The governance of banks in transition economies Croatia country report

Gian Piero Cigna Veronica Bradautanu

January 2012

CROATIA COUNTRY REPORT – 2012 PAGE 2 of 23

Table of content

Table of content .................................................................................................................... 2

Foreword .............................................................................................................................. 3

A. Methodology and overview of the banking system in Croatia ........................................... 4

1) Methodology ....................................................................................................................... 4

2) Overview of the banking sector in Croatia ......................................................................... 4

B. Key findings ..................................................................................................................... 9

1) The strategic and governance role of the board ................................................................ 9

2) Composition and functioning of the board....................................................................... 11

3) Risk Governance ................................................................................................................ 15

4) Internal Control ................................................................................................................. 16

5) Incentives and Remuneration ........................................................................................... 19

6) Transparency to the market and regulators ..................................................................... 20

7) Overall assessment of bank governance quality in Croatia .............................................. 21

This Report does not constitute legal advice. Readers are advised to seek appropriate legal advice before entering into any transaction, making any determination or taking any action related to matters discussed herein. The content of this Report is copyrighted. The assessments and views expressed in the Report are not necessarily those of the EBRD. All assessments and data in the Report are based on information gathered in the course of 2011.

For information or comments please contact Gian Piero Cigna at cignag@ebrd.com

-

The team is grateful for the assistance provided by all parties interviewed. In particular, the team would like to acknowledge the precious assistance offered by the law firms Mamić Perić Reberski Rimac and Wolf Theiss Croatia (http://www.wolftheiss.com/index.php/Croatia.html).

CROATIA COUNTRY REPORT – 2012 PAGE 3 of 23

Foreword

1. In July 2010, the Legal Transition Team of the EBRD launched a comparative assessment of the corporate governance of banks in its countries of operations. The overall objective of the assessment is to inform and support the EBRD’s policy dialogue with authorities with a view to generating further commitment to improve the corporate governance of banks in EBRD countries of operations. The assessment aims at providing the EBRD with an overview of the legal and regulatory framework governing the corporate governance of banks and how diligently the various rules and best practice guidelines are implemented.

2. The assessment focuses mostly on internal corporate governance arrangements in banks, particularly the role and composition of boards. It analyses the legal and regulatory framework; its implementation by supervisors; and the practices developed by the systemically important banks in each country. The transparency of governance arrangements to the supervisory authority and the markets is also reviewed. While the assessment analyses banks and their boards, and considers ownership structure and patterns in the banking sector, broader governance issues covered in the OECD Principles such as shareholder and stakeholder rights and responsibilities as well as equity market issues are not dealt with in any detail.

3. To enhance the EBRD’s understanding of the corporate governance of banks in countries of operations, countries reviewed are subjectively rated. For this purpose, the legal framework, supervisory practice and banking practice are given an overall score in the overall assessment section of each Country Report. The rating approach is detailed in the box below.

Rating1

“Strong to very strong” - The corporate governance framework / practices of supervisory authorities /

practices of banks are fit for purpose and are close to best practice.

“Moderately strong” - Most parts of the corporate governance framework / practices of supervisory authorities / practices of banks are adequate but further reform is needed “Weak” - The corporate governance framework / practices of supervisory authorities / practices of banks contain some elements of good practice but overall the system is in need of reform “Very weak” - The corporate governance framework / practices of supervisory authorities / practices of banks contain significant risks and are in need of significant reform

4. Each Brief Country Report is divided in two Sections: (A) Methodology and overview of the banking system; (B) Key findings – describing the strengths and weaknesses of the corporate governance of banks and policy recommendations where appropriate.

1 The assigned rating will be confirmed at the end of the assessment, once all countries have been assessed.

CROATIA COUNTRY REPORT – 2012 PAGE 4 of 23

A. Methodology and overview of the banking system in Croatia

1) Methodology

5. The analysis and recommendations contained in this report are based on research carried out by the EBRD and responses to written questionnaires sent to two Croatian law firms; the Croatian National Bank (hereafter the ‘CNB’); and three among the largest banks in the country (‘the banks reviewed’). Responses to the questionnaires were complemented by a desk research of Croatian legislative framework and other information on the banking sector in Croatia available from on-line sources.

2) Overview of the banking sector in Croatia

6. According to CNB 2011 Annual Report, at the end of 2011, there were 37 credit institutions operating in Croatia: 31 banks, one savings bank and five housing savings banks. The number of credit institutions operating in Croatia fell by one in 2011. This was due to a withdrawal of authorisation from Credo banka d.d., Split and a compulsory winding-up procedure initiated in this bank in the last quarter of the year. Bank assets (the savings bank included) rose by 4.2% in 2011 and stood at HRK 407.4bn (approx. EUR 54 bn)2 at the end of the year. The total assets of credit institutions accounted for 98.1% of total assets of all credit institutions, which is a slight fall from the end of 2010.3

7. The total assets of credit institutions stood at HRK 414.8bn (approx. EUR 55bn) and accounted for 121.6% of GDP At the end of 2011, six large banks dominated the market and accounted for 82.6% of the total assets of all banks (See Exhibit 1, below). The number of large banks, their line-up in terms of the amount of assets and their total market share have not changed significantly in the last five years.

Exhibit 1: The ten largest banks in Croatia by share of total banking assets and listing (end of 2011)

Bank name (6 largest banks) Share of total asset of banking system

(%) Listing on SE

1. Zagrebacka banka (UniCredit) 25.6 ZSE

2. Privredna banka Zagreb d.d., Zagreb (Intesa) 17.4 ZSE

3. Erste & Steiermärkische Bank d.d., Rijeka 14.0 ZSE

4. Hypo Alpe-Adria-Bank d.d., Zagreb 10.1

5. Raiffeisenbank Austria d.d. Zagreb 9.5

6. Société Générale-Splitska banka d.d., Split 6.6

Based on information CNB banks bulletin no. 23, December 2011 and CEE Banking Sector Report, June 2012 (Raiffeisen Research) *(Total Assets of Bank/Total Asset of sector)*100

8. At the end of 2011, the number of banks in domestic ownership fell by three (from 16 in 2010; to 13 in 2011), while the number of banks with majority foreign shareholders rose by two over

2 The exchange rate is EUR 1 = HRK 7.537 (as of 30/12/2011)

3 CNB 2011 Annual Report, page 51: http://www.hnb.hr/publikac/godisnje/2011/e-god-2011.pdf

CROATIA COUNTRY REPORT – 2012 PAGE 5 of 23

the previous year (from 15 in 2010; to 17 in 2011). They held a share in the total assets of the banking sector of 90.6 %, thus by far exceeding the share of domestically owned banks (see Exhibit 2, below).

Exhibit 2: Ownership structure in the banking sector in Croatia

Source: Croatian National Bank 2011 Annual Report

9. As reported in the Banking Supervisors from Central and Eastern Europe (BSCEE) Review 2011, gross domestic product of Croatia held steady in real terms in 2011, after falling by 1.2% in 2010 and by even higher 6% in 2009. Unfavourable developments in public finance continued for the third consecutive year. The government ensured almost the entire amount needed to finance the deficit through new borrowing, thus boosting further fast growth in general government debt that reached HRK 156bn (approx. EUR 20.69) - 45.7% of GDP in 2011. 4

10. The capital adequacy ratio rose to 19.6% as a result of a significant decline in the average weight for credit risk and the ensuing lower capital requirements for credit risk. The average weight for credit risk declined as a result of an increase in the share of low-risk exposures to central governments and central banks, with a considerable share of this increase being

4 BSCEE Review 2011, p. 108, see at: http://www.bscee.org/bins/BSCEE_Review_2011_tcm23-31967.pdf

CROATIA COUNTRY REPORT – 2012 PAGE 6 of 23

attributable to increased use of credit risk mitigation techniques, particularly the use of government guarantees.

11. Loan quality continued to worsen amid negative trends in the real sector, although at a somewhat slower pace. The nonperforming loan ratio increased from 11.2% at the end of 2010 to 12.4% at the end of 2011. The ratio of non-performing corporate loans went up to 20.1%, reflecting preceding developments and the highest ever risk of corporate loans. The quality of household loans remained relatively favourable, with the non-performing loan ratio reaching 8.6% at the end of the year.5

Exhibit 3: Asset portfolio quality and capital adequacy ratio of the banking sector in Croatia

Source: BSCEE Review 2011

Supervisory framework

12. The Croatian National Bank (CNB) is the main supervisory authority responsible for licensing and supervision of banks and savings houses in Croatia. CNB primary tasks include to issue and withdraw licenses/authorisations to Croatian credit institutions and other financial market participants; and to exercise supervision and oversight over credit institutions and other financial market participants.

13. The Croatian Financial Services Supervisory Agency (CFSSA) is the regulator in charge of supervising the capital markets and its participants, insurance markets, pension funds and

5 CNB Annual Report 2011.

CROATIA COUNTRY REPORT – 2012 PAGE 7 of 23

leasing companies. Its role in regulating and supervising credit institutions is minimal and is exercised via its regulations of capital market participants. However, such regulations would apply to the extent that CNB statutes do not provide otherwise.

14. There is a stock exchange in country, the Zagreb Stock Exchange (ZSE). The first 3 largest banks in the country are listed on the stock exchange and the ZSE has adopted a Corporate Governance Code that is mandatory on a "comply or explain" basis for listed companies. In October 2011 the market capitalisation was approx. Euro 18.6bn with average turnover of Euro 35.6mln.

Laws and regulations relevant for corporate governance of banks

Exhibit 4: Laws and regulation on the corporate governance of banks

Laws

1. The Credit Institutions Act (enacted in September 2008 and amended in June and December 2009 and replacing the Banking Act of 2002), governs the conditions for the establishment, operation and dissolution of credit institutions with registered offices in Croatia, as well as their prudential supervision; and the conditions under which legal persons with registered offices outside Croatia may provide banking and/or financial services in Croatia.

2. The Act on the Croatian National Bank (enacted June 2008) sets forth the status, objectives, tasks and organisation of the Croatian National Bank (“CNB”) and other matters relevant for the functioning and operation of the Bank, the relationship of the Bank with the (authorities of the) Republic of Croatia, credit institutions, international institutions and organizations.

3. The Companies Act (enacted December 1993, as amended) sets out the core rules on corporate governance in Croatia and is applicable to credit institutions to the extent it does not contradict the Law on Credit Institutions.

4. The Audit Act (enacted 2005) sets forth the basic rules for external audit of the companies and requires listed companies and banks to set up audit committees.

Secondary Acts:

1. Decision on the method of exercising supervision of credit institutions and imposing supervisory measures (2009), prescribes in detail the conditions and methods of exercising supervision of credit institutions and imposing supervisory measures, aimed at taking actions to improve the safety and stability of credit institutions' operation and eliminating illegalities, deficiencies or weaknesses in their operation.

2. Decision on supervisory reports of banks (2003), prescribes to Croatian banks to present certain supervisory reports to the Croatian National Bank for the purpose of carrying out supervisions of banks' operation pursuant to the Banking Act and regulations adopted in compliance with this and other acts.

3. Decision on public disclosure of compliance with prudential requirements by credit institutions (2009 as amended in 2010), prescribes the type and content of publicly disclosed information on the calculation of the capital adequacy ratio of credit institutions, the risk exposures and the risk management system; identifies the entities subject to public disclosure; the scope of application of public disclosure requirements; the criteria for and frequency of public disclosures; and the time limits for public disclosures.

4. Decision on the criteria and procedure for granting prior approval of the Croatian National Bank for the appointment of the chairperson or a member of the management board of a credit institution, (2009).

5. Decision on the contents of audits of credit institutions (2009), governs the contents of audits of credit institutions, as well as the reasons for the refusal of audit reports and audit firms' assessments of compliance with risk management rules, adequacy of operations of the risk control function, the compliance function and the internal audit function, the state of the information system and adequacy of information

CROATIA COUNTRY REPORT – 2012 PAGE 8 of 23

system management, as well as of the regularity, accuracy and completeness of the reports delivered to the Croatian National Bank.

6. Decision on internal control systems (2009), governs the minimum requirements for establishing adequate and efficient internal control systems, as well as the scope and manner of carrying out the control function activities.

7. Decision on risk management (2010), regulates minimum risk management requirements in relation to all principal risks and describes the risk management system, risk appetite, stress-testing, etc.

Corporate Governance Code:

1. A Corporate Governance Code was adopted by the Croatian Financial Services Supervisory Agency and the Zagreb Stock Exchange in April 2007. The Code focuses on disclosure, shareholder general meetings, management and supervisory boards, and covers many issues in line with the OECD Principles. The code is mandatory on a "comply or explain" basis for all listed companies on the regulated market. All listed companies must complete the Annual Questionnaire about Compliance with the Corporate Governance Code (AQ) attached to the code where they must explain all negative answers and submit it annually to the stock exchange. All companies must also exhibit the completed Questionnaire on their website.

CROATIA COUNTRY REPORT – 2012 PAGE 9 of 23

B. Key findings

1) The strategic and governance role of the board

Key strengths

15. Croatia has put in place a fairly developed legal framework on corporate governance of banks. Banks must be organised under a two-tier governance system, where the supervisory board ('SB') must not include executive directors. The law explicitly delegates the approval of the bank’s strategy and budget to the SB.

16. The SB is by law responsible for appointing members of the management board ('MB'), for supervising their activity, and for setting performance targets in accordance with the bank strategy. However, one of the respondent banks pointed to the fact that - in practice - the majority shareholder is in charge of appointing the MB.

17. Foreign penetration in the banking sector is high: the six largest banks in the country are all subsidiaries of foreign banking groups. Parent’s and group’s executives and directors sit on the subsidiary boards of local subsidiaries. This is undoubtedly contributing to the transfer of good practices from the group to local subsidiaries.

18. The Corporate Governance Code ('CGC') was adopted by the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency in 2007. Based on the Rules of the Zagreb Stock Exchange, the Code is implemented on a "comply or explain" basis for companies listed on the regulated market of the ZSE and is accompanied by the "comply or explain" Annual Questionnaire ('AQ'). The Code is fairly comprehensive and includes comprehensive corporate governance guidance. Although, the three largest banks are listed on the regulated market, only two appear to publish their AQ. The published AQs are generally extensive and banks tend to explain any inconsistencies of their practices with the Code’s recommendations.

19. Despite the fact that there is no explicit requirement in the law, all banks reviewed have indicated that they have adopted Codes of Ethics.

20. The CNB has the authority to address corporate governance failures and compel appropriate remedial action. These include setting a timetable for compliance and deciding on sanctions for non-compliance.

Key weaknesses

21. About 90% of banking sector assets belongs to banks controlled by foreign investors. The six largest banks in the country, holding 82.6% of the total banking assets are subsidiaries of foreign banking groups. Bearing this in mind, the local legal framework, supervisory authority and bank practice should attempt to include sufficient checks and balances to ensure that subsidiaries do not blindly follow policies and practices of the group. Although the CNB reports that it meets annually with the representatives of the parent, it does not require specific policies detailing the role of the parent/group in the adoption of the subsidiary’s strategy and in the decision making process of the subsidiary. Based on the subsidiaries’ annual reports, it transpires that there is a sense of over-reliance on the parents’ and group’s policies and

CROATIA COUNTRY REPORT – 2012 PAGE 10 of 23

strategy. The banks reviewed do not emphasise in their articles of association and corporate governance code the strategic role of their boards (e.g., the responsibility to discuss and approve the bank strategy and budget). Moreover, as mentioned above, in one of these banks it appears that the MB members, in practice, are elected directly by the controlling shareholder rather than the local SB.6

22. In a group setting, there is always a risk that a subsidiary boards may be viewed as mere formality, instances that exist only to justify the “fiction” of the separate legal entity. But it is wrong to view subsidiary boards as devoid of any organisational value. From a group’s perspective a subsidiary board is a very useful “hub” of local accountability, bringing together the oversight of all functions and business lines at local level. The board provides a “mini big picture” of the subsidiary which helps to avoid vertical silos across the group. When it comes to controls, local boards are a very useful additional buffer, another line of defence, to prevent lapses and failures at local level. From a forward looking strategic perspective, they are also a useful way to provide an out- of the- box perspective on local threats and opportunities which might often elude both local and group executives. Finally, from a regulatory perspective, subsidiary boards ensure that institutions, especially the systemically important ones, are focused in preserving the stability and effectiveness of the local banking system even in the few cases where these priorities might not be aligned with the broader interests of a multinational corporate group.7

Key recommendations

Legal framework

1. At least for the systemically important banks, banking regulation should consider requiring the presence of at least one supervisory board member with local expertise who is independent from the group.

Supervisory practice

2. The CNB should monitor local SB involvement in deciding strategic issues and require banks to submit policies specifying the role of the parent in the development of the subsidiary’s strategy and in decision-making in specific business and functional areas.

6 Best practices recommend the parent, in order to fulfil its internal governance responsibilities, to: (a) establish a

governance structure which contributes to the effective oversight of its subsidiaries and takes into account the nature, scale and complexity of the different risks to which the group and its subsidiaries are exposed; (b) approve an internal governance policy at the group level for its subsidiaries, which includes the commitment to meet all applicable governance requirements; (c) ensure that enough resources are available for each subsidiary to meet both group standards and local governance standards; (d) have appropriate means to monitor that each subsidiary complies with all applicable internal governance requirements; and (e) ensure that reporting lines in a group should be clear and transparent, especially where business lines do not match the legal structure of the group. 7 The EBA Guidelines on Internal Governance recommend the board of the subsidiary to adhere to the same governance

values as its parent, unless legal or supervisory requirements or proportionality considerations determine otherwise. Accordingly, the board of a subsidiary should, within its own internal governance responsibilities, set its policies and should evaluate any group-level decisions or practices to ensure that they do not put the subsidiary in breach of applicable legal and regulatory provisions or prudential rules. The board of the subsidiary should ensure that such decisions or practices are not detrimental to: (a) the sound and prudent management of the subsidiary; (b) the financial health of the subsidiary; or (c) the legal interest of the subsidiary’s stakeholders.

CROATIA COUNTRY REPORT – 2012 PAGE 11 of 23

2) Composition and functioning of the board

Key strengths

23. The banking regulations detail the duties of loyalty and care for supervisory and management board members, including the sufficiency of time they should spend for their duties and obligation to avoid engaging in competitive activities. The banking law also includes relevant sanctions.

24. Although the company law sets extensive limits for the maximum size of the supervisory board (up to 21 members), banks in practice have more adequately sized boards. Only one among the banks reviewed has more than ten members on the board. Anecdotal evidence and best practices indicate that smaller boards are better equipped to efficiently discharge their duties and allow adequate participation to all members.8

Exhibit 5: Board sizes in the banks reviewed and proportion of independent directors

25. Despite the fact that the law does not set clear requirements regarding the number of times the SB must meet, banks' SB session pattern is relatively adequate with SBs regularly meeting from five to twelve times a year. In one of the banks reviewed, the SB met in the previous year more than twelve times. In this case, there might be a risk of the board being overloaded with

8 According to the UK Corporate Governance Code "The board should not be so large as to be unwieldy and should be of

sufficient size that the requirements of the business can be met and that changes to the board’s composition and that of its committees can be managed without undue disruption", Section B, B1; see at: http://www.frc.org.uk/documents/pagemanager/Corporate_Governance/UK%20Corp%20Gov%20Code%20June%202010.pdf. Further, in the Walker Review of corporate governance in banks in UK it is stated that based on most recent research and behavioural studies that "an “ideal” size [for a bank board is] of 10-12 members, not least on the basis that a larger board is less manageable, however talented the chairman, and that larger size inevitably inhibits the ability of individual directors to contribute", § 3.1, see at: http://webarchive.nationalarchives.gov.uk/+/http://www.hm-treasury.gov.uk/d/walker_review_261109.pdf "The board should structure itself in a way, including in terms of size, frequency of meetings and the use of committees, so as to promote efficiency, sufficiently deep review of matters, and robust, critical challenge and discussion of issues." Basel Committee’s Principles for enhancing corporate governance - final document, 2010, § 42, see at: http://www.bis.org/publ/bcbs176.pdf.

CROATIA COUNTRY REPORT – 2012 PAGE 12 of 23

operational matters, which may prevent board members from concentrating on strategic matters.

26. There are no legal requirements for banks to provide induction and/or training to board members, but pursuant to the CGC, listed banks are to encourage training of supervisory board members. Accordingly, listed banks reported that they have training program in place. Unfortunately, it does not seem that other banks followed suit.

Key weaknesses

27. The law sets forth rigorous qualification criteria for the management board members, which detail the required education and experience, as well as pre-approval by the CNB. Instead, the criteria for SB members are limited. The law generally requires SB members to have sufficient knowledge and experience to be able to undertake their duties.

28. The CNB does not monitor the quality of the SB members upon their appointment and the law does not require candidates to be morally fit, financially sound, have banking/financial experience and for at least one member to have audit/accounting experience. Although the CGC includes more detailed requirements towards SB members, this may not be sufficient to ensure quality supervisory boards in all banks.

29. The banking law requires all banks to include at least one independent director on their board. However, the law does not provide guidance on its role on the board and on the SB committees - in particular the audit committee. Best practices recommend banks –including subsidiaries - to “have an adequate number and appropriate composition of directors who are capable of exercising judgment independent of the views of management, political interests or inappropriate outside interests”.9 Now, having only one independent director on the board may not be sufficient in order to bring this “independent judgement” as it may be difficult for one director to speak up or have sufficient stature to face other directors.

30. The law does not provide a definition of independence.10 The CGC provides a definition of “independent supervisory board member” but it is not clear on whether unlisted banks apply the definition of independence provided by the CGC.

31. The Code recommends that the majority of SB members are independent and that board committees are made by a majority of independent SB members. None of the banks being reviewed comply with the former of the CGC recommendations and two of the banks reviewed do not comply with the latter.

32. The practice of setting up board committees is limited. In line with the requirements of the Audit Act, all banks have set up audit committees; however, such committees do not appear to include only SB members, but also MB members or “outsiders”. The inclusion of MB members in the audit committee is of concern. The audit committee is – among others - responsible for ensuring the integrity of the financial statements, which are prepared by executives (generally sitting in the MB). Now, if an executive sits in the audit committee, it is a

9 Basel Committee on Banking Supervision, Enhancing corporate governance for banking organisations (2006), page 7.

10 The key characteristic of independence is the ability to exercise sound judgment after fair consideration of all relevant

information and views without undue influence from management or inappropriate outside interests.

CROATIA COUNTRY REPORT – 2012 PAGE 13 of 23

clear position of conflict of interest, being at the same time supervisor and supervised. This should be avoided.

33. The inclusion of “outsiders” (i.e., non-supervisory board members) in board committee needs to be carefully assessed.11 The key question here is what could a person that it is not a board member add to the debate? The discussion is open. First, we would argue that it is important that “board” committees include only “board” members if the functions delegated to the committee are typical “board” functions. Secondly, it is essential that those board members sitting in the committee and recommending specific actions to the supervisory board, follow up and vote the committee’s recommendations at the board, therefore reinforcing their “objective judgement” at the board. Finally, committees made of outsiders might create problems with confidentiality and accountability issues. While, it is legitimate that the committee might need external advice or expertise on specific issues, the committee should be able to request such advice, but it should not allow the advisor(s) to replace the committee in its determinations and recommendations.

34. As a result, bank practice varies with only one of the banks reviewed having an adequate number of independent directors and an audit committee made of a majority of independent directors. Other banks appear to just comply with the minimum requirement set by law having one independent director on the board.

35. Banks are not required by law to approve nomination policies. Best practices recommend that these policies include the description of the necessary competencies and skills to ensure sufficient expertise at the board12. In this respect, two of the banks reviewed do not approve nomination policies for the SB members and the senior management and leave this determination to the parent/group. This practice should be carefully assessed, as it is a duty of the bank, even if a fully owned subsidiary, within its own internal governance responsibilities, to set its policies and evaluate that the group policies are fit for the subsidiaries’ work.

36. Additionally, although the CGC clearly requires listed companies to undertake board self-evaluations on individual and joint basis, only one of the listed banks reviewed reported performing this exercise. To support board performance, best practices recommend the board “to carry out regular assessments of both the board as a whole and of individual board members. Assistance from external facilitators in carrying out board assessments can contribute to the objectivity of the process”.13

37. The banks reviewed do not appoint a corporate secretary who would assist the board with the flow of information and organisation of board and committee activity, and who would monitor implementation of the ZSE corporate governance code.14 The absence of a senior corporate secretary in banks can undermine the link between boards and their committees. When the

11

The arguments in favour of this approach are that non-board members would allow the audit committee to draw from a larger pool of industry and accounting expertise and that it might give the audit committee greater independence. 12

See EBA Guidelines on Internal Governance (GL 44), page 24. 13

Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010), page 11. 14

For guidance on the corporate secretary role and responsibilities, see ICSA Guidance on Corporate Governance Role of the Company Secretary: http://www.icsa.org.uk/assets/files/pdfs/081020%20-%20Corp%20Gov%20role%20of%20co%20sec.pdf

CROATIA COUNTRY REPORT – 2012 PAGE 14 of 23

corporate secretarial function exists, it is mostly administrative and limited in its reach. If board’s secretaries do not participate in committee meetings and if board committee has its own secretary drawn from members or senior management the flow of information between board and committees is limited and there can be conflicts of interests.

Key recommendations

Legal framework

1. The law and banking regulations should establish "fit and proper" criteria for the supervisory board members, which should include moral adequacy, financial soundness, banking/financial experience and risk management appropriate for the size, business and strategy of the bank and – in case of audit committee - accounting/auditing experience.

2. The legal framework should define what is meant by independent supervisory board member in unlisted banks and require banks to have a sufficient number of independent and qualified supervisory board members. The qualification should be appropriate for the position of the director at the board and in board committees.

3. The legal framework should better detail the composition and qualification of board committee and in particular the audit committee. Ideally, the audit committee should consist of a sufficient number of independent supervisory board members with recent and relevant experience and collective balance of skills commensurate with the complexity of the banking organisation and the duties to be performed. At least one independent director sitting in the audit committees should have financial reporting, accounting and/or auditing experience.

Supervisory practice

4. The supervisory authority should approve all the candidates for the banks' supervisory boards as part of the appointment process.

Bank practice

5. Banks (even if fully owned subsidiaries) should develop nomination policies (or review and approve the group’s nomination policies) so to determine the ideal mix of skills needed at the board and management so to identify the best candidates for succession.

6. Banks should perform self-evaluations on individual and joint basis and inter alia use the results for completing the nomination policies.

7. Banks should consider appointing senior company secretary for enhancing the effectiveness of board and committees' works.

CROATIA COUNTRY REPORT – 2012 PAGE 15 of 23

3) Risk Governance

Key strengths

38. The CNB has issued a separate detailed regulation on risk management that guides banks in setting up their risk management function. At the same time the banking law clearly delegates the strategic decisions regarding risk management to the supervisory board, including approving the bank's risk management strategies and policies and risk appetite. The banking regulation includes a definition of risk appetite15, setting Croatia apart as being among a very few countries in the region to do so. Accordingly, all banks reviewed reported that their SBs approve the bank’s risk appetite and regularly review the bank’s risk profile. The CNB monitors banks' risk appetite and risk profile by requiring that these are regularly submitted to the supervisor.

39. Banks generally set up ALCO16 and Credit Committees that consider bank risk issues with bank-wide perspective.17 Banks are required to create independent risk management functions reporting to the management board on the bank’s risk exposure. The regulation also requires banks to have clear lines of responsibility and communication so to ensure that senior executives have integrated and firm-wide perspective on risk. The banks reviewed reported that their risk management function was audited 2-3 times in the last three years by the banks' internal audit function.

Key weaknesses

40. The law and banking regulations do not require banks to appoint an independent chief risk officer (CRO) with direct access to the SB. In two of the banks reviewed there is no distinct CRO position. Rather, this function is cumulated with another senior position, such as the CFO. Best practices recommend banks to appoint a CRO responsible for the risk management function across the bank and for coordinating the activities of other units relating to the bank’s risk management framework. However, when the bank’s characteristics – in particular its size, organisation, and the nature of its activities – do not justify entrusting such responsibility to a specially appointed person, this function can be combined with others, provided that there is no conflicts of interest and that the person has sufficient independence

15

The Decision on Risk Management defines risk appetite as "the amount or level of risk which a credit institution considers acceptable to assume in implementing its business strategy and objectives in the existing business environment. The risk appetite shall involve declaring an intention to assume risk and determining risk tolerance in terms of the level of risk which a credit institution considers acceptable". 16

The Asset-Liability Committee (ALCO) is a senior management committee in a bank, responsible for coordinating the institution's borrowing and lending strategy, and funds acquisition to meet profitability objectives as interest rates change. 17

"Risk reporting systems should be dynamic, comprehensive and accurate, and should draw on a range of underlying assumptions. Risk monitoring and reporting should occur not only at the disaggregated level (including risk residing in subsidiaries that could be considered significant), but should also be aggregated upward to allow for a firm-wide or consolidated picture of risk exposures. In this regard, organisational “silos” can impede effective sharing of information across a bank and can result in decisions being made in isolation from the rest of the bank. Overcoming information-sharing obstacles posed by silo structures may require the board and senior management to review or rethink established practices in order to encourage greater communication. Some firms have found it useful to create risk management committees - distinct from the board’s risk committee - that draw members from across the firm (e.g., from business lines and the risk management function) to discuss issues related to firm-wide risks.", Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010), §§ 97-98, see at: http://www.bis.org/publ/bcbs176.pdf

CROATIA COUNTRY REPORT – 2012 PAGE 16 of 23

and seniority to enable him/her to challenge (and potentially veto) the decision-making process of the bank. The CRO or equivalent should be able to communicate directly with the management board concerning adverse developments that may not be consistent with the institution’s risk appetite and tolerance and business strategy and be able to report directly to the supervisory board or, where appropriate, to the audit committee (or equivalent).18

41. The law does not require that banks’ SBs include risk management expertise and banks generally do not create risk committees at SB level. This may weaken the supervisory board capacity when discussing and approving risk policies and when deciding on issues related to risk appetite and when monitoring the bank’s risk profile. The composition and functioning of the boards of systemically important banking subsidiaries should allow these boards to function as local hubs of control providing overall direction in subsidiaries, within the parameters and policy environment set by the group. They should also have the ability to address and challenge “local” risk appetite. For this, boards should possess adequate local knowledge and expertise on the non-executive side. In view of this, the supervisory authority should encourage and banks should include risk management expertise on their supervisory board and be capable to seek independent external advice where necessary or appropriate.

Key recommendations

Legal framework

1. The law should require banks to appoint a CRO or equivalent senior function responsible for the risk management function across the bank and for coordinating the activities of other units relating to the bank’s risk management framework and direct access to the SB and its independent directors.

Bank practice

2. Banks should strive to include risk management expertise on the boards and be able to access independent expert opinion when necessary.

4) Internal Control

Key strengths

42. Banking regulations comprise a comprehensive internal control framework for banks that demands clear segregation of duties and delegation of authorities. The regulations assign the responsibility for efficient organisation of the internal control systems to the supervisory and management boards. Accordingly, the reviewed banks report that they regularly review the organisational charts and terms of reference for key functions and business lines. The CNB monitors the way banks organise their internal control systems and require regular reporting.

43. The banking regulations require banks to set up independent and efficient internal audit departments. Accordingly, all banks reviewed have set up separate audit departments, which

18

For further guidance, see CEBS, High level principles for risk management (2010), page 4 (http://www.eba.europa.eu/documents/Publications/Standards---Guidelines/2010/Risk-management/HighLevelprinciplesonriskmanagement.aspx)

CROATIA COUNTRY REPORT – 2012 PAGE 17 of 23

are responsible for (i) assessing the effectiveness of internal control systems; (ii) establishing and implementing the audit plan and issuing recommendations based on the results; and (iii) following up and verify the implementation of the recommendations. Bank internal audit departments regularly communicate with the bank’s external auditors.

44. The banking law establishes conflict of interest rules, requiring disclosure by board and senior executives of their interests, fair dealing, and approval by the supervisory board of significant transactions with related persons. The law also includes a comprehensive definition of related persons. All respondent banks indicated that they have approved policies in relation to handling transactions with conflict of interests. All banks have set up separate compliance departments.

45. The law prohibits external auditors to be in conflict of interest with the bank, provide non-audit services and requires banks to rotate the external auditor every seven years. Accordingly, all banks reviewed rotate their external auditor. One of the bank reviewed reported rotating their external auditors every four years. All respondent banks adopted a distinct policy for managing provision of non-audit services.

Key weaknesses

46. The Audit Law requires banks to set up audit committees. However, the law does not give guidance on the composition of the audit committee. Thus, the audit committee may include SB members and any other persons the SB may decide. As a result the composition of AC varies. Only one of the banks reviewed has set an AC made of a majority of independent SB members. The other banks reviewed have appointed senior executives and outside members to their AC. Best practices recommend the audit committee to be composed in a way that independent directors can exert influence in order to help insure “objective judgement”. Indeed, this “objectivity” is particularly important in areas where there is a risk that the board would be dominated by senior management or political influences, where there are influences on the board to take action that is not in the bank’s best interest, or where there is a potential for conflict of interests. Examples of areas where the risk of conflict of interest is more acute include the external suitor’s appointment and remuneration, internal audit and review of related-party transactions. These are audit committee’s key functions. Additionally, AC members should have recent and experience in the areas relevant for board and committee’s activities. In any case, the chair of the audit committee should have specialist knowledge and experience in the application of accounting principles and internal control processes. The current legal requirement in Croatia is that AC includes one member competent in audit/accountancy.

47. The inclusion of executives and outsiders in the audit committee should be carefully considered (see above, paragraphs no. 32-33)

48. According to responses to questionnaires, it appears that the CNB does not vet or approve the appointment of AC members and that there is no regular contact between the supervisor and the ACs. Best practices19 recommend supervisors to actively evaluate whether the bank has in place effective mechanisms through which the board and senior management execute their oversight responsibilities. Supervisors should obtain the information they judge necessary to

19

See in particular, Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010)

CROATIA COUNTRY REPORT – 2012 PAGE 18 of 23

evaluate the expertise and integrity of proposed board members and senior management and are encouraged to meet regularly with individual board members, senior managers and those responsible for the control functions as part of the ongoing supervisory process. In this respect, an ongoing dialogue between the supervisor and AC members could serve for this purpose.

49. Another weakness in the Croatian banks’ internal control framework is that there is no clear reporting line for the compliance and internal audit functions. The law gives no guidance as to whom such functions should primarily report to and who should be in charge for insuring their necessary independence. Best practices recommend banks to establish a compliance functions to manage its compliance risk and an internal audit function to assess whether the quality of the bank’s internal control framework is both effective and efficient20. In smaller and less complex institutions the compliance function may be combined with or assisted by the risk control or support functions (e.g. HR, legal, etc). Instead, the internal audit function should not be combined with any other function. The compliance function should ensure that the compliance policy is observed and report to the board and to the risk control function on the bank’s management of compliance risk. The findings of the compliance function should be taken into account by the board and the risk control function within their decision-making process. Instead, the internal audit should report directly to the audit committee, whose independence should serve as insurance of the independence of the head of the internal audit function.

50. Banks do not submit to the CNB their policies on conflict of interests and do not report to the CNB inconsistencies in practice with such policies. Best practices recommend boards to ensure that senior management develops and implements policies to identify potential conflicts of interest and, if these conflicts cannot be prevented, to appropriately manage them. In this respect, “supervisors should regularly perform a comprehensive evaluation of a bank’s overall corporate governance policies and practices – including conflicts of interests - and evaluate the bank’s implementation of the principles”21.

Key recommendations

Legal framework

1. Banking regulation should prohibit executives to sit in the audit committee. The regulator should also assess the added value that outsider are bringing to the audit committees and consider requiring audit committees to be composed exclusively of SB members independent from management and controlling shareholders.

2. Banking regulations should require banks to establish compliance and internal audit functions with clear reporting lines, so to ensure clear lines of accountability and proper monitoring.

20

See in particular, EBA Guidelines on Internal Governance (GL 44), page 43. Compliance risk is defined as the current or prospective risk to earnings and capital arising from violations or non-compliance with laws, rules, regulations, agreements, prescribed practices or ethical standards) can lead to fines, damages and/or the voiding of contracts and can diminish a bank’s reputation. 21

Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010).

CROATIA COUNTRY REPORT – 2012 PAGE 19 of 23

5) Incentives and Remuneration

Key strengths

51. According to the company law, the supervisory board is responsible for determining and approving the remuneration of members of the management board. The law assigns to the SB the authority to approve the bank-wide remuneration policy.22 In this respect, all banks reviewed confirmed that their boards approve formal remuneration policies.

52. The CNB monitors bank remuneration policies and bank practices. A new Regulation on bank remuneration practices is due to be approved soon. The new regulation will guide banks with regard to setting bonuses and linking the remuneration to long-term objectives of the bank.

53. All banks reviewed disclose in their annual reports the aggregate amounts of remuneration paid to their governance bodies, but only one bank itemises the payments and indicates the amount of bonus paid, as well as other variables of the compensation.

Key weaknesses

54. The law and banking regulations do not yet include guiding principles regarding the remuneration policies of the banks. Banks do not appear to clearly link their policies with prudent risk management and long-term interest of the bank. In at least one bank, the variable part of the compensation constitutes 40-70% and it is not deferred. In two of the banks reviewed the CRO is paid based on the same criteria as the senior executives. According to best international practice: "for employees in the risk and compliance function, remuneration should be determined independently of other business areas and be adequate to attract qualified and experienced staff; performance measures should be based principally on the achievement of the objectives of their functions."23 It is hoped that these issues will be addressed by the new Regulation.

Key recommendation

Legal framework

1. The banking regulations should include guiding principles regarding remuneration policies of banks and require banks to align their policies and practice with the prudent risk management and long-term interests of the bank. It is hoped that these issues will be addressed by the new Regulation.

22

"The board should actively oversee the compensation system’s design and operation, and should monitor and review the compensation system to ensure that it operates as intended.", Principle 10, Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010). 23

Compensation Principles and Standards Assessment Methodology, Basel, 2010, Principle 3 - Standard 2, see at: http://www.bis.org/publ/bcbs166.pdf

CROATIA COUNTRY REPORT – 2012 PAGE 20 of 23

6) Transparency to the market and regulators

Key strengths

55. Reporting in accordance with IFRS is required for all financial institutions. Moreover, banking regulation requires regular audit of financial statements.

56. Banks publish a good amount of information on their websites, including ownership structures, names of the SB and MB members and their organisational structures. In their annual reports, published on-line, banks include statements of transactions with related parties and aggregated amounts of remuneration to their governance bodies. The majority of listed banks seem to publish on-line the completed Corporate Governance Code’s Annual Questionnaires, where they disclose, names of independent directors, bank committees, other engagements of the SB members and information about compliance with the code requirements. One of the banks reviewed also includes its Articles of Association and information about GMS meetings.

57. Information filed with the CNB each year include reports on banks operating and organization structures, all financial information, as well as reporting on risk along the lines required by Basel II, Pillar III enabling a better assessment of their risk profile and their capital adequacy. Banks are also required to submit information on their ownership structure and effectiveness of internal control. In addition, the CNB can obtain information about ultimate ownership of banks and has full access to banks' books and records.

Key weaknesses

58. There is no clear requirement and banks do not generally disclose information about board committees, as their composition; and experience of committee members. Banks generally do not disclose information about the responsibilities of the SB, its committees and MB.

59. Although banks disclose information about their risk policies, these are not explicit on the structure of risk governance, i.e., which governance body approves certain policies and exposures.

60. It also appears that the CNB does not receive reports on corporate governance of banks. The reports are meant to empower the supervisor in evaluating banks’ corporate governance policies and practices, and should include information on the governance structure of the bank, organisational structure, responsibilities and relationship among the governance bodies (SB, SB committees, AC, MB), responsibilities and reporting lines of the key functions (risk, audit, compliance), public disclosure policies. In the context of group structure, governance reports should comprise information on governance of both the parent company and subsidiary and the relationship between the two.24

24

For more information see: Basel Committee on Banking Supervision, Principles for enhancing corporate governance (2010), §§ 134-141.

CROATIA COUNTRY REPORT – 2012 PAGE 21 of 23

Key recommendations

Legal framework

1. Banking regulation should require banks to disclose information about the structure and composition of board committees, responsibilities of the board and its committees, and experience of board members.

Supervisory practice

2. The CNB should require banks to submit reports on corporate governance.

7) Overall assessment of bank governance quality in Croatia

61. The following table provides a preliminary rating of Croatia’s performance in the key governance areas mapped out in the EBRD best practice assessment checklist. Rating in this table is subjective and based on the overall assessment of the strengths and weaknesses of the legal framework, supervisory practice and the practice of banks as discussed above. The rating also reflects our assessment of the legal framework, supervisory practice and the practice of banks compared to international best practice standards.25

Issues Score 26

The strategic and governance role of the board

Strategic role of the board

Do boards have a sufficiently active role in developing and approving the strategic objectives and the budget of their banks?

Moderately Strong

Do boards effectively review and evaluate management performance against agreed budgetary targets?

Moderately Strong

Do boards effectively shape the governance framework and corporate values throughout their organisation?

Weak

Are boards of subsidiaries in a position to effectively control the operation of their banks? Weak

25

Best practice standards used in our assessment: Basel Committee on Banking Supervision, Principles for enhancing corporate governance, (2010); Basel Committee on Banking Supervision, Enhancing corporate governance for banking organisations, (2006); EBRD, OECD, Corporate Governance of Banks in Eurasia, (2008); OECD, OECD Principles of Corporate Governance, (2004); European Commission, Corporate governance in financial institutions and remuneration policies, (2010); Institute of International Finance, Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, (2008); Netherlands Bankers’ Association, Banking Code, (2009)

26 Where: “Strong to very strong” - The corporate governance framework / practices of supervisory authorities / practices of banks are fit for purpose and are close to best practice. “Moderately strong” - Most parts of the corporate governance framework / practices of supervisory authorities / practices of banks are adequate but further reform is needed “Weak” - The corporate governance framework / practices of supervisory authorities / practices of banks contain some elements of good practice but overall the system is in need of reform “Very weak” - The corporate governance framework / practices of supervisory authorities / practices of banks contain significant risks and are in need of significant reform.

CROATIA COUNTRY REPORT – 2012 PAGE 22 of 23

Issues Score 26

Is there adequate transfer of good practice between parents and subsidiaries? Moderately

Strong

Board composition and functioning

Size, composition and qualification

Is the size of boards adequate to meet the requirements of their business? Moderately

Strong

Are directors qualified for their position? Weak

Is the board sufficiently independent from management and controlling shareholders? Weak

Are the duties of directors to their banks, shareholders and stakeholders clearly set out? Moderately

Strong

Is there adequate balance of power between individuals within boards and are there adequate checks to maintain the balance?

Weak

Do board chairs possess relevant banking and/or financial industry experience and a track record of successful leadership?

Weak

Do current tenure patterns of board directors suggest a high level of engagement and independence? Weak

Do boards provide adequate induction and professional development to their members? Weak

Nomination committees

Is the process for director succession and nomination sufficiently transparent? Very weak

Functioning and evaluation

Are the responsibilities, authorities, and terms of reference of boards and board committees clearly defined and documented?

Weak

Do boards function in ways that encourage informed contribution and constructive challenge by all directors?

Weak

Do boards meet regularly? Moderately

Strong

Are boards and board committees supported by a senior company secretary? Weak

Do boards evaluate their performance and discuss the outcome of such evaluation? Very weak

Risk governance

Risk governance framework

Are boards and their risk committees sufficiently involved in setting the risk appetite and monitoring the risk profile of banks?

Moderately Strong

Do banks appoint and empower senior chief risk officers? Weak

Do senior executives have a sufficiently integrated firm-wide perspective on risk? Moderately

Strong

Risk committees

Are boards in a position to effectively review risk management? Weak

Internal Control

Internal control framework

Does the organisational structure of banks include clearly defined and segregated duties for key officers and effective delegation of authority?

Moderately Strong

CROATIA COUNTRY REPORT – 2012 PAGE 23 of 23

Issues Score 26

Are there enough check s and balances to ensure the independence and integrity of financial reporting?

Weak

Are conflicts of interest including related party transactions effectively managed? Moderately

Strong

Have banks established effective internal audit departments? Moderately

Strong

Do banks establish effective compliance departments to ensure that they comply with regulatory obligations?

Very Weak

Do boards and their audit committees effectively oversee and regularly review the effectiveness of the internal control systems?

Weak

Audit committee

Do boards establish audit committees? Moderately

Strong

Are audit committees fully independent? Very Weak

Do audit committees include at least one member with substantial auditing or accounting experience?

Weak

Incentives and compensation

Remuneration policy

Do boards and their remuneration committees have a sufficient role in shaping the compensation system of their banks?

Moderately Strong

Is remuneration meritocratic and linked to firm and individual performance? Moderately

Strong

Is senior executive compensation aligned with prudent risk management? Very weak

Remuneration committee

Do boards establish remuneration committees? Very weak

Are remuneration committees independent from management? n/a

Transparency to the market and regulators

External auditor

Is external auditor independence upheld by boards and their audit committees? Moderately

Strong

Financial statements

Is IFRS required by law or regulation? Strong

Corporate governance

Do banks report regularly on corporate governance matters? Moderately

Strong

Do banks publish key governance information on their website? Moderately

Strong

Is disclosure proportionate to size, complexity, ownership structure and risk profile of banks? Moderately

Strong

Transparency to regulators

Can the supervisory authority obtain information about ultimate ownership and other corporate governance matters?

Moderately Strong