RBNZ Banking Supervision Handbook: BS14 Corporate Governance
|
|
| Regulator |
Reserve Bank of NZ |
| Jurisdiction |
NZ |
| Status |
live |
| Applicability |
Platform |
BS14 is the RBNZ Banking Supervision Handbook standard governing corporate governance for locally
incorporated registered banks. It defines minimum board composition standards, director
independence requirements, and the board's role in overseeing risk, compliance, and the bank's
overall soundness. BS14 is referenced in standard conditions of registration.
Key requirements include: a minimum board of five directors with a majority non-executive; at
least half the directors (including the chairperson) independent of the parent and major
shareholders; board committees for audit and risk as a minimum; board responsibility for risk
appetite, internal controls, and sound and prudent management; and RBNZ notification of proposed
board composition changes.
BS14 is being superseded by the DTA Governance Standard, which takes
effect 1 December 2028. Until that date, BS14 remains the operative governance requirement for
registered banks.
Compliance register
This register maps every material obligation under BS14 to the platform control or institutional
process that satisfies it. It is the static traceability layer for the Totara compliance report —
dynamic data (module build status, test evidence, control test dates) is overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — board governance, legal, HR. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Board composition
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS14 §4 |
Maintain a board of at least five directors |
🏛 Institutional |
GOV-004 |
Board composition is maintained by the Company Secretary. No platform control. |
— |
| BS14 §4 |
Majority of directors must be non-executive |
🏛 Institutional |
GOV-004 |
Board composition governance is institutional. No platform control. |
— |
| BS14 §4 |
At least half of directors (including the chairperson) must be independent of the bank's parent and major shareholders |
🏛 Institutional |
GOV-004 |
Independence assessment is conducted institutionally (Company Secretary / Legal). No platform control. |
— |
| BS14 §4 |
Chairperson must be independent; RBNZ non-objection required where the chairperson also sits on a parent board |
🏛 Institutional |
GOV-004 |
RBNZ notification and non-objection process is institutional. No platform control. |
— |
| BS14 §5 |
Notify RBNZ of proposed changes to board composition and obtain non-objection where required |
🏛 Institutional |
GOV-004 |
Notification process is institutional (Company Secretary / CEO). No platform control. |
— |
Board committees
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS14 §6 |
Establish a board audit committee with appropriate independence and terms of reference |
🏛 Institutional |
GOV-006 |
Board committee structure is institutional. The platform provides audit committee evidence inputs — MOD-036 (LOG) provides data lineage and return audit trails for the audit committee. |
🔨 |
| BS14 §6 |
Establish a board risk committee with appropriate independence and terms of reference |
🏛 Institutional |
GOV-002 |
Board committee structure is institutional. MOD-150 (CALC) — RAF dashboard provides the board risk committee's primary risk monitoring data input. |
🔨 |
Board risk oversight
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS14 §7 |
Board is responsible for approving risk appetite and risk appetite statement |
🏛 Institutional |
GOV-002 |
Risk appetite thresholds are configured in MOD-033 (capital), MOD-032 (liquidity), and MOD-035 (IRRBB). Board approval of the RAF and appetite thresholds is institutional. |
🔨 |
| BS14 §7 |
Board is responsible for overseeing internal controls and the internal audit function |
🏛 Institutional |
GOV-006 |
MOD-150 (AUTO) — operational risk register and incident monitoring provide the internal control evidence base; board oversight of these processes is institutional. |
🔨 |
| BS14 §7 |
Board must ensure the bank operates in a sound and prudent manner |
🏛 Institutional |
GOV-002, GOV-003 |
MOD-150 (CALC) — RAF dashboard surfaces capital, liquidity, and operational risk metrics for board review; MOD-033 (ALERT) and MOD-032 (ALERT) provide automated breach alerts to the Board Risk Committee. |
🔨 |
| BS14 §8 |
Board is responsible for remuneration policy — align incentives with long-term sound risk management |
🏛 Institutional |
— |
Remuneration policy is entirely institutional (Board Remuneration Committee). No platform control. |
— |
Director fit and proper
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS14 §9 |
Directors and senior managers must meet RBNZ fit and proper requirements |
🏛 Institutional |
GOV-004 |
Fit and proper vetting is a human governance and regulatory process. The platform's audit trail provides evidence inputs but does not execute vetting. |
— |
| BS14 §9 |
Notify RBNZ if a director or senior manager no longer meets fit and proper requirements |
🏛 Institutional |
GOV-004 |
Notification process is institutional (CEO / Company Secretary). No platform control. |
— |
Disclosure of governance
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| BS14 §10 |
Disclose board composition and governance attestations in annual disclosure statements |
📊 Evidenced |
GOV-004 |
MOD-036 (AUTO) — annual disclosure statement assembled with governance section; board member details are institutional data inputs. MOD-036 provides the publication infrastructure; attestation text is prepared institutionally. |
🔨 |
All BS14 obligations are primarily institutional. The platform provides risk data, monitoring, and
disclosure infrastructure, but board governance decisions — composition, committee charters, risk
appetite approval, remuneration, and regulatory notifications — are made and recorded by the
institution.
| Obligation |
Owner |
Platform evidence input |
| Board composition and independence assessment |
Company Secretary / Board |
No platform control |
| RBNZ non-objection process for director appointments |
CEO / Company Secretary |
No platform control |
| Board committee charters (audit, risk, remuneration) |
Board |
MOD-036 and MOD-150 provide evidence inputs to committee work |
| Risk appetite statement and RAF approval |
Board |
MOD-033, MOD-032, MOD-035, MOD-150 provide the RAF data |
| Director fit and proper vetting and RBNZ notification |
CPO / Company Secretary |
No platform control |
| Annual governance attestation in disclosure statement |
Board / CFO |
MOD-036 provides the disclosure assembly infrastructure |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Board composition |
5 |
0 |
0 |
5 |
0 |
| Board committees |
2 |
0 |
0 |
2 |
0 |
| Board risk oversight |
4 |
0 |
0 |
4 |
0 |
| Director fit and proper |
2 |
0 |
0 |
2 |
0 |
| Governance disclosure |
1 |
0 |
1 |
0 |
0 |
| Total |
14 |
0 (0%) |
1 (7%) |
13 (93%) |
0 (0%) |
BS14 is entirely an institutional obligation. The platform provides the risk management and
reporting infrastructure that the board uses to discharge its oversight responsibilities, but
governance decisions are made by people, not systems. All attributed modules are currently
build_status: Not started.
The DTA Governance Standard (effective 1 December 2028) supersedes BS14 — see
nz-dta-governance for the forward obligation register.
| Policy |
Title |
| GOV-004 |
Fit & Proper Policy |
| GOV-006 |
Internal Audit Policy |
See D08 Governance & Accountability for the full risk domain.
Official documentation
Policies referencing this standard
(None yet)
Compiled 2026-05-22 from source/entities/regulations/nz-bs14.yaml