Prudential Standard on Corporate Governance for Financial Institutions and Holding Companies

PRUDENTIAL STANDARD ON CORPORATE GOVERNANCE FOR FINANCIAL INSTITUTIONS AND FINANCIAL HOLDING COMPANIES LICENSED UNDER THE BANKING ACT, 2015 February 2026

Revisions Control Page a) Original Issuance of the Prudential Standard Document Title Prudential Standard on Corporate Governance for Financial Institutions and Financial Holding Companies Licensed Under the Banking Act, 2015 Issuance Date 9 February 2026 Effective Date 1 April 2026 Standard Number No. 2 of 2026 b) Revisions to the Prudential Standard Review Date (DD-MM￾YYY) Amended Sections Issue Date of Revised Versions Effective Date of Revised Versions Revised Numbering (Based on the Year of Revisions for example, No. XXXX of 2024)

ii Table of Contents 1.0 INTRODUCTION ..............................................................................................................................3 2.0 Commencement.................................................................................................................................3 3.0 Interpretation.....................................................................................................................................3 4.0 Objective..............................................................................................................................................6 5.0 Application..........................................................................................................................................6 6.0 Repeal ..................................................................................................................................................7 7.0 Overview of the Prudential Standard..........................................................................................7 8.0 Prudential Standard Requirements...............................................................................................8 8.1 Responsibilities of the Board of Directors................................................................................8 8.1.1 Implementing Sound Governance Practices ....................................................................8 8.1.2 Board Structure and Practices...........................................................................................10 8.1.3 Strategic Planning................................................................................................................12 8.1.4 Establishing Committees of the Board............................................................................13 8.1.5 Board/Committee Meetings and Information...............................................................14 8.1.6 Functioning of the Board....................................................................................................15 8.1.7 Demarcation of Responsibilities between the Board and Senior Management .....16 8.1.8 Risk Management ................................................................................................................17 8.1.9 Internal Control....................................................................................................................18 8.1.10 Integrity in Conducting Operations .............................................................................19 8.1.11 Appointing and Monitoring Officers................................................................................20 8.1.12 Remuneration......................................................................................................................22 8.1.13 Annual Board Review.........................................................................................................22 8.1.14 Transparency in Governance............................................................................................23 8.1.15 Fit and Proper Person Criteria .........................................................................................25 8.2 Responsibilities of the Chairperson.............................................................................................31 8.3 Responsibilities of Directors .........................................................................................................32 8.4 Board Composition .........................................................................................................................33 8.4.1 Board Member Selection........................................................................................................34 8.4.2 Orientation and Training of Directors ................................................................................36 8.5 Responsibilities of the corporate secretary................................................................................37 8.6 Responsibilities of officers.............................................................................................................38 8.7 Responsibilities of the Audit and/or Compliance Committee ...............................................39 8.8 Governance of Group Corporate Structures .............................................................................41 8.8.1 Subsidiaries and Holding Companies .................................................................................41 8.8.2 Complex Corporate Structures..............................................................................................42 8.9 Rights and Responsibilities of Shareholders ............................................................................43 8.10 Relationship with The Central Bank........................................................................................44 8.11 Regulatory Reporting Requirements ..........................................................................................46 APPENDIX I ...................................................................................................................................................i

3 PRUDENTIAL STANDARD ON CORPORATE GOVERNANCE FOR FINANCIAL INSTITUTIONS AND FINANICAL HOLDING COMPANIES LICENSED UNDER THE BANKING ACT, 2015 NO 2 OF 2026 1.0 INTRODUCTION The Prudential Standard on Corporate Governance for Financial institutions and Financial Holding Companies Licensed Under the Banking Act, 2015 (the Prudential Standard) is issued by the Eastern Caribbean Central Bank (the Central Bank), in exercise of the powers conferred on it by section 184 of the Banking Act, 2015, as amended1 (hereinafter referred to as the Act). 2.0 COMMENCEMENT This Prudential Standard shall come into effect on 1 April 2026. 3.0 INTERPRETATION This section of the Prudential Standard employs the interpretation established in the Act, other applicable standards and legislative requirements. However, the following terms are defined for the purpose of this Prudential Standard: a) “Conflict of Interest” means any situation in which a person has interests that could improperly influence the performance of his or her official duties or responsibilities, contractual obligations, or compliance with applicable laws and regulations and can potentially undermine the person’s impartiality due to the possibility of a clash between his or her self-interest and professional responsibility. Consequentially, any actual or potential interest may lead to questions being raised

1 Banking Act of Anguilla (No 6 of 2015), as amended, hereafter referred to as the Banking Act of Anguilla (No 6 of 2015); Banking Act of Antigua and Barbuda, 2015 (No 10 of 2015), as amended; Banking Act of Commonwealth of Dominica, 2015 (No 4 of 2015), as amended; Banking Act of Grenada, 2015 (No 20 of 2015), as amended; Banking Act of Montserrat, 2015 (No 15 of 2015), as amended; Banking Act of Saint Christopher and Nevis, 2015 (No 1 of 2015), as amended; Banking Act of Saint Lucia, 2015 (No 3 of 2015), as amended; and Banking Act of Saint Vincent and the Grenadines, 2015 (No 4 of 2015), as amended.

4 regarding the independence of the judgement dispensed in the performance of his or her obligations to the institution. b) “Corporate Governance” refers to a set of relationships between a company’s management, its Board of Directors, its shareholders and other stakeholders, which provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance. This helps define the way authority and responsibilities are allocated and how corporate decisions are made. c) “Cross-Directorship” refers to the situation where a director of an institution is also part of the Board of Directors of another institution, or has substantial relationships or involvement with another institution that the director could be considered related with the other institution. d) “Executive Director” means a member of the Board of Directors who also has management responsibilities within the institution. e) “Independent Director” means a non-executive director who does not have any management responsibilities within the institution and is not under any other undue influence, internal or external, political or ownership, that would impede the Board of Directors member’s exercise of objective judgment. f) “Internal Control System” means a set of rules and controls governing the institution’s organisational and operational structure, including reporting processes, and functions for risk management, compliance and internal audit. g) “Non-Executive Director” means a member of the Board of Directors who does not have management responsibilities within the institution. h) “Officer” means: i. A chief executive officer, chief operating officer, president, vice-president, branch manager, country manager, corporate secretary, treasurer, chief financial

5 officer, chief accountant, chief auditor, chief investment officer, chief compliance officer, or chief risk officer; ii. Any other individual designated as an officer by its articles of incorporation or continuance, bye-laws or other constituent document, or resolution of the directors or members; or iii. Any other individual who performs functions similar to those performed by a person referred to in paragraph (i), whether or not the individual is formally designated as an officer. i) “Regulator” refers to a governmental or non-governmental body that ensures compliance with laws, regulations and established rules; provides input into developing and interpreting legislation and regulations; issues guidelines, prudential standards, codes of conduct, rules; and approves requests from regulated financial institutions or persons; this includes the Eastern Caribbean Central Bank, and/or any other local, regional and international regulator(s), where applicable. j) “Risk Profile” means the point-in-time assessment of an institution’s gross risk exposures (that is, before the application of any mitigants) or, as appropriate, net risk exposures (that is, after taking into account mitigants) aggregated within and across each relevant risk category based on current or forward-looking assumptions. k) “Self-dealing” means any transaction with a related party, that is not on terms and conditions that are the same or similar to that offered to a non-related party and which could generate a lesser return to the institution than with a non-related party. l) "Senior management” means the individual or group of individuals who are responsible and accountable to the Board of Directors for the day-to-day management of the institution. While the composition varies based on the size and complexity of the institution, senior management typically includes officers such as

6 the chief executive officer, chief financial officer, chief risk officer2 and heads of major business lines, and critical support functions (like Legal or Human Resource). m) “SMART” – Targets that are specific, measurable, achievable, relevant and time￾bound. n) “Transaction” refers to a transfer of benefits, resources, obligations, or the provision of services, regardless of whether a price is charged. 4.0 OBJECTIVE This Prudential Standard seeks to ensure the proper functioning of licensed financial institutions (LFIs) and licensed financial holding companies (LFHCs)3 and to safeguard stakeholders’ interests. The Central Bank anticipates that in implementing the principles outlined in this Prudential Standard, the Board of Directors (the board) and senior management of the LFIs and the LFHCs should be positioned to effectively oversee and manage their institutions in a prudent manner and hence, contribute to maintaining public confidence in the financial system. 5.0 APPLICATION This Prudential Standard applies to all LFIs and LFHCs under the Act and must be read in conjunction with any other applicable prudential standards4 that the Central Bank issued. The Central Bank realises that LFIs and LFHCs have different risk profiles and as such, the implementation of corporate governance policies may differ. Hence, this Prudential Standard is wide-ranging and forward-looking. Any LFIs and LFHCs found in violation of this Prudential Standard are subject to remedial actions specified in sections 75 to 785 of the Act.

2 The CRO should have a direct reporting line to the board. 3 For the purpose of this Prudential Standard, LFIs and LFHCs are collectively referred to as ‘institution/institutions’. 4 This will include the Fit and Proper Prudential Standard, which is pending issuance. 5 Sections 74 to 77 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

7 6.0 REPEAL The Guidelines on Corporate Governance, which came into effect on 15 May 2006, are hereby repealed. 7.0 OVERVIEW OF THE PRUDENTIAL STANDARD The Central Bank, in furtherance of its responsibility for the regulation and supervision of licensees under the Act, has developed this Prudential Standard to outline some basic parameters for institutions to achieve sound corporate governance. The Prudential Standard reflects key elements of the principles outlined in the Basel Committee on Banking Supervision’s (BCBS) paper - Corporate Governance Principles for Banks6 and is based on best industry practices, relevant laws and governance codes. Institutions are required to consider wherever possible, the BCBS’ principles in the design of their corporate governance frameworks and ensure adherence to these principles, as appropriate. The Central Bank recognises that corporate governance processes will vary from institution to institution. However, each LFI and LFHC is expected to create a governance framework that promotes high standards of professional conduct, prudent and diligent discharge of duties, and ensures compliance with all applicable laws, regulations, guidelines, codes of conduct, rules and standards. This Prudential Standard serves as an advisory to shareholders, Boards of Directors and to the management of institutions licensed under the Act, on the minimum standards that the Central Bank expects licensees to adopt in respect of their corporate governance framework. The effectiveness of the board of LFIs and LFHCs is a critical component of the Central Bank’s Risk-Based Supervisory framework. Where an institution’s board has chosen alternative corporate governance standards to those outlined in this Standard, the board will be required to demonstrate to the Central Bank that the alternative adopted standards have at least an equivalent effect in ensuring sound corporate governance. Institutions that are part of larger international financial groups are encouraged to take advantage of

6 Guidelines, Corporate Governance Principles for Banks, Basel Committee on Banking Supervision, July 2015 (Seehttps://www.bis.org/bcbs/publ/d328.htm ). Banks that are part of a conglomerate should also take into account the Joint Forum’s Principles for the supervision of financial conglomerates (September 2013, available at www.bis.org/publ/joint29.htm). For the purposes of the corporate governance principles herein, the terms “parent company” and “group” signify a financial group.

8 the group structured governance processes that are in keeping with the basic principles articulated in this Standard. 8.0 PRUDENTIAL STANDARD REQUIREMENTS 8.1 Responsibilities of the Board of Directors 8.1.1 Implementing Sound Governance Practices Objective: The development of effective policies and controls, and the establishment of a sound governance structure to implement these policies and controls. The board has overall responsibility for the prudent and ethical oversight of the management of an institution. The board’s effectiveness would be influenced by its ability to implement and maintain a sound corporate governance system in accordance with the Act that ensures: a) The establishment of a strong risk management culture throughout the institution. b) Competent management through a comprehensive framework that clearly outlines levels of responsibility and promotes accountability throughout the organisation. c) Integrity in the conduct of management. d) Integrity in financial reporting. e) Timely review of key executive and board members’ remuneration. f) A formal and transparent board nomination and executive recruitment process. g) The institution’s operations are conducted prudently and within the framework of all relevant laws, regulations and guidelines and that a reasonable balance is achieved between the institution’s objectives, and its risk management and control functions.

9 h) Controls are in place to protect the assets of the institution. i) The interests and concerns of shareholders, employees, customers and other stakeholders are considered when creating and implementing policies. j) Consideration is given to the amount of time that proposed board appointees are able to devote to their duties as a director. k) The level of cross-directorship existing among board appointees is sufficiently restricted in order to avoid the potential conflict of interest that may arise and allow adequate time to devote to their responsibilities. l) The performance of directors and officers is reviewed and evaluated at least annually, and where necessary, changes are made to improve and strengthen the governance of the institution. m) When deemed necessary to address any governance concerns, the Central Bank may mandate an independent assessment by an external audit firm or consultant, other than the firm engaged by the LFI or LFHC. This may include, but not be limited to, an assessment of the fitness and probity of significant shareholders (with the exception of participating Governments), directors and officers. n) There is transparency – relevant information on its strategy, governance, operations and relationships to stakeholders should be provided in a clear and timely manner to the relevant stakeholders. o) Shareholder/investor education and facilitation of the exercise of shareholders’ rights. At least annually, the board should engage shareholders on their rights and responsibilities including matters such as: the company’s corporate documents, access to them and amendments to extraordinary transactions; the approval or election of auditors including the due diligence process, direct nomination of board members; prudent exercise of the nomination and approval of directors and related fit and proper requirements; the approval of distributions of profits including details on the policy; shareholder ability to vote on board member compensation;

10 and material related party transactions at a minimum. Such engagements may be virtual; in a designated time before the start of the annual general meeting and published on the licensee’s website along with a summary of frequently asked questions. 8.1.2 Board Structure and Practices Objective: To ensure that the board has the necessary and sufficient manpower and expertise to provide adequate oversight of the institution, and appropriate governance practices are defined, followed and reviewed for on-going management. a) The board should develop and continuously update a board Charter to guide its structure and practices. b) The size of the board should be dictated by the nature of the institution, including its scale of business, and the complexity and diversity of its activities. Changes to the board’s composition should be managed to avoid undue disruption. c) The board should, at least annually, review its size and determine the most appropriate complement and competencies that would be required to ensure operational and decision making effectiveness. d) The size of the board should ensure that it can effectively function in the event that a member(s) is/are absent from decision making because of conflicts of interest, or unavoidable and unforeseen emergencies. e) Collectively, members of the board should demonstrate a broad range of complementary skills and expertise, industry and regulatory knowledge and diversity of perspectives to build a capable, responsive and effective board. These should be consistent with the qualifications outlined in the Corporate Governance Self-assessment and Handbook for Directors.

11 f) The board should conduct regular assessments, at least annually, of the board, its sub-committees and directors. An assessment of the board’s effectiveness should be based on the quality and scope of the governance processes and how effectively these are implemented and maintained. g) The board should have appropriate documented succession planning for directors and officers. Succession plans can consider the following different time horizons: i. Contingency planning for sudden and unforeseen departures (for example resignations); ii. Medium-term planning for the orderly replacement of current board members and officers (for example retirement), and iii. Long-term planning to maintain the relationship between the delivery of the institution’s strategy and objectives to the skills that the board and senior management need now and in the future. h) The board should maintain and update at least annually, organisational rules or other similar core governance documents7 that set out its structure, authority, rights and responsibilities. i) The board should review and approve at least annually, the hierarchical structure of the institution. j) The board shall take into consideration the minimum criteria for determining whether a person is fit and proper for persons likely to be a director, significant shareholder or officer of a LFI or LFHC, pursuant to the Act. In that regard, all institutions shall have a fit and proper policy in compliance with Section 100 of the Act8, taking into account at a minimum, the fit and proper requirements in the Act and other prudential standards issued by the Central Bank.

7Where applicable, this includes the institution’s bye-laws, as well as board and committee charters, terms of reference, and any other formally approved governance instruments that set out how the board operates. 8 Section 99 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

12 k) The board shall take into consideration any skills gaps identified in its self￾assessment matrix provided to the Central Bank. 8.1.3 Strategic Planning Objective: To ensure that the organisation’s vision and purposes are clearly defined and goals are set to achieve its objectives. a) The board should establish a strategic statement that outlines the specific strategic actions for the organisation, which is commensurate with its business objectives and risk culture. b) The board must approve the strategic plan of the institution with appropriate measurable benchmarks. The strategic planning process should include the establishment of corporate objectives and the effective oversight of the implementation of these objectives. The board must ensure that the strategic plan is current, feasible and based on sound economic and financial assumptions and is consistent with applicable laws, regulations, standards, and internal policies. c) The board must develop the institution’s corporate culture and values. Corporate values should address corruption and self-dealing, the management of conflicts of interest, and the establishment of ethical standards and policies that are in the best interest of the institution. d) The board must set limits for the various activities and risks undertaken within the institution. Where possible, authorisation of these limits should be tied to the seniority of an officer, a particular office or a group of individuals responsible or knowledgeable in the area. e) The board should approve the budget of the institution at least one month before the commencement of the institution’s financial year. f) The strategic plan should have SMART targets and the board should establish a mechanism for monitoring and reporting on them at regular interval (at a

13 minimum, every six months) at board meetings. Responsible individuals (those to whom goals are delegated) should be held accountable for missed deadlines and/or targets and an explanation should be provided. 8.1.4 Establishing Committees of the Board Objective: To effectively allocate tasks and responsibilities at the board level. a) The board should ensure the establishment of committees based on size, complexity and risk profile of the institution. At a minimum, the committees should include audit, credit and risk management. However, for smaller institutions with limited board membership, a combined committee structure may be acceptable (with the Central Bank’s approval), provided that it has a clearly defined, board-approved Charter that explicitly covers the audit, credit, and/or risk oversight responsibilities, and conflicts of interest are appropriately managed. The expectation remains that these critical functions receive sufficient focus, independence, and expertise, regardless of the specific committee configuration being adopted. As outlined in section 8.4.1, the Central Bank also recommends the establishment of a nomination committee. b) Committees of the board should be established via a Charter that is approved by the board and clearly defines the committee’s mandate, objectives, scope of authority, working procedures, responsibilities, tenure and terms of reference. These committees should be required to report to the board, at least quarterly. c) Each committee of the board should conduct an annual evaluation of its own effectiveness, which should be presented to the board for review. In the evaluation, each committee should assess its performance with the requirements of its Charter. d) To reinforce the independence of the board, the inclusion of management as a member of these committees should be the exception rather than the rule. Management may be invited to attend the meetings as needed, to provide input on operational matters.

14 e) To promote fresh perspectives and avoid undue power concentration, the board should, as necessary and where practical, rotate membership and chairmanship of the established committees, at least every two years. The institution should seek the Central Bank’s approval to extend this timeframe, if deemed necessary. f) To facilitate the assessment of the committees’ fulfilment of mandates, appropriate records of meetings should be maintained, which include discussion on key deliberations and decisions taken, as well as reports submitted to the board. 8.1.5 Board/Committee Meetings and Information Objective: To ensure sourcing and dissemination of relevant information at the board level. Board/committee meetings serve as key fora where executives and directors share information and deliberate on the institution’s performance, plans and policies. Frequent meetings allow for better communication between management and directors. All directors are expected to attend and actively participate in all meetings of the board. The same is expected of directors assigned to committees or subcommittees of the board. The following should be instituted with respect to meetings: a) Frequency of meetings should be dictated by the nature, complexity of operations and size of the institution. b) The chairperson of the board/committee should have primary responsibility for setting the agenda of board/committee meetings and ensuring that information is made available to the members. All relevant information including the agenda, minutes and papers should be forwarded to all directors at least one week before the meeting to facilitate adequate review. c) The chairperson of the board/committee should review board/committee packages prior to circulation to determine the adequacy of information and give instructions to management to ensure that requirements are met. In addition to the information (strategic plan, budget comparison, management accounts and reports on

15 subsidiaries, where relevant) required to assess the quantitative performance of the institution, the board should also receive information on the observance of prudential norms, customer satisfaction/complaints, service quality, market share, market reaction and other relevant qualitative information. d) The chairperson of the board/committee should ensure that clear and complete minutes of meetings are maintained and circulated to members, and that the minutes accurately and adequately record the discussions on key deliberations, decisions and actions taken at these meetings. The engagement of an administrative professional is recommended. e) Minutes of meetings should be ratified at the subsequent meeting of the board. 8.1.6 Functioning of the Board Objective: To promote segregation between the formulation and the execution of policy for independence and control purposes. The ability of the board to function independently of management is central to effective corporate governance. The board must demonstrate its ability to act independently of management. The board should implement appropriate structures and procedures to achieve and maintain its independence. The structures and procedures implemented should allow for the clear division of responsibilities between the board and management to facilitate a balance of power and authority.

a) The chairperson of the board should be a non-executive member. b) A former officer of an institution should only be considered to serve on the board after a careful review of any potential conflicts of interest that might arise from his or her previous employment with the institution. c) The board shall not include more than one-third executive directors, to encourage accountability and transparency.

16 d) The board should avoid undue influence from related parties past or present position(s), or personal, professional or other economic relationships with other board members. 8.1.7 Demarcation of Responsibilities between the Board and Senior Management Objective: To ensure that clear lines of responsibility and accountability exist within the organisation. a) The board should maintain and review as required, organisational policies, bye-laws and documents outlining its own authorities and responsibilities, including those of its chairperson. It should also document the authority and responsibility of officers, including the system of checks and balances for ensuring adequate oversight of officers. In addition, the board must ensure that clear lines of responsibility and accountability are established throughout the institution and that the balance of responsibilities and accountabilities are adequate and reviewed at least annually. b) While the board may delegate responsibility for the formulation of sound and prudent policies and procedures, it remains accountable for their approval and the overall operations of the institution. c) Whereas senior management is responsible for the day-to-day operation of the institution by virtue of the authority vested in it by the board, the primary responsibility of the board is to provide oversight to ensure that the interests of the institution and its shareholders are properly served. d) The board is responsible for approving job descriptions and employment contracts for all officers. e) The board should always remain responsible for the overall stewardship of the institution and must be prepared to question, scrutinise and robustly monitor, in a proactive manner, its performance, and the performance of its committees,

17 individual directors and senior management. Notwithstanding, the board should not engage in any day-to-day operations of the institution. 8.1.8 Risk Management9 Objective: To ensure that the risks undertaken are understood, under control and well mitigated. Risk management systems and practices will differ depending on the scope and size of the institution and the nature of the institution’s risk exposures. However, every institution should have integrated policies which, taken together, establish the institution’s corporate philosophy on risk pertaining to its significant activities. a) The board should approve, oversee and review the implementation of the overall risk strategy including the risk tolerance/risk appetite of the institution. b) The board should ensure that the institution’s policies and systems establish a prudent balance between the risks incurred and the potential returns to the institution. c) The board should employ a pre-emptive approach to risk management through the implementation of a robust risk management system to include continuous identification, measurement, monitoring, controlling and reporting of risks. d) The board should ensure the adequacy of risk management practices, procedures and systems for all material risks including, but not limited to, interest rate risk in the banking book and climate-related, credit, legal, liquidity, operational, market and technology risks. e) Although senior management is responsible for identifying and assessing risks associated with new products and services, and should ensure that appropriate

9 This section should be read in conjunction with the relevant sections of the Central Bank’s prudential standards on the management of various risk exposures.

18 procedures and controls are implemented to manage these risks, the board should approve the introduction of all new products and services. f) In order to facilitate its oversight, the board should establish a specialised risk management committee with the mandate to establish, implement and review the adequacy of risk management policies and systems within the institution, and to monitor their effectiveness. g) The board should implement an effective enterprise risk management function with sufficient authority, independence and access to the board, to inform the board on matters pertaining to the institution’s current and future risk tolerance and strategy and to monitor senior management’s compliance with the approved risk strategy. h) The institution’s risk management strategy and significant risk exposures should be appropriately communicated throughout the institution. 8.1.9 Internal Control Objectives: To ensure that adequate controls are in place and that information is obtained in a timely manner so that corrective action is taken where necessary. Implicit in the effective discharge of a board’s responsibilities is the adequate functioning of well-designed internal controls and management information systems. a) The board should ensure that senior management provides sound recommendations and advice on the organisational structure, objectives, strategies, plans, major policies and procedures/processes of the institution. b) The board is responsible for the integrity of data and information provided by the institution. When required, the board should meet with the regulator, or appoint a board member as the liaison to deal with regulatory matters. The board should also ensure that the appropriate action is taken on instructions or recommendations from the regulatory or supervisory authority.

19 c) The board should ensure that internal control reviews are performed at least annually to determine the extent of compliance with policies and procedures, as well as with regulatory policies and to implement changes, where necessary. d) The internal and external auditor functions are critical in ensuring an effective control environment. As such, the board and senior management can enhance their effectiveness by ensuring that the internal audit function is duly recognised in the organisation and that its profile is enhanced. The board should also use, as appropriate, the services of external auditors to independently verify information received from management. It should also ensure that it receives a copy of the external auditors’ management letter, together with management’s action plan, to deal with the deficiencies identified in the management letter and to follow up, where necessary, to ensure that these deficiencies are addressed10. 8.1.10 Integrity in Conducting Operations Objective: To facilitate a high degree of integrity and fairness within the institution’s operations. a) The board should put in place a code of conduct for employees, directors and stakeholders of the institution, setting out the institution’s ethical values and standards. At a minimum, the code should provide procedures for addressing the improper use of confidential information, conflicts of interest, protection and use of the institution’s assets (both financial and non-financial), corruption, compliance with laws and regulations, insider trading, and fit and proper criteria for officers and directors11. This code should be adequately communicated to the employees, directors and stakeholders12 and in the case of employees and directors, the code should be included in both orientation and re-orientation programmes. The code should have effective reporting and enforcement mechanisms and violations of the code should be addressed promptly and effectively.

10 For further guidance, refer to the Prudential Standard for External Auditing and the Prudential Standard for Internal Auditing. 11 Fit and proper person criteria are detailed in section 8.1.15 of this Prudential Standard. 12 The code of conduct may be placed on the LFI’s and the LFHC’s website for shareholders and other stakeholders.

20 b) The board should put in place procedures to ensure compliance with the Act, and all other relevant codes of conduct, guidelines, legislation, regulations, and standards, as well as directives issued by regulatory authorities. The board should also ensure that adequate systems are in place to identify, report and follow up on deviations by an appropriate level of management. c) The board should consider establishing a whistle-blower policy to document procedures for whistleblowing and to provide appropriate protection to employees and others who raise concerns or report misconduct in the institution. d) Policies regarding conflicts of interest, fair treatment of customers and information sharing with stakeholders should be clearly outlined. e) Clear complaints procedures should be established to deal effectively with customer complaints, pursuant to the applicable code of conduct. 8.1.11 Appointing and Monitoring Officers Objective: To facilitate a competent team to execute the policies and plans of the board. a) The board’s appointment of competent officers is vital given that the board delegates through management. The most important appointment is that of the chief executive officer or managing director or general manager. This should be a person with high integrity, technical competence and a proven track record in the industry. The board should also approve appointments for other officer positions. b) The board should establish policies and procedures to provide the Central Bank with the necessary written notice of the proposed appointment of an officer at least 60 days prior to the appointment of the officer, in accordance with section 10113 of the Act. This includes the submission of the necessary documents for the Central Bank

13 Section 100 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

21 to determine whether the proposed officer satisfies the fit and proper criteria in section 9714 of the Act, prior to being appointed. c) The board should monitor the actions of officers to ensure that these are consistent with the strategy and policies approved by the board, including the risk tolerance/appetite and corporate culture. d) The board should set performance based compensation policies, goals and standards for officers. These should be consistent with the long-term objectives, strategy and financial soundness of the institution. The board should assess the chief executive officer’s or managing director’s or general manager’s performance against the objectives that were previously established in the strategic plan. e) The board should ensure that officers implement the remedial actions prescribed by and agreed to with the institution’s regulators in a timely manner. f) The board should ensure that there are adequate training programmes to develop management expertise and competence; however, senior management is responsible for instituting such programmes. g) The board should also give priority to the on-going management of the institution by formulating a clear, feasible and orderly succession plan, and ensure that the organisational structure promotes effective decision making and good governance. h) The board should ensure that potential successors/all officers are familiar with legislation and regulation governing the institution’s operations and undergo continuous training to ensure that this knowledge remains relevant. i) The board is responsible for removing and replacing incompetent officers.

14 Section 96 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as ameded.

22 8.1.12 Remuneration Objective: To ensure the use of formal and transparent procedures to facilitate fair compensation within the organisation a) The board should institute a documented remuneration policy for directors and officers and ensure periodic renewal of the policy to ensure that it remains relevant to the institution’s risk management framework, strategy and values.

b) The board is responsible for the design and operation of the institution’s compensation system and should review the system to ensure outcomes are as intended and that compensation is aligned with prudent risk taking. c) Depending on the size and complexity of the institution, the board may establish a remuneration committee as an important component of the governance structure, with the purpose of overseeing the design and operation of the compensation system.15 d) The board should approve the compensation package to attract, retain and motivate competent officers and employees. Compensation should be established with due regard to the institution’s strategic plan and objectives. e) Compensation should be sensitive to risk outcomes and should be aligned with prudent risk taking. f) The board should ensure that total variable compensation does not limit the institution’s ability to strengthen its capital base. g) There should be full and clear disclosure in the financial statements of the remuneration policy and collective remuneration of non-executive directors. 8.1.13 Annual Board Review Objective: To determine whether the board is fulfilling its responsibilities.

15 Financial Stability Board: Principles for Sound Compensation Practices – 25 September 2009.

23 a) At least annually, the board shall assess and document whether the institution’s objectives are being met and whether it is fulfilling its responsibilities. A self￾assessment of the board, including an assessment of individual board members, shall be done on an annual basis. The board should, where necessary, seek the input of management and/or external facilitators in this regard and make adjustments where necessary. b) Where the board has reservations about the performance or integrity of a board member, appropriate actions should be taken in line with the corporate governance requirements in the Act. c) The board should review the performance and compensation of officers at least annually. d) The board should review the institution’s capital adequacy, including capital augmentation and preservation, at least annually, considering the institution’s risk tolerance, its existing risk exposures and its future plans. e) The corporate secretary is responsible for ensuring that personal questionnaires are completed by each director on commencement of directorship, and annually, by 31 January of each calendar year. The questionnaire for directors, officers, and significant shareholders will be provided by the Central Bank. 8.1.14 Transparency in Governance Objective: To facilitate the adequate disclosure of information. a) The board should be satisfied that procedures are in place to ensure that the institution’s disclosure obligations are met, and ensure that the information being disseminated to stakeholders and the public is factual, timely and accurate. b) The board should disclose its approach to corporate governance in its annual report/accounts or group consolidated annual report as applicable. This

24 information should be prepared, audited and disclosed in accordance with recognised standards for accounting, financial and non-financial disclosure, and audit. c) The board shall ensure that an annual audit is conducted by an independent, competent and qualified auditor, in accordance with Part VI of the Act and the Prudential Standard for External Auditing for Institutions Licensed under the Banking Act, 2015. d) All disclosures should be accurate and clearly presented to ensure the relevant stakeholders can easily understand the information presented. e) Channels for disseminating information should allow for fair, timely and cost￾efficient access to relevant information by users. f) Disclosure in the annual report or the institution’s website or group consolidated annual report as applicable, should include, but not be limited to, material information on: i. The financial and operating results of the institution; ii. The institution’s objectives; iii. Organisational and governance structures and policies; iv. Significant share ownership and voting rights; v. Shareholding of each director in the institution; vi. Members of the board and key executives. For board members, disclosure should also include their qualifications, the shareholder(s) they represent (if any), and whether they are executive, non-executive or independent directors, cross directorships and attendance at meetings; vii. Foreseeable risk factors and risk management processes and procedures; viii. Related party transactions; and ix. Additional remuneration from the institution apart from a director’s fee, participation in the institution’s share option or a performance-related pay scheme, or is a member of the institution’s pension scheme, or receives other forms of deferred compensation not contingent upon continued service.

25 8.1.15 Fit and Proper Person Criteria Objective: To ensure that institutions adhere to fit and proper criteria in the selection of individuals such as directors, significant shareholders, and officers who exercise significant influence on them. Section 97(1) of the Act16 states, ‘every person who is, or is likely to be a director, significant shareholder, or officer of the licenced financial institution or licensed financial holding company must be a fit and proper person to hold the particular position which he holds or is likely to hold’. The following minimum criteria, which form the basis for ensuring that probity, competence and sound judgement, are excercised among these individuals, should be applied in establishing an institution’s fit and proper person policy. These criteria allow for the proper management of institutions and ensure that such individuals are and are seen to be fit and proper. a) Probity, Integrity and Reputation The factors to assess the honesty, integrity and reputation of a person include, but are not limited to, whether the person: i. Has been refused the right or restricted in their right to carry on business or profession for which a specific licence, registration or other authorisation is required by law in any jurisdiction; ii. Has been issued a prohibition order under any statue; iii. Has been prohibited from operating in any jurisdiction by any financial services regulatory authority; iv. Has been disciplined, suspended or discharged of duties by the Central Bank, any other regulatory authority, any professional body or government agency, throughout the Currency Union or elsewhere;

16 Section 96(1) of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

26 v. Has been the subject of any complaint made reasonably and in good faith, relating to activities that are regulated by the Central Bank or under any law in any jurisdiction; vi. Has been the subject of any proceedings of a disciplinary or criminal nature or has been notified of any potential proceedings or of any investigation which might lead to those proceedings, under any law in any jurisdiction; vii. Has been convicted of any criminal offence, or is being subject to any pending proceedings which may lead to such a conviction, under any law in any jurisdiction; viii. Has had any judgment associated with a finding of fraud, misrepresentation or dishonesty, entered against the person in any civil proceedings or is a party to any pending proceedings which may lead to such a judgment, under any law in any jurisdiction; ix. Has accepted civil liability for fraud or misrepresentation under any law in any jurisdiction; x. Has had any civil penalty enforcement action taken against him/her/it by the Central Bank or any other regulatory authority under any law in any jurisdiction; xi. Has aided or abetted another person in breach of any laws or regulations, business rules or codes of conduct, whether in the Currency Union or elsewhere; xii. Has demonstrated an unwillingness to comply with any regulatory requirement or to uphold any professional and ethical standards, whether in the Currency Union or elsewhere;

27 xiii. Has been untruthful or provided false or misleading information to the Central Bank or has been uncooperative in any dealings with the Central Bank or any other regulatory authority in any jurisdiction; xiv. Is an individual who is or has been a director, partner, significant shareholder or concerned in the management of a business that has been censured, disciplined, prosecuted or convicted of a criminal offence, or has been the subject of any disciplinary or criminal investigation or proceeding in the Currency Union or elsewhere, in relation to any matter that took place while the person was a director, partner, significant shareholder or concerned in the management of the business; xv. Is or has been a director, partner, significant shareholder or involved in the management of a company, of which the licence was revoked by the Central Bank, any other regulatory authority, any professional body or government agency, whether in the Currency Union or elsewhere; xvi. Has been a director, partner, significant shareholder or concerned in the management of a business that has gone into insolvency, liquidation or administration during the period when, or within a period of one year after, the person was a director, partner, significant shareholder or concerned in the management of the business, whether in the Currency Union or elsewhere; xvii. Is or has been subject to disciplinary actions by his/her current or former employer(s), whether in the Currency Union or elsewhere; xviii. Has been disqualified from acting as a director or disqualified from acting in any managerial capacity, whether in the Currency Union or elsewhere; xix. Has been dismissed or asked to resign and resigned from employment from a position of trust or fiduciary appointment due to any alleged or proven inappropriate action; and

28 xx. Has undertaken any other unethical or reprehensible conduct, which is of such significance that it raises doubts as to the individual’s integrity. b) Competence and Capability The factors to assess the competence and capability of a person include, but are not limited to: i. Whether the person has any academic or professional qualifications or effective experience in banking, finance, business or administration or any other relevant discipline, having regard to the nature of the duties they are required to perform; ii. Whether the person has the technical knowledge and ability to perform prescribed duties for which they are engaged, especially recognised professional qualifications and membership of relevant professional institutions or in the case of an institution, whether the officers that it employs, authorises or appoints to act on its behalf, have satisfactory educational qualification or experience, relevant skills and knowledge; iii. Whether the officers and directors undertake the relevant continued professional development annually or as required in order to remain current with standards and practices; iv. Whether the person has satisfactory past performance or expertise, having regard to the nature of the person’s business or duties; v. Whether the person has working knowledge of applicable legislation, rules, policies, guidelines and standards of sound practices; vi. Whether newly appointed directors have completed an accreditation programme (such as the Directors' Education and Accreditation Programme), within a year of appointment;

29 vii. Whether there are material changes in the nature and scope of the responsibilities assumed by an individual that would require higher standards of competence or judgement, in order to properly perform the duties associated with the said position. For example, material changes in expected duties could give rise to conflicts of interest or otherwise impair his/her ability to discharge his/her duties; and viii. In the case of a director, whether the candidate has the requisite time to effectively carry out the affairs of the institution. c) Financial Soundness As an indication of a person’s capacity to contribute to the safety and soundness of an institution and protection of the interests of depositors and other stakeholders, a person should demonstrate the prudent management of his/her own financial affairs. In determining a person’s financial soundness, all relevant factors should be considered including, but not limited to, whether the person: i. Has suspended payment in respect of, or is unable to meet their obligations (including non-compliance with tax and other statutory requirements) as they fall due; ii. Has been the subject of any judgment that remains outstanding or was not satisfied, in whole or in part, within a reasonable period, whether in the Currency Union or elsewhere; iii. Has entered into a composition with his/her creditors, filed for bankruptcy, been adjudged bankrupt, had assets confiscated, or has been involved in proceedings relating to any of the aforementioned or any similar proceedings. In the case of a person adjudged bankrupt, the assessment criteria include, but are not limited to, the following: a) the rationale for entering into bankruptcy;

30 b) the person’s level of compliance with court orders and the conduct of duties in accordance with the relevant bankruptcy legislation; c) the due care in which the person conducted his or her affairs, prior and subsequent to the date of bankruptcy; d) whether the person was discharged from bankruptcy and whether this discharge was unconditional or included conditions; e) whether the person has complied with the conditions of the discharge; f) the current financial affairs of a bankrupt who has been discharged; g) whether a minimum of seven (7) years has elapsed since the discharge; and h) any report or other documentation of the Administrator/Trustee filed with the court. iv. In his/her personal or professional capacity, is or has been a significant shareholder, director, or officer of an entity that has: a) been in receivership; b) failed to meet the solvency requirements prescribed by law; c) been wound up by a court; and/or d) ceased trading in circumstances in which creditors were not or have not yet been paid in full. v. Has been a director or officer of, or directly or indirectly concerned in, the management of a corporation locally or abroad that is compounding with or suspending payments to its creditors.

31 8.2 RESPONSIBILITIES OF THE CHAIRPERSON Objective: To identify the responsibilities of the chairperson in the corporate governance process. The chairperson of the board should be responsible for: a) Effectively leading the board in executing its roles and responsibilities; b) Ensuring effective operation of the board and its committees in conformity/accordance with established mandates; c) Ensuring effective communication with shareholders, regulators, and other stakeholders; d) Setting the agenda and tone of board discussions to encourage effective decision making; e) Ensuring that directors receive sufficient, accurate and timely information; f) Ensuring that all board committees are properly established, composed and operated; g) Ensuring that the performance of the board and its committees is evaluated on a periodic basis, at least annually; h) Establishing an open relationship with, supporting and advising senior management; and i) Ensuring that new board members attain the appropriate accreditation from established programme offerings17, within twelve (12) months of directorship18 and

17 This includes for example, the Director’s Education and Accreditation Programme or the Caribbean Corporate Governance Institute.

32 that existing board members are appropriately accredited, maintain accreditation and engage in continuing education. 8.3 RESPONSIBILITIES OF DIRECTORS Objective: To identify a director’s key responsibilities to the board and the organisation. Directors are accountable to the institution’s depositors and shareholders for the safeguarding of their interests through lawful, informed, efficient and able administration of the institution. Directors must, at all times, meet the fit and proper criteria for directors as required in the Act. All directors of an institution have a duty to: a) Perform their functions with diligence and care, and with a degree of competence as can reasonably be expected from persons holding that position; b) Review all key risks in the institution’s operations and oversee the management of those risks; c) Independently assess the institution’s policies, processes and procedures, to identify and initiate management action on issues requiring improvement; d) Disclose any potential conflicts of interest as required by the Act; e) Recognise and guard against conflicts of interest in dealings with the institution and on behalf of the institution; f) Develop and maintain comprehensive knowledge of the institution’s operations, relevant laws, regulations, prudential standards, guidelines, other regulatory requirements, and the customs and practices that govern that institution;

18 If a director fails to achieve accreditation within 12 months, the Board must evaluate the cause, the director’s overall contribution, and their remediation plan. This assessment, along with any formal extension request, must be submitted to the Central Bank for review.

33 g) Develop the relevant knowledge and skills to perform effectively on any assigned board committee; h) Exercise independence in decision-making and problem solving, and act as much as is reasonably possible on a fully informed basis; i) Promote the success of the institution in the interest of its shareholders as a group; j) Devote sufficient time to their responsibilities and act only within the scope of their authority; k) Engage actively in all significant matters relating to the institution and keep abreast of material changes in its business and its external operating environment; and l) Remain accredited. 8.4 BOARD COMPOSITION Objective: To facilitate a greater degree of unbiased policymaking within the organisation. The board should be strong and able to exercise objective judgment on corporate affairs independently of management. No individual or group of individuals should be allowed to dominate the board’s decision-making process. The board should take action to identify and manage conflicts of interest including those resulting from significant shareholdings, towards ensuring that the influence of third parties does not compromise or override independent judgement. Additionally, the institution shall maintain a log to capture all conflicts of interest arising and the course(s) of action taken to manage them. In determining independence, consideration should be given, among other factors, to the length of time served on the board, recognising that prolonged service can, in some circumstances, give rise to familiarity or perceived alignment with management.

34 Institutions shall maintain at least a 20.0 per cent ratio of independent directors to non￾independent directors. The board should therefore establish policies and procedures for the appointment of directors. This will include reviewing the factors influencing a director’s independence at the time that person is proposed for election or re-election. During this deliberative process, the board should consider the nature, extent and materiality of the director’s relationship with the institution. In the determination of a director’s independence, consideration should be given to whether the person: a) Was employed by the institution within the last five (5) years; or b) Within the last five (5) years, had a material business or professional interest (according to the materiality criteria established by its Board of Directors) with the institution either directly, or indirectly as an advisor, solicitor, partner, shareholder, director or senior employee of a body that has or had such a relationship with the institution; or c) Received or receives additional remuneration from the institution apart from a director’s fee, participates in the institution’s share option or a performance-related pay scheme, or is a member of the institution’s pension scheme, or receives other forms of deferred compensation not contingent upon continued service; or d) Represents a significant shareholder on the board; or e) Has served on the board for more than nine years. 8.4.1 Board Member Selection The board should ensure the following with regards to board nominations: a) There should be a documented, robust, and transparent process for the nomination of directors to the board. In the best interest of the institution, the Central Bank strongly recommends the establishment of a nomination committee to:

35 i. Lead the process for the appointment of directors; ii. Ensure plans are in place for the orderly succession to the board; and iii. Oversee the identification, development, and maintenance of a diverse talent pool, to enable the board to discharge its fiduciary duties effectively, and in the best interests of the institution and its stakeholders. An independent non-executive director should chair the nomination committee. The chairperson of the board should not chair the nomination committee when it is dealing with the appointment of his/her successor. b) In reviewing nominations (where applicable), the board should satisfy itself that each nominee is a fit and proper person and is qualified for the office on the basis of age, experience, capabilities, skills and other relevant factors. c) The chairperson of the board should not remain in that post beyond nine years from the date of his/her first appointment to the board. To facilitate effective succession planning and the development of a diverse board, this period can be extended for a limited time19, upon approval by the Central Bank, particularly in those cases where the chairperson was an existing non-executive director on appointment. A clear reason for requesting the extended time should be provided to the Central Bank including the following information: i. Whether the chairperson continuously demonstrates objective judgement and promotes constructive challenge amongst other board members; ii. Whether the extended length of service will fit with wider succession planning and organisational objectives; iii. Whether extending the length of service complements diversity planning; and iv. Whether there was engagement with major shareholders and the impact of this feedback on decision-making.

19 The Central Bank recognises that there may be reasons to keep a chairperson in post, but boards must carefully consider factors including their composition and succession planning, and offer a comprehensive explanation to help investors and other stakeholders better understand the licensee’s long-term succession planning strategy. An extension of a maximum of two years may be granted.

36 d) To ensure continuity and effective succession planning, the terms of independent directors should be staggered, to prevent a complete turnover of the board at any one time and to minimise disruption to its operations. However, where it is determined that the stability of the institution can only be safeguarded through the replacement of the entire board, such action should be taken in a structured and orderly manner and the institution should seek approval from the Central Bank. 8.4.2 Orientation and Training of Directors Objective: To ensure that directors are equipped with the requisite skills to oversee the operations of institutions and to facilitate their continuous adjustment to the changing business environment. a) Institutions should establish an orientation programme for new directors, as well as periodic refresher programmes for existing directors. The orientation should focus on the responsibilities and legal obligations of a director and the board as a whole. b) The orientation programme should include a review of the institution’s financial condition, risk management processes, Audit and Compliance functions and codes of conduct. c) The orientation programme should also include a discussion on the nature of the institution’s business, prevailing conditions in the banking industry, corporate strategy and shareholder expectations. d) There should be a forum or avenues for directors to discuss issues with experts, as necessary. e) The board should ensure that resources are made available for continuous education of its members in relevant areas to enhance their ability to fulfil their duties.

37 f) The board should institute or provide access to continuing training programmes for directors with a focus on developing skills in areas pertinent to the operations of the institution. g) The board should develop a framework to assess and identify, at least annually, the training needs of directors. 8.5 RESPONSIBILITIES OF THE CORPORATE SECRETARY Objective: To identify the corporate/company secretary’s responsibilities in the corporate governance process. The institution’s corporate/company secretary plays an integral role in ensuring its effective administration. The directors must ensure that the corporate/company secretary possesses the requisite expertise, experience and competencies to effectively support the board and board committees. The corporate/company secretary should be responsible for: a) Keeping the board and board committees adequately informed on governance matters; b) Ensuring that board decisions are properly communicated to senior management for implementation; c) Preparing board packages for timely dissemination to ensure compliance with statutory and regulatory requirements; d) Establishing an open relationship with the board, board committees, regulators, et cetera on governance matters; e) Attending Board of Directors and committee meetings and ensuring minutes are accurately captured; and f) Any other duties assigned by the Companies Act of the various jurisdictions.

38 The corporate/company secretary shall adhere to the requirements of the Companies Act of the respective member country within the Currency Union. 8.6 RESPONSIBILITIES OF OFFICERS Objective: To identify senior management’s responsibilities in the corporate governance process. The institution’s officers are responsible for the day-to-day operations of the institution and serve as a link between the board and staff, and vice versa. Officers should have the requisite expertise, experience and competencies to effectively manage the institution and exercise appropriate control over the institution. The officers should be responsible for: a) Implementing the institution’s strategic plan and other policies and procedures approved by the board; b) Keeping directors adequately informed of the performance of the institution through reports, including financial and management reports, and reports prepared by internal auditors, external auditors and the Risk Management and Compliance functions; c) Advising the board on an appropriate organisational structure: objectives, strategies and major policies of the institution; d) Implementing and maintaining risk management and control systems appropriate to the scale, nature and complexity of the institution, including policies and procedures; e) Delineating, documenting and delegating duties and areas of responsibility for each staff member. Reporting lines must be clear and appropriate in the context of the scale, nature and complexity of the institution to promote transparency and accountability;

39 f) Communicating the institution’s strategic direction, reporting lines and risk tolerances throughout the organisation; g) Overseeing management information systems to enable the delivery of timely and accurate information; and h) Ensuring that the institution’s activities are consistent with the board approved strategy, risk tolerance and policies. 8.7 RESPONSIBILITIES OF THE AUDIT AND/OR COMPLIANCE COMMITTEE Objective: An Audit Committee should be established to provide oversight of the institution’s operations and ensure compliance within and by the institution. The audit and/or compliance committee’s size needs to be proportionate to its authority and duties; and its terms of reference will necessarily vary according to the size, complexity and risk profile of the institution. This committee should be comprised principally of independent non-executive directors, and should include members who have some accounting and financial management expertise and a sound understanding of the industry in which the institution operates. The audit and/or compliance committee has a crucial role in monitoring and strengthening the institution’s control environment and should: a) Review the annual financial statements of the institution before they are approved by the board and oversee its financial disclosure obligations; b) Oversee the performance of the External and Internal Audit functions with regard to effectiveness, objectivity and independence; c) Monitor management’s reporting on internal controls and their responses to internal and external audit reports/letters. While it is management’s responsibility to design and implement an effective system of internal control, the audit or compliance committee must ensure that management discharges this responsibility;

40 d) Assess the performance and recommend the appointment, re-appointment or removal of the external auditors on an annual basis; e) Ensure that consultants are not subsequently hired as external auditors within a three-year period after completion of an assignment(s) on behalf of the institution or its related and associated entities; f) Discuss the external auditor’s engagement and management letters before they are presented to the entire board and follow-up on issues raised in the management letter; g) Promote transparency and encourage confidence in the institution’s financial reporting; h) Establish a code of conduct and ensure that the board, management, staff and stakeholders of the institution meet the requirements of the code of conduct; i) Ensure that all data and information provided by the institution are accurate and timely; j) Oversee senior management’s activities to ensure that the organisation is in compliance with all laws, regulations, guidelines, regulatory and supervisory requirements, accepted business practices and ethical standards; k) Ensure that directors continue to comply with the fit and proper requirements as determined by sections 97 and 98 of the Act20; l) Review all proposed transactions that are material as outlined in the guidelines on related party transactions; m) Review all new financial products, and make the necessary recommendations to the board;

20 Sections 96 and 97 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

41 n) Submit reports and recommend corrective action to the board where there is non￾compliance with any of the above items; and o) Have unfettered access to management. Have access to the auditors (external and internal) without management present and have the right to seek explanations and additional information from management and the auditors where required. 8.8 GOVERNANCE OF GROUP CORPORATE STRUCTURES 8.8.1 Subsidiaries and Holding Companies Objective: To encourage adequate oversight of a company affiliated to an institution. a) The board should be aware of all material risks and other issues that may ultimately affect the institution. As some of these risks may originate in subsidiaries, the parent board must be able to exercise adequate oversight over the activities of the subsidiary to control these risks. b) The corporate governance responsibilities of the boards of subsidiary financial institutions are the same as those of the board of a regulated parent financial institution. The corporate governance responsibilities of a regulated holding company board are the same as those of a regulated institution. c) The board of a parent or holding company of a LFI should determine what board structures for its subsidiaries would best contribute to an effective chain of oversight. This section does not suggest that the boards of subsidiary institutions should replicate all corporate governance activities of parent boards or that parent boards should assume responsibility for the performance of specific duties of subsidiary boards.

42 d) The board of a regulated subsidiary should set a separate corporate governance structure and ensure that group-level decisions do not impact negatively on the subsidiary’s compliance with the Act. e) Minutes of meetings of an institution that is a parent company and/or holding company must include discussions at both the group level and that of its subsidiary/subsidiaries. f) An institution that is a parent company should pay special attention to the performance, composition and activities of the board(s) of its subsidiary/subsidiaries, especially where: i. The activities of a subsidiary are significantly different or independent from the core business of the parent company; ii. Additional expertise is required to provide oversight of the subsidiary’s activities; iii. There is potential for conflicts of interest between the various stakeholders of the parent company and the subsidiary; iv. There is a need for close oversight of some activities of the subsidiary that, although the activity may not be material by some measure, it might give rise to material reputational, legal or regulatory risks for the parent company as a whole; or v. The subsidiary operates in a jurisdiction that has substantially different expectations of governance. 8.8.2 Complex Corporate Structures Objective: To encourage adequate knowledge and understanding of the operational structure of an institution and the related risks.

43 The board and senior management should: a) Understand the structure and the organisation of the group; b) Ensure that the structure of the organisation is clear and can be easily understood; c) Recognise the risks that the complexity of the structure may pose; d) Ensure that all products and their risks are captured and evaluated on an institutional and group-wide basis; e) Have a central process for evaluating and approving mergers and acquisitions, as well as the creation of new entities within the structure; f) Understand and be able to produce information regarding the institution’s structure; g) Ensure that in addition to internal audits of individual entities, that group risk assessments are conducted as required; and h) Discuss with and report to the regulator prior to the establishment of any new entities which may be deemed to add complexity to the group and/or increase its risk exposure levels. 8.9 RIGHTS AND RESPONSIBILITIES OF SHAREHOLDERS Objective: To facilitate more shareholder involvement in the governance of the institution. a) Eligible shareholders should have the opportunity to participate effectively in shareholders’ meetings; they should be informed of the rules including the procedures that govern these meetings. b) Shareholders should be furnished with sufficient information regarding the location and agenda of general meetings.

44 c) Opportunity should be provided for shareholders to question the board and to place items on the agenda at general meetings, subject to reasonable limitations. d) The Corporate Governance framework should specify conditions for the appointment and removal of directors by shareholders. e) The institution should establish policies and procedures to provide the Central Bank with the necessary written notification of the proposed election of a director at least 60 days prior to the election of the director, in accordance with section 10121 of the Act. This includes the submission of the necessary documents for the Central Bank to determine whether the proposed director satisfies the fit and proper criteria in section 9722 of the Act. f) The Corporate Governance framework should specify actions that require shareholder authorisation. g) Shareholders should be informed that they may vote in person or by proxy. h) The Corporate Governance framework should ensure that stakeholders, including shareholders and employees, have an avenue to report and/or communicate their concerns about illegal or unethical practices. 8.10 RELATIONSHIP WITH THE CENTRAL BANK Objective: To facilitate open communication between the board of directors, regulators of subsidiaries and the Central Bank. Based on the annual review considered under section 8.1.13 of this Prudential Standard, the board and senior management should be able to demonstrate to the Central Bank:

21 Section 100 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended. 22 Section 96 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

45 a) The overall effectiveness of their policies to protect the interests of depositors, creditors, shareholders and other stakeholders; b) Their ability to effectively identify, measure, manage and control significant business activities and the risks associated with those activities; c) That the institution’s control environment is appropriate and effective, taking into account the institution’s unique character, approach to governance, management and communication style, organisational structure, resource availability, procedures and controls and the conduct of its staff; d) That the institution can address effectively, risk and control issues raised through internal and external audit, relevant supervisory authorities and other sources; e) That changes to significant policies and procedures are appropriately reviewed and approved; f) That the institution’s internal controls provide reasonable assurance of the integrity and reliability of its records; g) That internal controls are based on documented policies and procedures and are implemented by trained personnel whose duties have been segregated appropriately, and that adherence to established internal controls is continuously monitored; h) That the management information systems and accounting records are complete, accurate and current; and i) That management and staff maintain high corporate values and ethical standards that are based on the institution’s established code of conduct. In order to effectively carry out the above responsibilities, the board must:

46 a) Understand the regulatory environment within which the institution and its subsidiaries operate; b) Be informed of the results of examinations conducted by the regulators; c) Require appropriate follow-up on remedial actions, recommendations or deficiencies identified by the regulators, including following up with senior management to determine if the weaknesses found are an indication that similar problems may exist elsewhere in the organisation; d) Consider the findings of the regulators in its ongoing evaluation of senior management, recognising that primary responsibility for identifying weaknesses rests with the board and senior management; e) Be open to sharing with the regulators information relevant to their oversight of the institution; and f) Identify and address material changes to the risk profile and key risk indicators of institutions that are subsidiaries and parent companies. 8.11 REGULATORY REPORTING REQUIREMENTS The institution shall submit to the Central Bank in accordance with section 10123 of the Act, information for the Central Bank to conduct its due diligence after receiving the requisite notice of the proposed appointment or election of a director or officer. This includes, but is not limited to: a) certified copies of personal questionnaires and curriculum vitae, police records and two pieces of government issued photo identification; b) Copies of the board and board committees’ charters, within 30 days following approval by the board;

23 Section 100 of the Banking Act, 2015 of Anguilla, No 6 of 2015, as amended.

47 c) Report on results of annual assessments of boards and board committees by the end of the first quarter in the year following the review; d) A copy of the strategic plan of the institution within 30 days following approval by the board; e) A copy of the organisational chart for the institution within 30 days of the change of officers, organisational structure or other relevant aspects; f) Minutes of board and board committee meetings in accordance with the schedule provided by the Central Bank; and g) A copy of the Cessation of Directorship Form (See Appendix I), in the case of the resignation or removal of a board member within 14 days of the resignation or removal. Any material change to the information presented in these documents shall be submitted to the Central Bank as they occur. The form outlining the information required will be provided by the Central Bank. For the proper discharge of its functions and responsibilities, the Central Bank will determine the time and the manner in which licensees will submit information related to their Corporate Governance framework. The Central Bank requires its licensees to make any necessary change(s) to their bye-laws, articles of incorporation, and other governing documents, to ensure compliance with this Prudential Standard and the Act.

i APPENDIX I CESSATION OF DIRECTORSHIP FORM FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT, 2015 LICENSED ENTITY: ……………………………………………………………………………………………….. NAME OF DIRECTOR: ……………………………………………………………........................................ DATE OF APPOINTMENT: ……………………………………………………………………………................ DATE OF REMOVAL/RESIGNATION: ….………………………………….……………………….………… TYPE OF DIRECTOR: ………………………………………………………………………………………………… COMMITTEE(S) SERVED ON: ………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………….. REASON(S) FOR REMOVAL/RESIGNATION: ………………………………………………………………………………………………………………….…………….... ……………………………………….………………………………………………………………………………………… ……………………………………………………….………………………………………………………………………… ………………………………………………………………………………………………………………………………..… NAME OF REPLACEMENT (if known): ………………………………………………………………………………………………………………………………….. I ....................................................... declare that the above information is true and complete (Chairperson/Corporate Secretary) to the best of my knowledge and belief. Dated the day of 20 Signed In the presence of:

---