The European Banking Authority (EBA) has published guidelines on internal governance under the CRD IV.

Article 74 of the Capital Requirements Directive IV (CRD IV) mandates the EBA to develop such guidelines in order to harmonise institutions’ internal governance arrangements, processes and mechanisms within the EU.

The guidelines complete the various governance provisions in CRD IV, taking into account the principle of proportionality, by specifying the tasks, responsibilities and organisation of the management body, and the organisation of institutions, including the need to create transparent structures that allow for supervision of all their activities. The guidelines also specify requirements aimed at ensuring the sound management of risks across all three lines of defence and, in particular, set out detailed requirements for the second line of defence (the independent risk management and compliance function) and the third line of defence (the internal audit function).

The guidelines cover issues such as:

  • the role and composition of the management body;
  • the governance framework, including firms’ outsourcing policies;
  • risk culture and business conduct, including the management of conflicts of interest and the reporting of breaches to competent authorities;
  • internal control framework and mechanism, including the risk management function, the compliance function and the internal audit function; and
  • business continuity management.

The guidelines enter into force on 30 June 2018.

The EBA’s existing guidelines on internal governance, published on 27 September 2011, will be repealed at the same time. On the same date, the EBA and European Securities and Markets Authority joint guidelines on the assessment of the suitability of members of the management body and key function holders will come into force.

View EBA final guidelines on internal governance under CRD IV, 26 September 2017