7.1 What requirements apply with regard to the management structure of banks in your jurisdiction?
In Luxembourg, both shareholders and members of the management body must be able to demonstrate that they possess sufficiently good repute and that the members of the management body possess sufficient knowledge, skills and experience to perform their duties. These requirements are applicable both on licence application and on a continuing basis. At least two individuals must be responsible for the management of the credit institutions and those individuals must typically reside in or near Luxembourg.
The board of directors entrusts authorised management with the daily running of the bank, which includes the implementation of all guiding principles and internal governance arrangements approved by the board. The board of directors is responsible for monitoring and overseeing the effectiveness of authorised management. Each member of authorised management is responsible for personally overseeing the activities and functions which fall under their direct responsibility on a regular basis.
There must be a sufficient number of directors so that their collective competencies are appropriate for the nature, scale and complexity of the bank's activities. The board of directors may create dedicated board committees (membership drawn from members of the board of directors) in the fields of audit, risk, compliance, remuneration, nomination and so on. The determination of which committees are required and which topics are discussed are made by the institution having regard to its business activities. Larger institutions typically have a number of board committees. Smaller institutions may not require a board committee.
Commission de Surveillance du Secteur Financier (CSSF) Circular 12/552 also requires the creation of internal control functions: internal audit, compliance and risk. Larger institutions require a dedicated IT officer as well as an information security officer. Smaller institutions may assign responsibility for these roles to a member of authorised management, who is then assisted by external advisers.
To the extent that a credit institutions comprises multiple legal entities, it must be structured in an appropriate manner having regard to the strategy and guiding principles of the bank. At a group level, clear limits on powers and delegation should be established (with appropriate monitoring) and a comprehensive management information system must be put in place to ensure effective communication between legal entities, the board of directors, authorised management, internal control functions and the CSSF.
It should be noted that the concept of a 'board of directors' as used in question 7 above and throughout this question 7 shall not be read in a strict company law sense, as banks may adopt a legal form that does not provide for a board of directors. Where the relevant bank has a board of supervisors, the references to a 'board of directors' shall be read as references to the board of supervisors.
7.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?
Members of the board of directors, both individually and collectively, must have the necessary professional competence (expertise, understanding and experience), professional standing and personal qualities required according to the bank's guiding principles governing the election and succession of the board. There must not be a majority of directors who take on an executive role within the institution. Depending on the institution's type and size, there may be a requirement in Luxembourg to have one or more directors who either are appointed by the Luxembourg state or represent the staff. In such cases, there are detailed rules for determining the number of directors required and the ratio of executive to non-executive directors.
Members of authorised management, both individually and collectively, must have the necessary professional competence (expertise, understanding and experience), professional standing and personal qualities to manage the institution and effectively determine the business direction. Specific qualities which are required include commitment, availability, objectivity, critical thinking and independence.
On appointment and on a continuing basis, the Law of 5 April 1993 on the financial sector, as amended ('Banking Act') and CSSF Circular 12/552 require members of the board of directors and authorised management (as well as internal control function heads) to evidence professional standing and good repute, assessed on the basis of police records and any other evidence requested. Depending on whether an institution is classified as 'significant' or 'less significant', a personal declaration must also be completed with different levels of information required from nominees regarding conflicts of interest, personal shareholdings, professional experience, time commitment and applicable skills.
On removal of a member of the board of directors or authorised management (as well as internal control function heads), different scenarios apply:
- For resignations, the CSSF must be notified immediately and provided with a copy of the letter of resignation; and
- For removals, the CSSF must be notified and receive detailed, written justifications for the decision together with a copy of the termination/revocation letter.
In addition to the foregoing, standard company law requirements for appointing and removing members of the board of directors and authorised management also apply.
7.3 What are the legal duties of bank directors and senior executives?
The legal duties of Luxembourg bank directors and executives are similar to those in other major financial centres. The duties are derived both from Luxembourg company law and from financial regulation. The Luxembourg law of 10 August 1915 on commercial companies, as amended requires that directors:
- act in the best interest of the company;
- exercise independent judgement;
- exercise reasonable care, skill, and diligence;
- avoid conflicts of interest;
- declare interests;
- ensure confidentiality; and
- act within corporate objects and powers.
Luxembourg as a jurisdiction has a high number of banking subsidiaries. In respect of acting within the best interests of the company, it is important to consider director duties in the context of the Luxembourg subsidiary, acknowledging that there may be instances where the interests of the group conflict. Potential claims against directors can be brought in Luxembourg by the state prosecutor (in respect of criminal matters), by liquidators/receivers/administrators and by the company itself. There is also a possibility for shareholders to make a claim against directors on behalf of the company.
In addition to Luxembourg company law and associated jurisprudence, the Ten Principles of Corporate Governance issued by the Luxembourg Stock Exchange (last updated in December 2017) also have persuasive value in determining appropriate courses of action for directors and contain detailed criteria, including those related to independence.
CSSF Circular 12/552 places overall responsibility for the entire credit institution on the board of directors. The board is responsible for ensuring execution of activities and preserving business continuity. It must put in place a sound central administration and internal governance arrangements. Additional specific responsibilities of the board of directors include setting out, in writing:
- the business strategy of the institution, taking into account the bank's long-term financial interests, solvency and liquidity situation;
- the risk strategy;
- the regulatory and internal own funds and liquidity strategy;
- the guiding principles of a clear and consistent organisational and operational structure regarding the creation and maintenance of legal entities, information systems, security, communication and whistleblowing;
- the guiding principles relating to the internal control functions, remuneration, and escalation and settlement of any improper behaviours within the bank;
- the human and material resources required to implement the bank's strategies and guiding principles;
- the strategies for business continuity management and crisis management;
- the guiding principles for the appointment and succession of key senior individuals within the credit institution; and
- the arrangements to delegate and oversee management's implementation of the bank's strategies.
The role of the board of directors and corporate governance in general is a priority for the CSSF and the European Central Bank. Lack of appropriate governance arrangements is a frequent finding by the CSSF in relation to sanctions it has issued in recent years.
7.4 How is executive compensation in the banking sector regulated in your jurisdiction?
Executive compensation is a key lever used to promote sound and effective risk management within the Luxembourg and EU regulatory framework. CSSF Circular 17/658 adopts the European Banking Authority Guidelines on sound remuneration policies under Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (CRD IV) and disclosures under Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms, as amended. Additionally, the Banking Act has transposed the relevant restrictions relating to compensation contained in CRD IV. Credit institutions are obliged to develop remuneration policies addressing both variable and non-variable compensation. Certain remuneration and governance data must also be made available on the institution's website. In respect of firms which are significant (in terms of size, internal organisation and the nature, scope and complexity of their activities), there is a requirement to form both a nomination and remuneration committee, which must include non-executive directors.
The credit institution's remuneration policy must identify staff who have the ability to materially influence the risk position of the bank. As a rule, these include all members of the board of directors, senior management and other key senior staff. The policy must have a structure in place to govern the performance assessment of employees and provide a clear link to the bank's risk strategy. Remuneration policies must clearly distinguish between fixed and variable compensation. Variable compensation is capped at twice fixed compensation, with an exception process and regulatory notification procedure for any amounts in excess of such cap.
Additionally, the remuneration payout process requires multi-year deferrals over certain thresholds. Risk-based adjustments related to compensation already granted are also foreseen: institutions must be able to apply malus or clawback arrangements of up to 100% of the total variable remuneration and any adjustments must be performance and risk related. Remuneration policies must use performance and risk criteria and specifically consider:
- evidence of misconduct or serious error;
- whether the business subsequently suffers a significant downturn it its financial performance;
- whether the business in which the staff member works suffers a significant failure of risk management;
- significant increases in the institution's economic or regulatory capital base; and
- any regulatory sanction where the conduct of the staff member was a contributing factor.
As at the end of 2017 (most recent data), there were 20 high earners in Luxembourg (ie, staff who were awarded €1 million or more in annual remuneration).
Practically speaking, detailed guidance is required when establishing a Luxembourg bank's remuneration policy to ensure its compliance with EU-level requirements and local employment law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.