29.04.2021 Views

Corporate Governance in Financial Institutions

Suitability of the management body and key function holders, Communication and Cooperation with Internal and External Audit, Report on independent review of the Supervisory Board

Suitability of the management body and key function holders, Communication and Cooperation with Internal and External Audit, Report on independent review of the Supervisory Board

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

<strong>Corporate</strong> <strong>Governance</strong> <strong>in</strong> F<strong>in</strong>ancial <strong>Institutions</strong><br />

Deloitte Slovenia for CEF SEE, 28. April 2021


Agenda<br />

Topic<br />

Duration<br />

Basic elements of <strong>Corporate</strong> <strong>Governance</strong><br />

20 m<strong>in</strong><br />

Suitability of the management body and key function holders<br />

20 m<strong>in</strong><br />

Communicat<strong>in</strong>g/cooperat<strong>in</strong>g with Internal Audit and External Audit<br />

20 m<strong>in</strong><br />

Case Study: Report on <strong>in</strong>dependent review of the Supervisory Board<br />

10 m<strong>in</strong><br />

Q&A<br />

20 m<strong>in</strong><br />

2 © 2021 Deloitte Slovenija


Today’s speaker: Katar<strong>in</strong>a Kadunc, Audit Partner at Deloitte Slovenia<br />

Katar<strong>in</strong>a Kadunc<br />

Audit Partner, Deloitte revizija d.o.o.<br />

Ljubljana, Slovenia<br />

+386 31 335 452<br />

kkadunc@deloitte.com<br />

The challenge and opportunities at Deloitte are<br />

excit<strong>in</strong>g. I work with a group of people<br />

dedicated to mak<strong>in</strong>g our professional services<br />

delivery cutt<strong>in</strong>g edge.<br />

Introduction<br />

Relevant Experience<br />

Background and<br />

Interests/Professional<br />

Affiliations<br />

Katar<strong>in</strong>a is a certified auditor and partner <strong>in</strong> the<br />

Slovenian Deloitte office <strong>in</strong> Ljubljana. She jo<strong>in</strong>ed<br />

Deloitte <strong>in</strong> 2003.<br />

Katar<strong>in</strong>a is <strong>in</strong> charge of audit teams for our clients<br />

from the f<strong>in</strong>ancial sector. She is an active lecturer<br />

<strong>in</strong> account<strong>in</strong>g standards and corporate<br />

governance topics with<strong>in</strong> Deloitte Academy.<br />

Katar<strong>in</strong>a is <strong>in</strong> charge of conduct<strong>in</strong>g audits of<br />

f<strong>in</strong>ancial statements at banks and also other<br />

<strong>in</strong>dustries. She leads audits of Groups and PIE<br />

companies.<br />

She is also lead<strong>in</strong>g <strong>in</strong>ternal audit engagements,<br />

<strong>in</strong>ternal audit quality assessments and<br />

engagement related to corporate governance.<br />

Katar<strong>in</strong>a graduated from the Faculty of<br />

Economics <strong>in</strong> Ljubljana . She hold Slovenian<br />

title Certified Auditor and has obta<strong>in</strong>ed also<br />

Croatian statutory auditors licence.<br />

ACCA licence from 2009 and she holds title of<br />

Certified Internal Auditor of the Slovenian<br />

Institute of Auditors from 2014.<br />

3 © 2021 Deloitte Slovenija


4 © 2021 Deloitte Slovenija<br />

Basic elements of<br />

<strong>Corporate</strong> <strong>Governance</strong>


Aims of <strong>Corporate</strong> <strong>Governance</strong><br />

Incorporate values and ethics<br />

<strong>in</strong>to the corporate culture<br />

Perform/encourage communication<br />

and two-sided mechanisms between<br />

employees and management<br />

Update the approach and<br />

procedures of corporate<br />

governance and effectiveness<br />

of communication<br />

Update the structure of<br />

corporate governance<br />

Improvement of vertical and<br />

horizontal communication<br />

between the Board of<br />

Directors, Management,<br />

shareholder, employees and<br />

the public.<br />

Improvement and<br />

communication of the<br />

mission, vision and ethical<br />

values of the organization<br />

Ethics / Integrity<br />

Management Structure<br />

Human Resources<br />

Communication<br />

CORPORATE<br />

GOVERNANCE<br />

Internal Audit<br />

Expla<strong>in</strong> roles and responsibilities of<br />

management<br />

Regular updates to the<br />

education/knowledge of the Board,<br />

Supervisory Board and the Audit<br />

Committee<br />

Consolidation of compensation<br />

systems and motivation of employees<br />

with the strategy and ethical values of<br />

the organization<br />

Consolidation of the perform<strong>in</strong>g of<br />

Internal Audit with the bus<strong>in</strong>ess goals<br />

and the goals of the risk management<br />

system<br />

Improvement of uncover<strong>in</strong>g<br />

and evaluat<strong>in</strong>g risks<br />

Improve monitor<strong>in</strong>g and management<br />

of compliance with the law<br />

Improvement of risk<br />

management<br />

Improvement to understand<strong>in</strong>g of the<br />

legal requirements and laws<br />

Improvement of plann<strong>in</strong>g and<br />

approach to risk management,<br />

and their supervision.<br />

Improvement of risk<br />

management track<strong>in</strong>g<br />

Risk Management<br />

Internal Controls<br />

Legal compliance<br />

Consolidation of processes of tax<br />

plann<strong>in</strong>g and tax report<strong>in</strong>g with legal<br />

requirements<br />

Emphasize importance of <strong>in</strong>ternal controls<br />

5 © 2021 Deloitte Slovenija<br />

Introduction/improvement of the system of<br />

<strong>in</strong>ternal controls


Communication and Tone at the Top!<br />

10 ways of evaluation, does “Tone at the Top!” work?<br />

1) Identification of the scope and nature of wrong-do<strong>in</strong>g (“zero tolerance” vs. We allow m<strong>in</strong>or mistakes and risk hav<strong>in</strong>g bigger fraud):<br />

2) Level of anonymity of wrong do<strong>in</strong>gs (the higher the level – there is a presence of fear that previous reports were not handled<br />

accord<strong>in</strong>gly);<br />

3) Follow<strong>in</strong>g of media and communication onl<strong>in</strong>e (reputation evaluation);<br />

4) Employee surveys (we evaluate responsiveness, compare the results with other companies);<br />

5) Evaluation of the way <strong>in</strong>formation is communication from management (tone of communication);<br />

6) Interview with members of the Audit Commission, compliance leader, risk management leader;<br />

7) Level of understand<strong>in</strong>g of all companies <strong>in</strong> the group (existence of non-formal communication from the supervisors);<br />

8) Interview with former employees that left the company;<br />

9) Responsiveness level of employees when engag<strong>in</strong>g on the topic;<br />

10) Customer or stakeholders' compla<strong>in</strong>ts.<br />

6 © 2021 Deloitte Slovenija


Process of Risk Management<br />

Strategy, rules, labels<br />

Consolidated workflows of<br />

The risk management processes<br />

Def<strong>in</strong>e<br />

expectations<br />

Recogniz<strong>in</strong>g risks<br />

and current management<br />

Recognize<br />

risks<br />

Rules of<br />

Evaluate<br />

success<br />

Track risks and<br />

controls<br />

Cycle of risk<br />

management<br />

Evaluate/<br />

measur<strong>in</strong>g of<br />

risk<br />

Evaluate<br />

control<br />

measurement<br />

Internal Audit<br />

Tools, systems<br />

Decrease/<br />

control<br />

risk<br />

Risk Management<br />

department<br />

7 © 2021 Deloitte Slovenija


Potential Risk areas<br />

Shareholder<br />

Ethics<br />

Competitor<br />

Procurement<br />

Bus<strong>in</strong>ess partner<br />

Strategic plann<strong>in</strong>g<br />

Market dynamics<br />

Support processes<br />

Client<br />

Resource allocation<br />

State<br />

Manufactur<strong>in</strong>g & logistics<br />

Laws & regulations<br />

Government<br />

Process management<br />

Economy<br />

Market<strong>in</strong>g and sales<br />

Other assets<br />

Employee development<br />

Contracts<br />

Supplier<br />

Reputation<br />

Bus<strong>in</strong>ess<br />

R&D, services<br />

PPE<br />

Employee potentials<br />

Other obligations<br />

<strong>Corporate</strong><br />

Partners Market structure<br />

Process<br />

Material Assets<br />

Employees and work culture Legal department<br />

<strong>Governance</strong><br />

Strategy<br />

Potential risks areas<br />

Processes<br />

F<strong>in</strong>ance<br />

Knowledge<br />

Market<br />

Liquidity and loans<br />

Account<strong>in</strong>g<br />

Capital allocation<br />

Systems<br />

Data management<br />

Intellectual property<br />

Raw material prices<br />

Back payment<br />

Tax department<br />

Capital<br />

Hardware<br />

Plann<strong>in</strong>g and development<br />

Intangible assists<br />

Interest rate<br />

Cash flows<br />

Account<strong>in</strong>g<br />

Liabilities<br />

Software<br />

Work processes<br />

Knowledge management<br />

Exchange rate<br />

Risk preventions<br />

F<strong>in</strong>anc<strong>in</strong>g<br />

Standards and compliance<br />

Web/Bases<br />

Organization and<br />

monitor<strong>in</strong>g<br />

Information<br />

8 © 2021 Deloitte Slovenija


Overall Risk Management system<br />

Companies that have a well-def<strong>in</strong>ed Risk Management system benefit from a balanced<br />

perspective of manag<strong>in</strong>g risks based on the basic pr<strong>in</strong>ciples.<br />

Common def<strong>in</strong>ition of risks<br />

Common framework for manag<strong>in</strong>g risks<br />

Risk manag<strong>in</strong>g<br />

Duties and responsibilities<br />

Transparency of management/board<br />

Common system for manag<strong>in</strong>g risks<br />

Responsibilities of executive management<br />

Objective valuation and monitor<strong>in</strong>g of risks<br />

Frameworks and systems<br />

for manag<strong>in</strong>g risks<br />

Common system for<br />

manag<strong>in</strong>g risks<br />

Employees Processes Technology<br />

Responsibilities of bus<strong>in</strong>ess units<br />

Support from support<strong>in</strong>g functions<br />

Risk „ownership“<br />

9 © 2021 Deloitte Slovenija


Relationship between risks and <strong>in</strong>ternal controls<br />

RISKS<br />

Possibility of a damag<strong>in</strong>g event that can negatively impact the capabilities of an organization <strong>in</strong> achiev<strong>in</strong>g its goals<br />

RISK MANAGEMENT<br />

The process with which we try to reestablish trust <strong>in</strong> the capabilities of an organization to<br />

foresee, rank by priority, and successfully overcome the barriers <strong>in</strong> achiev<strong>in</strong>g its goals.<br />

INTERNAL CONTROLS<br />

Processes that have the aim to help realize the organization‘s goals – which can<br />

be managed/affected by the board, management and employees.<br />

10 © 2021 Deloitte Slovenija


Ethics<br />

The basic system of values that the organization wants to enact through Code of Ethics of an organization<br />

represents its employees:<br />

• By express<strong>in</strong>g goals and accompany<strong>in</strong>g values;<br />

• By establish<strong>in</strong>g unique ethical guidel<strong>in</strong>es for employees.<br />

Content of the Code of Ethics<br />

• Establishes the need to follow laws, legal requirements and <strong>in</strong>ternal statutes of the organization;<br />

• Encourages basic ethical behavior while perform<strong>in</strong>g bus<strong>in</strong>ess: professionalism, fairness, transparency and<br />

<strong>in</strong>dependence;<br />

• Prevents situations conflicts of <strong>in</strong>terests (i.e. accept<strong>in</strong>g gifts from supplies or clients, misuse of <strong>in</strong>ternal <strong>in</strong>formation<br />

for personal ga<strong>in</strong>, f<strong>in</strong>ancial <strong>in</strong>terests at external organizations that conduct bus<strong>in</strong>ess with the organization;<br />

• Concrete examples of ethical and unethical behavior;<br />

• Concrete examples of sanctions for not follow<strong>in</strong>g the Code of Ethics.<br />

11 © 2021 Deloitte Slovenija


Ethics<br />

The effectiveness of the Code of Ethics can <strong>in</strong>crease through:<br />

• Executive management thoroughly follow<strong>in</strong>g the Code of Ethics;<br />

• A written statement of each employee on agree<strong>in</strong>g to perform <strong>in</strong> accordance with the prescribed Code of Ethics;<br />

• A creation of an educational program provid<strong>in</strong>g employees to pose questions they might have <strong>in</strong> regard to the Code<br />

of Ethics;<br />

• Cont<strong>in</strong>uous <strong>in</strong>form<strong>in</strong>g of employees about ethical questions or situations;<br />

• Expanded responsibilities of the person <strong>in</strong> charge of ethics or the Ethics Board – that serves as an advis<strong>in</strong>g body to<br />

the organization;<br />

• Establish<strong>in</strong>g a well function<strong>in</strong>g system that enables employees to report on unethical behavior without fear or<br />

consequences (whistleblow<strong>in</strong>g);<br />

• …<br />

12 © 2021 Deloitte Slovenija


13 © 2021 Deloitte Slovenija<br />

Suitability of the<br />

management body and<br />

key function holders


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

ESMA and EBA issued f<strong>in</strong>al guidel<strong>in</strong>es (GL-2017-12) on the assessment of the suitability of<br />

members of the management body to help f<strong>in</strong>ancial <strong>in</strong>stitutions determ<strong>in</strong>e<br />

Summary<br />

These Guidel<strong>in</strong>es aim to harmonise and improve<br />

suitability assessments with<strong>in</strong> EU f<strong>in</strong>ancial sectors, and<br />

to ensure sound governance arrangements <strong>in</strong> f<strong>in</strong>ancial<br />

<strong>in</strong>stitutions <strong>in</strong> l<strong>in</strong>e with the Capital Requirements<br />

Directive (CRD IV) and the Markets <strong>in</strong> F<strong>in</strong>ancial<br />

Instruments Directive (MiFID II). The Guidel<strong>in</strong>es offer<br />

clarifications of a number of concepts and will<br />

undoubtedly provide credit <strong>in</strong>stitutions and <strong>in</strong>vestment<br />

firms with important practical guidance for assess<strong>in</strong>g<br />

the suitability of the <strong>in</strong>dividual members, as well as the<br />

overall composition of their management bodies.<br />

Monitor<strong>in</strong>g and Re-assessment<br />

<strong>Institutions</strong> are obliged to monitor the <strong>in</strong>dividual and<br />

collective suitability of the management body.<br />

Significant <strong>Institutions</strong> should perform a periodic suitability<br />

reassessment at least annually or if triggered by a specific<br />

event.<br />

Non-significant credit <strong>in</strong>stitutions should perform a periodic<br />

suitability reassessment at least every two years or <strong>in</strong> case<br />

triggered by a specific event such as:<br />

• a new appo<strong>in</strong>tment, a change of role or a renewal;<br />

• new facts or any other issue;<br />

• a licens<strong>in</strong>g or qualify<strong>in</strong>g hold<strong>in</strong>g procedure.<br />

2020 Update<br />

In 2020 EBA and ESMA launched a public consultation on<br />

its revised jo<strong>in</strong>t Guidel<strong>in</strong>es on the assessment of the<br />

suitability of members of the MB and KFH. This review<br />

reflects the amendments <strong>in</strong>troduced by the fifth Capital<br />

Requirements Directive (CRD V) and the Investment Firms<br />

Directive (IFD) <strong>in</strong> relation to the assessment of the<br />

suitability of members of the management body<br />

Practical Guidance<br />

The guidel<strong>in</strong>es also <strong>in</strong>clude Annexes with:<br />

• a template matrix to assess the collective suitability of<br />

the members of the management body<br />

• a list of skills and a list of documents that must be<br />

available at the time of the first appo<strong>in</strong>tment.<br />

14 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Addressees and scope of application<br />

Management body<br />

• Management function (executive).<br />

• Supervisory function (non-executive).<br />

• Partially or fully delegated executive functions the to a<br />

person or an <strong>in</strong>ternal executive body should be<br />

understood as constitut<strong>in</strong>g the management function.<br />

Key function holders<br />

(CRD-<strong>in</strong>stitutions* only)<br />

• Persons who have significant <strong>in</strong>fluence over the<br />

direction of the <strong>in</strong>stitution, but who are neither<br />

members of the management body and are not the<br />

CEO.<br />

• The heads of <strong>in</strong>ternal control functions and the Chief<br />

F<strong>in</strong>ancial Officer, when they are not members of the<br />

management body, should be always considered as key<br />

function holders, and therefore, subject to the<br />

<strong>in</strong>stitutions' assessment.<br />

* CRD-<strong>in</strong>stitutions: legally def<strong>in</strong>ed as “an undertak<strong>in</strong>g whose bus<strong>in</strong>ess is to receive deposits or<br />

other repayable funds from the public and to grant credits for its own account”,<br />

https://www.eba.europa.eu/risk-analysis-and-data/credit-<strong>in</strong>stitutions-register<br />

15 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Key Assessment Criteria: sufficient time commitment<br />

Quantitative assessment of time commitment<br />

• CRD IV sets a limit on the number of “directorships” which may be held by a<br />

member of the management body <strong>in</strong> an <strong>in</strong>stitution that is “significant” (Article<br />

91(3) of the CRD IV).<br />

• The number of directorships which may be held by a member of the<br />

management body of an SI under the CRD IV is limited to:<br />

a) one executive directorship with<br />

two non-executive directorships;<br />

b) or four non-executive directorships.<br />

However, there are two exceptions to this rule:<br />

1. Directorships <strong>in</strong> organisations which do not pursue predom<strong>in</strong>antly commercial<br />

objectives do not count.<br />

2. Certa<strong>in</strong> multiple directorships count as a s<strong>in</strong>gle directorship (“privileged<br />

count<strong>in</strong>g”):<br />

a) directorships held with<strong>in</strong> the same group;<br />

b) directorships held with<strong>in</strong> <strong>in</strong>stitutions which are members of the same<br />

<strong>in</strong>stitutional protection scheme;<br />

c) directorships held with<strong>in</strong> entities <strong>in</strong> which the <strong>in</strong>stitution holds a<br />

qualify<strong>in</strong>g hold<strong>in</strong>g (Articles 91(4) and (5) of the CRD IV).<br />

The members of the<br />

management body should<br />

have sufficient time to<br />

cover all the necessary<br />

subjects <strong>in</strong> depth.<br />

16 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Key Assessment Criteria: knowledge, skills and experience<br />

The management body,<br />

<strong>in</strong>dividually and collectively,<br />

should possess adequate<br />

knowledge, skills, and<br />

experience to understand the<br />

<strong>in</strong>stitution's activities.<br />

Stage 1 – Assessment aga<strong>in</strong>st thresholds<br />

Presumption of adequate experience for its management function:<br />

a) Executive CEO:<br />

Ten years of practical experience <strong>in</strong> bank<strong>in</strong>g or f<strong>in</strong>ancial services<br />

with<strong>in</strong> the last twelve years of which a significant proportion should<br />

<strong>in</strong>clude senior level managerial positions;<br />

b) Executive director:<br />

Five years of recent practical experience <strong>in</strong> bank<strong>in</strong>g or f<strong>in</strong>ancial<br />

services <strong>in</strong> senior level managerial positions.<br />

Presumption of adequate experience for its supervisory function:<br />

a) Non-executive chair:<br />

Ten years of recent relevant practical experience of which a significant<br />

proportion should <strong>in</strong>clude senior level managerial positions and<br />

significant theoretical experience <strong>in</strong> bank<strong>in</strong>g or a similar relevant field;<br />

b) Non-executive director:<br />

Three years of recent relevant practical experience at high level<br />

managerial positions (<strong>in</strong>clud<strong>in</strong>g theoretical experience <strong>in</strong> bank<strong>in</strong>g).<br />

Practical experience ga<strong>in</strong>ed <strong>in</strong> the public or academic sector could also<br />

be relevant depend<strong>in</strong>g on the position held.<br />

Stage 2 – Complementary assessment<br />

If the thresholds at which sufficient experience is presumed are not met conduct a<br />

complementary assessment of the appo<strong>in</strong>tee’s experience.<br />

• Examples of other relevant factors to <strong>in</strong>clude: sufficient diversity, broad range of<br />

experiences and, where relevant, national requirements to have staff<br />

representatives <strong>in</strong> the management body<br />

17 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Key Assessment Criteria: reputation, conflicts of <strong>in</strong>terest and <strong>in</strong>dependence of m<strong>in</strong>d<br />

Reputation<br />

• Members of the management body shall at all times be of sufficiently good;<br />

• S<strong>in</strong>ce a person can either have a good or a bad reputation, the pr<strong>in</strong>ciple of<br />

proportionality cannot apply to the reputation requirement<br />

Legal proceed<strong>in</strong>gs<br />

• Competent authorities must always be <strong>in</strong>formed of legal proceed<strong>in</strong>gs<br />

(pend<strong>in</strong>g or concluded)<br />

• Based on all the relevant <strong>in</strong>formation available, the supervisor will assess the<br />

materiality of the facts and their impact on the reputation of the appo<strong>in</strong>tee<br />

Conflicts of <strong>in</strong>terest and <strong>in</strong>dependence of m<strong>in</strong>d<br />

• Members of management bodies should be able to make their own sound,<br />

objective and <strong>in</strong>dependent decisions and judgments (i.e. act with<br />

<strong>in</strong>dependence of m<strong>in</strong>d)<br />

• Notify of all actual, potential or perceived conflicts of <strong>in</strong>terest and assess<br />

the materiality of the risk posed by the conflict of <strong>in</strong>terest.<br />

• If a conflict of <strong>in</strong>terest is considered to be material:<br />

• perform a detailed assessment of the particular situation;<br />

• decide which preventive/mitigat<strong>in</strong>g measures will be implemented;<br />

• prepare a “Conflict of <strong>in</strong>terest statement”.<br />

2020 Update - Independence of m<strong>in</strong>d<br />

Be<strong>in</strong>g a member of affiliated companies<br />

does not <strong>in</strong> itself represent an obstacle for<br />

a member of the MB to act with<br />

<strong>in</strong>dependence of m<strong>in</strong>d.<br />

Potential material conflicts of <strong>in</strong>terest<br />

Current<br />

Personal<br />

Close personal relationship with a<br />

member of a management body, is a<br />

party <strong>in</strong> legal proceed<strong>in</strong>gs, conducts<br />

significant bus<strong>in</strong>ess<br />

F<strong>in</strong>ancial<br />

Has a substantial f<strong>in</strong>ancial <strong>in</strong>terest <strong>in</strong><br />

or f<strong>in</strong>ancial obligation to the<br />

supervised entity<br />

Possible preventive/mitigat<strong>in</strong>g measures <strong>in</strong>clude:<br />

• prohibition to participate <strong>in</strong> any meet<strong>in</strong>g or decision-mak<strong>in</strong>g concern<strong>in</strong>g a<br />

particular disclosed <strong>in</strong>terest;<br />

• resignation of a certa<strong>in</strong> position;<br />

• specific monitor<strong>in</strong>g by the supervised entity;<br />

• specific report<strong>in</strong>g to the competent authority on a particular situation;<br />

• cool<strong>in</strong>g-off period for the appo<strong>in</strong>tee;<br />

• obligation on the supervised entity to publish the conflict of <strong>in</strong>terest;<br />

• any application of the “at arm’s length” pr<strong>in</strong>ciple;<br />

Current or over the past two years<br />

Political<br />

Holds a position of high political<br />

<strong>in</strong>fluence<br />

Professional<br />

Holds management or senior staff<br />

position or significant commercial<br />

relationship<br />

• specific approvals by the whole management body for a certa<strong>in</strong> situation to<br />

cont<strong>in</strong>ue.<br />

18 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Key Assessment Criteria: collective suitability, human and f<strong>in</strong>ancial resources for tra<strong>in</strong><strong>in</strong>g of members of the management<br />

body and other 2020 updates<br />

Collective suitability<br />

• Identify<strong>in</strong>g gaps <strong>in</strong> the collective suitability through the self-assessment of its<br />

management body, for example based on a suitability matrix.<br />

2020 Update - ESG factors<br />

Inclusion of the ESG factors with<strong>in</strong> the responsibilities<br />

of the management body<br />

Human and f<strong>in</strong>ancial resources for tra<strong>in</strong><strong>in</strong>g of members of the management<br />

body<br />

• Adequate human and f<strong>in</strong>ancial resources for <strong>in</strong>duction and tra<strong>in</strong><strong>in</strong>g of members<br />

of the management body to understand an <strong>in</strong>stitution's bus<strong>in</strong>ess model,<br />

structure and risk profile, and keep qualifications up-to-date;<br />

2020 Update - Collective suitability<br />

<strong>Institutions</strong> should respect the pr<strong>in</strong>ciple of equal<br />

opportunities for any gender and take measures to<br />

improve a more gender-balanced composition of staff<br />

<strong>in</strong> management positions.<br />

2020 Update - Recovery and Resolution<br />

The draft jo<strong>in</strong>t Guidel<strong>in</strong>es takes <strong>in</strong>to account the<br />

recovery and resolution framework <strong>in</strong>troduced by the<br />

Bank Recovery and Resolution Directive (BRRD) and<br />

provide further guidance <strong>in</strong> this regard. As part of<br />

early <strong>in</strong>tervention measures and dur<strong>in</strong>g resolution,<br />

the suitability of newly appo<strong>in</strong>ted members of the<br />

management body and of the management body<br />

collectively is relevant and requires an assessment.<br />

2020 Update - AML and CTF<br />

The Guidel<strong>in</strong>es address the fit and proper assessment<br />

of members of the management body as they<br />

contribute to identify<strong>in</strong>g, manag<strong>in</strong>g and mitigat<strong>in</strong>g<br />

money launder<strong>in</strong>g and f<strong>in</strong>anc<strong>in</strong>g of terrorism risks.<br />

19 © 2021 Deloitte Slovenija


Guidel<strong>in</strong>es on suitability of the management body and key function holders<br />

Standard procedure for new appo<strong>in</strong>tments<br />

Standard process flow<br />

• Notification of the national competent authority (NCA) by the supervised entity<br />

of the (proposed) appo<strong>in</strong>tment of a new member of the management body. To<br />

do this, the supervised entity uses the forms and templates provided by the<br />

NCA.<br />

• The NCA notifies the ECB and <strong>in</strong>forms it of the time limit, if any, with<strong>in</strong> which a<br />

decision has to be taken <strong>in</strong> accordance with the national law.<br />

• The NCA and the ECB collect all the necessary documentation and carry out a<br />

jo<strong>in</strong>t assessment, while ensur<strong>in</strong>g:<br />

• that the assessment is carried out <strong>in</strong> accordance with the substantive<br />

criteria provided <strong>in</strong> national law;<br />

• compliance with the requirements under Union law; and<br />

• consistency with the outcomes of other fit and proper assessments.<br />

• The ECB prepares a decision, with the assistance of the NCA.<br />

Types of decisions:<br />

• Negative decision<br />

• Positive decision<br />

• Positive decision with recommendation<br />

Where all the fit and proper requirements have been met, but an issue has been<br />

identified and needs to be addressed, the ECB may <strong>in</strong>clude recommendations or<br />

set out expectations.<br />

• Positive decision with obligation<br />

The ECB decision can also <strong>in</strong>clude an obligation to provide specific types of<br />

<strong>in</strong>formation for the purposes of the ongo<strong>in</strong>g fit and proper assessment or to take<br />

a specific action relat<strong>in</strong>g to fitness and propriety.<br />

• Positive decision with condition<br />

The ECB may also impose conditions. A condition is a requirement imposed on<br />

the supervised entity (while it may also have direct implications on the<br />

appo<strong>in</strong>tee) <strong>in</strong> place of what would otherwise be a negative decision.<br />

A proportionate approach is applied to most of the smaller entities fall<strong>in</strong>g under the<br />

direct supervision of the ECB. However, the assessment of whether all the fit and<br />

proper criteria are fulfilled rema<strong>in</strong>s the same.<br />

Where a conditional decision is issued, the supervised entity must report to the<br />

ECB, <strong>in</strong> a timely manner, on the fulfilment of the condition.<br />

Unlike non-compliance with an obligation or recommendation, non-compliance<br />

with a condition will automatically affect the fitness and propriety of the<br />

appo<strong>in</strong>tee, as failure to comply with a condition means that the appo<strong>in</strong>tee<br />

does not satisfy the applicable fit and proper assessment criteria<br />

20 © 2021 Deloitte Slovenija


21 © 2021 Deloitte Slovenija<br />

Communicat<strong>in</strong>g/cooperat<strong>in</strong>g<br />

with Internal Audit


Internal Audit<br />

An important part of corporate governance<br />

<strong>Corporate</strong> <strong>Governance</strong><br />

is the structure of rules, practices, and processes used to direct and manage a company. A<br />

company's board of directors is the primary force <strong>in</strong>fluenc<strong>in</strong>g corporate governance. Bad<br />

corporate governance can cast doubt on a company's operations and its ultimate profitability.<br />

Internal Audit is a<br />

key tool for Supervisory<br />

Boards <strong>in</strong> track<strong>in</strong>g the<br />

daily operations and<br />

success of bus<strong>in</strong>esses.<br />

The Institute of <strong>in</strong>ternal Auditors further classifies corporate governance<br />

<strong>in</strong>to 4 ma<strong>in</strong> pillars:<br />

1. Executive board / management;<br />

2. Internal audit;<br />

3. External audit;<br />

4. Supervisory Board / Audit<strong>in</strong>g Committee.<br />

Integration and cooperation between these 4 pillars are crucial for a successful corporate<br />

governance.<br />

22 © 2021 Deloitte Slovenija


Standards of Internal Audit<br />

International standards of professional practice<br />

of Internal audit<strong>in</strong>g<br />

Standard 1110 – Organizational Independence.<br />

Responsible body (= Supervisory board or Audit Committee):<br />

• Approv<strong>in</strong>g the <strong>in</strong>ternal audit charter;<br />

• Approv<strong>in</strong>g the risk-based <strong>in</strong>ternal audit plan;<br />

• Approv<strong>in</strong>g the <strong>in</strong>ternal audit budget and resource plan;<br />

• Receiv<strong>in</strong>g communications from the Chief Audit Executive on the <strong>in</strong>ternal audit activity’s<br />

performance relative to its plan and other matters;<br />

Standard 1111:<br />

Direct Interaction<br />

with the Board<br />

The Chief Audit<br />

Executive must<br />

communicate and<br />

<strong>in</strong>teract directly with<br />

the board.<br />

• Approv<strong>in</strong>g decisions regard<strong>in</strong>g the appo<strong>in</strong>tment and removal of the Chief Audit Executive;<br />

• Approv<strong>in</strong>g the remuneration of the Chief Audit Executive;<br />

• Mak<strong>in</strong>g appropriate <strong>in</strong>quiries of management and the Chief Audit Executive to determ<strong>in</strong>e<br />

whether there are <strong>in</strong>appropriate scope or resource limitations.<br />

23 © 2021 Deloitte Slovenija


Independence of Internal Audit<br />

Predisposition for a quality Internal Audit<br />

Theory:<br />

• Functional report<strong>in</strong>g to Supervisory Board / Audit Committee;<br />

• Adm<strong>in</strong>istrative report<strong>in</strong>g to the Board of Directors.<br />

Board of<br />

Directors/<br />

Supervisory<br />

Board<br />

Audit<br />

Committee<br />

CEO/Direc<br />

tor<br />

Internal<br />

Audit<br />

24 © 2021 Deloitte Slovenija


Added value of Internal Audit<br />

• In the past the Internal Audit function used to be a rout<strong>in</strong>e and repetitive task - with<br />

smaller emphasize on quality controls and a strong focus on compliance with legal<br />

requirements and procedures;<br />

• Today, Internal Audit is considered crucial <strong>in</strong> advis<strong>in</strong>g the Board of Directors and the<br />

Supervisory Board – it is a dynamic tool, focused on understand<strong>in</strong>g and<br />

identify<strong>in</strong>g/uncover<strong>in</strong>g various risks and opportunities for improvements;<br />

• Areas of Internal Audit analysis and outcomes <strong>in</strong>clude strategic guidance and decision<br />

mak<strong>in</strong>g, risk management, optimization, etc.;<br />

• Practical experience with do<strong>in</strong>g bus<strong>in</strong>ess.<br />

25 © 2021 Deloitte Slovenija


Internal Audit and Audit Committee<br />

Direct, open, honest and clear communication<br />

In accordance with best world practice from Internal Audit departments, the follow<strong>in</strong>g methods for establish<strong>in</strong>g and manag<strong>in</strong>g good relationships<br />

between the Internal Audit and Audit Committee are important:<br />

• The existence of a direct, open, honest and clear communication to avoid unexpected situations;<br />

• Internal Audit needs to <strong>in</strong>form the Audit Committee on new laws, trends and other important <strong>in</strong>formation that is needed to execute the<br />

activities of both sides;<br />

• The review of periodical reports, <strong>in</strong>form<strong>in</strong>g the Audit Committee with potential recommendations and their implementation;<br />

• Internal Audit must focus also on execut<strong>in</strong>g prevention measures, <strong>in</strong>stead of only focus<strong>in</strong>g on identify<strong>in</strong>g exist<strong>in</strong>g issues;<br />

• The program of corporate governance needs to <strong>in</strong>clude mechanisms for improvement of bus<strong>in</strong>ess processes, <strong>in</strong>troduction of ethical standards,<br />

education, report<strong>in</strong>g standards and systems, and confirmation of compliance with current legal and <strong>in</strong>ternal acts/processes;<br />

• Presentation of f<strong>in</strong>d<strong>in</strong>gs of Internal Audit must be <strong>in</strong> majority focused on review<strong>in</strong>g the supervisory questions from which the f<strong>in</strong>d<strong>in</strong>gs and their<br />

content derives from – <strong>in</strong>stead of only on the discovered issues;<br />

• Besides regular meet<strong>in</strong>gs of the Audit Committee, the Chief Audit Executive must also be <strong>in</strong> frequent contact with the members of the Audit<br />

Committee on wider topics and matters that are important for the company/organisation;<br />

• The Audit Committee create recommendations for the extraord<strong>in</strong>ary <strong>in</strong>vestigations or special audits (when deemed needed).<br />

26 © 2021 Deloitte Slovenija


The quality of Internal Audit<br />

Human Resource requirements for Internal<br />

Auditors are important<br />

Competences of the Internal Auditors are crucial for formulat<strong>in</strong>g and ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g the<br />

quality of Internal Audit.<br />

Every Internal Auditor must:<br />

• Understand and have knowledge of the function<strong>in</strong>g and bus<strong>in</strong>ess of the company;<br />

• Understand and have knowledge of the standards of Internal Audit;<br />

• Have the capabilities to perform and constantly improve f<strong>in</strong>ancial and operational<br />

processes;<br />

• Be able to foster effective communication and educate other employees;<br />

• Have a professional certificate.<br />

How can Internal Audit‘s performance be evaluated?<br />

How can you compensate a very high perform<strong>in</strong>g Internal Auditor?<br />

27 © 2021 Deloitte Slovenija


Usefulness of Internal Audit<br />

How to achieve a more important advisory<br />

role of Internal Audit?<br />

• Presence on board meet<strong>in</strong>gs<br />

• Chief Audit Officer needs to voluntarily decide which meet<strong>in</strong>gs <strong>in</strong> the company he or she<br />

will attend;<br />

• Besides Internal Audit experience, useful history of other experience from practice is<br />

beneficial;<br />

• Specialization of the team – not to small, not to strong, obligatory rotation of roles and<br />

work <strong>in</strong> teams;<br />

• Understand<strong>in</strong>gs of the management‘s expectations, the Audit Committee and auditees;<br />

• Short and <strong>in</strong>sightful report<strong>in</strong>g. Emphasiz<strong>in</strong>g the importance of measures that prevent risks.<br />

28 © 2021 Deloitte Slovenija


Annual plann<strong>in</strong>g of Internal Audit<br />

Risk-based approach<br />

• The annual plan of Internal Audit is derived from the risk assessment<br />

• Based on the identification of risks – all potential segments of the company are identified<br />

that should be part of the Internal Audit or so called t.i.„Audit Universe“. In this scope<br />

the processes with high risks are further laid out;<br />

• The annual plan needs to be checked by the manag<strong>in</strong>g board and be approved by the<br />

Audit Committee;<br />

• The annual plan needs to be periodically analyzed <strong>in</strong> order to determ<strong>in</strong>e its relevance or<br />

requires updated (current trend – quarter review and correction)<br />

29 © 2021 Deloitte Slovenija


Recommended additional read<strong>in</strong>gs/literature<br />

Deloitte: Audit Committee Resource Guide<br />

https://www2.deloitte.com/content/dam/Deloitte/us/Documents/center-for-corporate-governance/us-aers-audit-committeeresource-guide-2018-041818.pdf<br />

30 © 2021 Deloitte Slovenija


31 © 2021 Deloitte Slovenija<br />

Communicat<strong>in</strong>g/cooperat<strong>in</strong>g<br />

with External Audit


Responsibilities of the Audit Committee<br />

Help<strong>in</strong>g you fulfil your responsibilities<br />

Why do we <strong>in</strong>teract with<br />

the Audit Committee?<br />

To communicate<br />

audit scope<br />

To provide timely<br />

and relevant<br />

observations<br />

To provide<br />

additional<br />

<strong>in</strong>formation to help<br />

you fulfil your<br />

broader<br />

responsibilities<br />

We use this symbol to<br />

highlight areas of our<br />

audit where the Audit<br />

Committee needs to<br />

focus attention.<br />

As a result of regulatory change <strong>in</strong> recent years, the role of the Audit Committee has significantly expanded. We set out here<br />

a summary of the core areas of Audit Committee responsibility to provide a reference <strong>in</strong> respect of these broader responsibilities<br />

and highlight throughout the document where there is key <strong>in</strong>formation which helps the Audit Committee <strong>in</strong> fulfill<strong>in</strong>g its remit.<br />

• At the start of each annual audit cycle, ensure<br />

that the scope of the external audit is appropriate.<br />

• Make recommendations as to the auditor<br />

appo<strong>in</strong>tment and implement a policy<br />

on the engagement of the external auditor to<br />

supply non-audit services.<br />

• Review the <strong>in</strong>ternal control and risk<br />

management systems (unless expressly<br />

addressed by separate board risk committee).<br />

• Expla<strong>in</strong> what actions have been or are be<strong>in</strong>g<br />

taken to remedy any significant fail<strong>in</strong>gs or<br />

weaknesses.<br />

Ensure that appropriate arrangements are <strong>in</strong> place<br />

for the proportionate and <strong>in</strong>dependent<br />

<strong>in</strong>vestigation of any concerns raised by staff <strong>in</strong><br />

connection<br />

with improprieties.<br />

Oversight of<br />

external audit<br />

Integrity of<br />

report<strong>in</strong>g<br />

Internal controls<br />

and risks<br />

Oversight of<br />

<strong>in</strong>ternal audit<br />

Whistle-blow<strong>in</strong>g<br />

and fraud<br />

• Impact assessment of key judgements and<br />

level of management challenge.<br />

• Review of external audit f<strong>in</strong>d<strong>in</strong>gs, key<br />

judgements, level of misstatements.<br />

• Assess the quality of the <strong>in</strong>ternal team, their<br />

<strong>in</strong>centives and the need for supplementary<br />

skillsets.<br />

• Assess the completeness of disclosures,<br />

<strong>in</strong>clud<strong>in</strong>g consistency with disclosures<br />

on bus<strong>in</strong>ess model and strategy and, where<br />

requested by the Board, provide advice<br />

<strong>in</strong> respect of the fair, balanced and<br />

understandable statement.<br />

• Consider annually whether there is a need for<br />

an <strong>in</strong>ternal audit function and make<br />

a recommendation accord<strong>in</strong>gly to the Board.<br />

• Monitor and review the effectiveness<br />

of the <strong>in</strong>ternal audit activities.<br />

32 © 2021 Deloitte Slovenija


Auditor and the Audit Committee<br />

Basics of cooperation<br />

Cooperation and partnership relationship<br />

Frequency of meet<strong>in</strong>gs:<br />

• At least 3-4 times annually:<br />

o<br />

o<br />

o<br />

o<br />

Contract;<br />

Presentation of the Audit Plan;<br />

Report<strong>in</strong>g after <strong>in</strong>terim audit;<br />

Report<strong>in</strong>g after completed audit.<br />

Optional communication between the Audit Committee and Auditors – without the<br />

presence of the management board<br />

33 © 2021 Deloitte Slovenija


Auditor and the Audit Committee<br />

Examples of topics that can be discussed<br />

Risk management<br />

•Regulation and legal requirements;<br />

•Market and competitive trends;<br />

•F<strong>in</strong>anc<strong>in</strong>g and liquidity;<br />

•Exposure to f<strong>in</strong>ancial risks;<br />

•Bus<strong>in</strong>ess cont<strong>in</strong>uity.<br />

Exchange of<br />

<strong>in</strong>formation between<br />

the Auditor and the<br />

Audit Committee is<br />

essential for both<br />

sides to perform<br />

their tasks.<br />

Audit<strong>in</strong>g Team<br />

• Structure;<br />

• Experience of each member;<br />

• Experts, their experience and <strong>in</strong>dependence;<br />

• Review of the quality of the audit project,<br />

Independence<br />

•Is the auditor <strong>in</strong>dependent; review of other projects;<br />

•Potential discovered risks tied to <strong>in</strong>dependence;<br />

•Protection measures <strong>in</strong> the case of <strong>in</strong>dependence issues;<br />

•Rotation of the Audit<strong>in</strong>g firm or/and the Audit Partner.<br />

34 © 2021 Deloitte Slovenija


Auditor and the Audit Committee<br />

Examples of topics that can be discussed<br />

Account<strong>in</strong>g<br />

report<strong>in</strong>g<br />

Account<strong>in</strong>g<br />

valuation<br />

• Relevance of the process of account<strong>in</strong>g<br />

report<strong>in</strong>g;<br />

• Detected mistakes and their potential impact<br />

on account<strong>in</strong>g statements and disclosures;<br />

• Relevance of account<strong>in</strong>g approach.<br />

• Relevance of used methodology;<br />

• Bias/objectivity of the management;<br />

• Sensitivity towards the ma<strong>in</strong> assumptions;<br />

• Audit approach.<br />

IRS 260 – the<br />

auditor is required to<br />

report on key<br />

f<strong>in</strong>d<strong>in</strong>gs dur<strong>in</strong>g the<br />

audit, <strong>in</strong>clud<strong>in</strong>g the<br />

implemented<br />

account<strong>in</strong>g<br />

procedures.<br />

Issues discovered<br />

dur<strong>in</strong>g the audit<br />

• Review and understand<strong>in</strong>g of corrected and<br />

non-corrected issues;<br />

• Reasons and potential impact on <strong>in</strong>ternal<br />

controls.<br />

35 © 2021 Deloitte Slovenija


Auditor and the Audit Committee<br />

Examples of topics that can be discussed<br />

Related<br />

parties<br />

Internal<br />

controls<br />

Fraud<br />

• Ensure complete and accurate related party<br />

transactions.<br />

• Discovered defects <strong>in</strong> <strong>in</strong>ternal controls dur<strong>in</strong>g<br />

the audit;<br />

• Management of the control <strong>in</strong>formation<br />

system;<br />

• Cooperation with <strong>in</strong>ternal audit.<br />

• Estimat<strong>in</strong>g the risk of fraud;<br />

• Suspected fraud or actual discovered fraud;<br />

• Established mechanisms for uncover<strong>in</strong>g and<br />

discover<strong>in</strong>g fraud;<br />

• Management avoidance of established controls<br />

for fraud.<br />

IRS 240 – auditor<br />

received <strong>in</strong>sights <strong>in</strong>to<br />

how the responsible<br />

personnel manages<br />

the procedures for<br />

evaulat<strong>in</strong>g and<br />

respond<strong>in</strong>g to risks<br />

of frauc <strong>in</strong> the<br />

organisation and<br />

above the <strong>in</strong>side<br />

controls that the<br />

management<br />

established <strong>in</strong> order<br />

to m<strong>in</strong>imize risk of<br />

fraud.<br />

36 © 2021 Deloitte Slovenija


Fraud<br />

Two-way communication that takes place throughout the whole audit process<br />

Mutual report<strong>in</strong>g obligation of discovered and/or suspected fraud:<br />

• Frequent discussion of fraud risk and on the most risk exposed areas:<br />

− Impact of risk of fraud on the audit procedure;<br />

− Impact of suspected fraud and discovered fraud on audit procedure;<br />

− Potential impact on f<strong>in</strong>ancial statements and audit report;<br />

− Fraud triangle – presence of factors (motivational factors, pressure, opportunity,…);<br />

− In the case of management fraud – impact on <strong>in</strong>tegrity and risk associated with the ongo<strong>in</strong>g/approved bus<strong>in</strong>ess-<br />

Auditor<br />

Two-way<br />

Communication<br />

Supervisory Board<br />

Board of Directors/<br />

Management<br />

37 © 2021 Deloitte Slovenija


EU Regulation 537/2014<br />

Regulation (EU) No 537/2014 of the European Parliament and of<br />

the Council of 16 April 2014 on specific requirements regard<strong>in</strong>g<br />

statutory audit of public-<strong>in</strong>terest entities and repeal<strong>in</strong>g Committee<br />

Decision 2005/909/EC Text with EEA relevance<br />

Areas relevant for auditors and Audit Committees:<br />

• Audit fees (costs);<br />

• Non-audit services;<br />

• Evaluation of the quality of conducted audit;<br />

• Audit report;<br />

• Additional report for the Audit Committee;<br />

• Appo<strong>in</strong>tment of auditors;<br />

• Duration of the audit project;<br />

• Supervision of auditors and audit firms.<br />

38 © 2021 Deloitte Slovenija


Additional report<strong>in</strong>g <strong>in</strong> relation to Article 11 of the Regulation<br />

Contents of the separate report:<br />

Independence statement.<br />

Statement of all key audit partners that participated <strong>in</strong> the audit project.<br />

Type, frequency and scope of contact with the Audit Committee, management<br />

and/or supervisory board; <strong>in</strong>clud<strong>in</strong>g the dates of meet<strong>in</strong>gs with these parties.<br />

Description of the scope and duration of the audit.<br />

Description of used methodology (sample test<strong>in</strong>g/controls), changes to audit approach<br />

compared to previous year‘s audit.<br />

39 © 2021 Deloitte Slovenija


Additional report<strong>in</strong>g <strong>in</strong> relation to Article 11 of the Regulation<br />

Contents of the separate report:<br />

Materiality level (qualitative and quantitative factors).<br />

Circumstances <strong>in</strong> connection to risks of the audited company (disclosed warranties,<br />

comfort letters, support<strong>in</strong>g measures, on which the evaluation is based).<br />

Key defeciencies <strong>in</strong> the system reponsobile for f<strong>in</strong>ancial control and account<strong>in</strong>g<br />

report<strong>in</strong>g.<br />

Actual/assumed non-compliance with statutes or laws – and if these are relevant<br />

for the Audit Committee.<br />

Evaluation of the account<strong>in</strong>g methods used <strong>in</strong> different accounts, <strong>in</strong>clud<strong>in</strong>g the potential<br />

impacts on changed approach.<br />

40 © 2021 Deloitte Slovenija


Additional report<strong>in</strong>g <strong>in</strong> relation to Article 11 of the Regulation<br />

Contents of the separate report:<br />

Scope of consolidation and criteria for exclusion from consolidation.<br />

Audit<strong>in</strong>g projects, which were conducted by auditors not part of the obligatory<br />

mandated audit project and are not part of the same audit firm.<br />

Did the audit client hand over all relevant documents and requested explanations.<br />

… and all other<br />

matters that are<br />

relevant for<br />

supervision of<br />

the f<strong>in</strong>ancial<br />

report<strong>in</strong>g<br />

process…<br />

Issues present dur<strong>in</strong>g the audit project.<br />

All important matters that are derived from the obligatory mandated audit, and were<br />

discussed or communicated with the management of the audit client.<br />

41 © 2021 Deloitte Slovenija


42 © 2021 Deloitte Slovenija<br />

Case study:<br />

Report on <strong>in</strong>dependent review<br />

of the Supervisory Board


Independent external review was conducted with the follow<strong>in</strong>g steps:<br />

1. Review of legal<br />

requirements,<br />

guidel<strong>in</strong>es, code of<br />

conducts and good<br />

practice examples<br />

2. Preparation of<br />

a questionnaire<br />

for selfevaluation;<br />

analysis of<br />

answers from<br />

the Supervisory<br />

Board and other<br />

bodies<br />

3. Interviews<br />

with members of<br />

the Supervisory<br />

Board and<br />

selected other<br />

members of<br />

Higher<br />

Management<br />

4. Review of<br />

documentation<br />

5. Report<strong>in</strong>g on<br />

f<strong>in</strong>d<strong>in</strong>gs <strong>in</strong> relation<br />

to the evaluation of<br />

the work of the<br />

Supervisory Board<br />

of the bank and its<br />

committees, and<br />

analysis of the<br />

knowledge and<br />

competences of<br />

Supervisory Board‘s<br />

members<br />

43 © 2021 Deloitte Slovenija


Evaluation of the work of the Supervisory Board<br />

Based on the analysis of the questionnaires.<br />

Structure<br />

Process<br />

Cooperation with<br />

other parties<br />

Activity<br />

Structure<br />

Culture & compliance<br />

Board<br />

Committees<br />

Appo<strong>in</strong>tment<br />

Meet<strong>in</strong>gs<br />

Supervision of<br />

plann<strong>in</strong>g and strategy<br />

Important transactions<br />

Independence<br />

Provid<strong>in</strong>g <strong>in</strong>formation<br />

Understand<strong>in</strong>g of<br />

bus<strong>in</strong>ess and risks<br />

Performance<br />

Responsibilities<br />

Evaluation of the<br />

Supervisory Board<br />

Very strong Strong Medium strong Weak Very weak N/A<br />

*areas were evaluated for the Supervisory Board as a whole based on the self-evaluation questionnaires, conducted <strong>in</strong>terviews and reviewed documentation.<br />

44 © 2021 Deloitte Slovenija


Evaluation of the work of the Audit Committee<br />

Based on the analysis of the questionnaires.<br />

Structure<br />

Process<br />

Cooperation with<br />

other parties<br />

Activity<br />

Structure<br />

Culture<br />

Relationship with<br />

the Board<br />

Understand<strong>in</strong>g of<br />

bus<strong>in</strong>ess and risks<br />

Independence<br />

Meet<strong>in</strong>gs<br />

Supervision over<br />

f<strong>in</strong>ancial report<strong>in</strong>g<br />

Provid<strong>in</strong>g <strong>in</strong>formation<br />

Supervision over the<br />

audit<strong>in</strong>g procedure<br />

Responsibilities<br />

Ethics and<br />

compliance<br />

Self-evaluation<br />

Very strong Strong Medium strong Weak Very weak N/A<br />

*areas were evaluated based on the self-evaluation questionnaires, conducted <strong>in</strong>terviews and reviewed documentation.<br />

45 © 2021 Deloitte Slovenija


Evaluation of the work of the Nom<strong>in</strong>ation and Remuneration Committee<br />

Based on the analysis of the questionnaires.<br />

Cooperation with<br />

Structure Process Activity<br />

other parties<br />

Structure<br />

Culture<br />

Relationship with<br />

the Board<br />

Supervision over the<br />

appo<strong>in</strong>tment procedure<br />

Independence<br />

Meet<strong>in</strong>gs<br />

Evaluation of the Board<br />

and the Supervisory Board<br />

Provid<strong>in</strong>g <strong>in</strong>formation<br />

Self-evaluation<br />

Responsibilities<br />

Very strong Strong Medium strong Weak Very weak N/A<br />

*areas were evaluated based on the self-evaluation questionnaires, conducted <strong>in</strong>terviews and reviewed documentation.<br />

46 © 2021 Deloitte Slovenija


Analysis of the experience and knowledge of the Supervisory Board (1/2)<br />

Work experience Board Member Member 1 Member 2 Member 3 Member 4 Member 5 Member 6* Member7* All<br />

Leadership experience/period YES/ 2006- YES/ 2002- YES YES/<br />

1996-<br />

YES/ 1995- YES/1995 YES/2016 7<br />

Leadership experience from commercial bank<strong>in</strong>g/period<br />

YES/2004-<br />

2016<br />

YES/2007 NO NO NO YES/<br />

1995/2007<br />

NO 3<br />

Work experience from commercial bank<strong>in</strong>g/period<br />

YES/2004-<br />

2016<br />

YES/2007 NO NO NO YES/1989-<br />

2016<br />

YES/2008 4<br />

Work experience from area of bank<strong>in</strong>g supervision/period NO NO NO YES/ 1996-<br />

2005<br />

YES/<br />

1992-1995<br />

NO NO 2<br />

Work experience from area of law, legal/period NO NO NO NO NO NO YES/<br />

2008-<br />

1<br />

Work experience from area of f<strong>in</strong>ance, account<strong>in</strong>g or<br />

tax/period<br />

YES/ 2004-<br />

2016<br />

YES/ 2011-<br />

2015<br />

YES/<br />

1995-<br />

YES/ 1996<br />

YES/<br />

1992-<br />

YES/1995<br />

YES/<br />

2008-<br />

7<br />

Work experience from risk management <strong>in</strong> banks or other<br />

f<strong>in</strong>ancial <strong>in</strong>stitutions/period<br />

YES/ 2004-<br />

2016<br />

NO NO NO NO YES/ 2007-<br />

2014<br />

NO 2<br />

Work experience from area of IT/period NO NO NO NO NO NO YES/ 2016 1<br />

Previous work experience from Supervisory Boards <strong>in</strong><br />

commercial banks/period<br />

NO NO YES/ 2011-<br />

2015<br />

NO NO NO NO 1<br />

Previous work experience from Supervisory Boards <strong>in</strong> non<br />

f<strong>in</strong>ancial <strong>in</strong>stitutions, organizations/period<br />

NO YES/ 2011-<br />

2013<br />

YES/<br />

1996-<br />

YES/<br />

2008-<br />

NO NO NO 3<br />

*Members are currently <strong>in</strong> the outgo<strong>in</strong>g period from the board<br />

47 © 2021 Deloitte Slovenija


Analysis of the experience and knowledge of the Supervisory Board (2/2)<br />

Education/qualificaions Board Member Member 1 Member 2 Member 3 Member 4 Member 5 Member 6* Member7* All<br />

EDUATION<br />

Management X X X X 4<br />

Economics (bank<strong>in</strong>g, f<strong>in</strong>ance, account<strong>in</strong>g, audit) X X X X X X X 7<br />

Law X 1<br />

IT 0<br />

QUALIFICATIONS**<br />

IT X X X X X X X 7<br />

<strong>Corporate</strong> <strong>Governance</strong> X X X X X X 6<br />

Management X 1<br />

Strategy X X 2<br />

Law X 1<br />

Account<strong>in</strong>g X X X X X 5<br />

Compliance of bus<strong>in</strong>ess 0<br />

Internal Audit X X X X X 5<br />

External Audit X X X X X 5<br />

Risk Management X X X X X X X 7<br />

Bank<strong>in</strong>g Regulations X X X X X X X 7<br />

*Members are currently <strong>in</strong> the outgo<strong>in</strong>g period from the board<br />

**Based on completed courses/workshops with members of the Supervisory Board <strong>in</strong> years 2016, 2017 and 2018 (until 25th Maz 2018)<br />

48 © 2021 Deloitte Slovenija


Katar<strong>in</strong>a Kadunc<br />

Audit Partner<br />

Deloitte Revizija d.o.o.<br />

kkadunc@deloitte.com<br />

+386 (0)31 335 452<br />

Luka Hrobat<br />

Manager<br />

Deloitte Svetovanje d.o.o.<br />

lhrobat@deloittece.com<br />

+386 (0)41 224 596<br />

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”).<br />

DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and <strong>in</strong>dependent entities, which cannot obligate or b<strong>in</strong>d each other <strong>in</strong><br />

respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to<br />

clients. Please see www.deloitte.com/about to learn more.<br />

Deloitte is a lead<strong>in</strong>g global provider of audit and assurance, consult<strong>in</strong>g, f<strong>in</strong>ancial advisory, risk advisory, tax and related services. Our global network of member firms and related<br />

entities <strong>in</strong> more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately<br />

312,000 people make an impact that matters at www.deloitte.com<br />

Deloitte Central Europe is a regional organization of entities organized under the umbrella of Deloitte Central Europe Hold<strong>in</strong>gs Limited, the member firm <strong>in</strong> Central Europe of Deloitte<br />

Touche Tohmatsu Limited. Services are provided by the subsidiaries and affiliates of, and firms associated with Deloitte Central Europe Hold<strong>in</strong>gs Limited, which are separate and<br />

<strong>in</strong>dependent legal entities. The subsidiaries and affiliates of, and firms associated with Deloitte Central Europe Hold<strong>in</strong>gs Limited are among the region’s lead<strong>in</strong>g professional services<br />

firms, provid<strong>in</strong>g services through nearly 7,000 people <strong>in</strong> 44 offices <strong>in</strong> 18 countries.<br />

© 2021 Deloitte

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!