RISK-FOCUSED

SUPERVISION

Shehzad Tarique

METAC, IMF

2

Historical Perspective

25 Years Ago:

Transaction verifications and counting cash

Bottoms-up approach

Reports filled with financial statements items,

tables and charts.

Focus and emphasis on loan examiantion.

3

Historical Perspective

10 years ago:

Bottoms up, but more emphasis on internal

controls.

Report formats still rigid, but fewer repetitive

tables of numbers

Liquidity and interest rate sensitivity

But still Heavy loan orientation

4

Historical Model

Revalidation of the balance sheet and

income statement

Heavy compliance emphasis - laws and

regulations

5

WHY RISK FOCUS ?

IS MORE EFFICIENT, MORE EFFECTIVE, AND

LESS BURDENSOME !

More Efficient

Maximize Use of On-Site Days

Customized Approach

Does Not Repeat Work Already Done

Flexible as conditions change

More Effective

Ongoing Supervision

Allocate Resources to Important Risks

Rely on planning

Less Burdensome

Reduce Transaction Testing

Recognize Management and Board’s Concerns

Coordinate Exams with Other Agencies

6

Risk-Focused Exam Principles

Top down

Don’t repeat what has already been done

Encourage strong risk management in the

banks

Tailor supervisory plan to the bank’s risks

Continuous monitoring

Anticipatory/detect Early Warning Signals

7

Risk-Focused Exam Principles

Why?

More effective examinations

More flexible as conditions change

More efficient

Conditions in financial services and

markets change too rapidly for traditional

approach

8

THE RISKS

Credit

Arises From the Potential That a Borrower or

Counterparty Will Fail to Perform on an Obligation

Market

Results From Adverse Movements in Market Rates on

Prices, Such As Interest Rates, Foreign Exchange

Rates, or Equity Prices

Liquidity

Is the Potential That an Institution Will Be Unable to

Meet Its Obligations As They Come Due Because of

an Inability to Liquidate Assets or Obtain Adequate

Funding (“Funding Liquidity Risk”)

9

THE RISKS

Operational

Arises From Inadequate Information Systems,

Operational Problems Breaches in Internal Controls,

Fraud, or Unforeseen Catastrophes Will Result in

Unexpected Losses

Legal Arises From Potential Unenforceable Contracts,

Lawsuits, or Adverse Judgements that Can Disrupt or

Negatively Affect the Operations or Condition of the

Institution

Reputational Arising From Negative Publicity Regarding an

Institution’s Business Practices, Whether True or Not,

Which May Cause a Decline in the Customer Base,

Costly Litigation, And/or Revenue Reduction

10

THE RISK FOCUSED EXAMINATION PROCESS

Information Obtained Through:

Reviewing Internal Audit Reports, External Audit Reports,

Financial Statements, Strategic Plans, Risk Reports, Committee Minutes, Management Information Reports etc.

Meetings with Senior Management and Internal Audit Discuss Strategic Shifts, New Products or Businesses, Risk Profile, Current Issues/Concerns, Examination Report Corrective Action Updates, Staffing Changes, Operations and Technology Changes

11

THE RISK FOCUSED EXAMINATION

PROCESS

Understand the institution and information

gathering

Assess the bank’s risks by evaluating risks

and risk control system.

Define the examination activity.

Customize information requests for the 0n-

site examination.

12

THE RISK-FOCUSED

SUPERVISION PROCESS A. The Bank’s Profile.

B. The Bank’s Functional Business Lines.

C. Inherent Risks. 1. Evaluate Risk Internal Control System.

2. Locate the Risks.

D. Determine Examination Scope and Coverage.

E. Prepare Supervisory Plan and Examination Program.

13

The Bank’s Profile

Summarize Key Business Lines and

Functions

Strategies/Growth

Competition/Environment/Place and Rank in the

Market

Instrument Mix/New Products

Active, Dynamic, or Conservative

Operations/MIS/Compliance

14

The Bank’s Profile

Identify any significant changes in business, structure or

financial condition, on an ongoing basis

Summarize any regulatory activities

Use internal and public information sources

15

Information Sources

Internal/External

Examination reports and work papers

Correspondence and memoranda

Surveillance and monitoring material

Regulatory reports and System databases

Rating agency reports

Investment firm analysis reports

Newspapers, journals, and industry periodicals

Economic and accounting studies, as appropriate

Internet and other automated news sources

16

PRE-EXAMINATION MEETINGS

Meeting with senior management and internal audit staff

before conducting the on-site examination.

Meetings are focused on strategy shifts, new products or

businesses, current issues and concerns, examination

report corrective action updates, significant staffing

changes, and operations and technology changes

Opportunity to request risk management information

Gain access to both internal and external audit reports

17

The Bank’s Profile

Describes Legal Structure and Financial Profile Main Shareholders

Board of Directors

Senior Management

Performance Trends

General Risk Profile

Identifies Subsidiaries, Affiliates, and Parent Companies.

18

DEFINE FUNCTIONAL BUSINESS LINES

Break-down Bank’s Business Lines into

Manageable Pieces Loans Portfolio

Inter- Banks Activities

Securities

Foreign Exchange trading

Equities

Private Banking

Off-Balance Activities

19

INHERENT RISKS

Determine the level of inherent risk in the Bank’s

specific business activities

Evaluate the capability and awareness of the

bank’s management in managing, measuring and

monitoring business line risks (Through Internal

control Evaluation questionnaire)

20

EVALUATE RISK CONTROL SYSTEMS

Effective Management Oversight. Includes Board of

Directors

Sufficient Independence Between the Risk Control

Functions and the Business Line.

Adequate and Comprehensive Written Policies/

Procedures

Risk Measurements/Methodologies that Identify and

Calculate Risk.

Information Systems/ Reports That Accurately Monitor

Risks and Compliance With Limits on a Timely Basis

An Effective Internal Audit Function

21

The Risk-focused Exam Process

Factors to be considered in assessing risk

control systems:

Responsiveness to supervisory concerns

Adaptability to changing industry conditions

Appropriate systems and monitoring tools

Appropriate reporting lines

Independent risk monitoring

22

EVALUATE RISK CONTROL SYSTEMS

Overall Risk Control Systems Assessment

• STRONG

• ACCEPTABLE

• WEAK

23

COMPOSITE RISK ASSESSMENT

For Each Business Line, compare risk level (High/Moderate/Low)

against the risk control systems (Strong/Acceptable/Weak) to Determine

LOW - Generally reflects an activity with low inherent risks, and, although some weaknesses in internal controls exist, they have little negative Impact on the entity's overall financial conditions.

MODERATE - Generally reflects an activity with moderate inherent risk

where the risk control systems are adequate to appropriately mitigate the risk.

HIGH - Generally reflects the inability of the risk control systems to

significantly mitigate the high inherent risk of a particular activity.

24

LOCATE THE RISKS

Based on the internal control evaluation,

Locate the risky activity and the areas to be

focused on and the trend for each risk area or

functional business line compared to previous

examination.

25

DETERMINE COMPOSITE RISK RATINGS

AGGREGATE

RISK

STRONG

RISK

CONTROLS

ACCEPTABLE

RISK

CONTROLS

WEAK

RISK

CONTROLS

HIGH RISK HIGH

MODERATE

LOW RISK

26

DETERMINE COMPOSITE RISK RATINGS

AGGREGATE

RISK

STRONG

RISK

CONTROLS

ACCEPTABLE

RISK

CONTROLS

WEAK

RISK

CONTROLS

HIGH RISK

MODERATE

TO

HIGH

MODERATE

TO

HIGH

HIGH

MODERATE

MODERATE

TO

LOW

MODERATE

TO

HIGH

MODERATE

TO

HIGH

LOW RISK

27

DETERMINE COMPOSITE RISK RATINGS

AGGREGATE

RISK

STRONG

RISK

CONTROLS

ACCEPTABLE

RISK

CONTROLS

WEAK

RISK

CONTROLS

HIGH RISK

MODERATE

TO

HIGH

MODERATE

TO

HIGH

HIGH

MODERATE

MODERATE

TO

LOW

MODERATE

TO

HIGH

MODERATE

TO

HIGH

LOW RISK LOW LOW

LOW

TO

MODERATE

28

DETERMINE DEPTH OF REVIEW BASED ON

THE COMPOSITE RISK RATINGS

EXPECTED

REVIEW

DEPTH

STRONG

RISK

CONTROLS

ACCEPTABLE

RISK

CONTROLS

WEAK

RISK

CONTROLS

HIGH RISK

MONITORING

MOST INTENSE

MONITORING

MOST INTENSE

ANNUAL

TARGETED

EXAM

MODERATE

RISK

MONITORING

MONITORING

TARGETED

EXAM/INTEN

SE.

MONITORING

.

LOW RISK

MONITORING

LESS INTENSE

MONITORING

LESS INTENSE

MONITORING

29

SUPERVISORY PLAN/EXAMINATION PROGRAM

Supervisory Plan

A summary of current supervisory issues, any

institution-wide concerns, and the level of

coordination required for the examination

Examination Program

A Comprehensive schedule of all examination

activities, including special areas, the scope of the

reviews, projected entry dates and duration of

examination, and estimated person Days.

30

Supervisory Plan/Exam Program

The Supervisory Plan provides a concise

summary of current supervisory issues,

examination findings, any institution-wide

concerns and level of coordination required to

conduct examination

The Examination Program provides, as needed,

a comprehensive schedule of all examination

activities, including specialty areas and affiliated

entities examined by other regulatory agencies

31

Leveraging Off Internal/ External Audit And Other Risk

Management/Compliance Areas

Why repeat coverage of areas already well-

covered by Internal or External Audit?

Great opportunity to reduce regulatory burden

and eliminate unnecessary and immaterial work

Allows for a modification of the examination

scope (does not necessarily means a reduction

of work)

32

LEVERAGING OFF

INTERNAL AND EXTERNAL AUDIT

Was Audit Work Recent?

Was Audit Work Adequate and Complete?

Were Audit Issues Addressed in Report?

Were Audit Issues Understood by Management?

Were Corrective Measures Taken?

33

EXAMINATION SCOPE

Outline Specific Examination Objectives and Priorities

by Business Line or Risk Category

Determine Staffing Allocation

Identify Testing Methods and Transaction Review

Levels

Explain Level of Reliance on Internal/External Audit

34

ENTRY LETTER

Tailored to Specific On-Site Examination Objectives

and Priorities, based on Scope Document

Gathers Necessary Information to Perform

Examination Tasks, Testing, and Transaction

Review

Excludes Data Already Collected or Readily Available

35

FINALLY ………

PERFORM THE ON-SITE EXAMINATION !!!

And START THE PROCESS OVER

AGAIN…...

36

QUESTIONS????