DBFIA Practice Direction No. 6 (Apr 2015) Corporate Governance

DOMESTIC BANKS AND FINANCIAL INSTITUTUONS ACT, 2012 PRACTICE DIRECTION NO. 6 CORPORATE GOVERNANCE April 2015

Corporate Governance Practice Direction i TABLE OF CONTENTS Page #

1. Introduction 1
2. Applicability 1
3. Purpose of Corporate Governance Practice Direction 1
4. The CBB’s Role in Corporate Governance 3
5. Sound Corporate Governance Principles 4
6. Board Practices 5 6.1 Board’s Overall Responsibilities 5 6.2 Board Qualifications 7 6.3 Corporate Values and Code of Conduct 8 6.4 Conflict of Interest 9 6.5 Board Meetings 10 6.6 Succession Planning 12
7. Compensation 12
8. Senior Management 13
9. The Nature and Operations of Board Committees 14
10. Risk Management and Internal Controls 15 10.1 Risk Management 15 10.2 Internal Controls 16
11. Annual Review 17
12. Governance and Conglomerates/Corporate Groups 18
13. Disclosure and Transparency 19
14. Annual Certification 20
15. Appendix 1 21

Corporate Governance Practice Direction 1

1. Introduction 1.1. The Central Bank of Belize (CBB) is responsible for the licensing, regulation and supervision of banks and financial institutions operating in and from within Belize, pursuant to the CBB Act (CBA) and the Domestic Banks and Financial Institutions Act, 2012 (DBFIA). 1.2. This Practice Direction is made in exercise of the authority conferred on the CBB by Section 9 of the DBFIA and shall come into effect 1 April 2015.
2. Applicability 2.1. This Practice Direction is applicable to all banks and financial institutions (and the groups to which they belong) which carry on activities in Belize and are supervised by the CBB.
3. Purpose of Corporate Governance Practice Direction1 3.1. The long-term success of any institution is dependent on several factors, including a sound business strategy, quality assets, a market for its products and services, access to capital and a sound system of internal controls and risk management. Central to all these factors is a robust corporate governance framework, which is a major determinant in the maximization and maintenance of the value of the institution’s shares and allows for efficient and effective regulation. 3.2. The Basel Committee on Banking Supervision identifies effective corporate governance practices as essential to achieving and maintaining public trust and confidence in the financial system, which are critical to the proper functioning of the banking sector and economy as a whole. The retention of public confidence through the enthronement of good corporate governance remains of utmost importance given the role of the industry in the mobilization of funds, the macroeconomic implications such as contagion risk and the impact on the payment and settlement systems. 3.3. Corporate governance refers to the processes, structures and information used for directing and overseeing the management of an organization. In general, 1 In developing this Practice Direction the CBB has considered relevant legislation, the Basel Committee’s “Principles for Effective Corporate Governance”, as well as international best practices.

Corporate Governance Practice Direction 2 corporate governance involves the relationships between an organization’s management, its Board, its shareholders and all other stakeholders, including its clients and employees. Corporate governance also provides the structure through which the objectives of the licensee are set, and the means of attaining those objectives and monitoring performance is determined. Good corporate governance should provide proper incentives for the Board and management to pursue objectives that are in the interests of the licensee and its shareholders and should facilitate effective monitoring. 3.4. In addition to their responsibilities to shareholders, licensees also have a responsibility to their depositors and to other recognized stakeholders. Poor corporate governance can lead to reduced or diminished markets and confidence in the ability of a licensee to properly manage its assets and liabilities, including deposits, which could in turn trigger a bank run or liquidity crisis. 3.5. This Corporate Governance Practice Direction serves as the comprehensive overarching expectations of the CBB regarding the corporate governance framework to be established within banks and financial institutions. It is meant to provide direction and basic principles from which a corporate governance process can be developed and implemented, based on the unique character of each licensee. Failure to adhere to the basic principles set out in this Practice Direction may call into question whether the licensee continues to satisfy the criteria necessary for the continuation of the members of the Board and senior management. 3.6. Licensees that are part of large international financial groups may be able to take advantage of the availability of group-structured governance processes that are generally in keeping with the basic principles articulated in this Practice Direction. If the Board of a licensee chooses to put in place alternative measures, it must demonstrate to the CBB that such alternative measures have at least an equivalent effect on ensuring sound corporate governance. 3.7. The CBB recognizes that there may be differences in the approaches adopted by licensees. It is expected that licensees design a governance framework that takes into account the following: a. Nature and scale of the business; b. Complexity, volume and size of transactions; and c. Degree of risk associated with each area of operation.

Corporate Governance Practice Direction 3 3.8. While this Practice Direction covers a variety of governance related issues, the board of directors of banks and financial institutions are ultimately responsible for ensuring that appropriate governance systems and practices are in place should there be additional areas arising out of particular circumstances that merit coverage. 3.9. This Practice Direction will be reviewed periodically and amended as deemed necessary to ensure continued relevance and consistency with local statutes and international best practice standards. 4. The CBB’s Role in Corporate Governance 4.1. The key role of the CBB is to promote strong corporate governance within its licensed institutions. This is achieved through the articulation of minimum expectations (via this Practice Direction) and by reviewing and evaluating a licensee’s corporate governance policies and their implementation and effectiveness through ongoing off-site monitoring and periodic on-site examinations. The CBB will pay particular attention to transactions between shareholders, directors or their related parties and the licensee to ensure that such transactions are conducted on an arm’s length basis and that conflicts of interest have been disclosed. The CBB will also review and evaluate: a. The organizational structures of licensees that include appropriate checks and balances, inclusive of clear allocation of responsibilities, accountability and transparency; b. The expertise and integrity of proposed and existing directors and management (fit and proper criteria2 ) which includes, but is not limited to, the contribution of each individual’s skills and expertise to the safe, sound and efficient operation of the licensee; c. Whether there exist effective mechanisms through which the Board and senior management execute their oversight responsibilities. This includes assessing the quality of Board deliberations and reports, internal and external audit, risk management and compliance functions; and d. The external auditors’ reports. 2 The criteria for a fit and proper person are defined under Section 5 of the DBFIA.

Corporate Governance Practice Direction 4 e. The licensee’s Board and management must therefore remain cognizant of the regulatory framework and environment in which it operates by: i. Remaining aware of statutory and prudential requirements, including Regulations and Practice Directions issued under the DBFIA; ii. Remaining fully abreast of the findings of on-site examinations, as well as other material issues raised by the CBB through its ongoing regulation and supervision. Where necessary, Board and management should obtain further clarification on noted deficiencies; iii. Ensuring that there is appropriate and timely rectification of noted deficiencies and recommendations made by the CBB and that appropriate remedial actions are taken in a timely manner; and iv. Maintaining frank and open dialogue with the CBB, accurately disclosing information pertinent to the oversight of the institution. 5. Sound Corporate Governance Principles 5.1. The fundamental objectives of corporate governance in banks and financial institutions are to ensure effective and proper strategic guidance of the entity, to establish a balance of power between the institutions’ governing and controlling bodies and to ensure that the organization is operating in a safe and sound manner. It therefore focuses on the quality of oversight and direction provided primarily by the shareholders, Board and management – and the relationship among these groups. Key elements of sound corporate governance involve: a. Establishing well articulated objectives and corporate values; b. Setting and enforcing clear assignment of responsibilities, decision￾making authority and accountabilities that are appropriate for the entity’s risk profile; c. Placing constraints on management’s power and ownership concentration while simultaneously providing incentives to Board, management and employees to act in the best interest of the licensee, its depositors and shareholders; d. Establishing strong risk management and internal control systems;

Corporate Governance Practice Direction 5 e. Ensuring transparency and appropriate information flows internally, as well as to the regulator and the public. 5.2. By outlining its expectations via the issuance of this Practice Direction, the CBB is promoting a culture of strong corporate governance within its licensed institutions. In addition, the CBB encourages licensees to adhere to international standards of corporate governance including the Basel Committee on Banking Supervision Principles for Enhancing Corporate Governance, the OECD Principles of Corporate Governance and other international standards, where applicable. 6. Board Practices 6.1. Board’s Overall Responsibilities 6.1.1 The Board has ultimate responsibility for the licensee’s business, risk strategy and financial soundness, as well as for its quality of governance. The Board may delegate authority to Board committees but subject to Board oversight and ratification of key decisions that materially impact the institution’s operations. Accordingly, the Board should: a. Appoint a chief executive officer with integrity, technical and managerial competence, and appropriate experience; b. Oversee and participate in the selection of other competent Senior Executives to assume the day-to-day management of the organization; c. Monitor financial performance; d. Understand the risks to which the licensee is exposed and establish a documented risk appetite3 ; e. Oversee a competent, robust and independent risk and control function to include risk management, internal controls, compliance and internal audit; f. Approve and monitor the overall business strategy of the licensee, taking into account the licensee’s long-term financial interests, its exposure to risk and its ability to manage risk effectively; 3 “Risk appetite” reflects the level of aggregate risk the licensee’s Board is willing to assume and manage pursuant to the licensee’s business strategy. This may include both qualitative and quantitative elements and encompasses a range of measures.

Corporate Governance Practice Direction 6 g. Approve the licensee’s policies for major activities, such as loans, liquidity and investments; h. Oversee comprehensive anti-money laundering and counter terrorism financing policies and procedures as well as other key risk management policies such as credit, operational, market, asset liability management and investment policies as appropriate and ensure ongoing monitoring and review of these policies. i. Approve outsourcing arrangements, inclusive of intra group, and ensure that written service level agreements outlining the responsibilities of the respective parties, etc. are completed before the arrangement begins; j. Approve and oversee the implementation of the licensee’s corporate governance framework, principles and corporate values, including a code of conduct; k. Ensure that clearly defined and acceptable lines of responsibility and hierarchy are established in order that officers are held accountable for duties and responsibilities attached to their respective offices; l. Conduct periodic reviews of all policies and procedures governing the operations of the licensee. These reviews must be done at least every three years. m. Communicate with the CBB and request meetings as required; n. Be informed of and review examination reports of the CBB, and ensure that corrective actions are implemented and used as one of the inputs in assessing the effectiveness of senior management; and o. Conduct periodic assessments of the collective Board and individual members’ performance and make improvements where necessary. This includes assessing the effectiveness of the implementation of their governance/controls framework and ensuring that objectives and responsibilities are being met; p. Detail the requirements for a quorum and committee practices; and q. Develop and regularly update a management succession plan.

Corporate Governance Practice Direction 7 6.1.2 In discharging these responsibilities, the Board should take into account the legitimate interest of shareholders, depositors and other relevant stakeholders. It should also ensure that the licensee maintains an effective relationship with the CBB. 6.1.3 Board members should engage actively in the major matters of the licensee and keep up with material changes in the licensee’s business and the external environment, as well as act to protect the interests of the licensee. 6.1.4 The Board should ensure that management develops, implements and oversees the effectiveness of comprehensive know-your-customer standards, including appropriate policies and procedures that address customer acceptance and identification, as well as ongoing monitoring of accounts and transactions, in keeping with the requirements of relevant laws, regulations and practice directions. 6.1.5 The Board should ensure that all transactions with related parties (including internal group transactions) are reviewed to assess risk and are subject to appropriate terms and conditions, including pricing, and that corporate or business resources of the licensee are not misappropriated or misapplied. 6.2 Board Qualifications 6.2.1 The Board collectively should have adequate knowledge and experience relevant to all activities that the licensee intends to pursue in order to enable effective governance and oversight and exercise sound and objective judgment regarding the affairs of the institution. The Board as well as individual board members should possess competencies and personal qualities, including professionalism and personal integrity standards, which should be held on an ongoing basis. Additionally, the Board should also have a reasonable understanding of local and, if appropriate, global economic and market forces and of the legal and regulatory environment. This also applies to a Board member in his or her capacity as a member of the full Board and as a member of any Board committee. 6.2.2 In order to help Board members acquire, maintain and deepen their knowledge and skills and to fulfill their responsibilities, the Board should ensure that Board members have access to programmes tailored to the licensee’s line of business and ongoing education on relevant issues. Consequently, the Board should ensure ongoing training of individual board members. The Board should dedicate sufficient time, budget and other resources for this purpose.

Corporate Governance Practice Direction 8 6.2.3 A licensee should have at least five directors, the majority of whom shall not be employees of the licensee. To enhance independence, the non-executive members of the Board should be qualified and capable of exercising sound objective judgment. 6.2.4 The Board should ensure that the licensee’s organizational structure facilitates effective decision making and good governance. This should include ensuring that lines of responsibility and accountability, which clearly define the key responsibilities and authority of the Board itself, are established and enforced throughout the organization. 6.2.5 In identifying potential Board members, the Board should ensure that the candidates are qualified to serve as Board members and are able to commit the necessary time and effort to fulfill their responsibilities. Serving as a Board member or senior manager of an institution that competes or does a significant volume of business with the licensee can compromise Board independent judgment and potentially create conflicts of interest, as can cross-membership of Boards. 6.2.6 The Board should periodically reconstitute itself and its committees, if any, by selecting new directors to replace long-standing members or those whose contribution to the organization or the committees is not adequate. In this regard, licensees should have in place a formal and transparent procedure for the appointment of new directors. The Board should also consider putting a program in place for staggering the terms of directors (unless specified in the articles or By-laws), subject to performance and eligibility for re-election. The licensee is required to notify the CBB of any changes to its Directors and Senior Management within fourteen days of the change. 6.3 Corporate Values and Code of Conduct 6.3.1 A demonstrated corporate culture that supports and provides appropriate norms and incentives for professional and responsible behavior is an essential foundation of good governance. In this regard, the Board should take the lead in establishing the “tone at the top” and in setting professional standards and corporate values that promote integrity for itself, senior management and other employees. 6.3.2 A licensee’s code of conduct should articulate acceptable and unacceptable behavior. It is especially important that such a policy disallows behavior that could result in the licensee engaging in any improper or illegal

Corporate Governance Practice Direction 9 activity, such as financial misreporting, money laundering, insider trading, fraud, bribery or corruption and the provision of false or misleading information on prudential and other reports to the regulator. It should also discourage the taking of excessive risks as defined by internal policy. The code of conduct should be supported by an aligning risk-based compensation policy that would not promote excessive risk-taking or inappropriate focus on short-term gains at the expense of long-term viability. 6.3.3 The licensee’s corporate values should recognize the critical importance of timely and frank discussion and elevation of problems to higher levels within the organization. In this regard, employees should be encouraged and be able to communicate, with protection from reprisal, legitimate concerns about illegal, unethical or questionable practices. Because such practices can have a detrimental impact on a licensee’s reputation, it is highly beneficial for licensees to establish a policy setting forth adequate procedures for employees to confidentially communicate material and bona fide concerns or observations of any violations. The Board should be able to receive information – communicated directly or indirectly (e.g. through an independent audit or compliance process) – independent of the internal “chain of command.” The Board should determine how and by whom legitimate concerns shall be investigated and addressed, for example by an internal control function, an objective external party, senior management and/or the Board itself. 6.3.4 The Board should ensure that appropriate steps are taken to communicate throughout the licensee the corporate values, professional standards or codes of conduct it sets, together with supporting policies and procedures, such as the means to confidentially report concerns or violations to an appropriate body. 6.4 Conflict of Interest 6.4.1 Conflicts of interest may arise as a result of the various activities and roles of the licensee, or between the interests of the licensee or its customers and those of the licensee’s Board members or senior managers (e.g. where the licensee enters into a business relationship with an entity in which one of the licensee’s Board members has a financial interest). The Board should ensure that policies to identify potential conflicts of interest are developed and implemented and, if these conflicts cannot be prevented, are appropriately managed (based on the permissibility of relationships or transactions under sound corporate policies consistent with legal and supervisory standards).

Corporate Governance Practice Direction 10 6.4.2 The Board should have a formal written conflict of interest policy and an objective compliance process for implementing the policy. The policy should also include: a. a Board member’s duty to avoid to the extent possible activities that could create conflicts of interest or the appearance of conflicts of interest; b. a review or approval process for members to follow before they engage in certain activities (such as serving on another Board) so as to ensure that such activity will not create a conflict of interest; c. a member’s duty to disclose any matter that may result, or has already resulted, in a conflict of interest; d. a member’s responsibility to abstain from voting on any matter where the member may have a conflict of interest or where the member’s objectivity or ability to properly fulfil duties to the licensee may be otherwise compromised; e. adequate procedures for transactions with related parties to be made on an arms-length basis; f. the way in which the Board will deal with any non-compliance with the policy; and g. examples of where conflicts of interest can arise when serving as a Board member. 6.4.3. A director or officer of a licensee shall not act as a director or officer of another licensee except with the permission of the CBB. Permission is not required for acting as director or officer of more than one financial entity within a financial group. 6.5 Board Meetings 6.5.1 Board meetings serve as the key fora where executives and directors share information on the performance, plans and policies of the licensee. The Boards of licensed institutions should meet with such frequency as reflects the complexity and volume of activity and the condition of the licensee. However, Board meetings should be held at least quarterly.

Corporate Governance Practice Direction 11 6.5.2 Board meetings should review: a. The licensee’s capital adequacy; b. Statements showing the licensee’s financial condition and earnings; c. The investment portfolio; d. Loan activity, including adversely classified loans, written-off or recovered loans and loans to related parties; e. Assets under management portfolio; f. Risk management reports; g. Reports covering the key oversight functions of internal control and compliance; h. Compliance with regulatory standards and laws; i. Audit and examination reports; and j. Any other matters of material impact to the licensee, including liquidity, market and operational risk, litigation, fraud, etc. 6.5.3 The chairperson of the Board shall ensure that clear and complete minutes of the Board meetings are maintained. Minutes should record attendees, include material facts presented on matters discussed, sources and essence of external advice given to the Board, and be in enough detail to support decisions taken. These requirements apply whether the meeting is held face to face or by teleconference. 6.5.4 Agendas of upcoming meetings, Board minutes and papers should be forwarded to members in sufficient time to allow documents to be reviewed before meetings. 6.5.5 The Chairman of the Board should: a. Maintain control of proceedings without dominating discussions; b. Stimulate debate by drawing out the contributions of all members;

Corporate Governance Practice Direction 12 c. Guide discussions while ensuring that genuine disagreements are aired and resolved; and d. Ensure that decisions reached are properly understood and recorded. 6.6 Succession Planning 6.6.1 Succession planning refers to the nomination, orientation and training of new directors and persons identified as possible successors to senior management and for other critical functions. The Board should have a process for identifying, nominating and retaining qualified directors and senior management. 6.6.2 The Board should consider instituting a formal program for new directors and persons identified as possible successors to senior management and for other crucial functions. This program should cover: a. Key characteristics and nature of the industry; b. The financial regulatory system; c. The institution’s strategic plans, operations and management structure; d. The control structure, including the role of the internal and external auditors; e. Fiduciary duties and responsibilities of directors; 6.6.3 Persons identified in the succession plan should undergo continuous training to ensure that they are updated on new laws, industry developments, emerging trends, products, risks and opportunities;

7. Compensation 7.1 The Board of Directors should exercise good stewardship of a licensee’s compensation practices and ensure that compensation works in harmony with other practices. 7.2 A licensee shall therefore establish a well written compensation policy in compliance with the scope and structure of its activities as well as its strategies, long-term targets and risk management structures which will prevent undertaking extreme risks and promote effective contributions to risk management. The Board of Directors shall review the compensation policy at least once a year to ensure its effectiveness.

Corporate Governance Practice Direction 13 7.3 The compensation policy should require that licensees have a board remuneration committee as an integral part of their governance structure and organization to oversee the compensation system’s design and operation on behalf of the board of directors. The remuneration committee should: a. be constituted in a way that enables it to exercise competent and independent judgment on compensation policies and practices and the incentives created for managing risk, capital and liquidity. In addition, it should carefully evaluate practices by which compensation is paid for potential future revenues whose timing and likelihood remain uncertain. In so doing, it should demonstrate that its decisions are consistent with an assessment of the firm’s financial condition and future prospects; b. work closely with the licensee’s risk committee in the evaluation of the incentives created by the compensation system; c. ensure that the firm’s compensation policy is in compliance with the Financial Stability Board (FSB) Principles (April 2009) and Implementation Standards (September 2009); d. ensure that a compensation review, if appropriate externally commissioned, is conducted independently of management at least every three years and submitted to the CBB or disclosed publicly. Such a review should assess compliance with the FSB Principles and standards. 7.4 Remuneration for employees in the risk and compliance functional areas should be determined independently of other business areas and be adequate to attract qualified and experienced staff, and performance measures should be based principally on the achievement of the objectives of their functions. 7.5 The board remuneration committee should ensure that variable compensation packages does not limit financial institutions’ ability to strengthen their capital base and that pay structures are aligned to risk appetite and risk profile. 8. Senior Management 8.1 The licensee’s senior management is responsible for the day-to-day operations of the business, serving as a link between the Board and staff. Senior management is responsible for: a. Implementing the licensee strategic plan;

Corporate Governance Practice Direction 14 b. Ensuring that the bank or financial institution’s activities are consistent with the business strategy, risk tolerance and risk appetite set and/or approved by the board; c. Implementing key risk management policies to address risks such as credit, market, operational, anti-money laundering/counter terrorism financing; d. Implementing asset liability management policies to guide the operations of the bank; e. Keeping directors adequately informed about the performance of the licensee through financial and management reports and the reports prepared by internal auditors, external auditors and the compliance officer; f. Advising the Board on the appropriate organizational structure, and ensuring that the quantity and quality of staff resources are available to carry out all tasks, including internal audit and compliance; g. Implementing and maintaining risk management systems appropriate to the scale, nature and complexity of the institution; h. Delineating and documenting the areas of responsibility for each staff member. Reporting lines must be clear and appropriate in the context of the scale, nature and complexity of the licensee; i. Communicating the licensee’s strategic direction, reporting lines and risk tolerances throughout the organization; and j. Overseeing management information systems to enable timely and accurate dissemination of information to the Board and regulators to promote accountability and transparency. 9. The Nature and Operations of Board Committees 9.1 The functions of the Board may, depending on the size and complexity of the institution, be discharged directly or indirectly through Board committees. Board Committees are established to undertake specific functions and make recommendations to the Board. Such specialized committees may assist the Board in its oversight function while economizing on the limited resources available to monitor specific areas of the institution’s activities.

Corporate Governance Practice Direction 15 9.2 The Board must determine the type of committee structure that would adequately meet the needs and establish the responsibility, authority and accountability requirements of the committees. 9.3 The charter or mandate of each committee should include the size of the committee, qualifications for membership, any restrictions on the number of executive directors, the frequency of meetings, the requirements for a quorum and committee practices. 9.4 The licensee must establish an Audit Committee which should comprise a minimum of three directors, one of whom must be a financial expert. 4 In addition, the majority of the members of the Audit Committee should be independent and not a related party. Furthermore, the Chairman of the Audit Committee should be independent. 10. Risk Management and Internal Controls The sophistication of the licensee’s risk management and internal control infrastructures, particularly including a sufficiently robust information technology infrastructure, should keep pace with developments such as balance sheet and revenue growth, increasing complexity of the licensee’s business or operating structure, geographic expansion, mergers and acquisitions, or the introduction of new products or business lines. Strategic business planning, and periodic review of such plans, should take into account the extent to which such developments have occurred and the likelihood that they will continue going forward. 10.1 Risk Management a. Licensees’ risk management processes must be aligned and kept abreast with their risk appetites and risk profiles as well as their external risk landscapes; b. The risk management function should identify, measure, monitor, control or mitigate and report risk exposures; c. The assessment and monitoring of risks should occur at varying levels including at the legal entity (licensee level), at the business lines level and at the consolidated group level; d. Licensees should develop a culture where senior management and staff are expected and encouraged to identify risk issues as opposed to relying on 4 A ‘financial expert’ is defined in Section 45(8)(a) of the DBFIA

Corporate Governance Practice Direction 16 the internal audit or risk management functions to identify them. This expectation is conveyed not only through licensee policies and procedures, but also through the “tone at the top” established by the Board and senior management; e. The licensee’s risk exposures and strategy should be communicated throughout the licensee with sufficient frequency. Effective communication, both horizontally across the organisation and vertically up the management chain, facilitates effective decision-making that fosters safe and sound banking and helps prevent decisions that may result in amplifying risk exposures; f. Licensees should have an effective internal controls system and a risk management function (including a chief risk officer or equivalent) with sufficient authority, stature, independence, resources and access to the Board; g. Licensees should have an independent senior executive, i.e. a chief risk officer, with distinct responsibility for the risk management function and the institution’s comprehensive risk management framework across the entire organization; h. If the chief risk officer is removed from his or her position for any reason, this should be done with the prior approval of the Board. The licensee should also discuss the reasons for such removal with the CBB; i. Although the risk management function has a key leadership and coordinating role on risks, the operational responsibility for making operational decisions on risks and managing risk rests with management and ultimately extends to other employees of the licensee. The licensee’s risk management framework should be clear and transparent regarding staff and organizational responsibilities for risk. 10.2 Internal Controls: a. The licensee should maintain sound control functions, including an effective compliance function that, among other things, routinely monitor compliance with laws, corporate governance rules, regulations, codes and policies to which the licensee is subject and ensure that deviations are reported to an appropriate level of management and, in case of material deviations, to the Board. b. The Board and senior management should recognize the importance of the effectiveness of the internal audit function to identify problems with a

Corporate Governance Practice Direction 17 licensee’s governance, risk management and internal control systems, and should enhance it by: i. encouraging internal auditors to adhere to national and international professional standards; ii. requiring that audit staff have skills that are commensurate with the business activities and risks of the licensee; iii. promoting the independence of the internal auditor by ensuring that internal audit reports are provided to the Board and the internal auditor has direct access to the Board or the Board's audit committee; iv. recognising the importance of the audit and internal control processes and communicating their importance throughout the licensee; v. requiring the timely and effective correction of identified internal audit issues by senior management; and vi. engaging internal auditors to judge the effectiveness of the risk management function and the compliance function, including the quality of risk reporting to the Board and senior management, as well as the effectiveness of other key control functions. 11. Annual Review 11.1 At least annually, the Board, utilizing the advice of management, should assess and document whether the corporate governance process that it has implemented successfully achieves its objectives and, consequently, whether the Board itself is fulfilling its own responsibilities. The Board should also regularly assess the effectiveness of its overall governance process and make changes, as necessary. 11.2 In addition, the Board should also determine that the licensee’s capital level is adequate for the nature and level of risks assumed throughout the entire organization. In this regard, the Board and management should consider and plan for the licensee’s current and prospective capital adequacy, through evaluation of projected capital needs and profitability, implementation of an appropriate earnings retention policy, and recognition of external sources of additional capital. In its review, the Board should determine that: a. the licensee’s overall risk profile is sound and prudent and that risk is properly managed;

Corporate Governance Practice Direction 18 b. new (or significant changes to) policies and procedures are appropriately reviewed and approved; c. the licensee’s internal controls provide reasonable assurance of the integrity and reliability of its records; safeguard, verify and maintain accountability for its assets; and, properly recognize its liabilities, both on and off-balance sheet; d. the internal controls are based on established policies and procedures and are implemented by trained, skilled personnel whose duties have been segregated appropriately; e. adherence to the established internal controls is continuously monitored; f. the management information systems and accounting records are complete, accurate and timely; g. issues of concern are identified and addressed and corrective action taken in a timely manner; h. all management and staff are required to maintain high corporate values and ethical standards, pursuant to the licensee’s established code of conduct; and i. independent non-executive directors (INEDs) have met the requirements for independence as set out in Section 45(8)(c) of the DBFIA. 12. Governance of Conglomerates/Corporate Groups 12.1 The Board and senior management of a licensee that is a part of a group should understand the structure and the organization of the group, i.e. the aims of its different units/entities and the formal and informal links and relationships among the entities and with the parent company. This includes understanding the legal and operational risks and constraints of the various types of intra-group exposures and transactions and how they affect the group’s funding, capital and risk profile under normal and adverse circumstances. Sound and effective measures and systems should be in place to facilitate the generation and exchange of information among and about the various entities, to manage the risks of the group as a whole, and for the effective supervision of the group. In this regard, senior management should inform the Board about the group’s organizational and operational structure and the key drivers of the group’s revenues and risks. The Board and senior management should know and understand the licensee’s

Corporate Governance Practice Direction 19 operational structure and the risks that it poses (i.e. “know-your-structure”). It is the responsibility of the board and senior management to periodically review the organizational structure to ensure that it does not involve undue or inappropriate complexity which could also impede supervision. 12.2 The Board of the parent company of a licensee within a financial group must be informed of all material risks and matters that affect the entire group. The Board of the parent company should establish reporting structures for the subsidiaries to ensure that there is adequate oversight of the activities of the subsidiary. 12.3 The Board of the parent company should closely monitor the performance, composition and activities of the Boards of subsidiaries, especially where: a. The activities of a subsidiary differ significantly or are independent from the core business of the parent; b. Special expertise is required to provide oversight of the subsidiary’s activities; c. There is the potential for conflicts of interest between the various stakeholders of the parent and the subsidiary; or d. Some of the activities conducted within the group may give rise to material legal and reputational risks for the licensee. 13. Disclosure and Transparency 13.1 The governance of the licensee should be adequately transparent to its shareholders, depositors, other relevant stakeholders and market participants, in order to provide key information that will enable assessment of the effectiveness of the Board and senior management in governing the licensee. It is the responsibility of the board and senior management to understand the purpose of any structure that could impede transparency, be aware of the risks associated with complex structures and seek to mitigate the risks identified. 13.2 The licensee should disclose relevant and useful information that supports the key areas of corporate governance. Depending on the nature, scale, complexity, risk profile and economic significance of the institution, disclosure should include, but not be limited to, material information on the licensee’s objectives, organizational and governance structures, risk management practices

Corporate Governance Practice Direction 20 and policies, capital adequacy, component and structure, the licensees main activities and all significant risks, supported by relevant underlying data and information, and significant changes in risk exposures between reporting periods. Disclosure should be accurate, comprehensive, consistent and clear and presented in such a way that shareholders, depositors, other relevant stakeholders and market participants can consult it easily and find it meaningful. 13.3 There is no intention to impose a single standard disclosure obligation or to require a licensee to disclose any proprietary information that might put it at competitive disadvantage. 14. Annual Certification 14.1 Annually, within 120 days of the end of each calendar year, the Board will be required to provide a certification5 to the CBB as to the licensee’s compliance or otherwise with the contents of this Practice Direction. Additionally, the certification should also state that, using the advice and assistance of management, the Board has independently assessed and documented whether the licensee’s corporate governance process is effective and whether it has successfully achieved its objectives. The Board must report any material deficiencies and problems that are identified within the licensee, along with action plans and timetables for their correction. 5 An example of an Annual Certification that might be considered is provided in Appendix 1.

Corporate Governance Practice Direction 21 Appendix 1 [Name of Institution] Board of Directors’ Annual Certification To the Central Bank of Belize The objective of this Corporate Governance Practice Direction is to reassert the role of the Board of Directors. The rationale behind the type of certification described below is to reinforce accountability at the Board level, but to leave the certification sufficiently non￾prescriptive so that the Board and senior management are approaching the certification from a high-level analytic viewpoint versus a mechanistic approach that may not cover all aspects of corporate governance. The written certification, required annually, within 120 days of the end of each calendar year, shall contain the following:

1. A statement to the effect that the Board is familiar with the contents of the applicable Central Bank Practice Directions and acknowledges its role and responsibilities under those Practice Directions;
2. A list showing the names of all independent non-executive directors (INEDs) indicating whether the Board considers that each INED continues to meet the requirements for independence set out in Section 45 (8)(c) of the Domestic Banks and Financial Institutions Act, 2012 (DBFIA). Where, for any individual, there is a change in categorization from the previous year, a brief explanation for the change should be provided. In the instance where the INED has received or receives additional remuneration from the company apart from a director's fee, it should be disclosed along with the rationale;
3. A statement indicating whether the Board is performing its functions and fulfilling its responsibilities under this Practice Direction;
4. A statement indicating whether the Board has carefully considered the reporting of senior management and other information relevant to forming an opinion as to whether the organization is following this Corporate Governance Practice Direction;
5. A statement indicating whether the Board has implemented policies and procedures in compliance with this Corporate Governance Practice Direction;
6. Where the Board is of the opinion that the organization is not following the Corporate Governance Practice Direction or that the organization is following the Corporate Governance Practice Direction except for identified deficiencies, it should provide: a. an explanation of the reasons for the opinion that relate to deficiencies;

Corporate Governance Practice Direction 22 b. a statement confirming that an action plan to correct those deficiencies has been prepared and is being implemented; and c. a statement confirming that a copy of the action plan has been or will be submitted to the CBB; 7. A statement confirming that the Board is satisfied that the recovery strategies adopted in the licensee’s Business Continuity Plan (BCP) are still valid, and that the licensee’s BCP management team and/or an independent party have properly tested the BCP during the period; 8. A statement confirming that the Board has taken account of their obligations to comply with the Guidelines for Licensees on the Prevention of Money Laundering and Countering the Financing of Terrorism (AML/CFT Guidelines) and that any deficiencies in respect of these Guidelines have been noted and an action plan to remedy these deficiencies has been prepared and submitted to the CBB and indicating whether the necessary remedial action has been taken; 9. A statement indicating whether an internal audit has been completed and whether the issues identified have been implemented or corrected; 10. Licensees that have undergone an on-site examination should include a statement that an action plan to remedy the deficiencies stated in the licensee’s Report of Examination has been prepared and submitted to the CBB and that the agreed remedial action(s) has(have) been taken or are being implemented; 11. A statement confirming that the Board is satisfied that the licensee has appropriate policies, procedures, processes and controls in place to ensure that inherent business risks (including that of market, credit, liquidity, operational, reputation/know your customer/anti-money laundering legal, and human resources risks), where they exist, are effectively managed;