Corporate Governance Standards for Banks

CORPORATE GOVERNANCE STANDARDS FOR BANKS

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 2 | P a g e Table of Contents INTRODUCTION....................................................................................................................... 3

1. DEFINITIONS ................................................................................................................. 3
2. RESPONSIBILITIES OF THE BOARD ......................................................................... 6
3. BOARD COMPOSITION AND QUALIFICATIONS .................................................. 10
4. BOARD STRUCTURE AND COMMITTEES ............................................................. 12
5. SENIOR MANAGEMENT............................................................................................ 16
6. TRANSACTIONS WITH RELATED PARTIES .......................................................... 17
7. GROUP STRUCTURE .................................................................................................. 18
8. RISK MANAGEMENT ................................................................................................. 19
9. INTERNAL CONTROL, COMPLIANCE AND INTERNAL AUDIT......................... 20
10. FINANCIAL REPORTING AND EXTERNAL AUDIT .............................................. 20
11. OUTSOURCING............................................................................................................ 20
12. COMPENSATION......................................................................................................... 20
13. DISCLOSURE AND TRANSPARENCY ..................................................................... 23

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 3 | P a g e INTRODUCTION

1. These Standards form part of the Corporate Governance Regulation (Circular No. 83/2019). All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.
2. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.
3. DEFINITIONS
4. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
5. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.

Board: The Bank’s board of directors. Central Bank: The Central Bank of the United Arab Emirates. 5. Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities. 6. 7. 8. 9. 10. Chief Executive Officer: The most senior executive appointed by the Board. Conflict of Interest: A situation of actual or perceived conflict between the duty and private or other interests of a person, which could improperly influence the performance of his/her duties and responsibilities. Control Functions: The Bank’s functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance; this includes the risk management function, the compliance function and the internal audit function. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the Board of directors, or the decisions made by the Board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence. Corporate Governance: The set of relationships between the Bank’s management, Board, shareholders and other stakeholders which provides the structure through which the objectives of the Bank are set, and the means of

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 4 | P a g e 11. 12. 13. attaining those objectives and monitoring performance. It helps define the way authority and responsibility are allocated and how corporate decisions are made. Duty of Care: The duty to decide and act on an informed and prudent basis with respect to the Bank. Often interpreted as requiring Members of the Board to approach the affairs of the Bank the same way that a “prudent person” would approach his/her own affairs. Duty of Confidentiality: The duty to observe confidentiality applies to all information of a confidential nature with which a Member of the Board is entrusted by the Bank or which is brought to his or her attention during or at any time after the carrying out of his/her assignment. Duty of Loyalty: The duty to act in the good faith in the interest of the Bank. The duty of loyalty should prevent individual Members of the Board from acting in their own interest, or the interest of another individual or group, at the expense of the Bank and shareholders. 14. 15. 16. First-Degree Relatives: The individual’s parents, siblings and children. Fit and Proper Process: The evaluation of a Bank’s proposed members of the Board and Senior Management as to expertise and integrity. The specific fit and proper criteria are listed in article 2.13 of the Standards. Government: The UAE Federal Government or one of the governments of the member Emirates of the Union. 17. 18. 19. Group: A group of entities which includes an entity (the ‘first entity’) and: a. any Controlling Shareholder of the first entity; b. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and c. any Affiliate, joint venture, sister company and other member of the Group. Higher Shariah Authority: The Higher Shariah Authority that was established at the Central Bank by the Cabinet Resolution no. (102/ 1/ و5 ( 2016. Independent Member of the Board: A Member of the Board who has no relationship with the Bank or Group that could lead to benefit which may affect his/her decisions. He/she must not be under any other undue influence, internal or external, ownership or control, which would impede the Member’s exercise of objective judgment. The Independent Member of the Board forfeits his/her independence in the cases specified in Article 3.4 of the Standards. 20. Islamic Financial Services: Shari`ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 5 | P a g e 21. 22. 23. 24. 25. 26. 27. 29. Material Risk Takers: Staff whose work is deemed to have a significant impact on the overall risk profile of the Bank or the Group. Non-Executive Member of the Board: A Member of the Board who does not have any management responsibilities within the Bank, and may or may not qualify as an Independent Member of the Board. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions. Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank. Related Parties: The Group and its Controlling Shareholder’s Members of the Board and Senior Management (and their First-Degree Relatives) and persons with control, joint control or significant influence over the Bank (and their First￾Degree Relatives). Related Party Transactions: Include on-balance sheet and off-balance sheet credit exposures and claims as well as dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction incorporates not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a Bank has an existing exposure) subsequently becomes a Related Party; disclosures must reflect all related party events and transactions for the financial period. Relatives: The individual’s father, mother, brother, sister, children, spouse, father-in-law, mother-in-law, and children of the spouse. Risk Appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan. 30. 31. Risk Limits: Specific quantitative measures that must not be exceeded based on, for example, forward looking assumptions that allocate the Bank’s aggregate risk appetite to business lines, legal entities or management units within the Bank or Group in the form of specific risk categories, concentrations or other measures as appropriate. Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and Senior Management

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 6 | P a g e establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks. 32. 33. 34. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the Chief Executive Officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of the Board of directors. Staff: All the persons working for a Bank including the members of Senior Management, except for the Members of its Board. 2. RESPONSIBILITIES OF THE BOARD

1. The Board must act in the best interests of its various stakeholders while meeting regulatory expectations. Treating customers fairly must be an integral part of all Banks’ good governance and corporate culture.
2. Members of the Board are responsible for the overall interests of the Bank. This applies to Members of the Board representing or appointed by an individual shareholder or group of shareholders. The Duty of Loyalty precludes individual Members of the Board acting in their own interest, or the interest of another individual or group, at the expense of the Bank, its depositors or shareholders. Depositors’ interests take precedence over shareholders’ interests.
3. The Members of the Board shall exercise their Duty of Care, Duty of Confidentiality and Duty of Loyalty to the Bank when carrying out their activities, which include, but are not limited to: a. Actively engaging in the affairs of the Bank to ensure strategy and policies are implemented as designed as well as acting in a timely manner to protect the long-term interests of the Bank; b. Overseeing the development of and approving the Bank’s business objectives and strategy, and monitoring their implementation; c. Playing a lead role in establishing the Bank’s corporate culture and values; d. Overseeing implementation of the Bank’s governance framework and periodically reviewing it to ensure that it remains appropriate in the light of

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 7 | P a g e material changes to the Bank’s size, complexity, business strategy, markets and regulatory requirements; e. Establishing the Bank’s Risk Appetite, taking into account the competitive and regulatory landscape and the Bank’s long-term interests, risk exposures and ability to manage risk effectively; f. Overseeing the Bank’s adherence to its Risk Appetite and Risk Limits; g. Approving and overseeing the implementation of key policies including, but not limited to, credit, liquidity and the internal capital adequacy assessment process; h. Approving the annual financial statements and requiring periodic independent review of critical areas of the business and internal controls; i. Approving the selection of and overseeing the performance of Senior Management; j. Overseeing the Bank’s approach to Board and Staff compensation, including monitoring and reviewing executive compensation and assessing whether it is aligned with the Bank’s culture and Risk Appetite; and k. In the case of a Bank offering Islamic financial services, fully complying with Islamic Shariah rules and establishing a sound and effective Shariah governance framework with the key mechanisms and functionalities to ensure effective and independent Shariah oversight, as per the requirements set by the Central Bank and the Higher Shariah Authority. 4. The Members of the Board are responsible for the implementation of an effective risk management culture and internal control framework across the Bank and the Group. In order to promote a sound corporate culture, Members of the Board must establish the “tone from the top” by: a. Setting and adhering to corporate values that create expectations that all business must be conducted in a legal and ethical manner, and overseeing the adherence to such values by Staff; b. Promoting risk awareness within a strong risk culture, and setting the expectation that all Staff are responsible for ensuring the Bank operates within the established Risk Governance Framework, Risk Appetite and Risk Limits; c. Ensuring that appropriate steps have been taken to communicate throughout the Bank the corporate values, professional standards and codes of conduct approved by the Board together with supporting policies; and d. Ensuring that Staff are aware that appropriate disciplinary or other actions will follow unacceptable behaviors and transgressions.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 8 | P a g e 5. The Board approved Risk Governance Framework must incorporate a “three lines of defence” approach including Senior Management of the business lines, the functions of risk management and compliance, and an independent and effective internal audit function. In the case of a Bank providing Islamic financial services, an independent and effective internal Shariah audit function reporting to the internal Shariah control committee must be in place. 6. The Risk Governance Framework may vary with the specific circumstances of the Bank, particularly its risk profile, size, business mix and complexity. Banks must incorporate the minimum requirements specified in the separate Regulations and Standards issued by the Central Bank on 1) Risk Management, 2) Internal Control, Compliance and Internal Audit and 3) Outsourcing into their Risk Governance Framework. 7. A Bank must have a written code of conduct that defines acceptable and unacceptable behaviors. It must explicitly prohibit illegal activity including fraud, breach of sanctions, money-laundering, anti-competitive practices, bribery and corruption, and the violation of consumer rights. It must make clear that Staff are expected to conduct themselves ethically and perform their jobs with skill, due care and diligence in addition to complying with laws, regulations and Bank policies. 8. The Bank’s corporate culture must recognize the critical importance of timely and frank discussion and escalation of problems to higher levels. Staff must be encouraged and must be able to communicate legitimate concerns about illegal, unethical or questionable practices confidentially and without the risk of reprisal. 9. The Board must oversee a whistleblowing policy mechanism and ensure that Senior Management appropriately addresses legitimate issues flagged through the whistleblowing mechanism. The Board is responsible for ensuring that Staff who raise concerns are protected from detrimental treatment or reprisals. The Board must oversee and approve how and by whom legitimate matters are investigated and addressed by an objective internal or external body, Senior Management, and/or by the Board itself. 10. The Board must have a formal written Conflict of Interest policy for its members. The policy must include, but is not limited to: a. A Member of the Board’s duty to avoid, to the extent possible, activities that could create conflicts of interests or the appearance of conflicts of interests; b. Examples of how conflicts can arise where serving as a Member of the Board; c. A process for management of conflicts of interests by the Board or an ethics committee where one exists; d. A review and approval process for Members of the Board before they engage in specific activities, such as serving on another Board, to ensure that such activities will not create a conflict of interest;

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 9 | P a g e e. A process to prevent members from holding directorships in competing institutions; f. A Member of the Board’s duty to promptly disclose any matter that may result, or has already resulted, in a conflict of interest; g. A Member of the Board’s responsibility to abstain from voting on any matter where the Member of the Board may have a conflict of interest or where the Member of the Board’s objectivity or ability to properly fulfil duties to the Bank may be otherwise compromised; h. Procedures to ensure that transactions with related parties are undertaken on arm’s length basis; and i. The way the Board will deal with non-compliance with the Conflict of Interest policy. 11. The Board must provide oversight of Senior Management. It must hold members of Senior Management accountable for their actions and enumerate the consequences if those actions are not aligned with the Board’s expectations. This includes adhering to the Bank’s values, Risk Appetite and risk culture. Oversight by the Board should include, but is not limited to: a. Monitoring Senior Management’s actions to ensure that they are consistent with the strategic objectives and policies approved by the Board and are aligned with its Risk Appetite; b. Meeting regularly with Senior Management; c. Critically reviewing and challenging explanations and information provided by Senior Management; d. Setting appropriate performance and compensation standards for Senior Management consistent with the long-term strategic objectives and the financial soundness of the Bank; e. Assessing whether Senior Management’s collective knowledge and expertise remain appropriate given the nature of the business and the Bank’s risk profile; and f. Actively engaging in succession planning for the Chief Executive Officer and ensuring that appropriate succession plans are in place for Senior Management positions. 12. Senior Management must implement, consistent with the direction given by the Board, systems, processes and controls for managing the risks to which the Bank is exposed and for complying with laws, regulations and internal policies. This

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 10 | P a g e includes comprehensive and independent risk management, compliance and audit functions, as well as an effective overall system of internal controls. 13. The nomination committee must lead the process for identifying, assessing and selecting candidates for the Board and Senior Management. Fit and proper criteria must ensure that candidates: a. Possess the necessary knowledge, skills, and experience; b. Have a record of integrity and good repute; c. Have sufficient time to fully discharge their responsibilities; d. Provide for a collective suitability and added value to the Board; e. Do not have any conflict of financial and non-financial interests; and f. Have a record of financial soundness. Before providing the no-objection for nominations, appointments or renewals, the Central Bank will conduct additional interview and/or background checks to ensure the fitness and probity of the candidates, including their ability to manage the time commitments required for their role in the Bank, and confirm the accuracy and completeness of the information and documentation provided by the Banks. 14. Branches of foreign Banks must establish local governance structures, such as a Senior Management committee or equivalent, that fulfill the responsibilities of a Board required by this Corporate Governance Regulation and Standards. Branches must ensure their Control Functions are operating effectively. Branches must establish Control Functions that are robust, report to the local management structures and are accountable to the Group’s heads of Control Functions. The local management structure of the branch must take steps as are necessary to help the branch meet its own corporate governance responsibilities in line with the Regulation. It is the responsibility of the local management structures to ensure that local legal and regulatory requirements are implemented and, where appropriate, make adjustments where the Group conflicts with a provision of this Regulation. 3. BOARD COMPOSITION AND QUALIFICATIONS

1. A Bank’s Board must be comprised of individuals with a balance of skills, diversity and expertise who collectively possess qualifications commensurate with the size, complexity and risk profile of the Bank. In assessing its collective suitability, the factors a Board should take into account include, but are not limited to: a. Whether Members of the Board have a range of knowledge and experience in relevant areas and varied backgrounds to promote diversity of views;

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 11 | P a g e b. Relevant individual areas of competence which may include, but are not limited to, capital markets, financial analysis, financial stability, financial reporting, information technology, strategic planning, risk management, compensation, regulation, corporate governance, management, accounting, audit and Shari`ah rules and principles in case of a Bank providing Islamic financial services; c. Whether the Board collectively has a good understanding of local, regional and global economic and market forces and of the legal and regulatory environments applicable to the Bank’s operations; and d. Whether individual Members of the Board can contribute to effective communication, collaboration and critical debate in the meetings of the Board and its committees. 2. The nomination committee must establish a policy to require at least 20% of candidates for consideration for the Board to be female. Information on the policy and actual figures of female candidates’ consideration and representation on the Board must be disclosed in the Bank’s annual corporate governance statement. 3. Members of the Board, individually and collectively, must be and remain qualified for their positions. Members of the Board must understand their oversight and corporate governance role and be able to exercise sound, objective judgement about the affairs of the Bank. Members of the Board must not have any conflict of interest that may impede their ability to perform duties independently and objectively, or be subject to any undue influence from: a. Other persons/business; b. Previous or current positions held; or c. Personal, professional or other economic relationships with other Members of the Board or Senior Management, or d. Other entities within the Group. 4. A Member of the Board shall lose his/her independence in the following cases: a. If his/her tenure as an independent Member of the Board in the same Bank exceeds twelve (12) consecutive years from the date of his or her appointment. This provision applies equally to persons appointed by a Government shareholder; b. If he/she, or any of his/her first-degree relatives, has worked as Staff of the Bank or its Subsidiaries during the past two (2) years;

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 12 | P a g e c. If he/she has worked for, or is a partner, in a company that performs consulting works for the Bank or its Group or he/she has acted in such capacity during the past two (2) years; d. If he/she has had any personal services contracts with the Bank or its Group during the past two (2) years; e. If he/she has been affiliated with any non-profit organization that receives significant funding from the Bank or its Group; f. If he/she, or any of his/her first-degree relatives, has been a partner or employee of the Bank’s auditor during the past two (2) years; g. If he/she, or any of his/her first-degree relatives, has or had a direct or indirect interest in the contracts and projects of the Bank or its Subsidiaries during the last two (2) years, and the total of such transactions exceeds the lower of 5% of the Bank’s paid capital or of the amount of five million Dirhams or its equivalent amount in a foreign currency, unless such relationship is part of the nature of the Bank’s business and involves no preferential terms; and h. If he/she and/or any of his/her first-degree relatives (individually or collectively) own directly or indirectly 10% or more of the Bank’s capital or is a representative of a shareholder who owns directly or indirectly more than 10% of Banks’ capital. The provisions in items b to h above do not apply to Members of the Board appointed by a Government shareholder. 5. All nominated members for the Board must have sufficient competence, knowledge and experience to effectively carry out their duties and be subject to the Fit and Proper Process. 6. An ex-ante review and approval process must be completed before a Member of the Board accepts nomination to serve on another Board as permitted by this Regulation so as to ensure that the activity will not create a Conflict of Interest. In addition, each Member of the Board must confirm annually that he/she has sufficient time available to manage the time commitments required from the role in the Bank. 4. BOARD STRUCTURE AND COMMITTEES

1. The chair of the Board must provide leadership to the Board and is responsible for its overall effectiveness. The chair must ensure that Board decisions are taken on a sound and well-informed basis, encourage and promote critical discussion and ensure that dissenting views can be freely expressed during the decision-making process. The chair must:

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 13 | P a g e a. Ensure that the Board acts efficiently, fulfils its responsibilities and discusses all issues on a timely basis; b. Approve the agenda of each Board meeting, ensuring that the content, organization, quality of documentation and time allocated to each topic allows for sufficient discussion and decision making; c. Encourage all Members of the Board to fully and efficiently participate in the Board meetings in order to ensure that the Board acts in the best interests of the Bank; d. Adopt suitable procedures to ensure efficient communication with the shareholders and the communication of their views to the Board; e. Facilitate the effective participation of Independent Members of the Board and the development of constructive relations between individual Members; and f. In the case of a Bank offering Islamic financial services, safeguard an effective independent oversight of Shari`ah compliance within the organizational framework. 2. The majority of the Members of the Board must be present in each Board and its committees’ meeting for a quorum. Attendance at meetings must be by physical presence or via audio or audio-videoconferencing subject to appropriate safeguards to preserve confidentiality and accuracy of deliberations. 3. The Board and its committees’ resolutions must be issued by the majority of votes. In the case of parity, the Chairman shall have a casting vote. 4. There must be effective communication and coordination between the audit committee and the risk committee to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the Bank’s Risk Governance Framework. The risk committee must, without prejudice to the tasks of the compensation committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings. 5. The Board must ensure that new Members of the Board participate in an appropriate induction program that must include an introduction to the strategy, structure, codes of conduct, main policies and material businesses of the Bank. In addition, the induction program must include an overview of the regulatory environment applicable to the Bank, including the requirements of the Central Bank Law, Regulations and Standards. 6. The Board must dedicate sufficient time, budget and other resources to an ongoing training and development program for the Members of the Board and draw on external expertise as needed. The Board must review annually its program for

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 14 | P a g e ensuring that Members of the Board acquire, maintain and enhance knowledge and skills relevant to their responsibilities. 7. The Board must structure itself in terms of effective composition, size and the use of committees so as to effectively carry out its oversight role and other responsibilities. This includes ensuring that the Board has the time and means to cover all necessary subjects in sufficient depth and have a robust discussion of issues. 8. The Board, or the Board nomination committee, must carry out at least annually an assessment of the Board as a whole, its committees, and individual members. This must include an independent assessment by an external third party at least once every five (5) years. 9. Annual assessments of the Board must include but are not limited to: a. Reviewing the structure, size and composition of the Board as a whole and its committees; b. Reviewing the effectiveness of Board governance procedures, determining where improvements are needed and making any necessary changes; and c. Assessing the ongoing suitability of each Member of the Board, taking into account the fit and proper criteria and his/her performance on the Board. 10. Issues relating to the assessment of the performance of the Board as a whole include, but are not limited to: a. Has the Board set clear performance objectives, and how well has it performed against these objectives? b. Has the Board been effective in the strategy development process? c. What has been the Board’s contribution to ensuring effective risk management? d. Is the membership of the Board appropriate with the right mix of skills and knowledge? e. Is the organizational structure and interaction between the Board and Senior Management working effectively? f. How well has the Board responded to problems and challenges? g. Is the Board dealing with the right issues? h. Is the relationship between the Board and its committees working effectively? i. Is the Board kept up to date with regulatory and market developments?

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 15 | P a g e j. Is the Board provided with appropriate and timely information of the right depth and quality? k. Are Board meetings of the right frequency and length to enable proper consideration of issues? l. Is the content of the agenda appropriate for the size, nature and complexity of the Bank? m. Are Board procedures adequate for effective performance? 11. Issues relating to the assessment of the performance of committees of the Board include, but are not limited to: a. Does each committee have appropriate terms of reference, and how well has it performed against the terms of reference? b. Does the committee keep the Board adequately informed of its work? c. Is the relationship between the committee and the Board as a whole working effectively? d. Is the membership of the committee appropriate with the right mix of skills and knowledge? e. Is the interaction between the committee and Senior Management working effectively? f. How well has the committee responded to problems and challenges? g. Is the committee dealing with the right issues? h. Are committee meetings of the right frequency and length to enable proper consideration of issues? 12. Issues relating to the assessment of the performance of individual Members of the Board include, but are not limited to: a. Does the Member of the Board continue to meet the requirements of fitness and probity, and in the case of Independent Members of the Board, independence? b. Has the Member of the Board actively contributed to the work of the Board, and if applicable, Board committees? c. If newly appointed, has the Member of the Board participated in the Board’s induction program?

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 16 | P a g e d. Has the Member of the Board participated in ongoing training on relevant issues? e. Has the Member of the Board kept up to date with regulatory and market developments? 13. Branches of foreign Banks must establish local governance structures that meet the requirements of this Regulation and Standards. This includes, without limitation, the use of Senior Management committee and/or other committees to effectively carry out the oversight role and other responsibilities of the Board. 5. SENIOR MANAGEMENT

1. Senior Management is responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank. The organization, procedures and decision-making of Senior Management must be transparent and provide clarity on the role, authority and responsibility of the various positions within Senior Management.
2. Consistent with the direction given by the Board, Senior Management must implement business strategies, risk management systems, risk culture, processes and controls for managing the risks to which the Bank is exposed. This includes comprehensive and independent risk management, compliance and audit functions as well as an effective overall system of internal controls. Senior Management must recognize and respect the independent duties of the risk management, compliance and internal audit functions, and in the case of a Bank offering Islamic financial services, Shari`ah compliance and audit functions, and must not interfere with the exercise of such duties.
3. Senior Management must provide oversight of those they manage, and ensure that the Bank’s activities are consistent with the business strategy, Risk Appetite and the policies approved by the Board. Senior Management is responsible for delegating duties to Bank staff and must establish a management structure that promotes accountability and transparency throughout the Bank.
4. Senior Management must provide the Board with comprehensive and timely reporting to enable it to effectively discharge its responsibilities, including the oversight of Senior Management. Information Senior Management must regularly provide to the Board includes, but is not limited to: a. Performance relative to the Bank’s strategy and Risk Appetite; b. Performance against budget and other financial targets, and the financial condition of the Bank;

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 17 | P a g e c. Breaches of Risk Limits or compliance rules categorized by frequency, scope and impact; d. Internal control failures; e. Legal or regulatory concerns; f. Current and developing market conduct issues, including a semi-annual analysis on client complaints and inquiries; g. Issues raised as a result of the Bank’s whistleblowing mechanism; and h. Breaches of Shari`ah rules and principles in the case of Banks offering Islamic financial services. 5. An ex-ante review and approval process must be completed before a member of Senior Management accepts nomination to serve on a board as permitted by this Regulation so as to ensure that the activity will not create a conflict of interest. In addition, each member of Senior Management must confirm annually that he/she has sufficient time available to manage the time commitments required for their role in the Bank. 6. TRANSACTIONS WITH RELATED PARTIES

1. Transactions with Related Parties must not be undertaken on more favorable terms (e.g. in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.
2. Banks must have policies and processes in place to identify individual exposures to and transactions with Related Parties as well as the total amount of exposures, and monitor and report on them through an independent credit review or audit process. Exceptions to policies, processes and limits must be reported to the appropriate level of the Bank’s Senior Management and, if necessary, to the Board, for timely action. Senior Management must monitor Related Party Transactions on an ongoing basis, and the Board must also provide oversight of these transactions
3. The Board must ensure that transactions with Related Parties (including internal group transactions) are reviewed to assess risk and are subject to appropriate restrictions (e.g. by requiring that such transactions be conducted on arm’s length terms) and that corporate or business resources of the Bank are not misappropriated or misapplied.
4. Transactions with Related Parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the Bank’s Board. Members of the Board with conflicts of interest must

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 18 | P a g e be excluded from the approval process of granting and managing related party transactions. Banks must report any breaches promptly to the Central Bank. The Central Bank may determine additional capital and/or provisioning requirements to cover any such breaches. 5. Banks must have policies and processes in place to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. 6. Banks must maintain a register of related parties and details for each related party transaction. 7. GROUP STRUCTURE

1. In order to fulfil its responsibilities, the Board of the Bank as a Controlling Shareholder must ensure: a. There is a corporate governance framework at Group level with clearly defined roles and responsibilities taking into account the complexity and significance of the individual entities; b. There is an appropriate Group management structure and internal control framework which takes into account the material risks to which the Group and its individual entities are exposed; c. The Group’s corporate governance framework includes adequate policies, processes and controls and addresses risk management across the entities; d. The Group’s corporate governance framework includes appropriate processes and controls to identify and address potential intragroup conflict of interest, such as those arising from intragroup transactions; e. There are Board-approved policies and clear strategies for establishing new structures and legal entities, which ensure that they are consistent with the policies and interests of the Group; f. There are effective systems in place to facilitate the exchange of information among the various entities, to manage the risks of the individual entities as well as of the Group as a whole, and to ensure effective control of the Group; g. There are sufficient resources to monitor the compliance of all entities with all applicable legal, regulatory and governance requirements; and h. There is an effective internal audit function, and in the case of a Bank offering Islamic financial services an effective internal Shari`ah audit function, which ensures audits are being performed on all Group entities and the Group itself.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 19 | P a g e 2. While the Board of the Bank as a Controlling Shareholder must conduct strategic, group-wide risk management and prescribe corporate risk profiles, the individual entities’ management and boards must have appropriate input to their local or regional application and the assessment of local risks. It is the responsibility of the individual entities’ boards, or equivalent in the case of foreign branches, to assess the compatibility of the Group policy with local legal and regulatory requirements. 3. The Board and Senior Management must take into account the financial, legal, reputational and other risks to the Bank from operating through complex or non-transparent structures. Measures to avoid or mitigate these risks include, but are not limited to: a. Avoiding setting up complicated structures that lack economic substance or business purposes; b. Continually maintaining and reviewing appropriate policies, procedures and processes governing the approval and maintenance of those structures or activities, including fully vetting the purpose, the associated risks and the Bank’s ability to manage those risks prior to setting up new structures and initiating associated activities; c. Having a centralized process for approving the creation of new legal entities and dissolution of dormant entities based on established criteria, including the ability to monitor and fulfil each entity’s regulatory, tax, financial reporting, governance and other requirements; d. Establishing adequate procedures and processes to identify and manage all material risks arising from these structures, including lack of management transparency, operational risks introduced by interconnected and complex funding structures, intragroup exposures, trapped collateral and counterparty risk, ensuring that structures are only approved if the material risks can be properly identified, assessed and managed; and e. Ensuring that the activities and structure are subject to regular internal and external audit reviews and Shari`ah audit review in case of providing Islamic banking services. 8. RISK MANAGEMENT Governance requirements for risk management are contained in separate Regulation and Standards issued by the Central Bank.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 20 | P a g e 9. INTERNAL CONTROL, COMPLIANCE AND INTERNAL AUDIT Governance requirements for internal control, compliance and internal audit are contained in separate Regulation and Standards issued by the Central Bank. 10. FINANCIAL REPORTING AND EXTERNAL AUDIT Governance requirements for financial reporting and external audit are contained in separate Regulation and Standards issued by the Central Bank. 11. OUTSOURCING Governance requirements for outsourcing are contained in separate Regulation and Standards issued by the Central Bank. 12. COMPENSATION

1. The compensation committee is responsible for the overall oversight of management’s implementation of the compensation system for the entire Bank. In addition, the compensation committee must regularly monitor and review outcomes to assess whether the Bank-wide compensation system is creating the desired incentives for managing risk, capital and liquidity. It must have clear terms of reference, be properly constituted to exercise competent and independent judgement on the institution’s compensation policies and practices and work closely with the institution’s risk committee in the evaluation of incentives created by the compensation system. It must review the compensation plans, processes and outcomes at least annually. This must include an independent assessment by an external third party at least once every five (5) years.
2. Boards must have oversight of the compensation system for the whole institution, not just for Senior Management. The compensation structure must be in line with the strategy, Risk Appetite, objectives, values and long-term interests of the Bank. Incentives embedded within compensation structures should not incentivize Staff to take excessive risk.
3. Issues that the compensation committee of the Board must consider in overseeing the operation of Bank-wide compensation policies include, but are not limited to: a. the ratio and balance between the fixed (basic salary and any routine employment allowances that are predetermined and not linked to performance) and variable components of compensation; b. the nature of the duties and functions performed by the relevant Staff and their seniority within the Bank;

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 21 | P a g e c. the assessment criteria against which performance-based components of compensation are to be awarded; and d. the integrity and objectivity of the process of performance assessment against the set criteria. 4. The payment of the annual fixed amount to the Members of the Board should include a part relating to their service on the Board and another on the Board committees, with greater weighting applied to chairing committees. The payment may also include the value of other non-monetary benefits, e.g. insurance and healthcare. The contract signed by each Member of the Board must determine all the details of his/her compensation. 5. Negative financial performance or net loss reported by a Bank in a financial year should generally lead to a contraction of the Board’s total compensation. The Central Bank may impose additional reductions to the Board’s total compensation where the negative financial performance was due to non-compliance with Regulations, omission or error by the Board. In addition, a net loss reported by a Bank in a financial year is expected to lead to a contraction of the Staff bonus pool. 6. Staff in the Control Functions of risk management, compliance and internal audit and in the case of Banks offering Islamic financial services, Shari`ah compliance and audit, must be compensated in a way that makes their incentives independent of the lines of business whose risk taking they monitor and control. Instead, their performance measures and performance incentives must be based on achievement of their own objectives so as not to compromise their independence. This also applies to the compliance function staff embedded in independent support or control units. 7. If Staff in the Control Functions receives variable compensation, their total compensation must be made up of a higher proportion of fixed relative to variable compensation. 8. Banks must identify, both on a solo basis and at the Group level, the Staff who has the potential to take or commit the Bank to significant risk, including reputational and other forms, and consider the extent to which the structure of their compensation is effectively risk aligned (Material Risk Takers). The identification must be performed by means of an annual self-assessment and based primarily on control and influence over risk; i.e. Staff who receive incentive compensation and have an ability, either alone or as a member of a group, to take or influence risk that is significant to the Bank. These may include but not limited to: a. Senior Management and key Staff (including but not limited to the Chief Executive Officer and other members of Senior Management who are responsible for oversight of the Bank’s key business lines and, if applicable, the Control Functions);

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 22 | P a g e b. Staff whose duties involve the assumption of risk or the taking on of exposures on behalf of the Bank (including but not limited to proprietary traders, dealers, and loan officers); c. Staff who engage in the design, sales and management of either securities or derivative products; d. Staff who are incentivized to meet certain quotas or targets by payment of variable remuneration (including but not limited to those in marketing, sales and distribution functions); e. Staff in the Control Functions, if applicable. 9. For Senior Management and Material Risk Takers: a. a proportion of compensation must be variable and paid on the basis of individual, business-unit and Bank-wide measures that adequately measure performance; b. a substantial portion of the variable compensation must be payable under deferral arrangements over at least three (3) years. These proportions should increase significantly along with the level of seniority and/or responsibility. For Senior Management and the most highly paid staff, the percentage of variable compensation that is deferred should be substantially higher; c. a portion of variable compensation may be awarded in shares or equivalent ownership interests or share-linked or equivalent non-cash instruments in the case of non-listed Banks, as long as these instruments create incentives aligned with long-term value creation and the time horizons of risk. Awards in shares or share-linked instruments should be subject to an appropriate share retention policy; and d. The remaining portion of the deferred compensation can be paid as cash compensation vesting gradually. In the event of negative contributions of the Bank and/or the relevant line of business in any year during the vesting period, any unvested portions should be clawed back, subject to the realised performance of the Bank and the business line. 10. Contractual payments related to a termination of employment should be examined to ensure there is a clear basis for concluding that they are aligned with long-term value creation and prudent risk-taking; prospectively, any such payments should be related to performance achieved over time and designed in a way that does not reward failure. 11. Banks are encouraged to follow the guidance provided by the Financial Stability Board in its issued Principles and Standards on Sound Compensation Practices as updated from time to time.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 23 | P a g e 13. DISCLOSURE AND TRANSPARENCY

1. Disclosure in the annual corporate governance statement must include, but not be limited to: a. Material information on the Bank’s objectives, organizational and governance structures and policies; b. Major share ownership and voting rights; c. Related Party Transactions; d. The recruitment approach for the selection of Members of the Board and for ensuring an appropriate diversity of skills, backgrounds and viewpoints; e. Education and experience of Members of the Board and key members of Senior Management; f. Type and composition of Board committees and the number of times they met; g. Incentive and compensation policy including the decision-making process used to determine the Bank-wide compensation policy, the most important design characteristics of the compensation system and aggregate quantitative information on compensation; h. The individual compensation of the Members of the Board and key members of Senior Management; i. Information on the policy and actual figures of female candidates’ consideration and representation on the Board; j. Key points concerning its risk exposures and risk management strategies without breaching necessary confidentiality; k. Information on the purpose, strategies, structures, and related risks and controls of material and complex or non-transparent activities; l. Forward looking statements and foreseeable risk factors; and m. In the case of Banks offering Islamic financial services, Annual Shariah Reports on the compliance with Shariah rules and the resolutions of the Higher Shari`ah Authority, or any other disclosures required by the Bank or the Higher Sharia Authority.
2. Where useful, Banks may make reference to the information contained in the Financial Statements’ Notes.

CORPORATE GOVERNANCE STANDARDS FOR BANKS 83/2019 24 | P a g e 3. Qualitative and quantitative disclosure requirements on remuneration to be published annually in a Bank’s Pillar 3 report must include the following information for Senior Management and Material Risk-Takers: a. Description of the main elements of their remuneration system and how the system has been developed; b. Fixed and Variable remuneration awarded during the financial year; c. Special Payments: Guaranteed bonuses, sign-on awards and severance payments; and d. Deferred remuneration. 4. Boards should approve and publicly disclose a statement providing assurance that the corporate governance arrangements of their Banks are adequate and efficient.