COMPLIANCE WITH CODE OF BEST PRACTICE ON

CORPORATE GOVERNANCE 2023 ISSUED BY CA SRI LANKA

Sections

referred to in

the Code

Compliance status

DIRECTORS

A.1

The Board

Principle A.1

The Board of Bank of Ceylon is comprised of six (06) Non Executive Directors with the appointment of three (03) new directors during

the 1st quarter of the year 2024 in terms of the provisions of Bank of Ceylon Ordinance No. 53 of 1938 and its amendments. Five (05)

of them are Independent Directors. The Treasury Representative is considered a Non Independent Non Executive Ex officio Director.

The Directors bring diverse perspectives, expertise and experience to the Board.

Appointments to the Board are made by the shareholder, the Government of Sri Lanka through the Minister under whose purview

the Bank comes under as per the said Ordinance. A policy on Appointment of Directors is in place identifying the skill set that is

required on the Board. Accordingly, the Directors who have skills and experience direct and lead the Bank with effective controls.

The composition of the Board in 2023 and as at this Annual Report date is given on page 113 of this Annual Report.

The skills and experience of the Directors are indicated in the details about them.

A.1.1

Board meetings

The Board meetings are held on a fortnightly basis and special meetings are scheduled as and when the need arises. The schedule

of meetings is in place by the beginning of the year and the structure of submitting information to the Board has been agreed upon.

Necessary information is submitted as agreed to enable decision-making. During the year under review the Board met twenty two

(22) times and attendance at meetings is summarised on page 116.

The information listed under this section is discussed at the relevant subcommittees and the Board.

A.1.2

Role and responsibilities of the Board

The role and responsibilities of the Board are incorporated in the Board Charter which was last reviewed in the year 2023 with the

review of the Corporate Governance Policy of the Bank.

A.1.3

To act in accordance with the laws of the country

The Bank is regulated as per the Bank of Ceylon Ordinance No. 53 of 1938 and its amendments and the Banking Act No. 30 of 1988

and its amendments. Additionally, directions issued by the Regulators viz., the Central Bank of Sri Lanka, any other regulator where

the Bank has its overseas Branches, Securities and Exchange Commission of Sri Lanka and the Colombo Stock Exchange apply to

Bank of Ceylon. The Board acts in accordance with the applicable laws.

A Policy on Directors’ Access to Independent Professional Advice is in place whereby Directors are able to seek independent

professional advice on a needs basis at the Bank’s expense. This Policy was reviewed during the year 2023.

A.1.4

Advice and services of the Company Secretary

The members of the Board have access to the advice and services of the Secretary to the Board/ Secretary, Bank of Ceylon who is an

Attorney-at-Law. The Secretary to the Board is held responsible for ensuring that Board procedures are followed and compliance with

applicable rules and regulations, directions and statutes and keeping and maintaining minutes and relevant records.

Any question of the removal of the Secretary to the Board/Secretary, Bank of Ceylon is a matter for the full Board. The role of

Company Secretary is given in on page 115.

A.1.5

Independent judgement

The Board of Bank of Ceylon bring independent judgement to bear in discharging their duties and responsibilities on matters

relating to the Board including strategy, performance, resource allocation, risk management, compliance and standards of business

conduct.

A.1.6

Dedicating adequate time and effort to matters of the Board and the Bank

The agenda and Board memoranda are circulated among the Board members seven days prior to the meeting through a secure

e-Solution enabling them to dedicate sufficient time before a meeting to review Board memoranda and call for additional

information and clarifications. Pre-Board meetings are scheduled when deemed necessary.

Members of the Corporate Management and external experts make presentations to the Board to provide updates, seek approval or

guidance on various matters relevant to the Bank’s strategic direction, operations, financial performance, risk management and other

key areas.

A.1.7

Calling of resolution

The Board members can individually submit proposals to the Board when they feel that they are in the best interests of the Bank and

a resolution can be presented to the Board.

A.1.8

Training for Directors

When first appointed to the Board, the Directors undergo an induction programme covering the applicable regulatory requirements,

Bank’s history, organisational structure, details of subsidiaries and associates, products and services, Directors’ responsibilities and are

provided with a Board Manual incorporating all the above given in e-form through the Bank’s electronic support system.

Directors are encouraged to attend relevant training programmes and are apprised of the latest developments in the Bank and

external environment by members of the Corporate Management or through external resource personnel. Directors attended one

training programme during the year. However, the Management made presentations where necessary, to update the Board on the

activities of the Bank.

A.2

Division of responsibilities between the Chairman and Chief Executive Officer (CEO).

The positions of the Chairman and the Chief Executive Officer (referred to as the “General Manager” in the Bank) are held by two

separate individuals. The Chairman is a Non-Executive Director. There is a clear division of responsibilities between the Chairman and

the General Manager and the Board Charter adopted by the Bank clearly defines these responsibilities.

A.3

Chairman’s Role

The Chairman of Bank of Ceylon provides leadership to the Board, preserves order and facilitates the effective discharge of the

Board’s functions. The agenda for Board meetings was prepared by the Secretary, Bank of Ceylon/Secretary to the Board, based

primarily on the memoranda submitted through the General Manager and any other relevant matters proposed by a Director/s. The

agenda covers matters relating to strategy, performance, resource allocation, risk management and compliance. Sufficiently detailed

information on matters included in the agenda is circulated to Directors well ahead of the meetings through a secure e-Solution.

All Directors are informed of their duties and responsibilities (which are enshrined in the Board Charter) and the Board subcommittee

structure of the Bank which assists the Board in discharging its responsibilities.

The Board of Bank of Ceylon consists entirely of Non-Executive Directors and they effectively contribute within their respective

capabilities, for the benefit of the Bank.

Directors are encouraged to seek information considered necessary to discuss matters on the agenda of meetings and to request

inclusion of matters of corporate concern on the agenda.

The views of Directors on issues under consideration are ascertained and a record of such deliberations are reflected in the minutes

in detail.

A.4

Financial acumen and knowledge to offer guidance on matters of finance

The Directors have sufficient financial acumen and knowledge to guide the Bank which they have acquired through the businesses/

professions in which they are involved and from qualifications held.

A.5

Board Balance

The Chairman is an Independent Non Executive Director. The Board of Bank of Ceylon is always comprised of Non-Executive

Directors. Among them, five (05) are independent other than the Treasury Representative. A declaration of independence to

ascertain the independence/non independence in line with the requirements of the applicable regulations of this Code would be

obtained in 2024.

When Alternate Directors are appointed, it is ensured that they are Non-Executive.

A.6

Provision of appropriate and timely information

The agenda and Board/ Subcommittee memoranda required for a Board/subcommittee meeting are provided to Directors through

the available e-Solution seven days prior to the meeting for them to review the memoranda in advance and come up with questions

and discussion points and to request for additional information, if necessary. Pre-Board meetings are arranged where necessary to

clarify matters and to facilitate the smooth functioning of the Board meetings.

The members of the Corporate Management are available if the Directors wish to obtain further information or for any clarification.

Board meeting minutes are made available to the Directors within 10 days from the meeting.

A.7

Appointments to the Board: Nomination and Corporate Governance Committee

7.1

Appointments to the Board are made by the Government of Sri Lanka, through the Minister under whose purview the Bank falls. The

requisite regulatory requirements relating to appointment of new Directors are complied with. There is an internal policy in place with

regard to the appointment of Directors which has been shared with the relevant Ministry.

7.2

The Nomination and Corporate Governance Committee comprised of three (03) Non Executive Directors in 2023 and among them

two (02) are independent including the Chairman. On being proposed to the Board, their fit and proper is being assessed by the

members of the Committee in terms of Direction no. 3(6) (iv) (d) of the Banking Act Direction No. 11 of 2007 issued by the Central

Bank of Sri Lanka.

7.3

The Bank has a Succession Plan for the Corporate Management which has been revised during the year. The Committee discussed

in detail formulation of a new Promotion Policy for the position of the General Manager/ Chief Executive Officer of Bank of Ceylon

which was approved in 2024.

7.4

Appointments to the Board are made by the shareholder as stated in A.7 above. The information pertaining to the new Directors are

published in the website of the Bank, media and announced to the Colombo Stock.

7.5

Report on the Nomination and Corporate Governance Committee indicates the activities performed by the Committee given on

pages 128 and 129.

A.8

Reappointment

Every Director appointed shall hold office for a period of three years, unless he is removed from office earlier or he vacates his office

in terms of the Bank of Ceylon Ordinance No. 53 of 1938 and its amendments. In either case, he is eligible to be reappointed.

Mr R M Priyantha Rathnayake, Non Independent Non-Executive Ex-officio Director was re-appointed w.e.f. 29.04.2023 upon the end

of his term of three (03) years.

Resignation

An appointed Director may resign from his directorship by a letter addressed to the Minister under whose purview the Bank falls and

any Director who vacates office by ending the term is eligible for Re-appointment. If it is due to a special reason, it is expected to be

indicated in their resignation letter.

Please refer details on appointments/reappointment and resignations of Directors given on Page no 115.

A.9

Appraisal of Board and its subcommittees

An annual self-evaluation of its own performance is undertaken by the Board and Board subcommittees to ensure that Board’s and

that of its subcommittees’ responsibilities are satisfactorily discharged. The collective outcome is reviewed and addressed by the

Board. During the year under review self-evaluation of the Board was carried out facilitated through the Nomination and Corporate

Governance Committee of the Board. Also the members of the Board subcommittees collectively evaluated the performance of the

subcommittees for effectiveness and efficiency.

A.10

Disclosure of information in respect of Directors in the Annual Report

The following information pertaining to Directors are included in the Annual Report:

Profiles of the Directors covering name, qualifications, nature of expertise and whether Executive/Non-Executive are indicated on

pages 28 to 31.

Directors’ Interest in contracts with the Bank on page 155.

Remuneration paid to Directors in Note 17 to the Financial Statements on page 200.

Related party information indicated on pages 312 to 319 Directorships in other companies indicated on page 155.

Membership of subcommittees and the number of Board and subcommittee meetings attended during the year are indicated on

page 116.

A.11

Appraisal of the Chief Executive Officer/ General Manager

The performance evaluation of the General Manager is carried out annually based on the targets set at the commencement of the

fiscal year in line with Strategic Plan by the Human Resources and Remuneration Committee and the final report is submitted to the

Board.

Directors’ remuneration

B .1

There is a formal Remuneration Policy in place for the Chairman and Board of Directors (all Non-Executive) which was reviewed and

revised in 2023. The above policy is formulated based on the circulars issued by the Government, the shareholder, from time to time

and other applicable legislation. No Director is involved in deciding his/her remuneration.

B.2

Human Resource and Remuneration Committee

The remuneration of Directors is decided based on the circulars issued by the Government, the shareholder, from time to time and

other applicable legislation.

B .2

The Bank’s Human Resources and Remuneration Committee accordingly has no role in deciding the remuneration of Directors. (It

however recommends the remuneration of Senior Executives.)

B.3

Disclosure of remuneration

Details of remuneration paid to the Board as a whole is indicated on page 200.

The composition of the Human Resources and Remuneration Committee appears on page 126.

The Compensation to KMP on page 313.

Relations with shareholders

C.1

The Government of Sri Lanka being the sole shareholder of the Bank, the Bank’s communication with the shareholder happens

in various forms. A Government representative (an officer from the Ministry of Finance) is on the Board, directly representing the

shareholder and the Annual Report is placed before the Parliament of Sri Lanka and is open to question by the Parliament.

C.2

A Board approved Communication Policy is in place. Major issues and concerns of the shareholder viz. Government of Sri Lanka are

discussed during the Board meetings with the participation of the direct Government representative on the Board and is elevated to

the Ministry or higher levels as may be necessary. The Communication Policy in place guides the Bank on effective communication

with internal and external stakeholders and was reviewed during the year under review.

C.3

There were no transactions that were entered into by the Directors which would materially affect the Bank’s performance, its net asset

base or related party transactions during the year other than what is disclosed under Notes to the Financial Statements on pages 312

to 319.

Accountability and audit

D.1

Present a balanced and understandable assessment of the company’s financial position, performance, business model, governance

structure, risk management, internal controls and challenges, opportunities and prospects

All measures are taken to ensure that the Annual Report presents a balanced assessment of the Bank’s financial position,

performance, business model, governance structure, risk management, internal controls and challenges, opportunities and prospects

in an easily comprehensible manner.

The Bank’s Financial Statements presented in the Annual Report are balanced, understandable and prepared in accordance with the

relevant laws and regulations with any deviation being clearly explained and portrays a true and fair view.

It also ensures that a balanced and understandable assessment extends to interim and other price-sensitive public reports and

reports to regulators, as well as to information required to be presented to meet statutory requirements.

The Chief Financial Officer and the General Manager of the Bank give a statement indicating that the financial statements provide a

true and fair view of the state of affairs of the Bank of Ceylon and its Group. The Financial Statements are reviewed and deliberated

by the Board Audit Committee before recommending to the Board for its approval for publication.

For the purpose of fulfilling the disclosure requirements, the following statements are included in the Annual Report – Annual Report

of the Directors on the State of Affairs of the Bank on pages 150 and 154.

Directors’ Statement on Internal Control over Financial Reporting on pages 156 and 157 Management Discussion and Analysis under

Financial Review pages 68 and 72.

Report on Related Party Transactions of the Key Management Personnel and their Close Family Members appearing on pages 312

and 319.

Statement of Directors’ Responsibility for Financial Reporting on page 159. Report of the Auditor General on pages 160 to 164.

Management Discussion and Analysis under Financial Review on pages 68 to 72.

D.2

Process of risk management and a sound system of internal control to safeguard shareholders’ investments and the company’s assets.

The Board is responsible for determining the nature and extent of the principal risks that it is willing to take in achieving its

strategic objectives and the Board Integrated Risk Management Committee is there to facilitate the Board in fulfilling its oversight

responsibilities in regard to the existence, operation and effectiveness of the risk management programmes, policies and practices

employed by the Bank to manage various types of risks, including compliance programmes.

There is a Risk Management framework to identify, assess, monitor and manage risks with clear delegation of responsibilities to

ensure its effectiveness in supporting achievements of the strategic, operational and financial objectives of the Bank.

The Board Audit Committee assists the Board in achieving the objective of the Bank’s system of internal controls including

operational, financial and compliance among other responsibilities of the Committee.

The Board monitors the Bank’s risk management and internal control systems through the Integrated Risk Management Committee

and Audit Committee respectively and carries out a review of the said Committees’ effectiveness annually.

Bank of Ceylon has a well-equipped Internal Audit Department to carry out the internal audit function of the Bank. The Auditor

General is the External Auditor of the Bank.

Section 3(6) of

the Banking

D.3

Audit Committee

The Board Audit Committee comprised exclusively of Non-Executive Directors during the year under review. The Chairman of the

Committee during the year under review was an Independent Non- Executive Director. The Chairman and the members of the Audit

Committee had relevant experience in financial reporting and control.

The Board Audit Committee assists the Bank’s Board in fulfilling its oversight responsibilities.

The Board Audit Committee ensures the carrying out of the reviews of the processes and effectiveness of risk management and

internal controls and audit reports are submitted to the Committee. The role and responsibilities of the Audit Committee are

disclosed in the Audit Committee Report appearing on pages 122 and 123 of this Annual Report.

The Audit Committee has a written Terms of Reference which clearly defines its role and responsibilities and it was reviewed during

the year. The activities performed by the Committee during the year under review appear on pages 122 and 123 of this Annual

Report.

D.4

Integrated Risk Management Committee (IRMC)

IRMC oversee the risk culture, risk appetite, risk identification and classification, rating and management of risk. The Committee

composition and the activties carried out during the year indicated in pages 125 and 126.

D.5

Related party transactions

The Bank has a Board approved policy on related party transactions in place covering related parties, their transactions and

restrictions on offering more favourable treatment to related parties in order for the Board members to avoid any conflict of interest

in this regard.

The Report on the Related Party Transactions of the Key Management Personnel and their Close Family Members appear on pages

312 to 319 of this Annual Report.

D.6

Code of Business Conduct and Ethics

The Bank maintains a Code of Ethics for the employees of the Bank and a separate Code of Business Conduct and Ethics for the

Directors and an acknowledgement is obtained for affirmation of compliance with the Codes. A Whistleblower Policy is in place

which enables prompt reporting of illegal and fraudulent reporting. These policies were reviewed during the year.

D.7

Corporate Governance disclosures

The Corporate Governance Report which is appearing on pages 111 to 121 discloses the extent of compliance with the provisions of

the Code of Best Practice on Corporate Governance.

Shareholder

F.1 and F.2

The Government of Sri Lanka is the sole shareholder of the Bank.

Internet of things and cybersecurity

The Bank has a process in place to identify as to how the Bank’s business model, IT devices within and outside the Bank can connect

to the Bank’s network to send and receive information and the consequent Cybersecurity risks that may affect the business.

A Board approved Information Security Policy is in place which provides the management with direction and support to ensure

protection of the Bank’s information assets.

In addition, the Integrated Risk Management Committee assists the Board in ensuring that the Bank is protected from Cybersecurity

threats by recommending and following up on vulnerability assessments and reporting to the Board. Processes to identify and

manage Cybersecurity risks are included in the Risk Management Report of this Annual Report on pages 132 to 148.

The Bank has appointed a Chief Information Security Officer, in order to implement the Cybersecurity Risk Management Policy.

The Board Information and Communication Technology Committee assists the Board of Directors in fulfilling its oversight

responsibilities related to information and communication technology and provides appropriate advice and recommendations to

facilitate decision-making by the Board in regard to Cybersecurity measures amongst others.

Sustainability: ESG Risk and Opportunities

ESG related disclosures appear in pages 61 to 63 of this Annual Report.

Establishment and Maintenance of Policies

I.1 & 1.2

Policies relating to following areas are in place other than (b) (i) and (j) which will be complied in 2024:

(a) Matters relating to the board of directors

(b) Board committees

(d) Remuneration

(e) Internal code of business conduct and ethics for all directors and employees, including policies on trading in the entity’s listed

securities

(f) Risk management and internal controls

(g) Relations with shareholders and investors

(h) Environmental, social and governance sustainability

(i) Control and management of company assets and shareholder investments

(j) Corporate disclosures

(k) Whistleblowing

(l) Anti-bribery and corruption