Last Friday, September 14, 2012, the Basel Committee on Banking Supervision published a new set of "Core Principles for Effective Banking Supervision."1 This publication culminates the Committee's review of the previous set of principles, issued in 2006, in the light of the financial crisis. The formal purpose of the Core Principles is to provide a set of standards by which the International Monetary Fund and the World Bank review the effectiveness of a country's banking supervision regime as part of the agencies' Financial Sector Assessment Program. Of course, the Core Principles provide benchmarks by which regulators may judge their own supervisory efforts.
U.S. banking organizations will not be surprised by the content of the Core Principles. The principles nevertheless help to illuminate the priorities of bank regulators on a global basis after the financial crisis. The Committee identified four themes that have emerged from the crisis and that animate many of the Core Principles. These principles and the chief U.S. actions that reflect these principles are as follows:
- Systemically important banks. The Core Principles focus on the regulators rather than the banks themselves that present systemic risk: "the expectations on, and of, supervisors will need to be of a higher order for [systemically important banks], commensurate with the risk profile and systemic importance of these banks." Several elements of the Dodd-Frank Act address this issue, including the creation of the Financial Stability Oversight Council, enhanced prudential standards, and resolution planning.
- Macroprudential issues and systemic risks.According to the Core Principles, regulators must give greater attention to the prevailing macroeconomic environment, business trends, and the build-up of concentration risk. Additionally, they must have the authority to take pre-emptive action to address systemic risk. The Dodd-Frank Act does not address macroprudential issues directly, but the Federal Reserve Board has repeatedly emphasized the importance of this issue as part of its banking supervision work.
- Crisis management, recovery, and resolution.The supervisory responsibility is to limit the probability and impact of bank failures but not to prevent them entirely, according to the Core Principles. Doing so requires two different efforts, crisis management planning by the regulators and contingency funding and resolution planning by the banks. The Committee also emphasizes the need for international cooperation. Resolution planning by U.S. banks has been a priority of the Federal Deposit Insurance Corporation and is an ongoing process. Large U.S. banks historically have planned for liquidity issues; the proposed enhanced prudential standards would impose a more structured liquidity planning process. International cooperation appears to be a work in progress, although the FDIC has indicated that the critical cooperative effort will be a bilateral agreement with the United Kingdom.
- Corporate governance, disclosure, and transparency.Concerns about failures in governance and the lack of transparency have prompted the Committee to include two new principles. In the United States, new governance requirements are included in the final rules on stress testing, capital planning, and living wills, as well as in the proposed enhanced prudential standards. These standards also require greater disclosure.
The Core Principles now number 29 and are enumerated in the Appendix to this bulletin. Last Friday's publication is devoted to explaining how national regulators should implement the principles.
APPENDIX: CORE PRINCIPLES FOR EFFECTIVE BANK SUPERVISION
The Core Principles are divided into two parts, the first focusing on the powers, responsibilities, and functions of supervisors and the second addressing prudential regulations and requirements for banks.
Supervisory Powers, Responsibilities, and Functions
Principle 1 – Responsibilities, objectives, and powers: An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.
Principle 2 – Independence, accountability, resourcing, and legal protection for supervisors: The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Principle 3 – Cooperation and collaboration: Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.
Principle 4 – Permissible activities: The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word "bank" in names is controlled.
Principle 5 – Licensing criteria: The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Principle 6 – Transfer of significant ownership: The supervisor has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Principle 7 –Major acquisitions: The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Principle 8 – Supervisory approach: An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.
Principle 9 – Supervisory techniques and tools: The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach risk profile and systemic importance of banks.
Principle 10 – Supervisory reporting: The supervisor collects, reviews and analyzes prudential reports and statistical returns from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Principle 11 – Corrective and sanctioning powers of supervisors: The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Principle 12 – Consolidated supervision: An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.
Principle 13 – Home-host relationships: Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Prudential Regulations and Requirements
Principle 14 – Corporate governance: The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks' boards and senior management, and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank.
Principle 15 – Risk management process: The supervisor determines that banks have a comprehensive risk management process (including effective board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.
Principle 16 – Capital adequacy: The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards.
Principle 17 – Credit risk: The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk (including counterparty credit risk) on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank's loan and investment portfolios.
Principle 18 – Problem assets, provisions, and reserves: The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.
Principle 19 – Concentration risk and large exposure limits: The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.
Principle 20 – Transactions with related parties: In order to prevent abuses arising in transactions with related parties and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties on an arm's length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes.
Principle 21 – Country and transfer risks: The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk and transfer risk in their international lending and investment activities on a timely basis.
Principle 22 –Market risks: The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis.
Principle 23 – Interest rate risk in the banking book: The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk in the banking book on a timely basis. These systems take into account the bank's risk appetite, risk profile and market and macroeconomic conditions.
Principle 24 – Liquidity risk: The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank's risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank's risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards.
Principle 25 – Operational risk: The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk on a timely basis.
Principle 26 – Internal control and audit: The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank's assets; and appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.
Principle 27 – Financial reporting and external audit: The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor's opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function.
Principle 28 – Disclosure and transparency: The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes.
Principle 29 – Abuse of financial services: The supervisor determines that banks have adequate policies and processes, including strict customer due diligence rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.
Footnote
1 The final version is available at http://www.bis.org/publ/bcbs230.htm. The publication reflects comments on the consultative version of the document that was released in December 2011.
Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Morrison & Foerster LLP. All rights reserved
