, which can assist with capacity assessment. By monitoring and tracking progress against work plans, boards can ensure they are adequately prioritising agendas to meet their responsibilities. We found:  Most entities have formal annual planning processes and plans for their board and committees. However, the work plans had varying degrees of detail and comprehensiveness. Good practices we observed:  The planning process for the board and its committees was led by the chair, with active involvement from the full board and relevant executives.  Standalone detailed work plans were developed for the board and each of its committees; these included activities such as periodic papers and reports, performance evaluations, education and training sessions, succession planning and strategy sessions.  A calendar of events and detailed work plans were maintained separately.  Board and committee work plans were treated as live documents and were regularly reviewed and updated at the end of each meeting.  The board and committee work plans were adaptable to operational needs, changes or current events in the industry and environment.  Discussions on annual work plans were appropriately documented in minutes.

26  Work plans were used to draft agendas for board and committee meetings. Challenge 8. Boards provide effective and appropriate challenge. We expect boards to be able to evidence appropriate challenge. A starting point can be clear articulation of the responsibility for and importance of challenge in key documents along with the role of the chair in managing different perspectives and fostering constructive discussions. Challenge should be recorded in minutes and form part of individual and collective evaluations. Effective challenge is a critical role of the board and can strengthen decision-making outcomes. Challenge occurs in different ways including questioning, debate, asking for additional information or independent advice. There should be a balance of support and challenge to ensure directors are getting the information they need without overstepping into management responsibilities, and that management is not overburdened. Most board decisions are made by consensus, but unanimous agreement does not always occur. We found:  Most boards and executives told us there was a level of challenge at board and committee meetings. However, it was evident that the level and quality of challenge varied between different boards and individual directors. We acknowledge this can be subjective and it was often difficult for us to assess and confirm based on verbal examples and, in many cases, high-level board minutes. Good practices we observed:  The chair and key executives highlighted key topics that may be contentious or result in significant debate before the board or committee meeting. This did not replace discussion during the meeting but allowed preparation.  When providing challenge, some directors said they were mindful of the impact additional work would pose on management and considered whether requests were necessary or ‘nice to have’.  The chair and CEO worked together to ensure directors got the information they needed, without management being overburdened.  Reliance and trust in management was balanced with independent advice to support decision-making.  Some entities provided detailed minutes that evidenced instances where the board canvassed and built on a range of views and ideas before reaching a consensus.  Minutes showed questions and additional information requested from and provided by management.

27 Performance Evaluation 9.1. A focus on continuous improvement and regular evaluation drives board performance We expect regular and robust evaluations of the performance of the board, committees, directors and the CEO. In addition to regular internal evaluations, boards should undertake periodic independent evaluations aimed at improving performance. Performance evaluations help to identify the strengths and weaknesses of the board and provide opportunities for continuous improvement, as well as hold directors to account. Effective performance evaluations can assist in succession planning, director reappointments and identifying the training needs of directors and the board. Boards should utilise robust evaluation criteria in assessing their performance. The criteria should appropriately consider the responsibilities of individual directors and the board as set out in board and committee charters, as well as other factors that may affect their performance. It is equally important for entities to have processes in place to identify appropriate actions to manage any weaknesses in performance and monitor and track progress. Internal Evaluation of Performance RBNZ and FMA guidance states that boards should have rigorous formal processes for regularly evaluating their own performance and that of their committees, chair and individual directors. These processes should be clearly outlined in the board charter. We found:  Most entities conducted some form of internal performance evaluation of their board, committees, board chair and individual directors on an annual basis. However, this was not rigorous in nature due to a lack of formal, clear and comprehensive evaluation criteria. Good practices we observed:  Self-assessment evaluation criteria were reviewed each year to ensure they remain appropriate.  Performance was reflected on at the end of each meeting to identify opportunities for improvement.  The outcomes of all performance evaluations, including independent reviews, were provided to shareholders. Where appropriate, the shareholders evaluated the performance of the board and chair.  The outcomes of committee performance evaluations were reported to the board.  Executive directors were evaluated for their role on the board separately to their role as an executive.

28  Feedback was sought from executive management on the performance of the board.  Feedback on individual director performance was documented along with actions identified.  Ongoing feedback was provided to individual directors by the board chair.  Feedback on the chair’s performance was handled by another independent board committee chair. Independent Evaluation Independent evaluations are beneficial for:  Enhancing objectivity and rigour of the performance evaluation process and its outcomes.  Providing greater insights on the performance of the board through comparison with peers in the sector.  Bringing new perspectives and issues to the board’s attention. RBNZ guidance does not currently have any formal expectation for boards to undertake an independent evaluation of their performance. However, FMA guidance highlights that external input and advice is important, along with peer- and self-review. International guidance suggests that boards should consider having external performance evaluations on a regular or periodic basis. At a minimum, some guidance expects external board performance evaluations to be undertaken at least every three years. We found:  70% of entities had not undertaken an independent board performance evaluation at the time of our review. Good practice we observed:  Independent evaluation of board performance was undertaken every two to three years.  Clear expectations on independent evaluation of board performance were set out in the board charter.  Recommendations from the independent evaluation were thoroughly discussed by the board, appropriately considered and followed up. Evaluation of the CEO The CEO is responsible for managing the day-to-day operations of the entity, achieving the strategic objectives, and acting as a conduit for communication between the board and management. It is therefore important to ensure the CEO’s interests are aligned to those of the entity through appropriate performance objectives.

29 Key responsibilities of the board include evaluating and managing the performance of the CEO, determining appropriate remuneration outcomes that are aligned with the delivery of strategic objectives, and rewarding appropriate values and behaviour. For locally incorporated entities with an overseas parent, the New Zealand board should establish and lead the evaluation process for the CEO and ensure that the CEO’s Key Performance Indicators (KPIs) appropriately reflect their New Zealand role and strategic objectives. Good practices we observed:  The chair led the evaluation process for the CEO, with involvement from the full board.  The process for assessing the performance of the CEO was thorough, with KPIs clearly outlined.  The assessment and outcome of the evaluation were appropriately documented.  Feedback on CEO performance was sought from senior management.  The board provided the CEO with ongoing feedback on their performance. Exit Procedures 9.2. Entities take the opportunity to learn from exits. Exit procedures for directors who are retiring, resigning or removed should help ensure a smooth exit as well as allow the board to receive feedback and learnings. International guidance states that outgoing board members should provide the chair with a written statement on any concerns they have. This statement is then shared with the board and with the regulator if necessary. Exit interviews for the CEO can also provide feedback for continuous improvement, which the board can reflect on. We found:  Most of the locally incorporated entities did not have formal procedures or exit interviews for departing directors.  Some entities had formal processes for conducting exit interviews with CEOs, but a large number had either no interview or an informal process. Good practices we observed:  Exit interviews for departing directors were held by the board chair.  Departing directors were also given the opportunity to provide feedback without the chair present.

30  Feedback and key messages from departing directors were reported to and discussed by the board. Board and Committee Meetings 10. Boards actively consider how meeting procedures can improve effectiveness. This includes ensuring:  Discussion, decisions and challenge are accurately recorded.  Ongoing feedback is provided to management on the quality of material.  Regular board only and non-executive director only time.  Regular engagement with senior management.  The board maintains up-to-date and forward-looking workplans (see 7 above). Meeting procedures, quality of information presented, opportunity for board-only time and engagement with senior management are key to enabling the board to make timely and well￾informed decisions. Meeting Procedures Meeting procedures consist of the structure, roles and protocols for administering board and committee meetings. These ensure meetings are run smoothly and there is clarity of decision making. Having a clear separation between board and committee meetings ensures dedicated focus on strategy, risk, audit and other matters, as well as sufficient time for discussion. Good practices we observed:  Clear and well-documented procedures for running board and committee meetings were outlined in the constitution and charters. This included procedures and responsibility for forming agendas, minute-taking, monitoring and tracking actions and circulating information.  Strategic priorities set at the top of the agenda for board meetings to ensure adequate focus on strategy. Minutes Minutes are the official record of board and committee actions and decisions. They are an important tool for holding boards and senior management accountable and should enable the board to reference and reflect on past decisions.

31 We found:  Many of the minutes we received did not have enough information to enable referencing and reflection on past decisions. We encourage boards to consider the good practices identified below as well as in the Challenge section (13) of the report. Good practices we observed:  Detailed minutes that captured the nature of discussion as well as the steps taken to reach a decision.  Minutes were circulated in a timely manner to all directors and relevant executives following meetings.  The minutes noted who was in attendance for all or part of the meeting, and when presenters and guests entered and exited.  The company secretary or minute-taker was provided with relevant training. Board Papers The quality of board papers is important. They need to identify the key issues and opportunities facing an entity, promote discussions and inform directors, to ensure sound decisions are made and management is held to account. Given their importance, it is essential that boards set clear expectations on the format, content and length of board papers. Information contained in board papers should be accurate, relevant and understandable, and meet the needs of the board. We found:  Papers were often reviewed by the CEO and/or governance team before they went to the board and committees, to ensure content was consistent. This was beneficial in ensuring adherence to board guidelines and preventing duplication of information.  Most boards highlighted areas where they struggled with the length or volume of papers. Some entities noted that it was particularly challenging to get the length and volume of risk papers right.  Entities are working continuously to strike the right balance between providing directors with sufficient information to make decisions and ensuring papers are concise. Good practices we observed:  Entities established guidelines on the format and length of board and committee papers, including the number of pages.  Directors provided ongoing feedback to management, both positive and constructive, on the quality of board and committee papers.  Training was provided to senior management on writing board and committee papers.

32 Board-Only Time Non-executive directors need to be able to exercise independent judgement and hold senior management to account. These directors should have time to share views and information without executives present, to ensure independent judgement is maintained. We found:  Many of the entities we reviewed only held non-executive director-only time when discussing CEO remuneration or major concerns. However, this time can also be useful for sharing good news, positive comments, reassurance and non-executive director engagement. Good practices we observed:  Non-executive director-only time was set out in the board charter to maintain accountability.  Dedicated time was set aside on the agenda to ensure board-only sessions were held regularly.  Decisions made during board-only sessions were recorded by the board chair and reflected in the minutes as appropriate.  Regular independent director-only time.  Non-executive sessions were held at the start of meetings and board-only time at the end of meetings. This final session was used to reflect on the meeting and provide timely feedback to the CEO. Engagement with Key Executives Regular engagement with key executives that have reporting lines to the board and committees is important for ensuring that directors remain well-informed on issues affecting the entity. This also helps foster good relationships and open discussions. We found:  The level of board engagement with executives varied across entities. Good practices we observed:  Board and committee chairs had regular one-on-one meetings with key executives.  Board and committees had regular meetings with relevant key executives without other management present. These sessions were set out in agendas.

33 APPENDIX 1 - SCOPE AND METHODOLOGY The key objectives of the joint Thematic Review were to examine the policies, processes, and operational practices of boards of financial institutions in key areas of governance to:  Determine the extent to which these are aligned to our regulatory requirements and guidance;  Understand how these allow boards to provide effective oversight; and  Promote effective board practices by outlining areas of good practice that all boards should consider, clarifying our expectations as well as highlighting areas for improvement. The Review examined policies, processes, and practices of boards as they related to the following key areas:  roles and responsibilities of the board  board and committee structure and composition  conflicts of interest  board capacity  challenge  board and director performance evaluation  board and committee meetings. Sample Size We selected a sample of 29 entities across four sectors: banking, insurance, non-bank deposit taking (NBDT), and managed investment schemes (MIS). In determining the sample, we considered:  The size of an entity;  Ownership structures; and  Whether the entity was locally incorporated or a branch of an overseas-incorporated entity. The composition of the sample and the individual entities are confidential.

34 Review Our review was conducted as follows: Desk-Based Review Each entity was asked to provide a range of documents related to board and governance policies, procedures and record keeping, and to complete a questionnaire. We then conducted an in-depth review of the information provided and assessed entities against our expectations for governance, both as set out in our guidance and accepted good practice. Interviews We followed up with onsite reviews where we interviewed a range of individuals including board members and executive management. Interviewees were asked a range of general and specific questions, covering the key areas in the Review. Analysis and Thematic Report Writing We assessed the information collected to determine the entity-specific findings. These were then analysed to identify themes to be included in the thematic report. This informed the drafting of the thematic report and individual feedback letters. Independent Review of Report The findings and recommendations outlined in the thematic report have been independently reviewed by Dr John Laker AO. Dr Laker is currently the Board chair of ING Bank Australia and was appointed as an independent director in January 2019. Prior to this, over an 11-year period from 1 July 2003 to 30 June 2014, Dr Laker was Chairman of the Australian Prudential Regulation Authority (APRA) overseeing Australia’s banking institutions, insurance companies and most of the superannuation industry. He has written and spoken extensively on governance, including as a member of the panel that undertook the Prudential Inquiry into the Commonwealth Bank of Australia. Individual Entity Feedback Each entity in the sample has received a feedback letter outlining their specific findings. The letter includes good practices we observed, and areas for improvement and recommendations the entity should consider in order to align with our expectations. Upcoming Regulatory Policy Reviews We will also be considering the findings from this Review in upcoming policy reviews such as the Standards development for the Deposit Takers Act and review of the Insurance (Prudential Supervision) Act 2010 (IPSA). A review of the FMA Corporate Governance Handbook may be undertaken once the relevant RBNZ policy has been finalised.

35 Limitations The scope of our review was limited to the assessment of corporate governance practices at board level and whether these practices allowed the board to govern effectively. Our review was limited to the documents and information we collected directly from the entities, interviews with directors and senior management of each entity, along with information from publicly available sources such as company websites, annual reports and the Companies Office.

36 APPENDIX 2 - LEGISLATION AND GUIDANCE REFERENCED RBNZ: Prudential Supervision Department (BS14) RBNZ: Insurance (Prudential Supervision) Act 2010 (IPSA) RBNZ: Non-bank Deposit Takers Act 2013 (the NBDT Act) FMA: Corporate Governance Handbook FMA: MIS Manager Licensing Application Guide FMA: Standard Conditions for managed investment scheme manager licences FMA: Financial Advice Provider Licence Guide FMA: Standard Conditions for full financial advice provider licences Institute of Directors: The essentials of being a director (FMA joint publication with the Institute of Directors) NZX: Governance Code Basel Committee on Banking Supervision: (Guidelines, Corporate governance principles for banks) Bank of England Corporate governance: Board Responsibilities Financial Reporting Council: UK Corporate Governance Code APRA: Prudential Standard CPS 510 Governance APRA: Prudential Practice Guide (HPG 10 - Governance) Office of the Superintendent of Financial Institutions Canada: Corporate Governance for Financial Institutions Federal Reserve: Supervisory Guidance on Board of Directors' Effectiveness11 OECD: Guidelines on Insurer Governance ASX: Corporate Governance Council Corporate Governance Principles and Recommendations NYSE: Corporate Governance Guide

---

11 Supervisory Guidance for Boards of Directors of Domestic Bank and Savings and Loan Holding Companies with Total Consolidated Assets of $100 Billion or More (Excluding Intermediate Holding Companies of Foreign Banking Organizations Established Pursuant to the Federal Reserve's Regulation YY) and Systemically Important Nonbank Financial Companies Designated by the Financial Stability Oversight Council for Supervision

37