Guide to Rules and Best Practices for Bank Governance in Palestine 2017

Table of Contents

Governor's Message ............................................................................................ 5 General Requirements for Bank Governance.............................................................. 6 Objectives and Importance of Governance for the Banking Sector: .......................................................... 7 First: Key Definitions in the Guide..................................................................: 8 Second: Governance Principles.................................................................................: 11 Principle One: Duties of the Board of Directors. 11....................................................................... Principle Two: Composition and Qualifications of Board Members23................................................... Principle Three: Board Practices and Conflicts of Interest26..................................................... Principle Four: Board Committees: 29...................................................................... Principle Five: Senior Executive Management: 37.................................................................. Principle Six: Group Structure Governance42............................................................... Principle Seven: Risk Management Methodologies43.................................................................. Principle Eight: Risk Identification, Monitoring, and Control46........................................................... Principle Nine: Risk Communication (Communication Risk (47................................... Principle Ten: Compliance: 48................................................................................. Principle Eleven: Internal and External Audit52......................................................... Principle Twelve: Remuneration and Incentive Policy65...................................................... Principle Thirteen: Disclosure of Bank Governance69....................................................... Principle Fourteen: Governance Requirements for Islamic Banks71.................................................

Governor's Message

Bank governance is considered a tool of macroprudential policy and a factor that enhances the stability and integrity of the financial system. Governance contributes to building an environment based on trust, transparency, and accountability, thereby enabling banks to perform their core roles, particularly systemically important banks in the financial system.

Bank governance has recently gained significant importance, especially when the global financial crisis since mid-2007 devastated the economies of many developed and developing countries and caused the collapse of numerous banks due to factors linked to the ineffective application of rules and principles related to governance. This necessitated reforms commensurate with the risks threatening financial stability, including weak and poor governance.

In this context, the efforts made by the Basel Committee, in cooperation with other relevant parties, resulted in the issuance of new revised guidelines in 2015 titled "Principles for Enhancing Corporate Governance," updating the previous principles issued in 2010. The Committee also emphasized the necessity for all supervisory authorities and banks to adopt these principles to preserve the banking sector and the financial system.

Bank governance ranks among the top priorities of the Palestinian Monetary Authority's work as the supervisory authority over the banking sector, representing a crucial element of its continuous efforts to keep pace with international best practices and serving as the first step in implementing sound governance principles.

In this context, and within the framework of the Palestinian Monetary Authority's ongoing efforts to establish rules and best practices for bank governance and keep pace with related developments, it has reviewed and developed the Guide to Rules and Best Practices for Bank Governance in Palestine issued in 2013, based on the principles approved by the Basel Committee in 2015, which were also adopted by the Arab Monetary Fund, the Central Banks Governors' Council, and the Arab Banking Supervision Committee. This guide includes a set of important and purposeful principles aimed at enhancing the awareness of board members as the most responsible entity in bank management, organizing the relationship between them and executive management, shareholders, and other relevant parties, and strengthening the role of risk management and the three lines of defense. It also contributes to improving and developing bank performance and enhancing trust in the banking sector to support sustainable economic development.

The Palestinian Monetary Authority highly appreciates bank management's commitment to this guide, as it will have a significant impact on raising performance levels, strengthening financial and economic system stability, improving the investment climate, and providing a suitable environment to protect and guarantee the rights of all parties, including shareholders, investors, creditors, and depositors.

The Governor Azzam Al-Shawa

General Requirements for Bank Governance

1. Introduction:

The Basel Committee on Banking Supervision took on the task of formulating appropriate standards for bank governance based on the principles issued by the Organisation for Economic Co-operation and Development (OECD). Through these standards, the Committee sought to consider the specifics of banking operations, covering many considerations specific to banking work, such as depositor rights and internal audit standards in banks. It also paid considerable attention to risk management.

In this framework, the Basel Committee issued its first guidance note on bank governance principles in 1999, which was then amended in 2006 based on the corporate governance principles published in 2004 by the OECD. These aim to assist governments in their efforts to evaluate and improve corporate governance frameworks and provide guidance to market participants and regulators.

International regulatory bodies increased their conviction regarding the importance of corporate governance in general and banking in particular due to successive financial and economic crises, most notably the 2007 global financial crisis, which caused many banks to fail for several reasons, including fundamental governance-related issues that necessitated reforms commensurate with risks threatening financial stability, including weak and poor governance.

Several international papers containing revised standards and guidelines for governance were issued, the most important of which are the corporate governance standards issued by the OECD, adopted by the organization in July 2015, and the Basel Committee on Banking Supervision standards on bank governance issued in July 2015. These standards were revised versions of their predecessors to benefit from the experiences of many countries in implementation, in addition to achieving the following objectives:

a. Enhancing the supervisory role of the Board of Directors over executive management's work in applying effective risk management systems and expanding guidance in this regard. b. Emphasizing the importance of competence and qualifications of the Board of Directors as a whole, and the importance of each member fulfilling their obligations and responsibilities, in addition to keeping pace with banking developments. c. Strengthening guidelines on risk governance, including the importance of the role of business units, the risk management team, and the internal audit and control function (the three lines of defense) in risk management, in addition to emphasizing the importance of a strong risk culture and risk management practices within the bank.

The increasing focus on risk and strengthening the bank's governance framework has helped identify various responsibilities and roles related to what is known as the "three lines of defense" in managing and overseeing risks. Each of these lines plays an important role, with the first line (business units) being the front interface for identifying and managing risks in the activities and operations it conducts. The second line (risk management function) is responsible for identifying, measuring, monitoring, and reporting risks across the bank as a whole, independently of the first line, in addition to the compliance function, which is considered part of the second line. The internal audit function represents the third line of defense for the bank, providing assurances to the Board of Directors that the overall governance framework in the bank—including audits and risk-based audit processes, in addition to the governance risk framework—is effective, and that the bank's policies and procedures are consistently and appropriately applied.

2. Objectives and Importance of Governance for the Banking Sector:

• Objectives: a. Achieving transparency and disclosure. b. Protecting the rights of shareholders and depositors. c. Enhancing the role of risk management. d. Facilitating regulatory oversight of bank performance by defining internal control frameworks and forming specialized committees. e. Increasing the bank's market value and maximizing profitability. f. Enhancing trust with parties related to the bank. g. Reducing financial crisis risks for banks. h. Controlling corruption risks in banks. i. Maintaining financial and economic stability.

• Importance of Issuing a Guide to Rules and Best Practices for Bank Governance in Palestine: a. Enhancing banks' awareness of good governance and creating consensus on the importance of implementing it to achieve the desired benefits. b. Establishing a regulatory framework for bank governance as a complement to legal requirements stipulated in laws. c. Providing banks with guidance on how to best comply with international standards and best practices for bank management.

3. Scope of Application:

These principles apply to banks as follows: 3.1 Local Banks: In addition to these instructions applying to local banks, local banks that have majority-owned subsidiaries operating in the financial sector must develop a group-level governance policy that aligns with these principles for application across the entire group, or ensure that the governance policies of their subsidiaries comply with these rules. If a local bank has majority-owned subsidiaries licensed and operating outside Palestine, and/or a branch operating in another country, the bank must ensure that the governance policies of its subsidiaries or branches comply with these rules, provided they do not conflict with the legal and regulatory requirements of the host country. 3.2 Foreign Banks: Foreign banks must comply with the provisions of this guide and provide evidence that arrangements exist at the parent bank that align with the requirements of this guide, and that these arrangements include effective controls governing the activities permitted in Palestine. 3.3 Systemically Important Banks: Banks deemed systemically important must adopt advanced governance standards that reflect their systemic importance, particularly regarding risk culture, risk management, internal control, and compliance, in a manner consistent with the nature of the bank's activities and business model.

4. Structure and Contents of the Guide:

The guide is structured to include fourteen mandatory principles, each containing several provisions requiring implementation. All banks must comply with them; in case of non-compliance, the bank must provide justifications and explanations for non-compliance (Explain or Comply). The bank must also disclose in its annual report to shareholders the extent of compliance with governance standards and the reasons for any non-compliance.

5. Key Definitions in the Guide:

5.1 Governance: From the perspective of the Palestinian Monetary Authority, it is defined as "the set of relationships, rules, procedures, and principles that ensure the bank is managed prudently, achieving the interests of relevant parties in accordance with laws, instructions, and best practices in banking operations, thereby preserving and developing the bank." Some papers have addressed these standards, including but not limited to:

1. Financial Stability Board (2012): "Increasing the Intensity and Effectiveness of SIFI Supervision".
2. Financial Stability Board (2013): "Principles for An Effective Risk Appetite Framework", FSB Publications, Document no. 131118.

5.2 Senior Executive Management: The Chief Executive Officer (General Manager/Regional Manager) and their deputies, assistants, and heads of departments in the General/Regional Management, their deputies/assistants, and acting officials. 5.3 Key Officers: a. General/Regional Manager and their deputies and assistants. b. The first and second responsible persons for all departments and activities in the bank. c. Regional managers. d. The first and second responsible persons for any branch or their acting equivalents, regardless of title, excluding managers of branch offices. e. The first technical responsible person (Operations Manager) for any branch or their acting equivalent, regardless of title. f. The Shariah Supervisor in Islamic banks. 5.4 Independent Member: 5.4.1 A member of the bank's Board of Directors who is not subject to any influences that limit their ability to make objective decisions in the bank's best interest, and meets at minimum the following conditions: a. Their shareholding, or that of any of their relatives up to the second degree, does not exceed 2 per thousand (0.2%) of the bank's shares. b. They are not a member of a group of natural or legal persons exercising joint control over the bank. c. They have not worked or previously worked in an executive position at the bank or any of its subsidiaries during the previous three years. d. They do not receive any salary or financial amount from the bank except for compensation for board membership and/or dividends received as a shareholder. e. They do not work in an institution that provides advisory, professional, or other services, or supplies goods to the bank or any of its subsidiaries, or provide such services or supply such goods in a personal capacity. f. They are not related by blood up to the second degree to any other board members, or to any member of the boards of directors of the bank's subsidiaries or senior executive management. g. They do not have a direct or indirect interest in any institution that receives financing exceeding $100,000 from the bank. h. They do not hold an executive position in an institution where any of the bank's executive directors is a member of its board of directors. i. They do not work as an employee of the bank's external auditor, nor have a direct or indirect interest with this auditor or any of its affiliated institutions. j. In addition to the above independence conditions, the independent member should possess expertise and specialization in financial and banking matters. 5.4.2 The Palestinian Monetary Authority may consider any member non-independent according to its estimates, despite meeting all conditions stipulated in paragraph 5.4.1 above. 5.5 Non-Executive Board Member: A member of the bank's Board of Directors who is not a member of any committee performing executive functions in the bank. 5.6 Controlling Shareholder: A relationship where a person or group of persons meets any of the following: a. A person or group of persons acting together, sharing a common interest, or related by blood up to the second degree, directly or indirectly owns 20% or more of the company's shares or voting power. b. The ability to appoint the majority of the company's directors. c. Having direct or indirect ability to exercise effective influence on the company, its board of directors, key officers, or decisions made by them. 5.7 Conflict of Interest: A situation where a person is in a position where there is a suspicion of obtaining a direct or indirect special benefit or interest for themselves, or it affects their ability to perform their duties and responsibilities objectively and with integrity. 5.8 Risk Appetite Framework: The overall approach, including policies, processes, controls, and systems, through which the bank's willingness to take risk, risk limits, and the broad outlines of roles and responsibilities overseeing the execution and monitoring of the risk appetite statement are determined. The risk appetite statement must consider the bank's material risks as well as reputation risks, and align with the bank's strategic objectives. 5.9 Risk Appetite Statement: A written formulation of the overall level of risk types the bank accepts or avoids to achieve its objectives. This statement includes quantitative methods for profits and capital, risk and liquidity metrics, etc., as well as qualitative methods for addressing reputation risks, behavioral risks, and those related to money laundering, terrorist financing, and unethical practices. 5.10 Systemically Important Banks: Banks classified as systemically important at the financial and economic system level, where their failure or distress could lead to significant negative impacts on the financial and economic system as a whole.

6. Governance Principles:

6.1 Principle One: Duties of the Board of Directors.

The Board of Directors bears overall responsibility for managing the bank, including setting strategic policies, risk strategy, governance standards, and institutional values. It is responsible for implementing these objectives and standards, supervising their proper application, and overseeing executive management during the implementation of those strategies and objectives.

6.1.1 General Framework for Board Duties and Responsibilities:

Board members must consider the following when performing their duties and responsibilities: a. The board's distinct role separate from shareholders and key officers. b. Duties of trust and loyalty to the bank and shareholders. c. Acting in good faith to achieve the bank's interests safely and properly, in accordance with regulatory standards and applicable laws and legislation.

6.1.2 The Board executes its duties and responsibilities within a set of areas, including:

a. Responsibilities related to setting objectives, formulating policies, and strategic matters, including risk strategy and financial safety. General policy should reflect the priorities of using available resources and plans to monitor the bank's progress toward achieving its goals. The board holds ultimate responsibility for managing and organizing the bank's affairs, ensuring achievement of objectives, and planning and monitoring executive management's implementation of goals, while considering the bank's long-term financial interests, risk exposure, and ability to manage risks effectively. b. Responsibilities related to risk appetite by defining the bank's risk appetite framework, ensuring alignment with strategic objectives, capital, financial plans, and remuneration/incentive practices, and disseminating the risk appetite framework across all bank levels by developing a risk appetite document that all parties can easily understand. c. Financial responsibilities to ensure the strength and sustainability of the bank's financial position. d. Adopting a comprehensive risk management system for potential bank risks and internal control systems, and ensuring executive management's compliance with these systems. e. Adopting an organizational structure and job descriptions covering all bank functions and tasks, preventing duplication or overlap, reflecting proper administrative hierarchy, aligning with delegated authorities, and ensuring the structure facilitates effective decision-making. f. Forming necessary committees for supervision, planning, and monitoring bank activities, defining their responsibilities, and delegating specific authorities. When forming committees, the board must ensure they do not hinder workflow or duplicate tasks. g. Monitoring and overseeing various bank activities according to law, regulations, instructions, enforceable decisions, and internal bank systems, including ensuring:

1. The board receives periodic, detailed, and accurate reports on the bank's financial position and performance.
2. The extent to which the bank achieves its set objectives by comparing actual performance results with planned targets according to budget estimates.
3. Effective oversight of bank operations and activities, and establishing accountability mechanisms for all management levels and activities to identify, manage, and report risks.
4. Existence of sound and clear decision-making and control systems, ensuring system effectiveness through regular testing and reporting.
5. Executive management promptly informing the board of any violations of procedures and instructions that may endanger the bank's assets and transactions.
6. Establishing clear written policies for treasury operations management and receiving regular reports on their results, including any violations of these policies.
7. Issuing written instructions and rules to prevent fraud and forgery, and immediate notification of forgery cases or suspicions.
8. Establishing specific policies and procedures to prevent and combat money laundering, consistent with related instructions and laws.
9. Subjecting branch operations outside borders to appropriate oversight to ensure smooth operations and achieve viable profit levels. h. Electing a chairman and one or two vice-chairmen for the board. i. Appointing the Chief Executive Officer (General Manager), their deputies, assistants, experts, and consultants capable of managing bank affairs efficiently and effectively, and determining their salaries and rewards, in accordance with the board-approved recruitment and appointment policy. j. Approving audited interim (semi-annual) and final financial statements from the external auditor, to be distributed to board members at least one week before the meeting date. k. Establishing culture and institutional values by imposing appropriate standards for responsibilities and work ethics, and the board adopting and issuing a professional code of conduct for bank employees that includes professional standards and institutional values enhancing integrity for senior management and employees. l. Ensuring appropriate steps are taken to communicate the bank's values and adopted professional code of conduct standards to all bank levels, establishing work standards for senior management and employees by documenting and publishing rules for best practices in bank governance or similar documents, and ensuring all employees are aware that appropriate measures will be taken in case of inappropriate conduct or behavior. m. Preparing and monitoring a sound risk governance framework by setting clear limits enabling the bank to take necessary actions in case of any breaches. n. Organizational responsibilities to coordinate efficiently and effectively between business units to prevent gaps in internal controls and ensure no task duplication (known as the three lines of defense model). o. Recommending to the General Assembly the appointment of the bank's external auditor after obtaining the Palestinian Monetary Authority's approval. p. Recommending to the General Assembly, after obtaining the Palestinian Monetary Authority's approval, the appointment of Shariah Supervision Committee members (in Islamic banks), defining their appointment conditions, and ensuring their neutrality and operational independence. q. Any responsibilities stipulated by the Banks Law, instructions and decisions issued thereunder by the Palestinian Monetary Authority, the Companies Law, or the bank's internal regulations.

6.1.3 The board, in partnership with executive management and the risk officer, must develop a risk appetite framework for the bank and establish necessary procedures to ensure compliance and monitoring. Risk governance must include a strong risk culture and management, in addition to clearly defining risk management responsibilities and internal audit functions.

6.1.4 The board, together with senior management, must regularly review policies, controls, and supervisory department functions to identify areas requiring improvement, as well as identify and address significant risks and issues.

Anti-Money Laundering and Counter-Terrorist Financing Contact Officer Function: • The bank's board of directors bears responsibility for complying with the legislative system related to laws, regulations, instructions, codes of conduct, and professional practice standards regarding combating money laundering and terrorist financing, particularly Law No. (20) of 2015 and its amendments, instructions issued thereunder, Presidential Decree No. (14) of 2015, Law No. (13) of 2016 regarding amendments to the law on combating money laundering and terrorist financing, instructions issued by the National Committee for Combating Money Laundering and Terrorist Financing, and instructions issued by the Palestinian Monetary Authority on this matter. The board must have clear knowledge and understanding of money laundering and terrorist financing risks. • The bank must comply with the Palestinian Monetary Authority's current instructions regarding the appointment of an Anti-Money Laundering and Counter-Terrorist Financing Contact Officer, including the responsibility for creating the position, requirements for reporting lines and independence, tasks assigned to the contact officer, and requirements regarding their appointment, termination of service, and any other related requirements. The bank must exercise the necessary professional diligence and find appropriate internal methods to comply with legislative and regulatory requirements for combating money laundering and terrorist financing.

6.1.5 The board must ensure that holders of internal audit functions and the Anti-Money Laundering and Counter-Terrorist Financing Contact Officer are appointed based on appropriate qualifications and experience, and that sufficient resources are allocated to them to perform their responsibilities independently and effectively.

6.1.6 The board must define risk management responsibilities at the bank level (known as the three lines of defense), aiming to set standards for clearly distributing responsibilities, in addition to how to coordinate effectively between different business units to avoid gaps or deficiencies in supervisory procedures, and to avoid duplicating work covering the same risks for management purposes.

6.1.7 The board must call for shareholder meetings, prepare agendas, and ensure fair treatment of shareholders (including minority shareholders in the bank), depositors, and other parties