The members of the board of directors and senior management shall have an impeccable reputation and shall possess the experience and skills to perform their mandate. The board of directors shall have its performance regularly assessed.
The board of directors shall also contain non-executive directors.
The board of directors shall specify the basic risk management principles. It shall approve the plans specified in Article 26 and Article 31 paragraph 4, as well as the business continuity strategy and plans specified in Article 32b paragraph 4.
The internal audit function shall be independent of the senior management and shall report to the board of directors or one of its committees. It shall be equipped with sufficient resources and shall have unlimited right of review as well as unrestricted access to all documentation, data carriers and information processing systems.