|1.1||The board should provide effective leadership based on an ethical foundation||Applied||The board annually, at a special strategy session, considers and determines the short and long term direction and strategy of the company and provides clear guidelines to Management as to the execution of such strategies. This is based on the highest ethical standards whereby the best interests of the company and all its stakeholders are taken into consideration.|
|1.2||The board should ensure that the company is and is seen to be a responsible corporate citizen||Applied||Being a good corporate citizen means that the company respects and complies with the laws of the country and abides by non-binding rules, codes and standards. In this regard it can be safely stated that Sasfin does comply with all applicable laws, rules and codes, and has a fully staffed and experienced compliance monitoring department (also refer to 2.9 below). Being a good corporate citizen further means being there for the communities that Sasfin operates in. To this end, Sasfin is involved in a variety of CSI and other sponsorships and donations. The total donations and sponsorships spend for the year up to June 2012 was approximately R1.7 million. The group endeavours to uplift poverty, improve the quality of life and promote education and development for all South Africans. (Page 23)|
|1.3||The board should ensure that the company’s ethics are managed effectively||Applied||The Board has adopted a formal Code of Ethics which applies to all employees. A Social and Ethics Committee has been established with its own Terms of Reference to ensure that the company’s ethics in its broadest sense are managed effectively|
|Role and function of the board||2.1||The board should act as the focal point for and custodian of corporate governance||Applied||The board fully subscribes to the principles of sound corporate governance and takes its responsibility in this regard seriously. The board is the custodian of corporate governance and how it is being applied in all companies within the whole Group.|
|2.2||The board should appreciate that strategy, risk, performance and sustainability are inseparable||Applied||The board has a clear understanding that these elements are fully entwined and take full cognisance of this in determining strategy and direction.|
|2.3||The board should provide effective leadership based on an ethical foundation||Applied||Refer to 1.1 above|
|2.4||The board should ensure that the company is and is seen to be a responsible corporate citizen||Applied||Refer to 1.2 above|
|2.5||The board should ensure that the company’s ethics are managed effectively||Applied||Refer to 1.3 above|
|2.6||The board should ensure that the company has an effective and independent audit committee||Applied||An independent Group Audit & Compliance Committee is in operation in accordance with the requirements of both the Companies Act and the Banks Act, and the composition of the Committee also complies with the King III principles. The committee has comprehensive Terms of Reference to ensure that its mandate is carried out effectively. The effectiveness of the Committee is reviewed annually to ensure that it achieves its objectives.|
|2.7||The board should be responsible for the governance of risk||Applied||The board has adopted a comprehensive Risk Management Framework to manage general company risks but specifically those risks particular to the banking industry. Although the board has delegated the governance of risk to the Group Risk and Capital Management Committee, it remains the board’s responsibility.|
|2.8||The board should be responsible for information technology (IT) governance||Applied||The board has put structures in place to effectively manage information technology governance. An IT Management Committee is in operation and meets monthly and reports into the Group Risk and Capital Management Committee which meets quarterly.|
|2.9||The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards||Applied||The company has a fully staffed and experienced compliance section as part of the Legal, Compliance and Company Secretarial Department, and has put various policies, procedures and mechanisms in place to effectively monitor the company’s compliance with applicable laws and adherence to non-binding rules, codes and standards.|
|2.10||The board should ensure that there is an effective risk-based internal audit||Applied||An independent internal audit function is performed by the Group Internal Audit department headed by a seasoned and experienced Head of Internal Audit who functionally reports to the Chairman of the Audit Committee and administratively to the Chief Executive Officer.|
|2.11||The board should appreciate that stakeholders’ perceptions affect the company’s reputation||Applied||The board is fully aware of how stakeholders’ perceptions can affect the company’s reputation. This risk is appropriately managed as part of the overall risk management framework|
|2.12||The board should ensure the integrity of the company’s integrated report||Applied|| The Group adopted the “Combined” or “One Report” approach in the development of its first integrated annual report in 2011. In the current year, the Group seeks to enhance the structure and content of the report as part of its journey. In particular, there is a greater focus on financial sustainability reporting across all areas of the business. The Group has adopted a combined assurance approach to assist in maintaining control and oversight of the key material reporting issues (also refer 3.5 below)
Further steps are being taken by the Group to enhance its journey towards an all-encompassing integrated annual report.
|2.13||The board should report on the effectiveness of the company’s system of internal controls||Applied||The Audit Committee Report as contained in the integrated annual report deals fully with the effectiveness of the Company’s system of internal controls. (Pg.45/46)|
|2.14||The board and its directors should act in the best interests of the company||Applied||The board consists of competent and experienced directors, the majority of whom are non-executive, who collectively always act in the best interests of the company.|
|2.15||The board should consider business rescue proceedings or other turnaround mechanisms as soon as the company is financially distressed as defined in the Act||Applied||The company and its subsidiaries are currently in a sound financial position but will consider business rescue proceedings or other turnaround mechanisms if required, should the company or any of its subsidiaries become financially distressed as defined in the Act.|
|2.16||The board should elect a chairman of the board who is an independent non-executive director. The CEO of the company should not also fulfill the role of chairman of the board||Applied||The board is chaired by an independent non-executive director, and the CEO of the company does not fulfill the role of Chairman of the board.|
|2.17||The board should appoint the chief executive officer and establish a framework for the delegation of authority||Applied||The board has appointed the Chief Executive Officer and a framework for the delegation of authority is in place.|
| Composition of
|2.18||The board should comprise a balance of power, with a majority of non-executive directors. The majority of non-executive directors should be independent||Applied||The board comprises of nine directors, seven of whom are non‑executive and two are executive directors. Of the seven non‑executive directors, six are independent.|
|Board appointment process||2.19||Directors should be appointed through a formal process||Applied||The appointment of directors takes place through a formal process through the Directors’ Affairs and Nominations Committee which makes suitable recommendations to the Board, and all appointments are also sanctioned by the South African Reserve Bank. Directors’ appointments / re-election are subject to shareholder approval at the Annual General Meeting.|
|Director development||2.20||The induction of and ongoing training and development of directors should be conducted through formal processes||Applied||Non-executive directors are selected through a formal process and when new non-executive directors are appointed, such appointments require confirmation at the next annual general meeting. Non-executive directors are appointed for a specific term and their reappointment is not automatic. The appointment of all directors is subject to Reserve Bank approval. Upon being appointed, non-executive directors are subject to a formal induction program with presentations by all the main operating divisions to bring them up to speed with the nature and extent of the Group’s business environment, its operations and sustainability issues relevant to the business. Although there were no appointments to the board during the period under review, new directors have in the past attended specialised courses at the Gordon Institute of Business Science (GIBS) , and external training is given to directors by means of ad hoc presentations throughout the year. (pg. 26)|
|Company secretary||2.21||The board should be assisted by a competent, suitably qualified and experienced company secretary||Applied||The Board is assisted by a competent, suitably qualified and experienced Company Secretary. The current Group Company Secretary is Howard Brown, who is not a director of the Company and is an attorney with over twenty years of experience in the corporate and company law arena, and who also fulfills the statutory role of Group Compliance Officer as required by the Banks Act. (Pg 30)|
|Performance assessment||2.22||The evaluation of the board, its committees and the individual directors should be performed every year||Applied||A formal process is followed whereby the effectiveness of the board and individual directors are evaluated each year. For the past few years board effectiveness was evaluated through an internal process but an external board evaluation process will be followed during 2013 and then every third year thereafter. The effectiveness of each committee is evaluated each year by means of a questionnaire completed by both members and invitees (except the external auditors in respect of the Group Audit and Compliance Committee, to preserve their independence) to committee meetings. The results of the questionnaires are submitted to each committee for discussion and noting of any particular comments made by any member or invitee, with a view to constantly enhance the effectiveness of the particular committee. The results of all committee evaluations are also submitted to the Board for noting.|
|Board committees||2.23||The board should delegate certain functions to well-structured committees but without abdicating its own responsibilities||Applied||The following Board Committees had been established, each with its own Terms of Reference as their mandates. The Terms of References are reviewed annually by the Board:
|Group boards||2.24||A governance framework should be agreed between the group and its subsidiary boards||Applied||The same governance framework that is in force for Sasfin Holdings and Sasfin Bank is applied within the subsidiary companies of the Group. The GACC also performs the role of the Audit Committee for wholly-owned subsidiaries.|
|Remuneration of directors and senior executives||2.25||Companies should remunerate directors and executives fairly and responsibly||Applied||The board has delegated the responsibility of determining the remuneration of executive directors and senior management to the Human Resources and Remuneration Committee. The Committee aims to give the executive directors and senior management every encouragement to enhance Sasfin’s performance and to ensure that they are fairly, but responsibly rewarded for their individual contribution and performance|
|2.26||Companies should disclose the remuneration of each individual director and certain senior executives||Applied||The remuneration of each individual director and certain senior executives are fully disclosed in the integrated annual report available on the Company’s website (Pages 49 & 95))|
|2.27||Shareholders should approve the company’s remuneration policy||Applied||The Company’s Remuneration Policy, as fully set out in the integrated annual report (Page 36), is tabled to shareholders for a non-binding advisory vote at each Annual General Meeting.|
|3.1||The board should ensure that the company has an effective and independent audit committee||Applied||Refer 2.6 above|
|Membership and resources of the audit committee||3.2||Audit committee members should be suitably skilled and experienced independent non-executive directors||Applied||The GACC consists of three independent non-executive directors and one non‑executive director who are suitably skilled and experienced to effectively execute the Committee’s mandate and terms of reference as required in terms of the Companies Act and the Banks Act.|
|3.3||The audit committee should be chaired by an independent non-executive director||Applied||The GACC is, and has always been, chaired by an independent non-executive director.|
|Responsibilities of the audit committee||3.4||The audit committee should oversee integrated reporting||Applied||The GACC oversees integrated reporting and annually considers the draft integrated annual report before submission to the Board for final approval.|
|3.5||The audit committee should ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities||Applied|| The Group has adopted a combined assurance approach in assisting the board, audit committee and executive management to maintain control and oversight of the key material reporting issues. In addition to independent assurance by external auditors over the Group’s financial statements, the various regulatory bodies including the SARB, FSB, JSE and certain legal experts also provide assurance on the Group's internal controls and compliance (Page 33).
The GACC is satisfied that Management, together with internal and external assurance providers and Regulators, are providing sufficient assurance that significant risk areas within the Company are adequately covered and addressed, and that suitable controls are in place to mitigate those risks.
|Internal assurance providers||3.6||The audit committee should satisfy itself of the expertise, resources and experience of the company’s finance function||Applied||The Company has a fully staffed and experienced Finance function and the GACC is satisfied with the expertise, resources and experience of individual employees within the Finance department and of the Finance function as a whole.|
|3.7||The audit committee should be responsible for overseeing of internal audit||Applied||Internal Audit is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It assists the Group to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. The GACC annually considers and approve an Internal Audit Plan for the year and quarterly Internal Audit reports are being submitted to the GACC on its activities for the quarter against the approved internal audit plan.|
|3.8||The audit committee should be an integral component of the risk management process||Applied||The GACC is a key element in the overall governance structure of the Group and its subsidiaries which in conjunction with the GRCMC forms an integral part of the risk management process.|
|External assurance providers||3.9||The audit committee is responsible for recommending the appointment of the external auditor and overseeing the external audit process||Applied||This responsibility is diligently carried by the GACC and is confirmed in the integrated annual report (page 46).|
|Reporting||3.10||The audit committee should report to the board and shareholders on how it has discharged its duties||Applied||A Committee Effectiveness Review is performed annually by means of a questionnaire completed by both members and invitees (except the external auditors, to preserve their independence) to Committee meetings, and the outcome is reported to the Board. A comprehensive Audit Committee Report to shareholders on the functions and activities of the audit committee is included in the company’s integrated report (pages 45 & 46).|
|4.1||The Board should be responsible for the governance of risk.||Applied||The board’s responsibility for risk governance is expressed in the board charter. The approach to risk management is based on defined governance structures and processes; and reliance on both individual responsibility and collective oversight.|
|4.2||The board should determine the levels of risk tolerance||Applied||The Board has an approved Risk Appetite Framework which clearly defines the Board’s risk appetite and levels of risk tolerance. The Framework includes a risk appetite statement for each of the following risks:
|4.3||The risk committee or audit committee should assist the board in carrying out its risk responsibilities||Applied||The Group Risk & Capital Management Committee and, in some respects, also the Group Audit & Compliance Committee, assists the Board in carrying out its risk responsibilities.|
| Management’s responsibility
for risk management
|4.4||The board should delegate to management the responsibility to design, implement and monitor the risk management plan||Applied||The Board has delegated this responsibility to Management who has drafted the Group’s Risk Management Framework, which had been considered and approved by the Group Risk and Capital Management Committee for ratification by the Board.|
|Risk assessment||4.5||The board should ensure that risk assessments are performed on a continual basis||Applied||Risk assessments are being performed on a continual basis and reported to the Group Risk and Capital Management Committee quarterly.|
|4.6||The board should ensure that frameworks and methodologies are implemented to increase the probability of anticipating unpredictable risks||Applied||Sasfin recognizes that the business of banking and financial services is conducted within an environment of complex interrelated risks. Accordingly, a philosophy of integrated risk management has been established within the Sasfin to ensure that all business and operational risks are managed effectively within acceptable parameters. In this regard, Sasfin has implemented an Enterprise Risk Management approach to break down the silos of individual risks, and enables management to review and understand an overall perspective on risks. The Sasfin Enterprise Risk Management Policy applies to all group companies, divisions and departments of Sasfin Holdings Limited. (Page 31)|
|Risk response||4.7||The board should ensure that management considers and implements appropriate risk responses||Applied||A Risk Register is maintained which contains management’s responses to identified risks. Risk response tends to be based on cost/benefit ratios and looks at processes in place/to be put in place to mitigate identified risks.|
|Risk monitoring||4.8||The board should ensure continual risk monitoring by management||Applied||Refer to 4.6 above|
|Risk assurance||4.9||The board should receive assurance regarding the effectiveness of the risk management process||Applied||This is included in the Risk Management and Internal Audit processes.|
|Risk disclosure||4.10||The board should ensure that there are processes in place enabling complete, timely, relevant, accurate and accessible risk disclosure to stakeholders||Applied||Processes are in place and the outcome is included in the integrated annual report.|
|5.1||The board should be responsible for information technology (IT) governance||Applied||IT is an integral part of Sasfin's business and is fundamental to the support, growth and sustainability of the Group. IT within the Group is directed by a dedicated Chief Information Officer and the overall responsibility for IT governance lies with the Board. An Information and Security Governance Manager was appointed to address IT governance, and reports to the Chief Information Officer (Pg. 29)|
|5.2||IT should be aligned with the performance and sustainability objectives of the company||Applied||Through the IT strategy, the IT roadmap is aligned to the Group’s business objectives to ensure that IT consistently enables sustainable value driven solutions and services to the Group. (Pg. 29)|
|5.3||The board should delegate to management the responsibility for the implementation of an IT governance framework||Applied||A dedicated Information Technology Department, headed by the Chief Information Officer, is responsible for the implementation of the board approved IT governance framework. The IT Governance Framework has been implemented and reporting is performed at various levels.|
|5.4||The board should monitor and evaluate significant IT investments and expenditure||Applied||An IT Project Management Office is in place to align and structure processes to better measure and manage the overall IT portfolio by ensuring that the appropriate project management principles are applied to all new IT projects. Significant IT investments and expenditure is overseen by the board to ensure proper value delivery of IT and that the expected return on investment from significant IT investments and projects is delivered and that the information and intellectual property contained in information systems are protected.|
|5.5||IT should form an integral part of the company’s risk management||Applied||The Group has adopted Control Objectives for Information and Related Technology (“COBIT”) as a guideline for establishing and maintaining effective internal controls, including compliance, continuity management and risk. Continuous risk assessments are performed and risks are raised and reported on to the Group Risk and Capital Management Committee.|
|5.6||The board should ensure that information assets are managed effectively||Applied||And IT governance framework is in place to assist the board to ensure that information assets are managed effectively and properly. Information security protects information assets against the risk of loss, operational discontinuity, misuse, unauthorized disclosure, inaccessibility and damage. This is addressed through the Data Management Strategy.|
|5.7||A risk committee and audit committee should assist the board in carrying out its IT responsibilities||Applied||An IT Operations Committee (“IT Opsco”) meets monthly which reports into an IT Management Committee (“IT Manco”) which meets quarterly or ad hoc when required. The IT Manco reports into the Group Risk and Capital Management Committee on a quarterly basis. Continuous risk assessments are performed and risks are raised and reported on to the Group Risk and Capital Management Committee.|
|6.1||The board should ensure that the company complies with applicable laws and considers adherence to nonbinding rules codes and standards||Applied||Sasfin's independent compliance function has been established in terms of Regulation 49 of the Banks Act, other pertinent legislation including the FAIS Act, the Security Services Act, the National Credit Act and the Protection of Personal Information Act, once finalised, as part of its risk management framework. The objective of the function is to ensure that the Group continuously manages its regulatory risk and complies with applicable laws, regulations and supervisory requirements. Sasfin further fully subscribes to adherence to nonbinding rules, codes and standards, including the principles of the King III code on corporate governance.|
|6.2||The board and each individual director should have a working understanding of the effect of the applicable laws, rules, codes and standards on the company and its business||Applied||The Board consists of highly educated and experienced nonexecutive and executive directors, each of whom has more than a working understanding of the effect of the applicable laws, regulations, rules, codes and standards on the company and the Group.|
|6.3||Compliance risk should form an integral part of the company’s risk management process||Applied||Compliance risk is monitored and reported on by an independent compliance function housed in the Legal, Compliance, and Company Secretarial department as well as a dedicated Regulatory Compliance Officer in the Finance department.|
|6.4||The board should delegate to management the implementation of an effective compliance framework and processes||Applied||The board has dedicated the implementation of an effective compliance framework and processes to an independent compliance function as part of the Legal, Compliance and Company Secretarial department.|
|The need for and role of internal audit||7.1||The board should ensure that there is an effective risk based internal audit||Applied||An internal Audit function is in place. Internal audits are conducted on a risk based approach as advocated by the Institute of Internal Auditors|
|Internal audit’s approach and plan||7.2||Internal audit should follow a risk based approach to its plan||Applied||The compilation of the internal audit plan is risk based, where only audits assessed as appropriate through the Board’s agreed risk assessment criteria are included.|
|7.3||Internal audit should provide a written assessment of the effectiveness of the company’s system of internal controls and risk management||Applied||Apart from the written assessment provided at the end of each audit assignment, in the form of an internal audit report, a written assessment is provided annually, by the Head of Internal Audit to the Board on the effectiveness of the company’s system of internal controls and risk management.|
|7.4||The audit committee should be responsible for overseeing internal audit||Applied||Internal Audit reports functionally to the Chairman of the Audit and Compliance Committee. The committee is responsible for overseeing the internal audit function.|
|Internal audit’s status in the company||7.5||Internal audit should be strategically positioned to achieve its objectives||Applied||Internal audit reports functionally to the Chairman of the Audit Committee and Administratively to the CEO. It has unrestricted access to the Board and all Board Committees. It is a permanent invitee to the Group EXCO committee and Mancos. It is therefore appropriately and strategically positioned within the Group to achieve its objectives as an independent assurance provider to the Board.|
|8.1||The board should appreciate that stakeholders’ perceptions affect a company’s reputation||Applied||The board fully appreciates and is aware that stakeholders’ perceptions could affect the Group’s reputation. Sasfin therefore engages with key stakeholders on an ongoing basis with the objective of ensuring that the interests of all stakeholders are considered, and that key issues are addressed. The group has identified the following key stakeholders:
|8.2||The board should delegate to management to proactively deal with stakeholder relationships||Applied||The board has established a Group Marketing & Business Development and Group Strategy department to be responsible for proactive investor relations and stakeholder relationships.|
|8.3||The board should strive to achieve the appropriate balance between its various stakeholder groupings, in the best interests of the company||Applied||A summary of Sasfin's stakeholder engagements with a holistic view of the resulting material issues and the Group’s strategic response to these issues is contained in the integrated annual report in respect of all the different key stakeholders as mentioned in 8.2 above. (Pg. 12&13)|
|8.4||Companies should ensure the equitable treatment of shareholders||Applied||Sasfin makes no distinction between its treatment of shareholders in any matter or form.|
|8.5||Transparent and effective communication with stakeholders is essential for building and maintaining their trust and confidence||
|The Group Marketing & Business Development and Group Strategy department is responsible for transparent and effective communication with stakeholders by various means, including responsibility for updating the company’s website, all printed and electronic communication, the hosting of specific functions for selected groups of stakeholders, and playing a major role in the production and publication of the Group’s integrated annual report|
|Dispute resolution||8.6||The board should ensure that disputes are resolved as effectively, efficiently and expeditiously as possible||Applied||Any disputes that may arise from the Group’s engagement with its stakeholders are attended to immediately to ensure that they are resolved as effectively, efficiently and expeditiously as possible.|
|Transparency and accountability||9.1||The board should ensure the integrity of the company’s integrated report||Applied||The Board assumes full responsibility for the information and financial reporting provided in the Group’s integrated annual report by interrogating the information provided by Management, and signs off on the draft report at a full Board meeting before publication.|
|9.2||Sustainability reporting and disclosure should be integrated with the company’s financial reporting||Applied||Sustainability reporting and disclosure is fully integrated in the Groups integrated annual report as part of its overall financial reporting.|
|9.3||Sustainability reporting and disclosure should be independently assured||Explained||Sasfin assesses the sustainability of each of its units annually when approving its Business Plans, Budgets and Three-Year Forecasts. Currently, limited external assurance is obtained on sustainability reporting issues but initiatives are afoot to enhance assurance on this aspect of integrated reporting.|
The role of the Committee is to assist the board to ensure that:
The Committee will perform all the functions as is necessary to fulfil its role as stated afore and including the following:
The Committee will assist the board to comply with Section 64 of the Banks Act, viz:
and also ensures the following:
The Committee shall consider any matters relating to the financial affairs of the Bank and Holding Company boards and as well as to the internal and external audits that it determines to be necessary.
In addition, the Committee shall also examine any other matters referred to it by the board, including other Committees, or the Chief Executive Officer or Financial Director or Internal Auditor or Compliance Function, provided that it is within the Committee's scope of responsibilities.
The responsibilities of the Committee shall also be to:
The role of the committee is to assist the board to ensure that:-
The IT Committee will assist the board and Management with relation to:
The IT Committee shall consider any matters relating to the technological risk of Sasfin Bank.
In addition, the Committee shall also examine any other matters referred to it by the board, Executive Directors or the Chief Information Officer provided that it is within the Committee's scope of responsibilities.
The responsibilities of the committee shall also be to ensure that Risk Management structures are in place that enables:
of both Operating and User systems.
and including both in-house development and off-the-shelf software.
This committee will function on a group basis and is established in terms of the Banks Act. It will also take cognisance of matters that are required by the King Code regarding a Nominations committee.
The Directors' Affairs Committee will assist the board and Management with relation to:
The Remuneration and HR Committee will assist the board in providing management with guidance on the adequacy and efficiency of remuneration and HR policies, procedures and practices which are to be applied within the Group.
The Committee will operate in terms of the authorities and instructions agreed to by the board from time to time as provided in the policies.
In addition, the Committee may:-
In relation to policy with regards to the following:-
The Committee has an independent role, operating as an overseer and a maker of recommendations to the board of Sasfin for its consideration and final approval. The Committee does not assume the functions of management, which remain the responsibility of the executive directors, the general managers, officers and other members of senior management.
The role of the committee is to facilitate transformation in Sasfin by inter alia:
The Committee must perform all the functions necessary to fulfill its role as stated above and including the following:
The Committee should, inter alia, take into consideration the following in the carrying out of the terms of reference: