ahmad el radi metac banking supervision advisor risk-based supervision risk-based supervision...
TRANSCRIPT
Risk-Based Supervision
Ahmad El RadiMETAC Banking Supervision AdvisorRisk-Based Supervision
Regional workshop on Risk-Based Supervision in Institutions Offering Islamic Financial ServicesKuwait, February 02-05, 2015
Risk-Based SupervisionAn effective system of banking supervision requires to develop and maintain:A forward looking assessment of an individual bank; ,A framework for early intervention
The supervisor has processes to understand the risk profile of an individual bank and employs a well defined methodology to establish a forward looking view of banksprofiles2Risk-Based SupervisionRisk-based supervision is a structured, forward -looking process to identify risk factors to which a bank and the entire banking sector are exposed.
It is structured because it systemically considers all key functional activities of business lines of a bank, within each key functional area, evaluates the quality of risk management and the level and direction of risk.3Risk-Based SupervisionRisk-based supervision entails moving away from a rigid rules-based style of regulation to focus on areas exhibiting material current and potential risks.
Activities posing the highest risk receive most scrutiny, and supervisory attention is focused on banks exhibiting serious weaknesses or adverse trends.4Risk-Based SupervisionA risk-based supervision system depends largely on sound risk management practices and internal controls.
One of the primary objectives of risk-based supervision is identification of weaknesses in risk management before the deficiencies adversely affect a banks earnings and capital.
Risk-based supervision highlights how risks are managed and how capital is allocated.5Risk-Based SupervisionA risk-based Supervision is a forward-thinking approach that allocates resources to the areas exhibiting weaknesses or adverse trends.
Examiners allocate time to reviewing areas containing the most risk for an individual bank.
Activities posing the highest risk receive the most inspection6Examination and Supervision In the risk-based approach, distinctions between examination and supervision is important.Examination involves on-site inspection at a specific time of a risk or operation.
Supervision is the ongoing monitoring of a banks financial and operational conditions.
During supervision in the risk-based approach, the examiner looks forward at the direction a bank takes and the decisions it makes.7Risk-Based SupervisionRisk-based supervision places strong emphasis on understanding and assessing the adequacy of each banks risk management systems which are in place to identify, measure, control and monitor risk in an appropriate and timely manner.
It is an ongoing process whereby the risks of a bank are assessed and an appropriate supervisory plan is designed and executed in an efficient manner. 8Risk-Based SupervisionUnder Risk-based supervision, the supervisors role is to ensure that banks go beyond compliance by establishing comprehensive risk management programs which insure inter alia compliance with applicable laws and regulations.
9Risk-Based Supervision vs. Traditional Approach Traditional ApproachRisk-Based ApproachTransactions-based testingProcess-orientedPoint-in-time assessmentContinuous assessmentsStandard proceduresRisk-profile driven procedures Historical performance Forward-looking indicatorsFocuses on risk avoidanceFocuses on risk mitigation10Risk-Based SupervisionCore Principles For Islamic Finance Regulation (CPIFR) 8 of IFSB indicates:
An effective system of banking supervision requires the supervisory authority to develop and maintain a forward-looking assessment of the risk profile of individual IIFS and banking groups, proportionate to their systemic importance;
Identify, assess and address risks emanating from IIFS and the banking system as a whole;
Have a framework in place for early intervention; and
Have plans in place, in partnership with other relevant authorities, to take action to resolve IIFS in an orderly manner if they become non-viable. 11Risk-Based SupervisionCore Principles For Islamic Finance Regulation (CPIFR) 8 of IFSB indicates:
Have a methodology that addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of IIFS.
The supervisory authority has processes to understand the risk profile of IIFS and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile.
12Risk-Based SupervisionThe supervisory authority identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole.
This includes, among other things, IIFS problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs.
13Risk-Based SupervisionThe examined bank should have in place a risk management program that includes a strategic plan with implementing policies, procedures, and internal controls necessary to manage the risks inherent in its operations.
Successful risk management programs rely on the bank management to employ sufficient staff and have available necessary resources to identify, measure, monitor, and control existing and potential banks risks14Risk-Based SupervisionRisk, by definition, implies uncertainty. While performing risk-based supervision, examiners should look for sources of uncertainty within the operation of the bank.
Based on their findings and using their professional judgment, examiners will prioritize these risks by the magnitude of the potentially adverse effect on the earnings and capital of the examined bank15Risk-Based SupervisionExaminers, should not insist that the bank eliminate risk, but, instead, should ensure that the bank clearly identifies and manages its risks.
The desired reward for taking risk is stable profitability and increased net worth.
The bank must balance risk and reward responsibly. The examiner's job requires assessing that the appropriate balance exists.
16Risk-Based SupervisionRisk-based supervision system largely depends upon sound controls. These controls include the following:Informed officials;Well-trained management and staff; Sound policies and procedures; Adequate due diligence by management prior to engaging in an activity, and ongoing for existing products and services; Implementing Sound system of internal controls; Setting Prudent risk limits; and Identifying, measuring, controlling, monitoring and reporting of risk exposures.
17Risk-Based SupervisionThe examiner has discretion in determining areas requiring the most attention and allocating the time and resources accordingly.
Examiners' emphasis focuses on managing future risks successfully and not expending valuable resources on minor items posing little risk to the safety and soundness of the bank.18Risk-Based SupervisionThe risk-based program provides examiners the flexibility to focus on areas exhibiting material current or potential risk.
There are minimum requirements of each risk-based examination:Make sure that Call Reports data are correct;Review decisions taken by Board committees (audit committee, risk management committee, corporate governance committee, Shariaa supervisory Committee, etc.. ); by reviewing minutes of meeting.
19Risk-Based SupervisionAlthough the actual evaluation of the minimum review areas may take place during supervision contacts, the examiner should document the review of these areas and any material concerns in the examination report.
Examiners must also assign the CAMEL rating during the examination.
2020Risk-Based SupervisionIn carrying out the risk-based examination program, examiners should allocate examination time based on areas that manifest material risk characteristics. This ensures supervisory attention remains properly focused on banks exhibiting existing or potential weaknesses or adverse trends.21Risk CategoriesMajor risks include:
Credit, Market (equity position in the trading book; benchmark risk in trading positions in Sukuk; foreign exchange; commodities and inventory risks), operational, Liquidity, Rate of return in the banking book , equity investment, Compliance, Strategic, and Reputational risks.22Managing RiskEffective risk management requires an informed board of directors, which guides the banks strategic direction including its risk tolerance;
Board approved written policies that define the board's strategic direction;
Procedures intended to carry out the board's policies; and
Well designed monitoring systems enable the board to hold management accountable for operating within established tolerance levels.23Managing RiskEffective risk management requires capable management and staff.
Management must maintain the integrity of the risk management program, including evaluation of the banks operational and financial condition, and keeping the board informed of material existing and potential risks.24Managing RiskManagement's responsibilities include the following:Implementing the board's strategic direction;
Developing formal and informal policies compatible with the strategic goals defining the banks risk tolerance;
Overseeing development and maintenance of timely, accurate, and informative management information systems; and
Ensuring effective communication of, and adherence to, strategic direction and risk tolerances throughout the bank.25Sound Risk Management1. Risk identification. Proper risk identification focuses on recognizing and understanding existing risks or risks that may arise from new business initiatives. Risk identification should be a continuous process, and should occur at both the micro (transaction) and macro (overall portfolio) levels.
2. Risk measurement. Accurate and timely measurement of risks is a critical component of effective risk management. A bank with no risk measurement capabilities has limited ability to monitor or control risk levels.
The sophistication of the risk measurement tools should reflect the complexity of the operation and levels of risk assumed. The bank should periodically verify the integrity of the measurement tools it uses. Good risk measurement systems assess both individual transactions and overall portfolios.
26Sound Risk Management3. Risk control. The bank should establish and communicate control limits through policies, standards, and procedures that define responsibility and authority. The bank should adjust these management tools if conditions or risk tolerances change.
4. Risk monitoring. The bank should monitor risk levels regularly to ensure well-timed reviews of risk positions and exceptions. Prompt distribution of frequent, accurate, and informative monitoring reports to appropriate management and staff enables them to take needed actions.
27
When examiners assess risk management programs, they should consider the banks policies, processes, personnel, and control systems.
A significant deficiency in one or more of these components constitutes a deficiency in risk management.
28Policies, Processes, Personnel, and Control Systems
The scope of supervisory effort under the risk-based approach is dependent on the degree to which supervisors understand the institutions they supervise. If there are weaknesses in the risk assessment process, supervisory resources may not be focused on the institutions where they are most needed. Thus, supervisors should ensure that their understanding of risk profiles of institutions is as accurate as practically possible. This will minimize the risk of applying ineffective supervisory plans
The sophistication of each system will vary depending upon the complexity of the banks operation. A bank with simple structures may require and often have less formalized policies, processes, and control systems in place than do banks with more sophisticated structures.
29Policies, Processes, Personnel, and Control SystemsPolicies, Processes, Personnel, and Control SystemsControl systems are tools and information systems that managers use to measure performance, assist in decision-making, and assess the effectiveness of existing processes.
Sound control systems require timely, accurate, and informative feedback devices.
Management must implement reporting systems by which they communicate necessary and sufficient information to the board of directors.30Risks AssessmentAssessment of risk must reflect both a current and prospective view of the banks risk profile.
Examiners should use this assessment to drive supervisory strategies and activities, facilitate discussions with management and directors, and conduct more efficient examinations.
31Risks AssessmentExaminers should discuss conclusions from the risk assessment with the appropriate bank officials and management, as management's input may help clarify or modify conclusions
32Risks AssessmentThese discussions should help management understand the level of each risk category (very low, low, medium, high, or very high), determine the direction of each risk category (decreasing, unchanged, or increasing), focus on the strengths and weaknesses of risk management, and implement corrective actions necessary to achieve future supervisory plans.33Risks AssessmentExaminers should assess the amount and direction of risk exposure using a supervisory process that assesses the following:Level of risk - the level or volume of risk (very low, low, medium, high, or very high);
34Risks AssessmentQuality of risk management -how well management identifies, measures, controls, and monitors risk;Aggregate risk - a summary of the level of supervisory concern considering both the quantity of risk and the quality of risk management.
35Risks AssessmentDirection of risk - assessed as decreasing, unchanged, or increasing, indicates the likely changes to the risk profile over the next examination cycle:
Decreasing direction indicates the examiner anticipates, based on current information, the aggregate risk will decline over the next examination cycle.36Risks AssessmentUnchanged direction indicates the examiner anticipates aggregate risk will neither increase nor decrease.
Increasing direction indicates the examiner anticipates higher risk during the next examination cycle. For example, when the bank has moderate but decreasing, credit risk, examiners can anticipate low or lower credit risk in the next examination cycle. The direction of risk often influences both the examiners examination and supervision strategy37Rating Specific RiskRisk assessment of a specific risk involves measuring the threat of this risk on the bank.The measurement will be on a scale of 1 to 5, whereby 5 is the highest.Risk bands will be as follows:1 Very Low2Low3Medium4 High5 Very High38Impact AssessmentOccurrence of Risk
Critical: If the risk event occurs, the bank will most likely will fail. Minimum acceptable requirements will not be met.
Serious: If the risk event occurs, the bank will encounter major losses that will threaten its viability. Minimum acceptable requirements will be met. However, most secondary requirements may not be met.
Moderate: If the risk event occurs, the bank will encounter moderatelosses . Minimum acceptable requirements will be met. However, some secondary requirements may not be met.
Minor: If the risk event occurs, the bank will encounter small losses. Minimum acceptable requirements will be met. Most secondary requirements will be met.
Negligible: If the risk event occurs, it will have no effect on particular aspects of operation. All requirements will be met.39Probability of OccurrenceProbability of occurrence is the examiners assessment of the likelihood that a risk may happen. Estimating the probability of occurrence may be difficult in practice.
40Probability %Likelihood0-10%very unlikely the risk will occur11-40%unlikely the risk will occur41-60%even likelihood the risk will occur61-90%likely the risk will occur91-100%very likely the risk will occurRisk Rating ScaleProbabilityImpact CategoryCriticalSeriousModerateMinorNegligible91%-100%Very HighHigh
Medium61%-90%High
High
Medium41%-60%Medium11%-40%Very High0-10%Very LowVery Low41
Benefits of Risk-Based SupervisionRisk-based supervision enables examiners to do the following:
Focus on areas of major risk; Focus on how well risk is managed over time, rather than at a single point in time; Identify risks more accurately; Identify risks proactively; Express risks in CAMEL ratings more meaningfully;
42Benefits of Risk-Based SupervisionStreamline work paper documentation to support areas of risk; Improve the quality of work paper documentation and support for conclusions;cost-effective use of supervisory resources through a greater focus on risk, which in turn results in better use of bank resources; early identification of emerging risks at individual banks and on a sectoral basis; helps instil into banks management the culture of risk management and oversight.43Benefits of Risk-Based SupervisionSome additional benefits of the risk-based supervision system to banks include the following:
Enables banks to focus on their major areas of risk;Encourages banks to identify the risks inherent in their current products and services and to seek ways to mitigate or manage those risks;Encourages banks to identify risks inherent in new or proposed products and services and to address management of those risks in the planning stage;Encourages examiners to perform preliminary analyses offsite, reducing disruption in the banks operations;
44Benefits of Risk-Based SupervisionEncourages frequent, open communication between the bank and the examiner;Encourages the bank to review its processes and internal controls and to correct deficiencies in those systems;Encourages management to proactively identify risks through a system of well-planned and carefully implemented due diligence; and Enables examiners to provide the officials with customized examination reports that provide only work papers and narrative necessary to support the examiner's analysis and conclusions.
45
Risk-Based Supervision ProceduresRisk-focused supervision procedures often include both offsite and onsite work, including the following:Examination planning; Evaluating risk indicators; Reviewing offsite monitoring tools and risk evaluation reports;Developing the scope of examination; Conducting a risk assessment; Developing and documenting conclusions and recommendations; and Communicating with the bank management.
46Risk-Based Supervision ProceduresExamination planning, evaluating risk indicators, and scope development begin with offsite work. Offsite monitoring procedures shape the examiner's focus. The examiner should involve bank management in the discussion of subjective issues and mitigating factors; therefore, examiners will usually assess risk and draw conclusions onsite.
47
Supervision ToolsExaminers have a variety of tools to aid in their supervision efforts, including the following:Review of call reports;Examination planning contacts;Periodic telephone contacts;Review of the banks risk management reports; Review of board and committee minutes;Review of financial trends;Cycle-to-cycle comparisons;Review of consolidated balance sheets;Review of policies and procedures;
48Supervision ToolsReview of offsite risk evaluation and monitoring reports;Review of publications, press releases, and news stories about conditions and events that may affect the bank;Review of electronic information sources (e.g., banks website); Review of the audit reports and, if necessary, the audit work papers.49
Risk-Based Supervision ProceduresExaminers should focus their review on the internal controls over the call reports and the banks process for ensuring their accuracy, by taking the following steps:Determine the experience level of the personnel involved in preparing the call reports. Examiners can usually place greater reliance on a call reports prepared by the same person for the last several years. However, if the same person has prepared the call reports and year after year each examination notes deficiencies, examiners should review and inspect the accuracy of the call reports in detail.
50Risk-Based Supervision ProceduresInform the board of directors of inadequate progress and the status of risk areas; Analyze emerging financial trends and risk areas that could threaten the banks solvency; Determine the banks economic viability and, where necessary, explore merger and liquidation alternatives; Recommend administrative actions, when necessary, to protect the interests of the stakeholder;Revise, as necessary, future supervision plans, and the schedule for the next examination; and Review and revise, if necessary, recommendations for team participants and subject matter examiners.51Risk-Based SupervisionThings not be forgotten for Supervisors
intensive pre-examination planninggreater interaction with top management of banksclear understanding of risks and risk management systems of bankscapacity to assess quantity, quality and direction of risksability to communicate in clear and concise manner both CAMELS and Risk Ratingstake timely corrective actions upon identifying excessive risk takingexercise continuous supervision52Risk-Based SupervisionThings not be forgotten for Banks
board of directors to take active responsibility for running the bank comprehensive risk management programs to cover major risks formal risk management structure (Risk Management Committee or Risk Manager) self-assessments and independent reviews
53
CAMELS RATING Composite Rating 1
Banks in this group are sound in every respect. Any weaknesses are minor and can be handled in a routine manner by the board of directors and management. These institutions are the most capable of withstanding the whims of business conditions and are resistant to outside influences such as economic instability in their trade area. These institutions are in substantial compliance with laws and regulations54CAMELS RATING Composite Rating 1
As a result, these institutions exhibit the strongest performance and risk management practices relative to the institutions size, complexity, and risk profile, and give no cause for supervisory concern.55CAMELS RATING Composite Rating 2
Banks in this group are fundamentally sound. For an institution to receive this rating, generally no component rating should be more severe than 3. Only moderate weaknesses are present and are well within the board of directors and managements capabilities and willingness to correct. These institutions are stable and are capable of withstanding business fluctuations.
56CAMELS RATINGComposite Rating 2
These institutions are in substantial compliance with laws and regulations. Overall risk management practices are satisfactory relative to the institutions size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited57CAMELS RATINGComposite Rating 3
Banks in this group exhibit some degree of supervisory concern in one or more of the component areas. These banks exhibit a combination of weaknesses that may range from moderate to critical; however, the magnitude of the deficiencies generally will not cause a component to be rated more severely than 4.Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. 58CAMELS RATINGComposite Rating 3
Banks in this group generally are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those banks rated a composite 1 or 2.
Additionally, these banks may be in significant non-compliance with laws and regulations. Risk management practices may be less than satisfactory relative to the banks size, complexity, and risk profile.
These banks require more than normal supervision, which may include formal or informal enforcement actions. However, failure appears unlikely, given the overall strength and financial capacity of these banks .
59CAMELS RATINGComposite Rating 4
Banks in this group generally exhibit unsafe and unsound practices or conditions. Banks have one or more of their components rated 5. There are serious financial or managerial deficiencies that result in unsatisfactory performance. 60CAMELS RATINGComposite Rating 4
The problems range from severe to critically deficient. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management.Banks in this group generally are not capable of withstanding business fluctuations
61CAMELS RATINGComposite Rating 4There may be significant non-compliance with laws and regulations. Risk management practices are generally unacceptable relative to the institutions size, complexity, and risk profile. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems. Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed and resolved.62CAMELS RATINGComposite Rating 5
Banks in this group exhibit extremely unsafe and unsound practices or conditions; exhibit a critically deficient performance; often contain inadequate risk management practices relative to the institutions size, complexity, and risk profile; and are of the greatest supervisory concern.
The volume and severity of problems are beyond managements ability or willingness to control or correct.
Immediate outside financial or other assistance is needed in order for the bank to be viable. Ongoing supervisory attention is necessary.
Banks in this group pose a significant risk and the probability of failure is high.
63Supervision of CAMEL Rating 3, 4 and 5Effective supervision of banks rated 3, and 4 (banks rated 5 normally do not survive) ensures the long-term viability of the bank and its ongoing ability to continue providing its services.
During supervision of banks rated 3, 4, or 5, the examiner should perform the following, as necessary:
64Supervision of CAMEL Rating 3, 4 and 5Review previously identified risk areas to determine whether the direction of risk has decreased or remains unchanged;Determine the progress made in resolving problems;Determine whether the report of resolution developed for the bank is working, and revise the plan with the officials if changes would likely resolve the problem;
65Risk-Based SupervisionBasic Requirements of Risk Management Framework
Active board and senior management oversight;
Adequate policies, procedures and limits;
Risk Management, risk measurement (models) and related risk management information system (MIS); and
Comprehensive internal controls.
66Risk-Based Supervision FrameworkSTEPSRISK-BASED TOOLS/REPORTSUnderstand the bank Banks ProfileAssess the banks risksRisk MatrixRisk Assessment SummaryPlanning and Scheduling Supervisory ActivitiesSupervisory PlanDefine Examination Activities Letter to Banks ManagementPerform Examination Procedure CAMELS Rating, Risk MatrixReport Findings , Recommendations and Follow-upSupervision ReportUpdate Banks Profile67Banks ProfileBackground and Structure. Date licensed, commencement date, Geographical location (Head office and branches) Ownership structure Organizations structure Major changes since last review including board of directors, management,merger, acquisition, divestiture, consolidation, branch network etc.
68Banks ProfileEconomic Condition, Business Profile and Strategies Briefly explain the countrys economic condition in terms of GDP growth, exchange rate, inflation and interest rates. Briefly explain significant activities, business lines, product mix, growth areas, new products introduced since the previous review. A brief description of the strategies for key performance area such as expansion reduction of business lines, change in compensation policies, acquisition, merger, consolidation etc.
69Banks ProfileBoard and Senior Management Oversight Board and Management Committees, composition and mandates Level of Board oversight (strength & weaknesses) Policy formulation (comment on whether senior management and board of directors perform their role and responsibilities) Adequacy of MIS (timeliness and coverage of reports) Management turnover and succession plans Risk management (Structure and organization)
70Banks ProfileFinancial Condition Brief analysis financial condition and trends on capital adequacy, asset quality,earnings and liquidity Industry/peer rankings of institutions Top ten borrowers and depositors CAMELS Ratings of previous two on site examinations, Financial Stability and Stress Testing Assessment report
71Banks ProfileInternal and External Audit Internal and External Audit (nature of audit performed including special audit if any).
Supervisory Activities Performed Comment on the supervisory activities performed during the period under review72RISK ASSESSMENT SUMMARY FORMATInternal Risk Management System Risk management structure Categories of risks Policies, Procedures and Limits Discussion on risks assessment by internal and external auditors or any other independent reviewer Discussion on risks self-assessment by the institution.
Overall Risk Assessment Overall risk rating Trend/Direction of overall risk Supporting narrative comments
73RISK ASSESSMENT SUMMARY FORMATIndividual Risk Assessment Composite risk rating Direction of credit risk Supporting narrative comments
Recommendations on action to be taken Comment on the need to issue directive or recommendation to the institution based on the outcome of the institution profile assessment Comment on the need for changes to the supervisory plan, if any.74RISK ASSESSMENT SUMMARY FORMATAppendices List of Shareholders (% ownership, nationality, etc ) Organization structure (up to line managers) List of Board of Directors (nationality, appointment date, qualifications and experience) List of board committees (composition, TORs/mandates, meeting frequencies) List of Senior Management (nationality, qualifications and experience) Risk Matrix
75ACTIVITY PLAN FOR ON-SITE EXAMINATIONRisk/ActivityAssigned ExaminerPlanned DaysPreliminary discussions with line ManagersX2Credit Risk and Asset Quality Y8Liquidity Risk and LiquidityZ4Foreign Exchange Risk2Operational Risk8Capital Adequacy4Audit function and Internal Controls6Board and Senior Management oversight576EXAMINATION REPORT FORMAT1.0 BackgroundInstitutional OverviewScope of ExaminationExit Meeting
2.0 Executive Summary2.1 Examination ConclusionsRisk RatingCAMELS RatingCompliance IssuesRecommendations
3.0 Assessments 3.1 Risk Management ReviewCredit RiskLiquidity RiskForeign Exchange RiskInterest Rate RiskOperational RiskOverall Risk Rating
77EXAMINATION REPORT FORMAT3.2 CAMELS AnalysisCapital AdequacyAsset QualityManagementCorporate GovernanceRisk Management PracticesAudit and Internal ControlsEarningsLiquiditySensitivity to Market RiskOverall CAMELS Rating
78EXAMINATION REPORT FORMAT3.3 Compliance IssuesCompliance with Previous Examination RecommendationsCompliance with Laws, Regulations, Circulars, Directives and Supervisory Action
4.0 Other Supervisory Matters
5.0 Appendices79THANK YOU80