The European Banking Authority (“EBA”) has published “Guidelines on Internal Governance” (GL 44). EBA’s guidelines aim to strengthen internal governance and control at credit institutions and securities institutions. EBA has focused, for example, on tightening requirements regarding corporate structure; the supervisory authority’s role, duties and responsibilities; information and IT systems; continuity planning; and heightened transparency requirements.
The Swedish Financial Supervisory Authority (FSA) is currently working on implementation of the guidelines, which will be effected by the repeal of the FSA general recommendations (FFFS 2005:1) on governance and control of financial companies for credit institutions. In connection with the rules being repealed, the FSA regulations and general recommendations (FFFS 2014:1) on governance, risk management and control of credit institutions will begin to apply on April 1, 2014 and thus incorporate GL 44 in Sweden. In connection with FFFS 2014:1, the FSA has also established regulations regarding management of operative risks and management of IT systems at credit institutions.
The new FSA regulations stipulate stricter requirements for continuity planning within the business. The idea is that the credit institutions are to draw up contingency plans that ensure that the business can be operated on an ongoing basis, uninterrupted, and limit the impact in the event of serious disruptions. As a result, the institutions have to analyze their exposure to potential disruptions and risks and devise solutions for the situations where problems may arise.
The FSA regulations also lay down more exacting requirements as to regulation of institutions out-sourcing of activities, a higher level of risk management (including that every institution must have a separate risk management function in place) and a demand that the institutions’ IT systems comply with generally used and widely accepted IT standards.
Furthermore, credit institutions needs to review existing internal guidelines and adapt them to the FSA regulations. They will also need to inform the Board of directors about imminent changes in the organisation and that the Board’s members need to be fully aware of risks associated with the business and more involved in day-to-day operations.