The European Banking Authority’s (EBA) proposals on how the remuneration policies of banks are to be monitored need greater clarity if they are to be effective, according to the European Confederation of Institute’s of Internal Auditing (ECIIA).
The EBA’s consultation document on the issue (EBA/CP/2015/03) is often unclear over which internal department is best placed to provide overall assurance to the board that its policies and procedures are sound. In particular, it confuses the independent, oversight remit of internal audit with the compliance roles of risk management and control functions.
“The task of the internal audit function is not to control but to work alongside others to audit the control functions, giving assurance to the board and the supervisory bodies that the policies are both well monitored and sound,” Thijs Smit, ECIIA President says.
Control functions monitor whether the bank’s remuneration policies are in place and followed. Internal audit informs the board whether such monitoring is occurring and effective, and whether policies benchmark against industry best practice.
“It is essential for the EBA’s document to reflect the fact that internal audit is the only function for the board, which is independent of management, that can oversee all of the other functions – including how well risk management and compliance are working,” Smit says.
He says that the most effective way for banks be sure remuneration policies are working properly is for them to adopt the so-called Three Lines of Defence model of corporate governance. That provides internal audit with the independent remit it requires to perform this critical role.