8/4/2019 Risk Base Supervision of Banks
1/52
Financial Services Author it y
Risk based
approach tosupervision of
banks
June 1998
8/4/2019 Risk Base Supervision of Banks
2/52
1 Introduction 3
2 Coverage of the RATE framework 5
3 Summary of the RATE framework 7
4 The RATE framework - a step by step guide 10
Appendix 1: CAMELB & COM evaluation factors 28
Appendix 2: Format for identifying significant business units 50
Contents
Risk based approach to supervision of banks 1 The Financial Services Author ity 1998
8/4/2019 Risk Base Supervision of Banks
3/52
In 1997, the Bank of England published two consultative papers on its
proposed risk based approach to supervision of banks author ised under
the Banking Act 1987 (the Act). The approaches were known as the
RATE and SCALE frameworks*.
Following publication of these papers, comments were received from
banks, accountants, industry associations, and regulators (both
domestically and overseas). A response was subsequently published and,
during the latter half of 1997, the two approaches were prototyped on 17
UK incorporated banks and five non-EEA incorporated banks with
branches in the UK. Feedback was received on the prototyping which
resulted in some changes to the frameworks as originally proposed.
This paper sets out the Financial Services Author itys risk basedapproach to the supervision of banks; it applies to banks incorporated
both in the UK and in non-EEA countries. The paper merges the RATE
and SCALE frameworks into a single risk based approach, as the two
approaches were fundamentally the same. The merged risk based
approach to supervision will be known as the RATE framework.
Further copies of this paper are available from the FSA Publications
Department (at the following address) on receipt of a cheque for 10.00
each made payable to the FSA.
The FSA
25 The North Colonnade
Canary Wharf
London E14 5HS
The paper is also available on the FSAs Web site at www.fsa.gov.uk.
* RATE is Risk Assessment, Tools of Supervision, Evaluation.
SCALE is Schedule 3 Compliance Assessment, Liaison, Evaluation.
2 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
4/52
1 See The Objectives, Standards and Processes of Banking Supervision.
2 See Financial Services Authority: an outline.
1 The objective of this paper is to provide a step by step description of the FSAs
risk based framework for the supervision of both UK and non-EEAincorporated banks authorised under the Banking Act 1987 (the Act). This
paper aims to increase understanding of how the FSA will conduct its
supervision of banks. It remains the responsibility of the senior management
of a bank to ensure that its business is conducted in accordance with the
requirements set out in the Act.
2 The approach enables the FSA to carry out its responsibilities placed on it by
the Act and explained in more detail in a paper entitled The Objectives,
Standards and Processes of Banking Supervision published by the Bank of
England in February 1997.1
In the latter, the FSA is committed to assessingbanks businesses, their risk profiles and the macro-economic context and to
designing effective supervisory plans and making appropriate use of
supervisory tools.
3 A risk based framework is also consistent with the FSAs approach to its
regulatory responsibilities as out lined in the FSAs launch document issued in
October 1997.2 In this document, the FSA states that it is committed to
adopt ing a flexible and differentiated risk based approach to setting standards
and to supervision, reflecting the nature of the business activities concerned,
the extent of risk within particular firms and markets, quality of firmsmanagement contro ls and the relative sophistication of the consumers
involved.
4 The risk based supervisory regime for banks set out in this paper is consistent
with both the FSAs style of regulation and the published standards of
supervision. It ensures greater consistency in the supervisory process and
Introduction1
Risk based approach to supervision of banks 3
8/4/2019 Risk Base Supervision of Banks
5/52
establishes best practice in the supervision of banks. The approach is intended
to be flexible and to allow individual supervisors to exercise their own
judgement within a systematic framework.
Benefits
5 The FSA sees a number of benefits in the framework out lined in this paper. In
particular, the FSAs supervisors should gain a better understanding of the
quality of management, the characteristics of the business and the risks a bank
faces. It also enables the FSA to d isplay more consistency in carrying out its
supervisory responsibilities and to assess more systematically whether banks
continue to meet the minimum criteria for author isation, as set out in the Act
and in the Statements of Principles issued under section 16 of the Act.
6 The banks should benefit from the improved focus of the FSAs supervision
and from the specific targeting of the tools of supervision, such as specialiston-site visits and reporting accountants reports on internal controls (section
39 reports), to the areas of greatest risk and concern in individual banks.
7 The more explicit linking of the tools of supervision to areas of risk or concern
should mean that banks management understand why a supervisor has used a
particular supervisory tool. As a banks management and supervisors have a
common interest in ensuring that risks are properly identified and that
adequate and effective control systems are established, the supervisory work
commissioned should be of value to both part ies.
8 A risk assessment will involve the commitment of resources by both the
supervisors and a banks management. In particular, the supervisors need to
spend time on-site discussing the issues with senior bank management. The
time taken to perform this work will vary from bank to bank depending on
the size and complexity of the institution. However, following a risk
assessment, the supervisor will be better placed to decide on the intensity of
the future supervision having obtained a better understanding of a banks risk
profile. The intensity of supervision and the amount and focus of supervisory
action will increase in line with the perceived risk profile of a bank. One
advantage this has for banks is that the cost of supervision, in terms of
management t ime or through direct costs (e.g. report ing accountants fees),
should be more directly related to its risk.
9 From the FSAs perspective, the allocation of its own resources according to
risk - devoting more supervisory effort to those banks that have a high risk
profile - will be more efficient and again is consistent with the published
Standards for Supervisors. It will enable the FSA to target and prioritise the
use of its own resources.
4 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
6/52
3 As set ou t in the Second Consolidated Supervision Directive (2CSD). For further details of consolidated supervision
see Policy Guidelines, Chapter CS.
UK incorporated banks
10 In order to fulfil the FSAs responsibilities under the Act and for the purposes
of consolidated supervision the risk based supervisory framework described in
this paper will be applied to all banks and, where appropriate, their
consolidated groups.3 While the FSAs supervision will be focused on the
consolidated group when undertaking its risk assessment, it also needs to
ensure that each bank, i.e. the legal entity, meets the minimum criteria for
authorisation as set out in the Act (the schedule 3 criteria). As set out in the
Policy Guidelines, the FSAs approach to consolidated supervision of UK
incorporated banks owned by an overseas bank, is to extend the group
consolidation to the highest relevant EEA parent company (except whereanother EEA supervisor performs consolidated supervision).
Non-EEA incorporated banks
11 In undertaking its supervision of non-EEA incorporated banks with branches
in the UK, the FSA will not seek to duplicate the work already conducted by
the home supervisor. It will liaise as necessary with the relevant supervisor to
obtain information and to understand its approach to supervision, including
the extent to which the home supervisor carries out consolidated supervision.
12 For these banks, the FSA will focus its supervision on the bank as a whole, of
which the branch is part , as it is the bank as a whole which is authorised not
simply the UK branch. It is, therefore, the bank which must meet the
minimum criteria for author isation and the FSA is required under the Act to
ensure that it is sufficiently well informed about the bank as a whole to judge
whether these criteria are met.
Coverage of the RATEframework
2
Risk based approach to supervision of banks 5
8/4/2019 Risk Base Supervision of Banks
7/52
EEA incorporated banks ( excluding UK incorporated banks)
13 The supervisory framework described in this paper is not applied to branches
in the UK of banks incorporated elsewhere in the EEA, since supervisory
responsibility for these banks lies primar ily with their home country
supervisor.
Definitions
14 For ease of reference and unless otherwise stated, the use of the word bank
throughout this paper refers to both the UK incorporated bank and its
consolidated group, and, in addition, to the non-EEA incorporated bank,
including the UK branch.
15 In some circumstances, it has been necessary to differentiate further. Where the
word branch is used, this refers to the UK branch of a bank incorporated in a
non-EEA country. Where the word wholebank is used, this refers to the non-
EEA bank as a whole, including the UK branch, i.e. the legal entity.
6 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
8/52
Overview
16 An overview of the RATE framework is shown in Diagram 1. This describes
the RATE process as if it were self-contained and as if each of the three phases
(RiskAssessment, Tools and Evaluation) were separate. In practice, the
process is not self contained but rather is dynamic because new information
will be received throughout the process which may require adaptation or
revision of supervisory actions and initiatives at any stage. However, for ease
of presentation the following sections analyse the three phases separately.
17 Each of the phases takes place during a supervisory period, which is the
length of time between undertak ing formal risk assessments on a part icular
bank. The period will vary according to the business and control risk profile of
the bank concerned, from six months for a bank whose overall risk profile is
classified as very high or for a bank undergoing major change, up to two
years, or possibly longer, for a bank whose overall risk profile is low and
whose business and control framework are stable.
18 In each supervisory period, the FSA will undertake a formal risk assessment
using nine evaluation factors. This assessment will be performed by analysing
information which the FSA already has available and from a series of meetings
(which will normally take place in a short, discrete period) with senior
management of the bank. In addition, for non-EEA incorporated banks, the
FSA will liaise with the home country supervisor to understand its approach to
supervision and to obtain relevant information on these banks in order to
perform a risk assessment on both the wholebank and branch. The objective
of this phase is to identify, in a systematic manner, the business or inherent
risks of a bank and to assess the adequacy and effectiveness of its controls,
organisation structure and management in order to establish the supervisory
programme. Through this risk based approach to supervision, the FSA will be
well placed to judge whether banks meet the minimum criteria for
authorisation.
Summary of the RATEframework
3
Risk based approach to supervision of banks 7
8/4/2019 Risk Base Supervision of Banks
9/52
19 After each risk assessment the FSA will feed back its views on the banks risk
profile in a letter to the bank and, where appropriate, the home country
supervisor. The letter will also contain details of any remedial action the FSA
requires the bank to take, and of the supervisory programme comprising the
tools of supervision (such as section 39 reports, use of specialist resources and
liaison with overseas supervisors) which the FSA intends to apply. These toolswill be targeted at areas considered to be of higher risk and will be used to
investigate other potentially higher risk areas identified during the risk
assessment. The results of the tools will be examined as they become available,
which may require the FSA to reassess the risk profile of the bank, require the
bank to take remedial actions or for the FSA to take appropriate supervisory
action.
Diagram 1
8 Financial Services Authority
RiskAssessment
Evaluation
Stocktake of supervisoryaction and results.
Risk assessment usingnine evaluati on f actors;
devise supervisory action plan; formalfeedback to banks (and other regulators) .
Execute supervisory planincluding tools of supervision;
ensure appropriateremedial action.
Tools ofsupervision
Supervisoryperiod
Normal supervisory practices
8/4/2019 Risk Base Supervision of Banks
10/52
20 During the course of the supervisory period the FSA will constantly evaluate
the informat ion it receives, including that from the bank and home supervisor.
In addition, the FSA will undertake a formal evaluation to ensure that the
bank has implemented any agreed remedial actions, that the FSA has
completed its original work plan; that the findings of the supervisory tools
have been acted upon and to assess the effectiveness of its own supervision.The conclusions from the evaluation will be a key input into the next r isk
assessment.
21 Where the FSA identifies significant concerns, either from the risk assessment
or a t any time during the supervisory period, it will seek appropriate and
timely remedial action from the bank. Where these concerns relate to a non-
EEA incorporated bank, appropriate remedial action will be discussed and
sought in consultation with the home country supervisor. If these issues are
not resolved promptly and to the FSAs satisfaction, action may be initiated.
Actions available to the FSA include:
Increasing the banks capital requirement- the FSA can require an increase
in the capital a UK incorporated bank must hold relative to its assets;
Ring fencing of the bank - this involves the protection of a UK incorporated
bank from other parts of its wider group. This could mean limiting its
financial exposure to the rest of the group, or limiting the control exercised
over the bank by the parent o r shareholders. In the case of a UK branch of a
non-EEA incorporated bank, this might entail the establishment of a UK
incorporated company, i.e. subsidiarisation of the UK operations;
Formal supervisory action under the A ct- such action may be in the form of
restrictions on a banks business, either formal or informal, or revocation of
a banks authorisation if there is reasonable doubt whether one or more of
the minimum criteria for authorisation are being met.
Risk based approach to supervision of banks 9
8/4/2019 Risk Base Supervision of Banks
11/52
22 In each supervisory period, the FSA will perform a r isk assessment, take
appropriate supervisory action, apply the tools of supervision and undertake aformal evaluation. Although these are described in this paper as discrete
phases, there will be considerable interaction among them.
23 The FSA will determine the length of the supervisory period after completing
each risk assessment. During the supervisory period, banks management
should be proactively contacting the FSA to explain any significant changes to
the business risk profile or control environment. In addition, the FSA will use
the tools of supervision to ensure that it is aware of significant developments
and changes to the banks risk profile, business or control structure. The FSA
may alter the length of the supervisory period a t any time.
24 Where a non-EEA incorporated bank has both a UK branch and an UK
incorporated subsidiary, line supervisors will seek to understand the linkages
between the two and to minimise supervisory duplication. The approach
adopted will vary according to the supervision undertaken by the home
supervisor. Where there are dual presences, the risk assessment will usually be
done simultaneously with meetings with key personnel covering issues relating
to both entities.
Risk assessment phase
25 In performing a risk assessment, the FSA will undertake the following steps,
which are summarised in Diagram 2.
Step 1: Identifying key units to be risk assessed
The objective of th is step is for the FSA to identify signifi cant business units
within the bank ing group so the FSA can focus its work during the risk
assessment phase and determine whom it should m eet w hen carrying out its
on-site work. A slightly different approach w ill be adopted for UK and n on-
EEA incorporated banks.
The RATE framework -a step by step guide
4
10 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
12/52
Diagram 2
The risk assessment - step by step
UK incorporated banks
26 Banking groups may have a management structure which operates in adifferent way from the legal organisation of the group. In performing a risk
assessment, the FSA will seek to understand how the banks own management
runs the banking group from both a business and control perspective. In
identifying business areas or units that should be covered in the risk assess-
ment, the FSA will normally adopt the approach used by the banks own
management in breaking down the group. However, as the FSA has a statu-
tory responsibility for supervising the legal entity it has authorised under the
Act, it will also be looking to management to demonstrate how it reconciles
running the group on business lines with the need to ensure that legal entities
remain in full compliance with supervisory and other statutory requirements.
Risk based approach to supervision of banks 11
Identi fy key unitsStep 1
Obtain pre-visitinformation
Step 2
Preliminary riskassessment
Step 3
Undertake on-site visitStep 4
Final risk assessmentStep 5
Prepare supervisoryprogramme
Step 6
Ensure consistencyStep 7
Formal feedback t o bank(and overseas regulators)
Step 8
8/4/2019 Risk Base Supervision of Banks
13/52
4 For fur ther d etails, see Policy Guidelines, Ch apter CS, Section 8.
5 For further details, see Policy Guidelines, Chapter PB, Section 3.
27 In order to identify significant units, the FSA requires banks subject to
consolidated supervision to provide information on units (legal entities,
business units, geographical units or group counterparties) that are considered
to be significant: that is, if they use more than 5% of a groups regulatory
capital; or generate more than 5% of a groups gross revenues or profits; or
involve a financial exposure of more than 10% of a banks capital.4 Thesethresholds are consistent with those used in the FSAs implementation of the
Post-BCCI Directive.5 A suggested format for how this information might be
provided to FSA is shown in Appendix 2.
28 Discussions of which units are significant will normally take place annually
and certainly in advance of each risk assessment. The thresholds will also be
used to establish significant units for banks which are not part of a
consolidated group, and so are only subject to supervision of the legal entity.
29 A unit of a bank may not be caught by these thresholds even though it givesrise to significant business or control risk; for example any unit that is likely to
breach one of the quantitative thresholds in the coming year or attracts
significant reputational r isk. The FSA may, therefore, decide to include such
units in the risk assessment. The FSA will also need to ensure sufficient
coverage of the banking group, if those units deemed to be significant by
management do not together cover the major part of the bank, e.g. if the sum
of profits of all significant units is well below the banks total profit.
30 The first step in the RATE process will be to agree with banks exactly which
units are significant and should, therefore, be covered in the risk assessment.For those companies within the scope of the FSAs consolidated supervision,
the following principles will be applied.
(i) Consolidated groups incorporating fin ancial companies - Non-banking
financial businesses within the consolidated group (e.g. fund
management, corporate finance and investment services) are included in
the usual consolidated prudential returns submitted to the FSA. These
companies will be included in the risk assessment if they meet the
significance tests set out above. Where these financial companies are
regulated by the FSA, for example under the Financial Services Act, the
line supervisor will draw on the work already undertaken elsewhere in
the FSA in order to avoid any duplication . Similarly, the FSA would
expect to be able to take into account the work undertaken by overseas
regulators if the banking group had overseas operations that were
subject to regulation.
12 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
14/52
(ii) Consolidated groups incorporating non-fi nancial companies -
Companies considered not to be financial (e.g. manufacturing and estate
agencies) are not generally included in the FSAs consolidated prudent ial
returns. In such cases, the investment of the parent in a non-financial
company is deducted from the capital base of the group. H owever,
within its consolidated supervision, the FSA takes account of theactivities of these companies to the extent that they may have a material
bearing on the reputat ion and financial soundness of the bank.
Therefore, the FSA considers that such companies should be included in
its risk assessment if they meet the significance tests. In such cases, the
risk assessment will normally focus on the risks and controls within each
company and the controls exercised by the parent company.
(iii) Wider group - Where a UK incorporated bank forms part of a group
which goes wider than the banks consolidated prudential returns, the
FSA clearly needs to understand the potential impact on the bank of
other group companies. An example of such a group would be where a
bank is owned by an industrial company and therefore the bank forms
part of a much wider group whose business activities are diverse. It is not
intended to perform risk assessments on these companies (as the links
between them and the bank tend to be less close than those referred to
above) but, as at present, the FSA will wish to understand the nature and
scale of these businesses by obtaining relevant information (e.g. annual
accounts). In some instances, the FSA may wish to meet with individuals
outside the UK banking group to discuss the potential impact of suchcompanies on the bank and to understand the wider group strategy. This
assessment will be considered when evaluating the external risks of a
bank under the Business evaluation factor (see Step 3).
Non-EEA incorporated banks
31 For the risk assessment of a non-EEA incorporated bank, including the UK
branch, a slightly different approach will be taken. Whilst it will still be
necessary to understand which par ts of the wholebank a re material in order to
focus the risk assessment, it is important to avoid duplication with the home
country supervisor. Therefore, the FSA will begin its risk assessment by
understanding the methodology employed by the home supervisor in
identifying significant units of risk or its approach to materiality.
32 If the home supervisor does not use such a methodology to identify material
parts of the wholebank, the FSA will seek to obtain such information from
other sources, for example by using the annual accounts, management
information or group organograms. Based on this information, the FSA will
assess whether there are any areas of the wholebank which are significant in
terms of risk in order to focus its discussions with the home supervisor. This
Risk based approach to supervision of banks 13
8/4/2019 Risk Base Supervision of Banks
15/52
6 Mo Us establish a clear mechanism for t he exchange of informat ion between supervisors, setting out each part ys
needs and expectations.
will also enable the FSA to assess the materiality of the UK branch in terms of
the legal entity.
33 For the UK branch, similar criteria to that used for UK incorporated banks
e.g. revenue, profits, will be used to determine the significant areas of risk.
Step 2: Obtaining pre-visit information, including liaison with overseasregulators
The objective of th is step is for the FSA to obtain further information direct
from the bank , where necessary. In add ition, the FSA needs to u nderstand the
approach to supervision adopted by overseas regulators and to obtain
relevant informat ion to ensure that it draws as far as possible on w ork
already undertaken, thus min imising duplication in supervision.
34 Pre-visit preparation is crucial to the success of the on-site work. The
background information necessary will vary from bank to bank, but will
generally include management accounts, strategy documents, business plans
and budgets and organograms of the legal and management structure. As most
of these documents are already submitted to the FSA, requests for additional
information should be limited.
35 Where overseas regulators are involved in the supervision of the operations of
UK incorporated banks in their country, or where they are the home
supervisor of a non-EEA incorporated bank, the FSA will contact the regulator
to obtain additional information and will draw on work already undertaken
by them to minimise duplication in supervision. Exchange of information will
either take place under existing Memorandum of Understandings6 which have
been established with a number of regulators, or on an ad hoc basis where
these have yet to be formalised. In order to use the information provided, the
FSA will need to understand what other regulators do in general and how this
is applied to a specific legal entity or business unit. To do this, the FSA will
carry out an assessment of the supervision undertaken in order to identify any
additional work the FSA will need to do in order to make good any short falls
in information.
36 In undertaking an assessment of the supervision of an overseas regulator, the
FSA will consider whether locally incorporated banks are required to meet
minimum standards of authorisation similar to those set out in the Act. To do
this, the FSA will seek to understand the legal framework, including whether
overseas regulators undertake consolidated supervision and have supervisory
guidelines covering issues such as capital, large exposures and liquidity.
Included in this assessment will be the extent to which the regulator focuses on
14 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
16/52
the risks in overseas operations, the amount of on- and off-site work, the
reliance placed on external auditors and the level of supervisory resources. In
relation to its supervision of UK banks, the FSA may also need to understand
the supervisory approach adopted for branches of overseas incorporated
banks operat ing in that country.
37 For UK incorporated banks, the FSA will identify which units (legal entities or
business units) are supervised by overseas regulators through the information
provided on significant units (see Step 1). The FSA will contact these
regulators to discuss any areas of concern and to obtain any information
which might be of assistance in performing its risk assessment of the bank. In
particular, where other regulators perform their own risk assessments, the FSA
will seek to obtain a summary of their findings.
38 For non-EEA incorporated banks, the home supervisor has primary
responsibility for their supervision and is likely to be better placed than theFSA to obtain and evaluate relevant information. Where the FSA is satisfied
that the scope of home country supervision encompasses those issues
considered under the minimum criteria for authorisation, the FSA will not
seek to duplicate supervision. In such cases, the FSA will utilise the
information and judgement of the home supervisor, including information on
the UK branch, in forming its own view on whether the minimum criteria are
met.
39 Where the FSA is unable to obtain sufficient information from the home
supervisor on the wholebank, it will be necessary to consider other ways tomake good the short fall, such as greater contact with the H ead Office. Where
the informat ion short fall relates to the UK branch, the FSA will aim to address
this by direct contact with the branch.
Step 3: Preliminary risk assessment
The objective of this step is for the FSA to undertake a preliminary risk
assessment using information already available, to assess what the k ey
business and controls risks are, where there are information gaps and withwhom the line supervisor needs to meet to discuss these risks and garner
further information.
40 For most banks, the on-site work (undertaken during the risk assessment
phase) will take place within a short time-frame, which could last from two or
three days up to a few weeks. To prepare for these meetings, the FSA will
undertake the preliminary risk assessment off-site which will assist in
determining the amount of on-site work required, the appropriate personnel to
see and the issues to be discussed.
Risk based approach to supervision of banks 15
8/4/2019 Risk Base Supervision of Banks
17/52
41 The preliminary risk assessment will take place using nine evaluation factors
(Capital, Assets, Market risks, Earnings, Liabilities, Business, Internal
Controls, O rganisation, Management). These factors incorporate all the
minimum criteria for authorisation under the Act and the FSAs interpretation
of these criteria, as set out in the Statements of Principles. The factors are
described in more detail in Appendix 1, which forms guidance to thesupervisor. However, other factors may be considered in particular
circumstances and changes to the existing factors may be made over time.
42 The evaluation factors will be assessed using information which the FSA
already has available or is obtainable from other sources, including overseas
regulators (see Step 2). In addition, the FSA will take into consideration the
external auditors views of the bank. These will normally be obtained at the
meeting which is held with a bank and its external auditors to discuss the
annual audit or section 39 report.
43 The factors to be evaluated can be split between those that help to identify the
business or inherent r isk of the bank and those that focus on the adequacy and
effectiveness of the banks internal controls, organisation structure and
management.
44 Business risks - The analysis of the business risk will be performed using the
following factors: Capital, Assets, Market Risk, Earnings and Liabilities and
Business. This review will comprise an analysis of the financial position of the
bank, the banks overall business and external environment and its future
strategy. This will facilitate a historical, current and forward-lookingassessment of the banks key business risks, including credit, market, liquidity,
operational, litigation and reputat ional risks. This analysis will be undertaken
using prudential data, management accounts, trends in key ratios and peer
group analysis, strategic plans, together with information a lready held on the
FSAs files.
45 Control risks - In analysing the controls over the business, the FSA will
undertake an assessment using three factors: Controls, O rganisation and
Management. As mentioned above, most of the information for this analysis
will come from information a lready held on the FSAs files, including
section 39 reports and on-site visits.
46 For non-EEA incorporated banks, a preliminary risk assessment will be
conducted at two levels: the wholebank and the branch. The wholebank
assessment will primarily draw on the information obtained from the home
supervisor although where there are gaps in information, the FSA will have to
consider the most appropr iate method of making good this short fall. Where
the FSA can place significant reliance on the work undertaken by the home
supervisor, in particular where its supervision covers issues that the FSA needs
to assess under the minimum criteria for author isation, then a full risk
assessment using the CAMELB and COM factors will not be performed at the
16 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
18/52
wholebank level. However, a general assessment of the key business and
control risks will still be performed.
47 In undertaking a preliminary risk assessment of a UK branch, the FSA will
again draw on any work conducted by the home supervisor. The nine
evaluation factors will be used to perform th is assessment a lthough the Capital
factor is clearly not applicable at this level. Furthermore, where the FSA is
satisfied that limits and guidelines on particular business activities e.g. liquidity
are managed globally by the bank and are supervised effectively on a
consolidated basis by the home country supervisor, the FSA will not include
such activities in its assessment of the branch.
48 During the preliminary risk assessment stage, the FSA will identify where there
are information gaps, how to fill them and with whom the line supervisor
needs to meet when carrying out its on-site work (See Step 4).
Step 4: Undertaking the on-site visits
The objective of undertaking the on-site work is to improve the FSAs
understand ing of the business and control risks run by the bank, focusing in
particular on those units deemed to be significant.
49 The risk assessment visits are led by the line management responsible for the
day-to-day supervision of the bank. The visit provides an oppor tunity to
clarify any points arising from the preliminary risk assessment and to gain a
better understanding of the business undertaken by the bank. H owever, the
main focus of the meetings will be on the internal controls within the bank, to
assist in the evaluation of the CO M factors.
50 The on-site work will typically be undertaken at a high level. For most UK
incorporated banks this will involve meeting the Chief Executive, other
executive and some non-executive directors (including the Chairman of the
Audit Committee), the Chief Financial Officer and heads of significant units.
In addition, heads of control and suppor t functions such as risk management,
internal audit, IT and Human Resources will also be seen. For most branches
the on-site work will involve meeting the General Manager, other seniormanagement and, if necessary, depending on the size of the branch and the
level of supervision undertaken by the home supervisor, heads of key business
units and heads of control and support functions. In addition, and after
consultation with the home supervisor, the FSA may also meet with senior
personnel at head office or others who have responsibility for overseeing the
banks UK operations.
51 Discussions with top level management and personnel involved in support and
control functions will focus on high-level systems and controls (including the
risk management framework), strategy, the organisation structure andmanagement issues. Discussions with heads of business units will focus on
Risk based approach to supervision of banks 17
8/4/2019 Risk Base Supervision of Banks
19/52
7 Although the Ch airman, Chief Executive and General Ma nager should be ab le to cover all nine evaluation factors, it
is likely that meetings with these individuals will focus on o nly a few of the factors.
18 Financial Services Authority
strategies (including consistency with the banks overall strategy), controls
over the unit, quality and style of management, risk and earnings profile, and
the contro l framework established within the unit, including the adequacy of
segregation of duties. For non-EEA incorporated banks, the amount of on-site
work undertaken will depend on the supervision undertaken by the home
supervisor. Sufficient work needs to be done to enable the FSA to assesswhether the wholebank meets the minimum criteria for authorisation and that
the UK branch meets minimum standards.
52 An indication of the senior personnel the FSA are likely to meet during the on-
site work and the range of the evaluation factors that are likely to be discussed
with each of these people are set out below. The precise range of factors to be
discussed will depend on the business and control risk profile of the bank.
53 No performance testing of controls will be undertaken during the risk
assessment phase, since this should be covered by internal audit. This is one of
the main reasons for meeting with internal audit, namely to make an
assessment of the adequacy and effectiveness of the work undertaken by this
Evaluation factors by interviewee
C A M E L B C O M
Chairman7
CEO/General Manager7
Finance Director
Treasurer
Head of business unit
Head of risk management
Head of internal audit
Head of compliance
Head of IT
Head of personnel
Non-executive director
8/4/2019 Risk Base Supervision of Banks
20/52
function. If detailed performance testing is considered necessary this will be
undertaken using the tools of supervision.
54 At the beginning and at the close of the on-site work there will be meetings
with the Chief Executive, Finance Director or General Manager, depending on
the structure of the bank. This will allow the FSA to share initial views and, if
necessary, to clarify issues.
Large and diverse banks
55 For some UK banking groups, it will be difficult to complete the risk
assessment stage, in particular to conduct all the on-site work, in a few weeks.
The FSA will seek to be flexible in its approach to such banks. For example,
this may involve discussing the controls exercised over significant units with
the appropriate personnel in the head office or the parent company; or
scheduling meetings regarding lower risk areas of the business during thesupervisory period.
56 Where a UK banking group has overseas units which are significant and which
undertake financial services business regulated by an overseas regulator, the
line supervisor may still wish to meet with the head of the unit. Where
possible the FSA will take into account the supervision undertaken by the
overseas regulator, to the extent that it is satisfied with the work performed
and that the other regulators findings are shared with the FSA. In such
circumstances, the FSA will communicate to the regulator the amount of work
it intends to undertake, focusing on the controls exercised over the overseasunit, the business risks and strategy. Where the FSA considers that only limited
account can be taken of the work of the overseas regulator or where the
overseas unit is not supervised, a more thorough risk assessment and
discussion will take place with the unit head.
Step 5: The final risk assessment
The objective of this step is for the FSA to finalise its assessment of the
business and control risks in the bank, to identify how it expects the risk
profile to change over the supervisory period and to consider whether the
bank continues to meet the min imu m criteria for authorisation.
57 On return from the on-site work, the FSA will use the off- and on-site
information to undertake a formal evaluation of the CAMELB and COM
factors. As mentioned earlier, the assessment will be undertaken for the bank
or, where appropriate, the consolidated group , and for the wholebank and
branch.
58 After completing the CAMELB and COM analyses, the FSA will formulate a
risk profile of the bank. An overall assessment of both the business risks and
Risk based approach to supervision of banks 19
8/4/2019 Risk Base Supervision of Banks
21/52
the controls risks will be made. At the same time, the FSA will assess whether
the bank continues to meet the minimum criteria for au thor isation.
59 In addition, the FSA will consider how the banks risk profile is likely to
change over the next period. Such an assessment will be made using the
information supplied to the FSA together with the FSAs own forecast of
market developments; part icular account will be taken of the economic and
financial conditions in the countr ies in which the bank operates . This means
that the FSA will indicate whether the business and the control risk profile is
increasing, decreasing, or remaining the same. For example, the business
strategy will impact on the future business risk profile of the bank , as would
forecast changes to the economic environment. On the other hand, whether
the bank has sufficient resources to implement the strategy will be reflected in
the outlook for the banks control risk.
Step 6: Supervisory programme
The objective of this step is to prepare a supervisory programme which will
set out the work that the bank and the FSA w ill undertake during the
supervisory period. This work will focus on issues or concerns identified
during the risk assessment.
60 After undertaking the risk assessment, the FSA will prepare a supervisory
programme, which will contain details of remedial action that the bank is
required to undertake within a specified period. In addition, it will set out the
tools of supervision that will be applied during the forthcoming supervisoryperiod. The programme will be explicitly linked to the areas of greatest risk
and concern and should enable management to understand fully why
part icular action has been requested or tools are going to be applied. The
programme will first be discussed in draft with the bank before being finalised.
61 For UK banking groups containing multiple authorisations only one
supervisory programme will be drawn up, but the tools of supervision to be
applied to each bank within the group will be identified separately. For those
banks in larger banking groups which fall below the significance thresholds,
the FSA will still wish to hold an annual prudential meeting where it will
discuss issues which would normally have been covered during the risk
assessment phase, in addition to other prudential issues. The FSA may,
however, decide that a section 39 report does not need to be commissioned
annua lly for such banks.
62 For non-EEA incorporated banks, the programme will primarily cover the
branch. The nature of the programmes will depend on a number of factors,
including the scale and scope of supervision undertaken by the home
supervisor. In general, the more comprehensive the supervision of the branch
by the home supervisor, the less the FSA will need to undertake local (UK)
supervision; work carried out will be co-ordinated with the home supervisor.
20 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
22/52
63 In drawing up the supervisory programme, the FSA will first develop its
supervisory objectives for each bank consistent with the FSAs overall
objectives and standards of supervision. The FSA will then formulate actions
to meet the objectives set for individual banks, together with the likely timing.
These objectives are discussed in more detail below:
Objectives
Objectives define the goals of supervision for each bank and will form the
foundation for all actions. The objectives will be clear, attainable, specific, and
action-oriented and will be centred around one of three themes:
Correction - this is the process of addressing concerns identified in the risk
assessment. Correction is generally focused on ensuring that appropriate
action is taken by bank management and verifying that remedial action has
occurred. In the extreme, correction may involve the FSA taking supervisoryaction under the Banking Act.
Discovery - this is the process of gaining a more in-depth knowledge of the
banks risk profile, by undertaking further work in higher r isk areas as
determined by the risk assessment.
Monitoring - this is the process of identifying current and prospective issues
that could impact on the risk profile or overall condition of the bank.
Additionally, monitoring can be associated with observing and measuring
the banks progress toward correcting identified concerns.
Actions
Actions are the steps needed to achieve the supervisory objectives. This
includes the specific remedial work required by bank management to address
concerns identified in the risk assessment. Action also includes the submission
of documents by the bank and the tools of supervision that the FSA intends to
apply.
64 In order to give an indication of the content of the supervisory programme
and the length of the supervisory period, the following matrix summarises the
likely intensity and focus of supervision resulting from a particular risk profile.
65 Quadrant A of matrix 1 (overleaf) is indicative of a bank with a low level of
business risk and a low level of control risk (well controlled). A bank in this
quadrant would only need a limited amount of on-going monitoring for the
FSA to be aware of changes to its risk profile. Some discovery work may also
be necessary to confirm the risk profile as determined in the formal risk
assessment. The intensity of supervision is likely to be low. Prior to
determining the length of the supervisory period, the FSA will still consider
Risk based approach to supervision of banks 21
8/4/2019 Risk Base Supervision of Banks
23/52
whether the bank intends to make any changes to either the business or
control r isk profile but the period is likely to be in the region of 18-24 months,
or even longer.
Matrix 1
66 Quadrant B is indicative of a bank that is well controlled, but has a high level
of business risk. Although good controls are in place, a fair level of on-going
monitoring may be necessary to ensure that the high level of risk remains
effectively controlled and that the risk profile does not increase beyond
supportable levels. Further discovery work is also likely to gain a better
knowledge of the control environment, in par ticular in the high r isk business
activities. The length of the supervisory period is likely to be around 12-18
months.
67 Quadrant C is indicative of a bank with high business risk and poor controls.The focus will be on determining the immediate remedial actions necessary to
resolve the situation (e.g. enhancing control systems, reducing the business
risk, or both). The supervisory programme will be very well defined in these
instances and will require urgent remedial work by the bank under close
supervision by the FSA. The FSA will focus on determining managements
ability to resolve the problems and establish milestones to monitor progress.
The FSA would probably make high usage of the tools of supervision for an
institution in this quadrant, in particular to ensure that remedial work has
been undertaken. The length of the supervisory period for an institution of this
nature will vary depending upon managements response, but is likely to be at
the shorter end of the spectrum (i.e. six months to one year).
22 Financial Services Authority
B
High monitoring, l it tl e remedial
action unless risk is deemed excessive
A
Low monitoring, little remedial action
necessary.
C
High monitoring. Need for immediate
remedial act ion to improve risk
profile.
D
Moderate monit oring. Need for a
remedial programme to improve
controls.
High
Business
Risk
Low
High
Low
Control Risk
8/4/2019 Risk Base Supervision of Banks
24/52
68 Quadrant D is indicative of a bank with low business risk, but high control
risk (poor control systems). Remedial action by the bank is likely to be
necessary in this case to ensure that proper controls are in place to support the
level of risk undertaken. The FSA recognises that the control systems for a
bank with low business risk will differ from that of a bank with high business
risk. Therefore, the FSA will focus on determining the adequacy of the controlsystems in light of the level of business risk undertaken. The supervisory
programme will focus on the corrective measures agreed with the bank, and
will include use of the tools of supervision to that end. The supervisory period
in this case will vary considerably depending upon managements response,
but is likely to be around one year.
69 As stated above, a bank or branch with a low risk profile will normally be
subject to a less intensive supervisory programme, although a minimum level
of supervision is required to keep abreast of changes in the business. For
example, on an annual basis, most banks will either have a prudential meeting
or a formal risk assessment. Section 39 reports will also generally continue to
be commissioned annually. However, for those banks considered to be lower
risk, the FSA may decide not to commission such a report every year.
Step 7: Consistency
The objective of th is step is to ensure that FSA applies its supervisory
approach in a consistent m anner and that the intensity of supervision is
broadly the same for bank s with similar risk profiles.
70 The FSA will maintain a careful check on the consistency of the work being
carried out by its supervisors. This will be achieved in two ways, a RATE
Panel and a Quality Assurance function.
( i) RATE Panel
71 The objectives of the RATE Panel are to perform an independent review of the
final risk assessment completed by the line supervisor and to ensure
consistency in implementing risk based supervision across the banks
supervised in the Complex Groups and Banking and Building Societies
Divisions within FSA. A further role of the Panel is to identify trends or
particular current issues arising from the risk assessments of banks.
72 The RATE Panel will generally comprise senior FSA staff not directly involved
with the supervision of the bank under review.
73 The Panel will review a summary of the risk assessment and will consider the
appropriateness of the supervisory action and programme, in particular the
intensity of supervision proposed. In addition, the panel will review the
numerical rating which line supervisors attach to the individual CAMELB andCOM factors and the composite rating. The numerical rating system is purely
Risk based approach to supervision of banks 23
8/4/2019 Risk Base Supervision of Banks
25/52
an internal tool which the FSA uses to undertake peer group comparisons, to
assess trends in risk profiles, to determine the timing of risk assessments and to
help determine FSAs resource allocation. The numerical rating system itself
and the par ticular rat ings will not be disclosed to banks.
( ii ) Qualit y Assurance unit ( QA)
74 The FSAs QA function will focus on the extent to which line management
have followed the internal processes laid down in the risk based supervisory
framework. It will review a selection of banks to check that the work done is
appropriate for the bank and in line with the internal processes to enable line
management to exercise reasonable supervisory judgement, in particular that
all relevant issues have been properly identified.
Step 8: Formal feedback
The objective of this step is for the FSA to communicate the results of its risk
assessment an d the resultant supervisory programm e to the bank .
75 Once the supervisory programme has been developed and the RATE Panel has
considered the risk assessment, the FSA will give formal feedback of its
findings. A meeting will normally be held with the Chief Executive, Finance
Director or General Manager of the bank or branch.
76 In advance of this meeting, a draft letter will be sent to the bank setting out
the FSAs views on both the business and control risks of the bank or branch,
outlining any areas of specific concern and remedial action sought from the
bank. The letter will explain whether it expects the business and the control
risk run by the bank to increase, decrease or remain the same. In addition to
the letter, the supervisory programme will contain an action plan and a
supervisory timetable as appendices.
The format of the action plan is:
24 Financial Services Authority
Issue Risk/ Observation Action Timing Date
concerns required completed
Business Risk
Cont rol Risk
8/4/2019 Risk Base Supervision of Banks
26/52
The format of the supervisory timetable is:
77 For UK incorporated banks, the letter will be finalised after the meeting and
sent to the Board of Directors. In some instances, the FSA may also present its
findings to the Board. In the case of a non-EEA incorporated bank, the finalletter will be sent to the General Manager and copied to the Head Office. A
further letter setting out supervisory issues pertinent to the wholebank will be
sent to the H ead O ffice, which will raise any issues which the FSA wishes to
follow up either with the H ead Office or the home country supervisor. Both
the Head Office and branch letters will be copied to the home country
supervisor.
78 For those banks that are considered to be lower risk and, therefore, for whom
the period between risk assessments is longer than a year, the FSA will write
annually to the Chief Executive or General Manager setting out thesupervisory work it plans to undertake in the coming year. The plan will be
consistent with that set out in the supervisory programme sent following the
last risk assessment, assuming there has been no material change in the bank.
79 The final letter will also be copied to the banks reporting accountants and
feedback on the risk assessment will also be given to them at the meeting
where the next annual audit or section 39 report is discussed, or earlier if
specific issues have been identified which require more rapid communication.
Tools of supervision phase
80 During the tools of supervision phase, the FSA will ensure that the
supervisory programme is implemented, as set out in the final letter to the
bank. In particular, the FSA will track any significant developments, ensure
remedial action is undertaken and that the too ls of supervision are applied. In
addition, for non-EEA incorporated banks, the FSA will maintain
communication with the home supervisor and the head office to ensure that
any factors which might have an adverse impact on the banks risk profile or
continued compliance with the minimum criteria are identified. Through its
Risk based approach to supervision of banks 25
Supervisory tool/ Action required Purpose/ reason
Q3 1998
Q4 1998
Q1 1999
Q2 1999
8/4/2019 Risk Base Supervision of Banks
27/52
contact with the home supervisor, the FSA will also seek to ensure that no
duplication or gaps emerge in the supervisory approach to the wholebank.
81 Tools of supervision available to the FSA include:
Reporting Accountants (Section 39) Report- a report prepared by the
reporting accountants (usually the banks external auditors) assessing thebanks internal systems and the adequacy and effectiveness of the controls in
place. The scope of the report as specified by the FSA generally focuses on
specific areas of the bank, though it may cover all of the banks systems (a
full scope report);
Traded Markets Team Visit- a visit by the FSAs specialist treasury staff
focusing on the treasury areas of the bank , with an emphasis on r isk
management, systems and the adequacy of related controls. The visit is
followed by a letter detailing areas of specific concern and remedial action
required;
Credit Review Visit- again, a visit by the FSAs specialist staff but with the
focus on the assessment of the systems and adequacy of controls in areas of
the bank other than treasury, such as credit. The visit is followed by a letter
detailing areas of specific concern and remedial action required;
Liaison with overseas regulators - a visit to the overseas country, telephone
or written communication to obtain further information or to discuss
supervisory issues or action that might be taken by the appropriate
regulator;
Prudent ial meetings - meetings with senior management of the bank to
discuss the banks financial performance, its business and risk profile, its
strategy and the wider market environment in which it operates;
Ad hoc m eetings - meetings either a t the FSA or on-site to discuss business
developments or plans, and issues or concerns arising from the risk
assessment process.
82 During the supervisory period, the findings from each of the tools that have
been applied will provide the FSA with new and more detailed information
about the areas of risk or concern identified during the risk assessment stage.
This information will be discussed in follow up meetings that banks are
familiar with, allowing the FSA to feed back its conclusions, highlight
recommendations and discuss remedial plans.
83 At any time during the supervisory period the FSA may need to seek remedial
action from the bank or take action itself to deal with issues of serious
supervisory concern. In addition, a banks circumstances may change because
it is entering new markets, making an acquisition or is affected by market
developments. The FSA will address first those areas which it considers to be
of higher risk or concern.
26 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
28/52
84 If such events occur, the supervisory programme may need to be revised.
Alternatively, the FSA may decide that it should undertake another risk
assessment as the profile of the bank may have changed significantly.
Evaluation phase85 At least annually and before the next risk assessment, the FSA will undertake
an evaluation of the risk assessment, the supervisory programme and its use of
the tools of supervision; this is purely an internal FSA process. The evaluation
will constitute a review of the risk profile of the bank and the progress made
against the FSAs supervisory objectives. It will also involve a stock take of the
original work plan to ensure that the bank has successfully completed any
necessary remedial work and, that FSA has completed the work set out in the
supervisory programme and that the findings from all of the supervisory too ls
that have been applied have been properly assessed and acted upon. In
addition, dur ing the evaluation phase the FSA will assess the effectiveness of
the work it has carried out by considering what it has achieved during the
supervisory period in terms of understanding or improving the risk profile of
the bank.
86 The evaluation phase will be an integral part of the FSAs annual procedures,
which also include the formal review of the banks adherence to the minimum
criteria for authorisation and the annual letter that will be sent to all banks
and branches to confirm (or change) the supervisory programmes.
Risk based approach to supervision of banks 27
8/4/2019 Risk Base Supervision of Banks
29/52
Capital 29
Asset quality 31
Market risk 33
Earnings 35
Liabilities 36
Business 37
Internal Controls 40
Organisation 45
Management 47
Appendix 1
28 Financial Services Authority
CAMELB & COM evaluation factors
8/4/2019 Risk Base Supervision of Banks
30/52
Capital
Objective:
To determine whether the banks capital position is adequate to support the
level of current and anticipated business activities and associated risks.
In order to achieve the above objective, the FSA will assess the following:
Com position and quality of capital
Adequacy of capital
Access to capital
Repayment of capital
Composit ion and quality
In assessing composition and quality, the FSA will consider:
split between each of the three tiers, and
component parts of capital.
Adequacy
In assessing capital adequacy, the FSA will consider: current and projected business activities and associated risks,
trigger and target ratio adequacy in light of the banks risk profile,
risk asset ratio in comparison to t rigger and target ratios,
capital trends and projections, and
trends and projections in balance sheet growth and quality, as well as off-
balance sheet activities.
Access to capital
In assessing access to capital, the FSA will consider:
ability to ra ise additional tier 1 capital from existing or new shareholders,
including the financial strength of shareholders,
market conditions (prevailing and institution-specific) for raising new
capital,
current level of headroom available to issue tier 2 or 3 capital, and
track record for raising capital funds in the past.
Risk based approach to supervision of banks 29
8/4/2019 Risk Base Supervision of Banks
31/52
Repayment of capital
In assessing repayment of capital, the FSA will consider:
ability to meet scheduled repayment terms (principal and interest), and
impact of amortisation of tier 2 and 3 capital.
30 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
32/52
Asset quality
Objective:
To determine the quality of assets (both on- and off-balance sheet).
In order to achieve the above objective, the FSA will assess the following:
Composit ion
Concentrations
Provisioning
Composition
In assessing a banks on- and off-balance sheet assets, the FSA will consider:
size, maturity, currency, marketability, complexity, sources of repayment,
and geographic dispersion,
range and type of products,
trends in volume and growth, ar rears, non-performing assets, problem
assets, and write-offs,
quality of counterparties and trends in counterparty credit risk,
collateral (type, quality, margins, marketability, documentation),
netting arrangements,
amount of daylight exposure and settlements, and
methods for offsetting risk (e.g., credit derivatives).
Concentrations
In determining the overall quality of the asset portfolio, the FSA will
determine the potential impact to the bank on exposures with similar riskcharacteristics. The issues the FSA will consider include:
exposure to connected entities, groups, industries, markets, geographic
regions,
concentrations in tenor, credit risk or collateral type, and
volume of exposures greater than 10% of the capital base.
Risk based approach to supervision of banks 31
8/4/2019 Risk Base Supervision of Banks
33/52
Provisioning
The FSA will determine whether the banks level of provisioning is reasonable.
The issues the FSA will consider include:
level of problem assets,
adequacy of loss provision levels (both general and specific), and
timely recognition of losses.
32 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
34/52
Market risk
Objective:
To determine the amount of market risk in the trading and banking book.
In order to achieve the above objective, the FSA will assess the following:
Key products and markets
Market risk in the trading book
Interest rate risk in the banking book
Foreign exchange risk
Market risk exists in both the trading bookand the banking book. Within thetrad ing book, market risk is measured as changes in the value of financial
instruments or currencies. Within the banking book , market risk is measured
in terms of exposure to interest rate risk and/or foreign exchange risk.
Key products and markets
In order to determine the banks exposure to market risk, the FSA will
consider:
types of products traded (diversity and complexity),
active markets utilised, and
counterparties.
Market risk in the trading book
Market risk generally arises from market-making, dealing, and position-taking
activities in active markets. In assessing market r isk, the FSA will consider:
liquidity of market(s) for products (e.g., is there a liquid and ready market),
size, tenor, and complexity of open positions (including options),
stability of trad ing revenues (historical track record and trends),
output of internal models of sensitivity to r isk factors,
vulnerability under various scenarios and environments (modelling and
stress-testing),
ability to close or exit positions at a reasonable cost and in a reasonable
timeframe, and
Risk based approach to supervision of banks 33
8/4/2019 Risk Base Supervision of Banks
35/52
size of open positions versus revenues generated and expected (i.e., risk
versus reward).
Interest rate risk in the banking book
In assessing interest rate risk in the banking book, the FSA will consider:
sources of interest ra te exposure as well as the complexity of positions,
character of risk such as volume and repricing sensitivity, and
interest rate risk position over both the tactical and strategic horizons
(short - and long-term) as available in gap reports or through modelling.
Foreign exchange risk
In assessing foreign exchange risk, the FSA will consider:
volume of business subject to revaluation from currency translation
requirements,
composition of the port folio, including an assessment by:
- currency and anticipated durat ion of positions,
- size and maturity of cash flow mismatches, and
output of internal risk models.
34 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
36/52
Earnings
Objective:
To determine the profitability and earnings profile of the bank and evaluate
the quality and reliability of banks earnings.
In order to achieve the above objective, the FSA will assess the following:
Profitability and earnings performance
Profit plan & budget
Profitability and earnings performance
The FSA will focus on ratio and trend analysis to assess the quality of banks
earnings and profits. The issues the FSA will consider include:
overall level of profitability,
volatility of profits,
sources and distribution of income (by products, businesses, geographic
location),
margins, spreads, and fee income,
reliance on non-recurring income sources,
overheads and expenses,
impact of non-recurring expenses,
impact of taxation and dividends on profit retention, and
prudence of accounting practices (e.g., accruals).
Profit plan and budget
In addition to an analysis of the banks past earnings, the FSA will look atprojected profitability. In assessing the profit plan and budget, the FSA will
consider:
sustainability of income sources,
previous results to budgeted amounts,
impact of any strategic initiatives, and
anticipated operating environment, including economic and competitive
pressures.
Risk based approach to supervision of banks 35
8/4/2019 Risk Base Supervision of Banks
37/52
Liabilities
Objective:
To determine the liability and liquidity profile of the bank.
In order to achieve the above objective, the FSA will assess the following:
Liquidity
Composit ion
Concentrations
Liquidity
In assessing liquidity, the FSA will consider: liquidity mismatch position and ability to meet liquidity needs,
compliance with liquidity mismatch guidelines,
compliance with the stock approach to liquidity (for those UK incorporated
banks which have significant retail activities in the UK),
access to funds and/or lines of credit (advised or committed), and
quality of liquid assets.
Composition
In assessing the composition of a banks liabilities, the FSA will consider:
funding structure - wholesale versus retail,
volatility,
diversification of funding sources,
funding costs,
views of rating agencies and market perception,
trends and projections in the deposit structure with respect to growth
patterns, stability, and costs, and
type of borrowing (e.g., size, tenor, counterparty).
Concentrations
In assessing the level of concentrations, the FSA will consider:
funding from connected entities, and
significant fund providers (wholesale or retail).
36 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
38/52
Business
Objective:
To assess other influences on the banks business risk profile, not already
covered under the CAMEL evaluation factors.
In order to achieve the above objective, the FSA will assess the following:
External environment
Strategic business initiatives
Customer base & competitive differentiation
W ider group issues
IT systems
Key staf f
O ther business risks
External environment
In assessing a banks strategic fit within its external environment and
managements effectiveness in responding to external influences, the FSA will
consider the:
strengths, weaknesses and volatility of the economic and political
environment in the banks geographic locations,
potential impact of changes in economic conditions or the political
environment on the banks business,
potential impact of significant events (e.g., financial crisis, natural disasters),
and
ability to identify external risk(s) or other systemic issues inherent in the
various geographic locations.
Strategic business initiatives
The FSA will consider the underlying assumptions of the banks business
strategy and assess its viability, riskiness, and the probability of achieving
targets. This analysis will include all the significant business units, in that the
FSA will want to understand and assess the internal and external threats and
risks to those businesses. The issues the FSA will consider include:
viability of the strategic plan from a business perspective, includingimplementation plans,
Risk based approach to supervision of banks 37
8/4/2019 Risk Base Supervision of Banks
39/52
resources and skills necessary to execute the strategic plan,
success in merging elements of the strategic plan into the business or
operating plan,
intended launch into new markets and planned diversification,
appropriateness of the IT strategy to support business objectives and
priorities, and
frequency of changes to strategic direction.
Customer base & competitive differentiation
In assessing the banks existing customer base and market share, including
potential threats or oppor tunities, the FSA will consider:
wholesale Vs. retail customer base,
customer stability and loyalty,
ability to attract and retain customers,
price sensitivity and sophistication of customer base,
ability to capitalise on core competencies through product or service
differentiation,
position relative to being a product leader (innovator) or follower, and
market share and market volatility.
Wider group issues
Along with the need to consider external influences, the FSA will also assess
the impact o f interna l influences on the banks business activities. This includes
the influence of shareholders, the parent company and other a ffiliated
companies within the group. The issues the FSA will consider include:
degree of wider group influence on directing business activities,
relationships and impact of wider group on business activities (e.g. source of
business introductions, reputat ional risk),
history of complaints and litigation against the bank or wider group,
volume and type of inter-group business and degree of connected lending,
perspective of shareholder controllers - short-term versus long-term goals,
and
dividend practices, debt repayment to wider group, or any other pressures
which might adversely affect profit retention.
38 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
40/52
IT systems
In assessing whether the IT infrastructure is appropriate to meet the business
needs of the bank, the FSA will consider:
extent to which IT supports the current business or restricts planned
business initiatives,
extent to which IT systems have been assessed in terms of threats to the
confidentiality, integrity and availability of key information,
adequacy and viability of the IT stra tegy for the planned business initiatives,
including implementat ion plans, and
flexibility to deal with external events (e.g. Year 2000 and EMU).
Key staff
A banks core competencies may be tied to the talent(s) of one or more
individuals within a group. Often, these competencies come from either their
reputat ion in the market or their pre-established customer network. In either
case, the loss of one or all of these individuals could have a negative impact on
the banks ability to compete. The FSA will assess managements success in
dealing with key staffing issues by considering:
identification of key management and staff,
identification of business core competencies tied to an individual or group of
individuals, and
history of ability to retain management and staff.
Other business risks
The bank may offer services which are not readily captured within the
CAMEL factors. These services (e.g., global custody, corpora te finance)
generate fee income for the bank, without necessarily generating balance sheet
or off-balance sheet exposure. The risks associated with such businesses or
provision of services relate to problems with service delivery (either in terms ofoperational or legal requirements).
Although the primary risk relates to the control environment (and will be
assessed under the control factor), there can be a knock-on effect to the banks
reputation. In assessing the other business risks, the FSA will consider:
reputat ional risks in key business units (e.g. business undertaken, bad
publicity, reliance on third parties),
track record of problems with service delivery, and
concerns identified in the control environment which could have a negative
effect on the banks reputation and ultimately impact business initiatives.
Risk based approach to supervision of banks 39
8/4/2019 Risk Base Supervision of Banks
41/52
Internal Controls
Objective:
To determine the adequacy of the internal control framework.
In order to achieve the above objective, the FSA will assess the following:
Decision m aking framework
Risk management framework
Limits and standards
Information technology
Financial and management reporting
Staff policies
Segregation o f responsibilities
Audit and compliance functions
Money laundering controls
The sophistication of internal controls will depend on the size, complexity, and
geographic diversity of a bank. The FSA will therefore identify the nature of
the business to be controlled before determining whether the process controlsin place are fit for purpose.
Decision making framework
In order to determine whether the decision making framework is appropriate
with delegated authorities and clear accountability at all levels, the FSA will
consider:
level of delegation,
adequacy of communication mechanism,
means to prohibit individuals without authority from taking decisions or
committing the bank to a transaction, and
adequacy of documentation.
Risk management framework
The FSA will assess the adequacy of systems in place to identify, measure,
monitor, and control risk in an appropr iate and timely manner. In this context,
the FSA is focusing on the risks associated with all products and servicesoffered by the bank. The risks include, but are not be limited to: operational,
40 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
42/52
credit, price, foreign exchange, interest rate, liquidity, strategic, reputational,
legal, and information technology. In assessing the risk management
framework the FSA will consider:
Risk identification
responsibility for r isk identification,
process for risk identification, including existing and new products, and
regularity of review for identifying new risks within business units.
Risk measurement
frequency of risk measurement,
sources of data (e.g., market prices, position information),
sophistication of risk measurement tools, given the complexity and level of
risk assumed,
frequency of verification or validation of risk measurement tools used, and
ability to measure risk at both transactional and portfolio levels.
Risk monitoring
methodology to ensure all identified risks are monitored,
frequency, timeliness, accuracy, and clarity of monitor ing report s,
report distribution to management and staff, and
comparability of output against predetermined limits.
Risk control
independence of the risk control process,
experience, qualification and skills of the personnel within the risk control
function,
reporting lines from the risk control function to senior management,
actions taken to ensure that risks are maintained within pre-established
limits,
exception reports and follow-up, and
contingency planning.
Risk based approach to supervision of banks 41
8/4/2019 Risk Base Supervision of Banks
43/52
Limit and standards
The FSA will focus on assessing the Board and managements risk tolerance
and the adequacy of methods used to convey that risk tolerance to staff. In
doing so, the FSA will consider:
experience, background and authority of individuals involved in settinglimits,
policy and procedural guidance for all products and services, and
processes for setting and changing limits, including underwriting standards.
Information technology
The FSA will assess whether controls over the IT infrastructure are
appropriate. In assessing information technology, the FSA will consider:
adequacy of IT resources, prioritisation, planning and development,
procedures for IT procurement, project management,
procedures for the development, testing and implementat ion of new
hardware and software,
effectiveness of the information security framework and processes, and
adequacy of the business continuation plan.
Financial and management reporting
In assessing financial and management reporting, the FSA will consider:
adequacy, accuracy and timeliness of financial and management report ing,
[for businesses engaged in market activities] ability to value positions
independently of the front office,
ability to assess the quality of assets and maintain an effective level of
provisioning,
effectiveness and efficiency of distribut ion, including information sent to
NEDs,
frequency of budget preparat ion and appropriateness of budgeting process,
and
explanation of variances.
Staff policies
In assessing the various staff policies, the FSA will consider:
quality and depth of recruitment, training and staff retention policies,
42 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
44/52
succession plans and/or contingency plans for loss of staff,
link with business strategy;
remuneration policy (including bonuses) and practices to support staff
retention, without encouraging excessive risk taking,
ability to effectively monitor and control the risks rewarded by the bonus
scheme,
tra ining initiatives to ensure compliance with explicit or implied prudential
and ethical standards, and
adequacy of disciplinary procedures.
Segregation of responsibilities
The FSA will assess whether the bank has adequate distinction at all levelsbetween those committ ing the institution to a transaction, recording it, settling
it and controlling it. In assessing segregation of responsibilities, the FSA will
consider:
independence of reporting lines,
segregation of responsibilities,
interaction between the front, middle, and back offices;
interaction of front, middle and back offices with financial control and risk
management,
adequacy of the segregation of IT operational and development activities,
quality and experience of staff, and
adequacy of cover arrangements.
Audit and compliance functions
In assessing the audit and compliance functions, the FSA will consider:
responsibility and reporting lines, including their independence,
adequacy of methodology and extent of coverage,
adequacy of processes for addressing exceptions or recommendations on a
timely basis,
quality and experience of internal audit and compliance management and
staff, and
links between external audit, internal audit, and compliance.
Risk based approach to supervision of banks 43
8/4/2019 Risk Base Supervision of Banks
45/52
Money laundering
The FSA will determine whether the bank has established operating standards
and audit procedures that ensure compliance with M oney Laundering
legislation and guidelines. In doing so, the FSA will consider:
adequacy of policies, procedures, and training programmes, and
designation of responsibility for co-ordinating and monitor ing day-to-day
compliance.
44 Financial Services Authority
8/4/2019 Risk Base Supervision of Banks
46/52
Organisation
Objective:
To understand the organisational structure and determine its effectiveness.
In order to achieve the above objective, the FSA will assess the following:
Legal structure
Relationship w ith other parts of the group
Reporting lines
In determining adequacy of the organisational structure, the FSA will consider
whether the documented structure accurately reflects the real and perceived
lines of control and influence within the organisation.
Legal structure
In assessing the legal structure, the FSA will consider:
legal organisation and position of the bank within the group,
complexity of structure and rationale,
indication that the structure is understood,
frequency of changes to the organisational structure, and
close links and shareholder controllers.
Relationship with other parts of the group
The FSA will assess the independence and/or inter-relationship of the bank
with other parts of the group. In assessing the relationship with the group, the
FSA will consider:
control linkages and rationale,
centralised functions (e.g., treasury, risk management), and
degree of control and influence exercised by the parent or any part o f
Top Related