BIS bcbs230 - 2012
BIS bcbs230 - 2012
BIS bcbs230 - 2012
on Banking Supervision
September 2012
This publication is available on the BIS website (www.bis.org).
© Bank for International Settlements 2012. All rights reserved. Brief excerpts may be reproduced or
translated provided the source is cited.
Annex 1: Comparison between the revised and 2006 versions of the Core Principles ......... 68
Annex 2: Structure and guidance for assessment reports prepared by the International
Monetary Fund and the World Bank ..................................................................................... 70
Executive summary
1. The Core Principles for Effective Banking Supervision (Core Principles) are the de
facto minimum standard for sound prudential regulation and supervision of banks and
banking systems. Originally issued by the Basel Committee on Banking Supervision (the
Committee) 1 in 1997, they are used by countries as a benchmark for assessing the quality of
their supervisory systems and for identifying future work to achieve a baseline level of sound
supervisory practices. The Core Principles are also used by the International Monetary Fund
(IMF) and the World Bank, in the context of the Financial Sector Assessment Programme
(FSAP), to assess the effectiveness of countries’ banking supervisory systems and practices.
2. The Core Principles were last revised by the Committee in October 2006 in
cooperation with supervisors around the world. In its October 2010 Report to the G20 on
response to the financial crisis, the Committee announced its plan to review the Core
Principles as part of its ongoing work to strengthen supervisory practices worldwide.
3. In March 2011, the Core Principles Group 2 was mandated by the Committee to
review and update the Core Principles. The Committee’s mandate was to conduct the review
taking into account significant developments in the global financial markets and regulatory
landscape since October 2006, including post-crisis lessons 3 for promoting sound
supervisory systems. The intent was to ensure the continued relevance of the Core
Principles for promoting effective banking supervision in all countries over time and changing
environments.
4. In conducting the review, the Committee has sought to achieve the right balance in
raising the bar for sound supervision while retaining the Core Principles as a flexible, globally
applicable standard. By reinforcing the proportionality concept, the revised Core Principles
and their assessment criteria accommodate a diverse range of banking systems. The
proportionate approach also allows assessments of compliance with the Core Principles that
are commensurate with the risk profile and systemic importance of a broad spectrum of
banks (from large internationally active banks to small, non-complex deposit-taking
institutions).
1
The Basel Committee on Banking Supervision consists of senior representatives of bank supervisory
authorities and central banks from Argentina, Australia, Belgium, Brazil, Canada, China, France, Germany,
Hong Kong SAR, India, Indonesia, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, Russia, Saudi
Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United
States.
2
The Core Principles Group consisted of members from the Committee and the Basel Consultative Group,
which comprises representatives from both Committee and non-Committee member countries and regional
groups of banking supervisors, as well as the IMF, the World Bank and the Islamic Financial Services Board.
3
See, for example, the November 2010 Financial Stability Board report on Intensity and Effectiveness of SIFI
Supervision; the January 2010 Joint Forum report on Review of the Differentiated Nature and Scope of
Financial Regulation – Key Issues and Recommendations; and the October 2009 Senior Supervisors Group
report on Risk Management Lessons from the Global Banking Crisis of 2008.
6. Important enhancements have been introduced into the individual Core Principles,
particularly in those areas that are necessary to strengthen supervisory practices and risk
management. Various additional criteria have been upgraded to essential criteria as a result,
while new assessment criteria were warranted in other instances. Close attention was given
to addressing many of the significant risk management weaknesses and other vulnerabilities
highlighted in the last crisis. In addition, the review has taken account of several key trends
and developments that emerged during the last few years of market turmoil: the need for
greater intensity and resources to deal effectively with systemically important banks; the
importance of applying a system-wide, macro perspective to the microprudential supervision
of banks to assist in identifying, analysing and taking pre-emptive action to address systemic
risk; and the increasing focus on effective crisis management, recovery and resolution
measures in reducing both the probability and impact of a bank failure. The Committee has
sought to give appropriate emphasis to these emerging issues by embedding them into the
Core Principles, as appropriate, and including specific references under each relevant
Principle.
8. At present, the grading of compliance with the Core Principles is based solely on the
essential criteria. To provide incentives to jurisdictions, particularly those that are important
financial centres, to lead the way in the adoption of the highest supervisory standards, the
revised Core Principles will allow countries the additional option of voluntarily choosing to be
assessed and graded against the essential and additional criteria. In the same spirit of
promoting full and robust implementation, the Committee has retained the existing four-grade
scale of assessing compliance with the Core Principles. This includes the current “materially
non-compliant” grading that helps provide a strong signalling effect to relevant authorities on
remedial measures needed for addressing supervisory and regulatory shortcomings in their
countries.
4
The Core Principles Methodology was separately developed in 1999 and subsequently revised in 2006 to
provide further details and guidance on the assessment criteria and the assessment of compliance with the
Core Principles.
10. The revised Core Principles will continue to provide a comprehensive standard for
establishing a sound foundation for the regulation, supervision, governance and risk
management of the banking sector. Given the importance of consistent and effective
standards implementation, the Committee stands ready to encourage work at the national
level to implement the revised Core Principles in conjunction with other supervisory bodies
and interested parties.
12. The revised Core Principles strengthen the requirements for supervisors, the
approaches to supervision and supervisors’ expectations of banks. This is achieved through
a greater focus on effective risk-based supervision and the need for early intervention and
timely supervisory actions. Supervisors should assess the risk profile of banks, in terms of
the risks they run, the efficacy of their risk management and the risks they pose to the
banking and financial systems. This risk-based process targets supervisory resources where
they can be utilised to the best effect, focusing on outcomes as well as processes, moving
beyond passive assessment of compliance with rules.
13. The Core Principles set out the powers that supervisors should have in order to
address safety and soundness concerns. It is equally crucial that supervisors use these
powers once weaknesses or deficiencies are identified. Adopting a forward-looking approach
to supervision through early intervention can prevent an identified weakness from developing
into a threat to safety and soundness. This is particularly true for highly complex and bank-
specific issues (eg liquidity risk) where effective supervisory actions must be tailored to a
bank’s individual circumstances.
14. In its efforts to strengthen, reinforce and refocus the Core Principles, the Committee
has nonetheless remained mindful of their underlying purpose and use. The Committee’s
intention is to ensure the continued relevance of the Core Principles in providing a
benchmark for supervisory practices that will withstand the test of time and changing
environments. For this reason, this revision of the Core Principles builds upon the preceding
versions to ensure continuity and comparability as far as possible.
15. In recognition of the universal applicability of the Core Principles, the Committee
conducted its review in close cooperation with members of the Basel Consultative Group
which comprises representatives from both Committee and non-Committee member
countries and regional groups of banking supervisors, as well as the IMF, the World Bank
and the Islamic Financial Services Board. The Committee consulted the industry and public
before finalising the text.
General approach
16. The first Core Principle sets out the promotion of safety and soundness of banks
and the banking system as the primary objective for banking supervision. Jurisdictions may
assign other responsibilities to the banking supervisor provided they do not conflict with this
5
Most notably, elements of the enhanced international regulatory standards for capital and the new
international liquidity standards, both designed to promote a more resilient banking sector, have been
incorporated.
17. To fulfil their purpose, the Core Principles must be capable of application to a wide
range of jurisdictions whose banking sectors will inevitably include a broad spectrum of
banks (from large internationally active banks to small, non-complex deposit-taking
institutions). Banking systems may also offer a wide range of products or services and the
Core Principles are aligned with the general aim of catering to different financial needs. To
accommodate this breadth of application, a proportionate approach is adopted, both in terms
of the expectations on supervisors for the discharge of their own functions and in terms of the
standards that supervisors impose on banks. Consequently, the Core Principles
acknowledge that supervisors typically use a risk-based approach in which more time and
resources are devoted to larger, more complex or riskier banks. In the context of the
standards imposed by supervisors on banks, the proportionality concept is reflected in those
Principles focused on supervisors’ assessment of banks’ risk management, where the
Principles prescribe a level of supervisory expectation commensurate with a bank’s risk
profile 7 and systemic importance. 8
18. Successive revisions to existing Committee standards and guidance, and any new
standards and guidance will be designed to strengthen the regulatory regime. Supervisors
are encouraged to move towards the adoption of updated and new international supervisory
standards as they are issued.
6
The banking supervisor might, for instance, in some jurisdictions be tasked with responsibilities for: (i)
depositor protection; (ii) financial stability; (iii) consumer protection; or (iv) financial inclusion.
7
In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
8
In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global
or cross-jurisdictional activity (if any), and complexity of the bank, as set out in the November 2011 BCBS
paper Global systemically important banks: assessment methodology and the additional loss absorbency
requirement.
21. This broad financial system perspective is integral to many of the Core Principles.
For this reason, the Committee has not included a specific stand-alone Core Principle on
macroprudential issues.
23. Supervisors should also remain alert to the movement, or build-up, of financial
activities outside the regulated banking sector (the development of “shadow banking”
structures) and the potential risks this may create. Data or information on this should also be
shared with any other authorities relevant for financial stability purposes.
25. Such measures may be viewed from two perspectives: (i) the measures to be
adopted by supervisory and other authorities (including developing resolution plans and in
terms of information sharing and cooperation with other authorities, both domestic and cross-
border, to coordinate an orderly restructuring or resolution of a troubled bank); and (ii) those
9
In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries,
affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for
example non-bank (including non-financial) entities, may also be relevant. This group-wide approach to
supervision goes beyond accounting consolidation.
26. To reflect, and to emphasise, the importance of crisis management, recovery and
resolution measures, certain Core Principles include specific reference to the maintenance
and assessment of contingency arrangements. The existing Core Principle on home-host
relationships has also been strengthened to require cooperation and coordination between
home and host supervisors on crisis management and resolution for cross-border banks.
28. Similarly, the crisis served to underline the importance of disclosure and
transparency in maintaining confidence in banks by allowing market participants to
understand better a bank’s risk profile and thereby reduce market uncertainties about the
bank’s financial strength. In recognition of this, a new Core Principle has been added to
provide more direction on supervisory practices in this area.
Assessment
30. The Core Principles establish a level of sound supervisory practice that can be used
as a benchmark by supervisors to assess the quality of their supervisory systems. They are
also used by the IMF and the World Bank, in the context of the Financial Sector Assessment
Programme (FSAP), to assess the effectiveness of countries’ banking supervisory systems
and practices.
31. This revision of the Core Principles retains the previous practice of including both
essential criteria and additional criteria as part of the assessment methodology. Essential
criteria set out minimum baseline requirements for sound supervisory practices and are of
universal applicability to all countries. An assessment of a country against the essential
criteria must, however, recognise that its supervisory practices should be commensurate with
32. Effective banking supervisory practices are not static. They evolve over time as
lessons are learned and banking business continues to develop and expand. Supervisors are
often swift to encourage banks to adopt “best practice” and supervisors should demonstrably
“practice what they preach” in terms of seeking to move continually towards the highest
supervisory standards. To reinforce this aspiration, the additional criteria in the Core
Principles set out supervisory practices that exceed current baseline expectations but which
will contribute to the robustness of individual supervisory frameworks. As supervisory
practices evolve, it is expected that upon each revision of the Core Principles, a number of
additional criteria will migrate to become essential criteria as expectations on baseline
standards change. The use of essential criteria and additional criteria will, in this sense,
contribute to the continuing relevance of the Core Principles over time.
33. In the past, countries were graded only against the essential criteria, although they
could volunteer to be assessed against the additional criteria too and benefit from assessors’
commentary on how supervisory practices could be enhanced. In future, countries
undergoing assessments by the IMF and/or the World Bank can elect to be graded against
the essential and additional criteria. It is anticipated that this will provide incentives to
jurisdictions, particularly those that are important financial centres, to lead the way in the
adoption of the highest supervisory standards. As with the essential criteria, any assessment
against additional criteria should recognise the concept of proportionality as discussed
above.
34. Moreover, it is important to bear in mind that some tasks, such as a correct
assessment of the macroeconomic environment and the detection of the build-up of
dangerous trends, do not lend themselves to a rigid compliant/non-compliant structure.
Although these tasks may be difficult to assess, supervisors should make assessments that
are as accurate as possible given the information available at the time and take reasonable
actions to address and mitigate such risks.
10
See paragraph 61 on grading definitions.
37. Core Principle 29 dealing with the Abuse of Financial Services includes, among
other things, supervision of banks’ anti-money laundering/combating the financing of
terrorism (AML/CFT) controls. The Committee recognises that assessments against this
Core Principle will inevitably, for some countries, involve a degree of duplication with the
mutual evaluation process of the Financial Action Task Force (FATF). To address this, where
an evaluation has recently been conducted by the FATF on a given country, FSAP assessors
may rely on that evaluation and focus their own review on the actions taken by supervisors to
address any shortcomings identified by the FATF. In the absence of any recent FATF
evaluation, FSAP assessors will continue to assess countries’ supervision of banks’
AML/CFT controls.
40. The revised Core Principles define 29 principles that are needed for a supervisory
system to be effective. Those principles are broadly categorised into two groups: the first
group (Principles 1 to 13) focus on powers, responsibilities and functions of supervisors,
while the second group (Principles 14 to 29) focus on prudential regulations and
requirements for banks. The original Principle 1 has been divided into three separate
Principles, while new Principles related to corporate governance, and disclosure and
transparency, have been added. This accounts for the increase from 25 to 29 Principles.
11
The Core Principles are conceived as a voluntary framework of minimum standards for sound supervisory
practices; national authorities are free to put in place supplementary measures that they deem necessary to
achieve effective supervision in their jurisdictions.
42. The Core Principles are neutral with regard to different approaches to supervision,
so long as the overriding goals are achieved. They are not designed to cover all the needs
and circumstances of every banking system. Instead, specific country circumstances should
be more appropriately considered in the context of the assessments and in the dialogue
between assessors and country authorities.
43. National authorities should apply the Core Principles in the supervision of all
banking organisations within their jurisdictions. 12 Individual countries, in particular those with
advanced markets and banks, may expand upon the Core Principles in order to achieve best
supervisory practice.
44. A high degree of compliance with the Core Principles should foster overall financial
system stability; however, this will not guarantee it, nor will it prevent the failure of banks.
Banking supervision cannot, and should not, provide an assurance that banks will not fail. In
a market economy, failures are part of risk-taking.
45. The Committee stands ready to encourage work at the national level to implement
the Core Principles in conjunction with other supervisory bodies and interested parties. The
Committee invites the international financial institutions and donor agencies to use the Core
Principles in assisting individual countries to strengthen their supervisory arrangements. The
12
In countries where non-bank financial institutions provide deposit and lending services similar to those of
banks, many of the Principles set out in this document would also be appropriate to such non-bank financial
institutions. However, it is also acknowledged that some of these categories of institutions may be regulated
differently from banks as long as they do not hold, collectively, a significant proportion of deposits in a financial
system.
13
Examples of such policies include accumulation of large quantities of government securities; reduced access
to capital markets due to government controls or growing imbalances; degradation in asset quality after loose
monetary policies; and government-directed lending or forbearance requirements as an economic policy
response to deteriorating economic conditions.
14
The aim of assessments is, however, not for ranking supervisory systems. Please refer to paragraph 35.
15
The Committee has issued guidelines for performing self-assessments: Conducting a supervisory self-
assessment – practical application, Basel, April 2001.
16
The regular reports by the IMF and the World Bank on the lessons drawn from assessment experiences as
part of FSAP exercises constitute a useful source of information which has been used as an input to improve
the Principles.
59. To assess compliance with a Principle, this methodology proposes a set of essential
and additional assessment criteria for each Principle. By default, for the purposes of grading,
the essential criteria are the only elements on which to gauge full compliance with a Core
Principle. The additional criteria are suggested best practices that countries having advanced
banks should aim for. Going forward, countries will have the following three assessment
options:
(i) Unless the country explicitly opts for any other option, compliance with the Core
Principles will be assessed and graded only with reference to the essential criteria;
(ii) A country may voluntarily choose to be assessed against the additional criteria, in
order to identify areas in which it could enhance its regulation and supervision
further and benefit from assessors’ commentary on how it could be achieved.
However, compliance with the Core Principles will still be graded only with reference
to the essential criteria; or
(iii) To accommodate countries that further seek to attain best supervisory practices, a
country may voluntarily choose to be assessed and graded against the additional
criteria, in addition to the essential criteria.
60. For assessments of the Core Principles by external parties, 17 the following four-
grade scale will be used: compliant, largely compliant, materially non-compliant, and non-
compliant. A “not applicable” grading can be used under certain circumstances as described
in paragraph 62.
17
While gradings of self-assessments may provide useful information to the authorities, these are not mandatory
as the assessors will arrive at their own independent judgment.
18
For the purpose of grading, references to the term “essential criteria” in this paragraph would include
additional criteria in the case of a country that has volunteered to be assessed and graded against the
additional criteria.
62. In addition, a Principle will be considered “not applicable” when, in the view of the
assessor, the Principle does not apply given the structural, legal and institutional features of
a country. In some instances countries have argued that in the case of certain embryonic or
immaterial banking activities, which were not being supervised, an assessment of “not
applicable” should have been given, rather than “non-compliant”. This is an issue for
judgment by the assessor, although activities that are relatively insignificant at the time of
assessment may later assume greater importance and authorities need to be aware of, and
prepared for, such developments. The supervisory system should permit such activities to be
monitored, even if no regulation or supervision is considered immediately necessary. “Not
applicable” would be an appropriate assessment if the supervisors are aware of the
phenomenon, and would be capable of taking action, but there is realistically no chance that
the activities will grow sufficiently in volume to pose a risk.
63. Grading is not an exact science and the Core Principles can be met in different
ways. The assessment criteria should not be seen as a checklist approach to compliance but
as a qualitative exercise. Compliance with some criteria may be more critical for
effectiveness of supervision, depending on the situation and circumstances in a given
jurisdiction. Hence, the number of criteria complied with is not always an indication of the
overall compliance rating for any given Principle. Emphasis should be placed on the
commentary that should accompany each Principle grading, rather than on the grading itself.
The primary goal of the exercise is not to apply a “grade” but rather to focus authorities on
areas needing attention in order to set the stage for improvements and develop an action
plan that prioritises the improvements needed to achieve full compliance with the Core
Principles.
64. The assessment should also include the assessors’ opinion on how weaknesses in
the preconditions for effective banking supervision, as discussed in paragraphs 46-53, hinder
effective supervision and how effectively supervisory measures mitigate these weaknesses.
This opinion should be qualitative rather than providing any kind of graded assessment.
Recommendations with regard to the preconditions should not be part of the action plan
associated with the Core Principles assessment, but should be included for instance in other
general recommendations for strengthening the environment of financial sector supervision.
65. The Core Principles are minimum standards to be applied by all banking
supervisors. In implementing some of them, supervisors will need to take into account the
risk profile and systemic importance of individual banks, particularly for those Core Principles
where supervisors have to determine the adequacy of banks' risk management policies and
processes.
67. First, when conducting an assessment, the assessor must have free access to a
range of information and interested parties. The required information may include not only
published information, such as the relevant laws, regulations and policies, but also more
sensitive information, such as any self-assessments, operational guidelines for supervisors
and, where possible, supervisory assessments of individual banks. This information should
be provided as long as it does not violate legal requirements for supervisors to hold such
information confidential. Experience from assessments has shown that secrecy issues can
often be solved through ad hoc arrangements between the assessor and the assessed
authority. The assessor will need to meet with a range of individuals and organisations,
including the banking supervisory authority or authorities, other domestic supervisory
authorities, any relevant government ministries, bankers and bankers’ associations, auditors
and other financial sector participants. Special note should be made of instances when any
required information is not provided, as well as of what impact this might have on the
accuracy of the assessment.
68. Second, the assessment of compliance with each Core Principle requires the
evaluation of a chain of related requirements which, depending on the Principle, may
encompass law, prudential regulation, supervisory guidelines, on-site examinations and off-
site analysis, supervisory reporting and public disclosures, and evidence of enforcement or
non-enforcement. Further, the assessment must ensure that the requirements are put into
practice. This also requires assessing whether the supervisory authority has the necessary
operational autonomy, skills, resources and commitment to implement the Core Principles.
69. Third, assessments should not focus solely on deficiencies but should also highlight
specific achievements. This approach will provide a better picture of the effectiveness of
banking supervision.
70. Fourth, there are certain jurisdictions where non-bank financial institutions that are
not part of a supervised banking group engage in some bank-like activities; these institutions
may make up a significant portion of the total financial system and may be largely
unsupervised. Since the Core Principles deal specifically with banking supervision, they
cannot be used for formal assessments of these non-bank financial institutions. However, the
assessment report should, at a minimum, mention those activities where non-banks have an
impact on the supervised banks and the potential problems that may arise as a result of non-
bank activities.
73. The individual assessment criteria are based on sound supervisory practices
already established, even if they are not yet fully implemented. Where appropriate, the
documents on which the criteria are founded have been cited.
Essential criteria
1. The responsibilities and objectives of each of the authorities involved in banking
supervision 21 are clearly defined in legislation and publicly disclosed. Where more
than one authority is responsible for supervising the banking system, a credible and
publicly available framework is in place to avoid regulatory and supervisory gaps.
3. Laws and regulations provide a framework for the supervisor to set and enforce
minimum prudential standards for banks and banking groups. The supervisor has
19
In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries,
affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for
example non-bank (including non-financial) entities, may also be relevant. This group-wide approach to
supervision goes beyond accounting consolidation.
20
The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the
subsequent Principles.
21
Such authority is called “the supervisor” throughout this paper, except where the longer form “the banking
supervisor” has been necessary for clarification.
(a) have full access to banks’ and banking groups’ Boards, management, staff
and records in order to review compliance with internal rules and limits as well
as external laws and regulations;
(b) review the overall activities of a banking group, both domestic and cross-
border; and
(c) supervise the foreign activities of banks incorporated in its jurisdiction.
7. The supervisor has the power to review the activities of parent companies and of
companies affiliated with parent companies to determine their impact on the safety
and soundness of the bank and the banking group.
Essential criteria
1. The operational independence, accountability and governance of the supervisor are
prescribed in legislation and publicly disclosed. There is no government or industry
interference that compromises the operational independence of the supervisor. The
22
In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.
23
In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global
or cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global
systemically important banks: assessment methodology and the additional loss absorbency requirement,
November 2011.
2. The process for the appointment and removal of the head(s) of the supervisory
authority and members of its governing body is transparent. The head(s) of the
supervisory authority is (are) appointed for a minimum term and is removed from
office during his/her term only for reasons specified in law or if (s)he is not physically
or mentally capable of carrying out the role or has been found guilty of misconduct.
The reason(s) for removal is publicly disclosed.
4. The supervisor has effective internal governance and communication processes that
enable supervisory decisions to be taken at a level appropriate to the significance of
the issue and timely decisions to be taken in the case of an emergency. The
governing body is structured to avoid any real or perceived conflicts of interest.
5. The supervisor and its staff have credibility based on their professionalism and
integrity. There are rules on how to avoid conflicts of interest and on the appropriate
use of information obtained through work, with sanctions in place if these are not
followed.
6. The supervisor has adequate resources for the conduct of effective supervision and
oversight. It is financed in a manner that does not undermine its autonomy or
operational independence. This includes:
(a) a budget that provides for staff in sufficient numbers and with skills
commensurate with the risk profile and systemic importance of the banks and
banking groups supervised;
(b) salary scales that allow it to attract and retain qualified staff;
(c) the ability to commission external experts with the necessary professional
skills and independence, and subject to necessary confidentiality restrictions
to conduct supervisory tasks;
(d) a budget and programme for the regular training of staff;
(e) a technology budget sufficient to equip its staff with the tools needed to
supervise the banking industry and assess individual banks and banking
groups; and
(f) a travel budget that allows appropriate on-site work, effective cross-border
cooperation and participation in domestic and international meetings of
significant relevance (eg supervisory colleges).
7. As part of their annual resource planning exercise, supervisors regularly take stock
of existing skills and projected requirements over the short- and medium-term,
taking into account relevant emerging supervisory practices. Supervisors review and
implement measures to bridge any gaps in numbers and/or skill-sets identified.
24
Please refer to Principle 1, Essential Criterion 1.
9. Laws provide protection to the supervisor and its staff against lawsuits for actions
taken and/or omissions made while discharging their duties in good faith. The
supervisor and its staff are adequately protected against the costs of defending their
actions and/or omissions made while discharging their duties in good faith.
Essential criteria
1. Arrangements, formal or informal, are in place for cooperation, including analysis
and sharing of information, and undertaking collaborative work, with all domestic
authorities with responsibility for the safety and soundness of banks, other financial
institutions and/or the stability of the financial system. There is evidence that these
arrangements work in practice, where necessary.
4. The supervisor receiving confidential information from other supervisors uses the
confidential information for bank-specific or system-wide supervisory purposes only.
The supervisor does not disclose confidential information received to third parties
without the permission of the supervisor providing the information and is able to
deny any demand (other than a court order or mandate from a legislative body) for
confidential information in its possession. In the event that the supervisor is legally
compelled to disclose confidential information it has received from another
supervisor, the supervisor promptly notifies the originating supervisor, indicating
what information it is compelled to release and the circumstances surrounding the
release. Where consent to passing on confidential information is not given, the
supervisor uses all reasonable means to resist such a demand or protect the
confidentiality of the information.
25
Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host
relationships” (13) and “Abuse of financial services” (29).
Essential criteria
1. The term “bank” is clearly defined in laws or regulations.
2. The permissible activities of institutions that are licensed and subject to supervision
as banks are clearly defined either by supervisors, or in laws or regulations.
3. The use of the word “bank” and any derivations such as “banking” in a name,
including domain names, is limited to licensed and supervised institutions in all
circumstances where the general public might otherwise be misled.
4. The taking of deposits from the public is reserved for institutions that are licensed
and subject to supervision as banks. 26
26
The Committee recognises the presence in some countries of non-banking financial institutions that take
deposits but may be regulated differently from banks. These institutions should be subject to a form of
regulation commensurate to the type and size of their business and, collectively, should not hold a significant
proportion of deposits in the financial system.
27
This document refers to a governance structure composed of a board and senior management. The
Committee recognises that there are significant differences in the legislative and regulatory frameworks across
countries regarding these functions. Some countries use a two-tier board structure, where the supervisory
function of the board is performed by a separate entity known as a supervisory board, which has no executive
functions. Other countries, in contrast, use a one-tier board structure in which the board has a broader role.
Owing to these differences, this document does not advocate a specific board structure. Consequently, in this
document, the terms “board” and “senior management” are only used as a way to refer to the oversight
function and the management function in general and should be interpreted throughout the document in
accordance with the applicable law within each jurisdiction.
2. Laws or regulations give the licensing authority the power to set criteria for licensing
banks. If the criteria are not fulfilled or if the information provided is inadequate, the
licensing authority has the power to reject an application. If the licensing authority or
supervisor determines that the licence was based on false information, the licence
can be revoked.
3. The criteria for issuing licences are consistent with those applied in ongoing
supervision.
4. The licensing authority determines that the proposed legal, managerial, operational
and ownership structures of the bank and its wider group will not hinder effective
supervision on both a solo and a consolidated basis. 28 The licensing authority also
determines, where appropriate, that these structures will not hinder effective
implementation of corrective measures in the future.
5. The licensing authority identifies and determines the suitability of the bank’s major
shareholders, including the ultimate beneficial owners, and others that may exert
significant influence. It also assesses the transparency of the ownership structure,
the sources of initial capital and the ability of shareholders to provide additional
financial support, where needed.
8. The licensing authority reviews the proposed strategic and operating plans of the
bank. This includes determining that an appropriate system of corporate
governance, risk management and internal controls, including those related to the
detection and prevention of criminal activities, as well as the oversight of proposed
28
Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January
2003.)
29
Please refer to Principle 14, Essential Criterion 8.
9. The licensing authority reviews pro forma financial statements and projections of the
proposed bank. This includes an assessment of the adequacy of the financial
strength to support the proposed strategic plan as well as financial information on
the principal shareholders of the bank.
10. In the case of foreign banks establishing a branch or subsidiary, before issuing a
licence, the host supervisor establishes that no objection (or a statement of no
objection) from the home supervisor has been received. For cross-border banking
operations in its country, the host supervisor determines whether the home
supervisor practices global consolidated supervision.
11. The licensing authority or supervisor has policies and processes to monitor the
progress of new entrants in meeting their business and strategic goals, and to
determine that supervisory requirements outlined in the licence approval are being
met.
(Reference documents: 32 Parallel-owned banking structures, January 2003; and Shell banks
and booking offices, January 2003.)
Essential criteria
1. Laws or regulations contain clear definitions of “significant ownership” and
“controlling interest”.
3. The supervisor has the power to reject any proposal for a change in significant
ownership, including beneficial ownership, or controlling interest, or prevent the
exercise of voting rights in respect of such investments to ensure that any change in
significant ownership meets criteria comparable to those used for licensing banks. If
the supervisor determines that the change in significant ownership was based on
false information, the supervisor has the power to reject, modify or reverse the
change in significant ownership.
30
Please refer to Principle 29.
31
While the term “supervisor” is used throughout Principle 6, the Committee recognises that in a few countries
these issues might be addressed by a separate licensing authority.
32
Unless otherwise noted, all reference documents are BCBS documents.
5. The supervisor has the power to take appropriate action to modify, reverse or
otherwise address a change of control that has taken place without the necessary
notification to or approval from the supervisor.
6. Laws or regulations or the supervisor require banks to notify the supervisor as soon
as they become aware of any material information which may negatively affect the
suitability of a major shareholder or a party that has a controlling interest.
Essential criteria
1. Laws or regulations clearly define:
(a) what types and amounts (absolute and/or in relation to a bank’s capital) of
acquisitions and investments need prior supervisory approval; and
(b) cases for which notification after the acquisition or investment is sufficient.
Such cases are primarily activities closely related to banking and where the
investment is small relative to the bank’s capital.
3. Consistent with the licensing requirements, among the objective criteria that the
supervisor uses is that any new acquisitions and investments do not expose the
bank to undue risks or hinder effective supervision. The supervisor also determines,
where appropriate, that these new acquisitions and investments will not hinder
effective implementation of corrective measures in the future. 33 The supervisor can
prohibit banks from making major acquisitions/investments (including the
establishment of cross-border banking operations) in countries with laws or
regulations prohibiting information flows deemed necessary for adequate
consolidated supervision. The supervisor takes into consideration the effectiveness
of supervision in the host country and its own ability to exercise supervision on a
consolidated basis.
4. The supervisor determines that the bank has, from the outset, adequate financial,
managerial and organisational resources to handle the acquisition/investment.
33
In the case of major acquisitions, this determination may take into account whether the acquisition or
investment creates obstacles to the orderly resolution of the bank.
Additional criterion
1. The supervisor reviews major acquisitions or investments by other entities in the
banking group to determine that these do not expose the bank to any undue risks or
hinder effective supervision. The supervisor also determines, where appropriate,
that these new acquisitions and investments will not hinder effective implementation
of corrective measures in the future. 34 Where necessary, the supervisor is able to
effectively address the risks to the bank arising from such acquisitions or
investments.
Essential criteria
1. The supervisor uses a methodology for determining and assessing on an ongoing
basis the nature, impact and scope of the risks:
(a) which banks or banking groups are exposed to, including risks posed by
entities in the wider group; and
(b) which banks or banking groups present to the safety and soundness of the
banking system.
The methodology addresses, among other things, the business focus, group
structure, risk profile, internal control environment and the resolvability of banks, and
permits relevant comparisons between banks. The frequency and intensity of
supervision of banks and banking groups reflect the outcome of this analysis.
2. The supervisor has processes to understand the risk profile of banks and banking
groups and employs a well defined methodology to establish a forward-looking view
of the profile. The nature of the supervisory work on each bank is based on the
results of this analysis.
3. The supervisor assesses banks’ and banking groups’ compliance with prudential
regulations and other legal requirements.
4. The supervisor takes the macroeconomic environment into account in its risk
assessment of banks and banking groups. The supervisor also takes into account
34
Please refer to footnote 33 under Principle 7, Essential Criterion 3.
6. Drawing on information provided by the bank and other national supervisors, the
supervisor, in conjunction with the resolution authority, assesses the bank’s
resolvability where appropriate, having regard to the bank’s risk profile and systemic
importance. When bank-specific barriers to orderly resolution are identified, the
supervisor requires, where necessary, banks to adopt appropriate measures, such
as changes to business strategies, managerial, operational and ownership
structures, and internal procedures. Any such measures take into account their
effect on the soundness and stability of ongoing business.
7. The supervisor has a clear framework or process for handling banks in times of
stress, such that any decisions to require or undertake recovery or resolution actions
are made in a timely manner.
8. Where the supervisor becomes aware of bank-like activities being performed fully or
partially outside the regulatory perimeter, the supervisor takes appropriate steps to
draw the matter to the attention of the responsible authority. Where the supervisor
becomes aware of banks restructuring their activities to avoid the regulatory
perimeter, the supervisor takes appropriate steps to address this.
Essential criteria
1. The supervisor employs an appropriate mix of on-site35 and off-site 36 supervision to
evaluate the condition of banks and banking groups, their risk profile, internal control
environment and the corrective measures necessary to address supervisory
concerns. The specific mix between on-site and off-site supervision may be
35
On-site work is used as a tool to provide independent verification that adequate policies, procedures and
controls exist at banks, determine that information reported by banks is reliable, obtain additional information
on the bank and its related companies needed for the assessment of the condition of the bank, monitor the
bank’s follow-up on supervisory concerns, etc.
36
Off-site work is used as a tool to regularly review and analyse the financial condition of banks, follow up on
matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope
of further off-site and on-site work, etc.
2. The supervisor has a coherent process for planning and executing on-site and off-
site activities. There are policies and processes to ensure that such activities are
conducted on a thorough and consistent basis with clear responsibilities, objectives
and outputs, and that there is effective coordination and information sharing
between the on-site and off-site functions.
3. The supervisor uses a variety of information to regularly review and assess the
safety and soundness of banks, the evaluation of material risks, and the
identification of necessary corrective actions and supervisory actions. This includes
information, such as prudential reports, statistical returns, information on a bank’s
related entities, and publicly available information. The supervisor determines that
information provided by banks is reliable 37 and obtains, as necessary, additional
information on the banks and their related entities.
4. The supervisor uses a variety of tools to regularly review and assess the safety and
soundness of banks and the banking system, such as:
(a) analysis of financial statements and accounts;
(b) business model analysis;
(c) horizontal peer reviews;
(d) review of the outcome of stress tests undertaken by the bank; and
(e) analysis of corporate governance, including risk management and internal
control systems.
The supervisor communicates its findings to the bank as appropriate and requires
the bank to take action to mitigate any particular vulnerabilities that have the
potential to affect its safety and soundness. The supervisor uses its analysis to
determine follow-up work required, if any.
6. The supervisor evaluates the work of the bank’s internal audit function, and
determines whether, and to what extent, it may rely on the internal auditors’ work to
identify areas of potential risk.
37
Please refer to Principle 10.
8. The supervisor communicates to the bank the findings of its on- and off-site
supervisory analyses in a timely manner by means of written reports or through
discussions or meetings with the bank’s management. The supervisor meets with
the bank’s senior management and the Board to discuss the results of supervisory
examinations and the external audits, as appropriate. The supervisor also meets
separately with the bank’s independent Board members, as necessary.
9. The supervisor undertakes appropriate and timely follow-up to check that banks
have addressed supervisory concerns or implemented requirements communicated
to them. This includes early escalation to the appropriate level of the supervisory
authority and to the bank’s Board if action points are not addressed in an adequate
or timely manner.
10. The supervisor requires banks to notify it in advance of any substantive changes in
their activities, structure and overall condition, or as soon as they become aware of
any material adverse developments, including breach of legal or prudential
requirements.
11. The supervisor may make use of independent third parties, such as auditors,
provided there is a clear and detailed mandate for the work. However, the
supervisor cannot outsource its prudential responsibilities to third parties. When
using third parties, the supervisor assesses whether the output can be relied upon to
the degree intended and takes into consideration the biases that may influence third
parties.
12. The supervisor has an adequate information system which facilitates the processing,
monitoring and analysis of prudential information. The system aids the identification
of areas requiring follow-up action.
Additional criterion
1. The supervisor has a framework for periodic independent review, for example by an
internal audit function or third party assessor, of the adequacy and effectiveness of
the range of its available supervisory tools and their use, and makes changes as
appropriate.
38
In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to
required accounting reports. The former are addressed by this Principle, and the latter are addressed in
Principle 27.
2. The supervisor provides reporting instructions that clearly describe the accounting
standards to be used in preparing supervisory reports. Such standards are based on
accounting principles and rules that are widely accepted internationally.
3. The supervisor requires banks to have sound governance structures and control
processes for methodologies that produce valuations. The measurement of fair
values maximises the use of relevant and reliable inputs and are consistently
applied for risk management and reporting purposes. The valuation framework and
control procedures are subject to adequate independent validation and verification,
either internally or by an external expert. The supervisor assesses whether the
valuation used for regulatory purposes is reliable and prudent. Where the supervisor
determines that valuations are not sufficiently prudent, the supervisor requires the
bank to make adjustments to its reporting for capital adequacy or regulatory
reporting purposes.
5. In order to make meaningful comparisons between banks and banking groups, the
supervisor collects data from all banks and all relevant entities covered by
consolidated supervision on a comparable basis and related to the same dates
(stock data) and periods (flow data).
6. The supervisor has the power to request and receive any relevant information from
banks, as well as any entities in the wider group, irrespective of their activities,
where the supervisor believes that it is material to the condition of the bank or
banking group, or to the assessment of the risks of the bank or banking group or is
needed to support resolution planning. This includes internal management
information.
7. The supervisor has the power to access 40 all bank records for the furtherance of
supervisory work. The supervisor also has similar access to the bank’s Board,
management and staff, when required.
8. The supervisor has a means of enforcing compliance with the requirement that the
information be submitted on a timely and accurate basis. The supervisor determines
the appropriate level of the bank’s senior management is responsible for the
accuracy of supervisory returns, imposes sanctions for misreporting and persistent
errors, and requires that inaccurate information be amended.
39
Please refer to Principle 2.
40
Please refer to Principle 1, Essential Criterion 5.
10. The supervisor clearly defines and documents the roles and responsibilities of
external experts, 42 including the scope of the work, when they are appointed to
conduct supervisory tasks. The supervisor assesses the suitability of experts for the
designated task(s) and the quality of the work and takes into consideration conflicts
of interest that could influence the output/recommendations by external experts.
External experts may be utilised for routine validation or to examine specific aspects
of banks’ operations.
11. The supervisor requires that external experts bring to its attention promptly any
material shortcomings identified during the course of any work undertaken by them
for supervisory purposes.
12. The supervisor has a process in place to periodically review the information collected
to determine that it satisfies a supervisory need.
Essential criteria
1. The supervisor raises supervisory concerns with the bank’s management or, where
appropriate, the bank’s Board, at an early stage, and requires that these concerns
be addressed in a timely manner. Where the supervisor requires the bank to take
significant corrective actions, these are addressed in a written document to the
bank’s Board. The supervisor requires the bank to submit regular written progress
reports and checks that corrective actions are completed satisfactorily. The
supervisor follows through conclusively and in a timely manner on matters that are
identified.
2. The supervisor has available 43 an appropriate range of supervisory tools for use
when, in the supervisor’s judgement, a bank is not complying with laws, regulations
or supervisory actions, is engaged in unsafe or unsound practices or in activities that
41
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
42
May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the
supervisor, yet it is ultimately the supervisor that must be satisfied with the results of the reviews conducted by
such external experts.
43
Please refer to Principle 1.
3. The supervisor has the power to act where a bank falls below established regulatory
threshold requirements, including prescribed regulatory ratios or measurements.
The supervisor also has the power to intervene at an early stage to require a bank to
take action to prevent it from reaching its regulatory threshold requirements. The
supervisor has a range of options to address such scenarios.
5. The supervisor applies sanctions not only to the bank but, when and if necessary,
also to management and/or the Board, or individuals therein.
6. The supervisor has the power to take corrective actions, including ring-fencing of the
bank from the actions of parent companies, subsidiaries, parallel-owned banking
structures and other related entities in matters that could impair the safety and
soundness of the bank or the banking system.
Additional criteria
1. Laws or regulations guard against the supervisor unduly delaying appropriate
corrective actions.
2. When taking formal corrective action in relation to a bank, the supervisor informs the
supervisor of non-bank related financial entities of its actions and, where
appropriate, coordinates its actions with them.
Essential criteria
1. The supervisor understands the overall structure of the banking group and is familiar
with all the material activities (including non-banking activities) conducted by entities
in the wider group, both domestic and cross-border. The supervisor understands
and assesses how group-wide risks are managed and takes action when risks
arising from the banking group and other entities in the wider group, in particular
contagion and reputation risks, may jeopardise the safety and soundness of the
bank and the banking system.
2. The supervisor imposes prudential standards and collects and analyses financial
and other information on a consolidated basis for the banking group, covering areas
such as capital adequacy, liquidity, large exposures, exposures to related parties,
lending limits and group structure.
4 The home supervisor visits the foreign offices periodically, the location and
frequency being determined by the risk profile and systemic importance of the
foreign operation. The supervisor meets the host supervisors during these visits.
The supervisor has a policy for assessing whether it needs to conduct on-site
examinations of a bank’s foreign operations, or require additional reporting, and has
the power and resources to take those steps as and when appropriate.
5. The supervisor reviews the main activities of parent companies, and of companies
affiliated with the parent companies, that have a material impact on the safety and
soundness of the bank and the banking group, and takes appropriate supervisory
action.
44
Please refer to footnote 19 under Principle 1.
45
When assessing compliance with the Core Principles, this reference document is only relevant for banks and
countries which have implemented Basel II.
(a) the safety and soundness of the bank and banking group is compromised
because the activities expose the bank or banking group to excessive risk
and/or are not properly managed;
(b) the supervision by other supervisors is not adequate relative to the risks the
activities present; and/or
(c) the exercise of effective supervision on a consolidated basis is hindered.
Additional criterion
1. For countries which allow corporate ownership of banks, the supervisor has the
power to establish and enforce fit and proper standards for owners and senior
management of parent companies.
(Reference documents: FSB Key Attributes for Effective Resolution Regimes, November
2011; Good practice principles on supervisory colleges, October 2010; Home-host
information sharing for effective Basel II implementation, June 2006 47 ; The high-level
principles for the cross-border implementation of the New Accord, August 2003; Shell banks
and booking offices, January 2003; Report on Cross-Border Banking Supervision, June
1996; Information flows between Banking Supervisory Authorities, April 1990; and Principles
for the supervision of banks' foreign establishments (Concordat), May 1983.)
Essential criteria
1. The home supervisor establishes bank-specific supervisory colleges for banking
groups with material cross-border operations to enhance its effective oversight,
taking into account the risk profile and systemic importance of the banking group
and the corresponding needs of its supervisors. In its broadest sense, the host
supervisor who has a relevant subsidiary or a significant branch in its jurisdiction
and who, therefore, has a shared interest in the effective supervisory oversight of
46
Please refer to Principle 16, Additional Criterion 2.
47
When assessing compliance with the Core Principles, this reference document is only relevant for banks and
countries which have implemented Basel II.
2. Home and host supervisors share appropriate information on a timely basis in line
with their respective roles and responsibilities, both bilaterally and through colleges.
This includes information both on the material risks and risk management practices
of the banking group 48 and on the supervisors’ assessments of the safety and
soundness of the relevant entity under their jurisdiction. Informal or formal
arrangements (such as memoranda of understanding) are in place to enable the
exchange of confidential information.
3. Home and host supervisors coordinate and plan supervisory activities or undertake
collaborative work if common areas of interest are identified in order to improve the
effectiveness and efficiency of supervision of cross-border banking groups.
4. The home supervisor develops an agreed communication strategy with the relevant
host supervisors. The scope and nature of the strategy reflects the risk profile and
systemic importance of the cross-border operations of the bank or banking group.
Home and host supervisors also agree on the communication of views and
outcomes of joint activities and college meetings to banks, where appropriate, to
ensure consistency of messages on group-wide issues.
5. Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities, develops a framework for
cross-border crisis cooperation and coordination among the relevant home and host
authorities. The relevant authorities share information on crisis preparations from an
early stage in a way that does not materially compromise the prospect of a
successful resolution and subject to the application of rules on confidentiality.
6. Where appropriate, due to the bank’s risk profile and systemic importance, the home
supervisor, working with its national resolution authorities and relevant host
authorities, develops a group resolution plan. The relevant authorities share any
information necessary for the development and maintenance of a credible resolution
plan. Supervisors also alert and consult relevant authorities and supervisors (both
home and host) promptly when taking any recovery and resolution measures.
7. The host supervisor’s national laws or regulations require that the cross-border
operations of foreign banks are subject to prudential, inspection and regulatory
reporting requirements similar to those for domestic banks.
8. The home supervisor is given on-site access to local offices and subsidiaries of a
banking group in order to facilitate their assessment of the group’s safety and
soundness and compliance with customer due diligence requirements. The home
supervisor informs host supervisors of intended visits to local offices and
subsidiaries of banking groups.
48
See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice
principles on supervisory colleges for further information on the extent of information sharing expected.
(Reference documents: Principles for enhancing corporate governance, October 2010 and
Compensation principles and standards assessment methodology, January 2010.)
Essential criteria
1. Laws, regulations or the supervisor establish the responsibilities of a bank’s Board
and senior management with respect to corporate governance to ensure there is
effective control over the bank’s entire business. The supervisor provides guidance
to banks and banking groups on expectations for sound corporate governance.
3. The supervisor determines that governance structures and processes for nominating
and appointing Board members are appropriate for the bank and across the banking
group. Board membership includes experienced non-executive members, where
appropriate. Commensurate with the risk profile and systemic importance, Board
structures include audit, risk oversight and remuneration committees with
experienced non-executive members.
4. Board members are suitably qualified, effective and exercise their “duty of care” and
“duty of loyalty”. 50
49
Please refer to footnote 27 under Principle 5.
50
The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional
Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of
care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the
company. Often interpreted as requiring the board member to approach the affairs of the company in the
same way that a ’prudent man’ would approach their own affairs. Liability under the duty of care is frequently
mitigated by the business judgement rule.” The OECD defines “duty of loyalty” as “The duty of the board
member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual
board members from acting in their own interest, or the interest of another individual or group, at the expense
of the company and all shareholders.”
6. The supervisor determines that the bank’s Board, except where required otherwise
by laws or regulations, has established fit and proper standards in selecting senior
management, maintains plans for succession, and actively and critically oversees
senior management’s execution of Board strategies, including monitoring senior
management’s performance against standards established for them.
7. The supervisor determines that the bank’s Board actively oversees the design and
operation of the bank’s and banking group’s compensation system, and that it has
appropriate incentives, which are aligned with prudent risk taking. The
compensation system, and related performance standards, are consistent with long-
term objectives and financial soundness of the bank and is rectified if there are
deficiencies.
8. The supervisor determines that the bank’s Board and senior management know and
understand the bank’s and banking group’s operational structure and its risks,
including those arising from the use of structures that impede transparency (eg
special-purpose or related structures). The supervisor determines that risks are
effectively managed and mitigated, where appropriate.
9. The supervisor has the power to require changes in the composition of the bank’s
Board if it believes that any individuals are not fulfilling their duties related to the
satisfaction of these criteria.
Additional criterion
1. Laws, regulations or the supervisor require banks to notify the supervisor as soon as
they become aware of any material and bona fide information that may negatively
affect the fitness and propriety of a bank’s Board member or a member of the senior
management.
51
“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in
the pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative
elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms
“risk appetite” and “risk tolerance” are treated synonymously.
52
For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk
management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure,
encompassing the bank’s individual business lines and business units. Where a bank is a member of a group
of companies, the risk management framework should in addition cover the risk exposure across and within
the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the
bank or members of the banking group through other entities in the wider group.
Essential criteria
1. The supervisor determines that banks have appropriate risk management strategies
that have been approved by the banks’ Boards and that the Boards set a suitable
risk appetite to define the level of risk the banks are willing to assume or tolerate.
The supervisor also determines that the Board ensures that:
(a) a sound risk management culture is established throughout the bank;
(b) policies and processes are developed for risk-taking, that are consistent with
the risk management strategy and the established risk appetite;
(c) uncertainties attached to risk measurement are recognised;
(d) appropriate limits are established that are consistent with the bank’s risk
appetite, risk profile and capital strength, and that are understood by, and
regularly communicated to, relevant staff; and
(e) senior management take the steps necessary to monitor and control all
material risks consistent with the approved strategies and risk appetite.
3. The supervisor determines that risk management strategies, policies, processes and
limits are:
(a) properly documented;
53
To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected
by the underlying reference documents.
54
It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’
risk management policies and processes are being adhered to, the responsibility for ensuring adherence
remains with a bank’s Board and senior management.
4. The supervisor determines that the bank’s Board and senior management obtain
sufficient information on, and understand, the nature and level of risk being taken by
the bank and how this risk relates to adequate levels of capital and liquidity. The
supervisor also determines that the Board and senior management regularly review
and understand the implications and limitations (including the risk measurement
uncertainties) of the risk management information that they receive.
5. The supervisor determines that banks have an appropriate internal process for
assessing their overall capital and liquidity adequacy in relation to their risk appetite
and risk profile. The supervisor reviews and evaluates banks’ internal capital and
liquidity adequacy assessments and strategies.
6. Where banks use models to measure components of risk, the supervisor determines
that:
(a) banks comply with supervisory standards on their use;
(b) the banks’ Boards and senior management understand the limitations and
uncertainties relating to the output of the models and the risk inherent in their
use; and
(c) banks perform regular and independent validation and testing of the models.
The supervisor assesses whether the model outputs appear reasonable as a
reflection of the risks assumed.
7. The supervisor determines that banks have information systems that are adequate
(both under normal circumstances and in periods of stress) for measuring,
assessing and reporting on the size, composition and quality of exposures on a
bank-wide basis across all risk types, products and counterparties. The supervisor
also determines that these reports reflect the bank’s risk profile and capital and
liquidity needs, and are provided on a timely basis to the bank’s Board and senior
management in a form suitable for their use.
8. The supervisor determines that banks have adequate policies and processes to
ensure that the banks’ Boards and senior management understand the risks
inherent in new products, 55 material modifications to existing products, and major
management initiatives (such as changes in systems, processes, business model
and major acquisitions). The supervisor determines that the Boards and senior
management are able to monitor and manage these risks on an ongoing basis. The
supervisor also determines that the bank’s policies and processes require the
undertaking of any major activities of this nature to be approved by their Board or a
specific committee of the Board.
55
New products include those developed by the bank or by a third party and purchased or distributed by the
bank.
10. The supervisor requires larger and more complex banks to have a dedicated risk
management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If
the CRO of a bank is removed from his/her position for any reason, this should be
done with the prior approval of the Board and generally should be disclosed publicly.
The bank should also discuss the reasons for such removal with its supervisor.
11. The supervisor issues standards related to, in particular, credit risk, market risk,
liquidity risk, interest rate risk in the banking book and operational risk.
13. The supervisor requires banks to have forward-looking stress testing programmes,
commensurate with their risk profile and systemic importance, as an integral part of
their risk management process. The supervisor regularly assesses a bank’s stress
testing programme and determines that it captures material sources of risk and
adopts plausible adverse scenarios. The supervisor also determines that the bank
integrates the results into its decision-making, risk management processes
(including contingency arrangements) and the assessment of its capital and liquidity
levels. Where appropriate, the scope of the supervisor’s assessment includes the
extent to which the stress testing programme:
(a) promotes risk identification and control, on a bank-wide basis;
(b) adopts suitably severe assumptions and seeks to address feedback effects
and system-wide interaction between risks;
(c) benefits from the active involvement of the Board and senior management;
and
(d) is appropriately documented and regularly maintained and updated.
The supervisor requires corrective action if material deficiencies are identified in a
bank’s stress testing programme or if the results of stress tests are not adequately
taken into consideration in the bank’s decision-making process.
14. The supervisor assesses whether banks appropriately account for risks (including
liquidity impacts) in their internal pricing, performance measurement and new
product approval process for all significant business activities.
(Reference documents: Revisions to the Basel II market risk framework, February 2011;
Minimum requirements to ensure loss absorbency at the point of non-viability, January 2011;
Capitalisation of bank exposures to central counterparties, July 2012; Sound practices for
backtesting counterparty credit risk models, December 2010; Guidance for national
authorities operating the countercyclical capital buffer, December 2010; Basel III: A global
regulatory framework for more resilient banks and banking systems, December 2010;
Guidelines for computing capital for incremental risk in the trading book, July 2009;
Enhancements to the Basel II framework, July 2009; Range of practices and issues in
economic capital frameworks, March 2009; International convergence of capital
measurement and capital standards: a revised framework, comprehensive version, June
2006; and International convergence of capital measurement and capital standards, July
1988.)
Essential criteria
1. Laws, regulations or the supervisor require banks to calculate and consistently
observe prescribed capital requirements, including thresholds by reference to which
a bank might be subject to supervisory action. Laws, regulations or the supervisor
define the qualifying components of capital, ensuring that emphasis is given to those
elements of capital permanently available to absorb losses on a going concern
basis.
2. At least for internationally active banks, 57 the definition of capital, the risk coverage,
the method of calculation and thresholds for the prescribed requirements are not
lower than those established in the applicable Basel standards.
3. The supervisor has the power to impose a specific capital charge and/or limits on all
material risk exposures, if warranted, including in respect of risks that the supervisor
considers not to have been adequately transferred or mitigated through transactions
56
The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel
II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a
prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required
of those jurisdictions that have declared that they have voluntarily implemented it.
57
The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and
apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and
financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply
such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in
addition, supervisors must test that banks are adequately capitalised on a stand-alone basis.
4. The prescribed capital requirements reflect the risk profile and systemic importance
of banks 59 in the context of the markets and macroeconomic conditions in which
they operate and constrain the build-up of leverage in banks and the banking sector.
Laws and regulations in a particular jurisdiction may set higher overall capital
adequacy standards than the applicable Basel requirements.
6. The supervisor has the power to require banks to adopt a forward-looking approach
to capital management (including the conduct of appropriate stress testing). 60 The
supervisor has the power to require banks:
(a) to set capital levels and manage available capital in anticipation of possible
events or changes in market conditions that could have an adverse effect; and
(b) to have in place feasible contingency arrangements to maintain or strengthen
capital positions in times of stress, as appropriate in the light of the risk profile
and systemic importance of the bank.
58
Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of
capital measurement and capital standards: a revised framework, comprehensive version, June 2006.
59
In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses,
among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital
base, (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy
of provisions and reserves to cover loss expected on its exposures and (d) the quality of its risk management
and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is
operating with the appropriate level of capital to support the risks it is running and the risks it poses.
60
“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario
analyses and reverse stress testing.
(Reference documents: Sound practices for backtesting counterparty credit risk models,
December 2010; FSB Report on Principles for Reducing Reliance on CRA Ratings, October
2010; Enhancements to the Basel II framework, July 2009; Sound credit risk assessment and
valuation for loans, June 2006; and Principles for the management of credit risk, September
2000.)
Essential criteria
1. Laws, regulations or the supervisor require banks to have appropriate credit risk
management processes that provide a comprehensive bank-wide view of credit risk
exposures. The supervisor determines that the processes are consistent with the
risk appetite, risk profile, systemic importance and capital strength of the bank, take
into account market and macroeconomic conditions and result in prudent standards
of credit underwriting, evaluation, administration and monitoring.
2. The supervisor determines that a bank’s Board approves, and regularly reviews, the
credit risk management strategy and significant policies and processes for
assuming, 65 identifying, measuring, evaluating, monitoring, reporting and controlling
or mitigating credit risk (including counterparty credit risk and associated potential
future exposure) and that these are consistent with the risk appetite set by the
Board. The supervisor also determines that senior management implements the
61
Please refer to Principle 12, Essential Criterion 7.
62
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
63
Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans
and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and
trading activities.
64
Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial
instruments.
65
“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or
counterparty risk associated with various financial instruments.
3. The supervisor requires, and regularly determines, that such policies and processes
establish an appropriate and properly controlled credit risk environment, including:
(a) a well documented and effectively implemented strategy and sound policies
and processes for assuming credit risk, without undue reliance on external
credit assessments;
(b) well defined criteria and policies and processes for approving new exposures
(including prudent underwriting standards) as well as for renewing and
refinancing existing exposures, and identifying the appropriate approval
authority for the size and complexity of the exposures;
(c) effective credit administration policies and processes, including continued
analysis of a borrower’s ability and willingness to repay under the terms of the
debt (including review of the performance of underlying assets in the case of
securitisation exposures); monitoring of documentation, legal covenants,
contractual requirements, collateral and other forms of credit risk mitigation;
and an appropriate asset grading or classification system;
(d) effective information systems for accurate and timely identification,
aggregation and reporting of credit risk exposures to the bank’s Board and
senior management on an ongoing basis;
(e) prudent and appropriate credit limits, consistent with the bank’s risk appetite,
risk profile and capital strength, which are understood by, and regularly
communicated to, relevant staff;
(f) exception tracking and reporting processes that ensure prompt action at the
appropriate level of the bank’s senior management or Board where necessary;
and
(g) effective controls (including in respect of the quality, reliability and relevancy of
data and in respect of validation procedures) around the use of models to
identify and measure credit risk and set limits.
4. The supervisor determines that banks have policies and processes to monitor the
total indebtedness of entities to which they extend credit and any risk factors that
may result in default including significant unhedged foreign exchange risk.
5. The supervisor requires that banks make credit decisions free of conflicts of interest
and on an arm’s length basis.
6. The supervisor requires that the credit policy prescribes that major credit risk
exposures exceeding a certain amount or percentage of the bank’s capital are to be
decided by the bank’s Board or senior management. The same applies to credit risk
exposures that are especially risky or otherwise not in line with the mainstream of
the bank’s activities.
7. The supervisor has full access to information in the credit and investment portfolios
and to the bank officers involved in assuming, managing, controlling and reporting
on credit risk.
8. The supervisor requires banks to include their credit risk exposures into their stress
testing programmes for risk management purposes.
(Reference documents: Sound credit risk assessment and valuation for loans, June 2006
and Principles for the management of credit risk, September 2000.)
Essential criteria
1. Laws, regulations or the supervisor require banks to formulate policies and
processes for identifying and managing problem assets. In addition, laws,
regulations or the supervisor require regular review by banks of their problem assets
(at an individual level or at a portfolio level for assets with homogenous
characteristics) and asset classification, provisioning and write-offs.
2. The supervisor determines the adequacy of a bank’s policies and processes for
grading and classifying its assets and establishing appropriate and robust
provisioning levels. The reviews supporting the supervisor’s opinion may be
conducted by external experts, with the supervisor reviewing the work of the
external experts to determine the adequacy of the bank’s policies and processes.
3. The supervisor determines that the bank’s system for classification and provisioning
takes into account off-balance sheet exposures. 68
4. The supervisor determines that banks have appropriate policies and processes to
ensure that provisions and write-offs are timely and reflect realistic repayment and
recovery expectations, taking into account market and macroeconomic conditions.
5. The supervisor determines that banks have appropriate policies and processes, and
organisational resources for the early identification of deteriorating assets, for
ongoing oversight of problem assets, and for collecting on past due obligations. For
portfolios of credit exposures with homogeneous characteristics, the exposures are
classified when payments are contractually in arrears for a minimum number of days
(eg 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to
identifying any material circumvention of the classification and provisioning
standards (eg rescheduling, refinancing or reclassification of loans).
6. The supervisor obtains information on a regular basis, and in relevant detail, or has
full access to information concerning the classification of assets and provisioning.
The supervisor requires banks to have adequate documentation to support their
classification and provisioning levels.
66
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem
assets.
67
Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit
required by a supervisor in addition to provisions (“above the line” charges to profit).
68
It is recognised that there are two different types of off-balance sheet exposures: those that can be unilaterally
cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning),
and those that cannot be unilaterally cancelled.
10. The supervisor determines that the bank’s Board obtains timely and appropriate
information on the condition of the bank’s asset portfolio, including classification of
assets, the level of provisions and reserves and major problem assets. The
information includes, at a minimum, summary results of the latest asset review
process, comparative trends in the overall quality of problem assets, and
measurements of existing or anticipated deterioration in asset quality and losses
expected to be incurred.
11. The supervisor requires that valuation, classification and provisioning, at least for
significant exposures, are conducted on an individual item basis. For this purpose,
supervisors require banks to set an appropriate threshold for the purpose of
identifying significant exposures and to regularly review the level of the threshold.
12. The supervisor regularly assesses any trends and concentrations in risk and risk
build-up across the banking sector in relation to banks’ problem assets and takes
into account any observed concentration in the risk mitigation strategies adopted by
banks and the potential effect on the efficacy of the mitigant in reducing loss. The
supervisor considers the adequacy of provisions and reserves at the bank and
banking system level in the light of this assessment.
Essential criteria
1. Laws, regulations or the supervisor require banks to have policies and processes
that provide a comprehensive bank-wide view of significant sources of concentration
risk. 70 Exposures arising from off-balance sheet as well as on-balance sheet items
and from contingent liabilities are captured.
2. The supervisor determines that a bank’s information systems identify and aggregate
on a timely basis, and facilitate active management of, exposures creating risk
concentrations and large exposure 71 to single counterparties or groups of connected
counterparties.
3. The supervisor determines that a bank’s risk management policies and processes
establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk
appetite, risk profile and capital strength, which are understood by, and regularly
communicated to, relevant staff. The supervisor also determines that the bank’s
policies and processes require all material concentrations to be regularly reviewed
and reported to the bank’s Board.
69
Connected counterparties may include natural persons as well as a group of companies related financially or
by common ownership, management or any combination thereof.
70
This includes credit concentrations through exposure to: single counterparties and groups of connected
counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided
by a single counterparty), counterparties in the same industry, economic sector or geographic region and
counterparties whose financial performance is dependent on the same activity or commodity as well as off-
balance sheet exposures (including guarantees and other commitments) and also market and other risk
concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.
71
The measure of credit exposure, in the context of large exposures to single counterparties and groups of
connected counterparties, should reflect the maximum possible loss from their failure (ie it should encompass
actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the
Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk
weights were devised as a measure of credit risk on a basket basis and their use for measuring credit
concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit
exposures, January 1991).
7. The supervisor requires banks to include the impact of significant risk concentrations
into their stress testing programmes for risk management purposes.
Additional criterion
1. In respect of credit exposure to single counterparties or groups of connected
counterparties, banks are required to adhere to the following:
(a) ten per cent or more of a bank’s capital is defined as a large exposure; and
(b) twenty-five per cent of a bank’s capital is the limit for an individual large
exposure to a private sector non-bank counterparty or a group of connected
counterparties.
Minor deviations from these limits may be acceptable, especially if explicitly
temporary or related to very small or specialised banks.
(Reference document: Principles for the management of credit risk, September 2000.)
Essential criteria
1. Laws or regulations provide, or the supervisor has the power to prescribe, a
comprehensive definition of “related parties”. This considers the parties identified in
72
Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As
of September 2012, a new Basel standard on large exposures is still under consideration.
73
Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including
their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control
over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct
and related interests, and their close family members as well as corresponding persons in affiliated
companies.
74
Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as
well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease
agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted
broadly to incorporate not only transactions that are entered into with related parties but also situations in
which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.
2. Laws, regulations or the supervisor require that transactions with related parties are
not undertaken on more favourable terms (eg in credit assessment, tenor, interest
rates, fees, amortisation schedules, requirement for collateral) than corresponding
transactions with non-related counterparties. 75
3. The supervisor requires that transactions with related parties and the write-off of
related-party exposures exceeding specified amounts or otherwise posing special
risks are subject to prior approval by the bank’s Board. The supervisor requires that
Board members with conflicts of interest are excluded from the approval process of
granting and managing related party transactions.
4. The supervisor determines that banks have policies and processes to prevent
persons benefiting from the transaction and/or persons related to such a person
from being part of the process of granting and managing the transaction.
5. Laws or regulations set, or the supervisor has the power to set on a general or case
by case basis, limits for exposures to related parties, to deduct such exposures from
capital when assessing capital adequacy, or to require collateralisation of such
exposures. When limits are set on aggregate exposures to related parties, those are
at least as strict as those for single counterparties or groups of connected
counterparties.
6. The supervisor determines that banks have policies and processes to identify
individual exposures to and transactions with related parties as well as the total
amount of exposures, and to monitor and report on them through an independent
credit review or audit process. The supervisor determines that exceptions to
policies, processes and limits are reported to the appropriate level of the bank’s
senior management and, if necessary, to the Board, for timely action. The
supervisor also determines that senior management monitors related party
transactions on an ongoing basis, and that the Board also provides oversight of
these transactions.
75
An exception may be appropriate for beneficial terms that are part of overall remuneration packages (eg staff
receiving credit at favourable rates).
Essential criteria
1. The supervisor determines that a bank’s policies and processes give due regard to
the identification, measurement, evaluation, monitoring, reporting and control or
mitigation of country risk and transfer risk. The supervisor also determines that the
processes are consistent with the risk profile, systemic importance and risk appetite
of the bank, take into account market and macroeconomic conditions and provide a
comprehensive bank-wide view of country and transfer risk exposure. Exposures
(including, where relevant, intra-group exposures) are identified, monitored and
managed on a regional and an individual country basis (in addition to the end-
borrower/end-counterparty basis). Banks are required to monitor and evaluate
developments in country risk and in transfer risk and apply appropriate
countermeasures.
2. The supervisor determines that banks’ strategies, policies and processes for the
management of country and transfer risks have been approved by the banks’
Boards and that the Boards oversee management in a way that ensures that these
policies and processes are implemented effectively and fully integrated into the
banks’ overall risk management process.
3. The supervisor determines that banks have information systems, risk management
systems and internal control systems that accurately aggregate, monitor and report
country exposures on a timely basis; and ensure adherence to established country
exposure limits.
76
Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than
sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks or
governments are covered.
77
Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so
will be unable to make debt service payments in foreign currency. The risk normally arises from exchange
restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on
External Debt Statistics – Guide for compilers and users, 2003.)
5. The supervisor requires banks to include appropriate scenarios into their stress
testing programmes to reflect country and transfer risk analysis for risk management
purposes.
6. The supervisor regularly obtains and reviews sufficient information on a timely basis
on the country risk and transfer risk of banks. The supervisor also has the power to
obtain additional information, as needed (eg in crisis situations).
(Reference documents: Revisions to the Basel II market risk framework, February 2011;
Interpretive issues with respect to the revisions to the market risk framework, February 2011;
Guidelines for computing capital for incremental risk in the trading book, July 2009;
Supervisory guidance for assessing banks’ financial instrument fair value practices, April
2009; and Amendment to the Capital Accord to incorporate market risks, January 2005.)
Essential criteria
1. Laws, regulations or the supervisor require banks to have appropriate market risk
management processes that provide a comprehensive bank-wide view of market
risk exposure. The supervisor determines that these processes are consistent with
the risk appetite, risk profile, systemic importance and capital strength of the bank;
take into account market and macroeconomic conditions and the risk of a significant
deterioration in market liquidity; and clearly articulate the roles and responsibilities
for identification, measuring, monitoring and control of market risk.
2. The supervisor determines that banks’ strategies, policies and processes for the
management of market risk have been approved by the banks’ Boards and that the
Boards oversee management in a way that ensures that these policies and
processes are implemented effectively and fully integrated into the banks’ overall
risk management process.
3. The supervisor determines that the bank’s policies and processes establish an
appropriate and properly controlled market risk environment including:
(a) effective information systems for accurate and timely identification,
aggregation, monitoring and reporting of market risk exposure to the bank’s
Board and senior management;
(b) appropriate market risk limits consistent with the bank’s risk appetite, risk
profile and capital strength, and with the management’s ability to manage
4. The supervisor determines that there are systems and controls to ensure that banks’
marked-to-market positions are revalued frequently. The supervisor also determines
that all transactions are captured on a timely basis and that the valuation process
uses consistent and prudent practices, and reliable market data verified by a
function independent of the relevant risk-taking business units (or, in the absence of
market prices, internal or industry-accepted models). To the extent that the bank
relies on modelling for the purposes of valuation, the bank is required to ensure that
the model is validated by a function independent of the relevant risk-taking
businesses units. The supervisor requires banks to establish and maintain policies
and processes for considering valuation adjustments for positions that otherwise
cannot be prudently valued, including concentrated, less liquid, and stale positions.
5. The supervisor determines that banks hold appropriate levels of capital against
unexpected losses and make appropriate valuation adjustments for uncertainties in
determining the fair value of assets and liabilities.
6. The supervisor requires banks to include market risk exposure into their stress
testing programmes for risk management purposes.
(Reference document: Principles for the management and supervision of interest rate risk,
July 2004.)
Essential criteria
1. Laws, regulations or the supervisor require banks to have an appropriate interest
rate risk strategy and interest rate risk management framework that provides a
comprehensive bank-wide view of interest rate risk. This includes policies and
processes to identify, measure, evaluate, monitor, report and control or mitigate
material sources of interest rate risk. The supervisor determines that the bank’s
strategy, policies and processes are consistent with the risk appetite, risk profile and
systemic importance of the bank, take into account market and macroeconomic
78
Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book.
Interest rate risk in the trading book is covered under Principle 22.
2. The supervisor determines that a bank’s strategy, policies and processes for the
management of interest rate risk have been approved, and are regularly reviewed,
by the bank’s Board. The supervisor also determines that senior management
ensures that the strategy, policies and processes are developed and implemented
effectively.
4. The supervisor requires banks to include appropriate scenarios into their stress
testing programmes to measure their vulnerability to loss under adverse interest rate
movements.
Additional criteria
1. The supervisor obtains from banks the results of their internal interest rate risk
measurement systems, expressed in terms of the threat to economic value,
including using a standardised interest rate shock on the banking book.
Essential criteria
1. Laws, regulations or the supervisor require banks to consistently observe prescribed
liquidity requirements including thresholds by reference to which a bank is subject to
supervisory action. At least for internationally active banks, the prescribed
requirements are not lower than, and the supervisor uses a range of liquidity
monitoring tools no less extensive than, those prescribed in the applicable Basel
standards.
2. The prescribed liquidity requirements reflect the liquidity risk profile of banks
(including on- and off-balance sheet risks) in the context of the markets and
macroeconomic conditions in which they operate.
4. The supervisor determines that banks’ liquidity strategy, policies and processes
establish an appropriate and properly controlled liquidity risk environment including:
(a) clear articulation of an overall liquidity risk appetite that is appropriate for the
banks’ business and their role in the financial system and that is approved by
the banks’ Boards;
(b) sound day-to-day, and where appropriate intraday, liquidity risk management
practices;
(c) effective information systems to enable active identification, aggregation,
monitoring and control of liquidity risk exposures and funding needs (including
active management of collateral positions) bank-wide;
(d) adequate oversight by the banks’ Boards in ensuring that management
effectively implements policies and processes for the management of liquidity
risk in a manner consistent with the banks’ liquidity risk appetite; and
(e) regular review by the banks’ Boards (at least annually) and appropriate
adjustment of the banks’ strategy, policies and processes for the management
of liquidity risk in the light of the banks’ changing risk profile and external
developments in the markets and macroeconomic conditions in which they
operate.
5. The supervisor requires banks to establish, and regularly review, funding strategies
and policies and processes for the ongoing measurement and monitoring of funding
requirements and the effective management of funding risk. The policies and
processes include consideration of how other risks (eg credit, market, operational
and reputation risk) may impact the bank’s overall liquidity strategy, and include:
6. The supervisor determines that banks have robust liquidity contingency funding
plans to handle liquidity problems. The supervisor determines that the bank’s
contingency funding plan is formally articulated, adequately documented and sets
out the bank’s strategy for addressing liquidity shortfalls in a range of stress
environments without placing reliance on lender of last resort support. The
supervisor also determines that the bank’s contingency funding plan establishes
clear lines of responsibility, includes clear communication plans (including
communication with the supervisor) and is regularly tested and updated to ensure it
is operationally robust. The supervisor assesses whether, in the light of the bank’s
risk profile and systemic importance, the bank’s contingency funding plan is feasible
and requires the bank to address any deficiencies.
8. The supervisor identifies those banks carrying out significant foreign currency
liquidity transformation. Where a bank’s foreign currency business is significant, or
the bank has significant exposure in a given currency, the supervisor requires the
bank to undertake separate analysis of its strategy and monitor its liquidity needs
separately for each such significant currency. This includes the use of stress testing
to determine the appropriateness of mismatches in that currency and, where
appropriate, the setting and regular review of limits on the size of its cash flow
mismatches for foreign currencies in aggregate and for each significant currency
individually. In such cases, the supervisor also monitors the bank’s liquidity needs in
each significant currency, and evaluates the bank’s ability to transfer liquidity from
one currency to another across jurisdictions and legal entities.
Additional criterion
1. The supervisor determines that banks’ levels of encumbered balance-sheet assets
are managed within acceptable limits to mitigate the risks posed by excessive levels
of encumbrance in terms of the impact on the banks’ cost of funding and the
implications for the sustainability of their long-term liquidity position. The supervisor
requires banks to commit to adequate disclosure and to set appropriate limits to
mitigate identified risks.
(Reference documents: Principles for the Sound Management of Operational Risk, June
2011; Recognising the risk-mitigating impact of insurance in operational risk modelling,
October 2010; High-level principles for business continuity, August 2006; and Joint Forum
Outsourcing in financial services, February 2005.)
Essential criteria
1. Law, regulations or the supervisor require banks to have appropriate operational risk
management strategies, policies and processes to identify, assess, evaluate,
monitor, report and control or mitigate operational risk. The supervisor determines
that the bank’s strategy, policies and processes are consistent with the bank’s risk
profile, systemic importance, risk appetite and capital strength, take into account
market and macroeconomic conditions, and address all major aspects of operational
risk prevalent in the businesses of the bank on a bank-wide basis (including periods
when operational risk could increase).
2. The supervisor requires banks’ strategies, policies and processes for the
management of operational risk (including the banks’ risk appetite for operational
risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor
also requires that the Board oversees management in ensuring that these policies
and processes are implemented effectively.
3. The supervisor determines that the approved strategy and significant policies and
processes for the management of operational risk are implemented effectively by
management and fully integrated into the bank’s overall risk management process.
4. The supervisor reviews the quality and comprehensiveness of the bank’s disaster
recovery and business continuity plans to assess their feasibility in scenarios of
severe business disruption which might plausibly affect the bank. In so doing, the
supervisor determines that the bank is able to operate as a going concern and
minimise losses, including those that may arise from disturbances to payment and
settlement systems, in the event of severe business disruption.
6. The supervisor determines that banks have appropriate and effective information
systems to:
(a) monitor operational risk;
79
The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. The definition includes legal risk but excludes
strategic and reputational risk.
7. The supervisor requires that banks have appropriate reporting mechanisms to keep
the supervisor apprised of developments affecting operational risk at banks in their
jurisdictions.
8. The supervisor determines that banks have established appropriate policies and
processes to assess, manage and monitor outsourced activities. The outsourcing
risk management programme covers:
(a) conducting appropriate due diligence for selecting potential service providers;
(b) structuring the outsourcing arrangement;
(c) managing and monitoring the risks associated with the outsourcing
arrangement;
(d) ensuring an effective control environment; and
(e) establishing viable contingency planning.
Outsourcing policies and processes require the bank to have comprehensive
contracts and/or service level agreements with a clear allocation of responsibilities
between the outsourcing provider and the bank.
Additional criterion
1. The supervisor regularly identifies any common points of exposure to operational
risk or potential vulnerability (eg outsourcing of key operations by many banks to a
common service provider or disruption to outsourcing providers of payment and
settlement activities).
(Reference documents: The internal audit function in banks, June 2012; Enhancements to
the Basel II framework, July 2009; Compliance and the compliance function in banks, April
80
In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of
interest in the performance measurement of staff in the compliance, control and internal audit functions. For
example, the remuneration of such staff should be determined independently of the business lines that they
oversee.
Essential criteria
1. Laws, regulations or the supervisor require banks to have internal control
frameworks that are adequate to establish a properly controlled operating
environment for the conduct of their business, taking into account their risk profile.
These controls are the responsibility of the bank’s Board and/or senior management
and deal with organisational structure, accounting policies and processes, checks
and balances, and the safeguarding of assets and investments (including measures
for the prevention and early detection and reporting of misuse such as fraud,
embezzlement, unauthorised trading and computer intrusion). More specifically,
these controls address:
(a) organisational structure: definitions of duties and responsibilities, including
clear delegation of authority (eg clear loan approval limits), decision-making
policies and processes, separation of critical functions (eg business
origination, payments, reconciliation, risk management, accounting, audit and
compliance);
(b) accounting policies and processes: reconciliation of accounts, control lists,
information for management;
(c) checks and balances (or “four eyes principle”): segregation of duties, cross-
checking, dual control of assets, double signatures; and
(d) safeguarding assets and investments: including physical control and computer
access.
2. The supervisor determines that there is an appropriate balance in the skills and
resources of the back office, control functions and operational management relative
to the business origination units. The supervisor also determines that the staff of the
back office and control functions have sufficient expertise and authority within the
organisation (and, where appropriate, in the case of control functions, sufficient
access to the bank’s Board) to be an effective check and balance to the business
origination units.
3. The supervisor determines that banks have an adequately staffed, permanent and
independent compliance function 81 that assists senior management in managing
effectively the compliance risks faced by the bank. The supervisor determines that
staff within the compliance function are suitably trained, have relevant experience
and have sufficient authority within the bank to perform their role effectively. The
supervisor determines that the bank’s Board exercises oversight of the management
of the compliance function.
81
The term “compliance function” does not necessarily denote an organisational unit. Compliance staff may
reside in operating business units or local subsidiaries and report up to operating business line management
or local management, provided such staff also have a reporting line through to the head of compliance who
should be independent from business lines.
(Reference documents: Supervisory guidance for assessing bank’ financial instruments fair
value practices, April 2009; External audit quality and banking supervision, December 2008;
and The relationship between banking supervisors and banks’ external auditors, January
2002.)
Essential criteria
1. The supervisor 83 holds the bank’s Board and management responsible for ensuring
that financial statements are prepared in accordance with accounting policies and
82
The term “internal audit function” does not necessarily denote an organisational unit. Some countries allow
small banks to implement a system of independent reviews, eg conducted by external experts, of key internal
controls as an alternative.
83
In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility
for ensuring that financial statements are prepared in accordance with accounting policies and practices may
also be vested with securities and market supervisors.
2. The supervisor holds the bank’s Board and management responsible for ensuring
that the financial statements issued annually to the public bear an independent
external auditor’s opinion as a result of an audit conducted in accordance with
internationally accepted auditing practices and standards.
3. The supervisor determines that banks use valuation practices consistent with
accounting standards widely accepted internationally. The supervisor also
determines that the framework, structure and processes for fair value estimation are
subject to independent verification and validation, and that banks document any
significant differences between the valuations used for financial reporting purposes
and for regulatory purposes.
4. Laws or regulations set, or the supervisor has the power to establish the scope of
external audits of banks and the standards to be followed in performing such audits.
These require the use of a risk and materiality based approach in planning and
performing the external audit.
5. Supervisory guidelines or local auditing standards determine that audits cover areas
such as the loan portfolio, loan loss provisions, non-performing assets, asset
valuations, trading and other securities activities, derivatives, asset securitisations,
consolidation of and other involvement with off-balance sheet vehicles and the
adequacy of internal controls over financial reporting.
6. The supervisor has the power to reject and rescind the appointment of an external
auditor who is deemed to have inadequate expertise or independence, or is not
subject to or does not adhere to established professional standards.
7. The supervisor determines that banks rotate their external auditors (either the firm or
individuals within the firm) from time to time.
8. The supervisor meets periodically with external audit firms to discuss issues of
common interest relating to bank operations.
9. The supervisor requires the external auditor, directly or through the bank, to report
to the supervisor matters of material significance, for example failure to comply with
the licensing criteria or breaches of banking or other laws, significant deficiencies
and control weaknesses in the bank’s financial reporting process or other matters
that they believe are likely to be of material significance to the functions of the
supervisor. Laws or regulations provide that auditors who make any such reports in
good faith cannot be held liable for breach of a duty of confidentiality.
Additional criterion
1. The supervisor has the power to access external auditors’ working papers, where
necessary.
Essential criteria
1. Laws, regulations or the supervisor require periodic public disclosures 84 of
information by banks on a consolidated and, where appropriate, solo basis that
adequately reflect the bank’s true financial condition and performance, and adhere
to standards promoting comparability, relevance, reliability and timeliness of the
information disclosed.
2. The supervisor determines that the required disclosures include both qualitative and
quantitative information on a bank’s financial performance, financial position, risk
management strategies and practices, risk exposures, aggregate exposures to
related parties, transactions with related parties, accounting policies, and basic
business, management, governance and remuneration. The scope and content of
information provided and the level of disaggregation and detail is commensurate
with the risk profile and systemic importance of the bank.
3. Laws, regulations or the supervisor require banks to disclose all material entities in
the group structure.
Additional criterion
1. The disclosure requirements imposed promote disclosure of information that will
help in understanding a bank’s risk exposures during a financial reporting period, for
example on average exposures or turnover during the reporting period.
84
For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting,
stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.
Essential criteria
1. Laws or regulations establish the duties, responsibilities and powers of the
supervisor related to the supervision of banks’ internal controls and enforcement of
the relevant laws and regulations regarding criminal activities.
2. The supervisor determines that banks have adequate policies and processes that
promote high ethical and professional standards and prevent the bank from being
used, intentionally or unintentionally, for criminal activities. This includes the
prevention and detection of criminal activity, and reporting of such suspected
activities to the appropriate authorities.
5. The supervisor determines that banks establish CDD policies and processes that
are well documented and communicated to all relevant staff. The supervisor also
determines that such policies and processes are integrated into the bank’s overall
risk management and there are appropriate steps to identify, assess, monitor,
manage and mitigate risks of money laundering and the financing of terrorism with
respect to customers, countries and regions, as well as to products, services,
transactions and delivery channels on an ongoing basis. The CDD management
programme, on a group-wide basis, has as its essential elements:
(a) a customer acceptance policy that identifies business relationships that the
bank will not accept based on identified risks;
(b) a customer identification, verification and due diligence programme on an
ongoing basis; this encompasses verification of beneficial ownership,
85
The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit
(FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws
and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of
terrorism. Thus, in the context of this Principle, “the supervisor” might refer to such other authorities, in
particular in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such
authorities to achieve adherence with the criteria mentioned in this Principle.
86
Consistent with international standards, banks are to report suspicious activities involving cases of potential
money laundering and the financing of terrorism to the relevant national centre, established either as an
independent governmental authority or within an existing authority or authorities that serves as an FIU.
6. The supervisor determines that banks have in addition to normal due diligence,
specific policies and processes regarding correspondent banking. Such policies and
processes include:
(a) gathering sufficient information about their respondent banks to understand
fully the nature of their business and customer base, and how they are
supervised; and
(b) not establishing or continuing correspondent relationships with those that do
not have adequate controls against criminal activities or that are not effectively
supervised by the relevant authorities, or with those banks that are considered
to be shell banks.
7. The supervisor determines that banks have sufficient controls and systems to
prevent, identify and report potential abuses of financial services, including money
laundering and the financing of terrorism.
8. The supervisor has adequate powers to take action against a bank that does not
comply with its obligations related to relevant laws and regulations regarding
criminal activities.
87
These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and
subject to appropriate confidentiality restrictions.
10. The supervisor determines that banks have and follow clear policies and processes
for staff to report any problems related to the abuse of the banks’ financial services
to either local management or the relevant dedicated officer or to both. The
supervisor also determines that banks have and utilise adequate management
information systems to provide the banks’ Boards, management and the dedicated
officers with timely and appropriate information on such activities.
11. Laws provide that a member of a bank’s staff who reports suspicious activity in good
faith either internally or directly to the relevant authority cannot be held liable.
12. The supervisor, directly or indirectly, cooperates with the relevant domestic and
foreign financial sector supervisory authorities or shares with them information
related to suspected or actual criminal activities where this information is for
supervisory purposes.
13. Unless done by another authority, the supervisor has in-house resources with
specialist expertise for addressing criminal activities. In this case, the supervisor
regularly provides information on risks of money laundering and the financing of
terrorism to the banks.
CP 11: Corrective and sanctioning powers of CP 23: Corrective and remedial powers of
supervisors supervisors
CP 18: Problem assets, provisions and reserves CP 9: Problem assets, provisions and reserves
CP 19: Concentration risk and large exposure limits CP 10: Large exposure limits
CP 21: Country and transfer risks CP 12: Country and transfer risks
CP 23: Interest rate risk in the banking book CP 16: Interest rate risk in the banking book
CP 26: Internal control and audit CP 17: Internal control and audit
1. This Annex presents guidance and a format, recommended by the IMF and the
World Bank, for the presentation, and organisation of the BCP assessment reports by
assessors in the context of the Financial Sector Assessment Program (FSAP) 88 and stand-
alone assessments. A self-assessment, 89 conducted by the country’s authorities prior to IMF-
World Bank assessments, is an essential element in the process, and should also follow this
guidance and format.
2. The BCP assessment report should be divided into seven parts: (1) a general
section providing background information and information on the methodology used; (2) an
overview of institutional setting and market infrastructure; (3) a review of preconditions for
effective banking supervision; (4) detailed Principle-by-Principle assessments; (5) a
compliance table summarising the results of the assessment; (6) a recommended action
plan; and (7) authority’s response. The following paragraphs provide a brief description of
each of the seven parts.
(a) Indicate that the scope of the assessment has been selected with the authorities’
agreement, mentioning in particular whether the authorities agreed to be assessed
and graded on the basis of only the essential criteria or agreed to be assessed and
graded using additional criteria too. In the case of risk-based/targeted assessments,
this section must also indicate the principles that are reassessed and the reasons
for the reassessment. The names and affiliations of the assessors should be
mentioned in this section.
(b) Mention the sources used for the assessment such as any self-assessments,
questionnaires filled out by the authorities, relevant laws, regulations and
instructions, other documentation such as reports, studies, public statements,
websites, unpublished guidelines, directives, supervisory reports and assessments.
(c) Identify counterparty authorities and mention, in a generic way, senior officials 90 with
whom interviews were held; meetings with other domestic supervisory authorities,
88
The guidance and format are also recommended for targeted or risk-based Reports on the Observance of
Standards and Codes (ROSCs). Risk-Based or targeted assessments do not cover all core principles, but
selected ones based on previous compliance assessments and on an evaluation of relevant risks and
vulnerabilities in each country. See specific guidance on risk-based DARs and ROSCs:
http://www.imf.org/external/pp/longres.aspx?id=4684.
89
Such self-assessment should be made available to assessors well in advance – also considering the possible
need for translation - accompanied by the supporting legislation and regulation.
90
Names are typically avoided, in order to protect individuals and encourage candour.
(d) Mention factors that impeded or facilitated the assessment. In particular, information
gaps (such as lack of access to supervisory materials, or translated documents)
should be mentioned, and an indication given of the extent to which these gaps may
have affected the assessment. 91
2.2. Overview of the institutional setting and market structure. This section should
provide an overview of the supervisory environment for the financial sector, with a brief
description of the institutional and legal setting, in particular the mandate and oversight roles
of different supervisory authorities, existence of unregulated financial intermediaries, and the
role of self-regulatory organisations. Furthermore, it should provide a general description of
the structure of the financial markets and, in particular, the banking sector, mentioning the
number of banks, total assets to GDP, basic review of banking stability, capital adequacy,
leverage, asset quality, liquidity, profitability and risk profile of the sector, and information on
ownership, ie, foreign versus domestic, state-owned versus privately-owned, existence of
conglomerates or unregulated affiliates, and similar information.
2.3. Review of the preconditions for effective banking supervision. This section
should provide an overview of the preconditions for effective banking supervision, as
described in the Basel Core Principles document. Experience has shown that insufficient
implementation of the preconditions can seriously undermine the quality and effectiveness of
banking supervision. Assessors should aim to give a factual review of preconditions so that
the reader of the report is able to clearly understand the environment in which the banking
system and the supervisory framework are operating. This will provide the perspective for a
better appreciation of the assessment and grading of individual Principles. The review
normally should take up no more than one or two paragraphs for each type of precondition,
and should follow the headings indicated below.
BCP Assessors should not undertake to assess preconditions themselves, as this is beyond
the scope of the individual standard assessments. Assessors should rely to the greatest
extent possible on official IMF and World Bank documents and seek to ensure that the brief
description and comments are consistent.
When relevant, the assessors should attempt to include in their analysis the linkages
between these factors and the effectiveness of supervision. As described in the next section,
the assessment of compliance with individual Core Principles should mention clearly how it is
likely to be primarily affected by preconditions that are considered to be weak. To the extent
shortcomings in preconditions are material to the effectiveness of supervision, they may
affect the grading of the affected Core Principles. Any suggestions aimed at addressing
deficiencies in preconditions are not part of the recommendations of the assessment but can
be made into general FSAP recommendations within the scope of the FSAP exercise.
91
If the lack of information adversely impacts the quality and depth of the assessment of a particular Principle,
assessors should refer to this in the comment section of the assessment template, and document the
obstacles encountered, in particular where access to in-depth information is crucial in evaluating compliance.
Such issues should be brought to the attention of the mission leaders and when necessary referred to
headquarters staff for guidance.
(b) a well established framework for financial stability policy formulation: The review
should indicate the existence or otherwise of a clear framework for macroprudential
surveillance and policy stability formulation. It should cover the elements of clarity of
roles and mandates of the relevant agencies, the mechanisms for effective inter-
agency cooperation and coordination, communication of the macroprudential
analyses, risks, and policies, and their outcomes. Assessors may rely on
independent assessments of the adequacy and effectiveness of the framework,
where available.
(c) a well developed public infrastructure: A factual review of the public infrastructure
should focus on elements relevant to the banking system and, where appropriate,
be prepared in coordination with other specialists on the mission and the IMF-World
Bank country teams. This part of the review of the preconditions could cover issues
such as the presence of a good credit culture, a system of business laws including
corporate, bankruptcy, contract, consumer protection and private property laws that
is consistently enforced and provides a mechanism for the fair resolution of
disputes; the presence of well trained and reliable accounting, auditing and legal
professions; an effective and reliable judiciary; an adequate financial sector
regulation; and efficient payment, clearing and settlement systems.
(d) a clear framework for crisis management, recovery and resolution: The review
should cover the availability of a sound institutional framework for crisis
management and resolution of banks, and the clarity of the roles and mandates of
the relevant agencies. While evidence of the effectiveness may be observed in the
actual management and resolution of past crisis, it may be also available from
documentation of the outcomes of crisis simulation exercises conducted in the
jurisdiction. Assessors may rely on independent assessments of the adequacy and
effectiveness of the framework, where available.
(e) an appropriate level of systemic protection (or public safety net): An overview of the
safety nets or systemic protection could, for instance, include the following
elements: an analysis of the functions of the various entities involved such as
supervisory authorities, deposit insurer and central bank. This would be followed by
a review of the existence of a well defined process for dealing with crisis situations
such as the resolution of a failed financial institution. This would be combined with a
description of the coordination of the roles of the various involved entities within this
process. Additionally, in connection with the use of public funds (including central
bank funds) a review of whether sufficient measures are in place to minimise moral
hazard would be conducted. Also, the mechanisms to meet banks' temporary short-
term liquidity needs, primarily through the interbank market, but also from other
sources, would need to be described.
(f) effective market discipline: A review of market discipline could, for instance, cover
issues such as the presence of rules on corporate governance, transparency and
audited financial disclosure, appropriate incentive structures for the hiring and
removal of managers and Board members, protection of shareholders’ rights,
adequate availability of market and consumer information, disclosure of government
influence in banks, tools for the exercise of market discipline such as mobility of
deposits and other assets held in banks, adequate periodicity of interest rate and
(b) The “description and findings” section of the template should provide information
on the practice as observed in the country being assessed. It should cite and
summarise the main elements of the relevant laws and regulations. This should be
done in such a way that the relevant law or regulation can be easily located, for
instance by reference to URLs, official gazettes, and similar sources. Insofar as
possible and relevant, the description should be structured as follows: (1) banking
laws and supporting regulations; (2) prudential regulations, including prudential
reports and public disclosure; (3) supervisory tools and instruments; (4) institutional
capacity of the supervisory authority; and (5) evidence of implementation and/or
enforcement or the lack of it.
(c) The “assessment” section should contain only one line, stating whether the
system is “compliant”, “largely compliant”, “materially non-compliant”, “non-
compliant” or “not applicable” as described in “Part IV: Assessment Methodology” of
the Core Principles document.
• Unless the jurisdiction explicitly opts for any other option, compliance with the
Core Principles will be assessed and graded only with reference to the
essential criteria.
• A jurisdiction may voluntarily choose to be assessed against the additional
criteria too, in order to identify areas in which it could enhance its regulation
and supervision further and benefit from assessors’ commentary on how it
could be achieved. However, the compliance with the Core Principles will still
be graded only with reference to the essential criteria.
• Alternatively, to accommodate jurisdictions which further seek to attain best
supervisory practices, they may voluntarily choose to be assessed and graded
against the additional criteria, in addition to the essential criteria.
The essential criteria set out minimum baseline requirements for sound supervisory practices
and are of universal applicability to all countries. An assessment of a jurisdiction against the
essential criteria must, however, recognise that its supervisory practices should be
commensurate with the risk profile and systemic importance of the banks being supervised.
In other words, the assessment must consider the context in which the supervisory practices
are applied. As with the essential criteria, any assessment against additional criteria should
also adopt the principle of proportionality. This principle should underpin assessment of all
criteria even if it is not always explicitly referred to in the criteria. For example, a jurisdiction
with many systemically important banks or banks that are part of complex mixed
conglomerates will naturally have a higher hurdle to obtain a “Compliant” grading as
compared to a jurisdiction which only has small and non-complex banks that are primarily
engaged in deposit taking and extending loans.
(d) The “comments” section should be used to explain why a particular grading
was given. This reasoning could be structured as follows: (i) the state of the laws
and regulations and their implementation; (ii) the state of the supervisory tools and
instruments, for instance reporting formats, early warning systems and inspection
manuals; (iii) the quality of practical implementation; (iv) the state of the institutional
92
For instance: how many times over the past years have the authorities applied corrective action? How
frequently have banks been inspected on-site? How many licensing applications have been received, and how
many have been accepted/turned down? Have asset quality reports been prepared by the inspectors, and how
have the conclusions been communicated to senior bank and banking supervision management?
93
For example, regulation and supervision on capital adequacy may seem compliant, but if material deficiencies
are found in another principle, such as provisioning, that will mean capital may be overstated and ratios
unreliable.
This table has two versions: the one that does not include explicit grading is to be used in
ROSCs 94 , the version with grading in the Detailed Assessment only. This table should
convey a clear sense of the degree of compliance, providing a brief description of the main
strengths and, especially, weaknesses with respect to each principle. The template is as
follows:
94
The ROSC, does not include the grading in the table because the grades cannot be fully understood without
the description and detailed comments (which are available only in the DAR).
(a) This section should list the suggested steps for improving compliance and overall
effectiveness of the supervisory framework. Recommendations should be proposed
on a prioritised basis in each case where deficiencies are identified. The
recommended actions should be specific in nature. An explanation could also be
provided as to how the recommended action would lead to improving the level of
compliance and strengthening of the supervisory framework. The institutional
responsibility for each suggested action should also be clearly indicated in order to
prevent overlap or confusion. The table should indicate only those Principles for
which specific recommendations are being made.
(b) Recommendations can also be made with regard to deficiencies in compliance with
the additional criteria and to principles which are fully compliant but where
supervisory practice can still be improved.
2.7. Authorities’ response to the assessment. 95 The assessor should provide the
supervisory authority or authorities being assessed with an opportunity to respond to the
assessment findings, which would include providing the authorities with a full written draft of
the assessment. Any differences of opinion on the assessment results should be clearly
identified and included in the report. The assessment should allow for greater dialogue, and
therefore the assessment team should have had a number of discussions with the
supervisors during the assessment process so that the assessment should also reflect the
comments, concerns and factual corrections of the supervisors. The authority or authorities
should also be requested to prepare a concise written response to the findings (“right of
reply”). The assessment should not, however, become the object of negotiations, and
assessors and authorities should be willing “to agree to disagree”, provided the
authorities’ views are represented fairly and accurately.
95
If no such response is provided within a reasonable time frame, the assessors should note this explicitly and
provide a brief summary of the authorities’ initial response provided during the discussion between the
authorities and the assessors at the end of the assessment mission (“wrap-up meeting”).