1. The Board must act in the best interests of its various stakeholders while meeting regulatory expectations. Treating customers fairly must be an integral part of all Banks’ good governance and corporate culture.

2. Members of the Board are responsible for the overall interests of the Bank. This applies to Members of the Board representing or appointed by an individual shareholder or group of shareholders. The Duty of Loyalty precludes individual Members of the Board acting in their own interest, or the interest of another individual or group, at the expense of the Bank, its depositors or shareholders. Depositors’ interests take precedence over shareholders’ interests.

3. The Members of the Board shall exercise their Duty of Care, Duty of Confidentiality and Duty of Loyalty to the Bank when carrying out their activities, which include, but are not limited to:

1. a. Actively engaging in the affairs of the Bank to ensure strategy and policies are implemented as designed as well as acting in a timely manner to protect the long-term interests of the Bank;
2. b. Overseeing the development of and approving the Bank’s business objectives and strategy, and monitoring their implementation;
3. c. Playing a lead role in establishing the Bank’s corporate culture and values;
4. d. Overseeing implementation of the Bank’s governance framework and periodically reviewing it to ensure that it remains appropriate in the light of material changes to the Bank’s size, complexity, business strategy, markets and regulatory requirements;
5. e. Establishing the Bank’s Risk Appetite, taking into account the competitive and regulatory landscape and the Bank’s long-term interests, risk exposures and ability to manage risk effectively;
6. f. Overseeing the Bank’s adherence to its Risk Appetite and Risk Limits;
7. g. Approving and overseeing the implementation of key policies including, but not limited to, credit, liquidity and the internal capital adequacy assessment process;
8. h. Approving the annual financial statements and requiring periodic independent review of critical areas of the business and internal controls;
9. i. Approving the selection of and overseeing the performance of Senior Management;
10. j. Overseeing the Bank’s approach to Board and Staff compensation, including monitoring and reviewing executive compensation and assessing whether it is aligned with the Bank’s culture and Risk Appetite; and
11. k. In the case of a Bank offering Islamic financial services, fully complying with Islamic Shari`ah rules and establishing a sound and effective Shari`ah governance framework with the key mechanisms and functionalities to ensure effective and independent Shari`ah oversight, as per the requirements set by the Central Bank and the Higher Shari`ah Authority.

4. The Members of the Board are responsible for the implementation of an effective risk management culture and internal control framework across the Bank and the Group. In order to promote a sound corporate culture, Members of the Board must establish the “tone from the top” by:

1. a. Setting and adhering to corporate values that create expectations that all business must be conducted in a legal and ethical manner, and overseeing the adherence to such values by Staff;
2. b. Promoting risk awareness within a strong risk culture, and setting the expectation that all Staff are responsible for ensuring the Bank operates within the established Risk Governance Framework, Risk Appetite and Risk Limits;
3. c. Ensuring that appropriate steps have been taken to communicate throughout the Bank the corporate values, professional standards and codes of conduct approved by the Board together with supporting policies; and
4. d. Ensuring that Staff are aware that appropriate disciplinary or other actions will follow unacceptable behaviors and transgressions.

5. The Board approved Risk Governance Framework must incorporate a “three lines of defence” approach including Senior Management of the business lines, the functions of risk management and compliance, and an independent and effective internal audit function. In the case of a Bank providing Islamic financial services, an independent and effective internal Shari`ah audit function reporting to the internal Shari`ah control committee must be in place.

6. The Risk Governance Framework may vary with the specific circumstances of the Bank, particularly its risk profile, size, business mix and complexity. Banks must incorporate the minimum requirements specified in the separate Regulations and Standards issued by the Central Bank on 1) Risk Management, 2) Internal Control, Compliance and Internal Audit and 3) Outsourcing into their Risk Governance Framework.

7. A Bank must have a written code of conduct that defines acceptable and unacceptable behaviors. It must explicitly prohibit illegal activity including fraud, breach of sanctions, money-laundering, anti-competitive practices, bribery and corruption, and the violation of consumer rights. It must make clear that Staff are expected to conduct themselves ethically and perform their jobs with skill, due care and diligence in addition to complying with laws, regulations and Bank policies.

8. The Bank’s corporate culture must recognize the critical importance of timely and frank discussion and escalation of problems to higher levels. Staff must be encouraged and must be able to communicate legitimate concerns about illegal, unethical or questionable practices confidentially and without the risk of reprisal.

9. The Board must oversee a whistleblowing policy mechanism and ensure that Senior Management appropriately addresses legitimate issues flagged through the whistleblowing mechanism. The Board is responsible for ensuring that Staff who raise concerns are protected from detrimental treatment or reprisals. The Board must oversee and approve how and by whom legitimate matters are investigated and addressed by an objective internal or external body, Senior Management, and/or by the Board itself.

10. The Board must have a formal written Conflict of Interest policy for its members. The policy must include, but is not limited to:

1. a. A Member of the Board’s duty to avoid, to the extent possible, activities that could create conflicts of interests or the appearance of conflicts of interests;
2. b. Examples of how conflicts can arise where serving as a Member of the Board;
3. c. A process for management of conflicts of interests by the Board or an ethics committee where one exists;
4. d. A review and approval process for Members of the Board before they engage in specific activities, such as serving on another Board, to ensure that such activities will not create a conflict of interest;
5. e. A process to prevent members from holding directorships in competing institutions;
6. f. A Member of the Board’s duty to promptly disclose any matter that may result, or has already resulted, in a conflict of interest;
7. g. A Member of the Board’s responsibility to abstain from voting on any matter where the Member of the Board may have a conflict of interest or where the Member of the Board’s objectivity or ability to properly fulfil duties to the Bank may be otherwise compromised;
8. h. Procedures to ensure that transactions with related parties are undertaken on arm’s length basis; and
9. i. The way the Board will deal with non-compliance with the Conflict of Interest policy.

11. The Board must provide oversight of Senior Management. It must hold members of Senior Management accountable for their actions and enumerate the consequences if those actions are not aligned with the Board’s expectations. This includes adhering to the Bank’s values, Risk Appetite and risk culture. Oversight by the Board should include, but is not limited to:

1. a. Monitoring Senior Management’s actions to ensure that they are consistent with the strategic objectives and policies approved by the Board and are aligned with its Risk Appetite;
2. b. Meeting regularly with Senior Management;
3. c. Critically reviewing and challenging explanations and information provided by Senior Management;
4. d. Setting appropriate performance and compensation standards for Senior Management consistent with the long-term strategic objectives and the financial soundness of the Bank;
5. e. Assessing whether Senior Management’s collective knowledge and expertise remain appropriate given the nature of the business and the Bank’s risk profile; and
6. f. Actively engaging in succession planning for the Chief Executive Officer and ensuring that appropriate succession plans are in place for Senior Management positions.

12. Senior Management must implement, consistent with the direction given by the Board, systems, processes and controls for managing the risks to which the Bank is exposed and for complying with laws, regulations and internal policies. This includes comprehensive and independent risk management, compliance and audit functions, as well as an effective overall system of internal controls.

13. The nomination committee must lead the process for identifying, assessing and selecting candidates for the Board and Senior Management. Fit and proper criteria must ensure that candidates:

1. a. Possess the necessary knowledge, skills, and experience;
2. b. Have a record of integrity and good repute;
3. c. Have sufficient time to fully discharge their responsibilities;
4. d. Provide for a collective suitability and added value to the Board;
5. e. Do not have any conflict of financial and non-financial interests; and
6. f. Have a record of financial soundness.

Before providing the no-objection for nominations, appointments or renewals, the Central Bank will conduct additional interview and/or background checks to ensure the fitness and probity of the candidates, including their ability to manage the time commitments required for their role in the Bank, and confirm the accuracy and completeness of the information and documentation provided by the Banks.

14. Branches of foreign Banks must establish local governance structures, such as a Senior Management committee or equivalent, that fulfill the responsibilities of a Board required by this Corporate Governance Regulation and Standards. Branches must ensure their Control Functions are operating effectively. Branches must establish Control Functions that are robust, report to the local management structures and are accountable to the Group’s heads of Control Functions. The local management structure of the branch must take steps as are necessary to help the branch meet its own corporate governance responsibilities in line with the Regulation. It is the responsibility of the local management structures to ensure that local legal and regulatory requirements are implemented and, where appropriate, make adjustments where the Group conflicts with a provision of this Regulation.