Commercial Bank of Ceylon PLC | Annual Report 2024 - Annual corporate governance report

The Bank upholds the highest standards of corporate governance, recognising its vital role in fostering sustainable value and stakeholder confidence. Built on transparency, accountability, and ethical decision-making, our governance framework ensures resilience and adaptability to evolving regulations and operations.

The governance framework of the Bank complies with the disclosure requirements of the following:

Banking Act Directions No. 11 of 2007 on Corporate Governance for Licensed Banks and subsequent amendments thereto, issued by the CBSL, which was revoked with effect from January 01, 2025
Banking Act Directions No. 05 of 2024 on Corporate Governance for Licensed Banks, issued by the CBSL, which came into effect from January 01, 2025 with extended effective dates for some provisions
Section 9 of the Listing Rules on Corporate Governance issued by the CSE
The Code of Best Practice on Corporate Governance – 2023 (“Code”) issued by CA Sri Lanka

Details of the Bank’s compliance with the above regulations and best practices are elaborated on pages 460 to 483 of this Annual Report.

Independent Assurance on Governance Compliance

The Bank’s External Auditors, Messrs KPMG, have provided their Assurance Statement to the CBSL after reviewing the Bank’s compliance with the Direction.

Comprehensive governance disclosures

In line with regulatory requirements and international best practices, the Bank has provided detailed disclosures on its compliance with key governance standards in the following Annexures:

Annex 1.1:Compliance with the Banking Act Direction No. 11 of 2007 on Corporate Governance (pages 460 to 471)
Annex 1.2:Compliance with the Code (pages 472 to 476)
Annex 1.3:Compliance with Section 9 of the Listing Rules of the CSE (pages 477 to 483)
Annex 1.4: Compliance with disclosure requirements issued by the CBSL for the publication of Annual Financial Statements (pages 484 to 490)

The Bank has ensured full compliance with the prescribed formats and disclosure standards mandated by the CBSL, underscoring our dedication to governance, transparency, and accountability.

Bank’s approach to governance

At Commercial Bank, our commitment to governance is rooted in the fiduciary responsibility of managing significant sums of uncollateralised public funds. This responsibility necessitates an unwavering focus on maintaining public trust and confidence, which are paramount to the Bank's long-term success and sustainability.

A culture of exemplary conduct

We believe that good governance begins with exemplary conduct across all levels of the organisation – from the Board of Directors, our highest governing body, and members of the Corporate Management, to the Senior Management and the most junior levels of staff. This commitment ensures that decisions are made with discipline, accountability, and the interests of all stakeholders at heart.

Our governance framework, refined and perfected over a legacy of more than 100 years, has been the foundation for sustainable value creation. It embodies a system of rules, practices, and processes that govern corporate behaviour, supporting disciplined decision-making and execution.

Beyond compliance: Governance as a responsibility

For Commercial Bank, good governance is more than meeting legal and regulatory requirements. It is a collective responsibility that underpins financial integrity, investor confidence, and sustainable growth. This governance philosophy not only strengthens our risk management capabilities but also enables us to seize emerging opportunities.

A commitment to integrity and sustainability

The Bank’s commitment to good governance is unwavering, grounded in intellectual honesty, integrity, and diligence. It also reflects a strong sense of responsibility to the society and the environment, a key stakeholder. This tone of accountability is set by the highest levels of leadership and is deeply embedded in the Bank’s culture.

A dynamic and evolving framework

Our governance framework is regularly reviewed and updated to remain aligned with evolving regulations and best practices on good governance. This ensures that the Bank's governance systems are robust and relevant in navigating the complexities of modern banking. Guided by such principles as leadership, integrity, effectiveness, accountability, transparency, sustainability, and stakeholder engagement, the framework informs every decision, from resource allocation and risk management to performance appraisals and financial reporting.

Recognition of excellence in governance

The Bank’s reputation as the most awarded bank in Sri Lanka underscores the effectiveness of its governance practices. For details on key awards received in 2024, please refer to page 21 of this Report.

Adapting to regulatory changes

During the year under review, the Bank evaluated the compliance requirements of the new Banking Act Directions No. 05 of 2024 on Corporate Governance for Licensed Banks, issued by the CBSL, which came into effect from January 01, 2025 while taking necessary steps to ensure compliance with the requirements of Section 9 of the amended Listing Rules of the CSE which came into effect from October 01, 2023. These efforts reaffirm our readiness to adapt to regulatory advancements.

Objectives of the Bank’s Corporate Governance Framework

As the largest private-sector bank and the third-largest overall in Sri Lanka, the Bank plays a pivotal role in the lives of millions of stakeholders. These individuals and entities entrust the Bank with their confidence, placing high expectations on their interactions with us. Recognising that this trust is indispensable for our long-term success, our Corporate Governance framework is meticulously designed to achieve the following objectives, aligned with our Business Model:

Core objectives

Driving sustainability and ESG practices – Guide the Bank on ESG matters, addressing both risks and opportunities, to ensure long-term success.
Ensuring strategic oversight – Facilitate rigorous oversight on Management to ensure due diligence in key decisions and alignment with strategic intent.
Establishing accountability for risk management – Define clear ownership and accountability for addressing key and emerging risks.
Efficient systems and processes – Maintain robust systems to rapidly identify, assess, and escalate issues, incidents, and risks.
Facilitating timely decision-making –Enable swift and effective decision-making for achieving expected resultsand outcomes.
Resource competency and maturity –Ensure business and support service functions are well-resourced with the required skills and maturity.
Aligning remuneration with success – Develop a remuneration framework that aligns with the long-term success of the Bank.
Compliance and ethical standards – Uphold strict adherence to policies, laws, regulations, and ethical standards in both letter and spirit.
Safeguarding assets – Protect the Bank’s assets through robust controls.
Building stability and resilience – Guide the Bank and its Group entities to remain stable, resilient, and future-ready.
Sustainable value creation – Foster value creation for stakeholders in the short, medium, and long-term.

Board’s contribution to governance objectives

To meet these objectives, the Board of Directors has ensured the following:

Clear demarcation of roles and responsibilities among the Board, Board Committees, Management, and Management Committees, outlined in approved charters/mandates and Terms of Reference, reviewed annually.
Establishment of clear reporting lines and structured reporting frequencies.
Consideration of the legitimate needs and expectations of all stakeholders.
Upholding the highest degree of fairness, transparency, and accountability.

Governance policies and frameworks

The Bank has instituted several policies to support its governance structure, including:

Anti-Bribery and Anti-Corruption Policy – Outlining principles to combat bribery and corruption, with a zero-tolerance stance on non-compliance.
Group Conduct Risk Management Policy Framework – Establishing the principles for managing conduct risk.
Whistleblowers’ Charter – Communicated clearly to all staff, emphasising their responsibility to act in line with its provisions.

Key initiatives for governance excellence

Aligning remuneration with performance through accurate job descriptions, KPIs, and clear communication of expectations.
Minimising negative external impacts on the society and the environment.
Upholding the values and brand reputation of the Bank.
Operationalising sustainable banking through the Bank’s Sustainability Framework, focusing on responsible organisation and community impact.

A detailed depiction of the Bank’s governance framework, regulatory requirements, and voluntary codes is given in Figure 43 on page 195.

To ensure adherence to the highest standards of governance and regulatory compliance, the Bank operates within a robust framework that integrates external regulatory requirements with internally developed governance elements.

The governance structure of the Bank is designed to ensure clarity, accountability, and efficiency at every level of decision-making and operational execution. Built upon well-defined roles, responsibilities, and reporting lines, the governance structure facilitates a seamless alignment between strategic oversight and operational execution.

Roles and responsibilities

Board of Directors and Board Committees:

Responsible for setting strategy, defining the risk appetite, and exercising oversight over the Bank’s operations.
Supported by consultants where necessary, the Board ensures that strategic decisions align with the Bank’s long-term objectives and governance principles.

Corporate Management and Executive Management Committees:

Entrusted with executing strategies and driving performance across the Bank’s operations.
These committees are tasked with implementing the policies and strategies defined by the Board while ensuring compliance with regulatory requirements and operational goals.

Strategic Business Units and support functions:

Led by respective heads, these units bear responsibility and accountability for day-to-day operations and the assumption of risks under the purview of the Corporate Management.

Organisational structure

The Bank operates under a Board-approved organisational structure, which clearly delineates work responsibilities and reporting relationships to ensure efficiency and transparency. Refer to Figure 44 on page 197, which provides a detailed depiction of the governance structure. Additionally, an abridged organisational chart is available in Annex 7 on pages 516 and 517.

This structure is fundamental to maintaining a balance between governance oversight and operational efficiency, ensuring that all decisions are made with accountability and in alignment with the Bank’s strategic objectives.

Key regulatory requirements, voluntary codes,
and elements of Corporate Governance Framework

Figure – 43

Elements of Corporate Governance Framework

Foundational documents:

The Bank’s Articles of Association, defining its governance structure and authority.

Organisational structure:

Detailed in Annex 7 on pages 516 and 517, ensuring clarity in roles and responsibilities.

Policies and risk frameworks:

Board-approved policies governing major operational aspects.
Integrated Risk Management Framework, aligning with the Three Lines Model.

Governance charters:

Terms of Reference and Charters for the Board, Board Committees, and Management Committees, providing clear mandates and accountability.

Ethics and conduct:

Code of Business Conduct and Ethics, applicable to all employees, fostering a culture of integrity.

Sustainability practices:

A comprehensive Sustainability Framework, supporting sustainable banking, responsible practices, and community impact.
Executive Sustainability Committee and Sustainability Working Committee

Related party transactions:

A structured Related Party Transactions Policy, ensuring transparency, capturing of transactions and compliance with regulations.

Internal

Listing Rules and investor protections:

Section 9 of the Listing Rules on Corporate Governance and Section 7 of the Listing Rules on Continuing Listing Requirements issued by the CSE, which include corporate governance requirements for listed entities and protections for investor rights.

Banking and financial services regulations:

Banking Act No. 30 of 1988 and amendments thereto, designed to protect depositors’ rights and define the responsibilities of regulators.
Directions issued to Licensed Commercial Banks by the CBSL, including the Banking Act Direction No. 05 of 2024 on Corporate Governance and other directives from regulatory authorities in countries where the Bank operates.

Corporate governance standards:

Code of Best Practice on Corporate Governance 2023, issued by CA Sri Lanka, outlining corporate responsibilities towards key stakeholders.

Company law and stakeholder protection:

Companies Act No. 07 of 2007 and amendments thereto, with provisions to safeguard investors’ rights.
Circulars issued by the Securities and Exchange Commission of Sri Lanka (SEC).

Taxation and financial reporting:

Guidelines from Taxation Authorities for compliance and acting as collection agents.
Requirements under the Sri Lanka Accounting and Auditing Standards Act No. 15 of 1995 and amendments thereto.

Employee and social responsibility legislation:

Shop and Office Employees Act No. 19 of 1954, outlining employee rights and responsibilities.

Sustainability and data protection:

CBSL Roadmap for Sustainable Finance in Sri Lanka, encouraging sustainable banking practices.
Personal Data Protection Act No. 09 of 2022, ensuring secure management of customer data.
SLFRS S1 and S2 on Sustainability related disclosures
SDGs

Guidance for Directors:

Corporate Directors’ Handbook and related guidelines for effective Board oversight and governance.
Guidance for Directors of Banks on the Directors’ Statement on Internal Control, issued by CA Sri Lanka.

External

This governance ecosystem, underpinned by both external mandates and internal practices, ensures that the Bank operates with transparency, accountability, and integrity.

The Board of Directors serves as the cornerstone of governance at the Bank, embodying the principles of good corporate citizenship, ethical behaviour, transparency, and accountability. Its leadership and oversight ensure the long-term sustainability and resilience of the Bank while safeguarding its integrity and reputation.

Role and responsibilities of the Board

As the highest decision-making authority, the Board assumes a leadership role in:

Strategic direction – Setting the strategic objectives and defining the risk appetite to ensure the Bank’s goals align with stakeholder expectations.
Oversight and monitoring – Evaluating the Bank’s performance, overseeing compliance, and assessing internal control and risk management systems.
Resource allocation – Ensuring the optimal utilisation of resources to deliver value.
Corporate governance – Approving governance policies, including remuneration frameworks, and ensuring ethical business conduct.
Appointments – Making appointments to the Board, its Committees, and Corporate Management positions.

Through diligent oversight, the Board entrusts the Corporate Management with the execution of strategies, day-to-day operations, and the implementation of robust internal control and risk management systems.

Board – Corporate Management dynamics

The Board and the Corporate Management share a clear mutual understanding of their respective roles, delegated authority, and boundaries. This relationship, grounded in trust and respect, has been instrumental in fostering good governance and organisational effectiveness. It is a hallmark of the Bank’s sustained success and its reputation as a benchmark private-sector bank in Sri Lanka.

Composition of the Board

At the end of 2024, the Board comprised twelve Directors (twelve at the end of 2023 as well), including ten Independent Non-Executive Directors (INEDs), ensuring a high degree of autonomy and adherence to shareholder interests.

Each Director brings a wealth of expertise in diverse professional fields, enabling constructive challenges to the Corporate Management and enriching deliberations on complex and dynamic issues (Refer pages 38 to 45 for profiles of the Board and Figure 45 on page 199 for the composition of the Board at end of 2024.

As one of Sri Lanka’s two higher-tier D-SIBs, the Bank’s Board is acutely aware of its role in navigating emerging global challenges and threats to conventional banking models.

Diversity and inclusion

(Principle A.10.1)

Diversity and inclusion are integral to fostering a dynamic, forward-thinking organisation in the Bank. A wide array of voices and perspectives are encouraged and inclusively heard within the Bank’s working environment, driving innovation and contributing to the overall progress of the institution.

Diversity at the Board level

The Board of Directors exemplifies the Bank’s commitment to diversity by encompassing expertise across multiple disciplines, including:

Banking and Management
Agriculture and Chemical Industry
Finance, Accounting and Management
Law
Healthcare, Insurance, Logistics and Renewable Energy
Science, Engineering and IT
Risk Management and International Capital Markets

Each Director has achieved significant professional milestones, having risen to leadership positions in Government institutions or private-sector organisations. Their expertise ensures that independent and informed judgment is brought to bear on matters reserved for the Board.

A unique perspective for value creation

This diversity enables the Board to:

Blend banking, entrepreneurial, investor, and regulatory perspectives.
Explore matters from multiple points of view to drive long-term value creation.
Mitigate groupthink and promote healthy, constructive exchanges that enhance Boardroom dynamics and decision-making.

The Company Secretary plays a key role in supporting the Board, ensuring that he fulfills his responsibilities effectively and in line with governance principles.

Enhancing dynamics and effectiveness

The unique composition of the Board fosters an environment that values different perspectives, creating opportunities for innovative thinking and collaboration. This commitment to inclusion enhances the Board’s effectiveness in steering the Bank towards its strategic objectives.

Details on the Board’s composition, including qualifications, Committee memberships, significant appointments, and the profile of the Company Secretary, can be found on pages 38 to 45.

Board process

(Principles A.1.3, A.1.4, A.1.6, A.1.7, A.3.1, and A.6)

The Board of Directors ensures that its operations and decision-making processes are conducted with the utmost diligence, transparency, and accountability.

Maintaining transparency and accountability

Detailed records – Minutes of all deliberations and decisions made during Board and Board Committee meetings are meticulously documented in sufficient detail, ensuring a transparent record of governance.
Engagement with the Corporate Management – When necessary, members of Corporate Management are invited to make presentations to the Board, providing critical insights into the performance and operations of areas under their purview.

Access to independent expertise

Independent Advice – Board Members are entitled to seek independent professional advice when required, at the Bank’s expense. This ensures that Directors have access to the necessary expertise to make informed decisions.

Protection and support for Directors

Liability Insurance – To safeguard Directors in the execution of their duties, the Bank has secured a Directors’ and Officers’ Liability Insurance Policy, offering protection against allegations arising from their professional responsibilities.

This robust process not only facilitates effective decision-making but also ensures that governance principles are upheld at every level.

Conflicts of interest

(Principles A.5.5 and A.10.1)

The Bank has a robust system in place to identify, manage, and mitigate conflicts of interest, ensuring the integrity and independence of its Board and decision-making processes.

Declaration and management of conflicts

Individual accountability:

Members of the Board are required to declare any conflicts of interest or situations that could potentially lead to a conflict.
In such cases, Directors withdraw from deliberations and refrain from influencing decisions where the conflict exists or may appear to exist.
All such declarations and actions are minuted for future reference.

Regular reviews:

Affiliations and transactions of Directors are periodically reviewed to ensure that there are no conflicts of interest or relationships that could compromise their independence.

Related Party Transactions Policy

The Board has implemented a Related Party Transactions Policy, which outlines procedures for granting accommodations to Directors, their close family members, and entities in which the Directors hold directorships. These transactions are conducted in compliance with the CBSL rules and regulations, under terms and conditions applicable to other customers of the Bank.

Approval and oversight of Related Party Transactions

Approval process:

Related party transactions are first reviewed and recommended by the BCC.
Final approval is granted by the Board.

Reporting to Committees:

Once approved, such transactions are tabled at the next scheduled meeting of the BRPTRC for information.

Disclosure:

The section on ‘Directors’ Interest in Contracts with the Bank’ (pages 252 and 253) provides details of transactions conducted on an arm’s-length basis with entities associated with the Bank’s Chairman or Directors.
Further details can be found under “Related Party Disclosures” in Note 62 to the Financial Statements (pages 420 to 424).

Ongoing declarations and registers

Quarterly declarations:

At the time of joining and every quarter thereafter, Directors are required to declare their interests. This ensures the continuous monitoring of any potential conflicts.

Register of interests:

A register of declared interests is maintained by the Company Secretary, ensuring transparency and compliance with the Companies Act No. 07 of 2007 and amendments thereto
This register is available for inspection by shareholders or their authorised representatives as per legal requirements.

This comprehensive system ensures that the Bank’s governance processes remain transparent, ethical, and free from conflicts of interest, reinforcing stakeholder confidence.

Board meetings

(Principles A.1.1 and A.10.1)

In 2024, the Board of Directors of the Bank convened fourteen scheduled meetings, maintaining the same number as in 2023. These meetings served as a vital platform for overseeing the Bank's strategic, financial, and operational performance.

Key focus areas of Board deliberations

Strategic planning:

One meeting was specifically allocated to reviewing the Corporate Plan 2025–2029 and Budget 2025, with active participation from the Corporate Management.
The Board provided directions for preparing the Bank's five-year strategic plan, critically evaluating proposals and exploring alternative strategies before approving the resource allocation.

Performance and risk review:

Twelve meetings were devoted to reviewing:

Financial and operating results against budgeted KPIs and prior periods.
Risk factors impacting results and mitigation measures.
Monitoring the progress of the restructuring process of the foreign currency denominated Sri Lanka Government Debt and its impact on the Bank’s investments.
Compliance with mandatory and voluntary requirements, addressing corrective actions for non-compliance.
Updates on credit quality, including the staging of non-performing credit facilities and recovery actions.
ESG risks and opportunities, alongside discussions on wider sustainability objectives.
Cybersecurity risks, mitigation strategies, and compliance reports, particularly for critical systems.

Governance and oversight:

Review of internal control lapses, fraud investigations, and follow up actions.
Regular updates on strategy implementation and investment strategies.
Minutes of Board Committee meetings to ensure alignment and oversight.
Share transactions by employees at Assistant Manager grade and above.
Review and approval of updated policies and procedures to align with new CBSL directions.

Capital and liquidity management:

Emphasis on enhancing provision coverage, optimising liquidity and capital management, and addressing the rising tax burden to support stability and sustainable growth.

Subsidiary oversight:

Periodic presentations by the Managing Directors/Chief Executive Officers of subsidiaries on their performance and future plans.

Reorganisation post-AGM

Following the Fifty-Fifth Annual General Meeting (AGM) held on March 28, 2024, the Board conducted a meeting to review and revise the composition of its Committees.

Attendance and hybrid meeting format

The Bank continued to adopt a hybrid approach to Board meetings, seamlessly integrating virtual participation for Directors residing or traveling overseas or those encountering unavoidable circumstances. This inclusive approach ensured uninterrupted collaboration, enhanced engagement, and effective decision-making, while upholding the Bank’s commitment to governance excellence.

Regulatory compliance and policy updates

In response to CBSL Directions Nos. 13 and 14 of 2021, which required revisions to the classification and measurement of financial assets and credit facilities, the Board reviewed and approved necessary updates to ensure compliance with regulatory standards.

Enhancing governance and value creation

The Board’s focus extended to liquidity and capital management, ensuring resilience and stability, regular evaluation of ESG and cybersecurity risks and monitoring distressed credit facilities and resolving exposures to high-risk industries.

Board committees

(Principles A.7.1 to A.7.3, A.7.5 & A.7.6, B.2, D.3 to D.5)

The Bank has established ten Board Committees, each entrusted with delegated authority to enhance governance and address subject-specific and specialised matters. These Committees play a vital role in the Bank’s governance framework, enabling the Board to focus on broader strategic issues while ensuring that specialised areas receive the necessary attention.

Mandatory and voluntary committees

Mandatory Board Committees:

The Banking Act Directions No. 05 of 2024 on Corporate Governance mandates licensed banks to establish five mandatory committees, including the BRPTRC, effective from January 01, 2025. However, the Bank had voluntarily established BRPTRC in 2014, aligning with the early adoption of the Code of Best Practice on Related Party Transactions issued by the SEC, which later became mandatory.
The Banking Act Directions No. 01 of BCERC to address restrictions on discretionary payments.

Voluntary Board Committees:

The remaining four Committees were formed based on the Bank’s business, operational, IT, and strategic needs, as permitted under its Articles of Association.
These Committees underscore the Bank’s commitment to good governance and operational excellence.

Governance and functionality

Committee operations – Each Committee meets regularly, with a minimum of one meeting per quarter.
Use of external expertise – Committees have sought guidance and advice from external consultants as needed.
Director participation – Each Director served on at least three Committees during the year, ensuring broad oversight and engagement.

Accountability to the Board

The Board retains overall responsibility for decisions made by the Committees, ensuring alignment with the Bank’s governance framework.
Matters arising from Committee meetings are regularly deliberated at Board meetings for information or approval, with any specialised concerns referred back to the Committees for further oversight.
Minutes of Committee meetings are carefully recorded, capturing Directors’ views and deliberations on key issues.

Key reports and details

Comprehensive details on the composition of each Committee, their areas of responsibility, key activities during 2024, and attendance records of members are given in the Board Committee Reports on pages 214 to 237 of this Report.

The Executive Management Committee (EMC) of the Bank plays a critical role in translating Board-approved strategies into actionable plans and ensuring the efficient operation of the Bank. The EMC comprises all members of the Corporate Management, including the Managing Director/Chief Executive Officer (MD/CEO) and the Chief Operating Officer (COO), who also serve as the Bank’s Executive Directors (EDs).

Primary responsibilities

Under the leadership of the MD/CEO, the EMC is tasked with:

Strategy implementation – Executing the strategies approved by the Board and achieving performance objectives.
Risk management – Ensuring that risks undertaken are within the Bank's approved risk profile.
Policy and operational oversight – Formulating policies, making operational decisions, and addressing customer and operational challenges.
Performance monitoring – Reviewing financial performance against budgets and assessing progress on strategic goals for various business divisions.
Resource allocation – Diligently allocating capital to optimise returns.
Digital roadmap – Overseeing the implementation and progress of the Bank’s Digital Road Map.
Human resource development – Addressing staff welfare, health, safety,
and development initiatives.
Sustainability – Implementing the Bank’s Sustainability Framework to align operations with ESG principles.
Regulatory compliance – Ensuring adherence to all applicable laws and regulations.

Supporting the Board

The EMC plays a pivotal role in supporting the Board by reviewing and deliberating on material information prior to Board presentations, ensuring that the Board is equipped with accurate, timely, and comprehensive insights to fulfill their oversight responsibilities effectively.

Meeting dynamics and reporting

EMC meetings provide an opportunity for members to gain a 360-degree view of the Group’s operations. Detailed minutes of these meetings are recorded by the Secretary of the EMC, approved by the MD/CEO, and used for follow up actions.

Subsidiaries and associate oversight

The MD/CEO and other members of the Corporate Management actively review the operations of the Bank’s subsidiaries and the associate. Several members of the Corporate Management are appointed as Directors of the Bank’s subsidiaries, ensuring oversight, safeguarding the Bank’s interests, and delivering reasonable returns.

Detailed overviews of the performance of subsidiaries and the associate are provided in the Financial Review (pages 161 to 165) and the Group Structure (pages 30 and 31), which also includes details on the Board of Directors for each entity.

Profiles of key members

Detailed profiles of the Corporate Management, including names, designations, qualifications, and experience, are available on pages 46 to 49 while the names of the Senior Management members overseeing operations in Sri Lanka, Bangladesh, the Maldives, Myanmar, and subsidiaries are listed on pages 50 to 54.

Management committees

In addition to the Board, Board Committees, and the EMC, the Bank has established several Management Committees to strengthen governance and enhance decision-making along subject-specific lines. These Committees are integral to facilitating the execution of Board-approved strategies and ensuring effective governance.

Structure and governance

Delegated authority – The Management Committees operate under the authority delegated by the MD/CEO, ensuring alignment with the Bank’s strategic goals.

Terms of Reference – Each Committee functions within clearly defined and Board-approved Terms of Reference, ensuring consistency, accountability, and clarity in their operations.

Chaired leadership – The Committees are chaired by either the MD/CEO or the COO, further emphasising their strategic importance.

Operations and reporting

Collaborative deliberations – Committees facilitate extensive deliberations and foster cross-departmental cooperation on matters critical to the Bank’s operations.

Detailed documentation – Minutes of the Committee meetings are meticulously recorded by the respective Committee Secretaries.

Board integration – The minutes, after approval by the MD/CEO, are submitted to the relevant Board Committees for review and oversight, ensuring seamless integration into the Bank’s governance structure.

Focus and scope

Composition

COO and key members of Personal Banking, Corporate Banking and Credit supervision and recoveries

Meeting Frequency: Quarterly

The Board of Directors of the Bank operates under a clearly defined Board Charter, which outlines their roles, responsibilities, and powers. This includes a schedule of powers reserved for the Board, ensuring clarity in governance and decision-making.

Role of the Board

The Board represents and serves the interests of shareholders while ensuring long-term value creation for all stakeholders. Key roles include:

Representing and safeguarding the interests of shareholders by overseeing and appraising the Bank’s strategies, policies, and performance.
Providing leadership and guidance to Management for executing strategies.
Optimising performance and building sustainable value for stakeholders, adhering to the regulatory framework and internal policies.
Ensuring that an effective governance framework is in place.
Keeping regulators informed about the Bank’s performance and major developments.
Regularly reviewing the performance of key business units against their goals and objectives.

Key responsibilities of the Board

The Board's responsibilities span strategic, operational, and governance-related areas:

Strategic direction:

Setting and monitoring the Bank’s strategic direction.

Governance and oversight:

Ensuring effective systems for information integrity, risk management, internal controls, cybersecurity, and business continuity.
Establishing corporate governance structures, policies, and frameworks to ensure compliance with laws, regulations, and ethical standards.
Strengthening the Bank’s safety and soundness.

Financial integrity:

Overseeing the integrity of the financial reporting process.
Approving Interim and Annual Financial Statements for publication.

Appointments and succession planning:

Selecting, appointing, and evaluating the performance of the MD/CEO.
Appointing the Chair and filling casual vacancies on the Board.
Appointing members to the Corporate Management ensuring that they possess the required skills, experience, and knowledge to execute strategy effectively, with a focus on succession planning.

Risk and ICT:

Understanding criticality and mitigating the impact of cyber risks.
Ensuring the availability and effective execution of an ICT Road Map.

Sustainability:

Aligning the Bank’s strategy with ESG principles to drive long-term value creation.

External auditors:

Appointing and overseeing the responsibilities of External Auditors.

Subsidiary performance:

Reviewing the performance of the Bank and its Group companies.

Powers reserved for the Board

Certain powers are exclusively reserved for the Board to maintain control over key decisions:

Approving the Corporate Plan and Budgets, including capital expenditures, acquisitions, and divestitures.
Monitoring capital management activities.
Appointing the Company Secretary, as stipulated in Section 43 of the Banking
Act No. 30 of 1988/Section 1.5 of the Banking Act Directions No. 05 of 2024 on Corporate Governance for Licensed Banks.
Establishing Board Committees and evaluating their performance.
Seeking professional advice when necessary, at the Bank’s expense.
Reviewing, amending, and approving governance structures and policies.

Risk management forms the cornerstone of the long-term sustainability of the Bank. As the highest decision-making authority, the Board of Directors assumes responsibility for implementing a robust and effective risk management mechanism across the Group.

Key responsibilities of the Board in risk management

Risk Management Framework:

In collaboration with the BIRMC, the Board has developed a comprehensive risk management framework.
The framework defines the risk appetite and tolerance limits, ensuring risks are consistently aligned with the Bank’s strategic objectives.

Risk profile monitoring:

The Board actively monitors the Bank's risk profile through regular risk reports submitted by the Management.
Deviations from the agreed risk profile are addressed through detailed clarifications from relevant Management members, with guidance provided for implementing mitigatory actions.

Integration into strategic decisions:

Risks associated with business strategies were carefully reviewed at a special Board meeting convened to deliberate on the Budget for 2025 and the Strategic Plan 2025-2029.

Board oversight in risk management

Risk management remains a regular and prominent item on the agenda of both Board and relevant Board Committee meetings. The Board ensures that risks are not only identified and assessed but also proactively mitigated to safeguard the Bank’s financial health and reputation.

Further details on risk governance

For a comprehensive discussion on the Bank's risk governance framework, methodologies, and practices, refer to the Risk Governance and Management section on pages 254 to 284.

Board highlights for year 2024 Figure – 48

Segregation of roles of Chairman and Chief Executive Officer

(Principles A.2 and A.3)

The roles of Chairman and Chief Executive Officer (CEO), who also serves as the Managing Director (MD), are distinctly separated in the Bank to ensure a balance of power and authority and to comply with the CSE Listing Rules on Corporate Governance.

Role of the Chairman

The Chairman, an INED appointed by the Board, is responsible for:

Leadership of the Board – Presiding over Board meetings and maintaining order to facilitate the effective discharge of the Board’s duties.

Promoting corporate governance – Upholding the highest standards of integrity and probity across the Group.

Providing necessary information – Ensuring the Board receives all relevant information required for informed decision-making.

Balancing power – Maintaining a balance of power between Executive and Non-Executive Directors (EDs and NEDs), ensuring the Board remains in full control of the Bank’s affairs.

Director participation – Encouraging active participation from all Directors during Board deliberations.

Stakeholder awareness – Ensuring that the Board fulfills its obligations to all stakeholders.

Communication – Maintaining open communication channels with the Corporate Management, enabling strategic and operational discussions.

Role of the MD/CEO

The MD/CEO, an Executive Director (ED) appointed by the Board, has the following responsibilities:

Operational leadership: Leading the Management team in daily operations and implementing Board-approved strategies, plans, and budgets.

Corporate governance: Conducting the Group’s affairs in line with the governance principles, integrity, and probity set by the Board.

Defined authority: Operating within the corporate objectives and authority boundaries defined by the Board.

Execution of responsibilities: Focusing on achieving the Bank's strategic objectives while ensuring operational efficiency and effectiveness.

Collaboration between the Chairman and the MD/CEO

While their roles are distinct, the Chairman and the MD/CEO collaborate regularly to set the agenda for Board meetings, discuss current and future developments impacting the Bank and address any material issues or challenges to ensure alignment towards the Bank’s overall progress. This effective segregation of duties and collaborative approach enables the Board to maintain robust governance and ensure strategic and operational excellence across the Bank.

Role of Independent Non-Executive Directors

(Principles A.3.1, A.5, and A.5.1)

INEDs form a significant component of the Board, ensuring robust governance and impartiality in decision-making.

Independence of the Board

As of December 31, 2024, ten out of twelve Directors were INEDs, reflecting a strong emphasis on independence within the Board. The independent Directors’ sole association with the Bank and its Group is their directorships, safeguarding their judgment from external influences or conflicts of interest.

Contributions of INEDs

The INEDs bring objectivity, expertise, and a fresh perspective to the Board by:

Providing an independent view, conveying unbiased and independent opinions on key matters.
Enhancing decision-making, leveraging their skills and experience to complement those of Executive Directors and other Board Members.
Constructively challenging the Board and the Management, ensuring thorough deliberation and effective decision-making.
Strategic guidance, assisting in formulating and refining the Bank’s strategy, ensuring alignment with long-term goals and governance principles.
The presence of a strong cohort of INEDs ensures that the Board remains committed to ethical governance, sound decision-making, and stakeholder value creation.

Role of the Company Secretary

(Principle A.1.4)

The Company Secretary plays a pivotal role in upholding good corporate governance at the Bank. Acting as an advisor and facilitator for the Board, the Company Secretary ensures that the Bank complies with all governance, legal, and regulatory requirements.

Primary responsibilities

Board and general meetings – Assisting the Chairman in conducting Board Meetings, AGMs, and EGMs in alignment with the Articles of Association, the Board Charter, and relevant laws.
Documentation and filing – Maintaining minutes of meetings, statutory registers, and filing statutory returns in a timely manner.
Board committee oversight – Monitoring all Board Committees to ensure they are properly constituted with clearly defined Terms of Reference.
Corporate governance – Facilitating best practices in corporate governance and assisting Directors in understanding and fulfilling their duties and responsibilities.
Access to expertise – Facilitating access to legal and independent professional advice in consultation with the Board, as needed.
Compliance with Articles of Association – Ensuring the Bank adheres to its Articles of Association, including implementing required amendments while following proper procedures.
Reporting and communication –Coordinating the preparation, publication, and distribution of the Bank’s Annual Reports, accounts, interim financial statements, and the Directors’ Report.
Regulatory compliance – Ensuring compliance with Listing Rules, particularly regarding disclosures on related parties and transactions.
Stakeholder relationships – Maintaining strong relationships with the CSE, shareholders, and debenture holders.
Regulatory liaison – Communicating promptly with regulators to ensure compliance with applicable requirements.

Appointment and removal

The Board is responsible for the appointment and removal of the Company Secretary, ensuring accountability and alignment with governance principles. This multifaceted role underscores the Company Secretary’s significance in fostering a culture of transparency, accountability, and governance excellence within the Bank.

Appointments and retirements/resignations of Directors

(Principle A.7)

The process for appointing and retiring/resigning Directors at the Bank is based on ensuring the Board’s combined knowledge, experience, and diversity. This includes consideration of gender, age, and other industry-relevant factors to maintain the Board's effectiveness in executing the Bank’s strategic plans.

Appointment of new Directors

Formal and transparent process:

The nomination and appointment of Directors follow a formal and transparent procedure overseen by the BNGC.
Resumes of potential candidates are thoroughly evaluated, and in certain cases, an interview with the candidate is conducted.

Assessment criteria:

The BNGC considers the candidate’s ability to bring fresh perspectives and ensure the Board’s continued effectiveness in meeting its strategic goals.
Members of the BNGC abstain from participating in decisions relating to their own appointment or reappointment.

Role of the Chairman:

In compliance with the requirements of Section 9.3.3 of listing rule of the CSE, the Chairman does not chair the BNGC.

Appointments of EDs:

Similar processes are followed for EDs, except when candidates are selected from within the Bank’s Corporate Management.
The BNGC ensures a succession plan for the MD/CEO and other KMPs, including identifying training and development needs for succession planning.

Regulatory and listing requirements:
New Director appointments are promptly communicated to the CSE following approval from the CBSL regarding their fitness and propriety.
Announcements include key details such as a brief resume, expertise, shareholdings, directorships, and independence status.
Internal communications ensure that Bank staff are informed of appointments, retirements, or resignations via circulars.

Changes to the Board in 2024

New appointments – One new Director was appointed to the Board during the year.

Retirements – One Director (former Chairman of the Board) retired from the Board after completing nine years of service.

Resignations – There were no resignations of Directors during the year ended December 31, 2024.

Details of these changes are provided in Figure 45, titled Composition of the Board and Attendance, on page 199.

Communication of changes to the CSE

The Bank ensured all required details regarding the appointments/retirement of Directors were promptly communicated to the CSE, as stipulated in the Listing Rules.

Re-election/election of Directors

(Principles A.8 and A.9.3)

The Articles of Association of the Bank prescribe a process for the re-election and election of Directors, ensuring that the Board maintains its effectiveness and alignment with governance principles.

Re-election of NEDs

Rotation Policy:

The two longest-serving NEDs since their last election or appointment must offer themselves for re-election at each AGM in rotation.

Selection process:

If multiple Directors qualify for re-election in a given year, the determination is made by:
Reviewing affidavits and declarations submitted by the Directors.
Considering all other relevant factors or, where necessary, drawing lots to decide.

2024 re-election candidates:

Mr L D Niyangoda and Ms D L T S Wijewardena, the two longest-serving Directors since their last re-election, will seek re-election at the AGM on March 28, 2025.
The BNGC reviewed their participation, contributions, and engagement. Based on the BNGC’s recommendation, the Board approved their candidacy for re-election.

Election following a casual vacancy

Casual vacancy appointments:

Any Director appointed to fill a casual vacancy since the last AGM is required to offer themselves for election at the immediately following AGM.

2025 election candidate:

Mr P Y S Perera, appointed in October 2024 to fill a casual vacancy, will offer himself for election at the upcoming AGM to be held on March 28, 2025.

This structured re-election and election process ensures transparency, accountability, and compliance with governance standards, contributing to the Board's stability and effectiveness.

Induction and training of Directors

(Principle A.1.8)

The Bank has a robust induction and training programme to ensure that Directors are well-equipped to fulfill their responsibilities effectively while staying updated on governance and industry standards.

Induction programme for new Directors

On appointment, Directors are provided with a comprehensive induction pack that includes:

Key governance documents consisting of the Articles of Association, Banking Act Directions, the Corporate Directors’ Handbook published by the Sri Lanka Institute of Directors (SLID) and the Code issued by CA Sri Lanka.
Internal Governance Framework consisting of the Bank’s organisational structure and copies of the approved Board Charter and the Board Related Party Transactions Policy.
Operational and historical context consisting of the most recent Annual Report and access to an electronic support system, which includes archived minutes of meetings held over the past twelve years.

Ongoing training and familiarisation

Membership in governance institutes:

Directors are encouraged to obtain membership in the SLID, which offers programmes to enhance their knowledge and governance skills.

Mandatory participation:

Attendance at Director Forums organised by the CBSL is mandatory, ensuring that Directors remain informed about regulatory and industry developments.

Presentations and briefings:

Members of the Corporate Management and external experts regularly present updates on the business environment and the Bank’s operations which enables newly appointed Directors to get familiarised themselves with the banking operations.
The Management also provides presentations on sustainability-related initiatives and developments, especially at the Annual Corporate Plan meeting.

This structured approach ensures that Directors remain well-informed about the Bank’s governance framework, industry trends, and strategic initiatives, enabling them to make informed decisions and contribute effectively to the Board’s deliberations.

Remuneration and Benefits Policy

The Remuneration and Benefits Policy of the Bank is designed to align employee rewards with the Bank’s strategic objectives and long-term success. It establishes a robust framework that attracts, retains, and motivates employees with the skills, values, and expertise necessary for the Bank's sustainable growth.

Key objectives of the Policy

Attracting talent, by offering a competitive and distinctive value proposition to attract prospective employees whose skills align with the Bank’s business needs.
Retaining skilled professionals, by providing compelling rewards and benefits to retain top talent and encourage employee loyalty.
Inspiring desired behaviours, by implementing reward programs that motivate and inspire employees to exhibit behaviours aligned with the Bank’s goals and core values.
Ensuring alignment with strategic success, by structuring remuneration in a way that directly supports the long-term success and sustainability of the Bank.

Framework for reward programmes

The Policy provides a clear framework to design innovative and effective reward programs, administer these programs with fairness and transparency and evaluate their effectiveness to ensure alignment with desired outcomes and stakeholder expectations. This approach ensures that remuneration policies remain aligned with the evolving needs of the Bank while fostering a motivated and engaged workforce.

Directors’ and Executive remuneration

(Principles A.10, B.1, and B.3)

The remuneration framework of the Bank ensures transparency, fairness, and alignment with governance principles. A structured process is in place to ensure that no individual Director participates in decisions related to their own remuneration.

Decision-making process for remuneration

Role of the BHRRC:

The BHRRC composed entirely of NEDs who meet the independence criteria set out in governance regulations, oversees the remuneration process.
The BHRRC makes recommendations to the Board on the remuneration of Directors and executives, in consultation with the MD/CEO and professional advisors where necessary.

Remuneration for NEDs:

The remuneration of NEDs is determined by the Board as a whole.

Use of external expertise:

HR professionals are engaged regularly to ensure that the Board and the BHRRC make informed, fair, and objective judgments on remuneration matters.

Alignment with the Remuneration and Benefits Policy

The remuneration structure for Directors and executives is aligned with the Bank’s Remuneration and Benefits Policy, ensuring consistency and adherence to the Bank’s strategic goals.

Disclosure of remuneration

Aggregate remuneration: Details of the aggregate remuneration paid to EDs and NEDs are disclosed in Note 62.2.1 of the Financial Statements on page 420.
Senior Management remuneration: The aggregate remuneration of senior management personnel, including the MD/CEO, is provided under item 3 (8) (ii) f in Annex 1.1 on Compliance with the Code on page 471.
This transparent approach ensures that remuneration decisions support the Bank’s long-term success while upholding its commitment to good corporate governance.

Remuneration Committee

(Principle B.2)

The BHRRC of the Bank ensures that remuneration policies and practices attract and retain talented professionals while aligning the interests of employees and shareholders to support the Bank’s performance and long-term goals.

Key responsibilities of the BHRRC

Attraction and retention:

Structuring competitive remuneration packages for EDs and NEDs to attract and retain top talent.
Ensuring policies are motivating, equitable, and capable of retaining high-performing employees.

Market benchmarking:

Regularly benchmarking remuneration packages against the market with the assistance of external professionals to maintain competitiveness.

Remuneration structure:

Total remuneration for EDs and Corporate Management includes:
Guaranteed remuneration (fixed component).
Annual performance bonus (variable component).
Employee Share Option Plans (ESOPs) (variable component).

Components of remuneration

Guaranteed remuneration:

Includes monthly salary and allowances based on qualifications, experience, levels of competencies, skills, roles and responsibilities.
Reviewed annually and adjusted for promotions, performance, and inflation.

Annual performance bonus:

Based on a multi-layered performance criteria matrix, communicated to employees at the start of each year.
ESOPs:

Structured to:

Motivate employees for long-term value creation.
Improve performance and retention.
Provide equity funding for the Bank.

Employees can purchase shares at a pre-determined price under these plans, approved by shareholders in EGMs.
EDs are also eligible for ESOPs, with approval obtained through the Board and based on recommendations from the BAC.
Details on ESOPs and eligibility criteria are available in Note 52 to the Financial Statements on “Share-based Payment” on pages 405 to 408.

Performance-based remuneration

The Committee annually reviews the performance of the EDs against Board-approved targets and goals. Recommendations are made for revising remuneration, benefits, and performance-based incentives accordingly.

Employee relations and collective agreements

The Bank engages in regular dialogues with the Association of Commercial Bank Executives and the Ceylon Bank Employees’ Union (CBEU). In January 2024, a Collective Agreement covering the period 2024–2026 was signed with the CBEU after extensive but cordial negotiations.

Additional considerations

Employment contracts do not include compensation clauses for early termination, and no early terminations requiring compensation occurred during the year.

Board and Board Committee evaluations

(Principle A.9)

The performance of the Board, its Committees, and individual Directors is evaluated annually to ensure they effectively discharge their responsibilities in alignment with the Board Charter, regulatory requirements, and best governance practices.

Evaluation process

Self and collective appraisal:

Directors individually assess their own performance, as well as that of the Board and its Committees, using Board/Board Committee Performance Evaluation Forms.
These forms incorporate criteria outlined in the Board Performance Evaluation Checklist of the Code.

Collation of responses and review:

The responses are collected by the Company Secretary and submitted to the BNGC for analysis.
The outcomes are discussed at a Board meeting, fostering transparency and accountability.

NED evaluations:

The performance of NEDs is evaluated individually by EDs and the Chairman.
Similarly, the EDs’ performance is evaluated by the Chairman and NEDs, ensuring a balanced appraisal process.

Specific evaluations

EDs and KMP Evaluations – The BHRRC conducts a 360-degree appraisal of EDs and other KMPs annually. The results are compiled and shared with the Board, enabling informed recommendations for skill enhancement, governance improvements, and strategy refinement.
Annual review timeline – The Board evaluations for 2023 were reviewed during Board meetings held in February 2024 while the Board evaluations for 2024 will be done in March 2025.
Formalised evaluation structure – Commencing from 2024, evaluations for NEDs and EDs follows a formalised structure to enhance clarity and rigor in the process.

Outcome and recommendations

The evaluation outcomes provide insights into the balance of skills, experience, and independence on the Board, the adequacy of industry and Company knowledge, governance processes, and strategy review mechanisms and training needs for Directors to improve overall Board effectiveness. This structured evaluation process ensures continuous improvement in governance standards, aligning the Board’s performance with the Bank’s strategic goals.

Appraisal of the Chief Executive Officer

(Principle A.11)

The performance of the MD/CEO is evaluated annually through a structured process led by the Board with the assistance of the BHRRC.

Key components of the appraisal process

Predefined criteria:

The assessment is based on objectives and targets agreed upon at the start of the year.
The criteria include a mix of short-, medium-, and long-term objectives with both financial and non-financial targets.

Adaptability to the operating environment:
The appraisal considers changes in the operating environment, ensuring the MD/CEO’s performance is evaluated
in context.

Formal feedback:

The Chairman conducts a discussion with the MD/CEO to provide formal feedback on the evaluation results.

Consideration of MD/CEO’s responses:

The MD/CEO’s responses to the appraisal are reviewed and taken into account before final approval of the evaluation.

Timely completion:

The entire process is concluded within three months from the financial year-end, ensuring timely alignment with the Bank’s governance and strategic planning.

This thorough evaluation process ensures that the MD/CEO’s performance aligns with the Bank’s strategic goals while fostering accountability and continuous improvement.

The Bank maintains a robust framework for engaging with shareholders, prioritising transparency, equitable treatment, and the facilitation of shareholder rights. These efforts are aligned with good corporate governance practices and a commitment to open communication.

Shareholder communication

Communication channels:

Board-approved Shareholder Communication Policy ensures timely and effective dissemination of material information.
Communication methods include:

Annual Report (PDF and interactive formats).

AGMs and EGMs (rights and debenture issues)

Interim Financial Statements.

Announcements made to the CSE.

Press releases and updates published on the Bank’s website.

Shareholder surveys and investor feedback forms (refer Figure 13 on pages 64 and 65 for stakeholder connection details).

Key announcements made to CSE in 2024:

Dividend declaration for 2023.
Annual and interim financial statements.
Fitch Ratings preview.
Appointments and retirements of Directors.
Listing of shares issued as part of the 2023 final dividend, rights issue and ESOPs.
Basel III-compliant convertible debenture issue details.

Website enhancements:

The dedicated “Investor Relations” page provides easy access to financial statements, annual reports, and investor feedback features.

Regulatory compliance

Statutory deadlines – Financial statements are published in all three mediums within statutory deadlines as per CBSL Directions and submitted to the CSE per Listing Rule No. 7.4.

Media engagement – Interim financial statements are accompanied by detailed press releases.

Encouraging shareholder participation

AGMs and EGMs:

Clear instructions on voting procedures are circulated with meeting notices.
Shareholders vote on re-elections, financial statements adoption, and other key matters.

Attendance at the 55th AGM held on March 28, 2024:

158 Voting and 76 Non-Voting shareholders attended in person.
99 Voting and 24 Non-Voting shareholders voted via proxy.
EGMs:

Approval was secured in March 2024 for issuing Basel III-compliant convertible debentures to raise Rs. 20 Bn., in Tier II capital to improve capital adequacy and to support future lending growth.
Approval was secured in July 2024 for making a rights issue of shares to raise Rs. 22.5 Bn., in Tier I capital to improve capital adequacy.

Commitment to equity and rights

The Board ensures all shareholders are treated equitably, their rights are protected, and they are encouraged to actively participate in governance processes.

A detailed tabulation of AGM attendance over the past five years is provided below:

Attendance at AGMs held during the period 2020 – 2024 Table – 46

	Voting shareholders			Non-voting shareholders
Year of the AGM	Number of Attendees	Shareholding	% of total shareholding	Number of Attendees	Shareholding	% of total shareholding
2024	257	975,632,759	78.89	100	8,534,514	10.99
2023	301	943,963,856	80.87	112	10,962,985	15.11
2022	183	795,203,283	72.33	9	4,197,212	6.17
2021	169	795,052,531	72.32	19	4,326,942	6.36
2020	119	672,118,061	69.92	19	3,132,256	4.72

Attendance at AGMs Graph – 47

The Bank maintains a robust Code of Ethics that governs the conduct of all employees, including KMPs. This Code, complemented by other Board-approved policies, ensures that the Bank adheres to the highest standards of integrity, transparency, and accountability.

Scope of the Code of Ethics

Employee coverage – Currently applicable to all employees, including KMPs.
Board of Directors coverage – The Bank extended application of the Code of Ethics to include the Board of Directors in 2024, through the Board-approved Policy on Internal Code of Business Conduct and Ethics.

Alignment with Governance Principles

(Principles D.6.1 to D.6.6)

The Code addresses key topics to ensure compliance with the principles of ethical behaviour, including:

Transparency – Encouraging open communication and disclosure.
Accountability – Holding all employees accountable for their actions.
Integrity – Promoting honesty and fair dealings in all professional interactions.
Conflict of Interest – Providing clear guidelines to avoid and manage conflicts of interest.
Compliance – Adhering to all legal and regulatory requirements.

The Bank’s Code of Business Conduct and Ethics serves as a cornerstone for maintaining trust among stakeholders, ensuring the alignment of actions with the Bank’s values and principles.

Alignment with Governance Principles Table – 47

Topic		Key policies, documents and guidelines
Conflict of interest		Code of Ethics Related Party Transactions Policy
Bribery and corruption		Anti-Bribery and Anti-Corruption Policy AML/CFT Policy
Entertainment and gifts		Gift Policy Code of Ethics
Accurate accounting and record-keeping		Financial Statement closure process Operational Procedure Manual for the Finance Division Accounts Reconciliation Process and Monitoring of Suspense Accounts of the Bank Financial and Risk Management Disclosure Policy
Fair and transparent procurement policies		Procurement policy Expenditure approval guidelines Sponsorship Guidelines
Corporate opportunities		Code of Ethics HR Policies
Confidentiality		Information Classification Policy Data Governance Policy
Fair dealing		Group Conduct Risk Management Policy
Protection and proper use of company assets including information assets		Information Security Policy Risk Management Policies
Sexual harassment, discrimination and abuse		Code of Ethics HR Policies
Compliance with laws, rules and regulations (including insider trading laws)		Group Compliance Policy
Encouraging the reporting of any illegal, fraudulent or unethical behaviour		Whistleblowers’ Charter

Principle D.6.2

Process is in place to identify and report material and price sensitive information.

Principle D.6.3

Process is in place to monitor and disclose shares purchased by any Director, KMP or by an employee in the grade of Assistant Manager and above

Principle D.6.4

Whistleblower’s charter

Principle D.6.5

Conduct training on Code of Ethics as part of induction and training of new employees

Principle D.6.6

Process is in place to disseminate policies and conduct training via the Bank’s intranet and the e-learning module

Anti-Bribery and Anti-Corruption Policy

(Principle D.6.1)

The Bank upholds a zero-tolerance policy towards bribery and corruption, ensuring that all operations and transactions are conducted with the highest standards of integrity and compliance.

Policy framework

Annual review and updates:

The Board-approved Anti-Bribery and Anti-Corruption Policy was reviewed and updated during the year.
The Policy outlines principles for identifying, mitigating, and managing bribery and corruption risks, applying to the Bank, its employees, and defined third parties.

Zero tolerance commitment:

The Bank treats any form of bribery or corruption as a severe threat to its integrity and reputation.
Employees are expected to actively prevent and mitigate risks within their respective roles and responsibilities.

Employee responsibilities and guidelines

Code of Ethics:

Every employee is issued a Code of Ethics, which includes:
Prevention of insider trading and
rules on the purchase or sale of the Bank’s shares.
Gift Policy guidelines.
Management of conflicts of interest.
Measures to combat financial crimes.
Emphasis on respecting communities and the environment.

Prohibition of political contributions:

The updated Policy explicitly prohibits the use of Bank funds for political contributions, emphasising the Bank’s stance on neutrality and compliance.

Culture of compliance

The Policy is designed to promote a culture of compliance aligned with applicable laws and regulations, ensuring that ethical practices remain a cornerstone of the Bank’s operations.

Further insights on the Bank’s sustainable practices in line with this Policy are discussed in the section on Responsible organisation on pages 129 and 130.

Group Conduct Risk Management Policy Framework

(Principle D.6.1)

The Group Conduct Risk Management Policy Framework of the Bank emphasises a proactive approach to mitigating misconduct risks, fostering accountability, and promoting ethical practices across all operations.

Policy updates and enhancements

Originally adopted in 2022, the framework was reviewed and updated during the year to further strengthen risk management and corporate governance.
The updated policy focuses on safeguarding customers, maintaining market stability, and ensuring effective competition.

Key objectives

Establishing a risk culture:

Cultivating a preventive approach to misconduct risks.
Promoting accountability for individual and collective actions.

Preventing misconduct:

Ensuring proper customer onboarding practices.
Maintaining transparency in fees and charges.

Prohibited actions:

Fraudulent activities
Insider trading
Improper financial advice to customers
Mis-selling of financial products
Tax avoidance
Collusion in financial markets
Inaccurate financial and regulatory disclosures

This Policy underpins the Bank’s commitment to ethical conduct and operational excellence, aligning with its broader risk management framework and corporate governance principles.

Whistleblowing

(Principle D.6.4)

The Whistleblowers’ Charter adopted by the Bank serves as a crucial tool in deterring, detecting, and addressing malpractices and unethical behaviour across the organisation.

Key features of the whistleblowers’ charter

Oversight by the Compliance Officer:

The Compliance Officer is designated to manage the whistleblowing process, ensuring proper handling of all concerns raised.

Encouraging reporting of concerns:

Employees are encouraged to raise genuine concerns about malpractices or unethical behaviour.

Confidentiality and protection:

The Bank ensures strict confidentiality for individuals who report concerns.
Whistleblowers acting in good faith are protected from any retaliation or adverse consequences.

Promoting governance across tiers:

The charter promotes a healthy workplace culture, fostering good governance practices from operational levels to the highest tiers of management.

Internet of things and Cyber security

(Principle G)

The Bank prioritises robust cybersecurity measures and effective governance to ensure data confidentiality, integrity, and availability in an increasingly connected and digital environment.

Fortifying digital trust: cyber and information security governance

In an era where financial institutions are increasingly reliant on technology, the Bank remains steadfast in its commitment to safeguarding digital platforms, protecting data integrity, and preserving customer trust. Recognising the ever-evolving cyber threat landscape, the Bank takes a proactive approach to cybersecurity, ensuring compliance, resilience, and operational continuity. As a D-SIB, the Bank also plays a pivotal role in strengthening Sri Lanka’s cyber-resilient financial ecosystem.

Industry leadership in cybersecurity and compliance

The Bank has cemented its position as a leader in information security, achieving several industry-first certifications that underscore its dedication to best practices:

ISO/IEC 27001:2022 Certification – The only local financial institution in Sri Lanka to secure this latest certification, covering its entire operation, including its nationwide branch network.
PCI DSS v4.0 Certification – Ensuring the highest security standards in handling payment card transactions.
ISO/IEC 20000 Certification – Validating excellence in IT service management.
Alignment with ISO/IEC 22301:2019 – Strengthening Business Continuity Management Systems (BCMS) to enhance resilience and preparedness.

These milestones reaffirm the Bank’s longstanding legacy in cybersecurity, dating back to 2010 when it became the first in Sri Lanka’s banking sector to achieve ISO 27001 certification.

A strong governance framework for information security

The Bank has embedded cybersecurity governance within its enterprise risk management framework, ensuring robust oversight through a three lines model. This approach integrates business units and technology teams responsible for implementing security controls, independent risk and audit functions that provide monitoring and assessments, and Board-level oversight to ensure accountability.

At the core of the Bank’s information security governance is the Chief Information Security Officer (CISO), who reports directly to the MD/CEO. The Information Security Council (ISC), chaired by the MD/CEO, functions as the apex management body for cybersecurity and reports to the BIRMC. The Bank’s Information Security Policy (ISP), aligned with ISO/IEC 27001 standards, defines stringent security requirements applicable to employees, partners, and external stakeholders. These policies encompass essential domains such as access control, asset management, secure operations, incident response, supplier and third-party risk management, and business continuity planning.

A multi-layered security architecture with a proactive risk management approach

To ensure comprehensive protection of its digital assets, the Bank employs a defense-in-depth security model that integrates multiple layers of physical, technical, and administrative controls. A Security Information and Event Management (SIEM) system enables real-time monitoring and rapid threat detection, while a set of incident response playbooks and cyber resilience strategies enhance the Bank’s ability to contain and mitigate potential cyber threats.

Regular risk assessments, including vulnerability testing, penetration testing, and application security reviews, help identify and address security risks. In 2024, the Bank further strengthened its third-party security risk management processes, ensuring enhanced oversight of supplier and partner cybersecurity practices.

Building a cybersecurity-first culture

Beyond deploying advanced technologies, the Bank recognises that security is also a matter of culture and awareness. A structured cybersecurity awareness program ensures that employees and third parties are well-equipped to recognise and respond to cyber threats. Training programs include classroom sessions, digital learning modules, and hands-on simulations of potential cyberattacks. The annual Cyber Awareness Month serves as an engaging initiative, featuring interactive activities such as cyber quizzes and newsletters that reinforce best practices across all levels of the organisation.

Rigorous monitoring, audits, and regulatory compliance

The Bank maintains continuous compliance through an extensive framework of internal and external audits. Annual independent validations of the Information Security Management System (ISMS) are conducted by ISO 27001 external auditors, while Qualified Security Assessors (QSA) perform periodic reviews to ensure compliance with PCI DSS requirements. The Bank’s adherence to the SWIFT Customer Security Controls Framework is independently verified, reinforcing its commitment to international cybersecurity standards. Regular reviews of cybersecurity performance, including incident reports and audit findings, are presented to the ISC and BIRMC, ensuring Board-level engagement and strategic oversight.

A future-ready cybersecurity roadmap

As cyber threats continue to evolve, the Bank remains committed to staying ahead of emerging risks through investments in AI-driven threat detection, Zero-Trust security models, and enhanced cyber resilience frameworks. Strengthening security infrastructure and continuously aligning with global best practices remain central to the Bank’s long-term vision.

For in-depth discussions on the Bank’s cybersecurity governance, refer to:

BIRMC Report
BTC Report
BAC Report

With an unwavering commitment to cybersecurity, resilience, and trust, the Bank continues to set the benchmark for information security excellence in Sri Lanka’s banking industry.

Data security and privacy

The Bank is committed to safeguarding the privacy and security of customers' personal data through rigorous data governance practices. The Bank ensures compliance with evolving regulatory frameworks, including the Personal Data Protection Act No. 09 of 2022, while continuously strengthening data protection measures to maintain customer trust.

Commitment to data privacy

Protecting the confidentiality, integrity, and availability of personal data is at the core of the Bank’s operations. A robust framework encompassing skilled personnel, advanced technology, stringent controls, well-defined policies, and efficient processes ensures responsible management of personal data. All customer information is handled with the highest level of security and is used exclusively for legitimate business purposes in compliance with applicable privacy laws and regulations, including the Personal Data Protection Act and Global Data Protection Regulation (GDPR).

Privacy framework and third-party collaborations

The Bank has established a comprehensive privacy framework to safeguard customer information. Stringent data privacy and security standards are enforced when collaborating with third-party service providers. Due diligence assessments, contractual safeguards, and continuous monitoring ensure that personal data remains protected across all external engagements.

Employee training and awareness

Recognising that data privacy is a shared responsibility, the Bank conducts regular training and awareness programs to educate employees on data protection best practices. These sessions equip staff with the knowledge to handle personal data securely, stay informed of evolving privacy regulations, and uphold the highest standards of data security.

Governance and Risk Management

The data governance team plays a pivotal role in identifying, assessing, and mitigating data privacy risks. These risks are regularly reported at the highest levels of management, ensuring a proactive approach to data protection. Data privacy is a key focus at multiple governance forums, including Board-level discussions, to facilitate strategic oversight and timely decision-making.

As part of its commitment to continuous improvement, the Bank regularly reviews and enhances its data privacy practices to stay ahead of emerging threats, evolving technologies, and regulatory changes. Protecting personal data remains a top priority as the Bank continues to build a secure and trustworthy financial ecosystem for its customers.

Sustainability: ESG risks and opportunities

(Principle H)

The Bank recognises that integrating ESG principles into its strategy and operations not only aligns with global sustainability goals but also enhances innovation, risk mitigation, and long-term value creation.

Integration of ESG principles

Strategic focus:

The Bank integrates ESG principles into decision-making processes to mitigate risks and capitalise on emerging opportunities.
Compliance with relevant regulations and adaptation to evolving stakeholder needs form a cornerstone of the Bank’s ESG strategy.

Measurement and disclosure:

Utilises globally recognised frameworks such as the GRI standards and the <IR> Framework.
Regularly measures and discloses sustainability performance to foster transparency and accountability.

ESG risk management initiatives

Sustainability Framework:

Adoption of a comprehensive framework and establishment of an Executive Sustainability Committee, which reports to BIRMC, for regular ESG risk assessments.

ESMS:

Based on IFC Performance Standards, ESMS includes policies and tools for managing environmental and social risks.

Due diligence and impact assessment:

Conducts environmental and social due diligence and proposes corrective actions for identified risks.
Evaluates the impact of lending activities on factors such as pollution, community well-being, and biodiversity.

Responsible lending practices:

Maintains a credit policy and lending guidelines to minimise transactions that adversely impact the environment.

Supply chain oversight:

Reviews social and environmental impacts through supplier selection and evaluation.

Minimising environmental footprint:

Implements green processes, adopts green buildings, and generates solar energy for operations.

Leveraging ESG opportunities

Green financing:

Supports sustainable projects such as renewable energy, energy-efficient buildings, and eco-friendly technologies.
Encourages clients to adopt sustainable practices through green loans and leases.

Supplier collaboration:

Works with responsible suppliers to minimise indirect environmental and social footprints.

Staff training and engagement:

Conducts training programmes to enhance staff understanding of sustainable finance and ESG principles.

International partnerships:

Actively collaborates with global platforms to share knowledge and leverage international resources for
ESG initiatives.

The Bank’s ESG strategy reflects its commitment to sustainable value creation, proactive risk management, and global
best practices.

¹ Principles referred to in this section are the principles in the Code of Best Practice on Corporate Governance – 2023 issued by CA Sri Lanka.

My Report

Integrated Report

Governance Reports

Annual corporate governance report

Chairman’s Message

How we govern (Principles D.6 and D.7)1

Independent Assurance on Governance Compliance

Comprehensive governance disclosures

Bank’s approach to governance

A culture of exemplary conduct

Beyond compliance: Governance as a responsibility

A commitment to integrity and sustainability

A dynamic and evolving framework

Recognition of excellence in governance

Adapting to regulatory changes

Objectives of the Bank’s Corporate Governance Framework

Core objectives

Board’s contribution to governance objectives

Governance policies and frameworks

Key initiatives for governance excellence

Governance structure

Roles and responsibilities

Organisational structure

Key regulatory requirements, voluntary codes, and elements of Corporate Governance Framework

Elements of Corporate Governance Framework

Foundational documents:

Organisational structure:

Policies and risk frameworks:

Governance charters:

Ethics and conduct:

Sustainability practices:

Related party transactions:

Listing Rules and investor protections:

Banking and financial services regulations:

Corporate governance standards:

Company law and stakeholder protection:

Taxation and financial reporting:

Employee and social responsibility legislation:

Sustainability and data protection:

Guidance for Directors:

Board of Directors (Principles A.1, A.1.5, A.4, and A.10)

Role and responsibilities of the Board

Board – Corporate Management dynamics

Composition of the Board

Diversity and inclusion

(Principle A.10.1)

Diversity at the Board level

A unique perspective for value creation

Enhancing dynamics and effectiveness

Board process

(Principles A.1.3, A.1.4, A.1.6, A.1.7, A.3.1, and A.6)

Maintaining transparency and accountability

Access to independent expertise

Protection and support for Directors

Conflicts of interest

(Principles A.5.5 and A.10.1)

Declaration and management of conflicts

Related Party Transactions Policy

Approval and oversight of Related Party Transactions

Ongoing declarations and registers

Board meetings

(Principles A.1.1 and A.10.1)

Key focus areas of Board deliberations

Reorganisation post-AGM

Attendance and hybrid meeting format

Regulatory compliance and policy updates

Enhancing governance and value creation

Board committees

(Principles A.7.1 to A.7.3, A.7.5 & A.7.6, B.2, D.3 to D.5)

Mandatory and voluntary committees

Governance and functionality

Accountability to the Board

Key reports and details

Executive Management Committee

Primary responsibilities

Supporting the Board

Meeting dynamics and reporting

Subsidiaries and associate oversight

Profiles of key members

Management committees

How we govern (Principles D.6 and D.7)¹

Key regulatory requirements, voluntary codes,
and elements of Corporate Governance Framework