RISK FOCUSED SUPERVISION - BCCL: Banking … · Ongoing Supervision Allocate Resources to Important...
Transcript of RISK FOCUSED SUPERVISION - BCCL: Banking … · Ongoing Supervision Allocate Resources to Important...
2
Historical Perspective
25 Years Ago:
Transaction verifications and counting cash
Bottoms-up approach
Reports filled with financial statements items,
tables and charts.
Focus and emphasis on loan examiantion.
3
Historical Perspective
10 years ago:
Bottoms up, but more emphasis on internal
controls.
Report formats still rigid, but fewer repetitive
tables of numbers
Liquidity and interest rate sensitivity
But still Heavy loan orientation
4
Historical Model
Revalidation of the balance sheet and
income statement
Heavy compliance emphasis - laws and
regulations
5
WHY RISK FOCUS ?
IS MORE EFFICIENT, MORE EFFECTIVE, AND
LESS BURDENSOME !
More Efficient
Maximize Use of On-Site Days
Customized Approach
Does Not Repeat Work Already Done
Flexible as conditions change
More Effective
Ongoing Supervision
Allocate Resources to Important Risks
Rely on planning
Less Burdensome
Reduce Transaction Testing
Recognize Management and Board’s Concerns
Coordinate Exams with Other Agencies
6
Risk-Focused Exam Principles
Top down
Don’t repeat what has already been done
Encourage strong risk management in the
banks
Tailor supervisory plan to the bank’s risks
Continuous monitoring
Anticipatory/detect Early Warning Signals
7
Risk-Focused Exam Principles
Why?
More effective examinations
More flexible as conditions change
More efficient
Conditions in financial services and
markets change too rapidly for traditional
approach
8
THE RISKS
Credit
Arises From the Potential That a Borrower or
Counterparty Will Fail to Perform on an Obligation
Market
Results From Adverse Movements in Market Rates on
Prices, Such As Interest Rates, Foreign Exchange
Rates, or Equity Prices
Liquidity
Is the Potential That an Institution Will Be Unable to
Meet Its Obligations As They Come Due Because of
an Inability to Liquidate Assets or Obtain Adequate
Funding (“Funding Liquidity Risk”)
9
THE RISKS
Operational
Arises From Inadequate Information Systems,
Operational Problems Breaches in Internal Controls,
Fraud, or Unforeseen Catastrophes Will Result in
Unexpected Losses
Legal Arises From Potential Unenforceable Contracts,
Lawsuits, or Adverse Judgements that Can Disrupt or
Negatively Affect the Operations or Condition of the
Institution
Reputational Arising From Negative Publicity Regarding an
Institution’s Business Practices, Whether True or Not,
Which May Cause a Decline in the Customer Base,
Costly Litigation, And/or Revenue Reduction
10
THE RISK FOCUSED EXAMINATION PROCESS
Information Obtained Through:
Reviewing Internal Audit Reports, External Audit Reports,
Financial Statements, Strategic Plans, Risk Reports, Committee Minutes, Management Information Reports etc.
Meetings with Senior Management and Internal Audit Discuss Strategic Shifts, New Products or Businesses, Risk Profile, Current Issues/Concerns, Examination Report Corrective Action Updates, Staffing Changes, Operations and Technology Changes
11
THE RISK FOCUSED EXAMINATION
PROCESS
Understand the institution and information
gathering
Assess the bank’s risks by evaluating risks
and risk control system.
Define the examination activity.
Customize information requests for the 0n-
site examination.
12
THE RISK-FOCUSED
SUPERVISION PROCESS A. The Bank’s Profile.
B. The Bank’s Functional Business Lines.
C. Inherent Risks. 1. Evaluate Risk Internal Control System.
2. Locate the Risks.
D. Determine Examination Scope and Coverage.
E. Prepare Supervisory Plan and Examination Program.
13
The Bank’s Profile
Summarize Key Business Lines and
Functions
Strategies/Growth
Competition/Environment/Place and Rank in the
Market
Instrument Mix/New Products
Active, Dynamic, or Conservative
Operations/MIS/Compliance
14
The Bank’s Profile
Identify any significant changes in business, structure or
financial condition, on an ongoing basis
Summarize any regulatory activities
Use internal and public information sources
15
Information Sources
Internal/External
Examination reports and work papers
Correspondence and memoranda
Surveillance and monitoring material
Regulatory reports and System databases
Rating agency reports
Investment firm analysis reports
Newspapers, journals, and industry periodicals
Economic and accounting studies, as appropriate
Internet and other automated news sources
16
PRE-EXAMINATION MEETINGS
Meeting with senior management and internal audit staff
before conducting the on-site examination.
Meetings are focused on strategy shifts, new products or
businesses, current issues and concerns, examination
report corrective action updates, significant staffing
changes, and operations and technology changes
Opportunity to request risk management information
Gain access to both internal and external audit reports
17
The Bank’s Profile
Describes Legal Structure and Financial Profile Main Shareholders
Board of Directors
Senior Management
Performance Trends
General Risk Profile
Identifies Subsidiaries, Affiliates, and Parent Companies.
18
DEFINE FUNCTIONAL BUSINESS LINES
Break-down Bank’s Business Lines into
Manageable Pieces Loans Portfolio
Inter- Banks Activities
Securities
Foreign Exchange trading
Equities
Private Banking
Off-Balance Activities
19
INHERENT RISKS
Determine the level of inherent risk in the Bank’s
specific business activities
Evaluate the capability and awareness of the
bank’s management in managing, measuring and
monitoring business line risks (Through Internal
control Evaluation questionnaire)
20
EVALUATE RISK CONTROL SYSTEMS
Effective Management Oversight. Includes Board of
Directors
Sufficient Independence Between the Risk Control
Functions and the Business Line.
Adequate and Comprehensive Written Policies/
Procedures
Risk Measurements/Methodologies that Identify and
Calculate Risk.
Information Systems/ Reports That Accurately Monitor
Risks and Compliance With Limits on a Timely Basis
An Effective Internal Audit Function
21
The Risk-focused Exam Process
Factors to be considered in assessing risk
control systems:
Responsiveness to supervisory concerns
Adaptability to changing industry conditions
Appropriate systems and monitoring tools
Appropriate reporting lines
Independent risk monitoring
22
EVALUATE RISK CONTROL SYSTEMS
Overall Risk Control Systems Assessment
• STRONG
• ACCEPTABLE
• WEAK
23
COMPOSITE RISK ASSESSMENT
For Each Business Line, compare risk level (High/Moderate/Low)
against the risk control systems (Strong/Acceptable/Weak) to Determine
LOW - Generally reflects an activity with low inherent risks, and, although some weaknesses in internal controls exist, they have little negative Impact on the entity's overall financial conditions.
MODERATE - Generally reflects an activity with moderate inherent risk
where the risk control systems are adequate to appropriately mitigate the risk.
HIGH - Generally reflects the inability of the risk control systems to
significantly mitigate the high inherent risk of a particular activity.
24
LOCATE THE RISKS
Based on the internal control evaluation,
Locate the risky activity and the areas to be
focused on and the trend for each risk area or
functional business line compared to previous
examination.
25
DETERMINE COMPOSITE RISK RATINGS
AGGREGATE
RISK
STRONG
RISK
CONTROLS
ACCEPTABLE
RISK
CONTROLS
WEAK
RISK
CONTROLS
HIGH RISK HIGH
MODERATE
LOW RISK
26
DETERMINE COMPOSITE RISK RATINGS
AGGREGATE
RISK
STRONG
RISK
CONTROLS
ACCEPTABLE
RISK
CONTROLS
WEAK
RISK
CONTROLS
HIGH RISK
MODERATE
TO
HIGH
MODERATE
TO
HIGH
HIGH
MODERATE
MODERATE
TO
LOW
MODERATE
TO
HIGH
MODERATE
TO
HIGH
LOW RISK
27
DETERMINE COMPOSITE RISK RATINGS
AGGREGATE
RISK
STRONG
RISK
CONTROLS
ACCEPTABLE
RISK
CONTROLS
WEAK
RISK
CONTROLS
HIGH RISK
MODERATE
TO
HIGH
MODERATE
TO
HIGH
HIGH
MODERATE
MODERATE
TO
LOW
MODERATE
TO
HIGH
MODERATE
TO
HIGH
LOW RISK LOW LOW
LOW
TO
MODERATE
28
DETERMINE DEPTH OF REVIEW BASED ON
THE COMPOSITE RISK RATINGS
EXPECTED
REVIEW
DEPTH
STRONG
RISK
CONTROLS
ACCEPTABLE
RISK
CONTROLS
WEAK
RISK
CONTROLS
HIGH RISK
MONITORING
MOST INTENSE
MONITORING
MOST INTENSE
ANNUAL
TARGETED
EXAM
MODERATE
RISK
MONITORING
MONITORING
TARGETED
EXAM/INTEN
SE.
MONITORING
.
LOW RISK
MONITORING
LESS INTENSE
MONITORING
LESS INTENSE
MONITORING
29
SUPERVISORY PLAN/EXAMINATION PROGRAM
Supervisory Plan
A summary of current supervisory issues, any
institution-wide concerns, and the level of
coordination required for the examination
Examination Program
A Comprehensive schedule of all examination
activities, including special areas, the scope of the
reviews, projected entry dates and duration of
examination, and estimated person Days.
30
Supervisory Plan/Exam Program
The Supervisory Plan provides a concise
summary of current supervisory issues,
examination findings, any institution-wide
concerns and level of coordination required to
conduct examination
The Examination Program provides, as needed,
a comprehensive schedule of all examination
activities, including specialty areas and affiliated
entities examined by other regulatory agencies
31
Leveraging Off Internal/ External Audit And Other Risk
Management/Compliance Areas
Why repeat coverage of areas already well-
covered by Internal or External Audit?
Great opportunity to reduce regulatory burden
and eliminate unnecessary and immaterial work
Allows for a modification of the examination
scope (does not necessarily means a reduction
of work)
32
LEVERAGING OFF
INTERNAL AND EXTERNAL AUDIT
Was Audit Work Recent?
Was Audit Work Adequate and Complete?
Were Audit Issues Addressed in Report?
Were Audit Issues Understood by Management?
Were Corrective Measures Taken?
33
EXAMINATION SCOPE
Outline Specific Examination Objectives and Priorities
by Business Line or Risk Category
Determine Staffing Allocation
Identify Testing Methods and Transaction Review
Levels
Explain Level of Reliance on Internal/External Audit
34
ENTRY LETTER
Tailored to Specific On-Site Examination Objectives
and Priorities, based on Scope Document
Gathers Necessary Information to Perform
Examination Tasks, Testing, and Transaction
Review
Excludes Data Already Collected or Readily Available