EBA clarifies internal audit’s position as third line of defence
The European Banking Authority (EBA) has adopted important clarifications suggested by ECIIA over the role and position of internal audit in the governance structure of companies looking to adopt sound remuneration policies.
In particular, EBA has said in the final draft of its Guidelines on sound remuneration policies that internal audit should form an independent third line of defence reporting directly to the board so that it can audit the activities of the other control functions.
“We are pleased that EBA has taken our views on board and clarified this important issue,” Henrik Stein, ECIIA President, says. “Reinforcing our members’ role as the independent, third line of defence provides organisations with the confidence that they can rely on the work of internal audit when it comes to assessing the effectiveness of their remuneration policies.”
EBA also clarified the involvement of control functions in assessing the risk profile of organisations and how the control functions should be remunerated, which also drew upon ECIIA’s.
The EBA’s guidelines set out the governance process for implementing sound remuneration policies across the EU and clarify the process for identifying those categories of staff to whom the specific remuneration provisions of the Capital Requirements Directive (CRD IV) apply, including the so called bonus cap.
Internal auditors do not control, ECIIA tells EBA
The European Banking Authority’s (EBA) guidelines on the common procedures and methodologies it proposes for supervising banks need better clarity over the role of internal audit in the governance structure, says ECIIA.
“The task of the internal audit function is not to control, but to audit (amongst others) the control functions, giving assurance to the board and supervisory bodies,” said the response.
ECIIA says the distinction is essential because it reflects the core task of internal audit to oversee all of the other functions of a bank from a uniquely independent perspective for the board.
“Given that future international teams of inspectors will be working with this extremely helpful paper, it is important to establish a clear understanding of the difference between control systems and the internal audit function,” ECIIA President Thijs Smit says.
ECIIA has written to EBA requesting for a number of amendments to be made to the draft guidance.
The EBA’s final guidelines will be applied in the supervision of all institutions across the European Union and represent a step towards forging a consistent supervisory culture across the single market.
EBA says the guidelines provide a common framework for the work of supervisors in their assessment of risks to banks’ business models, their solvency and liquidity. “The guidelines will be a key component of the EU Single Rulebook aimed at improving the functioning of the internal market, including a sound, effective and consistent level of regulation and supervision in the banking sector,” it said.