G2/2014: Meetings to be held during the 2014 calendar year with the boards of directors of banks and controlling companies

South African Reserve Bank
From the Office of
the Registrar of Banks

G2/2014

2014-02-05

To banks, branches of foreign institutions, controlling companies, eligible institutions and auditors of banks or controlling companies

Guidance Note 2/2014 issued in terms of section 6(5) of the Banks Act, 1990

Meetings to be held during the 2014 calendar year with the boards of directors of banks and controlling companies

## Executive summary

This guidance note serves to inform all banks and controlling companies of the flavour-of-the-year topics for the discussions to be held with the respective boards of directors during 2014.

### A. Meetings with boards of directors

#### 1. Introduction

In order to assist the Office of the Registrar of Banks (this Office) to discharge its supervisory responsibilities, the scope of the meetings with banks’ boards of directors (Boards) and Chief Executive Officers (CEOs) to be held during the 2014 calendar year will consist of a discussion of the following two flavour-of-the-year topics:

1.1 information technology (IT) project governance, and  
1.2 market conduct.

#### 2. Format of the meetings to be held with banks’ boards of directors

All banks’ Boards will be required to make a presentation and/or engage in discussion on the above-mentioned flavour-of-the-year topics. The duration for each presentation should be limited to 45 minutes. It is intended that each presentation should cover only the key elements of the specific topic. This Office also requires to be furnished with a copy of each presentation at least three weeks prior to the Board meeting. The two flavour-of-the-year topics are discussed in greater detail below.

---

2

### 3. Information technology project governance

#### 3.1 Background

Value delivery from IT projects is critical to the success of any organisation. Accordingly, banks have increasingly embraced project governance as a key enabler of value delivery from strategic IT projects in order to remain competitive in a challenging business environment and for improving organisational efficiency and effectiveness. This Office has recognised the critical importance of IT projects to the banking sector and the fact that most banks have adopted traditional IT project management frameworks; however, improvements are required in terms of adherence to IT project management disciplines.

This Office would like to emphasise that IT governance, specifically the governance of IT projects, is regarded as an integral and ongoing element of banks’ risk management processes. Banks’ Boards assume ultimate responsibility for the quality, relevance and practicality of the banks’ IT project governance. Implementation of IT project governance will be further assessed in the normal course of this Office’s supervisory programme during 2014.

#### 3.2 Format of discussion

In view of the fact that IT project governance frameworks have to be customised according to the size and nature of each bank, this Office does not prescribe any specific IT project management frameworks. Banks are expected to ensure that their IT project management frameworks are practical and contribute to the delivery of IT projects that are on time, in budget and in scope.

The chairperson of the capital and risk management subcommittee (or equivalent) is required to make a high-level presentation to this Office on the bank’s governance and risk practices around IT projects. The following IT project governance aspects should be covered during the presentation:

a) How the Board ensures that IT project governance is robust.  
b) IT project governance issues, such as significant IT projects that affect the strategic direction of the bank.  
c) The value that is derived from IT and the return on investment realised from significant IT projects as presented to the Board. A clearly defined business justification for all projects and programmes, and an overview of the relationship between the project portfolio and overall business strategy should also be provided.  
d) The independent assurance received by the Board on IT project governance.  
e) The IT project management framework followed by the bank. The manner in which this framework is supported by appropriate methods and controls to identify, assess and mitigate business risks should also be discussed.  
f) The performance measurement criteria for IT project governance structures as well as their respective roles and responsibilities.  
g) Reporting criteria that are clearly defined and aligned with the bank’s requirements in order to allow reporting on the status of projects and escalation of issues and risks.

---

3

### 4. Market conduct

#### 4.1 Background

In determining the optimal business strategy, banks have to consider a wide spectrum of matters, including the regulatory environment in which they operate. The Basel 2.5 and Basel III frameworks, which are essentially outflows of the global financial crisis, establish more stringent banking regulation and standards in order to address a wide spectrum of matters related to both bank-specific and systemic risks.

In addressing the bank-specific and systemic risks, it has become evident from the recently reported international events, such as the manipulation of the London Interbank Offer Rate and various trading scandals, that banks could be exposed to inappropriate conduct practices by employees or representatives of banks. It is evident from these recent developments that the banking industry’s ethical standards could be easily compromised.

Consequently, this Office would like to bring to the attention of banks’ Boards the need to review market conduct in a more granular manner. This Office thus requires banks’ Boards to explore mechanisms that could eliminate inappropriate market conduct practices that potentially could expose banks to reputational risk.

#### 4.2 Format of discussion

Utilising the format outlined below, the chairperson of the capital and risk management subcommittee (or equivalent) will be required to make a presentation on the following aspects:

##### 4.2.1 Overview of the governance structures relating to market conduct:

a) responsibility of the Board;  
b) role of senior management;  
c) independent monitoring functions;  
d) internal audit coverage; and  
e) group/bank-wide market conduct information reported to the Board and senior management.

##### 4.2.2 Overview of group/bank-wide policy on market conduct.

##### 4.2.3 Overview of group/bank-wide market conduct programmes and IT systems used to identify reportable market conduct transactions with a particular focus on behaviour and culture.

##### 4.2.4 How, and on what basis, do the Board members satisfy themselves that internal policies and procedures are effective and to what extent is independent assurance obtained?

##### 4.2.5 Key market conduct issues emanating from compliance reviews as well as internal and external audits.

##### 4.2.6 Market conduct controls of operations in foreign jurisdictions in terms of the following:

a) risk classifications of branches, representative offices and subsidiaries;  
b) enhanced controls for high-risk and non-co-operative jurisdictions;  
c) assessment of market conduct legislative requirements of host countries;  
d) measures to deal with legal and operational obstacles in host countries;  
e) application of group market conduct policies;

---

4

f) extension of group market conduct information technology systems;  
g) nature and extent of market conduct training initiatives;  
h) oversight structures, including internal audit coverage;  
i) reporting mechanism back to South Africa on market conduct matters; and  
j) key market conduct issues emanating from compliance reviews as well as internal and external audits.

### B. Acknowledgement of receipt

#### 1.

Two additional copies of this guidance note are enclosed for use by your institution’s independent auditors. The attached acknowledgement of receipt, duly completed and signed by both the chief executive officer of the institution and the said auditors, should be returned to this Office at the earliest convenience of the aforementioned signatories.

René van Wyk  
Registrar of Banks

The previous guidance note issued was Guidance Note 1/2014, dated 4 February 2014.

PO Box 8432 Pretoria 0001 · 370 Helen Joseph Street Pretoria 0002 · South Africa · Tel +27 12 3133911/0861 12 7272 · Fax +27 12 3133758 · www.reservebank.co.za