This chapter describes the Core Principles, the preconditions for effective banking supervision, the assessment methodology and criteria for assessing compliance.

Effective as of: 15 Dec 2019 | Last update: 15 Dec 2019
Status: Current (View changes)

Last review of the Core Principles

01.1

The Core Principles for Effective Banking Supervision (Core Principles) are the de facto minimum standard for sound prudential regulation and supervision of banks and banking systems. Originally issued by the Basel Committee on Banking Supervision (the Committee) in 1997, they are used by countries as a benchmark for assessing the quality of their supervisory systems and for identifying future work to achieve a baseline level of sound supervisory practices. The Core Principles are also used by the International Monetary Fund (IMF) and the World Bank, in the context of the Financial Sector Assessment Programme (FSAP), to assess the effectiveness of countries’ banking supervisory systems and practices.

01.2

In March 2011, the Core Principles Group1 was mandated by the Committee to review and update the Core Principles. The Committee’s mandate was to conduct the review taking into account significant developments in the global financial markets and regulatory landscape since October 2006 (when the Core Principles had last been revised), including post-crisis lessons2 for promoting sound supervisory systems. The intent was to ensure the continued relevance of the Core Principles for promoting effective banking supervision in all countries over time and changing environments.

2 Footnotes
01.3

In conducting the 2011 review, the Committee sought to achieve the right balance in raising the bar for sound supervision while retaining the Core Principles as a flexible, globally applicable standard. By reinforcing the proportionality concept, the revised Core Principles and their assessment criteria accommodate a diverse range of banking systems. The proportionate approach also allows assessments of compliance with the Core Principles that are commensurate with the risk profile and systemic importance of a broad spectrum of banks (from large internationally active banks to small, non-complex deposit-taking institutions).

01.4

Both the Core Principles and the associated Core Principles Methodology3 (assessment methodology) have served their purpose well in terms of helping countries to assess their supervisory systems and identify areas for improvement. While conscious efforts were made during the 2011 review to maintain continuity and comparability as far as possible, the Committee merged the Core Principles and the assessment methodology into a single comprehensive document. The revised set of twenty-nine Core Principles were also reorganised to foster their implementation through a more logical structure starting with supervisory powers, responsibilities and functions, and followed by supervisory expectations of banks, emphasising the importance of good corporate governance and risk management, as well as compliance with supervisory standards.

1 Footnote
01.5

Important enhancements were introduced into the individual Core Principles during the review, particularly in those areas that are necessary to strengthen supervisory practices and risk management. Various additional criteria were upgraded to essential criteria as a result, while new assessment criteria were warranted in other instances. Close attention was given to addressing many of the significant risk management weaknesses and other vulnerabilities highlighted in the last crisis. In addition, the review took account of several key trends and developments that emerged during the last few years of market turmoil: the need for greater intensity and resources to deal effectively with systemically important banks; the importance of applying a system-wide, macro perspective to the microprudential supervision of banks to assist in identifying, analysing and taking pre-emptive action to address systemic risk; and the increasing focus on effective crisis management, recovery and resolution measures in reducing both the probability and impact of a bank failure. The Committee sought to give appropriate emphasis to these emerging issues by embedding them into the Core Principles, as appropriate, and including specific references under each relevant Principle.

01.6

In addition, sound corporate governance underpins effective risk management and public confidence in individual banks and the banking system. Given fundamental deficiencies in banks’ corporate governance that were exposed in the last crisis, a new Core Principle on corporate governance was added in this review by bringing together existing corporate governance criteria in the assessment methodology and giving greater emphasis to sound corporate governance practices. Similarly, the Committee reiterated the key role of robust market discipline in fostering a safe and sound banking system by expanding an existing Core Principle into two new ones dedicated respectively to greater public disclosure and transparency, and enhanced financial reporting and external audit.

01.7

Previously, the grading of compliance with the Core Principles was based solely on the essential criteria. To provide incentives to jurisdictions, particularly those that are important financial centres, to lead the way in the adoption of the highest supervisory standards, the revised Core Principles allow countries the additional option of voluntarily choosing to be assessed and graded against the essential and additional criteria. In the same spirit of promoting full and robust implementation, the Committee retained the existing four-grade scale of assessing compliance with the Core Principles. This includes the current “materially non-compliant” grading that helps provide a strong signalling effect to relevant authorities on remedial measures needed for addressing supervisory and regulatory shortcomings in their countries.

01.8

The revised Core Principles continue to provide a comprehensive standard for establishing a sound foundation for the regulation, supervision, governance and risk management of the banking sector. Given the importance of consistent and effective standards implementation, the Committee stands ready to encourage work at the national level to implement the revised Core Principles in conjunction with other supervisory bodies and interested parties.

Foreword to the Core Principles

01.9

The revised Core Principles strengthen the requirements for supervisors, the approaches to supervision and supervisors’ expectations of banks. This is achieved through a greater focus on effective risk-based supervision and the need for early intervention and timely supervisory actions. Supervisors should assess the risk profile of banks, in terms of the risks they run, the efficacy of their risk management and the risks they pose to the banking and financial systems. This risk-based process targets supervisory resources where they can be utilised to the best effect, focusing on outcomes as well as processes, moving beyond passive assessment of compliance with rules.

01.10

The Core Principles set out the powers that supervisors should have in order to address safety and soundness concerns. It is equally crucial that supervisors use these powers once weaknesses or deficiencies are identified. Adopting a forward-looking approach to supervision through early intervention can prevent an identified weakness from developing into a threat to safety and soundness. This is particularly true for highly complex and bank-specific issues (eg liquidity risk) where effective supervisory actions must be tailored to a bank’s individual circumstances.

01.11

In its efforts to strengthen, reinforce and refocus the Core Principles, the Committee has nonetheless remained mindful of their underlying purpose and use. The Committee’s intention is to ensure the continued relevance of the Core Principles in providing a benchmark for supervisory practices that will withstand the test of time and changing environments. For this reason, this revision of the Core Principles builds upon the preceding versions to ensure continuity and comparability as far as possible.

01.12

In recognition of the universal applicability of the Core Principles, the Committee conducted its review in close cooperation with members of the Basel Consultative Group which comprises representatives from both Committee and non-Committee member countries and regional groups of banking supervisors, as well as the IMF, the World Bank and the Islamic Financial Services Board. The Committee consulted the industry and public before finalising the text.

General approach

01.13

The first Core Principle sets out the promotion of safety and soundness of banks and the banking system as the primary objective for banking supervision. Jurisdictions may assign other responsibilities to the banking supervisor provided they do not conflict with this primary objective.4 It should not be an objective of banking supervision to prevent bank failures. However, supervision should aim to reduce the probability and impact of a bank failure, including by working with resolution authorities, so that when failure occurs, it is in an orderly manner.

1 Footnote
01.14

To fulfil their purpose, the Core Principles must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks (from large internationally active banks to small, non-complex deposit-taking institutions). Banking systems may also offer a wide range of products or services and the Core Principles are aligned with the general aim of catering to different financial needs. To accommodate this breadth of application, a proportionate approach is adopted, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. Consequently, the Core Principles acknowledge that supervisors typically use a risk-based approach in which more time and resources are devoted to larger, more complex or riskier banks. In the context of the standards imposed by supervisors on banks, the proportionality concept is reflected in those Principles focused on supervisors’ assessment of banks’ risk management, where the Principles prescribe a level of supervisory expectation commensurate with a bank’s risk profile5 and systemic importance.6

2 Footnotes
01.15

Successive revisions to existing Committee standards and guidance, and any new standards and guidance will be designed to strengthen the regulatory regime. Supervisors are encouraged to move towards the adoption of updated and new international supervisory standards as they are issued.

Approach toward emerging trends and developments

30.15

A bank must meet, on a daily basis, a capital requirement calculated based on the value-at-risk measure and stressed value-at-risk measure (c) as follows, where the formula is expressed as the sum of:

(1)

The higher of:

(a)

its previous day's value-at-risk number measured according to the parameters specified in this chapter (VARt-1) and

(b)

an average of the daily value-at-risk measures on each of the preceding sixty business days (VARavg), multiplied by a multiplication factor (mc); plus

(2)

The higher of:

(a)

its latest available stressed-value-at-risk number calculated according to MAR30.15(1)(a) (sVaRt-1) and

(b)

an average of the stressed value-at-risk numbers calculated according to MAR30.15(1)(b) over the preceding sixty business days (sVaRavg), multiplied by a multiplication factor (ms).

01.16

In the aftermath of the crisis, much attention has been focused on systemically important banks (SIBs), and the regulations and supervisory powers needed to deal with them effectively. Consideration was given by the Committee during the 2011 review to including a new Core Principle to cover SIBs. However, it was concluded that SIBs, which require greater intensity of supervision and hence resources, represent one end of the supervisory spectrum of banks. Each Core Principle applies to the supervision of all banks. The expectations on, and of, supervisors will need to be of a higher order for SIBs, commensurate with the risk profile and systemic importance of these banks. Therefore, it is unnecessary to include a specific stand-alone Core Principle for SIBs.

01.17

The crisis highlighted the interface between, and the complementary nature of, the macroprudential and microprudential elements of effective supervision. In their application of a risk-based supervisory approach, supervisors and other authorities need to assess risk in a broader context than that of the balance sheet of individual banks. For example, the prevailing macroeconomic environment, business trends, and the build-up and concentration of risk across the banking sector and, indeed, outside of it, inevitably impact the risk exposure of individual banks. Bank-specific supervision should therefore consider this macro perspective. Individual bank data, where appropriate, data at sector level and aggregate trend data collected by supervisors should be incorporated into the deliberations of authorities relevant for financial stability purposes (whether part of, or separate from, the supervisor) to assist in identification and analysis of systemic risk. The relevant authorities should have the ability to take pre-emptive action to address systemic risks. Supervisors should have access to relevant financial stability analyses or assessments conducted by other authorities that affect the banking system. This broad financial system perspective is integral to many of the Core Principles. For this reason, the Committee has not included a specific stand-alone Core Principle on macroprudential issues.

01.18

In supervising an individual bank which is part of a corporate group, it is essential that supervisors consider the bank and its risk profile from a number of perspectives: on a solo basis (but with both a micro and macro focus as discussed above); on a consolidated basis (in the sense of supervising the bank as a unit together with the other entities within the “banking group”7) and on a group-wide basis (taking into account the potential risks to the bank posed by other group entities outside of the banking group). Group entities (whether within or outside the banking group) may be a source of strength but they may also be a source of weakness capable of adversely affecting the financial condition, reputation and overall safety and soundness of the bank. The Core Principles include a specific Core Principle on the consolidated supervision of banking groups, but they also note the importance of parent companies and other non-banking group entities in any assessment of the risks run by a bank or banking group. This supervisory “risk perimeter” extends beyond accounting consolidation concepts. In the discharge of their functions, supervisors must observe a broad canvas of risk, whether arising from within an individual bank, from its associated entities or from the prevailing macro financial environment.

1 Footnote
01.19

Supervisors should also remain alert to the movement, or build-up, of financial activities outside the regulated banking sector (the development of “shadow banking” structures) and the potential risks this may create. Data or information on this should also be shared with any other authorities relevant for financial stability purposes.

01.20

Although it is not a supervisor’s role to prevent bank failures, supervisory oversight is designed to reduce both the probability and impact of such failures. Banks will, from time to time, run into difficulties, and to minimise the adverse impact both on the troubled bank and on the banking and financial sectors as a whole, effective crisis preparation and management, and orderly resolution frameworks and measures are required. Such measures may be viewed from two perspectives:

(1)

the measures to be adopted by supervisory and other authorities (including developing resolution plans and in terms of information sharing and cooperation with other authorities, both domestic and cross-border, to coordinate an orderly restructuring or resolution of a troubled bank); and

(2)

those to be adopted by banks (including contingency funding plans and recovery plans) which should be subject to critical assessment by supervisors as part of their ongoing supervision.

01.21

To reflect, and to emphasise, the importance of crisis management, recovery and resolution measures, certain Core Principles include specific reference to the maintenance and assessment of contingency arrangements.

01.22

Corporate governance shortcomings in banks, examples of which were observed during the crisis, can have potentially serious consequences both for the bank concerned and, in some cases, for the financial system as a whole. Similarly, the crisis served to underline the importance of disclosure and transparency in maintaining confidence in banks by allowing market participants to understand better a bank’s risk profile and thereby reduce market uncertainties about the bank’s financial strength.

Assessment of the Core Principles

01.23

The Core Principles establish a level of sound supervisory practice that can be used as a benchmark by supervisors to assess the quality of their supervisory systems. They are also used by the IMF and the World Bank, in the context of the FSAP, to assess the effectiveness of countries’ banking supervisory systems and practices.

01.24

The assessment methodology for the Core Principles includes both essential and additional assessment criteria for each Principle.

(1)

Essential criteria set out minimum baseline requirements for sound supervisory practices and are of universal applicability to all countries. By default, for the purposes of grading, the essential criteria are the only elements on which to gauge full compliance with a Core Principle. An assessment of a country against the essential criteria must, however, recognise that its supervisory practices should be commensurate with the risk profile and systemic importance of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria even if it is not always directly referenced.

(2)

The additional criteria are suggested best practices that countries having advanced banks should aim for. Effective banking supervisory practices are not static. They evolve over time as lessons are learned and banking business continues to develop and expand. Supervisors are often swift to encourage banks to adopt “best practice” and supervisors should demonstrably “practice what they preach” in terms of seeking to move continually towards the highest supervisory standards. To reinforce this aspiration, the additional criteria in the Core Principles set out supervisory practices that exceed current baseline expectations but which will contribute to the robustness of individual supervisory frameworks. As supervisory practices evolve, it is expected that upon each revision of the Core Principles, a number of additional criteria will migrate to become essential criteria as expectations on baseline standards change. The use of essential criteria and additional criteria will, in this sense, contribute to the continuing relevance of the Core Principles over time.

01.25

In the past, countries were graded only against the essential criteria, although they could volunteer to be assessed against the additional criteria too and benefit from assessors’ commentary on how supervisory practices could be enhanced. In future, countries undergoing assessments by the IMF and/or the World Bank can elect to be graded against the essential and additional criteria. It is anticipated that this will provide incentives to jurisdictions, particularly those that are important financial centres, to lead the way in the adoption of the highest supervisory standards. As with the essential criteria, any assessment against additional criteria should recognise the concept of proportionality as discussed above.

01.26

It is important to bear in mind that some tasks, such as a correct assessment of the macroeconomic environment and the detection of the build-up of dangerous trends, do not lend themselves to a rigid compliant/non-compliant structure. Although these tasks may be difficult to assess, supervisors should make assessments that are as accurate as possible given the information available at the time and take reasonable actions to address and mitigate such risks.

01.27

While the publication of the assessments of jurisdictions affords transparency, an assessment of one jurisdiction will not be directly comparable to that of another. First, assessments will have to reflect proportionality. Thus, a jurisdiction that is home to many SIBs will naturally have a higher hurdle to obtain a “Compliant” grading8 versus a jurisdiction which only has small, non-complex deposit-taking institutions. Second, with this version of the Core Principles, jurisdictions can elect to be graded against essential criteria only or against both essential criteria and additional criteria. Third, assessments will inevitably be country-specific and time-dependent to varying degrees. Therefore, the description provided for each Core Principle and the qualitative commentary accompanying the grading for each Core Principle should be reviewed in order to gain an understanding of a jurisdiction’s approach to the specific aspect under consideration and the need for any improvements. Seeking to compare countries by a simple reference to the number of “Compliant” versus “Non-Compliant” grades they receive is unlikely to be informative.

1 Footnote
01.28

From a broader perspective, effective banking supervision is dependent on a number of external elements, or preconditions, which may not be within the direct jurisdiction of supervisors. Thus, in respect of grading, the assessment of preconditions will remain qualitative and distinct from the assessment (and grading) of compliance with the Core Principles.

01.29

Core Principle 29 dealing with the Abuse of Financial Services includes, among other things, supervision of banks’ anti-money laundering/combating the financing of terrorism (AML/CFT) controls. The Committee recognises that assessments against this Core Principle will inevitably, for some countries, involve a degree of duplication with the mutual evaluation process of the Financial Action Task Force (FATF). To address this, where an evaluation has recently been conducted by the FATF on a given country, FSAP assessors may rely on that evaluation and focus their own review on the actions taken by supervisors to address any shortcomings identified by the FATF. In the absence of any recent FATF evaluation, FSAP assessors will continue to assess countries’ supervision of banks’ AML/CFT controls.

Consistency with standards for other financial sectors

01.30

The banking sector is only a part, albeit an important part, of a financial system. The Committee has sought to maintain consistency, where possible, between these Core Principles and the corresponding standards for securities and insurance, as well as those for AML and transparency. Differences will, however, inevitably remain as key risk areas and supervisory priorities differ from sector to sector. In implementing the Core Principles, supervisors should take into account the role of the banking sector in supporting and facilitating productive activities for the real economy.

The Core Principles

01.31

The Core Principles are a framework of minimum standards for sound supervisory practices and are considered universally applicable.9 National authorities should apply the Core Principles in the supervision of banking organisations within their jurisdictions.10 The Committee issued the Core Principles as its contribution to strengthening the global financial system. Weaknesses in the banking system of a country, whether developing or developed, can threaten financial stability both within that country and internationally. The Committee believes that implementation of the Core Principles by all countries would be a significant step towards improving financial stability domestically and internationally, and provide a good basis for further development of effective supervisory systems. The vast majority of countries have endorsed the Core Principles and have implemented them.

2 Footnotes
01.32

The Core Principles define 29 principles that are needed for a supervisory system to be effective. Those principles are broadly categorised into two groups:

(1)

Principles 1 to 13 focus on powers, responsibilities and functions of supervisors; while

(2)

Principles 14 to 29 focus on prudential regulations and requirements for banks.

01.33

The 29 Core Principles are:

(1)

Principle 1 – Responsibilities, objectives and powers: An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.11 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.12

(2)

Principle 2 – Independence, accountability, resourcing and legal protection for supervisors: The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.

(3)

Principle 3 – Cooperation and collaboration: Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.13

(4)

Principle 4 – Permissible activities: The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.

(5)

Principle 5 – Licensing criteria: The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management14) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisor is obtained.

(6)

Principle 6 – Transfer of significant ownership: The supervisor15 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.

(7)

Principle 7 – Major acquisitions: The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.

(8)

Principle 8 – Supervisory approach: An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.

(9)

Principle 9 – Supervisory techniques and tools: The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.

(10)

Principle 10 – Supervisory reporting: The supervisor collects, reviews and analyses prudential reports and statistical returns16 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.

(11)

Principle 11 – Corrective and sanctioning powers of supervisors: The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation.

(12)

Principle 12 – Consolidated supervision: An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.17

(13)

Principle 13 – Home-host relationships: Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.

(14)

Principle 14 – Corporate governance: The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organisational structure, control environment, responsibilities of the banks’ Boards and senior management,18 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank.

(15)

Principle 15 – Risk management process: The supervisor determines that banks19 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate20 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.21

(16)

Principle 16 – Capital adequacy:22 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards.

(17)

Principle 17 – Credit risk:23 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk24 (including counterparty credit risk25) on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios.

(18)

Principle 18 – Problem assets, provisions and reserves:26 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.27

(19)

Principle 19 – Concentration risk and large exposure limits: The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.28

(20)

Principle 20 – Transactions with related parties: In order to prevent abuses arising in transactions with related parties29 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties30 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes.

(21)

Principle 21 – Country and transfer risks: The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk31 and transfer risk32 in their international lending and investment activities on a timely basis.

(22)

Principle 22 – Market risks: The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis.

(23)

Principle 23 – Interest rate risk in the banking book: The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk33 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions.

(24)

Principle 24 – Liquidity risk: The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards.

(25)

Principle 25 – Operational risk: The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk34 on a timely basis.

(26)

Principle 26 – Internal control and audit: The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent35 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.

(27)

Principle 27: Financial reporting and external audit: The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function.

(28)

Principle 28 – Disclosure and transparency: The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes.

(29)

Principle 29 – Abuse of financial services: The supervisor determines that banks have adequate policies and processes, including strict customer due diligence rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.36

26 Footnotes
01.34

The Core Principles are neutral with regard to different approaches to supervision, so long as the overriding goals are achieved. They are not designed to cover all the needs and circumstances of every banking system. Instead, specific country circumstances should be more appropriately considered in the context of the assessments and in the dialogue between assessors and country authorities.

01.35

A high degree of compliance with the Core Principles should foster overall financial system stability; however, this will not guarantee it, nor will it prevent the failure of banks. Banking supervision cannot, and should not, provide an assurance that banks will not fail. In a market economy, failures are part of risk-taking.

01.36

The Committee stands ready to encourage work at the national level to implement the Core Principles in conjunction with other supervisory bodies and interested parties. The Committee invites the international financial institutions and donor agencies to use the Core Principles in assisting individual countries to strengthen their supervisory arrangements. The Committee will continue to collaborate closely with the IMF and the World Bank in their monitoring of the implementation of the Committee’s prudential standards. The Committee also remains committed to further enhancing its interaction with supervisors from non-member countries.

Preconditions for effective banking supervision

01.37

An effective system of banking supervision needs to be able to effectively develop, implement, monitor and enforce supervisory policies under normal and stressed economic and financial conditions. Supervisors need to be able to respond to external conditions that can negatively affect banks or the banking system. There are a number of elements or preconditions that have a direct impact on the effectiveness of supervision in practice. These preconditions are mostly outside the direct or sole jurisdiction of banking supervisors. Where supervisors have concerns that the preconditions could impact the efficiency or effectiveness of regulation and supervision of banks, supervisors should make the government and relevant authorities aware of them and their actual or potential negative repercussions for supervisory objectives. Supervisors should work with the government and relevant authorities to address concerns that are outside the direct or sole jurisdiction of the supervisors. Supervisors should also, as part of their normal business, adopt measures to address the effects of such concerns on the efficiency or effectiveness of regulation and supervision of banks.

01.38

The preconditions include:

(1)

sound and sustainable macroeconomic policies;

(2)

a well established framework for financial stability policy formulation;

(3)

a well developed public infrastructure;

(4)

a clear framework for crisis management, recovery and resolution;

(5)

an appropriate level of systemic protection (or public safety net); and

(6)

effective market discipline.

01.39

Sound macroeconomic policies (mainly fiscal and monetary policies) are the foundation of a stable financial system. Without sound policies, imbalances such as high government borrowing and spending, and an excessive shortage or supply of liquidity, may arise and affect the stability of the financial system. Further, certain government policies37 may specifically use banks and other financial intermediaries as instruments, which may inhibit effective supervision.

1 Footnote
01.40

In view of the impact and interplay between the real economy and banks and the financial system, it is important that there exists a clear framework for macroprudential surveillance and financial stability policy formulation. Such a framework should set out the authorities or those responsible for identifying systemic and emerging risks in the financial system, monitoring and analysing market and other financial and economic factors that may lead to accumulation of systemic risks, formulating and implementing appropriate policies, and assessing how such policies may affect the banks and the financial system. It should also include mechanisms for effective cooperation and coordination among the relevant agencies.

01.41

A well developed public infrastructure needs to comprise the following elements, which, if not adequately provided, can contribute to the weakening of financial systems and markets, or frustrate their improvement:

(1)

a system of business laws, including corporate, bankruptcy, contract, consumer protection and private property laws, which is consistently enforced and provides a mechanism for the fair resolution of disputes;

(2)

an efficient and independent judiciary;

(3)

comprehensive and well defined accounting principles and rules that are widely accepted internationally;

(4)

a system of independent external audits, to ensure that users of financial statements, including banks, have independent assurance that the accounts provide a true and fair view of the financial position of the company and are prepared according to established accounting principles, with auditors held accountable for their work;

(5)

availability of competent, independent and experienced professionals (eg accountants, auditors and lawyers), whose work complies with transparent technical and ethical standards set and enforced by official or professional bodies consistent with international standards, and who are subject to appropriate oversight;

(6)

well defined rules governing, and adequate supervision of, other financial markets and, where appropriate, their participants;

(7)

secure, efficient and well regulated payment and clearing systems (including central counterparties) for the settlement of financial transactions where counterparty risks are effectively controlled and managed;

(8)

efficient and effective credit bureaus that make available credit information on borrowers and/or databases that assist in the assessment of risks; and

(9)

public availability of basic economic, financial and social statistics.

01.42

Effective crisis management frameworks and resolution regimes help to minimise potential disruptions to financial stability arising from banks and financial institutions that are in distress or failing. A sound institutional framework for crisis management and resolution requires a clear mandate and an effective legal underpinning for each relevant authority (such as banking supervisors, national resolution authorities, finance ministries and central banks). The relevant authorities should have a broad range of powers and appropriate tools provided in law to resolve a financial institution that is no longer viable and where there is no reasonable prospect of it becoming viable. There should also be agreement among the relevant authorities on their individual and joint responsibilities for crisis management and resolution, and how they will discharge these responsibilities in a coordinated manner. This should include the ability to share confidential information among one another to facilitate planning in advance to handle recovery and resolution situations and to manage such events when they occur.

01.43

Deciding on the appropriate level of systemic protection is a policy question to be addressed by the relevant authorities, including the government and central bank, particularly where it may result in a commitment of public funds. Supervisors will have an important role to play because of their in-depth knowledge of the financial institutions involved. In handling systemic issues, it is necessary to balance several factors: addressing the risks to confidence in the financial system and contagion to otherwise sound institutions and, minimising the distortion to market signals and discipline. A key element of the framework for systemic protection is a system of deposit insurance. Provided such a system is transparent and carefully designed, it can contribute to public confidence in the system and thus limit contagion from banks in distress.

01.44

Effective market discipline depends, in part, on adequate flows of information to market participants, appropriate financial incentives to reward well managed institutions, and arrangements that ensure that investors are not insulated from the consequences of their decisions. Among the issues to be addressed are corporate governance and ensuring that accurate, meaningful, transparent and timely information is provided by borrowers to investors and creditors. Market signals can be distorted and discipline undermined if governments seek to influence or override commercial decisions, particularly lending decisions, to achieve public policy objectives. In these circumstances, it is important that, if governments or their related entities provide or guarantee the lending, such arrangements are disclosed and there is a formal process for compensating financial institutions when such loans cease to perform.

Assessment methodology

01.45

The Core Principles are mainly intended to help countries assess the quality of their systems and to provide input into their reform agenda. An assessment of the current situation of a country’s compliance with the Core Principles can be considered a useful tool in a country’s implementation of an effective system of banking supervision. In order to achieve objectivity and comparability of compliance with the Core Principles in the different country assessments,38 supervisors and assessors should refer to this assessment methodology, which does not eliminate the need for both parties to use their judgment in assessing compliance. Such an assessment should identify weaknesses in the existing system of supervision and regulation, and form a basis for remedial measures by government authorities and banking supervisors.

1 Footnote
01.46

Although Committee members individually collaborate in assessment missions, these are conducted primarily by the IMF and the World Bank. The Committee has decided not to make assessments of its own to maintain the current division of labour between the Committee’s standard-setting and the international financial institutions’ assessment functions. However, the Committee, together with the Financial Stability Institute, is prepared to assist in other ways, for example by providing training.

Use of the methodology

01.47

The methodology can be used in multiple contexts:

(1)

self-assessments performed by banking supervisors themselves;39

(2)

IMF and World Bank assessments of the quality of supervisory systems, for example in the context of FSAP;40

(3)

reviews conducted by private third parties such as consulting firms; or

(4)

peer reviews conducted, for instance, within regional groupings of banking supervisors.

2 Footnotes
01.48

Whatever the context, the following factors are crucial:

(1)

In order to achieve full objectivity, compliance with the Core Principles is best assessed by suitably qualified external parties consisting of two individuals with strong supervisory backgrounds who bring varied perspectives so as to provide checks and balances; however, experience has shown that a recent self-assessment is a highly useful input to an outside party assessment.

(2)

A fair assessment of the banking supervisory process cannot be performed without the genuine cooperation of all relevant authorities.

(3)

The process of assessing each of the 29 Core Principles requires a judgmental weighing of numerous elements that only qualified assessors with practical, relevant experience can provide.

(4)

The assessment requires some legal and accounting expertise in the interpretation of compliance with the Core Principles; these legal and accounting interpretations must be in relation to the legislative and accounting structure of the relevant country. They may also require the advice of additional legal and accounting experts, which can be sought subsequent to the on-site assessment.

(5)

The assessment must be comprehensive and in sufficient depth to allow a judgment on whether criteria are fulfilled in practice, not just in theory. Laws and regulations need to be sufficient in scope and depth, and be effectively enforced and complied with. Their existence alone does not provide enough indication that the criteria are met.

Assessment of compliance

01.49

The primary objective of an assessment should be the identification of the nature and extent of any weaknesses in the banking supervisory system and compliance with individual Core Principles. While the process of implementing the Core Principles starts with the assessment of compliance, assessment is a means to an end, not an objective in itself. Instead, the assessment will allow the supervisory authority (and in some instances the government) to initiate a strategy to improve the banking supervisory system, as necessary.

01.50

To assess compliance with a Principle, this methodology proposes a set of essential and additional assessment criteria for each Principle. By default, for the purposes of grading, the essential criteria are the only elements on which to gauge full compliance with a Core Principle. The additional criteria are suggested best practices that countries having advanced banks should aim for. Countries have the following three assessment options:

(1)

Unless the country explicitly opts for any other option, compliance with the Core Principles will be assessed and graded only with reference to the essential criteria;

(2)

A country may voluntarily choose to be assessed against the additional criteria, in order to identify areas in which it could enhance its regulation and supervision further and benefit from assessors’ commentary on how it could be achieved. However, compliance with the Core Principles will still be graded only with reference to the essential criteria; or

(3)

To accommodate countries that further seek to attain best supervisory practices, a country may voluntarily choose to be assessed and graded against the additional criteria, in addition to the essential criteria.

01.51

For assessments of the Core Principles by external parties,41 the following four-grade scale will be used. A “not applicable” grading can be used under certain circumstances as described in BCP01.52.

(1)

Compliant – A country will be considered compliant with a Principle when all essential criteria42 applicable for this country are met without any significant deficiencies. There may be instances, of course, where a country can demonstrate that the Principle has been achieved by other means. Conversely, due to the specific conditions in individual countries, the essential criteria may not always be sufficient to achieve the objective of the Principle, and therefore other measures may also be needed in order for the aspect of banking supervision addressed by the Principle to be considered effective.

(2)

Largely compliant – A country will be considered largely compliant with a Principle whenever only minor shortcomings are observed that do not raise any concerns about the authority’s ability and clear intent to achieve full compliance with the Principle within a prescribed period of time. The assessment “largely compliant” can be used when the system does not meet all essential criteria, but the overall effectiveness is sufficiently good, and no material risks are left unaddressed.

(3)

Materially non-compliant – A country will be considered materially non-compliant with a Principle whenever there are severe shortcomings, despite the existence of formal rules, regulations and procedures, and there is evidence that supervision has clearly not been effective, that practical implementation is weak, or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. It is acknowledged that the “gap” between “largely compliant” and “materially non-compliant” is wide, and that the choice may be difficult. On the other hand, the intention has been to force the assessors to make a clear statement.

(4)

Non-compliant – A country will be considered non-compliant with a Principle whenever there has been no substantive implementation of the Principle, several essential criteria are not complied with or supervision is manifestly ineffective.

2 Footnotes
01.52

In addition, a Principle will be considered “not applicable” when, in the view of the assessor, the Principle does not apply given the structural, legal and institutional features of a country. In some instances countries have argued that in the case of certain embryonic or immaterial banking activities, which were not being supervised, an assessment of “not applicable” should have been given, rather than “non-compliant”. This is an issue for judgment by the assessor, although activities that are relatively insignificant at the time of assessment may later assume greater importance and authorities need to be aware of, and prepared for, such developments. The supervisory system should permit such activities to be monitored, even if no regulation or supervision is considered immediately necessary. “Not applicable” would be an appropriate assessment if the supervisors are aware of the phenomenon, and would be capable of taking action, but there is realistically no chance that the activities will grow sufficiently in volume to pose a risk.

01.53

Grading is not an exact science and the Core Principles can be met in different ways. The assessment criteria should not be seen as a checklist approach to compliance but as a qualitative exercise. Compliance with some criteria may be more critical for effectiveness of supervision, depending on the situation and circumstances in a given jurisdiction. Hence, the number of criteria complied with is not always an indication of the overall compliance rating for any given Principle. Emphasis should be placed on the commentary that should accompany each Principle grading, rather than on the grading itself. The primary goal of the exercise is not to apply a “grade” but rather to focus authorities on areas needing attention in order to set the stage for improvements and develop an action plan that prioritises the improvements needed to achieve full compliance with the Core Principles.

01.54

The assessment should also include the assessors’ opinion on how weaknesses in the preconditions for effective banking supervision, as discussed in BCP01.37 to BCP01.44, hinder effective supervision and how effectively supervisory measures mitigate these weaknesses. In particular, the assessment of compliance with individual Core Principles should mention clearly how it is likely to be primarily affected by preconditions that are considered to be weak. This opinion should be qualitative rather than providing any kind of graded assessment. To the extent shortcomings in preconditions are material to the effectiveness of supervision, they may affect the grading of the affected Core Principles.

01.55

The Core Principles are minimum standards to be applied by all banking supervisors. In implementing some of them, supervisors will need to take into account the risk profile and systemic importance of individual banks, particularly for those Core Principles where supervisors have to determine the adequacy of banks' risk management policies and processes.

Practical considerations in conducting an assessment

01.56

While the Committee does not have a specific role in setting out detailed guidelines on the preparation and presentation of assessment reports, it believes there are a few considerations that assessors should take into account when conducting an assessment and preparing the assessment report. By way of example, BCP01.135 to BCP01.155 includes the format developed by the IMF and the World Bank for conducting their own assessments of the state of implementation of the Core Principles in individual countries. This section also includes structured guidance to the assessors on how to form an opinion on the preconditions for effective banking supervision, how weaknesses in these external elements may hinder supervision, as mentioned in BCP01.54 and how effective supervisory measures can mitigate shortcomings in the preconditions for effective banking supervision.

01.57

First, when conducting an assessment, the assessor must have free access to a range of information and interested parties. The required information may include not only published information, such as the relevant laws, regulations and policies, but also more sensitive information, such as any self-assessments, operational guidelines for supervisors and, where possible, supervisory assessments of individual banks. This information should be provided as long as it does not violate legal requirements for supervisors to hold such information confidential. Experience from assessments has shown that secrecy issues can often be solved through ad hoc arrangements between the assessor and the assessed authority. The assessor will need to meet with a range of individuals and organisations, including the banking supervisory authority or authorities, other domestic supervisory authorities, any relevant government ministries, bankers and bankers’ associations, auditors and other financial sector participants. Special note should be made of instances when any required information is not provided, as well as of what impact this might have on the accuracy of the assessment.

01.58

Second, the assessment of compliance with each Core Principle requires the evaluation of a chain of related requirements which, depending on the Principle, may encompass law, prudential regulation, supervisory guidelines, on-site examinations and off-site analysis, supervisory reporting and public disclosures, and evidence of enforcement or non-enforcement. Further, the assessment must ensure that the requirements are put into practice. This also requires assessing whether the supervisory authority has the necessary operational autonomy, skills, resources and commitment to implement the Core Principles.

01.59

Third, assessments should not focus solely on deficiencies but should also highlight specific achievements. This approach will provide a better picture of the effectiveness of banking supervision.

01.60

Fourth, there are certain jurisdictions where non-bank financial institutions that are not part of a supervised banking group engage in some bank-like activities; these institutions may make up a significant portion of the total financial system and may be largely unsupervised. Since the Core Principles deal specifically with banking supervision, they cannot be used for formal assessments of these non-bank financial institutions. However, the assessment report should, at a minimum, mention those activities where non-banks have an impact on the supervised banks and the potential problems that may arise as a result of non-bank activities.

01.61

Fifth, the development of cross-border banking leads to increased complications when conducting Core Principles assessments. Improved cooperation and information sharing between home and host country supervisors is of central importance, both in normal times and in crisis situations. The assessor must therefore determine that such cooperation and information sharing actually takes place to the extent needed, bearing in mind the size and complexity of the banking links between the two countries.

Criteria for assessing compliance with the Core Principles

01.62

This section lists the assessment criteria for each of the 29 Core Principles under two separate headings: “essential criteria” and “additional criteria”. As mentioned in BCP01.50, essential criteria are those elements that should be present in order to demonstrate compliance with a Principle. Additional criteria may be particularly relevant to the supervision of more sophisticated banking organisations, and countries with such institutions should aim to achieve them. By and large, the compliance grading will be based on the essential criteria; the assessor will comment on, but not grade, compliance with the additional criteria unless the country undergoing the assessment has voluntarily chosen to be graded against the additional criteria too.

01.63

The individual assessment criteria are based on sound supervisory practices already established, even if they are not yet fully implemented. Where appropriate, the documents on which the criteria are founded have been cited.

Principle 1 – Responsibilities, objectives and powers

01.64

Principle 1: an effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.

01.65

Essential criteria:

(1)

The responsibilities and objectives of each of the authorities involved in banking supervision43 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.

(2)

The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.

(3)

Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile44 and systemic importance.45

(4)

Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.

(5)

The supervisor has the power to:

(a)

have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations;

(b)

review the overall activities of a banking group, both domestic and cross-border; and

(c)

supervise the foreign activities of banks incorporated in its jurisdiction.

(6)

When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardise the bank or the banking system, the supervisor has the power to:

(a)

take (and/or require a bank to take) timely corrective action;

(b)

impose a range of sanctions;

(c)

revoke the bank’s licence; and

(d)

cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate

(7)

The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.

3 Footnotes

Principle 2 – Independence, accountability, resourcing and legal protection for supervisors

01.66

Principle 2: the supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.

01.67

Essential criteria:

(1)

The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.

(2)

The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.

(3)

The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.46

(4)

The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.

(5)

The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.

(6)

The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes:

(a)

a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised;

(b)

salary scales that allow it to attract and retain qualified staff;

(c)

the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks;

(d)

a budget and programme for the regular training of staff;

(e)

a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and

(f)

a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (eg supervisory colleges).

(7)

As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.

(8)

In determining supervisory programmes and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.

(9)

Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.

1 Footnote

Principle 3 – Cooperation and collaboration

01.68

Principle 3: laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.

01.69

Essential criteria:

(1)

Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.

(2)

Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.

(3)

The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.

(4)

The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.

(5)

Processes are in place for the supervisor to support resolution authorities (eg central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.

Principle 4 – Permissible activities

01.70

Principle 4: the permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.

01.71

Essential criteria:

(1)

The term “bank” is clearly defined in laws or regulations.

(2)

The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.

(3)

The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.

(4)

The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.47

(5)

The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.

1 Footnote

Principle 5 – Licensing criteria

01.72

Principle 5: the licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisor is obtained.

01.73

Essential criteria:

(1)

The law identifies the authority responsible for granting and withdrawing a banking licence. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.

(2)

Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the licence was based on false information, the licence can be revoked.

(3)

The criteria for issuing licences are consistent with those applied in ongoing supervision.

(4)

The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.48 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.

(5)

The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.

(6)

A minimum initial capital amount is stipulated for all banks.

(7)

The licensing authority, at authorisation, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: skills and experience in relevant financial operations commensurate with the intended activities of the bank; and no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.49 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.

(8)

The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.50

(9)

The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.

(10)

In the case of foreign banks establishing a branch or subsidiary, before issuing a licence, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.

(11)

The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met.

3 Footnotes

Principle 6 – Transfer of significant ownership

01.74

Principle 6: the supervisor has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.

01.75

Essential criteria:

(1)

Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.

(2)

There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.

(3)

The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.

(4)

The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.

(5)

The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.

(6)

Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.

Principle 7 – Major acquisitions

01.76

Principle 7: the supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.

01.77

Essential criteria:

(1)

Laws or regulations clearly define:

(a)

what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and

(b)

cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.

(2)

Laws or regulations provide criteria by which to judge individual proposals.

(3)

Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.51 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.

(4)

The supervisor determines that the bank has, from the outset, adequate financial, managerial and organisational resources to handle the acquisition / investment.

(5)

The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.

1 Footnote
01.78

Additional criterion:

The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.52 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.

1 Footnote

Principle 8 – Supervisory approach

01.79

Principle 8: an effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.

01.80

Essential criteria:

(1)

The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks which banks or banking groups are exposed to, including risks posed by entities in the wider group; and which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.

(2)

The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.

(3)

The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.

(4)

The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.

(5)

The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.

(6)

Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.

(7)

The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.

(8)

Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.

Principle 9 – Supervisory techniques and tools

01.81

Principle 9: the supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.

01.82

Essential criteria:

(1)

The supervisor employs an appropriate mix of on-site53 and off-site54 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.

(2)

The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.

(3)

The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable55 and obtains, as necessary, additional information on the banks and their related entities.

(4)

The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any. The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as those listed below.

(a)

analysis of financial statements and accounts;

(b)

business model analysis;

(c)

horizontal peer reviews;

(d)

review of the outcome of stress tests undertaken by the bank; and

(e)

analysis of corporate governance, including risk management and internal control systems.

(5)

The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.

(6)

The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.

(7)

The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.

(8)

The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.

(9)

The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.

(10)

The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.

(11)

The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.

(12)

The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.

3 Footnotes
01.83

Additional criterion:

The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.

Principle 10 – Supervisory reporting

01.84

Principle 10: the supervisor collects, reviews and analyses prudential reports and statistical returns from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.

01.85

Essential criteria:

(1)

The supervisor has the power56 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.

(2)

The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.

(3)

The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximises the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.

(4)

The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.

(5)

In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).

(6)

The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.

(7)

The supervisor has the power to access57 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.

(8)

The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.

(9)

The supervisor utilises policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.58

(10)

The supervisor clearly defines and documents the roles and responsibilities of external experts,59 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilised for routine validation or to examine specific aspects of banks’ operations.

(11)

The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.

(12)

The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.

4 Footnotes

Principle 11 – Corrective and sanctioning powers of supervisors

01.86

Principle 11: the supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation.

01.87

Essential criteria:

(1)

The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.

(2)

The supervisor has available60 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.

(3)

The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.

(4)

The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in BCP01.87(2) above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking licence.

(5)

The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.

(6)

The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.

(7)

The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).

1 Footnote
01.88

Additional criteria:

(1)

Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.

(2)

When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.

Principle 12 – Consolidated supervision

01.89

Principle 12: an essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.

01.90

Essential criteria:

(1)

The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardise the safety and soundness of the bank and the banking system.

(2)

The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure.

(3)

The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.

(4)

The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.

(5)

The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.

(6)

The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:

(a)

the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed;

(b)

the supervision by other supervisors is not adequate relative to the risks the activities present; and/or

(c)

the exercise of effective supervision on a consolidated basis is hindered.

(7)

In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group.61

1 Footnote
01.91

Additional criterion:

For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.

01.92

Principle 13: home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.

01.93

Essential criteria:

(1)

The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.

(2)

Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group62 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.

(3)

Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.

(4)

The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.

(5)

Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.

(6)

Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.

(7)

The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.

(8)

The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.

(9)

The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.

(10)

A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.

1 Footnote

Principle 14 – Corporate governance

01.94

Principle 14: the supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organisational structure, control environment, responsibilities of the banks’ Boards and senior management, and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank.

01.95

Essential criteria:

(1)

Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance.

(2)

The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner.

(3)

The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members.

(4)

Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.63

(5)

The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite64 and strategy, and related policies, establishes and communicates corporate culture and values (eg through a code of conduct), and establishes conflicts of interest policies and a strong control environment.

(6)

The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them.

(7)

The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies.

(8)

The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (eg special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate.

(9)

The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria.

2 Footnotes
01.96

Additional criterion:

Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management.

Principle 15 – Risk management process

01.97

Principle 15: the supervisor determines that banks have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.

01.98

Essential criteria:

(1)

The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:

(a)

a sound risk management culture is established throughout the bank;

(b)

policies and processes are developed for risk-taking, that are consistent with the risk management strategy and the established risk appetite;

(c)

uncertainties attached to risk measurement are recognised;

(d)

appropriate limits are established that are consistent with the bank’s risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff; and

(e)

senior management take the steps necessary to monitor and control all material risks consistent with the approved strategies and risk appetite.

(2)

The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate:

(a)

to provide a comprehensive “bank-wide” view of risk across all material risk types;

(b)

for the risk profile and systemic importance of the bank; and

(c)

to assess risks arising from the macroeconomic environment affecting the markets in which the bank operates and to incorporate such assessments into the bank’s risk management process.

(3)

The supervisor determines that risk management strategies, policies, processes and limits are properly documented; regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk profiles and market and macroeconomic conditions; and communicated within the bank. The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorisation by, the appropriate level of management and the bank’s Board where necessary.

(4)

The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive.

(5)

The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies.

(6)

Where banks use models to measure components of risk, the supervisor determines that the following conditions are met. In addition, the supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed.

(a)

Banks comply with supervisory standards on the use of models;

(b)

the banks’ Boards and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and

(c)

banks perform regular and independent validation and testing of the models.

(7)

The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use.

(8)

The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,65 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board.

(9)

The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function.

(10)

The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor.

(11)

The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk.

(12)

The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialise and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified.

(13)

The supervisor requires banks to have forward-looking stress testing programmes, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing programme and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing programme or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing programme:

(a)

promotes risk identification and control, on a bank-wide basis;

(b)

adopts suitably severe assumptions and seeks to address feedback effects and system-wide interaction between risks;

(c)

benefits from the active involvement of the Board and senior management; and

(d)

is appropriately documented and regularly maintained and updated.

(14)

The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities.

1 Footnote
01.99

Additional criterion:

The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks.

Principle 16 – Capital adequacy

01.100

Principle 16: the supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards.

01.101

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis.

(2)

At least for internationally active banks,66 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards.

(3)

The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (eg securitisation transactions67) entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements.

(4)

The prescribed capital requirements reflect the risk profile and systemic importance of banks68 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements.

(5)

The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use:

(a)

such assessments adhere to rigorous qualifying standards;

(b)

any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor;

(c)

the supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken;

(d)

the supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and

(e)

if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval.

(6)

The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).69 The supervisor has the power to require banks:

(a)

to set capital levels and manage available capital in anticipation of possible events or changes in market conditions that could have an adverse effect; and

(b)

to have in place feasible contingency arrangements to maintain or strengthen capital positions in times of stress, as appropriate in the light of the risk profile and systemic importance of the bank.

4 Footnotes
01.102

Additional criteria:

(1)

For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks.

(2)

The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.70

1 Footnote

Principle 17 – Credit risk

01.103

Principle 17: the supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk (including counterparty credit risk) on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios.

01.104

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring.

(2)

The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,71 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes.

(3)

The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:

(a)

a well documented and effectively implemented strategy and sound policies and processes for assuming credit risk, without undue reliance on external credit assessments;

(b)

well defined criteria and policies and processes for approving new exposures (including prudent underwriting standards) as well as for renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures;

(c)

effective credit administration policies and processes, including continued analysis of a borrower’s ability and willingness to repay under the terms of the debt (including review of the performance of underlying assets in the case of securitisation exposures); monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system;

(d)

effective information systems for accurate and timely identification, aggregation and reporting of credit risk exposures to the bank’s Board and senior management on an ongoing basis;

(e)

prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff;

(f)

exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board where necessary; and

(g)

effective controls (including in respect of the quality, reliability and relevancy of data and in respect of validation procedures) around the use of models to identify and measure credit risk and set limits.

(4)

The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk.

(5)

The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis.

(6)

The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities.

(7)

The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk.

(8)

The supervisor requires banks to include their credit risk exposures into their stress testing programmes for risk management purposes.

1 Footnote

Principle 18 – Problem assets, provisions and reserves

01.105

Principle 18: the supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.

01.106

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs.

(2)

The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes.

(3)

The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.72

(4)

The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions.

(5)

The supervisor determines that banks have appropriate policies and processes, and organisational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (eg 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (eg rescheduling, refinancing or reclassification of loans).

(6)

The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels.

(7)

The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (eg if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures.

(8)

The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realisable value, taking into account prevailing market conditions.

(9)

Laws, regulations or the supervisor establish criteria for assets to be:

(a)

identified as a problem asset (eg a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and

(b)

reclassified as performing (eg a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected).

(10)

The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred.

(11)

The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold.

(12)

The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment.

1 Footnote

Principle 19 – Concentration risk and large exposure limits

01.107

Principle 19: the supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.

01.108

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.73 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured.

(2)

The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure74 to single counterparties or groups of connected counterparties.

(3)

The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board.

(4)

The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed.

(5)

In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis.

(6)

Laws, regulations or the supervisor set prudent and appropriate75 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis.

(7)

The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programmes for risk management purposes.

3 Footnotes
01.109

Additional criterion:

In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the limits below. Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialised banks.

(a)

ten per cent or more of a bank’s capital is defined as a large exposure; and

(b)

twenty-five per cent of a bank’s capital is the limit for an individual large exposure to a private sector non-bank counterparty or a group of connected counterparties.

Principle 20 – Transactions with related parties

01.110

Principle 20: in order to prevent abuses arising in transactions with related parties and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes.

01.111

Essential criteria:

(1)

Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis.

(2)

Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favourable terms (eg in credit assessment, tenor, interest rates, fees, amortisation schedules, requirement for collateral) than corresponding transactions with non-related counterparties.76

(3)

The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions.

(4)

The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction.

(5)

Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralisation of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties.

(6)

The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions.

(7)

The supervisor obtains and reviews information on aggregate exposures to related parties.

1 Footnote

Principle 21 – Country and transfer risks

01.112

Principle 21: the supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk and transfer risk in their international lending and investment activities on a timely basis.

01.113

Essential criteria:

(1)

The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures.

(2)

The supervisor determines that banks’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.

(3)

The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits.

(4)

There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:

(a)

The supervisor (or some other official authority) decides on appropriate minimum provisioning by regularly setting fixed percentages for exposures to each country taking into account prevailing conditions. The supervisor reviews minimum provisioning levels where appropriate.

(b)

The supervisor (or some other official authority) regularly sets percentage ranges for each country, taking into account prevailing conditions and the banks may decide, within these ranges, which provisioning to apply for the individual exposures. The supervisor reviews percentage ranges for provisioning purposes where appropriate.

(c)

The bank itself (or some other body such as the national bankers association) sets percentages or guidelines or even decides for each individual loan on the appropriate provisioning. The adequacy of the provisioning will then be judged by the external auditor and/or by the supervisor.

(5)

The supervisor requires banks to include appropriate scenarios into their stress testing programmes to reflect country and transfer risk analysis for risk management purposes.

(6)

The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (eg in crisis situations).

Principle 22 – Market risks

01.114

Principle 22: the supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis.

01.115

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk.

(2)

The supervisor determines that banks’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.

(3)

The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:

(a)

effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the bank’s Board and senior management;

(b)

appropriate market risk limits consistent with the bank’s risk appetite, risk profile and capital strength, and with the management’s ability to manage market risk and which are understood by, and regularly communicated to, relevant staff;

(c)

exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board, where necessary;

(d)

effective controls around the use of models to identify and measure market risk, and set limits; and

(e)

sound policies and processes for allocation of exposures to the trading book.

(4)

The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modelling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions.

(5)

The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities.

(6)

The supervisor requires banks to include market risk exposure into their stress testing programmes for risk management purposes.

Principle 23 – Interest rate risk in the banking book

01.116

Principle 23: the supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions.

01.117

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments.

(2)

The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively.

(3)

The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:

(a)

comprehensive and appropriate interest rate risk measurement systems;

(b)

regular review, and independent (internal or external) validation, of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions);

(c)

appropriate limits, approved by the banks’ Boards and senior management, that reflect the banks’ risk appetite, risk profile and capital strength, and are understood by, and regularly communicated to, relevant staff;

(d)

effective exception tracking and reporting processes which ensure prompt action at the appropriate level of the banks’ senior management or Boards where necessary; and

(e)

effective information systems for accurate and timely identification, aggregation, monitoring and reporting of interest rate risk exposure to the banks’ Boards and senior management.

(4)

The supervisor requires banks to include appropriate scenarios into their stress testing programmes to measure their vulnerability to loss under adverse interest rate movements.

01.118

Additional criteria:

(1)

The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardised interest rate shock on the banking book.

(2)

The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book.

Principle 24 – Liquidity risk

01.119

Principle 24: the supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards.

01.120

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards.

(2)

The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate.

(3)

The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance.

(4)

The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:

(a)

clear articulation of an overall liquidity risk appetite that is appropriate for the banks’ business and their role in the financial system and that is approved by the banks’ Boards;

(b)

sound day-to-day, and where appropriate intraday, liquidity risk management practices;

(c)

effective information systems to enable active identification, aggregation, monitoring and control of liquidity risk exposures and funding needs (including active management of collateral positions) bank-wide;

(d)

adequate oversight by the banks’ Boards in ensuring that management effectively implements policies and processes for the management of liquidity risk in a manner consistent with the banks’ liquidity risk appetite; and

(e)

regular review by the banks’ Boards (at least annually) and appropriate adjustment of the banks’ strategy, policies and processes for the management of liquidity risk in the light of the banks’ changing risk profile and external developments in the markets and macroeconomic conditions in which they operate.

(5)

The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (eg credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:

(a)

an analysis of funding requirements under alternative scenarios;

(b)

the maintenance of a cushion of high quality, unencumbered, liquid assets that can be used, without impediment, to obtain funding in times of stress;

(c)

diversification in the sources (including counterparties, instruments, currencies and markets) and tenor of funding, and regular review of concentration limits;

(d)

regular efforts to establish and maintain relationships with liability holders; and

(e)

regular assessment of the capacity to sell assets.

(6)

The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies.

(7)

The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programmes for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans.

(8)

The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities.

01.121

Additional criterion:

The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks.

Principle 25 – Operational risk

01.122

Principle 25: the supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk on a timely basis.

01.123

Essential criteria:

(1)

Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase).

(2)

The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively.

(3)

The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process.

(4)

The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimise losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption.

(5)

The supervisor determines that banks have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management.

(6)

The supervisor determines that banks have appropriate and effective information systems to:

(a)

monitor operational risk;

(b)

compile and analyse operational risk data; and

(c)

facilitate appropriate reporting mechanisms at the banks’ Boards, senior management and business line levels that support proactive management of operational risk.

(7)

The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions.

(8)

The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank. The outsourcing risk management programme covers:

(a)

conducting appropriate due diligence for selecting potential service providers;

(b)

structuring the outsourcing arrangement;

(c)

managing and monitoring the risks associated with the outsourcing arrangement;

(d)

ensuring an effective control environment; and

(e)

establishing viable contingency planning.

01.124

Additional criterion:

The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (eg outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities).

Principle 26 – Internal control and audit

01.125

Principle 26: the supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.

01.126

Essential criteria:

(1)

Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organisational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorised trading and computer intrusion). More specifically, these controls address:

(a)

organisational structure: definitions of duties and responsibilities, including clear delegation of authority (eg clear loan approval limits), decision-making policies and processes, separation of critical functions (eg business origination, payments, reconciliation, risk management, accounting, audit and compliance);

(b)

accounting policies and processes: reconciliation of accounts, control lists, information for management;

(c)

checks and balances (or “four eyes principle”): segregation of duties, cross-checking, dual control of assets, double signatures; and

(d)

safeguarding assets and investments: including physical control and computer access.

(2)

The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organisation (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units.

(3)

The supervisor determines that banks have an adequately staffed, permanent and independent compliance function77 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function are suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function.

(4)

The supervisor determines that banks have an independent, permanent and effective internal audit function78 charged with:

(a)

assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are effective, appropriate and remain sufficient for the bank’s business; and

(b)

ensuring that policies and processes are complied with.

(5)

The supervisor determines that the internal audit function:

(a)

has sufficient resources, and staff that are suitably trained and have relevant experience to understand and evaluate the business they are auditing;

(b)

has appropriate independence with reporting lines to the bank’s Board or to an audit committee of the Board, and has status within the bank to ensure that senior management reacts to and acts upon its recommendations;

(c)

is kept informed in a timely manner of any material changes made to the bank’s risk management strategy, policies or processes;

(d)

has full access to and communication with any member of staff as well as full access to records, files or data of the bank and its affiliates, whenever relevant to the performance of its duties;

(e)

employs a methodology that identifies the material risks run by the bank;

(f)

prepares an audit plan, which is reviewed regularly, based on its own risk assessment and allocates its resources accordingly; and

(g)

has the authority to assess any outsourced functions.

2 Footnotes

Principle 27: Financial reporting and external audit

01.127

Principle 27: the supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function.

01.128

Essential criteria:

(1)

The supervisor79 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data.

(2)

The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards.

(3)

The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes.

(4)

Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit.

(5)

Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitisations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting.

(6)

The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards.

(7)

The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time.

(8)

The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations.

(9)

The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality.

1 Footnote
01.129

Additional criterion:

The supervisor has the power to access external auditors’ working papers, where necessary.

Principle 28 – Disclosure and transparency

01.130

Principle 28: the supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes.

01.131

Essential criteria:

(1)

Laws, regulations or the supervisor require periodic public disclosures80 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed.

(2)

The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank.

(3)

Laws, regulations or the supervisor require banks to disclose all material entities in the group structure.

(4)

The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards.

(5)

The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles).

1 Footnote
01.132

Additional criterion:

The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period.

Principle 29 – Abuse of financial services

01.133

Principle 29: the supervisor determines that banks have adequate policies and processes, including strict customer due diligence rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.

01.134

Essential criteria:

(1)

Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities.

(2)

The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities.

(3)

In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank.81

(4)

If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities.

(5)

The supervisor determines that banks establish customer due diligence (CDD) policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management programme, on a group-wide basis, has as its essential elements:

(a)

a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks;

(b)

a customer identification, verification and due diligence programme on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant;

(c)

policies and processes to monitor and recognise unusual or potentially suspicious transactions;

(d)

enhanced due diligence on high-risk accounts (eg escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk);

(e)

enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and

(f)

clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period.

(6)

The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include:

(a)

gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and

(b)

not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks.

(7)

The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism.

(8)

The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities.

(9)

The supervisor determines that banks have:

(a)

requirements for internal audit and/or external experts82 to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports;

(b)

established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported;

(c)

adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and

(d)

ongoing training programmes for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities.

(10)

The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilise adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities.

(11)

Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable.

(12)

The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes.

(13)

Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks.

2 Footnotes

Structure and guidance for assessment reports prepared by the International Monetary Fund and the World Bank

01.135

This section presents guidance and a format, recommended by the IMF and the World Bank, for the presentation, and organisation of the Basel Core Principles (BCP) assessment reports by assessors in the context of the FSAP83 and stand-alone assessments. A self-assessment,84 conducted by the country’s authorities prior to IMF-World Bank assessments, is an essential element in the process, and should also follow this guidance and format.

2 Footnotes
01.136

The BCP assessment report should be divided into seven parts, as listed below. The following paragraphs provide a brief description of each of the seven parts.

(1)

A general section providing background information and information on the methodology used

(2)

An overview of institutional setting and market infrastructure

(3)

A review of preconditions for effective banking supervision

(4)

Detailed Principle-by-Principle assessments

(5)

A compliance table summarising the results of the assessment

(6)

A recommended action plan

(7)

Authority’s response

01.137

A general section provides background information on the assessment conducted, ie, the context in which the assessment is being conducted and the methodology used. This section should:

(1)

Indicate that the scope of the assessment has been selected with the authorities’ agreement, mentioning in particular whether the authorities agreed to be assessed and graded on the basis of only the essential criteria or agreed to be assessed and graded using additional criteria too. In the case of risk-based/targeted assessments, this section must also indicate the principles that are reassessed and the reasons for the reassessment. The names and affiliations of the assessors should be mentioned in this section.

(2)

Mention the sources used for the assessment such as any self-assessments, questionnaires filled out by the authorities, relevant laws, regulations and instructions, other documentation such as reports, studies, public statements, websites, unpublished guidelines, directives, supervisory reports and assessments.

(3)

Identify counterparty authorities and mention, in a generic way, senior officials85 with whom interviews were held; meetings with other domestic supervisory authorities, private sector participants, other relevant government authorities or industry associations (such as bankers’ associations, auditors and accountants).

(4)

Mention factors that impeded or facilitated the assessment. In particular, information gaps (such as lack of access to supervisory materials, or translated documents) should be mentioned, and an indication given of the extent to which these gaps may have affected the assessment.86

2 Footnotes
01.138

The second section should provide an overview of the supervisory environment for the financial sector, with a brief description of the institutional and legal setting, in particular the mandate and oversight roles of different supervisory authorities, existence of unregulated financial intermediaries, and the role of self-regulatory organisations. Furthermore, it should provide a general description of the structure of the financial markets and, in particular, the banking sector, mentioning the number of banks, total assets to gross domestic product, basic review of banking stability, capital adequacy, leverage, asset quality, liquidity, profitability and risk profile of the sector, and information on ownership, ie, foreign versus domestic, state-owned versus privately-owned, existence of conglomerates or unregulated affiliates, and similar information.

01.139

The third section should provide an overview of the preconditions for effective banking supervision, as described in this BCP standard. Experience has shown that insufficient implementation of the preconditions can seriously undermine the quality and effectiveness of banking supervision. Assessors should aim to give a factual review of preconditions so that the reader of the report is able to clearly understand the environment in which the banking system and the supervisory framework are operating. This will provide the perspective for a better appreciation of the assessment and grading of individual Principles. The review normally should take up no more than one or two paragraphs for each type of precondition, and should follow the headings indicated below.

(1)

Sound and sustainable macroeconomic policies: the review should describe those aspects that could affect the structure and performance of the banking system, and should not express an opinion on the adequacy of policies in these areas. It may make reference to analyses and recommendations in existing IMF and World Bank documents, such as Article IV and other Bank and Fund program-related reports.

(2)

A well established framework for financial stability policy formulation: the review should indicate the existence or otherwise of a clear framework for macroprudential surveillance and policy stability formulation. It should cover the elements of clarity of roles and mandates of the relevant agencies, the mechanisms for effective inter-agency cooperation and coordination, communication of the macroprudential analyses, risks, and policies, and their outcomes. Assessors may rely on independent assessments of the adequacy and effectiveness of the framework, where available.

(3)

A well developed public infrastructure: a factual review of the public infrastructure should focus on elements relevant to the banking system and, where appropriate, be prepared in coordination with other specialists on the mission and the IMF-World Bank country teams. This part of the review of the preconditions could cover issues such as the presence of a good credit culture, a system of business laws including corporate, bankruptcy, contract, consumer protection and private property laws that is consistently enforced and provides a mechanism for the fair resolution of disputes; the presence of well trained and reliable accounting, auditing and legal professions; an effective and reliable judiciary; an adequate financial sector regulation; and efficient payment, clearing and settlement systems.

(4)

A clear framework for crisis management, recovery and resolution: the review should cover the availability of a sound institutional framework for crisis management and resolution of banks, and the clarity of the roles and mandates of the relevant agencies. While evidence of the effectiveness may be observed in the actual management and resolution of past crisis, it may be also available from documentation of the outcomes of crisis simulation exercises conducted in the jurisdiction. Assessors may rely on independent assessments of the adequacy and effectiveness of the framework, where available.

(5)

An appropriate level of systemic protection (or public safety net): an overview of the safety nets or systemic protection could, for instance, include the following elements: an analysis of the functions of the various entities involved such as supervisory authorities, deposit insurer and central bank. This would be followed by a review of the existence of a well defined process for dealing with crisis situations such as the resolution of a failed financial institution. This would be combined with a description of the coordination of the roles of the various involved entities within this process. Additionally, in connection with the use of public funds (including central bank funds) a review of whether sufficient measures are in place to minimise moral hazard would be conducted. Also, the mechanisms to meet banks' temporary short-term liquidity needs, primarily through the interbank market, but also from other sources, would need to be described.

(6)

Effective market discipline: a review of market discipline could, for instance, cover issues such as the presence of rules on corporate governance, transparency and audited financial disclosure, appropriate incentive structures for the hiring and removal of managers and Board members, protection of shareholders’ rights, adequate availability of market and consumer information, disclosure of government influence in banks, tools for the exercise of market discipline such as mobility of deposits and other assets held in banks, adequate periodicity of interest rate and other price quotes, an effective framework for mergers, takeovers, and acquisitions of equity interests, possibility of foreign entry into the markets and foreign-financed takeovers.

01.140

BCP Assessors should not undertake to assess preconditions themselves, as this is beyond the scope of the individual standard assessments. Assessors should rely to the greatest extent possible on official IMF and World Bank documents and seek to ensure that the brief description and comments are consistent. When relevant, the assessors should attempt to include in their analysis the linkages between these factors and the effectiveness of supervision. As described in the next section, the assessment of compliance with individual Core Principles should mention clearly how it is likely to be primarily affected by preconditions that are considered to be weak. To the extent shortcomings in preconditions are material to the effectiveness of supervision, they may affect the grading of the affected Core Principles. Any suggestions aimed at addressing deficiencies in preconditions are not part of the recommendations of the assessment but can be made into general FSAP recommendations within the scope of the FSAP exercise.

01.141

The fourth section contains a detailed principle-by-principle assessment, providing a “description” of the system with regard to each criterion within a principle, a grading or “assessment”, and “comments”. The template for the detailed assessment is structured as follows.

Principle (x) (repeating verbatim the text of the Principle)

Essential criteria

Description and findings regarding EC1

Description and findings regarding EC2

Description and findings regarding ECn

Additional criteria (only if the authorities choose to be assessed and graded against these too)

Description and findings regarding AC1

Description and findings regarding ACn

Assessment of Principle (x)

Compliant / Largely compliant / Materially non-compliant / Non-compliant / Not applicable

Comments

01.142

The “description and findings” section of the template should provide information on the practice as observed in the country being assessed. It should cite and summarise the main elements of the relevant laws and regulations. This should be done in such a way that the relevant law or regulation can be easily located, for instance by reference to URLs, official gazettes, and similar sources. Insofar as possible and relevant, the description should be structured as follows:

(1)

banking laws and supporting regulations;

(2)

prudential regulations, including prudential reports and public disclosure;

(3)

supervisory tools and instruments;

(4)

institutional capacity of the supervisory authority; and

(5)

evidence of implementation and/or enforcement or the lack of it.

01.143

Evidence of implementation and/or enforcement is essential - without effective use of powers vested in the supervisor and implementation of rules and regulations, even a well designed supervisory system will not be effective. Examples of practical implementation should be provided by the authorities, reviewed by the assessors, and mentioned in the report.87

1 Footnote
01.144

The “assessment” section of the template should contain only one line, stating whether the system is “compliant”, “largely compliant”, “materially non-compliant”, “non-compliant” or “not applicable” as described in BCP01.51 and BCP01.52.

01.145

The essential criteria set out minimum baseline requirements for sound supervisory practices and are of universal applicability to all countries. An assessment of a jurisdiction against the essential criteria must, however, recognise that its supervisory practices should be commensurate with the risk profile and systemic importance of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. As with the essential criteria, any assessment against additional criteria should also adopt the principle of proportionality. This principle should underpin assessment of all criteria even if it is not always explicitly referred to in the criteria. For example, a jurisdiction with many systemically important banks or banks that are part of complex mixed conglomerates will naturally have a higher hurdle to obtain a “Compliant” grading as compared to a jurisdiction which only has small and non-complex banks that are primarily engaged in deposit taking and extending loans.

01.146

The “comments” section of the template should be used to explain why a particular grading was given. In case of a less than “compliant” grading, this section should be used to highlight the materiality of the observed shortcomings and indicate which measures would be needed to achieve full compliance or a higher level of compliance. This should also be included in the table on “recommended actions” (see below). This reasoning could be structured as follows:

(1)

the state of the laws and regulations and their implementation;

(2)

the state of the supervisory tools and instruments, for instance reporting formats, early warning systems and inspection manuals;

(3)

the quality of practical implementation;

(4)

the state of the institutional capacity of the supervisory authority; and

(5)

enforcement practices.

01.147

The “comments” should explain the cases where, despite the existence of laws, regulations and policies, weaknesses in implementation contributed to the Principle being graded less than “compliant”. Conversely, when a “compliant” grading was given, but observance was demonstrated through different mechanisms by the country, this should be explained. The “comments” section should also highlight when and why compliance of a particular criterion could not be adequately reviewed, such as when certain information was not provided, or when key individuals were unavailable to discuss important issues. Requests for information or meetings should be documented in the “comments” section, to clearly demonstrate the assessor’s attempts to adequately assess a principle.

01.148

Assessors may also include “comments” where they find particularly good practices or rules in some field, which may serve as examples and best practice to other countries. Planned initiatives aimed at amending existing or adopting new regulations and practices, but which are not yet in effect, can receive favourable mention in this section. Recent legislative, regulatory or supervisory initiatives for which implementation could not be verified should be mentioned in this section as well.

01.149

The assessment and accompanying grades should solely be based on the regulatory framework and supervisory practices in place at the time of the assessment, and should not reflect planned initiatives aimed at amending existing or adopting new regulations and practices. This would be applicable in the case where actions are in process that would result in a higher compliance rating, but have not yet been effected or implemented.

01.150

When linkages between particular principles are evident, or between preconditions and principles, this section should be used to caution the reader that, although the regulation and practices in principle (x) seem compliant, a “compliant” grading cannot be given because of material deficiencies in the implementation of principle (y) or precondition (z).88 While recognising that there could be common deficiencies which are both relevant and material enough to affect the rating of more than one principle, assessors should avoid double-counting as far as possible. If the deficiencies found in linked Principles or preconditions are not material enough to warrant a downgrade, this should still be brought out in this section of the template.

1 Footnote
01.151

Grading to a Principle should be given regardless of the level of development of a country. If certain criteria are not applicable given the size, nature of operations and complexity of a country’s banking system, grading for the Principle should be based on level of compliance with the applicable criteria only. This must be clearly explained in the relevant section of the report so that a future review can reconsider the grading if the situation changes. The same applies to a ‘not-applicable’ grading to a Principle.

01.152

The fifth section of the report comprises a compliance table, summarising the assessments, principle-by-principle. This table has two versions: the one that does not include explicit grading (Table 3) is to be used in Reports on the Observance of Standards and Codes (or ROSCs; see BCP01.155),89 the version with grading (Table 2) in the detailed assessment only. This table should convey a clear sense of the degree of compliance, providing a brief description of the main strengths and, especially, weaknesses with respect to each principle. The template is as follows:

Summary compliance with the Basel Core Principles – Detailed Assessment Report

Table 2

Core principle

Grade (column not used in ROSCs)

Comments

  1. Responsibilities, objectives and powers

  1. Independence, accountability, resourcing and legal protection for supervisors

  1. Cooperation and collaboration

  1. Permissible activities

  1. Licensing criteria

  1. Transfer of significant ownership

  1. Major acquisitions

  1. Supervisory approach

  1. Supervisory techniques and tools

  1. Supervisory reporting

  1. Corrective and sanctioning powers of supervisors

  1. Consolidated supervision

  1. Home-host relationships

  1. Corporate governance

  1. Risk management process

  1. Capital adequacy

  1. Credit risk

  1. Problem assets, provisions and reserves

  1. Concentration risk and large exposure limits

  1. Transactions with related parties

  1. Country and transfer risks

  1. Market risk

  1. Interest rate risk in the banking book

  1. Liquidity risk

  1. Operational risk

  1. Internal control and audit

  1. Financial reporting and external audit

  1. Disclosure and transparency

  1. Abuse of financial services

Summary compliance with the Basel Core Principles – ROSC

Table 3

Core principle

Comments

  1. Responsibilities, objectives and powers

  1. Independence, accountability, resourcing and legal protection for supervisors

  1. Cooperation and collaboration

  1. Permissible activities

  1. Licensing criteria

  1. Transfer of significant ownership

  1. Major acquisitions

  1. Supervisory approach

  1. Supervisory techniques and tools

  1. Supervisory reporting

  1. Corrective and sanctioning powers of supervisors

  1. Consolidated supervision

  1. Home-host relationships

  1. Corporate governance

  1. Risk management process

  1. Capital adequacy

  1. Credit risk

  1. Problem assets, provisions and reserves

  1. Concentration risk and large exposure limits

  1. Transactions with related parties

  1. Country and transfer risks

  1. Market risk

  1. Interest rate risk in the banking book

  1. Liquidity risk

  1. Operational risk

  1. Internal control and audit

  1. Financial reporting and external audit

  1. Disclosure and transparency

  1. Abuse of financial services

1 Footnote
01.153

The sixth section comprises a “Recommended Actions” table providing Principle-by-Principle recommendations for actions and measures to improve the regulatory and supervisory framework and practices. This section should list the suggested steps for improving compliance and overall effectiveness of the supervisory framework. Recommendations should be proposed on a prioritised basis in each case where deficiencies are identified. The recommended actions should be specific in nature. An explanation could also be provided as to how the recommended action would lead to improving the level of compliance and strengthening of the supervisory framework. The institutional responsibility for each suggested action should also be clearly indicated in order to prevent overlap or confusion. Recommendations can also be made with regard to deficiencies in compliance with the additional criteria and to principles which are fully compliant but where supervisory practice can still be improved. The table should indicate only those Principles for which specific recommendations are being made. The template for the recommended actions is as follows.

Recommended actions to improve compliance with the Basel Core Principles and the effectiveness of regulatory and supervisory frameworks

Reference principle

Recommended action

Principle (x)

Example: suggested introduction of regulation (a), supervisory practice (b)

Principle (y)

Example: suggested introduction of regulation (c), supervisory practice (d)

01.154

The seventh section describes the authorities’ response to the assessment.90 The assessor should provide the supervisory authority or authorities being assessed with an opportunity to respond to the assessment findings, which would include providing the authorities with a full written draft of the assessment. Any differences of opinion on the assessment results should be clearly identified and included in the report. The assessment should allow for greater dialogue, and therefore the assessment team should have had a number of discussions with the supervisors during the assessment process so that the assessment should also reflect the comments, concerns and factual corrections of the supervisors. The authority or authorities should also be requested to prepare a concise written response to the findings (“right of reply”). The assessment should not, however, become the object of negotiations, and assessors and authorities should be willing “to agree to disagree”, provided the authorities’ views are represented fairly and accurately.

1 Footnote
01.155

The presentation of assessment results in ROSCs is different from the presentation of the outcome of the "Detailed Assessment" described above. Section 4 of the detailed assessment is to be replaced with a section entitled “main findings”. This section should summarise the key findings of the detailed assessment, and the following main groupings may be useful as a guide: responsibilities, objectives, powers, independence, accountability, and cooperation (Principles 1-3); ownership, licensing and structure (Principles 4–7); methods of ongoing banking supervision (Principles 8–10); corrective and sanctioning powers of supervisors (Principle 11); and consolidated and cross-border banking supervision (Principles 12–13); corporate governance (Principles 14); prudential requirements, regulatory framework, accounting and disclosure (Principles 15–29).