Setting standards
Shayne Nelson, Chief Executive Officer of Emirates NBD, muses how corporate governance, risk and compliance have changed beyond recognition since he first came to the region.
Shayne Nelson has seen a lot of change in his extensive banking career, which has spanned several continents. With roles including Chairman of Standard Chartered Saadiq and Standard Chartered Chief Risk Officer for Wholesale Banking within his repertoire, Nelson is perfectly placed to talk about managing corporate governance, risk and compliance. As corporate governance continues to evolve in the region and a new credit bureau is rolled out, Nelson spoke to Framework about how banks’ strategies and the role of the CEO are being influenced by new standards.
How has the development of Emirates NBD’s Governance, Risk and Compliance (GRC) controls impacted the bank’s strategy?
“Emirates NBD’s GRC controls and its strategy have evolved over the years and there has been an increasing level of interaction between the two. Significant enhancements have been made and continue to be made to the Group’s GRC management framework which underpins business growth and strategic direction. Specifically: all key strategic decisions are aligned with the bank’s risk appetite which is defined by the board of directors; robust and rigorous risk assessments are carried out to ensure strategic decisions are carefully made and risks highlighted, mitigated or managed; and management ensures that necessary risk infrastructure is in place to mitigate risks.
“Risk governance is ensured through a number of risk committees including the Board Risk Committee (BRC), which is supported by the Group Risk Committee (GRC), and specialised credit committees which include the Board Credit and Investment Committee, Early Alerts Committee etc. This helps ensure healthy and diversified growth in the loans portfolios and improving Non Performing Loan (NPL) ratios. “Efforts are being made to apply a more consistent standard of GRC (including Policy, Systems and Assurance processes) across all of the Group’s entities in its footprint. Inevitably this leads to a strengthening and harmonising of GRC controls across the Group as the higher common denominator is adopted. The more integrated approach in developing Emirate NBD’s GRC controls minimises areas of overlap and maximises common infrastructure and resources. This creates a platform that prepares Emirates NBD for future growth aspirations and sustainable profit-generating business.
“Emirates NBD’s Enterprise Performance Management (EPM) framework helps achieve the Group’s vision and strategy. Within that framework, GRC is an integral part of the Bank’s strategy and is formalised through strategic objectives that focus on improving NPLs and ensuring compliance with external regulations while strengthening internal controls. Appropriate performance measures and targets, which range from 15 – 20 per cent of variable remuneration) relating to these strategic objectives are incorporated into the scorecards of the bank’s business units and supporting staff.
“There’s no way these days that you cannot consider good corporate governance around your strategy. These days, more and more, that means the US, Europe and the UK. It’s not just UAE rules you have to consider – now it’s global. When a bank needs to clear US dollars, it must do so with proper due diligence because the bank clearing in the US will bear the consequences if anything goes wrong.”
How do you create a culture throughout the bank that embraces good governance practices?
“One of the bank’s ongoing objectives has been to progressively strengthen the bank’s GRC framework. A key element of this is the promotion of a culture that embraces good governance practices. This is espoused in the Group’s Code of Conduct that that defines our values, beliefs and practices. It helps our staff determine what is ‘acceptable’ and ‘unacceptable’, how to deal with conflicts of interest etc.
“An effective GRC culture starts from the top. The Board and senior management should be seen to the ‘set the tone’ or ‘the example’ that is cascaded down to all levels of staff.
“In support of this there should be a clearly articulated and communicated Group strategy with a well-defined risk appetite, staff training and an EPM framework that measures and places sufficient reward to encourage the right behaviour and ultimately good GRC practices.
“Good culture also comes from discipline, execution and assurance. It is not enough to make statements, policies or procedures. The first level of defense needs to be disciplined to ensure execution in accordance with the required standards. The second level of defense provides independent assurance that the required standards are being achieved by the first line. This requires regular monitoring, highlighting areas of success as well as areas of concern that require appropriate action to be taken.
How have the roles of MD and FD evolved as GRC practices have changed?
“In the past, it may have been sufficient to rely upon the fact that the GRC structures were in place in an organisation, without any associated impact or direct responsibility for senior management, however, the focus is shifting away from purely ‘financial performance’ to ‘financial stability’ supported by strong GRC controls.
“There has been an increasing expectation by international regulators that senior members of management are suitably skilled, experienced and aware in a broad range of areas – including an in depth understanding of GRC controls – to undertake their roles. In some foreign countries, more and more of these appointees must be approved prior to commencement and there are ongoing responsibilities and accountabilities. Approved persons can be held accountable and in some cases personally liable not only in the country that they reside or operate in but in other countries that have extra territorial reach. There have been instances where senior managers have even been extradited to face charges in another country.
“These days, I describe myself as the group compliance officer! One of the things I try and drill into people is compliance is absolutely critical to us as an organisation, and there is no line that we step over. It’s a hard line. Employees need to understand that from day one.”
Does the bank look at corporate clients’ own GRC practices and if so what positive impact does good implementation have when building relationships?
“Understanding a customer’s GRC practices is a critical part of the review which Emirates NBD undertakes when assessing any potential borrower. Traditionally, GRC practices were not often considered by banks but the importance of corporate governance was highlighted following the high profile defaults of two large family groups in the region which effectively brought an end to so-called “name lending”, which had previously been practiced by some banks.
“There are ever increasing expectations, including in many regulations related to AML and Sanctions Compliance, that require banks to conduct due diligence on all new relationships. Additionally for existing corporate clients these due diligence reviews have to be conducted on an ongoing periodic basis or when triggered by a risk event. This includes a consideration of their relevant GRC control principles, particularly for borrowing corporate clients.
“Having well defined GRC practices is clearly beneficial for all companies but the benefits are perhaps most obvious for family groups. Given that their owners and managers are the same, the conventional model of corporate governance has generally not been deemed applicable to them. Yet, these family companies – prevalent across the region – face serious governance challenges that require clear rules and decisionmaking frameworks. Common problems in family-owned companies include personal conflicts between different family members, lack of clear separation of interests and assets between the company and family, and succession issues that threaten the company’s survival beyond the founder.
“In these companies, good corporate governance can bring clarity to succession planning, more accountable decision making and greater transparency all of which are extremely helpful to banks and enhance the company’s credit worthiness. There must be some sort of capacity to shift the management controls if something happens to that patriarch. So having a succession plan in place is critical. Banks have got a big role to play in that. We look at what succession is in place, and if there is structure in place to enable that succession as part of our risk assessment criteria.”
What are the biggest challenges regarding corporate governance in the UAE?
“Banks like Emirates NBD, with their international presence, international staff and the need to clear transactions in key global currencies such as the USD, GBP and EUR, must also be aware of international regulatory requirements and global corporate governance practices as well as increasing local requirements.
“Banks in the GCC and the wider Middle East have different interpretations of what is required above and beyond their local regulatory requirements. This creates an uneven playing field. Establishing a consistent approach, common language and understanding of GRC controls would help. Corporate governance think tanks such as Hawkamah are vital to the region to promote good corporate governance practices and to provide continuous and ongoing assistance to other institutions.
“The region requires better quality information and greater transparency and timely disclosure about corporate strategy, performance, business activities, conduct and GRC controls. This would improve credit decisions, compliance with regulatory requirements such as AML, Sanction and market abuse and provide local and international investors with confidence.
“For underpinning good GRC controls there needs to be a good execution discipline and an assurance process that confirms that the requirements are being met. There are also growing international regulatory expectations that banks and corporates have consequence management processes in place to take action when requirements are not being met.”
What are the main factors driving corporate governance forward?
“Certainly when a company puts in a new level of transparency and governance it’s very positive. When I look back to when I first started working in this region, very few companies provided us with financials. That’s evolved dramatically. The Gulf as a whole has been pretty quick to learn the benefits of transparency. Knowledge of a company’s financial position allows you to price risk properly. If you’re not disclosing in a transparent manner, your pricing won’t be as good as it could be if you had disclosed unless you have something to hide!”
What impact will the implementation of the National Credit Bureau have on the bank’s risk management?
“For the client, it will be beneficial in the long term, especially for the good borrowers. You don’t know how many loans a client has really got, or what the payment history on those loans are and therefore you price everyone the same. At the moment, the better borrowers substitute the weaker borrowers. The credit bureau should pave the way for risk-based pricing.
“We will certainly use the credit bureau a lot. You can change your process to be far more efficient by building automated scorecards with the credit bureau itself to give instant approvals to clients, vastly improving the turnaround time.”
Are there different areas of focus on governance issues between Emirates NBD’s conventional offering and the Shari’ah-compliant services provided by Emirates Islamic?
“The core governance principles remain the same whether it’s conventional or Islamic banking. Meeting regulatory requirements, international best practices and corporate social responsibilities continue to be relevant and important. The Shari’ah governance system complements and strengthens the existing governance system embedded within Emirates Islamic.
“There are however, additional or specific government and regulatory criteria applicable to Shari’ah-compliant products, such as interest versus profit and this needs to be reflected in GRC practices through specific Islamic offerings and independent management structures.
“The Islamic bank has the additional governance framework of being governed by a Shari’ah Board. The Sharia Board reports directly to the shareholders and is mandated to ensure all elements of the Islamic bank is in compliance with the Shari’ah rulings. The Shari’ah Board is supported by a Shari’ah department and Shari’ah auditors who report on compliance directly to the Shari’ah Board.”
Do you have any concerns regarding the impact of further externally imposed compliance requirements such as the Foreign Account Tax Compliance Act (FATCA)?
“Naturally we are concerned about further externally imposed compliance requirements and the burden they place upon banks. Not only from an implementation perspective and the uncertainties that arise from new legislation and the various positions adopted by our local regulators, but also from an ongoing maintenance perspective, the policies, procedures, software and staff required.
“We are however not surprised at the developments given the increased globalisation of the financial industry, greater convergence international regulation and the extra territorial reach taking place in other areas of compliance such as Sanctions and AML Compliance. Whilst Sanctions Compliance focus is evident from the increase in the frequency and value of fines in the last eight years, there has been a noticeable switch to AML Compliance in recent years with some very large fines also levied. Tax evasion is now also increasingly being treated as a predicate offence and reportable as a suspicious activity in many countries and the Financial Action Task Force (FATF) has issued recommendations urging countries to adopt a similar stance. Whilst FATCA’s objective is to improve revenue for the US tax authorities, it places similar expectations on banks to know their customers – their country of residence; operations – domicile and to undertake ongoing monitoring to identify any change in status or any unusual activity.
“There is an OECD (Organisation for Economic Cooperation and Development – covering 20 major developed countries) initiative along the same lines as FATCA, generally referred to as GATCA (Global Account Tax Compliance Act (GATCA) that is also on its way. The OECD has recently announced a new standard for the automatic exchange of information between member tax authorities. This is known as the Common Reporting Standard (CRS). The statement recognises tax evasion as a global problem requiring the global solution of CRS as way to work together to tackle cross-border tax evasion. The statement included a timetable for implementation that identifies a commencement date of 1 January 2016, with first exchange of information taking place by the end of September 2017.
“ENBD undertook an assessment of the bank’s activities and business with US persons and this confirmed that the level of activity was significant enough to warrant the investment in the necessary policies, systems and procedures to support FATCA. That said, even if the bank chose not to bank US persons, significant controls would still be required to prevent US persons from opening accounts and for existing accounts to be monitored, so that any US connection could be identified, reported and exited. In effect the investment was similar.
“We made a conscious business decision to do FACTA to bank American clients. Making that decision is the first step for institutions. If you look at what’s happening around Europe regarding tax it’s probably just a matter of time before other countries adopt similar reporting practices. So if you say no to the Americans, do you then say no to the British? Commercially, it made sense for us just for the Americans. We made sure we built a system that would allow us to expand it to other countries if it so happens.”
