CBFA Prudential Expectations on Financial Institutions' Sound Governance

rue du Congrès 12-14 | 1000 Brussels p +32 2 220 53 42 | f +32 2 220 54 93 | www.cbfa.be Prudential Policy Brussels, 30 March 2007 CIRCULAR PPB-2007-6-CPB-CPA on the CBFA’s prudential expectations on financial institutions’ sound governance Dear Sir or Madam, The Banking, Finance and Insurance Commission (CBFA) is pleased to send you herewith a circular on its expectations on financial institutions’ sound governance. This circular was drawn up following wide consultation as reported by the CBFA in its December 2006 Feedback Statement. This thematic circular brings together in one text the existing provisions of supervisory law and recommendations and best practices that concern sound governance, grouped around ten general principles that apply to a wide range of financial institutions under CBFA supervision. These are inter alia the credit institutions, insurance companies, investment firms (including investment advice companies), management companies of undertakings for collective investment, settlement institutions and institutions assimilated to settlement institutions, and derivatives specialists. The circular also applies to parent companies under CBFA supervision in Belgium that head a financial group, as part of the supplementary supervision or consolidated supervision of the group. Finally, certain principles of the circular apply to Belgian subsidiaries of non-EU institutions. The wide scope of this supervision justifies a reasonable and proportional application of the principles, taking into account the nature, volume, complexity and risk profile of each institution. Without prejudice to the legal provisions applicable to them, financial institutions must have such management structure as is most appropriate on the basis of their own features. The circular describes for each principle not only the applicable regulation, but also the CBFA’s expectations, which, unless otherwise indicated or logically deductible from the context, should be taken as recommendations. The CBFA would ask every financial institution to assess, on the basis of the principles of the circular, the basic features of its management structure, and to sum these up in a so-called governance memorandum to be submitted to the CBFA by 31 March 2008 at the latest. …/…

rue du Congrès 12-14 | 1000 Brussels p +32 2 220 53 42 | f +32 2 220 54 93 | www.cbfa.be PPB-2007-6-CPB-CPA - 2 Following a dialogue with the financial institution, the CBFA will assess the memorandum using the criteria mentioned in the circular, including any binding provisions under the financial institution’s legal supervisory status and any such prudential conditions as may be attached to the institution’s authorization and pursuit of business. Once the CBFA gives the financial institution its approval, any earlier protocol concluded by the financial institution with the CBFA becomes void. The staff of the CBFA will be pleased to answer any question regarding this circular. A copy of the circular is addressed to the statutory auditor(s) of your institution. Yours faithfully, E. Wymeersch Chairman

1 CIRCULAR ON THE CBFA’S PRUDENTIAL EXPECTATIONS AS REGARDS FINANCIAL INSTITUTIONS’ SOUND GOVERNANCE Preliminary Version Table of contents Number A. Justification Description of sound governance 1 Prudential dimension of sound governance 2-3 B. Definitions 4 C. Scope Ratione personae 5 Principle of proportionality 6 D. Prudential expectations as regards sound governance 8-9 E. Examining the various principles Principle I: Qualities required of significant shareholders Legislation 10 Assessing the qualities required 11 What is expected of significant shareholders 12 Charter and forum of the family/partners 13 Principle II: Adequate governance structure Legislation 14 Management, supervision, and general policy functions 15-17 Constitution of a management committee 18-19 Financial institutions that do not set up a management committee 20-21 Typical distribution of tasks between the board of directors and the management committee 22 Periodic assessment 23 Principle III: Allocating powers and responsibilities Legislation 24 Implementing the governance structure 25 Administrative organization 26-28 Delegating and outsourcing 29-30 Principle IV: Plurality of managers, collegial decision-making, and distribution of tasks among senior managers Legislation 31 Plural and collegial decision-making 32 Individual allocation of responsibilities 33 Principle V: Independent control functions Legislation 34 Description 35-37 Audit committee 38-41 Principle VI: Qualities required of the company officers Legislation 42 Composition of the governing bodies 43 Company officers’ profiles 44-46 Notification to CBFA and assessment by the CBFA 47-48 Assessment of the qualities required of senior managers 49-50 Assessment of the qualities required of non-executive directors 51-52 Independent directors 53-54 Appointment of a legal person as a non-executive director 55

2 Principle VII: Remuneration policy for company officers Legislation 56 Senior managers 57 Non-executive directors 58 Principle VIII: Strategic aims, corporate values and conflicts of interest policy Legislation 59 Strategic objectives and values. Internal codes of conduct 60 Conflicts of interest policy 61-64 Whistleblowing 65-66 Treating customers’ complaints 67 Principle IX: Know your structure, know your activities Legislation 68 Understanding the operational structure 69-70 Offshore centres and complex structures policy 71-74 Principle X: Publicity and disclosure Legislation 75 Transparency 76-77 F. Sound governance in a group context Individual supervision and group supervision 78-79 Application of the principles to cross-border groups 80-82 Core principles 83 Distribution of tasks between the parent company and the subsidiary 84-86 Group steering techniques 87-91 Independent control functions in a group context 92 Managing conflicts of interest 93-94 Plurality of functions 95 G. Governance memorandum Governance memorandum at company level 96-98 Governance memorandum of the group 99 Assessment by the CBFA 100 ™ Annexe: governance memorandum outline ™

3 A. JUSTIFICATION Description of sound governance

1. For the application of this circular, sound governance should be understood to be the aim of ensuring, on the basis of a set of rules and behaviours, the proper governance and control of a company. Issues of sound governance are inter alia: achieving the company's aims, setting up efficient management and internal controls, identifying and taking into account the interests of all stakeholders, carrying out the activity in accordance with the principles of sound and prudent governance, in compliance with the applicable legal and administrative provisions. Prudential dimension of sound governance
2. For financial institutions, sound governance presents an additional dimension, as they play a crucial public role in the economy and the financial system. A healthy financial system rests on three essential pillars: quality regulation and supervision, creditworthy and well-managed financial institutions, and probity as well as market discipline on the financial market. Financial institutions collect funds from the public and increasingly commit themselves in the long term (e.g. through pension schemes), thereby making it all-important to maintain a high degree of confidence in their stability and solvency. Simultaneously, their activity and financial position are subject to market tendencies and price volatility. Sometimes events or incidents occur that damage their reputation, challenge their liquidity, and may even lead to systemic crises. Therefore, when a financial institution takes all reasonable measures to ensure sound governance within its activity, this not only improves its own managerial efficiency, but it also plays a key role in maintaining confidence - from the public, from its customers and from market players - in the institution itself, as well as in the financial system as a whole.
3. For the supervisory authorities which are specifically in charge of safeguarding the interests of depositors, investors and insurance policyholders, as well as the stability of the financial system, sound governance is a keystone in their prudential supervision of financial institutions. The laws organizing supervision impose upon financial institutions the obligation to set up a management, organization, and internal control structure that enables them to adequately identify and manage the risks incurred by their activity. Sound management of financial institutions means that the supervisory authorities can have increased confidence in these institutions’ internal control procedures and can adapt their prudential supervision accordingly. This is particularly important as supervision is largely based on the degree of risk incurred. The objective of this thematic circular is to bring together in one text all supervisory rules, recommendations and best practices that concern sound governance. The circular focuses on 10 general principles that apply to financial institutions within the scope of the circular, taking into account an adequate degree of proportionality. General principles and criteria for assessing financial institutions’ sound governance nationally are also available from international forums and supervisory authorities, each within their remit and according to their own legal competence.1 Such international reference-setting has been taken into account in this circular. 1 See inter alia: “Enhancing corporate governance for banking organisations” (February 2006) of the Basel Committee on Banking Supervision; “Guidelines on Internal Governance” (in “Guidelines on Application of the Supervisory Review Process under Pillar 2”, January 2006) of the Committee of European Banking Supervisors (www.c-ebs.org); and the “Compilation of IAIS Insurance Core Principles on Corporate Governance” (January 2004) of the International Association of Insurance Supervisors.

4 B. DEFINITIONS 4. For the purposes of this circular, the following definitions shall apply: financial institutions, or institutions: the regulated undertakings that are subject to CBFA supervision and fall within the scope of this circular. supervisory laws: the Belgian legislation on the organization of supervision of the financial sector, as well as the specific supervisory laws and decrees, and in particular:

• the Law of 2 August 2002 on the supervision of the financial sector and on financial services;
• the Law of 22 March 1993 on the legal status and supervision of credit institutions (LCI);
• the Law of 9 July 1975 on the supervision of insurance companies (LIC);
• the Law of 6 April 1995 on the legal status and supervision of investment firms, on intermediaries and investment advisers (LIF);
• the Law of 20 July 2004 on certain forms of collective management of investment portfolios (LCF);
• the Royal Decree of 26 September 2005 on the status of settlement institutions and institutions assimilated to settlement institutions (RDSI);
• the Royal Decree of 28 January 2004 on the legal status of derivatives specialists (RDDS);
• the Royal Decrees of 21 November 2005 (supplementary supervision of financial services groups (RDSS)), 22 February 1991 (inter alia annexe V on consolidated supervision of insurance holding companies (RDIHC)), and 12 August 1994 (consolidated supervision of holding companies of credit institutions, investment firms and management companies (RDHC)). Certain parts of the circular refer to future regulations which are relevant for the governance of financial institutions. Wherever possible, but under reservation as to the content and moment of adoption and entry into force, account has been taken of draft texts available upon publication of this circular. stakeholder: a shareholder or any other person holding a significant interest in, and/or exercising an influence on, the activity of the enterprise or the realization of its objectives. In the context of financial institutions, stakeholders include the depositors, investors, insurance policyholders, financial markets, market undertakings and market players, clearing and settlement institutions and equivalent institutions, the “Fonds de protection des dépôts et des instruments financiers”/”Beschermingsfonds voor deposito’s en financiële instrumenten” (Protection Fund for Deposits and Financial Instruments), the enterprise’s personnel, the community, etc. governance structure: the set of structures, measures and procedures available to the financial institution in governing and controlling its activity. company officers: the group of persons in charge of operating the financial institution in a wider sense, namely shaping the general policy and strategy (“general policy” function), managing the enterprise’s activity (“management” function) and supervising the enterprise’s management (“supervisory” function). senior management: the group of persons, whether or not members of the board of directors, whose function within the institution implies that they exercise at the highest level a direct and decisive influence on the enterprise’s management.2 2 See the comprehensive definition in the CBFA’s Circular PPB-2006-13-CPB-CPA on the exercise of external functions by directors and managers of regulated undertakings.

5 key staff: any person, other than a senior manager, who fulfils a key function (secretary general, legal affairs, human resources, communication) or is in charge of independent control functions; independent control functions: functions such as internal audit, compliance, risk management and the appointed actuary, generally carried out by persons employed by the institution and who, through their controls, assessments or opinions, provide the company officers with the necessary tools to assume responsibility over the management of the institution. C. SCOPE Ratione personae 5. This circular applies to the following institutions governed by Belgian law: credit institutions, insurance companies, investment firms3 , management companies of undertakings for collective investment, settlement institutions and institutions assimilated to settlement institutions, and derivatives specialists. The circular also applies to parent companies subject in Belgium to CBFA supervision that head financial groups, as part of the supplementary supervision or of the consolidated supervision of the group. 4 Certain principles of the circular, in particular principles VI, VIII, IX and X, apply to Belgian subsidiaries of institutions that are not governed by the law of a Member State of the European Union, it being understood that due account is taken of the absence of a legal person or certain corporate bodies and mechanisms within the subsidiary in Belgium. Principle of proportionality 6. The supervisory laws require each financial institution to have a governance structure, organizational procedures and internal control systems which are appropriate to the activities proposed. The financial institution should take into account in this respect the nature, size and complexity of the activities and related risks. The circular expresses the CBFA’s prudential expectations for the institutions’ governance structure. These are presented in the form of ten principles which apply to each and every financial institution falling within the scope of the circular, albeit taking into account an adequate degree of proportionality. Financial institutions are expected to review the essential features of their governance structure and adapt them according to the principles of the circular. 3 Including investment advice companies. 4 For further details, see Nos 78-82.

6 Non-implementation of certain principle or recommendations should be justified and possibly solved by alternative measures aimed at achieving the objectives advocated by the principle or recommendation. However, where a principle or part of a principle also constitutes a legal obligation contained in a supervisory law, a decree or a regulation, the financial institution must apply it in full. 7. Each institution should describe its governance structure in the governance memorandum and should comment the choices it has made. As explained below, the CBFA shall examine this memorandum with the institution in light of the principles of its circular, and assess it in light of the binding supervisory provisions to which the institution is subject.5 D. PRUDENTIAL EXPECTATIONS AS REGARDS SOUND GOVERNANCE 8. The CBFA’s expectations as regards sound governance of financial institutions are grouped around ten principles. Wherever possible, each principle is accompanied by the applicable regulation. It is systematically followed by an explanation of the CBFA's expectations. Unless otherwise dictated by either the text or sheer logic based on the context, such expectations should be considered as recommendations (see No. 6). 9. Ten principles: I. The financial institution’s major shareholders should be trustworthy and financially sound. They should manage their shareholding in line with a sound and prudent management of the institution, its sound governance and its sustainable development. II. The financial institution should adopt a transparent governance structure that favours a sound and prudent management appropriate to its nature, size, complexity and risk profile. A distinction should be made, wherever possible, in the financial institution’s management between the functions that concern managing the institution’s activities, supervising the management, and shaping the general policy and strategy of the institution. The financial institution should regularly assess the operation of its governance structure. III. The financial institution should determine the powers and responsibilities of each segment of its organization, specify the procedures and reporting lines and ensure their implementation. IV. The senior management should consist of several persons acting as a collegial body, without prejudice to the allocation of specific responsibilities to individual senior managers. V. The financial institution should have appropriate independent control functions. The management should oversee their organization and operation and make use of their conclusions. VI. The financial institution’s company officers should have a profile that is appropriate for governing the institution. They should give evidence of having the necessary integrity, commitment, fitness and probity, experience and expertise to carry out the tasks entrusted to them. 5 See No. 100.

7 VII. The financial institution should adopt for its company officers a remuneration policy that is in line with its objectives, values and long-term interests. VIII. The financial institution should determine its strategic objectives and values, in particular as regards its integrity, and should ensure that these objectives and values permeate all segments of its activity. The institution should also draw up internal codes of conduct and take appropriate measures to manage conflicts of interest. IX. Company officers should have a clear understanding both of the institution’s operational structure and activities, and of the risks associated with the services and products it offers. X. The financial institution should communicate with its stakeholders about the principles it applies with regard to its governance structure. E. EXAMINING THE VARIOUS PRINCIPLES Principle I: Qualities required of significant shareholders The financial institution’s major shareholders should be trustworthy and financially sound. They should manage their shareholding in line with a sound and prudent management of the institution, its sound governance and its sustainable development. Legislation 10. The supervisory laws provide that upon granting an authorization, the CBFA shall be informed of the identity of the shareholders who directly or indirectly hold a significant interest, as well as of the level of that interest in the capital and of the number of voting rights. Shareholders acting jointly or in concert shall inform the CBFA on an individual basis.6 Interests held in listed financial institutions shall, by virtue of the legislation on transparency, be publicly disclosed.7 Significant shareholders, as well as financial institutions upon receiving the information, shall subsequently inform the CBFA of any changes (increases or decreases whereby certain thresholds are exceeded) occurring in the financial institution’s capitalistic structure. The CBFA may prevent a person from becoming a significant shareholder of the institution if the CBFA deems that that person does not have the qualities required with regard to the need to ensure a sound and prudent management of the financial institution. 6 Articles 17 and 24 LCI (see also Circular B953 of 13 April 1993); articles 59 and 67 LIF; articles 150 and 159 LCF; article 23bis LIC (see also Circular C172 of 26 April 1999 and D96 of 7 February 1992). See on group supervision Article 4, § 3, RDHC, Article 14 RDSS and Article 91quater LIC. 7 See the Law of 2 March 1989 concerning the disclosure of large shareholdings in. companies listed on the stock exchange and regulating public take-over bids.

8 Assessing the qualities required 11. The assessment of the qualities required of significant shareholders concerns their reputation and financial health. The CBFA will also examine whether the group to which the financial institution belongs is sufficiently transparent and ascertain itself that said group does not impede supervision on a solo basis or - where applicable - on a consolidated basis. What is expected of significant shareholders 12. The CBFA expects of the significant shareholders, and all the more so of the controlling shareholders, that in exercising their legitimate rights they will contribute to a sound and prudent management as well as to the stability of the financial institution and its development on a going concern basis. These persons should also take into account the sound governance expectations laid down in this document for compliance by the financial institution. Whenever it acknowledges a new significant shareholder, the CBFA will remind that person of what is, prudentially speaking, expected of shareholders and of the financial institution, as determined by this circular. Charter and forum of the families/partners 13. Financial institutions with a family shareholding or a shareholder structure comprising a closed number of partners would be well advised to draw up a charter to govern the relationships between the family and/or partners on the one hand and the financial institution on the other hand, as regards inter alia sound governance, entrepreneurial vision, financial objectives, management follow-up, careers, and remuneration. Principle II: Adequate governance structure The financial institution should adopt a transparent governance structure that favours a sound and prudent management appropriate to its nature, size, complexity and risk profile. A distinction should be made, wherever possible, in the financial institution’s management between the functions that concern managing the institution’s activities, supervising the management, and shaping the general policy and strategy of the institution. The financial institution should regularly assess the operation of its governance structure. Legislation 14. The supervisory laws provide that the governance structure and organization of financial institutions must be appropriate to the activities and services proposed. Financial institutions must have adequate internal control systems and set up an appropriate internal audit function, compliance function and risk management function. 8 The supervisory laws provide that where a financial institution sets up a management committee pursuant to the provisions of the Code on Companies, all members of the management committee must be members of the board of directors.9 New rules will enable management committees of parent holding companies to be mixed, but they will still have to include at least two members of the board of directors.10 8 See Article 20 LCI, Article 62 LIF, Article 153 LCF, and Article 14bis LIC. See on group supervision Article 4, § 1, 2°, RDHC, Article 13 RDSS and Article 91quater LIC. 9 See Article 26 LCI, Article 69 LIF, Article 161 LCF, Article 90, § 3, LIC, and Circular D172 of 26 April 1999 respectively. 10 See the planned adaptation of Article 4, § 4, RDHC, and of Article 15, § 2, RDSS.

9 The supervisory laws do not impose any specific rules as regards the constitution and composition of management committees for settlement institutions and institutions assimilated to settlement institutions, or for derivatives specialists. Management, supervision and general policy 15. A financial institution’s governance structure must be tailored to the nature, size, complexity and risk profile and be permanently adapted to the evolution of its activity. The CBFA recommends, in line with best practices on sound governance, to maintain within the financial institution’s management a separation between: x the management of the enterprise’s activity (management function); x the supervision of management (supervisory function); x the determination of the general policy and of the strategy (general policy function); 16. Without prejudice to the responsibilities of the various governing bodies and of the directors, as derived from the Code on Companies, the management function, in the case of a financial institution incorporated as a limited company (société anonyme/naamloze vennootschap), is generally entrusted to the executive directors, who sit on the management committee if any, while the supervisory function is entrusted to the non-executive directors, in particular - but not exclusively - the members of the prudentially relevant consultative committees of the board of directors in charge of audit, compliance, risk management, appointments, remuneration, investments, etc., and finally the general policy function is entrusted to both the executive and non-executive directors sitting jointly on the board of directors. In compliance with the principle of proportionality, these functions are developed and allocated in such a way as to achieve the appropriate checks and balances and ensure adequate separation between the various functions. Where the financial institution has instituted a management committee (see Nos 18–19), it should allocate the functions of e.g. chairman of the board of directors and chairman of the management committee to different persons, namely a non-executive and an executive director respectively. Where the non-executive directors form a majority within the board of directors, this improves the supervisory function within said board of directors. 17. Financial institutions that have adopted a legal form other than that of the limited company should, to the best of their ability, and within the applicable legal framework, strive, through provisions in the articles of association where relevant, to distinguish the various functions concerned and to incorporate into their governance structure the appropriate checks and balances. Constitution of a management committee 18. The supervisory laws provide that the articles of association of the financial institution incorporated as a limited company may authorize the board of directors to delegate its managing powers to a management committee, but that such delegation should not relate to the general policy or to any acts that are reserved for the board of directors. The latter shall exercise supervision on the management committee. Constituting a management committee is a very appropriate means of achieving a clear-cut separation between the various governing functions referred to in Nos 15–17. The management committee is effectively in charge of running the financial institution, together with the persons - if any - who, under their direct responsibility, manage the enterprise’s activity or segments thereof. A management committee enhances the efficiency of plural supervision and of collegial decision-making on the conduct of the enterprise’s activity. The CBFA therefore explicitly recommends that financial institutions set up a management committee.

10 19. The supervisory laws state that, where a financial institution11 does set up a management committee in accordance with the provisions of Article 524bis of the Code on Companies, said committee should only comprise members of the board of directors. The aim of the lawmakers is to ensure that the effective managers take part in the board of directors’ general policy function, that symmetry is preserved for all members of the management committee as regards information, and that decision-making within that body remains a collegial process. Parent holding companies are in principle subject to the same regulations as regulated institutions, but new supervisory rules are being prepared to the effect that their management committee can be a mixed committee and can therefore also include persons who are not a director, provided however that it includes at least two members of the board of directors. This variation is motivated by the fact that in a parent holding company, the tasks and profiles of the people in charge, and the debates and decision-making process within the board of directors of the group, so differ in terms of nature and technicity from those of the management committee or the senior management of the group, that at group level - in contrast with the situation in the operational entities -, it is not necessary to include all the members of the management committee of the group in the board of directors. Financial institutions that do not set up a management committee 20. Financial institutions that do not set up a management committee should justify their decision in their governance memorandum. They should demonstrate that their governance model is appropriate in light of the nature, size, complexity and risk profile. 21. In addition, their model shall meet the following general qualitative criteria on sound governance: (a) an adequate separation exists between the function in charge of managing the enterprise’s activity and the function that supervises this management function; (b) senior management is entrusted to at least two persons who, without prejudice to an adequate distribution of tasks, should operate on a collegial basis; any delegation of competences related to senior management should be the subject of clearly established official provisions (e.g. within the articles of association); (c) a structured dialogue exists between the function in charge of shaping the general policy, the function responsible for managing the enterprise’s activity and the function that supervises the management function. Typical distribution of tasks between the board of directors and the management committee 22. In the case of financial institutions that have adopted the legal form of a limited company and have set up a management committee, the tasks can be shared as follows between the board of directors and the management committee: (a) board of directors x determines the financial institution’s objectives and values; x regularly approves and assesses the governance structure, organization, internal control systems, and independent control functions of the financial institution; x regularly verifies whether the financial institution has efficient internal controls as regards reliability of financial information processes; 11 With the exception of settlement institutions and institutions assimilated with settlement institutions, and of derivatives specialists.

11 x regularly approves and assesses the financial institution’s general policy and strategy guidelines, inter alia in the following fields: o commercial policy and structures12 13; o risk profile, risk policy and risk management; o capital adequacy; o outsourcing14 o continuity of the enterprise15; o integrity16 and customer acceptance17; o conflicts of interest; o protection of customers rights on their assets held by the financial institution. x supervises senior management through effective recourse to the powers of investigation of the directors and through management's reporting on the evolution of the enterprise’s activity; x takes cognizance of important findings made by the independent control functions of the financial institution, the statutory auditor and the CBFA, possibly through its specialized committees as instituted by the board of directors, and ensures that the management committee takes appropriate measures to remedy any shortcomings. Where necessary, the board of directors should set up specialized consultative committees in charge of analyzing specific issues and advising the board of directors on these issues. Constituting committees cannot however lead to the board of directors being devoid of its substance: decision-making should remain the task of the board of directors, which acts on a collegial basis in exercising its powers. The board of directors should draw up internal regulations for each committee, detailing the role, composition and operation of each committee.18 Although the practice within the financial sector presents a diversity of committees and competences, the most common committees are the audit committee, remuneration committee, nomination committee, risk management committee, compliance committee, strategic committee, investment committee, etc. As regards the supervisory function carried out by the board of directors, the audit committee has an essential role to play. The constitution and operation of the audit committee are further detailed in Nos 38–41. (b) management committee x ensures management of the financial institution’s activity and development of the governance structure; x supervises line management, compliance with the allocated competences and responsibilities, and financial information; x formulates proposals and opinions to the board with a view to shaping the financial institution’s general policy and strategy, and communicates all relevant information and data to enable the board to take informed decisions; 12 See e.g. Circulars D1 2000/2 and D4/EB/730 of 5 May 2000 on financial services through the Internet. 13 See principle IX (Nos 68-74). 14 See Circular PPB 2005/5 of 22 June 2004. 15 See Circulars PPB 2005/2 (credit institutions, investment firms) and PPB/D256 (insurance undertakings) of 10 March 2005 on sound management practices aimed to ensure the continuity of financial institutions’ activities. 16 See the compliance Circular D1 2001/13 of 18 December 2001 (credit institutions), Circular D1/EB/2002/6 of 14 November 2002 (investment firms), and Circular PPB/D255 and 10 March 2005 (insurance undertakings). 17 See the consolidated version dated 12 July 2005 of the Circular on the obligations of customer due diligence and on preventing the use of the financial system for money-laundering and the financing of terrorism. 18 As regards the management committee, see the comment in item (b) as well as Nos 18 and 19.

12 x organizes, steers and assesses - without prejudice to the supervision carried out by the board of directors - the internal control mechanisms and procedures, inter alia as regards the independent control functions; x organizes an internal control system that makes it possible to establish with reasonable certainty the reliability of internal reporting and financial disclosure in order to ensure that the annual accounts are in compliance with the applicable regulations; x reports to the board of directors of the institution’s financial position and on all aspects that are necessary to fulfil these tasks correctly. x informs the CBFA and the statutory auditor, according to the applicable rules, on the financial position and on the governance structure, organization, internal control and independent control functions. Periodic assessment 23. The financial institution should at regular intervals assess the functioning of the governance structure, inter alia the governing bodies, as regards also their competences, composition and size. The non-executive directors should, at least once a year, assess the interaction with the executive directors, even if the latter are absent. Minutes should be drawn of the conclusions of these assessments as well as of the measures taken in order to improve the functioning of the governance structure. Principle III: Allocating powers and responsibilities The financial institution should determine the powers and responsibilities of each segment of its organization, specify the procedures and reporting lines and ensure their implementation. Legislation 24. See No. 14 Implementing the governance structure 25. The financial institution should have a clear delimitation of the responsibilities of the management, both executive and non-executive. The governing bodies (the board of directors, including any specialized committees; the management committee) should draw up internal regulations. Administrative organization 26. The company officers should establish in writing the competences, duties and responsibilities of all significant entities and activities of the financial institution, and should allocate them to the various members of the financial institution’s staff. Where possible and justified in light of the nature, size, complexity and risk profile of the financial institution, the tasks of staff and departments should be partitioned in order to reduce the risk of abuse or of violation of prudential rules. 27. Persons appointed to prudentially significant executive services or key functions (internal audit officer, compliance officer, risk management officer, appointed actuary, etc.) should be fit and proper and have the necessary knowledge and experience.

13 28. The reporting lines should be clearly defined. The internal reporting should be adapted to the nature, size, complexity and risk profile of the financial institution, and should cover all of the institution’s significant activities. Delegating and outsourcing 29. The responsibility of the financial institution’s governing bodies, e.g. as regards compliance with its prudential obligations, cannot be delegated or outsourced to third parties.19 This means that the governing bodies should continue to fully assume responsibility for shaping the general policy and for supervising all outsourced activities and processes. The necessary attention should be given to controlling risks in this respect, inter alia operational risk. This also means that the senior management should take all necessary measures to be able to supervise the activities provided by the external service provider, and that even after a task has been outsourced, the institution should still have the experience, knowledge and means necessary to supervise the proper operation and quality of outsourced activities and, where necessary, to rectify them. 30. Delegating and outsourcing is without prejudice to the possibility for the CBFA to verify whether the financial institution complies with the obligations related to its authorization. Principle IV: Plurality of managers, collegial decision-making, and distribution of tasks among senior managers The senior management should consist of several persons acting as a collegial body, without prejudice to the allocation of specific responsibilities to individual senior managers. Legislation 31. The supervisory laws require the senior management of the financial institution (with the exception of derivatives specialists) to consist of at least two natural persons. 20 Plural and collegial decision-making 32. Quality senior management implies that at least two (and preferably three or more, in order to avoid any deadlock situation) persons are in a position that enables them to exercise effective reciprocal supervision (two-headed supervision). The senior management forms a collegial body that decides jointly, and preferably on the basis of unanimity, or else a majority vote. The senior managers are loyally bound by the decisions taken. Said decisions are recorded in the minutes and are communicated internally to the financial institution’s staff insofar as this is necessary either for them to achieve the tasks with which they are entrusted or for the financial institution to operate properly. Individual allocation of responsibilities 33. Collegial decision-making should not stand in the way of a proper allocation of specific – though not exclusive – competences to the senior managers. This internal allocation of tasks makes its possible to adequately manage conflicts of interest arising from the financial institution’s various fields of operation. 19 See Circulars PPB 2004/5 of 22 June 2004 (credit institutions, investment firms) and PPB 2006/1 CPA of 6 February 2006 (insurance companies) on outsourcing. For intra-group delegation and outsourcing, see Nos 89-91. 20 See Article 19 LCI, Article 90 LIC and Circular C172, Article 60 LIF, and Article 151 LCF. As for derivatives specialists, the effective management can consist of just one person (see Article 126 LIF and Article 8 of the Royal Decree of 28 January 2004 respectively). On group supervision, see Article 4, § 4, RDHC, Article 15, § 1, RDSS and Article 91ter1 LIC.

14 This allocation of responsibilities as well as any changes thereto should be notified to the CBFA and communicated within the governance memorandum. In reference to its assessment of the qualities required of the senior managers (see No. 49), the CBFA may, in the case of incidents, take into account in its individual assessment any personal shortcomings on the part of managers. Principle V: Independent control functions The financial institution should have appropriate independent control functions. The company officers should oversee their organization and operation and make use of their conclusions. Legislation 34. The supervisory laws provide that financial institutions must have internal control procedures that are appropriate for the activities they plan to carry out. 21 In this respect, the CBFA has already sent to financial institutions circulars in which it formulates recommendations and determines the criteria it applies to assess the quality of the internal control, inter alia as regards the internal audit22, compliance23, risk management24 and actuarial function25 . European Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts provides that credit institutions, insurance undertakings and other entities designated as public-interest entities by the Member States shall have an audit committee or a body performing equivalent functions, the competences and composition of which shall meet minimum requirements. This Directive must be transposed into national law by mid-2008.26 Description 35. Sound governance for the financial institution implies that the company officers should set up independent control functions, more particularly – according to the financial institution’s characteristics – as regards internal audit, compliance, risk management and the appointed actuary, and that it should translate their findings and opinions as measures aiming to reinforce the governance structure, organization or internal control systems. The criteria applied to define “independence” should be determined for each function separately, also taking into account the financial institution’s characteristics. As a rule, this type of function is described as being "independent" where: x the function is subject to an appropriate status, with the necessary provisions as regards competences, means, expertise and access within the organization; x the function is hierarchically and organizationally separated from the operational activity to which it relates; 21 See Article 20 LCI, Article 62 LIF, Article 153 LCF and Article 14bis LIC. See on group supervision Article 4, § 1, 2°, RDHC, Article 13 RDSS and Article 91quater LIC. 22 See Circulars D1 97/4 of 30 June 1997 and D1 99/2 of 16 April 1999 (credit institutions); D171 of 31 March 1999 (insurance companies); D1/EB/2002/6 (investment firms). 23 See Circulars D1 2001/13 of 18 December 2001 (credit institutions); PPB/D255 of 10 March 2005 (investment firms); D1/EB/2002/6 of 14 November 2002 (investment firms). 24 See inter alia Circulars D1 94/3 of 1 September 1994 (derivatives), D1 96/3 of 15 April 1996 (interest rate risk), D1 97/7 of 2 October 1997 (interest rate risk), and D1 2001/10 of 7 December 2001 (monetary risk and foreign-exchange risk) for credit institutions; 94/3 of 8 December 1994 (derivatives) for investment firms; and D153 of 6 January 1997 (derivatives) for insurance companies. 25 See Circular D206 of 9 November 2001. See also Circular D252 of 15 December 2004. 26 See Article 41 of Directive 2006/43/EC of 17 May 2006 on statutory audits of annual accounts and consolidated accounts (OJ No L 157/87).

15 x the function reports to senior management and the non-executive directors, in accordance with the procedures provided; x the remuneration of the persons in charge of these functions is not a function of the profitability of the activity concerned. 36. For senior management, efficient and permanent independent control functions are necessary tools in achieving its tasks in an optimal manner. Indeed none of the financial institution’s activity fields (e.g. untouchable star traders or offshore activities27) may, for personal, commercial or financial reasons, fall out of the scope of the control functions. 37. As part of the supervisory function, the company officers should periodically, and at least once a year, verify whether the independent control functions operate correctly. To that effect, the company officers should require the senior management to report at regular intervals, without prejudice to any direct examination of any relevant information provided by the functions in question, where applicable through the specialized consultative committees set up for this purpose by the board of directors. Audit committee28 38. Based on the nature, size, complexity and risk profile of the financial institution29, the board of directors should set up a permanent audit committee with a view to properly implementing its supervisory function. 39. As a rule, the tasks of the audit committee are as follows: x supervising the financial reporting process and integrity therein; x verifying the efficiency of the internal control procedures and independent control functions; x following up the internal audit’s activities, inter alia confirming the audit plan and the means available thereto, examining the activity reports and the audit reports (or summaries thereof), and ensuring proper operation of the executive directors as regards the adequate measures they are to take in order to remedy any shortcomings observed by the internal auditors; x monitoring the statutory audits of the annual accounts and consolidated accounts; discussing with the statutory auditor matters related to the supervision, and examining any important issues that may have arisen as part of the statutory auditor’s legal supervisory tasks; assessing and supervising the independence of the statutory auditor; 30 x formulating recommendations towards the board of directors on the appointment and renewal of the statutory auditor, his/her independence and his/her remuneration. Other specialized committees of the board of directors may be specifically in charge of compliance and risk management, according to the principles that govern the audit committee. 27 See also principle IX (paragraph 21). 28 See the recommendations of Circulars D1 97/4 of 30 June 1997 (credit institutions), D171 of 31 March 1999 (insurance companies), D1/EB/2002/6 of 14 November 2002 (investment firms). 29 Point V.4 and the calibration it proposes are policy options that have been determined pending transposition of the 8th Directive as amended (as from 2008). It should be noted that the European Directive imposes upon “public-interest entities” (listed companies, credit institutions, insurance companies, other entities to be qualified as “great public interest” entities on the basis of the nature of their business activities, their size or their staff number), subject to certain exceptions and derogations, and except in the case of an exemption (see under paragraph 26), to set up an audit committee, which should include at least one member which is independent and has competence in accounting and/or auditing (see the directive proposal as published by the Council on 30 September 2005). 30 See recital 24 of Directive 2006/43/EC of 17 May 2006, which specifies that the audit committee’s tasks as regards statutory audit of annual accounts do not in any manner imply that the auditor should be subordinated to the audit committee. Any follow-up of the auditor’s activities and any discussion on supervisory matters between the committee and the auditor should in no way jeopardize the latter’s independence or efficiency.

16 40. The following measures contribute to a proper operation of the audit committee: x the chairman of the audit committee is not the chairman of the board of directors; x the operation of the audit committee is determined by internal regulations (including minutes of the discussions and of the decisions taken); x its members are not part of the financial institution’s senior management; this should not impede the presence, in part or all of the meetings, of the chairman or of a member of the management committee, of the internal auditor and of the statutory auditor, with a view to improving the efficiency of said meetings; x the committee has collective expertise in the activities of the financial institution as well as in the field of financial management, financial reporting, accounting and audit; x in carrying out their tasks, the members show the necessary objectivity and independence with respect to the senior management. Among the best practices in the field of sound governance is the inclusion, within the audit committee, of independent directors (see below Nos 53–54); x the remuneration of the members of the audit committee is in compliance with the provisions of No. 58. 41. As part of its prudential supervision, the CBFA shall assess the knowledge and experience of the would-be members of the audit committee in light of its overall composition and on the basis of the criteria laid down in Nos 51-52. The CBFA shall also assess whether the composition and procedures of the audit committee offer sufficient guarantees for the audit committee to be able to correctly fulfil its role. Principle VI: Qualities required of the company officers The financial institution’s company officers should have a profile that is appropriate for governing the institution. They should give evidence of having the necessary integrity, commitment, fitness and probity, experience and expertise to carry out the tasks entrusted to them. Legislation 42. The supervisory laws provide that the CBFA shall verify whether the persons in charge of the financial institution’s senior management are fit and proper and have the adequate experience to carry out their functions. 31 New legal provisions are being planned that will extend the assessment of the qualities required, in particular as regards the necessary expertise and the adequate experience, to people taking part in the direction or management without participating in the senior management. 32 33 The members of the board of directors and the managers must not have been convicted or have been prohibited from carrying out their profession on the ground of an offence against relevant provisions of financial law as laid down in the supervisory laws. The supervisory laws require the managers to be available for the tasks with which they are entrusted, and any plurality of internal or external functions to be subject to specific rules.34 31 See Articles 18, 19 and 108 LCI, Articles 60, 61 and 152 LIF, Articles 151 and 210 LCF, and Article 90 LIC. On group supervision, see Article 4, § 4, 2°, RDHC, Article 15, § 1, RDSS, and Article 91ter1 LIC. 32 Such changes entail adapting Article 18 LCI, Article 60 LIF, Article 151 LCF, and Article 90 LIC. The supervisory rules on settlement institutions and institutions assimilated to settlement institutions, and on derivatives specialists, remain unchanged. On group supervision, see Article 4, § 4, RDHC, Article 15, § 1, RDSS, and Article 91ter1 LIC. 33 According to plans for a transitional provision, any person who is already a non-executive manager prior to the law being changed would be deemed to have the required expertise and adequate experience until his/her mandate is due for renewal. 34 See the CBFA Regulation of 9 July 2002 on the exercise of external functions by officers of financial institutions (annexed to the Royal Decree of 19 July 2002), as modified by the CBFA Regulation of 22 August 2006 (annexed to the Royal Decree of 24 September 2006), and Article 27 LCI, Article 70 LIF, Article 162 LCF, Article 90 LIC and Articles 15 and 36 RDSI. On group supervision, see Article 4, § 4, RDHC, Article 15, § 2, RDSS, and Article 91ter1 LIC.

17 New legal provisions are being planned that will require financial institutions to notify the CBFA in advance of any change in the financial institution’s company officers, of any information and documents necessary to assess the qualities required of them and, where applicable, of the distribution of tasks within the governing bodies. Composition of the governing bodies 43. The financial institution should have company officers who, both collectively and on an individual basis, have the adequate profile to lead the financial institution. The composition of the governing bodies guarantees that the decisions are taken in light of the sound and prudent management of the financial institution, taking into account the stakeholders. Company officers’ profiles 44. Any company officer of a financial institution should be able to express an objective and independent judgment in the interest of the financial institution, on the basis of all the information and opinions available, and outside any external influence. Without prejudice to any legal provisions on plurality of functions, the company officers should devote the necessary time and attention to a correct fulfilment of their tasks within the financial institution. 45. The financial institution should determine a policy for the composition of its governing bodies and the selection of its directors, taking into account inter alia certain aspects such as the number of directors, the diversity of their knowledge and experience in the light of the development of the institution’s activities, plurality of offices on the part of each director, duration and turnover of mandates, follow-up, criteria relating to independence, rules on conflicts of interest, etc. A financial institution should take adequate measures to improve or maintain its directors’ knowledge through training. 46. The financial institution should determine a procedure for the appointment/renewal and dismissal/non-renewal of its company officers. Notification to the CBFA and assessment by the CBFA 47. New legal provisions will confirm a practice that financial institutions should notify the CBFA in advance of any proposed appointment or renewal, or non-renewal or dismissal, of company officers of the financial institution. This notification should mention the financial institution’s applicable internal rules as provided in No. 46. Where new company officers are proposed for appointment, the financial institution should communicate to the CBFA the information and documents that will enable the CBFA to assess whether the persons concerned meet the required conditions on fitness and probity, expertise and adequate experience. The proposed appointment or renewal of a senior manager requires the CBFA's assent. 48. A financial institution should also inform the CBFA of any distribution of tasks among company officers within the various governing bodies, and of any changes thereto. This applies to the distribution of tasks among senior managers, within the management committee if any, as well as within the board of directors (e.g. membership of a consultative committee such as the audit committee, the risk management committee or the investment committee).

18 Assessment of the qualities required of the senior managers 49. Any senior manager should have a clean track record and the required fitness and probity. He/she should be experienced in managing enterprises and activities subject to supervision and should have the appropriate knowledge and experience in all important fields of activity of the financial institution, inter alia in the matters under his/her direct responsibility. 50. The persons who carry out key functions are not at face value considered as being senior managers, except if they occupy a position that gives them a direct and decisive influence on the management of the financial institution’s activity. Although fitness and probity and the expertise of the persons in charge of these key functions are essential for the proper operation of the financial institution, the responsibility for assessing the required qualities lies with the financial institution’s management. In this respect, the CBFA shall limit itself to assessing the financial institution’s appropriate organization. Assessment of the qualities required of non-executive directors 51. The non-executive directors must first of all be fit and proper and must not have been convicted or have been prohibited from carrying out their profession on the ground of an offence against the legal provisions laid down in the supervisory laws. Given the tendency in enhancing the supervisory function fulfilled by non-executive directors, and in putting responsibility on the highest governing body for an ever increasing number aspects of the general policy of the financial institution, the degree of both expertise and experience on the part of non-executive directors takes on all the more importance. The new supervisory rules will therefore require that people taking part in the direction or the shaping of the general policy and strategy without taking part in its management should have the necessary expertise and adequate experience to fulfil their tasks. Responsibility in attracting – in compliance with the profile the financial institution has determined in this respect (see No. 45) – competent and expert non-executive directors needed to shape the general policy and strategy and to supervise senior management lies in the first place with the financial institution’s management. 52. The criteria envisaged by the CBFA for assessing the qualities required of non-executive directors will be applied both collectively and on an individual basis. The aim is first of all to determine whether the group of non-executive directors collectively has enough expertise and experience for the nature, size, complexity and risk profile of the financial institution. In this respect, account should be taken not only of the expertise and experience in financial matters, but also of skills which more generally contribute to a financial institution’s sound governance taking into account stakeholders’ interests. It will also be necessary to determine what precise function each of the non-executive directors will fulfil. In this respect, the criteria will take into account in particular the fact that a director is in charge of supervisory functions, e.g. within consultative committees such as the audit committee, the risk management committee or the investment committee, in which case the requirements as regards financial expertise and experience will carry more weight.

19 Independent directors 53. One fundamental rule of law is that a company officer should be able to express an objective and independent judgment in the interest of the company he/she serves, on the basis of all the information and opinions available, and outside any external influence. Given the nature of the financial institution’s activities and the prudential context within which it operates, decision-making should take into account the interests of its depositors, investors, insurance policyholders and market players, as well as those of controlling shareholders, the financial institution’s management or interests related to the development of the financial institution’s activities. The quality of leadership and in particular of the general policy and supervision functions will be enhanced to the extent that the composition of the governing bodies will adequately reflect the diversity and complementarity of the interests that are to be taken into account. Without prejudice to the specific obligations imposed on companies by Article 524 of the Code on Companies or as a result of recommendations from the listed companies’ code of corporate governance, it is a good practice – and is explicitly recommended by the CBFA – for financial institutions to appoint a sufficient number of independent directors who have no commercial, family or other links with the financial institution, the controlling shareholders or the management of the financial institution. 54. It is the responsibility of the financial institution to determine criteria on the basis of which it will assess the independence of the directors concerned. The listed companies’ code of corporate governance can provide guidelines in this respect. In the cases provided for by law, the financial institution shall apply the criteria provided for in Article 524 of the Code on Companies. In assessing the qualities required of a director designated by the financial institution as being independent, the CBFA will not judge the manner in which the financial institution applies its own criteria and it will not supervise compliance with these criteria on a permanent basis. In addition, the independence of the director is without prejudice to the requirements as regards expertise and experience as described in Nos 51-52. By virtue of its prudential powers, the CBFA may, however, take action where - based on the information available to the CBFA - it becomes clear that the financial institution’s policy, or implementation thereof, may cause significant prudential risks, in particular if legal risks are involved. Appointment of a legal person as a non-executive director 55. A financial institution may designate a legal person as non-executive director, provided the conditions laid down in Article 61, § 2, of the Code on Companies are complied with. A director-legal person shall appoint a natural person as permanent representative in charge of carrying out the mandate on its behalf and for its account. In order to preserve the supervisory function with which non-executive directors are specifically entrusted, the permanent representative of a non-executive director who is a legal person should not simultaneously be an executive director. In addition, any provision laid down in the supervisory laws as regards the required qualities or concerning professional prohibition, incompatibility or transactions with company officers applies to both a director who is a legal person and to its permanent representative.

20 Principle VII: Remuneration policy for company officers The financial institution should adopt for its company officers a remuneration policy that is in line with its objectives, values and long-term interests. Legislation 56. See No. 14 Senior managers 57. Where the remuneration of senior managers is linked to the individual performance or the financial institution’s results, the financial institution should apply relevant and objective criteria that also stimulate the creation of long-term value. The remuneration policy should not be an incentive for excessive risk-taking. Non-executive directors 58. It is a good governance practice to avoid giving non-executive directors, given their supervisory function – inter alia as regards directors sitting on specialized committees such as the audit committee – a remuneration that is unduly linked to the financial institution’s short￾term results. The remuneration can on the other hand take into account the time invested and the responsibility of the directors concerned.

21 Principle VIII: Strategic aims, enterprise values and conflicts of interest policy The financial institution should determine its strategic objectives and values, in particular as regards its integrity, and should ensure that these objectives and values permeate all segments of its activity. The institution should also draw up internal codes of conduct and take appropriate measures to manage conflicts of interest. Legislation 59. The supervisory laws provide that credit institutions and investment firms shall determine internal codes of conduct with a view to promoting integrity in their activity related to financial instruments.35 The supervisory laws also provide numerous provisions on prevention and management of conflicts of interest in offering financial services (credit-granting36, investment advice and individual and collective portfolio management37 , foreign-exchange and deposit broking38). Future regulations will include provisions that will impose upon financial institutions to keep records of complaints related to their activity in securities.39 Strategic objectives and values. Internal codes of conduct 60. Sound governance cannot be achieved if one limits itself to the organizational structures, the procedures and the control mechanisms: to a large extent, it relies on the commitment and dedication of all staff of the financial institution. Therefore it is essential that the company officers should determine the strategic objectives and enterprise values of the financial institution as well as internal codes of conduct or formal rules that specify the conduct of business in a spirit of integrity that also takes into account the institution’s stakeholders. These objectives, values and codes should be communicated and promoted throughout the financial institution. It is important that in implementing these values, the company officers should impose upon itself strict and demanding rules of conduct and that it should set the tone at the top. The internal codes of conduct should relate inter alia to subjects such as corruption, acceptance of unjustified gifts or advantages in cash or in kind, abuse in transactions between staff and the institution (credit-granting, preferential tariffs, etc.) and all sorts of other unethical or illegal behaviour in the context of internal or external activities. The compliance function has an important role to play in enforcing the policy determined by the financial institution. 35 See Article 62 LIF, and Article 27 of the Law of 2 August 2002 and its implementing provisions. Future regulation (transposition of European banking directives 2006/48/EC and 2006/49/EC and the European directives on financial markets 2004/39/EC and 2006/73/EC) will inter alia impose upon financial institutions to establish a comprehensive integrity policy supervised by an independent compliance function. 36 See Article 28 of the Law of 22 March 1993 and Circular D1 94/5 of 28 November 1994 on credits granted to managers and to companies in which these managers or their stakeholders have interests; see Article 71 of the Law of 6 April 1995; see Article 9bis of the Law of 9 July 1975 and Circular D98 of 7 February 1992 (credit-granting to members of the board of directors, managers or executive directors). 37 See Articles 36, 79 and 127 LIF, Article 26, 4°, of the Law of 2 August 2002, Article 20 of the Royal Decree of 5 August 2001, and Articles 172 and 241 LCF. As of 1 November 2007, this matter will be governed by European Directives 2004/39/EC and 2006/73/EC, which are to be transposed by Articles 27 et seq. of the Law of 2 August 2002. 38 See Article 15 of the Royal Decree of 25 November 1991 on foreign-exchange and deposit broking. 39 See Article 27 of the Law of 2 August 2002 and its implementing provisions. A CBFA regulation will provide specific rules for the treatment of (potential) non-professional customers.

22 Conflicts of interest policy 61. The activity of a financial institution is characterized by the coincidence of many interests, often converging but just as often diverging or in conflict with each other, therefore requiring adequately set rules. Conflicts of interest can arise in – but are not limited to – the following relationships: x between shareholders and the financial institution; x between members of the board of directors and the financial institution (see the rules on personal commercial interests as provided for in the Code on Companies); x between staff and the financial institution and, as a result, the customers of the financial institution; x between the financial institution and its customers, as a result of the commercial model and/or the various services and activities provided by the financial institution; x between various customers; x between the financial institution and its parent company, its subsidiary or other related companies, in the context of intra-group transactions. 62. Without prejudice to the application of the provisions of the Code on Companies or other specific applicable regulations (investment services; market abuse), the financial institution should determine a comprehensive policy, including organizational and administrative provisions (among others records on the enforcement of said policy) as well as adequate procedures, in order to identify and prevent conflicts of interest or, where this is reasonably impossible, to manage them in a manner that does not prejudice the interests of customers, and to provide customers with appropriate information in this respect. 63. The appropriate ways of managing conflicts of interest differ according to the nature, size and complexity of the financial institution’s activities. Thus a financial institution can: x put in place information barriers or physically separate certain departments; x entrust conflicting activities within the chain of transactions or of services to different persons; x entrust supervisory and reporting responsibilities relating to conflicting activities to different persons; x within conflicting activities, avoid any direct link between the remuneration of the relevant persons and the revenues generated by the activity; x avoid any situation where people who are active within or without the financial institution and have conflicting interests are inappropriately influential with regard to an activity of the financial institution; x limit the external activities of relevant people. 64. It is a good practice to inform interested stakeholders of the general nature and sources of conflicts of interest and of the policy determined by the financial institution to identify, prevent or manage them. Whistleblowing 65. Compliance with the enterprise’s values and with its internal codes of conduct, as well as efficiency in the financial institution's internal controls, are enhanced where channels are provided which enable staff in good faith to express legitimate concerns as regards these values or codes, or behaviours that are unethical or illegal, where this concerns aspects under the financial institution’s competence and control. The financial institution may in this respect establish a policy and procedures that make it possible to submit such complaints directly or indirectly (through a mediator, the compliance department, or the internal audit department) to the company officers (e.g. through the audit committee) without resorting to the normal hierarchical channels. Whistleblowers in good faith should be protected against any direct or indirect disciplinary measure or equivalent decision.

23 The proper operation of the whistleblowing process depends on clear rules and procedures that precisely indicate what the complaints can relate to and specify the various steps and degrees of the procedure. The company officers should see to it that the information communicated by whistleblowers is effectively examined and that the necessary measures are taken to rectify any dysfunction. 66. The rules provided should be in compliance with the legislation on privacy. Financial institutions can usefully resort to the advice of the authorities in charge of these matters in order to assess their own rules on the basis of the applicable provisions. Treating customers’ complaints 67. The financial institution should set up efficient and transparent procedures for the treatment of customers’ complaints. It should keep records of the complaints as well of the manner in which they were treated. The company officers should periodically be informed of the treatment of customers’ complaints. Principle IX: Know your structure, know your activities Company officers should have a clear understanding both of the institution’s operational structure and activities, and of the risks associated with the services and products it offers. Legislation 68. The supervisory laws provide that financial institutions must have an organization that is appropriate for the activity they plan.40 Financial institutions must know their customers, both in light of their obligation of due diligence41 – according to the category to which the investor belongs and the nature of the services provided – and by virtue of the anti-money laundering legislation.42 The CBFA has addressed a circular to financial institutions to inform them of a list of operations and practices that should typically be considered as “special schemes”. The aim of the prohibition on “special schemes” is to prevent financial institutions taking any such action favouring tax evasion on the part of customers as cannot be justified as part of the normal transactions and services carried out by financial institutions.43 In addition, the CBFA has invited financial institutions to determine a prevention policy that aims to adopt, in all circumstances, a correct attitude as regards taxes and to abstain from directly or indirectly cooperating with customers calling on a financial institution’s services in order to evade their tax obligations.44 In the case of insurance companies and pension funds, appointed actuaries issue an opinion on the actuarial techniques applied for tariffs, constitution of technical provisions, reinsurance and product profitability.45 40 See Article 20 LCI, Article 62 LIF, Article 153 LCF, and Article 14bis LIC. See on group supervision Article 4, § 1, 2°, RDHC, Article 13 RDSS and Article 91quater LIC. 41 See Articles 26 et seq. of the Law of 2 August 2002 and its implementing decrees. 42 See the Law of 11 January 1993 on preventing the use of the financial system for the purposes of laundering money and financing terrorism, and the CBFA Regulation of 27 July 2004 as approved by the Royal Decree of 8 October 2004, commented in point 13 of the consolidated version of 12 July 2005 of the CBFA Circular on the obligations of customer due diligence and on preventing the use of the financial system for money-laundering and the financing of terrorism (Circulars PPB 2004/8 and D.250 of 22 November 2004, modified by Circulars PPB 2005/5 and D.258 of 12 July 2005). 43 See Circulars D1 97/9 of 30 June 1997, D4 97/4 of 18 December 1997 and D207 of 30 November 2001. 44 See Circular D1 97/10 of 30 December 1997. 45 See Circulars D133 of 15 March 1995 and D206 of 9 November 2001.

24 Understanding the operational structure 69. Financial institutions that offer a large variety of financial services and products (banking, insurance, investment products), propose complex services and products and/or develop cross￾border activities, should set up adequate structures that make it possible to follow up the risks arising from these activities. 70. The company officers of a financial institution should have a clear understanding of the operational structure of the institution. The key functions should receive all specific information they need to correctly fulfil their respective tasks. Financial institutions that are part of a group should be able to inform the supervisory authority of the structure of the group they belong to, also as regards the group's governance and control mechanisms that apply to them. A financial institution that is itself at the top of a group should be able to give information on all of the group’s relevant entities, including their possible impact on the group as far as risks are concerned. Offshore centres and complex structures policy 71. Due to globalization, financial institutions’ activities increasingly present a cross-border dimension. The decision to develop activities in specific jurisdictions is dictated by a set of factors and circumstances related to legitimate strategic, commercial or financial objectives. However, activities carried out by a financial institution abroad, inter alia in offshore financial centres or jurisdictions devoid of transparency, can lead to financial, legal and/ or reputational risks. 72. In addition, financial institutions increasingly make use of complex service schemes and company structures in their activities (company creation, special-purpose vehicles, trust structures), be it for own account or to propose these schemes and structures to their customers. Pressure on the demand side as well as the share that these services represent in the institution’s profits should be weighed against the legal and reputational risks the institution might incur if customers were to misuse such schemes and/or structures for illegal or unethical purposes. 73. The company officers should have a clear understanding of its activities and services. Pursuant to the distribution of tasks as referred to in No. 22, it should determine the policy on using foreign jurisdictions and complex structures for own account or to sell them to customers. The company officers should define the objectives it pursues and should ensure that the activities concerned are in compliance with the applicable legal provisions. Launching activities in foreign jurisdictions and/or setting up or selling new complex structures should be subject to a process of internal approval involving the compliance function and/or actuarial function. Internal control on these activities is in proportion with their importance and the associated risks. The independent control functions of the financial institution and the statutory auditor should have free access to the information and structures, as required by their respective tasks. They should be kept informed of any significant development in the relevant activities. 74. These activities should be the subject of periodic assessments in light of the policy determined, and of reporting thereon to the company officers.

25 Principle X: Publicity and disclosure The financial institution should communicate with its stakeholders about the principles it applies with regard to its governance structure. Legislation 75. See No. 14 Transparency 76. Publicity and transparency are keystones of sound governance. Public information contributes to market discipline, whether the company is listed or not. Prudential supervision is not a substitute for publicity: shareholders, depositors, investors, insurance policyholders, customers and market players are indeed all important first-line protectors of the integrity and professionalism of the financial institutions with which they are involved. To these stakeholders, public information therefore is an essential tool in assessing the quality of the governance and the soundness of the financial institution. 77. Without prejudice to publication of information by virtue of legal provisions or of recommendations from the codes, the following should be considered as relevant information: x the shareholders structure and the control structure, as well as the structure of the group if any; x the governance structure and the impact of the group dimension if any; x the organizational structure and the impact of the group dimension if any; x the financial institution’s objectives and enterprise values and its policy guidelines on conflicts of interest, remuneration structure, etc. Such information can be publicly disclosed through various media, e.g. the financial institution’s own web site or its financial reporting. The financial institution shall see to it that the information disclosed is in compliance with the rules as described in the governance memorandum (see in this respect Nos 96-99).

26 F. SOUND GOVERNANCE IN A GROUP CONTEXT Individual supervision and group supervision 78. The principles of sound governance should also be applied where the financial institution is part of a group. Groups generally tend to efficiently steer and control the business activity of their various entities by relying on a single group strategy and vision that fully exploits possible synergies. This tendency, when carried out within a group composed of regulated undertakings, is not as such incompatible with the interests of stakeholders or the aims of prudential supervision. Indeed, both group supervision and a follow-up of the situation and of the risks on a consolidated basis are essential parts of the supervisory structure. 79. The prudential supervision carried out on the group covers in principle, besides the aspects related to solvency and risk concentration, relevant aspects in relation with sound governance, such as (i) intragroup transactions, (ii) appropriate risk management and internal control procedures, (iii) the qualities required of the shareholders, (iv) a plural leadership, fitness and probity and the qualities required of the senior management, and (v) the statutory auditor’s tasks. 46 Having said this, the group remains subject to the requirement, on the part of the parent company as well as its subsidiaries, to duly take into account the existence of independent legal persons and the need for the parent company as well as the subsidiaries to have an adequate governance structure. In addition, the task of any supervisory authority is to ensure protection of depositors, insurance policyholders and investors of the group’s regulated entities that are subject to its supervision. In this perspective, the group dimension should not impede appropriate supervision by the supervisory authority and, where applicable, other competent authorities in other jurisdictions. Application of the principles to cross-border groups 80. Although group supervision as applied to groups whose activity presents an international dimension and whose structure includes entities governed by various jurisdictions is by nature more complex than that of purely national groups, the fundamental principles remain. However, such group supervision requires international consultation and must, in accordance with the provisions of the supervisory laws and/or bilateral or multilateral agreements, duly take into account the different rules and supervisory schemes to which certain entities are subject. 81. In other words, the principles laid down in this circular are applied to parent companies subject to CBFA supervision and to their Belgian regulated subsidiaries. For the purposes of consolidated follow-up of the risks incurred by the group as a whole, the CBFA expects that the mechanisms applied to follow up risks on the scale of the group are also applied to foreign subsidiaries, whether or not they are under prudential supervision. This does not mean that these foreign subsidiaries are subject to the Belgian supervisory rules. Also, group governance and control are without prejudice to the application of any local supervisory rules to which these foreign subsidiaries may be subject. 46 See Articles 49 and 49bis LCI, Articles 95 and 95bis LIF, Article 189 LCF, Articles 91ter-91octodecies LIC, and the Royal Decrees of 21 November 2005 (supplementary supervision of credit institutions, insurance companies, investment firms and management companies of UCIs in a financial services group), of 22 February 1991 (insurance groups) and of 12 August 1994 (banking groups).

27 82. For regulated subsidiaries established in Belgium of foreign parent companies, the principles apply on a solo basis. The mechanisms applied by the foreign group to the Belgian subsidiary for the group’s governance and control can be applied insofar as they are in compliance with the principles provided for in this circular. Additionally, binding Belgian regulations shall fully apply to Belgian regulated undertakings. Core principles 83. In the prudential assessment of the governance structure of the parent company, of the subsidiary and of the group, the starting point is that the various structures must agree among each other and operate within a transparent and balanced organization focusing on optimal management of the activities of the institutions under prudential supervision and concerned with an adequate follow-up of the risks incurred by both the various institutions and the group as a whole. In this respect, the CBFA shall take into account the specific features of the group and the institutions that are part of it, such as the nature, size, complexity and risk profile of each of the enterprises concerned, the nature of their stakeholders, and the scope as well as binding character - both from a legal and practical point of view - of the financial solidarity between the entities of the group. Distribution of tasks between the parent company and the subsidiary 84. Although practice may differ from one group to another, it is usually the parent company that determines the general policy and strategy of the group and the entities that compose it, including the governance structure of the subsidiary financial institutions, while the subsidiaries carry out the business activity which has been entrusted to them, in line with the guidelines determined by the parent company. 85. Inasmuch as the parent company can thus, by resorting to the various means available for steering the group, give instructions for the subsidiary to implement, the governing bodies of the subsidiary must ensure that such implementation is in compliance with the rules and obligations imposed upon the subsidiary as an autonomous legal entity and as a regulated institution. The subsidiary must inter alia remain alert to any group level decision or practice that is in breach of: (i) a legal or regulatory provision or prudential rule imposed upon the subsidiary; (ii) any such technical rule or prescription or any such code as governs the activity under prudential supervision; (iii) the sound and prudent management as well as the financial health of the institution; or (iv) the interests of the subsidiary’s own stakeholders, the protection of depositors, insurance policyholders or investors and the integrity of the market. 86. In carrying out their tasks within the company, the members of the board of directors of the subsidiary should have the adequate means to preserve the interest of the company, keeping in mind the stakeholders. To this effect, mechanisms should be installed within the group in order to identify in this respect certain group level decisions or practices and bring them to the attention of the governing bodies of the subsidiary and of the parent company. According to the governance model adopted by the group, these internal mechanisms will for instance rely on a solid supervisory function within the subsidiary's board of directors (e.g. an audit committee), on the presence, within the governing bodies of the subsidiary, of directors who are independent of the parent company, or on the existence of efficient independent control functions within the subsidiary.

28 Group steering techniques 87. Matrix management and business line management - meaning that operational powers for regulated subsidiaries’ activities are held not at subsidiary level but at the level of the parent company as part of a group steering policy - are often used within a group to improve the manner in which its activities are steered. Group steering is without prejudice to the responsibilities of the governing bodies of the subsidiaries as regards their activities (see No. 29). 88. The persons leading a business line or a centralized support service at group level are assimilated with senior managers if they have a direct and decisive influence on the decision￾making process within the parent company and/or subsidiaries. They are therefore subject to the criteria on expertise and fitness and probity and can be subject to sanctions47 . 89. Intragroup outsourcing of operational functions and central management of support services should meet the general rule on outsourcing48 while taking due account of the group dimension and of the extent to which the outsourcing enterprise controls the service provider or can influence its action. In addition, certain prudential requirements on outsourcing, such as due diligence examination of the service provider, the existence of an exit strategy and the monitoring obligation, should apply proportionately in a group context. 90. Important delegations of power between the entities of the group should be recorded within written agreements and/or SLAs. 91. Finally, it should be noted that the total impact of the group dimension (matrix and business line steering, intragroup outsourcing, centralization of functions) should not take such proportions that the regulated subsidiary will present the characteristics of an empty shell that has become unable to comply with the conditions imposed upon it as regards authorization and pursuit of the business. Independent control functions in a group context 92. From a functional point of view, the independent control functions of a regulated subsidiary can be steered and organized at group level, provided that this organizational model, combined with the functions and activities present in the subsidiaries, extends to all of the subsidiary’s activities. These functions should also be effective at the level of the subsidiaries. This means that within the regulated subsidiary, a person should be appointed as being responsible for each of these functions, that the company officers of the subsidiary should retain the possibility to participate in the steering and should be able to give instructions and receive the relevant reporting on its activities (without prejudice to functional reporting towards the group level). 47 See under principle VI (Nos 49-50). 48 See Circulars PPB 2005/5 of 22 June 2005 (credit institutions, investment firms) and PPB 2006/1 CPA of 6 February 2006 (insurance companies) on outsourcing.

29 Additionally, group level organization should is without prejudice to the obligation imposed upon undertakings under prudential supervision, by virtue of the anti-money laundering regulation, to appoint at company level a person in charge of implementing said regulation.49 Managing conflicts of interest 93. Conflicting interests at group level should be identified, prevented or managed. These can be: i. conflicts of interest, because of mutually conflicting activities (operations for own account, asset management, corporate finance), which are sufficiently managed at subsidiary level in compliance with the best practices mentioned in Nos 61-63, but can recombine at group level, e.g. at the level of the corporate bodies, of the business lines or of the control functions; ii. intragroup transactions and allocation of funds within the group; iii. conflicting interests between the parent company and subsidiaries or among the subsidiaries, e.g. as regards the allocation of corporate opportunities; iv. group decisions which, for the various métiers exercised by the various subsidiaries, have a different impact on the management of their financial position – i.e. their banking, insurance and investment position respectively - e.g. in the field of investments/divestments, valuation methods, etc. 94. Amounts receivable from related parties should be followed up and treated in accordance with the relevant policy; such follow-up and treatment should be reported appropriately to the corporate bodies of the financial institution and of the group. Plurality of functions 95. With a view to maintaining the necessary checks and balances within the group, concrete allocation of mandates in the corporate bodies, of key posts and of matrix or business line responsibilities should duly take into account any plurality of functions. The proposed separation of functions or of conflicting interests should not turn out to be neutralized in practice by a single person holding a plurality of functions within the group. G. GOVERNANCE MEMORANDUM Governance memorandum at company level 96. It should be reminded that the financial institution is responsible for setting up and maintaining an appropriate governance structure in light of the nature, size, complexity and risk profile of its activity, and for assessing the structure in light of this circular. Each financial institution should describe and document its shareholders structure and that of its group, its policy as regards composition of the governing bodies, its governance structure and its integrity policy, in a governance memorandum50. Where the financial institution is part of a group subject to supervision by the CBFA, the memorandum drawn up at the level of the financial institution can be part of the group’s memorandum (see No. 99). 49 See the Law of 11 January 1993 on preventing the use of the financial system for the purposes of laundering money and financing terrorism, and the CBFA Regulation of 27 July 2004 as approved by the Royal Decree of 8 October 2004 and as commented in point 13 of the consolidated version of 12 July 2005 of the CBFA Circular on the obligations of customer due diligence and on preventing the use of the financial system for money-laundering and the financing of terrorism (Circulars PPB 2004/8 and D.250 of 22 November 2004, as modified by Circulars PPB 2005/5 and D.258 of 12 July 2005). 50 See the enclosed governance memorandum outline.

30 97. The financial institution’s lead management, i.e. the board of directors in consultation with a management committee, should approve the governance memorandum. Where the financial institution's governance memorandum is integrated into a group memorandum, the company officers of each financial institution subject to supervision by the CBFA to which the memorandum applies should approve said memorandum. The governance memorandum is a prudential document that is an integral part of the supervision/authorization dossier of the financial institution with the CBFA and, as such, is confidential. 98. The memorandum should be adapted each time that significant changes with an impact on the governance structure and organization of the financial institution take place, and should be assessed at least once a year by the lead management. Governance memorandum of the group 99. Besides any aspect of relevance with respect to the subsidiaries belonging to the group, the group memorandum should cover the situation of the parent holding company and of the group as such, inter alia: i. a description of the objectives and interests of the group as regards the fields of activity and the interests of the subsidiaries; ii. the determination of the group steering and of the organization of the supervision of the subsidiaries by the group; iii. the concrete allocation of responsibilities between the parent company and the subsidiaries, inter alia as regards the determination of the subsidiaries’ own responsibilities; iv. the organization chart, including all corporate bodies and/or persons with a responsibility in the policy and strategy, the operational management of the group and its entities, as concerns the business lines and centralized services and all prudentially relevant functions within the parent company and the subsidiaries (internal audit, compliance, risk management, appointed actuary, accounting, etc.); v. the policy and rules taken into consideration by the group as regards intragroup outsourcing, management of conflicting interests, etc., as described above. Assessment by the CBFA 100. The memorandum and any significant changes thereto should be communicated to the CBFA. Following a dialogue with a financial institution, the CBFA shall assess the memorandum in light of the principals provided by this circular, including any binding provisions of the financial institution’s authorization and any prudential conditions to which its business pursuit is subject. Should the financial institution's governance structure prove deficient, the CBFA shall use its powers as determined by the supervisory laws to bring the financial institution to set up an adequate organization. ™

31 Annexe: governance memorandum outline

1. Shareholders structure
2. Group structure where applicable (legal and functional structure; organization chart)
3. Policy as regards composition and operation of the governing bodies (with a description of the group impact if any) (a) number, duration of the mandate, turnover, age, follow-up, etc. (b) selection criteria (c) procedure for appointments (new mandates/renewals) and dismissals/non-renewals; (d) independent directors; (e) remuneration policy i. senior managers ii. non-executive directors
4. Governance structure and organization chart (with a description of the group impact if any) (a) body that is legally the highest corporate body (in this case the board of directors) i. composition ii. operation (internal regulations) iii. specialized committees ƒ composition ƒ operation (b) senior management (in this case the management committee) i. composition ii. operation (internal regulations) iii. persons who are senior managers but are not members of the board of directors iv. internal distribution of tasks among the senior managers (c) other committees
5. Key functions (with a description of the group impact if any) (a) executive functions (b) Independent control functions i. internal audit ii. compliance iii. risk management iv. appointed actuary
6. Organizational structure (with a description of the group impact if any) (a) operational structure, business lines, matrix management and allocation of powers and responsibilities (b) outsourcing (c) products and services offered (d) geographical scope of the activity i. free provision of services ii. branches iii. subsidiaries, joint ventures, etc. (e) use of offshore centres
7. Integrity policy (with a description of the group impact if any) (a) strategic objectives and enterprise values (b) internal codes and regulations, prevention policy, etc. (c) policy on conflicts of interest (d) whistleblowing procedure (e) treatment of customers’ complaints
8. Policy as regards the principles applied with regard to publicity and disclosure
9. Status of the governance memorandum and date (a) drawing-up date (b) latest changes (c) latest assessment (d) approval ™