Isle of Man Financial Services Authority Guidance on Corporate Governance for Non-Banks

March 2017 Financial Services Act 2008 Guidance on Corporate Governance For all licenceholders except for Deposit Takers (Class 1) and Professional Officers STATUS OF GUIDANCE The Isle of Man Financial Services Authority (“the Authority”) issues guidance for various purposes including to illustrate best practice, to assist licenceholders to comply with legislation and to provide examples or illustrations. Guidance is, by its nature, not law, however it is persuasive. Where a person follows guidance this would tend to indicate compliance with the legislative provisions, and vice versa.

Isle of Man Financial Services Authority March 2017 Page 2 of 11 Contents

1. Introduction ..........................................................................................................................3
2. Background............................................................................................................................4
3. Licenceholders with simple organisational structures .........................................................5 3.1.Scope...............................................................................................................................5 3.2.Corporate governance objectives...................................................................................5 3.3.General guidance for small licenceholders.....................................................................5
4. Licenceholders with more complex structures.....................................................................6 4.1.Scope...............................................................................................................................6 4.2.Corporate governance objectives...................................................................................6 4.3.Self-assessment by the board .........................................................................................8
5. Subsidiaries and branches.....................................................................................................9 5.1.Scope...............................................................................................................................9 5.2.Local subsidiaries of international groups......................................................................9 5.3.Application to branches................................................................................................10 5.4.Application to managed licenceholders........................................................................10 Appendix 1: Useful website links and further reading ............................................................11

Isle of Man Financial Services Authority March 2017 Page 3 of 11

1. Introduction This guidance is designed to apply as widely as possible to assist licenceholders in enhancing their corporate governance framework; it is not designed to be prescriptive. This guidance brings together themes from three existing sources:  Companies legislation and particularly the Companies Act 1931;  The Financial Services Rule Book (‘Rule Book’); and  The Authority's guidance on the responsibilities and duties of directors under the laws of the Isle of Man, addressed to all Isle of Man companies. This document is primarily aimed at licenceholders which are either independent businesses or part of relatively small groups. It addresses five objectives of corporate governance:
2. Compliance with statutory obligations (including regulatory requirements). Every licenceholder must comply with the statutory obligations which apply to its business;
3. Management of risk. Each licenceholder must have an appropriate mechanism to identify and address the risks that are relevant to its business;
4. Aligning the interests of shareholders and directors. Where there is a separation of ownership and management (i.e. the shareholders are not involved in management), the board should be able to identify and respond to shareholders’ interests;
5. Management and control systems. Proper control by directors is particularly relevant where the business is large enough for the directors to delegate significant responsibilities to other managers; and
6. Balancing of power and responsibility within the board. This is particularly relevant where an organisation has a dominant shareholder who is also chairman or chief executive or the chairman or chief executive are considered dominant. It should be noted that this document is not exhaustive. It does not attempt to list every aspect of companies’ legislation or anti-money laundering legislation. For larger licenceholders interested in researching corporate governance further, the Authority recommends the report Corporate Governance Guidance and Principles for Unlisted Companies in Europe by the European Confederation of Directors' Associations “ecoDa”. ecoDa is a pan-European body to which the Institute of Directors is affiliated. The report concentrates on how good corporate governance can contribute to success. Those licenceholders which are part of stock exchange listed groups might also consider whether they can usefully apply aspects of the Authority’s guidance on Corporate Governance for Deposit-Takers. In Q2 2017, the Authority will be issuing guidance on Governance of Collective Investment Schemes, which should also be taken into account by relevant Class 3 licenceholders.

Isle of Man Financial Services Authority March 2017 Page 4 of 11 The Authority expects Class 4 CSP licenceholders to have regard to corporate governance principles in conducting the business of client companies. Standards of corporate governance in a licenceholder or its client entities may be relevant to the Authority’s assessment of the competence of the directors and other responsible officers. 2. Background In preparing this document the Authority has taken into account the varying size and complexity of its licenceholders. This is considered particularly important for small businesses, as it is widely accepted that “Regulation is more of a burden on smaller rather than larger firms.” (Business Regulation Survey, Department of the Taoiseach, Dublin, March 2007) Most documents on corporate governance are driven primarily by objectives for the governance of large organisations. This reflects the history of reports on the subject, which have originated in the needs of public companies and particularly companies which are listed on stock exchanges. The emphasis has traditionally been on communication between the board and shareholders, aligning the interests of the directors with those of the shareholders, and the role of chairmen and non-executive directors. The UK has had a series of reports on corporate governance. This reflects the size of its quoted companies and the importance of good governance amongst listed companies in maintaining London’s role as a focus of international listings of public companies. Notable examples are the reports by Cadbury (1993), Greenbury (1995), Hampel (1998) and Higgs (2003). Links to these reports, together with the UK Corporate Governance Code, can be found in Appendix 1. They would particularly merit consideration by larger licenceholders. However, the disadvantage of this traditional approach is that the focus on quoted companies means that it has limited relevance to the circumstances of small and medium￾sized enterprises. The “comply or explain” approach leaves them to work out which aspects apply to their circumstances.

Isle of Man Financial Services Authority March 2017 Page 5 of 11 3. Licenceholders with simple organisational structures 3.1. Scope A licenceholder with a simple structure is one in which:  the directors own the licenceholder outright, with no outside shareholders; and  the directors undertake all of the management functions (there are no other managers to whom they delegate). In such licenceholders the board does not need to address communication with shareholders or the appropriate delegation of powers to managers. 3.2. Corporate governance objectives The relevant objectives of corporate governance (as outlined in the Introduction) are:  Objective 1: Compliance with statutory obligations (including regulatory requirements). Every licenceholder must comply with the statutory obligations which apply to its business; and  Objective 2: Management of risk. Each licenceholder must have an appropriate mechanism to identify and address the risks that are relevant to its business. The board should also consider material transactions; “In general terms it is for the directors to meet, discuss and if appropriate, approve any material transactions the company is entering into” (See section 3.6 of the Authority’s guidance on the responsibilities and duties of directors under the laws of the Isle of Man). In addition, it should be noted that directors’ powers are not individual but collective. 3.3. General guidance for small licenceholders It is recommended that the board holds at least two meetings per annum, spread across the year. Each meeting should have a structured agenda and should be minuted. The agenda should enable the board to adopt and review in an orderly fashion the policies necessary to meet the various statutory and regulatory requirements, updating these policies as appropriate. The board should record its consideration of material transactions.

Isle of Man Financial Services Authority March 2017 Page 6 of 11 4. Licenceholders with more complex structures 4.1. Scope Businesses usually grow organically. Similarly, there is no sudden step-change in this guidance. The themes raised here should be addressed by businesses as and when they arise and in a manner which is proportionate to the growth of the business. As the business develops one or both of the following may apply:  the business has shareholders who are not also directors, which could mean that the directors’ interests are not necessarily aligned with those of shareholders; and  the directors in the business employ other managers, creating a need for delegation and control systems. These factors may be present in what is otherwise still a very small business (for example, a licenceholder which is basically a two-person business might have an outside shareholder or employ a manager). In such cases, the licenceholder should address the particular governance point arising and otherwise follow the guidance above in Section 3. 4.2. Corporate governance objectives Licenceholders must comply with statutory obligations and should also address the guidance set out in Section 3. In addition they should address the following corporate governance objectives (as outlined in the introduction): Objective 3: Aligning the interests of shareholders and directors “Good corporate governance should contribute to better company performance by helping a board discharge its duties in the best interests of shareholders.” Combined Code June 2008. Licenceholders should have an appropriate mechanism for reporting progress to shareholders who are not directors. As the organisation grows in scale and complexity the board should:  consider creating an appropriate system of checks and balances within the board, including splitting the roles of chairman and chief executive and recruiting independent non-executive directors;  consider whether the board should take steps to measure its own effectiveness;  aim to align remuneration policies with the long term interests of the business; and  consider the formation of board committees (for example for audit, remuneration and risk) with documented delegated powers, a mechanism for reporting to the board and, if considered appropriate, for reporting to the shareholders.

Isle of Man Financial Services Authority March 2017 Page 7 of 11 Objective 4: Management and control systems Licenceholders in which the directors delegate operational responsibilities to other managers should address the greater complexity of the management of the business. The board should:  segregate functions where practical; and  minute any matters that it is delegating and establish a mechanism to receive reports of actions under delegated powers. As the organisation grows in scale and complexity the board should:  encourage high standards of professional conduct by setting appropriate standards and having policies to address any illegal, unethical or questionable behaviour by members of the board or staff;  enhance the controls under rule 8.3 of the Rule Book to reflect the greater complexity of the business;  make arrangements for direct access to the board for the MLRO and the compliance officer under rule 8.23 of the Rule Book;  Make arrangements for the compliance officer / risk officer (or head) to present their reports to the Board;  segregate functions where practical so as to create a system of checks and balances for governance purposes;  establish a structured mechanism for each business area to report progress to the board and for the company secretary or another person to communicate board decisions to the management;  enhance its whistleblowing policy (rule 8.8 of the Rule Book) including appropriate action to protect the whistleblower from any negative repercussions arising from reporting in good faith their concerns. The confidentiality of any reports should be respected;  consider (where relevant) the formation of an investment committee with documented delegated powers and a mechanism for reporting to the board. Objective 5: Balancing of power and responsibility within the board “… No one individual should have unfettered powers of decision.” (Combined Code, June 2008) Many businesses are started by one or two people with entrepreneurial flair and drive. At some point in the development of the business, those founders will need to devolve power. Larger licenceholders in which a major shareholder is also a director should consider the appointment of one or more non-executive directors to provide an independent view and willingness to challenge decisions. The presence of a director who is both a major shareholder and chairman or chief executive may lead to situations in which decisions are taken by that individual with inadequate involvement of the board as a unit, or in which the board meets but does not function

Isle of Man Financial Services Authority March 2017 Page 8 of 11 effectively. The controller’s views may be insufficiently challenged by salaried directors. This presents a risk of arbitrary or poor quality decision-making. 4.3. Self-assessment by the board Directors should understand the licenceholder’s business, the regulatory environment, their oversight role, the licenceholder’s risk profile and the potential for conflicts of interest to occur. It is good practice for all directors to receive or to have received training on their legal duties and regulatory responsibilities prior to or shortly after being appointed to the board and be reminded of these on a periodic basis. This includes their responsibilities under the Anti-Money Laundering and Countering the Financing of Terrorism Code 2015. The licenceholder should agree and regularly review a personalised approach to training and development with each director. It is recommended that there is an induction programme for independent non-executive directors so that they are able to challenge and test proposals on strategy, risk matters and can draw on any information they feel is relevant to understand the business. It is good practice for all directors and senior officials to maintain appropriate levels of Continuing Professional Development (CPD). This assists them in keeping up to date with current developments and best practice. Under Rule 8.5 of the Rule Book all directors and key persons must comply with certain CPD requirements. The board should periodically evaluate the performance of its members and of the effectiveness of the actions of the board and its committees, identify any inadequacies and follow up any actions arising from such an exercise. In order to evaluate the performance of a non-executive director there needs to be clear expectations of the role, including the skills gaps which the non-executive director(s) have been recruited to fill. 4.4. General guidance for larger licenceholders It is recommended that the board meets not less than quarterly, and more frequently where this is appropriate to the organisation. Board meetings should have a structured agenda which, together with the supporting papers, should be circulated some days in advance of the meeting. Each meeting should be minuted. The agenda should enable the board to adopt and review in an orderly fashion the policies necessary to meet the various statutory and regulatory requirements, updating these policies as appropriate.

Isle of Man Financial Services Authority March 2017 Page 9 of 11 The board should record its consideration of significant issues and decisions made relating to ongoing operations and material transactions. Where roles which are important to meeting regulatory requirements, such as compliance officer, MLRO or company secretary are held by non-directors, there should be clear arrangements for the post-holders to report on their respective responsibilities. It is considered good practice to have the post-holders physically attend board meetings to present their reports. Licenceholders should encourage regular attendance of all directors at board meetings and monitor levels of attendance. Directors should aim to attend board meetings in person wherever possible. 5. Subsidiaries and branches 5.1. Scope This section addresses the application of the corporate governance principles set out in Part 1 and Part 2 to licenceholders which are either locally incorporated but are part of a larger group and are subject to group reporting obligations, or are not locally incorporated:  local subsidiaries of international financial services groups;  branches of overseas incorporated companies; and  managed licenceholders. 5.2. Local subsidiaries of international groups It is acknowledged that some institutions will operate to group policies and procedures. This guidance is not intended to create additional requirements but rather to set out some of the expectations in the Isle of Man. Licenceholders which are local subsidiaries of international financial services groups should have a clear understanding of group policies and the extent of their autonomy. Larger groups might have a group internal audit department. The function might otherwise be outsourced to a third party, for example a firm of accountants. Irrespective of the form of the internal audit function, the board of directors should review the arrangements at least annually to ensure that they are appropriate for the size and nature of its operations. For internal audit to be effective it should have direct access to the board. The Authority believes the relationship between internal audit, external audit and itself are very important. Each can assist the other in discharging their respective duties and responsibilities. It is the normal practice for internal audit and external audit to liaise at least on an annual basis. The Authority always welcomes the opportunity to meet with internal audit when it visits the Island.

Isle of Man Financial Services Authority March 2017 Page 10 of 11 Where appropriate the Authority will rely on work undertaken by the internal audit function and might request internal audit to undertake particular tasks and report to it. 5.3. Application to branches It is acknowledged that some institutions will operate to group policies and procedures and this particularly applies to branch entities. See Section 2.7 ‘Branches’ of the Banking Corporate Governance Guidance. Larger groups might have a group internal audit department. The function might otherwise be outsourced to a third party for example a firm of accountants. The Authority believes the relationship between internal audit, external audit and itself are very important. Each can assist the other in discharging their respective duties and responsibilities. It is the normal practice for the internal audit and external audit to liaise at least on an annual basis. The Authority always welcomes the opportunity to meet with internal audit when it visits the Island. 5.4. Application to managed licenceholders The Authority has published guidance on the corporate governance of managed licenceholders in its General Licensing Policy.

Isle of Man Financial Services Authority March 2017 Page 11 of 11 Appendix 1: Useful website links and further reading Standard-setting and professional bodies ACCA: Association of Chartered Certified Accountants www.acca.co.uk FCA: Financial Conduct Authority www.fca.org.uk FRC: Financial Reporting Council Combined Code - Derived from the Cadbury and Greenbury Reports www.frc.org.uk ICSA: Institute of Chartered Secretaries and Administrators www.icsa.org.uk ICAEW: Institute of Chartered Accountants in England and Wales www.icaew.com IoD: Institute of Directors www.iod.com OECD: Organisation for Economic Co-operation & Development www.oecd.org Reports on Corporate Governance European Confederation of Directors' Associations The European Corporate Governance Institute has available on its site an Index of Codes page which includes the main reports on corporate governance published worldwide (listed by country). The UK list includes amongst other entries:  Cadbury (1993 – financial aspects of corporate governance)  Greenbury (1995 - remuneration)  Hampel (1998 – review of the Cadbury code)  Higgs (2003 – effectiveness of NEDs) www.ecoda.org www.ecgi.org