Corporate information    Operational review     Annual financial statements    Additional information    Annual general meeting  
  
 
2004  Annual Report  
 
Site tools
 

Corporate information
Enterprise governance and compliance
 
 
 
structure: Nedcor enterprise governance
   

 

Enterprise governance is the framework adopted by Nedcor, covering both the corporate governance and business governance aspects of an organisation. It refers to good governance that is linked strategically with performance management, thereby enabling companies to focus on the key areas that move their business forward.

Enterprise governance and compliance constitutes part of the entire accountability framework of the organisation, and calls for a balance between accountability and assurance (conformance) and value creation and resource utilisation (performance).

Conformance can also be referred to as ‘corporate governance’ and covers issues such as board structures and roles and executive remuneration, while the performance dimension, also referred to as business governance, focuses on strategy and value creation, helping the board to:
  • provide strategic decisions;
  • understand its appetite for risk and its key drivers for performance; and
  • identify its key principles to decision-making.

Focusing on important business aspects of governance, enterprise governance considers the whole picture to ensure that strategic goals are aligned and good management is achieved.

In tandem with management of governance issues, the compliance function ensures compliance not only with regulatory laws and standards, but also with internal policies and procedures.

In line with this holistic thinking, the group corporate governance and compliance functions were merged at the end of 2004, as their roles and responsibilities overlap and complement each other extensively, under the leadership of Adv Selby Baqwa, who has been appointed as Chief Compliance Officer to the Group Executive Committee (Group Exco).

The merger will also allow improved compliance with all the provisions of the Banks Act and regulations. Avoiding duplication of structures and ensuing cost savings from a combined unit have resulted, as well as better interaction between the awareness, training and monitoring roles of the governance and compliance functions.

The status and reporting lines of the divisional governance and compliance officers have been realigned at the end of 2004 to allow for them to be independent of the risk management function in the divisions and to have adequate stature to carry out their roles, as well as create synergies in the founding of a governance and compliance culture within the organisation.

This dedicated division now deals with governance, compliance and sustainability issues throughout the organisation.

Philosophy, strategy and objectives

Good governance and compliance essentially constitute the practice by which companies are managed and controlled and are about being responsible and exercising disciplined, practical and accountable leadership in a transparent, fair and independent manner.

The enterprise governance and compliance function is an essential part of Nedcor’s control structure, having responsibility for the management of regulatory and reputational risk. A comprehensive Enterprise-wide Compliance Framework has been developed in line with the requirements stipulated in section 60A of the Banks Act, read with the provisions of Regulation 47.

Nedcor recognises that good governance and compliance practices form a crucial step in developing and sustaining any successful business, and is committed to infusing good governance and compliance processes into all its operations going forward.

Nedcor’s governance and compliance strategy, objectives and structures have been designed to ensure that the group complies with the myriad of codes and legislation, not only on a local level, but also internationally in respect of its relationship with Old Mutual, while at the same time moving beyond accountability and assurance issues to value creation and resource utilisation issues. Internally, the function has expanded in five complementary directions, namely:
  • enterprise-wide corporate governance;
  • business governance;
  • corporate accountability;
  • triple bottomline/sustainability management and reporting; and
  • compliance
The enterprise governance and compliance function operates, among others, at the following levels within the organisation:
  • board (including boards of subsidiaries and joint ventures);
  • executive management (dealing with business governance and internal controls);
  • employees (for example ethics, etc); and
  • triple bottomline (creation of a sustainable bank).

The Enterprise Governance and Compliance Division works closely together with the Company Secretary and various risk management functions in promoting a culture of good governance and compliance within the group.

Adv Baqwa reports directly to the Chief Executive, as well as having direct access to the Chairman of the Nedcor Board of Directors on all aspects related to enterprise governance and compliance. He is an official invitee to all board and board committee meetings.

The department’s key objectives are to:
  • provide an independent assurance function with regard to governance and compliance issues to the board, the Group Exco and the banking business;
  • implement and monitor good business governance practices throughout the organisation;
  • internalise a culture of governance, ethics and compliance across the group through ongoing training and development;
  • set governance and compliance frameworks that will be aligned to applicable regulations and local and international best practice;
  • build and enhance relationships with key internal partners (Risk, Internal Audit, Legal, Company Secretary, and especially business governance and compliance champions) and external stakeholders;
  • achieve balanced economic, social and environmental performance and implementation of a best-practice corporate citizenship framework, including comprehensive sustainability reporting and targeted stakeholder engagement;
  • provide tools and expert guidance on governance/sustainability/compliance matters to the business; and
  • inform the business of new and existing regulatory requirements.

At an executive management level the Group Corporate Governance Management Committee and Group Corporate Citizenship Committee take responsibility for driving good governance, compliance and sustainability practices within the group.

Relationship with Old Mutual plc

The relationship between Nedcor and its parent company, Old Mutual plc, has remained strong over the past year, as evidenced by Old Mutual’s support for the recovery programme and rights issue. A formal relationship agreement, covering a wide range of issues such as the appointment of officers, strategy, reporting and policy or structural changes, governs the relationship between the two companies and ensures that synergies between the companies are being promoted.

The agreement further deals with how to manage potential conflicts of interest in order to protect the interests of minority shareholders. The board monitors Nedcor’s compliance with the provisions of the relationship agreement on an ongoing basis.

King II (the code) implementation

Nedcor fully subscribes to and supports the code and has developed a comprehensive implementation and monitoring plan to meet its requirements and recommendations. The plan also incorporates the corporate governance requirements of the Regulations to the Banks Act, the recommendations of the Myburgh Report and the Combined Code on Corporate Governance.

The plan has been approved by the board and its implementation is facilitated by the governance team and monitored by the Directors’ Affairs Committee.

The Nedcor Group is in substantial compliance with the code. The only areas of non-compliance with the code, which the board is satisfied does not impair the governance integrity or perceptions of it, are as follows:
  • the Chairman, Warren Clewlow, is a non-executive director, but not independent, as defined by the code, by virtue of the fact that he also serves on the board of the group’s holding company, Old Mutual plc; and
  • chairmen of the following board committees are non-executive, but not independent directors, as defined by the code:
    • Directors’ Affairs Committee (Warren Clewlow); and
    • Risk Committee (Michael Katz).
In other respects:
  • at 31 December 2004 50% of the board comprises independent non-executive directors;
  • the Group Directors’ Affairs Committee consists entirely of non-executive directors, half of whom are independent (the Chief Executive attends as an invitee);
  • the Group Audit Committee (previously ARC) consists entirely of non-executive directors, the majority of whom are independent;
  • the Group Remuneration Committee consists entirely of non-executive directors, the majority of whom are independent; and
  • the Group Risk Committee consists of a majority of non-executive directors, the majority of whom are independent.

Governance/Compliance culture

As enterprise governance is a phenomenon that requires commitment at every level of the organisation, it is essential to create an effective governance and compliance culture. The initial phase of entrenching this culture involves the creation of awareness at every level. This culture creation also involves the alignment with the ethics and values of the bank. During 2005 the focus will be on the rolling out of an interbank (Bankseta) governance and compliance training and awareness programme to all employees.

 

Governance and compliance conferences

In 2004 the Governance Division hosted its first annual corporate governance conference. Attendance consisted of approximately 90 delegates, including representatives from various business areas, mostly compliance officers, and the company secretaries of African subsidiaries. A similar compliance conference was also held. A merged governance/compliance conference will be held during 2005.

 

African and offshore subsidiaries

The mandate of the Enterprise Governance and Compliance Division is enterprise-wide and, given the fact that the Nedcor Board is required to report on the state of corporate governance within the entire organisation (in terms of Regulation 38 of the Banks Act), the Enterprise-wide Governance Manager began liaising with company secretaries and compliance officers of offshore entities in 2003.

In 2004, as the organisation was undergoing a rationalisation process of selling off offshore assets and enhancing its strategy to expand into Africa, the Governance Division focused on corporate governance entities in Africa by:
  • establishing contact with managing directors, company secretaries and compliance officers to ascertain the state of corporate governance within each entity;
  • serving as a point of reference (providing advice and support) for the aforementioned parties in respect of corporate governance and compliance issues; and
  • arranging visits to each of these entities, which entailed:
    • conducting director induction on corporate governance;
    • addressing employees and executive committees on corporate governance;
    • consulting with company secretaries on their policies, board structures and practices;
    • establishing contact with the local regulator of each entity;
    • consulting with managing directors on the challenges they face; and
    • reporting back to the Chief Executive and the Head of the Nedbank Africa Division.

Governance Framework

Nedcor’s Enterprise Governance Framework incorporates a full range of governance objectives, a delineation of responsibilities at board, board committee, Group Executive Committee and management level, and the identification of champions and key functions for governance integration into all operations.

The cooperation between executive management and non-executive directors, and the significant emphasis, resources and structure given to executive management functions to champion corporate governance on a day-to-day basis and assist the board, board committees and individual non-executive directors with corporate governance and compliance responsibilities are key features in achieving an effective governance process. The framework is included in the Nedcor 2004 Sustainability Report.

Corporate governance strategy

Formalised governance objectives

The board has formalised its governance objectives and annually assesses and documents whether the process of corporate governance implemented by the group successfully achieves these objectives, measured as part of the Regulation 38(5) Report on the State of Corporate Governance at Nedcor.

The board’s corporate governance objectives are:
  • reaching the maximum level of efficiency and profitability of the group within an acceptable risk profile;
  • implementing the group’s strategy and compliance within the strategic framework of the group;
  • ensuring commitment by executive officers of the group to adhere to corporate behaviour that is universally recognised and accepted as correct and proper;
  • balancing the interests of shareholders and other stakeholders, who may be affected by the conduct of directors or executive officers of the group, within a framework of accountability;
  • establishing and maintaining mechanisms to minimise or avoid potential conflicts of interest between the business interests of the group and personal interests of directors or executive officers;
  • disclosing matters that are material to the business of the group or the interests of stakeholders timely and accurately;
  • finding the correct balance between conforming with governance constraints and performing in an entrepreneurial way;
  • achieving a balanced economic, social and environmental performance and implementing a best-practice corporate citizenship framework;
  • enabling efficient and effective functioning of the Enterprise-wide Risk Management Framework; and
  • complying, in substance, with the provisions of the Code of Corporate Practice and Conduct of the King Report on Corporate Governance (King II), the Banks Act Regulations, other sources of corporate governance best practice and requirements of Nedcor’s holding company, Old Mutual plc.


Strategy

The board is responsible to the shareholders and other stakeholders for setting the strategic direction of the group through defining objectives and key policies together with top management, which are then cascaded throughout the organisation.

Stringent investment and performance criteria are determined and refined by the board. These are monitored on an ongoing basis through business plan reviews, key operational and management performance indicators, economic policies and trends, annual budgets and major capital expenditure programmes, significant acquisitions, disposals and other transactions, as well as criteria important to Nedcor’s relations with its primary stakeholders and its reputation and conduct as a good corporate citizen.

The above process is supported by a schedule of matters reserved for the board, versus those that are delegated to board committees, to ensure that the directors maintain full and effective control over the group of companies, specifically regarding significant strategic, financial, organisational and compliance matters.

The board is accountable to Nedcor’s shareholders for exercising leadership, enterprise, integrity and judgement in directing the organisation to achieve continuing prosperity in the interests of all the group’s stakeholders.

There has been significant work done to ensure consistency between the board’s objectives and strategy and the Strategic Recovery Programme/management strategy as a key means of ensuring closer strategic alignment between the board and management, as well as closer alignment with the strategy of Old Mutual plc.

Dedicated strategy sessions for Group Exco and between the board and Group Exco are held to focus on strategy determination and revision.

The board of directors

Role and composition at 31 December 2004

Nedcor has a unitary board structure comprising 18 directors. Of these, nine are considered to be independent non-executive, as defined by King II, six non-executive and three executive directors.

The Nedbank Limited Board has the same structure and composition but separate meetings are held.

33% of the directors are black generic in terms of the Financial Sector Charter definitions at 31 December 2004.

Of the six non-executive directors, five, including the Chairman, are disqualified as independent by virtue of the fact that they also serve as directors on the board of the group’s holding company, Old Mutual plc.

The non-executive directors all have a high degree of integrity and credibility, and the strong independent composition of the board provides for objective input into the decisionmaking process, thereby ensuring no one director holds unfettered decisionmaking powers.

The directors come from diverse backgrounds and bring to the board a wide range of experience in commerce and banking. The directors have access to management, whenever required.

A brief resumé of each director can be found here.

Board appointment and evaluation

Board appointments are conducted in a formal and transparent manner, in line with the board appointment policy, by the board as a whole, assisted by the Nedcor Directors’ Affairs Committee. Any appointments to the Nedcor Board are made taking into account the need for ensuring that the board provides a diverse range of skills, knowledge and expertise, the necessity of achieving a balance between skills and expertise and the professional and industry knowledge necessary to meet the group’s strategic objectives, as well as the need for ensuring demographic representivity.

In general, directors are given no fixed term of appointment, while executive directors are subject to short-term notice periods.An executive director is required to retire from the board at age 60, while a non-executive director is required to retire at age 70. Reappointment of non-executive directors is not automatic. Executive directors are discouraged from holding a large number of directorships outside the group.

The recent spate of corporate failures has ensured and reaffirmed that boards have to be concerned not only with organisational and management performance, but also with their own performance. Board evaluation is one way in which boards can show that they are serious about their performance and even good boards can benefit from a properly conducted evaluation.

A full assessment of the effectiveness of the board and board committees, as well as evaluation of the Chairman of the board, has taken place during 2004, to elicit feedback from board members, which ensures constant refinement of the governance structure and responsibilities. The feedback from this board evaluation process also contributed to the production of the Regulation 38(5) report addressing the state of corporate governance within the organisation.

Board charter

The board has a formal written charter that has been updated in respect of legislative requirements, local and international codes of conduct, including King II, and best practice.

The main functions of the board covered by the charter are:
  • determining the overall objectives for the company;
  • developing strategies to meet those objectives in conjunction with management;
  • formulating company policies;
  • rating the company’s own performance;
  • assuming overall responsibility for risk management;
  • appointing the Chief Executive for the company; and
  • evaluating the performance of the company’s directors.

The charter also formalises the policies regarding board membership and composition, board procedures, the conduct of directors, risk management, remuneration, board evaluation and induction.

Board committees

The board committee structure has been revised during 2004 to ensure that it can best assist the board in the discharge of its duties and responsibilities.

The current committees are:
  • Group Audit Committee;
  • Group Risk Committee;
  • Group Remuneration Committee;
  • Group Credit Committee;
  • Group Directors’ Affairs Committee;
  • Group Transformation and Sustainability Committee;
  • Board Strategic Innovation Management Committee; and
  • Group Finance Oversight Committee.

The combined Audit Risk and Compliance Committee (ARC) was separated into individual Risk and Audit Committees, with separate charters, following discussions with the South African Reserve Bank, and in line with the new Banks Act amendments and recommendations of various good-practice codes.

The previous Social and Environmental Committee has been replaced by a Group Transformation and Sustainability Committee, reflecting the importance that these issues hold for the finance sector in South Africa.

Separate Risk and Directors’ Affairs Committees have been established for the Nedcor Group and Nedbank, and separate meetings held to ensure adequate focus on the interests of the bank.

Other changes are as follows:
  • Compliance responsibility has been mandated to the Directors’ Affairs Committee.
  • In future operational risk shall be monitored by the Group Risk Committee.
  • The previous Group Market Risk Committee is now absorbed into the Group Risk Committee.
  • The Heads of Credit Risk and Group Risk are to be members of the Group Credit Committee for the approval of large exposures only.

Each board committee has formal written terms of reference that are reviewed on an annual basis and are effectively delegated in respect of certain of the board’s responsibilities, which are monitored by the board to ensure it retains effective coverage and control over the operations of the group.

Group Audit Committee

The functions of the Group Audit Committee are primarily to assist the board of directors in its evaluation and review of the adequacy and efficiency of the internal control systems, accounting practices, information systems and auditing processes applied within a bank in the day-to-day management of its business; and to introduce measures to enhance the credibility and objectivity of financial statements and reports prepared with reference to the affairs of a banking group. The Group Audit Committee has satisfied its objectives for the year in accordance with its terms of reference.

Group Finance Oversight Committee

As of 1 March 2004 Nedcor established the Group Finance Oversight Committee under the chairmanship of experienced banker, Chris Ball, who is an independent non-executive director of the group. The mandate of this committee is to ensure that the group’s accounting and control systems meet the highest standards. The committee’s objective is to act primarily as a board discussion forum to ensure that the group’s risk universe, spectrum of activities, organisational structure and management methodologies are appropriate and effective.

 

Group Directors’ Affairs Committee

The primary role of the Directors’ Affairs Committee is to consider, monitor and report to the board on strategic risk, reputational and compliance risk, compliance with King II and the corporate governance provisions of the South African Banks Act 1990 and the regulations issued thereunder, as well as to act as a nomination committee.

 

Group Credit Committee

The primary role of the Group Credit Committee is to approve credit policies and philosophy, set credit limits and guidelines, confirm that procedures are in place to manage and control credit risk, approve the adequacy of interim and year-end provisions and ensure that the quality of the group’s credit portfolio is in accordance with these requirements by monitoring various credit risk information, processes and disclosure. This primary role is a monitoring function. An important secondary role of this committee is the approval of advances above sanctioned and regulatory authority levels.

 

Group Risk Committee (formerly Group Market Risk Committee)

In terms of the Banks Act a risk committee is required to assist a board of directors in evaluating the adequacy and efficiency of risk policies, procedures, practices and controls identifying the build-up and concentration of risk developing risk mitigation techniques ensuring formal risk assessment identifying and monitoring key risks facilitating and promoting communication through reporting structures and ensuring the establishment of an independent risk management function and other related functions.

The Group Risk Committee’s primary focus is therefore the monitoring across the group of the management and assessment of risk, including market and trading risks, financial instruments (derivatives) usage, Asset and Liability Management Division (ALM) risks, the Group Asset and Liability and Executive Risk Committee (Group ALCO) process and functions, intragroup investment exposures and risks related to the underwriting of share issues.

Group Remuneration Committee

The Group Remuneration Committee consists of non-executive directors only and is chaired by an independent non-executive director.

The committee is authorised to approve the aggregate of adjustments to the remuneration of staff below executive director and divisional director level. Adjustments to the total remuneration of members of the Group Exco are individually approved by the Remuneration Committee. Adjustments to executive directors’ total remuneration are individually approved by the board following recommendations made by the Remuneration Committee. This committee is also charged with the supervision of the Nedcor Group Employee Incentive Scheme, and is involved in executive officer succession policy. The Remuneration Committee considers remuneration in its totality in an integrated and holistic manner, thereby assisting the board in discharging its corporate governance duties related to remuneration strategy, structure and costs.

The Remuneration report covers all the corporate governance aspects and disclosure with respect to remuneration of directors.

Board Strategic Innovation Management Committee

The Board Strategic Innovation Management Committee has the broad responsibility to monitor all issues pertaining to information technology, both operational and strategic, in as much as these may impact the business, financial, performance, risk profile and information technology strategy of the group. This committee aims to ensure alignment of the prioritisation and magnitude of IT development spend and investment with overall group strategy and direction.

 

Group Transformation and Sustainability Committee

This newly constituted committee has a broad responsibility to monitor all issues pertaining to the integrated economic, social, environmental and transformation performance of the group.

This committee is charged to assist the board in discharging its responsibility to ensure the group proactively addresses the requirements/recommendations for integrated sustainability reporting as laid out in King II and the Global Reporting Initiative, an international multi-shareholder process whose mission is to develop guidelines for sustainability reporting, as well as to give the needed attention at board level to the Financial Sector Charter (FSC), black economic empowerment and social and environmental responsibility issues.

The board committee structure is also supported by a structure of group executive management committees.
       

structure: Nedcor board
structure: Nedcor board

       

Chairman and Chief Executive

In line with the requirements of a myriad of best-practice codes the roles of Chairman and Chief Executive are separate. The board is led by the Chairman, Warren Clewlow, and the executive management of the group is the responsibility of the Chief Executive, Tom Boardman.

This clearly accepted division of responsibilities at the helm of the company ensures a balance of authority and power, so that no one individual has unrestricted decisionmaking powers. At the same time the board and executive management work closely together in determining the strategic objectives of the group.

Company Secretary and director development

All directors have access to the advice and services of the Company Secretary, as well as the Enterprise Governance Division, who are responsible for ensuring that board procedures and applicable rules and regulations are fully observed. Further to this, the board has agreed and established a procedure in furtherance of its duties whereby directors may obtain independent professional advice at the expense of the company.

New directors are informed of their duties and responsibilities by way of an induction course that is run by the Company Secretary and other experts on board effectiveness, corporate governance and banking/technical information, familiarising the directors with the bank’s senior management and strategies. Briefing of the board takes place on an ongoing basis to ensure that members are kept up to date with local and international industry developments, technology issues, risk management and corporate governance best practice.

Succession planning

Succession planning is an important focus area at board as well as executive and senior management level. Detailed and intensive planning is conducted through the Chairman’s Office in consultation with the Directors’ Affairs and Group Remuneration Committees.

The Chief Executive is required to report regularly to the board on the group’s management development and employment equity programmes.

Business governance

This area of governance performance focuses on adding value to the business by leveraging the worth created by conformance. Business governance forms the link between the strategic objectives set by the board and board committees and the actions and decisions taken by the management committees. Primary attributes of this portfolio are the reviewing, implementing and monitoring of structures, internal controls and compliance to the principles of good governance at a management level, involving the functions of the Group Exco, divisional executive committees, operational risk committees, Group Exco subcommittees and all other management committees. Business governance will drive the culture of good governance at all levels of the organisation.

The Executive Strategic Innovation Management Committee assists the Group Exco and the Board Strategic Innovation Management Committee in discharging their responsibilities to ensure that the Nedcor Group has a well-coordinated, efficient, effective and properly resourced IT strategy that enables the organisation to remain highly competitive and that this strategy is timely implemented.

Group ALCO and Executive Risk Committee is responsible for ensuring that the impact of the following risks are being effectively managed in the Nedcor Group:
  • liquidity risk;
  • interest rate risk, both local and foreign;
  • foreign exchange rate risk, including currency translation risk;
  • trading market risk; and
  • market risk in respect of financial instruments used for purposes other than trading (eg balance sheet hedges and investments).

The roles of the Basel II Steering Committee is to promote, direct and oversee the successful implementation of the new Basel Capital Accord (Basel II) across the Nedcor Group and, particularly, to monitor and direct its implementation.

The Executive Transformation Committee is responsible for transformation and the implementation of FSC requirements.

The Mergers and Acquisitions (M&A) Steering Committee ensures proper corporate governance, oversight and control of corporate actions taken by the group as a whole. All operational acquisitions, disposals, restructuring and major corporate actions within the group will be brought to the M&A Steering Committee.

The Group Capital Management Committee’s primary role is to review, monitor, recommend and execute the utilisation/investment/disposal/optimalisation of shareholders’ capital throughout the Nedcor Group.

The primary role of the Human Resources Committee is twofold: statutory compliance in respect of labour legislation and the recruitment, selection, remuneration, performance management, maintenance, training, development and, where necessary, termination, of Nedcor Group employees and potential employees.

The Strategic Recovery Committee has responsibility to establish and maintain the recovery process and infrastructure, synthesise the recovery plan, monitor and facilitate the recovery of the bank, and identify and coordinate crosscutting initiatives. The committee is assisted in discharging the responsibilities stated above by the Strategic Recovery and Turnaround Office (SRTO).

The primary role of the Executive Taxation Committee is monitoring tax compliance and tax policy and ensuring the management of tax risk throughout the Nedcor Group in accordance with the Nedcor Limited tax policy. Furthermore, the committee assists the Group Audit and Group Risk Committees in discharging their responsibilities relative to the management and monitoring of tax risk.

The Nedbank Capital Investment Committee’s primary role is considering private equity and mezzanine equity investments and the underwriting of share issues, including initial approval, periodic reviews and any material changes.

The primary role of the Property Investment Committee is considering private equity investments in client-driven property ventures and strategic investments in the listed property sector and allied service companies.

Risk management

Risk management in the financial services industry is a fundamentally important process in ensuring profitability, growth and long-term sustainability.
  • Regulation 38 of the Banks Act states that the ‘ . . . process of corporate governance includes the maintenance of effective risk management’.
  • The King Report on Corporate Governance 2002 has a dedicated risk management section (Section 3) detailing a board’s responsibility for designing, implementing and monitoring the process of risk management and setting risk appetite limits or tolerance.
  • The proposed new Basel II will enforce a significant increase in risk management sophistication and reporting internationally.

These driving forces have ensured ongoing focus on the role played by risk management in the corporate governance process and vice versa.

The Nedcor Board acknowledges its responsibility for the entire process of risk management, as well as for forming an opinion on the effectiveness of this process. Management is accountable to the board for designing, implementing and monitoring the process of risk management, and integrating it within the day-to-day activities of the group. The board is ultimately responsible for any financial loss or reduction in shareholder value suffered by the group. It is therefore responsible for ensuring that proper risk management and monitoring systems are in place.

The Group Risk Committee is responsible for assisting the board in reviewing the risk management process and any significant risks facing the group. Nedcor has adopted a comprehensive risk management strategy and methodology, enterprise-wide risk management, which has the principles of corporate governance best practice embedded in its foundation.

The Enterprise-wide Risk Management Framework consists of what it calls its ‘three layers of defence’:
  • enterprise-wide risk management forums and individual responsibilities;
  • risk management and corporate governance committee structures; and
  • executive management responsibility by key risk area and operation/function.

A Key Issues Control Log has been developed as a tool to assist in achieving good governance. It represents a holistic, yet focused, view of any issues that require attention, raising concerns around these as well as actions being taken to address them. This form of risk reporting strongly supports the move towards greater transparency in reporting.

The Basel II requirements are being dealt with by way of a comprehensive Basel II compliance plan, which will further enhance the risk management process. The group approach to Basel II involves building advanced risk and capital management capabilities, leveraging off the significant investment in Nedcor’s Basel II Programme as the catalyst. This approach also facilitates the comprehensive implementation of enterprise-wide risk management in Nedcor.

See the Risk Management and Basel II sections for a more comprehensive discussion.

Enhanced internal audit operational risk functions

Key roleplayers within the Enterprise Governance Framework of the bank are Group Internal Audit and Operational Risk.

 

Internal Audit

The Group Internal Audit Division is the one centralised assurance unit whose functions have not in any way been transferred down to divisional level in the recent restructuring. The Head of Internal Audit, Terry Lamont-Smith, reports to the Chair of the Audit Committee and to the Head of Internal Audit for Old Mutual plc. For day-to-day operations he forms part of the Chief Risk Officer’s management team, from where the optimal sharing of risk identification information can take place. Previously the Operational Risk Management Unit reported to Internal Audit, but it now reports directly into Group Risk.

A formal charter is in place to regulate the functions of the Internal Audit Division. Internal Audit plays an essential independent assurance and monitoring role. An audit plan for Internal Audit is also in place, based on risk assessments and issues raised at board and subcommittee meetings.

Internal Audit has dedicated teams that perform the internal audit functions for Nedcor’s subsidiaries and joint ventures. Audits are conducted throughout the various business units at 12-, 24- or 36-month intervals, depending on the risk profile of a business unit, with high-risk areas being audited on an annual basis.

The 2004 audit plan focused on the following key areas: adequacy of credit provisioning and AC133 impacts; DI500 reporting, Treasury; suspense accounts; anti-money-laundering; Group Finance restructuring; Group ALCO and capital management; Strategic Recovery Programme; overall risk management and governance; and Peoples Bank credit provisioning and process.

Internal Audit also works closely with the Enterprise Governance and Compliance Division to ensure that any audit issues of an ethical or governance nature are made known for followup and resolution.

Operational risk

The board of directors approved the ‘Barnowl’ operational risk assessment and monitoring methodology during 2003 as the official tool to meet the qualitative requirements of operational risk management within Nedcor. Barnowl is a sophisticated web-based tool with an embedded risk assessment methodology used for the identification, assessment, management, monitoring and reporting of risk. Risk profiling can be performed at different levels within the organisation, ie strategic, business unit and process.

Its implementation across the group, first by division, then by business unit, has not advanced as far as originally planned due to significant organisational restructuring and the fact that risk officers had to be appointed and trained to drive the risk assessment processes in the business.

A revised implementation plan has been approved by the Chief Risk Officer, and full implementation is scheduled for 2005.

Internal control

An essential part of the board’s responsibility is reviewing the effectiveness of internal control, making use of the monitoring processes within the company.

The detailed design, implementation and operation of adequate internal controls are generally delegated to the management team of Nedcor Limited. These controls provide reasonable assurance that significant risks are appropriately managed, that management and financial information emanating from Nedcor Limited is reliable and that assets are safeguarded. This, together with the associated responsibility for reviewing periodically the effectiveness of such internal control, is formally acknowledged by the head of each business unit once a year. Regulation 39(4) of the Banks Act requires that a board of directors reports annually to the Registrar of Banks on the adequacy of internal controls, adherence to these, maintenance of ethical standards, any material malfunctions and whether a bank will continue as a going concern.

The board reports that:
  • no material malfunction in the group’s internal control system has occurred during the period under review;
  • it is satisfied with the effectiveness of the group’s internal controls and risk management;
  • whenever there is an indication of any significant business risk, or any weakness in controls, that may result in loss or reputational damage, these are recorded and disclosed in a formal Key Issues Control Log, which is lodged periodically with the board (management has reviewed the issues recorded in the Key Issues Control Log during the year and considered when and why the issues arose, whether they have been resolved and, if not, action plans and timelines for their resolution);
  • it has no reason to believe that the group will not operate as a going concern for the year ahead;
  • it has no reason to believe that the group’s code of ethics has been transgressed in any material respect;
  • it has no reason to believe that the group’s policies and authority levels have not been enforced and adhered to in any material respect;
  • there have been no material breaches of compliance with any laws and regulations applicable to the group during the period under review; and
  • there is a documented and tested process in place that will allow the group to continue its critical business processes in the event of a disastrous incident affecting its activities.

In the Nedcor Group a process and hierarchy for reporting on internal control have been approved by the Group Audit Committee on behalf of the board, and is reviewed on an ongoing basis by Internal Audit and Group Risk.

Personal share dealings

Nedcor has a formal policy and set of rules for personal account trading in place, which are based on current legislation and international good practice. These rules prohibit directors and employees from dealing in Nedcor shares during defined closed periods prior to the announcement of interim and final results or in any other period considered sensitive.

All personal account trading is subject to authorisation by the independent Compliance function. Such dealings also require the prior approval of an individual’s senior manager.

Any non-compliance with the policy is reported to the Directors’ Affairs Committee by the Chief Compliance Officer, and disciplinary action is taken.

All dealings by directors in Nedcor shares are advised to the Listings Division of the JSE, as dictated by the JSE Listings Requirements, and such information is published through SENS.

The group further has an insider-trading policy to assist directors and affected employees with their commitment towards maintaining a culture of integrity, adhering to legislative requirements and enforcing zero tolerance of crime.

Financial statements and external review

Going concern

The directors of Nedcor confirm that they are satisfied that the group has adequate resources to continue in business for the foreseeable future. The assumptions underlying the going-concern statement are debated and recorded at the time of the approval of the annual financial statements by the board.

This was also done as part of the interim results process. For this reason the Nedcor Board continues to adopt the going-concern basis for preparing the financial statements.

Directors’ declaration

The directors of Nedcor confirm and acknowledge that:
  • it is the directors’ responsibility to prepare financial statements that fairly present the state of affairs of the company at the end of the financial year, and the profit or loss and cash flows for that period;
  • the auditors are responsible for reporting on whether the financial statements are fairly presented;
  • adequate accounting records and an effective system of internal control and risk management have been maintained;
  • appropriate accounting policies, supported by reasonable and prudent judgements and estimates, have been used consistently, except as otherwise disclosed; and
  • applicable accounting standards have been adhered to or, if there has been any departure in the interest of fair presentation, this has been disclosed, explained and quantified.

External auditors

The group’s joint external auditors are Deloitte & Touche and KPMG Inc.

The report of the independent auditors sets out the responsibilities of the external auditors with regard to reviewing the financial statements and the group’s compliance with both statutory and accounting standard requirements.

The external audit is structured to provide sufficient evidence to give reasonable assurance that the financial statements are free from material misstatement. The audit review also considers the external auditors’ support of the directors’ statements on going concern and adequacy of the internal control environment.

The external auditors provide non-audit services to Nedcor through their consulting divisions.

A policy, in line with that of Old Mutual plc, regarding the provision of non-audit services by the group’s auditors is in place. This process is structured between management and the external auditors to ensure that the guidelines, requiring approval by the Chief Financial Officer, Chief Executive or Audit Committee, depending on the amount of fees involved, are adhered to and monitored by the Audit Committee and Old Mutual plc Audit Committee on a six-monthly basis.

The total fees for non-audit services provided by the external auditors for the year ended 31 December 2004 were R41,4 million (2003: R41 million). This amounts to 41% of total audit and non-audit services (2003: 44%). The non-audit services focused on the rights offer circular, credit impairment modelling, AC133 implementation, value-added tax (VAT) and International Financial Reporting Standards (IFRS) implementation.

A governance review by the external auditors found that Nedcor was substantially in compliance with the structural components of corporate governance and that Nedcor is making progress in the continual improvement of its governance processes.

Stakeholder dialogue

Nedcor believes that open discussion and interaction with all our stakeholders is fundamental to strengthen our operations continuously and ensure that their needs and concerns are addressed within the strategy of the group. Share owners specifically, as well as the other stakeholders, are encouraged to attend the annual general meeting and other meetings as vital communication forums. Clients of the bank are also communicated with by way of letters and statements through the post, flyers, information within the branch network and the internet. Employees are briefed on developments through regular business communication emails, staff periodicals and by way of a very comprehensive intranet.

Internet site

Nedcor’s internet site (www.nedcor.com) has extensive information on the group, its annual, preliminary, interim and sustainability reports and the price of its shares. It also provides a regular update on business developments and other matters of interest in relation to the Nedcor Group.

 

Code of ethics and organisational integrity

Nedcor is committed to organisational integrity and high standards of ethical behaviour in its dealings with all the group’s stakeholders.

A revised code of ethics has been approved for the group, which focuses on both the internal behaviour of our employees, linked to the group values, as well as our commitments to external stakeholders. The code is available on our internet and intranet sites.

Training and awareness programmes for our employees regarding the code will be rolled out during 2005, as well as an ethical barometer to measure our progress in further embedding ethics into our culture.

Code of Banking Practice

Nedcor subscribes to the Code of Banking Practice of the Banking Council of South Africa. This code governs Nedcor’s conduct regarding relationships with authorities, clients, competitors, employees, shareholders, local communities and other primary stakeholders.

The group has in place appropriate procedures and mechanisms to ensure that all elements of the code are adhered to fully. The Nedcor Group, primarily through its Client Services Advisory Unit, also works constructively with the Ombudsman for Banking Services’ office to ensure that client complaints are resolved appropriately and timely.

Political contributions

Nedcor fully supports the South African democratic system, but does not contribute to individual political parties.

The group’s stance is apolitical, a principle that extends to not funding projects that are specifically undertaken under the auspices of political parties. Nedbank assists with worthy causes initiated by civic organisations and it is not inconceivable that these initiatives may involve political figures.

Fraud prevention and money laundering

Nedcor will not be associated with money laundering and has introduced policies and procedures to ensure statutory duties and regulatory obligations or, in their absence, that minimum standards are complied with.

The Money Laundering Control Programme (MLCP) was implemented during 2004. The programme is governed by a steering committee consisting of business unit executives and overseen by the Chief Risk Officer to ensure ownership at all levels.

Nedcor has developed a global money laundering control policy, which is currently also being implemented in all of Nedcor’s subsidiaries to ensure compliance with the Financial Intelligence Centre Act (FICA).

Financial Advisory and Intermediary Services Act (FAIS)

This new act is designed to regulate the function of giving advice on and selling financial products. The Financial Services Board, assisted by the Advisory Committee, industry representative bodies and the statutory Ombudsman for Banking Services, will regulate the act. The act consists of 17 pieces of subordinate legislation, including four codes of conduct, fit and proper requirements, regulations and statutory reports/disclosure.

The risk of non-compliance arises from the enormity of ensuring that all affected staff (approximately 7 000 employees in the Nedcor Group) are trained and have the necessary fit and proper qualification requirements associated with the type of financial products that are being sold.

This will ensure that the selling of products and advice offered to clients is through Nedcor staff that are licensed, authorised and accredited as fit and proper by the Financial Services Board.

Compliance with FAIS is being managed centrally through a team in Group Compliance, with the assistance of the affected business units.

Sustainability reporting

Nedcor has issued a separate sustainability report in accordance with the Global Reporting Initiative (GRI) guidelines, and taking into account the recommendations of King II.

Board meetings

In 2004 the board met 12 times. It is policy for the board to meet frequently, and a formal schedule of matters is required to be submitted to the board on the basis of an annual work plan.

Additional or other matters of significance to Nedbank and the group are required to be brought to the board’s attention in a timely manner, and in a number of instances this has required the board to convene outside the scheduled plan of meetings.

The record of attendance at board and board committee meetings for Nedcor Limited and Nedbank Limited for 2004 is set out in the table below.
Refer to enterprise governance and compliance PDF
       

Occupational health and safety

Nedcor is committed to providing a healthy and safe environment for employees and clients.

For the last two years Nedcor has contracted Makrosafe to manage the online hosting and administration of the Environmental Occupational Health and Safety Management Programme. The programme has been designed to ensure that branches and buildings comply with the Occupational Health and Safety Act, 85 of 1993, as well as best international practice.

The overall compliance percentage for branches and head offices participating in the programme for 2004 is 95,7%.

More information on these aspects can be found in the Nedcor 2004 Sustainability Report.