As of January 1, 2021, new rules on corporate governance will apply to Luxembourg based banks. Indeed, the Luxembourg banking supervisor CSSF has published a few days ago a major update of the key circular 12/552 on central administration and internal governance of banks (circular letter 20/759 of December 7, 2020 - only available in French).

The new rules reflect the most recent thinking on good corporate governance and a number of guidelines of EBA, the European Banking Authority.

They also reinforce the principle of proportionality, taking into account the complexity and the size of the bank for defining the precise requirements of internal governance and risk management obligations.

Reflecting the general spirit of the circular, it refers to a 'general culture of risk and compliance', which must be 'strong and omnipresent' in each credit institution.

Instead of referring to the board of directors, the new rules henceforth speak of the 'supervisory body' and clarify and strengthen its role. Among others, the supervisory body ('SB') shall define and supervise the key elements of the internal governance and risk management of the bank. When approving the business model of the bank, the circular speaks for the first time of a 'sustainable' business model which needs to take into account all material risks, including environmental, social and governance risks. The SB must also approve henceforth guiding principles on ethics, corporate values and conflicts of interests.

The circular innovates by mentioning 'diversity', without however setting quantitative criteria. Indeed, the SB must have a written procedure for appointments and succession to the SB and management, taking into account diversity in terms of age, gender, geographical origin as well as educational and professional background.

New SB members must receive an introductory training to get acquainted with the structure, business model and risk profile of the credit institution. All banks should at least have one independent board member. Significant banks should have a 'sufficient' number of independent directors, taking into account the complexity of their operations. The board risk committee of a significant bank must have a majority of independent members, including its chairperson.

The objectives and responsibilities of each board member should be documented in writing.

Regarding risk management, the circular also specifies that in significant institutions, the chief risk officer must be a member of the authorized management and be 'independent and individually responsible for the function of risk control'. The circular also clarifies a certain number of rules regarding internal control functions. Appointments and revocations of the heads of risk, compliance and internal audit will require prior SB approval.

It is to be noted that this revised circular 12/552 only applies to credit institutions. A new circular 20/758, also published on December 7, 2020 will apply to investment firms. The new circular applicable to investment firms broadly covers the same topics and uses the same wording as the amended circular for credit institutions, but adapts some requirements to investment firms.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.