ZAMBIA - Risk-BasedSupervisionPolicy2006
ZAMBIA - Risk-BasedSupervisionPolicy2006
ZAMBIA - Risk-BasedSupervisionPolicy2006
RISK-BASED SUPERVISION
POLICY FRAMEWORK
OUR VISION
To become the financial cornerstone around which Zimbabwe’s economic fortunes and developmental
aspirations are anchored.
OUR MISSION
The pursuit of the Bank’s vision will express itself through leadership in the formulation, implementation
and monitoring of policies and action plans for fighting inflation, stabilization of the internal and external
value of Zimbabwe’s currency and of the financial system in a manner that gives pride of achievement to
Zimbabweans across the board.
OUR VALUES
1
TABLE OF CONTENTS
1 INTRODUCTION ........................................................................................................... 3
2
1 INTRODUCTION
1.1 This policy framework sets out the Reserve Bank of Zimbabwe’s risk-based approach to
supervision of banking institutions and banking groups under its regulatory and supervisory
jurisdiction. The policy framework is also applicable to such non-resident banking groups in
respect of which the Reserve Bank of Zimbabwe (hereafter “Reserve Bank” / “the Bank” /
“RBZ”) is the designated Lead Supervisor for consolidated supervision purposes.
1.2 The objective of this framework is to explain and provide guidance on the risk-based supervisory
methodologies, policies, procedures and practices espoused by the Bank Licensing, Supervision
& Surveillance division (BLSS) in its fulfillment of the Reserve Bank’s statutory responsibility of
maintaining financial stability.
1.3 Contemporary regulatory practice has recognized risk-based supervision, rather than one-size-
fits-all regulation, as an international standard for effective supervision of financial institutions.
Risk-based supervision has been endorsed by multilateral agencies such as the World Bank and
International Monetary Fund; most supervisory authorities across the world; and embodied in
the Basel Committee on Banking Supervision’s New Capital Framework, popularly called Basel
II.
1.4 In line with international best practice, the Reserve Bank has revamped its supervisory policies,
procedures and practices in order to provide a dynamic, efficient, structured and risk-oriented
prudential supervision framework.
2.2 The process is said to be “structured” because it systematically considers all key functional
activities (business lines or operational areas) of a banking institution and, within each key functional
area, evaluates the level, quality of management, and direction of risk.
2.3 Risk-based supervision entails moving away from a rigid rules-based style of regulation to one
more reliant on the supervisor’s discretion and professional judgment. It provides bank examiners
with flexibility to focus on areas exhibiting material current and potential risks. Activities posing
the highest risk receive most scrutiny. Supervisory attention thus remains properly focused on
institutions exhibiting serious weaknesses or adverse trends.
2.4 Full adoption of risk-based supervision will positively influence developments in the banking
sector. Conventional wisdom dictates that risk is inherent in the business of banking and other
forms of financial intermediation. A risk-based supervision system largely depends on sound risk
management practices and internal controls including: adequate board oversight; management
and staff expertise; sound policies and procedures; prudent risk limits and sound internal controls.
1
The principles of risk-based supervision are also applicable to the supervision of non-bank financial institutions
such as insurance companies, pension and provident funds, etc.
3
2.5 One of the primary objectives of risk-based supervision is identification of weaknesses in risk
management before the deficiencies adversely affect a banking institution’s earnings and capital.
A risk-based supervision system focuses on validating management’s ability to identify, measure,
monitor and control risk. Risk-based supervision thus encourages banks to continuously improve
management of risk and allocation of capital. The development of risk based supervision has also
facilitated the use of sophisticated internal models as provided for in Basel II.
2.6 The condition of a banking institution is a dynamic process, and arguable is fluid if not fragile. As
such, in a risk-focused supervision framework, on-site and off-site examination efforts are on a
continuum. On one end, supervisory concerns identified via the off-site analysis “early warning
system” could trigger an on-site examination to enable the Reserve Bank to gain first hand
knowledge of the situation. On the other end, serious deficiencies identified during on-site
examinations should be subject to off-site monitoring in between on-site examinations. The
functional structure of BLSS facilitates in-depth service delivery.
2.7 Risk-based supervision is consistent with Bank Licensing, Supervision and Surveillance’s mission
“To promote and maintain the safety and soundness of the financial system through proactive and
rigorous regulation and supervision in line with international best practice.” It provides a dynamic,
structured and risk-oriented prudential supervision framework.
4
3 CONCEPTUAL OVERVIEW OF THE RISK-BASED
SUPERVISION FRAMEWORK
3.1 The risk-focused supervision framework has six key steps, each with specific deliverables, as
illustrated in the diagram below:
3.2 The first step in risk-based supervision is to develop an understanding of the institution’s unique
characteristics or risk profile. An Institutional Profile is prepared to demonstrate the institution’s
current condition.
3.3 The institutional profile provides a concise portrait of an institution’s structure and activities,
functional business lines, nature and level of risk. It also highlights outstanding past supervisory
findings and future prospects.
5
3.4 The information used to construct an institutional profile is gathered from various sources ranging
from discussions with management, supervisory early warning systems, off-site or on-site
examination reports, and market intelligence. The institutional profile should be updated continuously
to keep track of significant developments that occur in-between on-site examination cycles.
3.5 Under a risk-focused examination framework, examiners are required to make rigorous risk
assessments to ensure effective identification of the strengths and vulnerabilities of an institution.
Risk assessment focuses supervisory effort on those risks posing the most severe challenge to the
safety and soundness of a bank.
3.6 The risk assessment consists of two documents, namely a Risk Matrix and a Risk Assessment
Narrative. A Risk Matrix identifies, in a tabular format, the type, level, management, and direction
of risks inherent in a bank; and forms the basis on which the on-site examinations may be conducted.
A Risk Assessment Narrative describes in a concise manner the type and level of inherent risks in
the banking institution’s activities, the adequacy of risk management controls in place, and the
trend of the risk.
3.8 Risk assessment provides a solid foundation upon which subsequent on-site examination
procedures are determined.
3.9 A Supervisory Plan is developed following the risk assessment of a banking institution. It provides
a bridge between the supervisory concerns identified through the risk assessment process and
the supervisory activities to be conducted. A good plan should demonstrate that the supervisory
concerns identified in the risk matrix and risk assessment narrative as well as the deficiencies
noted in the previous examination are being, or will be addressed.
3.10 To be effective, planning requires an initial statement of objectives and identification of related
strategies for them to be achieved. Supervisory plans should incorporate a schedule of off-site
and on-site activities to be undertaken for the given planning horizon. Generally, a supervisory
plan may be developed yearly and reviewed at least half yearly to reflect new risk trends.
6
3.11 The plan should itemise examination activities per different areas / activities of a bank to be
evaluated, including scope of the review (full or limited), the objectives, and other supervisory
concerns regarding those areas. It should be institution specific based on an analysis of factors
such as the bank’s current condition, results of operations, and the economic environment.
3.12 Following the development of a supervisory plan, details of the on-site examination activities are
defined in the Examination Scope Memorandum (ESM). The purpose of the ESM is to
communicate the reasons for the examination; specific objectives and activities to be evaluated;
the scope of the particular examination; the examination procedures to be used; and delineate
staffing needs and timeframes for given activities, in accordance with a banking institution’s size,
complexity, and risk profile.
3.13 In other words, the ESM provides a detailed roadmap to the examination team regarding objectives
of the examination, procedures to be followed, and the resource requirements.
3.14 A bank by bank customized Entry Letter is used to formally advise banking institutions about on-
site examination informational requirements based on the size, complexity and risk profile of the
bank.
3.15 The Reserve Bank uses the CAMELS2 rating system to assess the condition of banking institutions
on an individual basis (Solo Supervision). For Consolidated Supervision purposes, the RFI(C)D3
rating system has been adopted to evaluate the condition of banking groups.
3.16 At the start of each examination, an Examination Entrance Meeting should be held to formally
commission the exercise, indicate scope of the examination, and to highlight supervisory concerns
raised in previous examinations.
3.17 The actual examination procedures used will vary from institution to institution depending on size,
complexity, and risk profile of a particular bank. The examination team should perform procedures
tailored to fit the risk assessment done, supervisory plan and the ESM. Focus should also be
placed on management’s ability to adequately identify, measure, monitor and control risks.
3.18 The examination team will follow a three-tier reporting system to discuss all major issues that will
be included in the final Examination Report. Examination findings will initially be presented to the
functional head; secondly to senior management in an Exit Meeting; and the bank’s board of
directors.
3.19 The report (containing both qualitative and quantitative factors) should be objective, lucid, concise
and communicate supervisory concerns and recommendations that correlate to the risk profile of
the banking institution. The bank would be given two weeks in which to acknowledge receipt,
study, and review the final report.
2
CAMELS is an acronym for Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and
Sensitivity to Market Risk.
3
RFI(C)D stands for Risk Management, Financial Condition, Impact, Composite Rating, and Depository/
Banking Institution.
7
(f) On going Off-site Supervision – Step 6
3.20 Various Off-site Surveillance reports are generated on a periodic basis using quantitative and
qualitative information submitted through regular prudential returns and other sources of reliable
information.
3.21 The main reports are Quarterly Off-site Analysis reports based on the CAMELS and RFI(C)D
rating systems; quarterly Board Reports; quarterly Status of the Banking Sector Report; half-
yearly Financial Stability Report; and a Weekly Status Report.
3.22 The Bank also makes use of Early Warning Systems, Stress Testing and Prompt Corrective
Action programs to detect areas of supervisory concern and take pre-emptive action.
3.23 After the on-site examination, the Institutional Profile, Risk Assessment Narrative, Risk Matrix,
and Supervisory Plan should be updated to reflect any significant examination findings or post
examination actions (e.g. Corrective Orders). This step is critical in ensuring that the risk-focused
documentation encompasses all substantive on-site examination findings.
3.24 It is imperative that a Portfolio Leader or Head of Section maintains continuous contact with
banks and the market in general, formally and informally, to gather information about the condition
of the banking institutions under their portfolio.
8
4 BENEFITS AND RATIONALE OF RISK-BASED
SUPERVISION
4.1 Risk-based supervision provides a number of benefits to supervisors as well as to the banking
institutions, including the following:
i. enhances banking institutions’ ability to identify, measure, manage, and control risks as
well as correct deficiencies;
ii. encourages frequent, open communications between banking institutions and bank
examiners;
iii. enhanced surveillance effort, in which the monitoring of new developments and strategic
changes at a given institution are conducted throughout the examination cycle;
iv. less examination time spent on banking institutions’ premises as preliminary analysis is
done off-site;
v. greater emphasis on supervision of banking institutions and areas exhibiting highest risk or
adverse trends;
vi. improved quality of working papers necessary to support examiners’ analysis and
conclusions; and
vii. customised examination reports.
(a) Enhances Banking Institutions’ Ability to Manage Risk and Take Corrective Action
4.3 Risk-based supervision places strong emphasis on understanding and assessing the adequacy of
risk management systems that are in place at a particular banking institution to identify, measure,
monitor and control risk in an appropriate and timely manner. This analytical framework is found
on qualitative and quantitative assessment of a bank’s risk profile with a view to the tailor-making
of examination procedures to the character, size, complexity and risk profile of the institution
examined.
4.4 Ongoing knowledge of significant developments and strategic changes occurring at supervised
entities between examination cycles, as well as ability to establish the underlying causes of any
adverse developments in financial indicators are essential.
4.5 As a lot of emphasis is placed on the planning phase of the examination, bank examiners may
request some preliminary information and perform an initial analysis off-site. This allows the
examiners to use on-site time more efficiently in discussing issues with management and evaluating
the banking institution’s control structure and operating environment.
4.6 The amount of time spent on-site will vary based on the preliminary information available and the
examiners’ familiarity with the banking institution.
9
(c) Enhanced Emphasis On Improved Communication
4.7 Prudential Meetings are an integral part of the risk-focused supervision process, and may take
place at various stages of the process as illustrated in the diagram below:
4.8 It is therefore imperative that meetings should be held with bank management, internal and external
auditors, board chairpersons, chairpersons of selected board committees, risk managers, heads
of compliance and heads of key functional areas such as treasury.
4.9 Such meetings enable examiners to gain a better understanding of the institution’s business strategy,
the risks a bank faces, quality of risk management, and progress made in addressing deficiencies
identified in previous examinations.
4.10 Prudential meetings give bank management the opportunity to share additional insight regarding a
bank’s operations. Banks will also benefit from the improved focus on areas of greatest risk, and
established dialogue regarding areas of supervisory concern in their individual institutions.
4.11 Examiners will be performing on-site examinations less frequently in banking institutions whose
risk profile is low. Effective off-site monitoring becomes vital in the supervisory process. BLSS
10
may hold prudential meetings with bank management based on results of (quarterly) off-site
analyses, stress testing, and early warning systems. The frequency of such meetings would depend
on the composite CAMELS rating of a given banking institution.
4.12 As a general guide, the minimum benchmarks for the conduct of prudential meetings and on-site
examinations are as follows:
4.13 For institutions assigned overall CAMELS ratings of “1” or “2”, the frequency of scheduled
prudential meetings and/or examinations may remain low provided the following criteria are met:
a) Stable management – management team and board of directors have not significantly
changed since the last examination.
b) No change of control – the institution has not experienced a significant change in
ownership or a change in control since the last examination.
c) No significant changes in the risk profile – there are no adverse conditions that might
materially affect the condition of the banking institutions from on-site and/or off-site
examinations.
d) Not a new banking institution – this excludes banking institution with less than three
years operating experience.
e) No significant new business lines since the last examination.
4.14 Supervisors and banking institutions both have the right to request for unscheduled prudential
meetings if reasonably required.
4.15 Under risk-based supervision, examination reports focus on matters of significant supervisory
concern in order to communicate the examiners’ analyses, conclusions, and recommendations.
4.16 Risk-based supervision does not replace the CAMELS rating system. The bank’s current condition
will still be summarised and reported using the CAMELS rating system, with all components
disclosed, but the report’s focus will be on significant risk areas.
11
5 RISK CATEGORIES AND DEFINITIONS
5.1 Risk-based supervision assesses the appropriateness, adequacy, and efficacy of a bank’s risk
management systems. All supervisory plans and examination activities are based on a bank’ risk
profile. The responsibility for effective risk management still lies with a bank’s board and
management,as a bank’s first line of defence. The mandate of a bank examiner is not to prohibit
appropriate risk-taking, but to ensure effective risk management. Examiners also pay attention to
the adequacy of capital vis-à-vis the risk profile.
5.2 To accomplish effective risk-based supervision, it is imperative for bank examiners to identify
and measure risk using common definitions and evaluation factors. Common definitions and
standards facilitate effective communication between examiners and bank management regarding
the basis of supervisory ratings, concerns, and actions. Common definitions and evaluation factors
enhance quality and consistency of the supervision process.
Definition of Risk…
5.3 From a prudential supervision perspective, risk is a potential that events expected or unanticipated,
may have an adverse effect on a banking institution’s net worth (capital), earnings, set goals
and objectives. The Reserve Bank therefore assesses banking risks by their impact on the
bank’s earnings, capital as well as set goals/objectives. Quantitative and qualitative aspects are
used.
5.4 Mathematically, risk may be quantified by the variance of returns, standard deviation, value at
risk, expected loss tail, copulas, etc.
12
Types of Risk…
5.6 Banking business by nature involves risk taking. The Reserve Bank has identified and defined
eight categories of risk for the purpose of risk-based supervision (of banking institutions). These
are: Credit, Liquidity, Interest Rate, Foreign Exchange, Operational, Legal & Compliance,
Strategic, and Reputation risks. It should be noted that these categories are not mutually exclusive,
and any activity may expose a bank to multiple risks.
Credit Risk…
5.7 Credit risk is the current and prospective risk to earnings or capital arising from an obligator’s
failure to meet terms of any contract with a bank or otherwise fail to perform as agreed.
5.8 Credit risk is found in all activities where success depends on counterparty, issuer, or borrower
performance.
Liquidity Risk…
5.9 Liquidity risk is the current and prospective risk to earnings or capital arising from a banking
institution’s inability to meet its obligations when they fall due, without incurring material costs or
unacceptable losses. Liquidity risk includes the inability to manage funding sources, including
unplanned decreases or changes (referred to as “funding liquidity risk”). Liquidity risk also arises
from a banking institution’s failure to recognise or address changes in market conditions that
affect its ability to liquidate assets quickly at minimal loss in value because of inadequate market
depth or market disruptions (“market liquidity risk”).
5.10 Interest rate risk is the risk that changes in interest rates will negatively impact on a banking
institution’s income and net-worth. Interest rate risk arises from (1) differences between the
timing of rate changes and the timing of cash flows (repricing risk); (2) changing rate relationships
among different yield curves affecting banking institutions’ activities (basis risk); (3) changing rate
relationships across the spectrum of maturities (yield curve risk); and (4) interest-related options
embedded in banking institutions’ products (optional risk).
5.11 Foreign exchange risk is the current or prospective risk to earnings and capital arising from
adverse movements in currency exchange rates.
Operational Risk…
5.12 Operational risk is the direct or indirect loss arising from inadequate or failed internal processes,
people, and systems or from external events such as unforeseen catastrophes. It covers potential
risk from fraud or errors, processing disruptions, control breaches or failure, information system
weaknesses, etc.
13
Legal & Compliance Risk…
5.13 Legal and compliance risk is the current and prospective risk to earnings or capital arising from
violations of, or non conformance with laws, rules, regulations, prescribed practices, internal
policies and procedures, or ethical standards. Compliance risk exposes the banking institution to
fines, civil money penalties, payment of damages and the voiding of contracts, leading to diminished
reputation, limited opportunities, and reduced clientele base.
5.14 Legal and compliance risk goes beyond failure to comply with banking laws. It encompasses all
laws as well as prudent ethical standards, contractual obligations, exposure to litigation, and
relationship with regulators. It can blend into operational risk and legal risk as well.
Strategic Risk…
5.15 Strategic risk is the current and prospective risk to earnings or capital arising from adverse
business decisions, improper implementation of decisions or lack of responsiveness to industry
changes. This risk arises from the overall strategy of a bank. It includes the quality, achievability,
and implications of a bank’s corporate strategy. Strategic risk also involves an assessment of a
bank’s risk appetite, the compatibility of business strategies/goals and resources deployed to
accomplish them, and track record of implementation. Characteristics of a bank’s target market
going forward, products and services offered, as well as the impact of economic, technological,
regulatory changes are also considered.
Reputation Risk…
5.16 It is the risk of negative public opinion or perception leading to a loss of confidence and/or
severance of business relationships.
5.17 Although risk-based supervision identifies discrete classes of risks, in reality there are complex
interrelationships between bank risks.
5.18 The last four categories of risk (i.e. operational, legal & compliance, strategic, and reputation)
are sometimes referred to as “institution risks” as opposed to “market risks” (i.e. credit, liquidity,
interest rate, foreign exchange). Institution risks are difficult to evaluate accurately using financial
data. Emphasis is placed on qualitative assessment in terms of a bank’s risk management systems.
5.19 It should be noted that there is no one best way to classify or categorise risk. In some jurisdictions,
for instance, the distinction is between “business risks” and “control risks.” What is important is
for regulatory authorities to adopt frameworks that best suit their socio-economic environments
and apply the chosen framework consistently.
14
6 A GENERIC RISK MANAGEMENT FRAMEWORK
6.1 The board and management of each financial institution have the overall responsibility to establish
an effective risk management system with clearly articulated objectives and goals.
6.2 The Reserve Bank requires each banking institution to develop an appropriate risk management
system, tailored to its needs and circumstances. The adequacy and/or sophistication of risk
management systems should depend on the size and complexity of each banking institution. It
entails a proper understanding of the banking institution and its various activities.
6.3 Supervisory actions that would be taken will largely depend on the adequacy of a bank’s risk
management systems vis-à-vis its risk appetite. A bank’s risk management systems facilitate the
review.
6.4 All sound risk management programs regardless of their design, have several common
fundamentals. A typical risk management process should include: risk identification, risk
measurement, risk control and risk monitoring.
Risk Identification…
6.5 Proper risk identification focuses on recognising and understanding existing risks or risks that
may arise from new business initiatives. Risk identification should be a continuous process, and
should occur at both the micro (transaction) and macro (overall portfolio) levels. External events
and threats that might affect bank’s business objectives should be considered.
Risk Measurement…
6.6 A banking institution is required to have accurate and timely measurement of its risks in relation to
the probability of adverse consequences on its earnings, capital and business goals /objectives.
The sophistication of the risk measurement tools should reflect the complexity of the institution
and levels of risk assumed. A good system should have capacity to assess individual transactions,
overall portfolios, and enterprise-wide risk.
6.7 A banking institution should periodically verify the integrity of the measurement tools it uses via
back-testing. A good system should be able to measure risk parameters under normal and extreme
conditions (stress testing).
Risk Monitoring…
6.8 Banking institutions should monitor risk levels on a continuous basis to ensure that well timed
reviews of risk positions, exceptions and the standards established for the bank. Prompt
distribution of accurate and informative reports to appropriate management and staff is essential
to ensure business goals are met.
Risk Control…
6.9 A banking institution should establish and communicate control limits through policies, standards,
and procedures that define responsibility and authority. It is the duty of the board and senior
management to enforce compliance with risk controls put in place.
15
7 EVALUATION OF RISK MANAGEMENT SYSTEMS
7.1 The evaluation of the risk management systems should take into account adequacy of board and
senior management oversight, risk identification, measurement, monitoring, and control; banking
institution’s policies, procedures, and limits; and internal control systems and management
information systems (MIS).
7.2 Effective risk management calls for active board and senior management oversight. The board
has ultimate responsibility for the level of risk taken by a bank. In fulfilling this responsibility, the
board should take steps to develop appropriate risk management systems. The board should
approve the overall business strategies, significant policies of the bank, and ensure that competent
management is in place to run the affairs of the bank.
7.3 Qualified, competent managers and staff should perform as expected by a conscientious board.
They must understand the mission, values, policies, and processes of the bank. Senior management
is also responsible for establishing and communicating a strong awareness of, and need for,
effective internal controls.
7.4 Policies reflect the board’s intent and commitment in pursuing desired results. Effective management
requires written policies that a banking institution adheres to in practice. Policies set standards
and courses of action to pursue, implement, and enforce specific objectives. Good policies link
with, and reflect, a banking institution’s underlying mission, values, and principles. They also
clarify a bank’s risk tolerance. Banking institutions should have mechanisms in place to trigger a
review of policies in the event that activities or tolerances change.
7.5 Procedures govern how a banking institution will pursue its objectives and define how it will carry
out its daily activities. Good procedures demonstrate consistency with the underlying policies,
adequacy of internal control checks and balances.
7.6 Policies, procedures and limits provide for adequate identification, measurement, monitoring,
and control of risks posed by a banking institution’s activities. Policies and procedures should
clearly delineate accountability and lines of authority across a banking institution’s activities.
7.7 Adequate internal controls are critical to the safe and sound functioning of a banking institution in
general and to its risk management in particular. Internal control systems promote effective
operations, reliable financial and regulatory reporting, safeguard assets and help to ensure
compliance with laws and regulations as well as a banking institution’s own policies and procedures.
Bank management should implement reporting systems by which they communicate necessary
and sufficient information to the directors.
16
7.8 The system of internal controls should be appropriate to the type and level of risk posed by the
nature and scope of a banking institution’s activities.
7.9 A bank’s organisational structure and reporting lines should establish clear lines of authority and
responsibility for monitoring adherence to policies, procedures and limits. The official organisational
structure should reflect actual operating practices. Segregation of duties is a fundamental and
essential element of a sound risk management and internal control system.
7.10 The sophistication of MIS should be consistent with the complexity and diversity of a banking
institution’s operations. Appropriate management and board reports should be produced to support
risk monitoring activities.
7.11 Internal controls should be tested by an independent internal audit function which reports directly
either to the board or its designated committee.
7.12 The Reserve Bank uses the Risk Assessment System (RAS) to provide a structured framework
for measuring and assessing risk. RAS is a method of identifying, evaluating, documenting, and
communicating assessment of the quantity of risk, the quality of risk management, and the direction
of risk at each bank. It takes both a current and a prospective view of the institution’s risk profile.
7.13 Examiners use RAS for all banking institutions. While banking institutions are not required to
adopt a similar process, examiners are expected to discuss RAS assessments with bank
management in order to reach a common understanding of the risk profile of the institution, upon
which regulatory activities will be based.
7.14 For each risk category, bank examiners make the following assessments:
(a) Quantity of risk - is the level or volume of risk that exists and is characterised as low,
moderate, or high.
(b) Quality of risk management - is how well risks are identified, measured, controlled,
and monitored and is characterised as strong, acceptable, or weak. Strong risk
management indicates that management effectively identifies and controls all major types
of risk posed by the relevant activity or function. Acceptable risk management indicates
that a bank’s risk management systems, although largely effective, may be lacking to some
degree. Weak risk management indicates that risk management systems are lacking in
important ways and therefore, are a cause for more than normal supervisory attention.
(c) Overall composite risk - is a summary judgment about the level of supervisory concern.
It is characterised as low, moderate, or high. Risk mitigants are taken into account in the
examiners’ assessment of overall composite risk. Overall composite risk is the residual
risk after taking into account aggregate inherent risk and aggregate risk management systems.
(d) Direction of risk - is the probable change in the bank’s risk profile over the next 12
months and is characterised as decreasing, stable, or increasing. Decreasing direction
indicates that the examiner anticipates, based on current information, that the aggregate
risk will decline over the next examination cycle. Increasing direction denotes anticipation
of higher risk over the examination cycle.
17
Relationship between RAS & CAMELS …
7.15 RAS and CAMELS are distinct yet closely related bank evaluation methods. Both provide
information about a bank’s overall soundness, financial and operational weaknesses or adverse
trends, problems, and risk management practices.
7.16 The major distinction is that RAS is the prospective nature whereas the CAMELS rating system
primarily provides a point-in-time assessment of an institution’s current performance and condition.
RAS reflects an examiner’s judgment about current and future quantity of risk, quality of risk
management, and direction of risk in each bank. RAS may influence the CAMELS component
rating.
7.17 The remainder of this policy framework discusses the various steps of risk-based supervision in
detail.
18
8 UNDERSTANDING THE INSTITUTION – STEP 1
8.1 The first step for a Risk-Based Supervision Approach is developing an understanding of the
institution.
Institutional Profile…
8.2 An institutional profile is prepared to demonstrate the institution’s current condition. It also
highlights key issues and outstanding past supervisory findings. Simply stated, the institutional
profile provides a concise portrait of an institution’s structure, activities/ functional business lines,
and level of risk.
8.3 An institutional profile is a dynamic document that supports the overall risk-focused examination
process and facilitates ongoing monitoring of a given institution. The institutional profile should be
updated continuously to capture matters of significance that occur between on-site examination
cycles.
8.4 Supervisors are alert to the fact that an institution’s condition and risk profile can change within a
short period of time as a result of both endogenous and exogenous factors.
8.5 A comprehensive up-to-date institutional profile should be maintained for every supervised institution
and this is the responsibility of the examiner responsible for the institution. It is necessary for the
Senior Bank Examiner, Principal Bank Examiner, Chief Bank Examiner, and where possible, the
Senior Division Chief to subject Institutional Profiles to random checks to ensure consistence in
quality and completeness.
Sources of Information…
8.6 Information for compiling and updating institutional profiles should be collected from all reliable
sources to which the examiner has access. Formal sources will include on-site examination
reports, regular prudential and statutory returns, ad hoc returns, published financial results, external
ratings, formal meetings with the institution’s board and management, internal and external auditors,
and reports of and /or meetings with other supervisory/regulatory authorities such as the Stock
Exchange, Insurance Commission, ZIMRA etc.
8.7 Less formal and informal sources of information include media reports, informal meetings with
bank management and complaints filed against the institution.
8.8 Core Principle number 17 of the Basel Committee on Banking Supervision (Basel Committee)
requires bank examiners to have regular contact with bank management; and a thorough
understanding of the institution’s operations. The supervisor should require banks to notify the
RBZ of any substantive changes in their activities or any material adverse developments, including
breach of legal and prudential requirements.
8.9 There is need for the supervisor, based on the risk profile of individual banks, to have a programme
of regular meetings with senior management, board members, and heads of individual units to
discuss operational matters such as strategy, group structure, corporate governance, performance,
capital adequacy, liquidity, asset quality, risk management systems, etc.
19
CONTENTS OF THE INSTITUTIONAL PROFILE
8.10 The institutional profile provides a summary of the institution’s structure, present financial condition,
and its current and prospective risk profile, as well as highlights key issues and past supervisory
findings. The institutional profile contains information pertaining to the ownership, capital and
group structure (where applicable), branch network, staffing, corporate governance systems,
the institution’s business profile and strategy, risks and challenges facing the institution, regulatory
and any other ratings, and the condition and performance of the institution.
8.11 Detailed guidance on the contents of an institutional profile is discussed hereunder. Appendix 2
provides a complete institution profile for the hypothetical Omega Banking Corporation (OBC).
A. Overall Condition
8.12 Summarises the overall condition based on the level of supervisory concern, assessment of risk
management systems and adequacy of management oversight over the banking institution. Any
key issues/concerns relating to the strategies employed should also be highlighted.
C. Corporate Profile
C1 Background
8.14 Captures the history of the institution in brief covering among other things, date of establishment,
name changes (if any), mergers and acquisitions, conversions of banking licence.
C2 Shareholding Structure
8.15 Indicate names of shareholders, number of shares held and percentage shareholding over the
past three years. If the institution is owned by a holding or parent company, this is also shown in
the holding or parent company’s shareholding structure.
C3 Capital Structure
8.16 The institution’s capital components over the past three years should be presented in tabular
form.
20
C4 Related Organisations
8.17 Present in tabular form, the institution’s subsidiaries, associates and any other related organization
showing the percentage shareholding in each.
C5 Vision/Mission/ Strategies
8.18 State the institution’s vision, mission, values and strategic goals and initiatives.
C8 Branch Network
8.21 Indicate number of branches, agencies and other points of representation and their respective
physical addresses.
C9 Staff Compliment
8.22 State the total number of employees, indicating managerial and non-managerial staff of the
institution. Where necessary, comment on the adequacy of the human capital particularly in key
operational areas, in respect of numbers, qualifications and skills.
21
8.29 Also comment on the management information systems in terms of reliability and timely production
of financial and/ or regulatory reports.
8.37 Provide a summary of the overall condition of the institution based on the latest quarterly financial
returns, and comment on the following:
E1 Capital Adequacy
E2 Asset Quality
E3 Management
E4 Earnings
E5 Liquidity and Funds Management
E6 Sensitivity to Market Risk
8.38 Comment on the institution’s compliance with banking rules, regulations and directives issued by
RBZ. State any violations noted.
22
G. Environmental Considerations
8.39 Identify and state any external environmental factors, which may have an impact on the operations
and condition of the institution, for example, property, debt and equity markets, and economic
conditions.
H3 Future Prospects
8.42 Comment on the bank’s strategic initiatives/forecasts/projections for key performance areas,
budget projections, and/or new markets and products.
I. Attachments
8.43 The following attachments should be included as appendices to the institutional profile:
23
9 ASSESSING THE INSTITUTION’S RISK – STEP 2
9.1 The second step in the risk-based supervision framework, Assessing the Institution’s Risk, is
designed to develop a comprehensive risk profile of the institution. The purpose of the risk
assessment exercise is to identify the type, level, management and direction of all significant risks
affecting a banking institution, or inherent in a banking institution’s activities. The risk assessment
consists of two documents, namely a Risk Matrix and a Risk Assessment Narrative.
9.2 The main objective of a risk matrix is to present, in a tabular format, the type, level, management,
and direction of risk inherent in a banking institution; and forms the basis on which the supervisory
plan is built, and on-site examinations activities are determined. A risk assessment narrative describes
in a concise manner the type and level of inherent risks in banking institution’s activities, the
adequacy of risk management controls in place, the trend of the risk, and the impact of external
risk factors.
9.3 The risk assessment process highlights both the strengths and vulnerabilities of the institution and
provides the foundation for determining the supervisory activities to be conducted.
9.4 The risk assessment exercise can be effectively accomplished via adoption of a four phase
approach as illustrated by the diagram below:
24
Phase One – Gathering Information
9.5 During phase one sufficient information must be gathered to understand the institution’s business
activities and risk management systems. One or more on-site visitations may be conducted to
the banking institution to obtain additional information or to clarify information already received.
9.6 In phase two the key business activities or functional areas of a banking institution, and the
relative significance of the activities should be properly identified. These activities present various
combinations and concentrations of risks, depending on the nature and scope of the particular
activity. Certain functional activities (e.g. lending) should be broken down to the extent possible
according to the banking institution’s own internal classification and reporting arrangements, e.g.
corporate banking, retail, etc.
9.7 Activities, and their significance, can also be identified by reviewing information generated by the
institution, and this includes the balance sheet, off-balance-sheet reports, the income statement,
or any other report that is prepared for the institution’s board of directors and senior management,
to monitor performance.
9.8 A detailed income statement, for instance may be particularly informative because significant
activities and their relative importance to the institution’s revenue and net income are reflected in
this statement.
9.9 In addition to financial factors, information on strategic plans, new and possible management
changes need to be considered. Industry segmentation and the position the institution occupies
within its markets should also be considered. The competitive climate in which the institutions
operate is very important and should be assessed in the identification of significant activities.
9.10 Phase three, Completing the Risk Matrix, consist of eight stages or dimensions namely:
i. determine the quantity or level of inherent risk in each functional area or activity;
ii. assess adequacy of risk management systems to manage risks per functional area;
iii. determine the functional composite risk profile for each functional area;
iv. determine the aggregate inherent risk rating for each inherent risk across the institution;
v. assess the adequacy of aggregate risk management systems for each inherent risk across
the institution (per risk management system and aggregate basis);
vi. assess the overall composite risk for each inherent risk across the institution;
vii. determine direction of overall composite risk per inherent risk across the institution; and
viii. determine the entire institution’s overall inherent risk, overall risk management sytems,
overall composite risk, and direction of overall composite risk.
25
Stage 1 – Determine Quantity of Risk …
9.11 An assessment of the level of inherent risk in each functional area takes into account several
factors including the frequency of occurrence, probability of occurrence and or severity of impact.
The level or quantity of inherent risk per functional area may be assessed as “high”, “moderate”,
or “low”. Qualitative and quantitative factors should be considered.
9.12 Partly inspired by statistical theory, the level of inherent risk measures the probability or chance
of an adverse impact on a banking institution’s capital or earnings from potential future events
within the functional activity. No regard to the adequacy and quality of risk management systems
in place is made when assessing level of inherent risk. In all cases an assessment of the degree of
potential loss in relation to earnings and capital must be considered. Consideration should be
made of the banking institution’s type of activities vis-à-vis the inherent risk in terms of significance
or proportion.
9.16 It is important to note that the assessment of the quantity of risk management is made without
considering the risk management processes and controls. Bank examiners should be thoroughly
familiar with the factors that are taken into account when evaluating different categories of inherent
risks.
9.17 Appendix 1 – Risk Evaluation Factors provides some of the risk indicators taken into account
when assessing risk in various aspects of a banking institution.
26
(b) adequate policies, procedures and limits for managing business activities;
(c) adequate risk management, monitoring and management reporting systems; and
(d) comprehensive internal controls including an effective internal audit function.
9.19 The quality and adequacy of risk management systems should be characterised as “strong”,
“acceptable”, or “weak” depending on the availability, completeness, suitability, and compliance
with/of the risk management systems implemented in the banking institution.
9.20 Some indicators of Strong, Acceptable and Weak risk management systems are as follows:
27
(e) Management is unable to identify or monitor risk; or do not implement timely and appropriate
actions in response to changing conditions.
(f) Weak internal controls and audit function as well as failure to adhere to written policies
and procedures.
(g) Management information systems at various levels exhibit significant weaknesses and may
not consolidate total exposures.
(h) The deficiencies could have adverse effects on the safety and soundness of the banking
institution.
9.21 The third stage is an assessment of the functional composite risk profile for each significant
activity. This is determined by balancing the overall level of inherent risk of the activity with the
overall strength of risk management systems for that activity.
9.22 Functional composite risk is a summary judgment about the level of supervisory concern about a
bank. It incorporates judgments about the quantity of risk and the quality of risk management.
Functional composite risk is characterised as low, moderate, or high.
9.23 Risk mitigants may be taken into account. For example, loans may be determined to have high
risk, however, the probability and the magnitude of possible loss may be reduced by having very
conservative underwriting standards, effective credit administration, strong internal loan review,
and a good early warning system. Consequently, after accounting for these mitigating factors, the
overall risk profile and level of supervisory concern associated with the activity may be moderate.
9.25 Further guidance on the assessment of each of the inherent risks may be gleaned from Appendix
1 – Risk Evaluation Factors, and the BLSS Examination Manual.
28
Moderate Credit Risk …
(a) Current or prospective exposure to loss of earnings or capital does not impact materially
on financial condition.
(b) There is an average probability of adverse impact on earnings or capital, but the losses
could be absorbed in the normal course of business.
(c) Credit related losses do not seriously deplete the bank’s current reserves or necessitate
large provisions relative to earnings.
(d) Exposures do not reflect significant concentration.
(e) Portfolio growth is in accordance with a reasonable plan.
(f) Exceptions to underwriting standards do not pose significant risk.
(g) Volume of NPLs does not pose undue risk to capital and can be resolved within the
normal course of business.
29
High Liquidity Risk …
(a) The bank’s liquidity profile makes it vulnerable to funding difficulties should a material
adverse change occur.
(b) Significant concentrations of funding may exist, or there may be a significant volume of
providers that are highly credit sensitive.
(c) The bank may currently or potentially experience market resistance, which could impact
its ability to access needed funds at reasonable cost.
(d) There may be an increasing demand for liquidity with declining medium and long term
alternatives.
(e) Potential exposure to loss of earnings or capital due to high liability costs of unplanned
asset reduction may be substantial.
(f) Funding sources and balance sheet structures may currently result in or suggest potential
difficulty in sustaining long term liquidity on a cost effective basis.
(g) Liquidity needs may trigger the necessity for funding alternatives under a contingency
funding plan, including the sale of or disruption in a strategic line of busines
30
Moderate Foreign Exchange Risk …
a) Exposures to foreign currencies exist, but revaluations or translation adjustments are not
expected to have an adverse impact on capital and earnings.
b) Mismatches on longer-term positions denominated in foreign currency are manageable.
31
Moderate Legal and Compliance Risk …
a) The nature and extent of business activities may increase the potential exposure to violations
or non-compliance.
b) The bank may have violations outstanding, which are correctable in the normal course of
business without impacting on reputation, value, earnings or business opportunities.
c) The bank’s history of complaints or litigation is not a concern.
32
e) Strategic initiatives may be poorly conceived or inadequately supported by a business
plan.
f) Management does not consistently accomplish their stated strategic goals.
g) Less than effective risk management systems or a lack of adequate due diligence in the
case of new products and services, or acquisitions.
h) Strategic goals and the corporate culture may not be clearly communicated and consistently
applied throughout the organisation.
i) Management information systems may be insufficient to support the bank’s strategic
direction or address a changing environment.
33
Stage 5 – Aggregate Risk Management Systems …
9.27 Stage 5 of completing the risk matrix calls for an assessment of the adequacy of risk management
systems per sub-component thereof, and on an aggregate basis for each inherent risk across the
institution. The Aggregate Risk Management Systems rating is obtained by balancing the respective
risk management sub-ratings for the particular inherent risk. Aggregate risk management systems
may be rated as strong, acceptable, or weak.
9.28 The sixth stage in development of a risk matrix calls for an assessment of the Overall Composite
Risk profile per each inherent risk. This is accomplished by balancing the Aggregate Inherent
Risk rating with the Aggregate Risk Management Systems rating for each inherent risk. The
Overall Composite Risk may be characterised as “High”, “Moderate” or “Low”.
9.29 The table below provides guidance regarding the determination of the overall composite risk by
balancing the observed quantity of aggregate inherent risk with the perceived strength of the
related risk management systems.
9.30 A high overall composite risk generally would be assigned to an activity where the risk
management systems do not significantly mitigate the high aggregate inherent risk. An activity
could potentially result in a financial loss that would have a significant impact on the bank’s overall
condition, even in some cases where the risk management systems are considered strong.
9.31 A moderate overall composite risk generally would be assigned to an activity with moderate
aggregate inherent risk where the risk management systems appropriately mitigate the risk. For
a given low risk area, weak aggregate risk management systems may result in either a low or
moderate overall composite risk assessment. Alternatively, a strong risk management system
may reduce high aggregate risk so that any potential financial loss from the activity would have
only a moderate negative impact on the financial condition of the bank.
9.32 A low overall composite risk generally would be assigned to low inherent risk areas. Moderate
risk areas may be assigned a low overall composite risk where risk management systems are
strong.
34
Stage 7 – Determine Direction of Overall Composite Risk …
9.33 The seventh procedure in the completion of a risk matrix consists of determining the direction of
overall composite risk by each type of inherent risk across the institution. Direction of overall
composite risk is the probable change in the bank’s overall risk profile for each of the overall
composite ratings over the next 12 months and is characterised as decreasing, stable, or
increasing.
9.34 Decreasing direction indicates that the examiner anticipates, based on current information, that
the overall composite risk will decline over the next 12 months’ examination cycle. Such a scenario
reflects decreasing aggregate inherent risks and/or improving risk management systems.
9.35 Increasing direction denotes anticipation of higher risk over the examination cycle. This denotes
that inherent risks may be increasing and/or risk management systems are getting weaker.
9.36 If the inherent risks are stable and/or the risk management systems are unchanged, the direction
of the overall composite risk will be considered stable.
9.37 The final stage in completion of a risk matrix is the determination of the entire institution’s overall
inherent risk, overall risk management systems, overall composite risk, and direction of overall
composite risk.
9.38 A bank’s overall inherent risk takes into account aggregate inherent risks across all risk
categories. Overall risk management systems consider all the aggregate risk management
systems across the institution. A bank’s overall composite risk rating is determined by balancing
the overall inherent risk and overall risk management sytems. Direction of overall composite
risk will be assigned to complete the process.
9.39 The eight stages involved in the completion of a risk matrix are illustrated below for the hypothetical
OMEGA Banking Corporation.
35
36
Phase Four – Preparation of the Risk Assessment Narrative
9.40 The Risk Assessment Narrative shows the overall level of risk by inherent risk category and
direction. It also analyses the business activities within each of the inherent risk categories and
evaluates qualitatively the effectiveness of risk management systems. The Risk Assessment
Narrative provides the background to how the overall risk profile for the banking institution has
been derived. The format and content of the Risk Assessment Narrative should be flexible and
tailored to the characteristics of the individual banking institution. In general the risk assessment
should incorporate the following:
c. identify all major functions, business lines and products from which significant risks emanate;
e. consider the relationship between the likelihood of an adverse event and its potential
impact on a banking institution.
9.41 The narrative will also contain a comment on the consolidated risk management system and the
internal and external audit function. The format for the risk assessment narrative is tabulated
below, while Appendix 4 provides a complete example of the same.
37
ILLUSTRATIVE FORMAT
FOR A RISK ASSESSMENT NARRATIVE
Assess the adequacy of the risk management systems of the banking institution (BI) in detail, especially
in the four key areas of:
* board and management oversight;
* policies, procedures and limits;
* risk management and monitoring; and
* MIS.
Overall Assessment
Assess the overall risk rating and general trend of risk of the BI across all its functional areas. Also state
any future plans or prospects of the BI that might affect its risk profile in the near future.
Credit Risk
Assess credit risk rating and trend across the functional areas in which credit risk is concentrated, e.g.:
* Lending activities
* Treasury activities
Analyse credit risk by sectors of concentration as well as the performance of the NPL portfolio,
comparing with previous periods.
Comment on the adequacy of the risk management systems in mitigating credit risk.
Operational Risk
Assess operational risk and trend across the BI, especially in areas that are prone to high operational
risk, e.g.:
* Branch operations.
* Fraud.
Comment on the adequacy of the risk management systems in mitigating operational risk.
38
Liquidity Risk
Assess liquidity risk and trend across the functional areas of the BI, especially in areas of:
* Asset-Liability Management.
* Inter-bank Borrowings.
* Depositor Structure.
Comment on the adequacy of risk management systems in addressing the liquidity risk of the BI.
Assess the interest rate risk rating and the trend across the functional areas of activity in the BI especially
in areas of:
* Treasury (e.g. Investments, Derivatives)
Analyse the effects and trends of interest rates in areas in which the BI has significantly high interest rate
risk.
Comment on the adequacy of risk management systems in addressing the interest rate risk of the BI.
Assess the foreign exchange risk rating and the trend across the functional areas of activity in the BI
especially in areas of:
- Treasury (e.g. Investments, Derivatives)
Analyse the effects and trends of exchange rates in areas in which the BI has significantly high foreign
exchange risk.
Comment on the adequacy of risk management systems in addressing the foreign exchange risk of the
BI.
Assess the legal and compliance risk rating and the trend across the overall BI.
39
Mention any cases of litigation that the BI has been involved in over the review period as well as any
ongoing litigation yet to be resolved.
Comment on the adequacy of the risk management systems in addressing the legal and compliance risk
of the BI.
Reputation Risk
Assess the reputation risk rating and the trend across the BI as a whole.
Mention any cases of adverse publicity that the BI has been involved in over the past period.
Comment on the adequacy of the risk management systems in addressing the reputation risk of the BI.
Strategic Risk
40
10 PLANNING/SCHEDULING SUPERVISORY WORK –
STEP 3
10.1 Bank examiners should develop and maintain a Supervisory Plan4 that is current and relevant to
a banking institution’s size, complexity and changing risk profile. Generally, a supervisory plan
may be developed yearly and reviewed at least half yearly to reflect new risk trends. A supervisory
plan provides a bridge between the supervisory concerns identified through risk assessment and
the supervisory activities to be conducted. It should incorporate a schedule of off-site and on-
site activities to be undertaken for the given planning horizon.
10.2 To be effective, planning requires an initial statement of objectives and identification of related
strategies for them to be achieved. A good plan should demonstrate that the supervisory concerns
identified in the risk matrix and risk assessment narrative as well as the deficiencies noted in the
previous examination are being, or will be addressed.
10.3 The plan should itemise examination activities per different areas / activities of a bank or group
(i.e. Head Office, Treasury, Subsidiary etc.) to be evaluated, including scope of the review (full
or limited), the objectives, and other supervisory concerns regarding those areas. It should be
institution specific based on an analysis of factors such as the bank’s current condition, results of
operations, and the economic environment.
10.4 The pre-examination planning effort may be accomplished using both on- and off-site data. It is
critical that this process begin far enough in advance of the examination to allow sufficient time to
request and review the information necessary to develop the scope of the examination.
10.5 As a general guide, the Reserve Bank, via the BLSS arranges for bank management to complete
and submit the Pre-Examination Questionnaire (PEQ) approximately 30 – 45 days in advance
of the examination.
10.6 The Examaner-In-Charge (EIC) should receive the required information within two (2) weeks
from dispatch of the PEQ. Review of the completed PEQ received from the subject bank generally
requires about four (4) days to complete.
10.7 Pre-examination on-site review of sensitive information should be finalised within (2) weeks
after receipt of the PEQ.
10.8 BLSS is required to hold pre-examination prudential meetings with senior management within
one (1) day from the pre-examination on-site review of sensitive bank information.
10.9 The EIC is required to submit the pre-examination plan, preliminary risk assessment, and an
examination scope memorandum to the Chief Bank Examiner (CBE) and Quality Assurance
Committee (QA) five (5) days from receipt of the PEQ.
4
There are two types of supervisory plans: a sector-wide plan and institution specific plans. The industry-wide
supervisory plan prioritises examination resources according to both the relative risk profiles of all banking institutions
on the market and their systemic importance. Institution specific plans are the subject of this section.
41
10.10 A tentative on-site examination plan should be submitted to the Senior Division Chief (SDC)
for approval one (1) day after review by the CBE and QA, and/or within three (3) days from
the pre-examination prudential meeting with bank management.
10.11 The on-site examination should be commissioned within two (2) weeks from receipt of the
PEQ.
10.12 Details of the pre-examination time line are summarized in the table below for easy reference.
10.13 Exceptions to this general policy may include problem institutions or instances where an institution’s
condition is deteriorating rapidly.
10.14 Generally, examinations should be scheduled according to the approved supervisory strategy.
As a matter of policy, on-site examinations should be scheduled as per the following guidelines:
a. banking institutions rated “1” should have on-site examinations within two (2) year intervals;
b. banking institutions rated “2” have on-site examinations within 1½ year intervals;
c. banking institutions rated “3” should have on-site examinations on a 12 month interval;
and
d. banking institutions rated “4” and “5” should have on-site examinations on at most a 6
month interval.
10.15 The table below provides a template for the Supervisory Plan, while Appendix 5 provides a
complete example of the same.
42
ILLUSTRATIVE FORMAT
FOR A SUPERVISORY PLAN
43
44
11 DEFINING EXAMINATION ACTIVITIES – STEP 4
11.1 Prior to each on-site examination, the EIC has the responsibility to define the on-site examination
work. Once the risk assessment and examination planning processes are completed, an
Examination Scope Memorandum (ESM) should be prepared.
11.2 The purpose of the examination scope memorandum is to define details of the on-site examination
activities. It identifies the specific objectives and strategies of the examination and documents the
type and depth of review for specific areas of risk. It should provide a detailed road map to the
examination team and a central point of reference throughout the examination.
11.3 The examination scope memorandum should be tailored to the characteristics of each banking
institution. Therefore, it should vary with the size, complexity and risk profile of the bank; and
from examination to examination.
11.4 The scope memorandum must be in writing and should address the following:
a. reasons and objectives of the examination;
b. summary of condition and risk profile of the institution using the CAMELS and the RAS
rating systems;
c. summary of pre-examination meetings outside the bank and any liaison with other divisions;
d. proposed preliminary scope and focus of the examination, i.e. summary of issues to be
investigated or areas to be targeted, and reasons why;
e. areas not included in the scope of the examination, and reasons why;
f. summary of examination procedures to be used/followed;
g. assessment of examination resource needs (i.e. team, work assignments and time budget);
and
h. attachments.
11.6 Generally, adverse matters should be specifically reviewed at the subsequent examination in
order to ensure that appropriate corrective action has been taken.
11.7 An assessment should be made to determine whether the institution has implemented formal risk
management and compliance programs. If it is evident that management oversight provided by
audit, compliance and risk management programs is sound, a reduction in examination scope
may be warranted.
45
Latest CAMELS Ratings
11.9 The scope memorandum should include a summary risk assessment, in tabular format, for each
category of inherent risks.
11.11 Pre-examination meetings enable the examiner to obtain management’s perspective about the
condition of the banking institution, economic conditions, internal and external audit programs,
and the risk management process. The meetings should be held close enough to the examination
to ensure that the information discussed remains relevant and usable for the examination.
11.12 Ideally, discussions with management should focus on changes to management; policies; strategic
direction; management information systems; board and management oversight; staff turnover;
key functional areas; key risk issues facing the bank and other significant activities occurring since
the last examination.
46
made in resolving them. A summary of the bank’s performance since the previous examination is
also useful. Some issues will be drawn from both the risk assessment and supervisory plan.
11.14 In determining the scope of examination, the following Matrix for the various functional areas will
assist:
11.15 The preliminary scope may also be adjusted, expanded, contracted or otherwise refined once
the on-site examination begins, as a result of additional information obtained from discussions
with management, review of policies and procedures, internal control reports, files and ledgers.
11.16 Examiners also utilise information submitted via the Pre-Examination Questionnaire (PEQ) in
planning examination procedures and resources and make any necessary changes in the preliminary
scope.
11.18 Examination procedures may be eliminated or enhanced based on the risk assessment or the
adequacy of the audit and internal control environment. Sufficient coverage of a bank’s activities
by the bank’s auditing function, for instance, could result in the elimination of certain procedures
if the audit and internal control environments are deemed satisfactory.
47
on the examination; and prepare a customised entry-letter to the bank being examined to
communicate the dates of the examination.
11.20 Particular emphasis should be placed on ensuring appropriate personnel are assigned to the high
risk areas identified in the bank’s risk assessment.
11.22 Plan for optimum productivity - The EIC should plan opportunities for meetings with examination
staff and banking institution personnel, arrange adequate workspace for the examination team,
and prioritise and schedule workflow.
11.23 Make assignments and monitor job - The EIC must determine the expertise necessary to
perform certain aspects of the examination and make assignments accordingly. When assigning
more than one individual to an assignment, a Team Leader should be appointed to ensure its
completion. Training and development needs should also be considered when making assignments.
11.24 Budget and monitor overall time - The EIC must consider the time budget when assigning
tasks. A useful tool for improved planning is a Resource Allocation Schedule organized according
to sections of the examination and budgeted timeframes. As the examination progresses, the time
budget may be modified.
11.25 Assign priorities - The EIC should assign priorities to each area. Ordinarily this can be
accomplished by assigning related areas to one team leader who subsequently coordinates the
work of others. Pooling examiner resources may help reduce burden and redundancies.
11.27 In a risk-based supervision framework, an entry letter should be customised depending on the
risk profile of the particular banking institution, scope of the examination, and activities to be
performed. In other words, an entry letter should reflect the risk-based supervision objectives
and scope of the examination.
11.28 Examiners should take care to minimise regulatory burden associated with burdensome requests.
Entry letters should not request information already available to the regulatory authorities, say via
periodic statutory returns, unless, in cases where the information has changed since the previous
examination or inspection. Information that is not easily reproduced should be reviewed on-site
(e.g. policies and corporate minutes). Further, information requests that could easily and efficiently
be made orally during the on-site examination need not be called for in advance, unless it will
assist in planning the scope of the examination.
11.29 Examiners should allow management sufficient time to prepare the requested information, so
that documents will be available when the examination team arrives.
48
12 PERFORMING ON-SITE EXAMINATION – STEP 5
Examination Entrance Meetings…
12.1 At the beginning of each examination, an Examination Entrance Meeting should be held at the
bank’s premises between senior management of the bank and designated senior members of the
Bank Licensing, Supervision & Surveillance Division (BLSS). The purpose of the meeting will
be to formally commission the examination, indicate scope and focus of the examination, highlight
previous examination concerns; explain how examiners will conduct the examination; provide
details on the roles of the participating examiners; and answer any questions from the bank.
Examination Procedures …
12.2 Examination procedures should reflect the risk profile of each banking institution. The inspection
team should perform procedures tailored to fit the Risk Assessment prepared and the Scope
Memorandum. Further guidance would be found in the BLSS Examination Manual (forthcoming).
12.3 The Reserve Bank uses the CAMELS uniform bank rating system and the Risk Assessment
System (RAS) to determine the financial and general condition of a banking institution on an
individual basis (Solo Supervision). Consolidated Supervision uses, the RFI/C(D) rating system
to assess the condition of the group. Details of the RAS are provided in Section 7 of this framework.
CAMELS ASSESSMENT
12.4 A bank’s CAMELS Composite Rating integrates ratings assigned to the six key individual
components of the system, namely: Capital adequacy, Asset quality, Management capability,
Earnings quantity and quality, Liquidity adequacy, and Sensitivity to market risk. Composite and
component ratings range from “1” to “5”. All banking institutions are assigned CAMELS rating
whether they operate on a stand alone basis or as part of a banking group.
12.5 A bank rated “1” has the highest and best rating, and poses the least supervisory concern. A “5”
rating is the lowest and worst rating, indicating the most critically deficient level of performance
and inadequate risk management practices relative to the institution’s size, complexity and risk
profile. A “5” rated banking institution is at risk of failing and poses the greatest supervisory
concern. Detailed definitions of the composite ratings are discussed below:
49
Composite Rating “2”, “Satisfactory” …
12.7 Banking institutions in this group are fundamentally sound. For a banking institution to receive this
rating, generally no component rating should be more than “3”. Only moderate weaknesses are
present and are well within the board of directors’ and management’s capabilities and willingness
to correct. These banking institutions are stable and are capable of withstanding business
fluctuations. These banking institutions are in substantial compliance with laws and regulations.
Overall risk management practices are satisfactory relative to the institution’s size, complexity,
and risk profile. There are no material supervisory concerns and, as a result, the supervisory
response is informal and limited.
50
Component Ratings …
12.11 A list of the principal evaluation factors that are taken into account in respect of each component,
is provided hereunder, in no particular order of importance. Definitions of each rating per
component are provided below under the section dealing with the format of the examination
report.
Capital Adequacy …
12.12 The capital adequacy of an institution is rated based upon, but not limited to, an assessment of the
following evaluation factors:
a. the level and quality of capital and the overall financial condition of the institution;
b. the ability of management to address emerging needs for additional capital;
c. the nature, trend, and volume of problem assets, and the adequacy of allowances for loan
and lease losses and other valuation reserves;
d. balance sheet composition, including the nature and amount of intangible assets, market
risk, concentration risk, and risks associated with non-traditional activities;
e. risk exposure represented by off-balance sheet activities;
f. the quality and strength of earnings, and the reasonableness of dividends;
g. prospects and plans for growth, as well as past experience in managing growth; and
h. access to capital markets and other sources of capital, including support provided by a
parent holding company.
Asset Quality …
12.13 The asset quality of a financial institution is rated based upon, but not limited to, an assessment of
the following evaluation factors:
a. the adequacy of underwriting standards, soundness of credit administration practices, and
appropriateness of risk identification practices;
b. the level, distribution, severity, and trend of problem, classified, non-accrual, restructured,
delinquent, and non-performing assets for both on- and off-balance sheet transactions;
c. the adequacy of the allowance for loan and lease losses and other asset valuation reserves;
d. the credit risk arising from or reduced by off-balance sheet transactions, such as unfunded
commitments, credit derivatives, commercial and standby letters of credit, and lines of
credit;
e. the diversification and quality of the loan and investment portfolios;
f. the extent of securities underwriting activities and exposure to counter-parties in trading
activities;
g. the existence of asset concentrations;
h. the adequacy of loan and investment policies, procedures, and practices;
i. the ability of management to properly administer its assets, including the timely identification
and collection of problem assets;
j. the adequacy of internal controls and management information systems; and
k. the volume and nature of credit documentation exceptions.
Management …
12.14 The capability and performance of management and the board of directors is rated based upon,
but not limited to, an assessment of the following evaluation factors:
a. the level and quality of oversight and support of all institution activities by the board of
directors and management;
51
b. the ability of the board of directors and management, in their respective roles, to plan for,
and respond to, risks that may arise from changing business conditions or the initiation of
new activities or products;
c. the adequacies of, and conformance with, appropriate internal policies and controls
addressing the operations and risks of significant activities;
d. the accuracy, timeliness, and effectiveness of management information and risk monitoring
systems appropriate for the institution’s size, complexity, and risk profile;
e. the adequacy of audits and internal controls to: promote effective operations and reliable
financial and regulatory reporting; safeguard assets; and ensure compliance with laws,
regulations, and internal policies;
f. compliance with laws and regulations;
g. responsiveness to recommendations from auditors and supervisory authorities;
h. management depth and succession;
i. the extent that the board of directors and management is affected by, or susceptible to,
dominant influence or concentration of authority;
j. reasonableness of compensation policies and avoidance of self-dealing;
k. demonstrated willingness to serve the legitimate banking needs of the community; and
l. the overall performance of the institution and its risk profile.
Earnings …
12.15 The rating of an institution’s earnings is based upon, but not limited to, an assessment of the
following evaluation factors:
a. the level of earnings, including trends and stability;
b. the ability to provide for adequate capital through retained earnings;
c. the quality and sources of earnings;
d. the level of expenses in relation to operations;
e. the adequacy of the budgeting systems, forecasting processes, and MIS in general;
f. the adequacy of provisions to maintain the allowance for loan and lease losses and other
valuation allowance accounts; and
g. the earnings exposure to market risk such as interest rate, foreign exchange, and price
risks.
Liquidity …
12.16 Liquidity is rated based upon, but not limited to, an assessment of the following evaluation factors:
a. the adequacy of liquidity sources compared to present and future needs and the ability of
the institution to meet liquidity needs without adversely affecting its operations or condition;
b. the availability of assets readily convertible to cash without undue loss;
c. access to money markets and other sources of funding;
d. the level of diversification of funding sources, both on- and off-balance sheet;
e. the degree of reliance on short-term, volatile sources of funds, including borrowings and
brokered deposits, and lender of last resort facilities to fund longer term assets;
f. the trend and stability of deposits;
g. the ability to securitise and sell certain pools of assets; and
h. the capability of management to properly identify, measure, monitor, and control the
institution’s liquidity position, including the effectiveness of funds management strategies,
liquidity policies, management information systems, and contingency funding plans.
52
Sensitivity to Market Risk …
12.17 Market risk is rated based upon, but not limited to, an assessment of the following evaluation
factors:
a. the sensitivity of the financial institution’s earnings or the economic value of capital to
adverse changes in interest rates, foreign exchange rates, commodity prices, or equity
prices;
b. the ability of management to identify, measure, monitor, and control exposure to market
risk given the institution’s size, complexity, and risk profile;
c. the nature and complexity of interest rate risk exposure arising from non-trading positions;
and
d. where appropriate, the nature and complexity of market risk exposure arising from trading
and foreign operations.
RFI/(C)D ASSESSMENT
12.18 Each Bank Holding Company (BHC) is assigned a composite rating on the basis of the RFI/
(C)D rating system; where; R is Risk Management, F stands for Financial Condition, I represent
Impact of non-banking entities on the depository subsidiaries institutions, C is the Composite
Rating, and D denotes a summary rating of banking institutions in the group. A suffix P is added
to the rating of D to indicate the presence and number of problem banks, e.g. 2P.
12.19 Rating of each of the above-mentioned components, except for I, is based on a scale of numerical
or descriptive scale of “1” to “5”.
12.21 The “R” rating underscores the importance of the control environment, taking into account the
complexity of the organization and the risks inherent in its activities.
12.24 It focuses on the ability of the BHC’s resources to support the level of risk associated with
activities.
12.25 The sub-components of “F” are: Capital Adequacy, Asset Quality, Earnings and Liquidity, or
“CAEL” for short. The sub-components maybe evaluated on sectoral basis, prior to consolidation,
to take into account sectoral differences in standards.
53
Impact (I)…
12.26 The Impact Component (I) denotes the potential impact of non-bank entities on banking entities.
Examination staff is required to evaluate the degree to which current or potential issues within the
non-banking entities present a threat to the safety and soundness of the subsidiary banking
institution(s).
12.27 The evaluation should cover both the risk management practices and financial condition of the
non-banking entities; an analysis that will borrow heavily from the analysis of “R” and “F”
components. The rating focuses on the aggregate not individual impact.
12.28 The descriptive definitions of the numerical ratings for “I” are different from those of the other
components, and are as follows:
a. low likelihood of significant negative impact;
b. limited likelihood of significant negative impact;
c. moderate likelihood of significant negative impact;
d. considerable likelihood of significant negative impact; and
e. high likelihood of significant negative impact.
12.29 The Depository Institutions (D) Component is based on the weighted average CAMELS
composite ratings of banking institutions. It stands outside the composite rating although risk
management and financial factors are included in composite “R” and “F” ratings, which are then
factored into the composite rating. A problem bank identifier is added, denoted by “P”, to
identify the number of problem banks in a group (e g. 2P)
MANAGING AN EXAMINATION
12.30 Managing an examination is as important as planning it. The level and sophistication of management
methods and procedures varies depending on the activities to be performed and the size and
nature of the banking institution.
12.31 The EIC has a responsibility to ensure that supervisory objectives are met and activities are
completed timely. To accomplish these goals, the EIC must continually monitor the progress of
the examination and supervise, coordinate, and evaluate the work flow.
12.32 Some of the key elements the EIC should consider during the course of the examination are
discussed hereunder:
a. Communicate examination objectives – The EIC should ensure that examiners
understand the objectives of the examination and their assigned programs. It is also
important to avoid material deviations from the examination scope into unplanned activities.
Therefore, examiners should not vary from the scope or depth of the examination unless
the EIC determines that such procedures are necessary to address potential risks.
b. Ongoing communication between the EIC and team participants is critical to effective
examination management.
c. Monitor staff performance - Examiners’ performance should be monitored throughout
the examination to ensure objectives are being met according to schedule and to prevent
problems from developing. Early identification of work-related problems also allows
examiners the opportunity to correct mistakes and to immediately improve skills.
54
d. Monitor the examination - Monitoring the examination’s progress allows early
adjustments to the scope, staffing, and completion date, as necessary. BLSS senior
management should be advised if examination scope adjustments are necessary.
e. Training and evaluating examiners - Examiners may frequently need guidance,
depending on their experience and ability. The EIC should encourage questions and ensure
that someone is available to provide guidance.
f. Communicate effectively – The EIC should also maintain effective communication with
BLSS, Senior Management and the banking institution, regarding the examination’s
progress.
g. Complete work papers - Prepare, file, index, and review working papers to facilitate
efficient preparation of the examination report.
h. Out-brief examiners - The out-briefing process is critical to the conclusion of the on-
site examination effort. As the field work draws to a close, the EIC must have a complete
understanding of the work performed and issues identified by each team member. Ideally,
the EIC will monitor all team members’ activities during the examination hence the out-
briefing may be minimal. The out-briefing should provide an orderly transfer of examination
materials, such as working papers, reference material, time sheets, etc., from the participant
to the EIC or the EIC’s designee. The EIC should also be informed of any additional
items requested during the examination that should be added to the pre-examination request
list for the next examination.
WORKING PAPERS
12.33 Working papers should be prepared for every area reviewed during the examination in order to
document examination procedures and support conclusions. They must provide sufficient
documentation for a reviewer to understand what was done, why it was done, and how conclusions
were reached. Objectives, findings, risks associated with deficiencies, conclusion and
recommendations should be clearly outlined in working papers.
12.34 The working papers for each area should contain only essential information that supports
conclusions, violations of law or regulations, or any applicable corrective actions. The working
papers should also clarify what needs to be done about the conclusions, either by the banking
institution concerned or the examiner.
12.35 The EIC should review all examination-related working papers prior to leaving the examination
to ensure that examination findings are accurate and well documented. The review should ensure
that the overall quality of working papers is consistent with BLSS standards.
12.36 Working papers should support examination findings and be subjected to peer review and quality
validation by the Team Leader, Examiner-in-Charge, Head of Division and/or Quality Assurance
Committee.
12.37 Working papers are the property of BLSS and should not be released to external parties without
prior authorisation. Therefore, examiners must secure working papers at all times. Examiners in
addition must maintain control over all sensitive examination-related information on their portable
computers. Following the completion of the examination, examiners and staff should promptly
remove examination-related information from their portable computers.
55
12.38 If working papers are electronic, they should be stored and/or shared in a manner that protects
the confidentially of the documents.
12.39 The templates for various working papers used by bank examiners during on-site examinations
are provided in the BLSS Examination Manual.
The salient features of the Post Examination Time Line are tabulated below for easy reference.
60 days after release Receipt of responses to recommendations arising from the report
of final report depending on the condition of the institution, follow-up after release of
the final report
56
PRESENTATION OF EXAMINATION FINDINGS
12.41 The examination team should follow a three-tier reporting system, whereby examination findings
will be presented to the functional head; senior management in an exit meeting; and the bank’s
board of directors.
12.42 Procedurally, sectional reports must be prepared, discussed and signed by the bank’s line
management. Each area examined should have a report signed by the bank management and at
least two members of the assigned examination team. Subsequently, an exit meeting with
management must be held to discuss all major issues that will be included in the final report of
examination.
EXAMINATION REPORT
12.43 An Examination Report is the Reserve Bank’s primary vehicle for communicating examination
findings in writing to a bank’s board of directors. The report should define the objectives and
focus of the examination, state conclusions, and identify any significant problems, corrective
action, and timeframes for corrective action.
12.45 A Report of Examination should be objective, lucid, concise and communicate supervisory
concerns and recommendations that correlate to the risk profile of the banking institution.
Supervisory ratings should be disclosed and they should reflect the adequacy of the risk management
systems/structures in light of the quantity and types of risks identified. The Examination Report
should contain both qualitative and quantitative factors.
12.46 Appendix 7 provides a template for a risk-based supervision report of examination. Excerpts of
the imaginary Omega Banking Corporation’s Examination Report in Appendix 8 provide further
practical guidance.
12.47 The examination report comprises three mutually reinforcing sections, namely: Executive Summary,
Core Assessment, and the Supplementary Sections.
12.48 The Executive Summary section provides the Institutional Overview; Objectives and Scope of
Examination; Overall Condition; Matters Requiring Attention; CAMELS ratings and results of
the Risk Assessment.
12.49 An institutional overview considers the bank’s shareholding, areas of supervisory concerns as
well as an assessment of the bank’s potential impact on the entire financial system in the event of
distress. Significance of a banking institution and its potential impact on the fincial system is
appraised quantitatively by rank and market share in terms of total assets, total loans and advances,
57
and total deposits. Banking institutions with a market share of ten percent and above in any
category are considered as high impact institutions; between five and ten percent, medium impact
institutions; and below five percent, low impact institutions.
12.50 A bank’s overall risk rating should be tabulated in terms of both the RAS and the CAMELS
ratings. The RAS rating should comprise of a brief commentary on a bank’s overall composite
risk and its direction, and supportive commentary on the level of inherent risk and the quality of
risk management systems.
12.51 The CAMELS rating in the executive summary comprise of a table of comparative component
ratings, a brief commentary on rating differentials, and basis for current ratings.
12.52 For avoidance of doubt, risk-based supervision does not replace the CAMELS rating system.
The bank’s current condition will still be summarized and reported using the CAMELS rating
system, with all components disclosed, but the report’s focus will be on significant risk areas.
CAMELS components not subject of the current on-site examination are assigned ratings
based on results of off-site analysis and/or prudential meetings with bank officials.
12.53 Under risk-based supervision, the bulk of the examination report should however focus on
matters of significant supervisory concern in order to communicate the examiners’ analysis,
conclusions, and recommendations.
12.54 The Matters Requiring Attention sub-section itemises corrective actions required to address
supervisory concerns, and priority of their implementation.
12.55 The Core Assessment section consists of a detailed Risk Management Review (using RAS)
and a CAMELS assessment. The section starts with the Risk Management Review in order to
underscore the primacy of risk management.
12.56 Examiners should ensure that there is no duplication in their comments on the various inherent
risks in the CAMELS write-up, as well as the Risk Assessment write-up.
12.57 The CAMELS write-up should cover the macro aspects of the inherent risks. The RAS write-
up should include the micro aspects of the various inherent risks. A RAS assessment focuses on
the overall risk rating, direction of composite risk and rationale, the level and quality of risk
management systems.
12.58 An evaluation of CAMELS components should provide a brief description of the examiners’
significant finding(s); where necessary state the impact or risk of the finding(s) to the banking
institution’s operations; and recommendations.
12.59 The report should indicate management’s response to the examiners’ findings and
recommendations. Additional examiners’ comments are required in the event management of the
banking institution rebuts or disagrees with the examiners’ comments and/or recommendations.
The examiners’ additional comments indicate the Reserve Bank’s position on the matter raised
so that all parties are aware of and adhere to the final decision.
58
12.60 Appropriate writing style should be used in compiling the report. The report should reflect the
risk profile of the banking institution. Ideally stress tests results should be analyzed under the
appropriate “CAELS” component, and not in a separate section.
12.61 Examiners are also expected to comment on the prospects of the institution under consideration.
12.62 The Supplementary Section provides schedules, tables, and other reports which support findings
and conclusions of the examination. A comparative balance sheet, comparative income statement,
and a statement of changes in capital structure are also dealt with in this section.
12.63 Analysis of Changes in Capital Structure is mandatory if: (i) the bank has a financial subsidiary;
or (ii) there is a change in the capital category as a result of the examination; or (iii) the ratios
supporting the capital category in the examination are not derived from the bank’s statutory
return as of the same date. Exception (iii) could occur if the examination ratios were calculated at
a date other than a quarter end, or, if calculated at quarter-end, the numbers were adjusted/
changed from those filed in the return.
12.64 Loan Write-up Summaries, if any, should indicate the name of the client, exposure and
classification. A description of facility terms, value of collateral, current status, weaknesses,
management action should be provided.
QUALITY ASSURANCE
12.65 The Reserve Bank has a Quality Assurance process, within BLSS in particular, and the Bank in
general, that is designed to ensure consistent, high quality banking supervision, and conformity to
international best practice. BLSS Quality Assurance programs incorporate both ongoing quality
control processes, which ensure that work products are in compliance with established procedures
and policies, and an after-the-fact review of material to assess the effectiveness of policies and
procedures. The latter process should not amount to a re-examination of the bank.
12.66 Quality Assurance covers all aspects of banking supervision on a continuous basis, and may
provide a basis for changes in policies. All key reports are subjected to a formal review as shown
overleaf.
12.67 The Quality Assurance process ensures that the supervisory process is administered in a fair and
equitable manner. In other words similar findings are treated similarly.
12.68 Disagreements which arise between examiners and the bank during the supervisory process
should be resolved fairly and expeditiously, in an amicable manner.
12.69 Where disputes cannot be resolved, an appeal maybe made to RBZ senior management, on
merit, and not as an avenue to frivolous negotiation of ratings.
59
Name of Report
………………………………........................................……………..
Approved By……...................………...
60
EXIT MEETING WITH MANAGEMENT
12.71 At the completion of each examination, BLSS will meet bank management to discuss examination
findings, conclusions, and recommendations based upon the CAMELS and Risk Assessment of
the institution; discuss potential courses of action to address deficiencies; and to obtain
management’s commitment, including timeframes, to any recommended corrective action(s).
12.72 The EIC arranges the exit meeting and prepares an agenda. The agenda should include the main
issues contained in the draft examination report. All potential attendees should be informed of the
meeting time and location well before the meeting date.
12.73 Prior to conducting an exit meeting, the EIC should discuss, or ensure discussion of all sectional
reports, with lower and mid-level management of the banking institution. Attendants should
include at least two examiners, one of them being the Team Leader responsible for examination
of the function in question. Each functional area examined should have a report signed by the
bank management and at least two members of the examination team.
12.74 The examiner-in-charge should review all the draft sectional reports before they are presented
to functional management for discussions. Further, the EIC should research any disagreements
arising from sectional meetings before the exit meeting to validate the examination concerns and
to build additional support where needed.
12.75 Above all, the EIC should, prior to the exit meeting, discuss the significant examination findings
with appropriate Reserve Bank senior management to ensure that BLSS policy is consistently
applied, and that Reserve Bank senior management supports the examiners’ conclusions and
corrective actions as necessary and appropriate.
12.76 The draft report may also be presented to the BLSS Quality Assurance team before being
discussed with bank management.
BOARD MEETING
12.77 A meeting with the bank’s Board of Directors would be held after each on-site examination.
Meetings with the board are an important part of the supervisory process, and should be conducted
with the utmost professionalism. The board meeting also serves as a good forum for board
members to ask questions or comment on various issues.
12.78 Generally, at meetings with directors, examiners discuss BLSS objectives and methodologies;
strategic issues and growth of the bank; risks facing the bank and matters of supervisory concerns;
the bank’s success or failure in correcting deficiencies identified in previous examinations; the
impact of failing to correct deficiencies; corrective action to be taken; what the bank is doing well
and industry issues affecting the bank.
12.79 Prior to presentation of examination findings to a banking institution’s board of directors, Reserve
Bank senior management should be advised via a memorandum providing dates when examination
was conducted; details of the exit meeting with management; overall CAMELS assessment
(narrative and comparative table of ratings); summary table of results of Risk Assessments; matters
requiring attention and recommendations. A copy of the complete examination report should also
be attached.
61
12.80 The presentation to the board requires mandatory attendance of the board Chairperson and
Chief Executive Officer, as well as a board quorum. The board meeting would be the last meeting
to discuss examination findings before the final report is produced.
12.81 All significant issues to be included in the final report should be discussed at this meeting. If there
are any recent developments or the bank has carried out corrective action after the completion of
the examination, the examination team should verify the new developments as soon as possible
before finalising the report.
12.82 The report should be finalised within two weeks after the discussion of the report with the board
of directors. The bank would be given two weeks in which to acknowledge receipt, study, and
review the final report. The final report should be signed for acknowledgement by each and
every one of the board members.
12.83 Despite the best efforts of authorities to properly license, supervise and regulate banking
institutions, the potential for problem banks always exists, hence the importance of a well defined
policy framework for timely and effective supervision of problem banks.
12.84 The Reserve Bank has put in place a framework for Prompt Corrective Actions (PCAs) whose
primary role is to ensure early recognition of problems in banking institutions and to ensure that
there is effective supervision and monitoring of troubled banks.
12.85 PCAs programs are automatic rules that serve to contain regulatory forbearance and are meant
to lead to expeditious supervisory action at least cost to depositors, creditors and the economy.
The system of PCAs is based on pre-structured early intervention rules, as opposed to examiners’
discretion, and will be used as part of both the on-site and off-site supervision.
12.86 PCAs are also designed to achieve a number of objectives, including the following:
a. facilitate prompt corrective actions on weak banking institutions;
b. strengthen the banking system and promote sound banking practices;
c. develop permanent solutions for troubled banking institutions; and
d. maintain financial stability and promote economic development and growth.
12.87 Banks will be grouped into different categories based on their financial and general condition, as
depicted by CAMELS and Risk Assessment composite and component ratings. An appropriate
strategy (e.g. informal agreement to correct weaknesses, formal corrective order, merger/sale,
capital demand, closure and liquidation etc.) will then be applied, depending on the severity of
the problems or deficiencies.
12.88 Details of the supervisory benchmarks, and the respective mandatory PCAs are provided in the
revised Reserve Bank “Troubled & Insolvent Bank Policy”.
12.89 In all cases, the Reserve Bank will require involvement of boards of directors and senior
management, and, where necessary, principal shareholders, in developing and implementing
appropriate corrective action programs for a troubled banking institution.
62
12.90 Progressively harsher corrective measures will be used and may culminate in mandatory closure
and liquidation of troubled, insolvent, or imminently insolvent banks whose deficiencies cannot
be resolved within a defined period.
12.91 In certain cases, monetary penalties will be levied in terms of the Banking Act as read with the
Banking Regulations to achieve a remedial purpose; and to provide a deterrent to future
misconduct. If the Reserve Bank determines that criminal proceedings as provided under the Act
are necessary to achieve results, recommendations will be made to law enforcement agencies for
prosecution of the bank, any one or more of its employees, officers, directors or shareholders,
or any other responsible person(s).
63
13 CONDUCTING OFF-SITE EXAMINATION – STEP 6
13.1 The Reserve Bank places great emphasis on developing and implementing sophisticated, up-to-
date, in accordance with international standards, off-site analysis to achieve “continuous supervision”
and on-going risk-assessment of banking institutions.
13.2 The off-site function provides for periodic analyses of individual financial institutions and the
banking sector’s financial condition, performance, and risk management practices on the basis of
quantitative and qualitative information furnished by reporting institutions through the medium of
standardised statutory returns. Apart from prudential returns other sources of information include
internal management reports and published financial information.
13.4 The similarities and differences between off-site and on-site surveillance are summarised in the
tabled below:
64
13.5 It should be emphasised that off-site monitoring is employed as a supplement and not a substitute
to on-site examinations. Both approaches have their own advantages and disadvantages.
13.6 The individual Off-site Surveillance tools used to detect areas of supervisory concern include
CAMELS and RAS Assessments; Early Warning Systems; Stress Testing Methodologies; Prompt
Corrective Action programs; and Prudential Meetings.
13.7 The major outputs of Off-site Surveillance are Quarterly Off-site Analysis reports based on the
CAMELS and Risk Assessment systems; quarterly Board Reports; quarterly Status of the Banking
Sector Reports; half-yearly Financial Stability Reports (forthcoming); ad-hoc Troubled Banking
Institutions Reports; and a weekly Status Reports.
65
Quarterly Off-site Analysis Process
13.8 The framework for off-site analysis comprises of a number of stages involving data collection;
preliminary analysis and validation; detailed analysis and report writing.
13.9 The table above provides an overview of some of the processes involved, and their respective
results. Details of the off-site analysis framework are briefly discussed hereunder:
13.10 The Reserve Bank has powers to collect prudential data on a routine reporting and ad-hoc
basis. Some of the returns are required to be completed on both a solo and consolidated basis.
A list of some of the returns, including frequency of submission, and circumstances under which
they are required is tabulated below:
66
Periodic Returns
13.11 Regular statutory returns; e.g. Return of Financial Condition & Performance (Form BSD1),
and Consolidated Return of Financial Condition & Performance (Form CS1), are sub-divided
into a number of schedules, and cover information on assets and liabilities, profit and loss, off-
balance sheet items, capital adequacy, liquidity, large exposures, loan classification, foreign exchange
position, market and operational risk.
13.12 The accuracy of the information and the quality of information technology (IT) systems used to
produce prudential records is subject to a mandatory, formal annual IT Certification by a bank’s
external auditors, and may be verified by direct Computer-Based Auditing during Reserve Bank
on-site examinations.
13.13 All banking institutions are required to submit prudential reports and returns within specified
timeframes as delays may result in industry-wide distortions (e.g. in the computation financial
ratios).
13.14 It is incumbent upon the examiner to ensure that all the requisite returns are received from banks
by due date and in the prescribed manner and format. Where necessary appropriate action
should be taken to enforce compliance or co-operation from the bank.
13.15 Once all the information is available, the next stage involves automated (IT-assisted) processing
of data from all reporting banking institutions and preliminary aggregation of results, including
calculation of all the basic ratios for the evaluation of a bank’s condition.
13.16 It is important for data to be input accurately and to be checked for large variances before use.
Validity and quality edits are performed to verify the integrity of data in the system.
67
13.17 Validity edits are performed first to ensure that numbers add right. The examiners have to fix
the errors by proof-reading their keying and/or by calling the institution to get corrected data.
Items that appear on more than one schedule are cross-checked to ensure that those numbers
reconcile. Where the cross referenced figures do not reconcile, this is indicative of an error.
13.18 Quality edits consist of comparison of the values for an item between reporting periods i.e. the
current reporting period and the last period. Unexplained large variances should be verified and
the basis sought from the respective bank.
13.20 Appropriate writing style should be used in compiling the report. The examiner should bring
out the main point in the first line of the paragraph and provide adequate support comments
which should provide sufficient facts to justify the ratings assigned. For instance, strong performance
will signify performance well above or significantly better than peer average, and/or regulatory
minima.
13.21 The examiner should address all appropriate factors/related factors for each component rating
using adequate written comments which are grammatically correct, clearly written and well
organised.
13.22 The actual report should focus on material changes. Emphasis should be placed on issues
rather than ratios. For example, it’s no use indicating that specific provisions rose by 50%
without putting the issue into perspective and indicating the factors.
13.23 The examiner should consider the level of ratios when evaluating component ratings by comparing
ratios to available benchmarks e.g. peer group and regulatory minima.
13.24 Identification of meaningful trends since the last examination and determination of the direction
of the trend will also be crucial in making an assessment of the condition of the institution. The
examiner should be able to identify why (cause) a level is high or low or a trend is up or down.
Any comments made should address the analytical reasons for change.
13.25 The examiner should review the gross dollar volume and determine if the volume is significant,
or abnormal. Ratios based on insignificant dollar amounts should not be given undue emphasis.
13.26 Management intentions are essential in establishing the strategic intent of the institution thus
examiners, where necessary, should include material comments on any known management
intentions. Examiners should also comment on the prospects of the institution under consideration.
13.27 In concluding the report, an examiner must indicate the supervisory action required based on
the analysis.
13.28 The examiner should also indicate the results of any stress tests carried out on the institution as
well as analyse them and the potential impact on the institution. If any projections or assumptions
are made by examiners, then these should be summarised.
68
Quarterly Off-site Analysis Report Format …
13.30 The Reserve Bank uses the CAMELS rating system (for solo supervision), Risk Assessment
System, and the RFI/C (D) Bank Holding Company rating system (used for consolidated
supervision) to evaluate the safety and soundness of banking institutions. Details of the CAMELS,
RAS, and RFI/C (D) have already been discussed in sections covering on-site examination.
13.31 The quarterly off-site report should make use of analytical reviews and results of econometric
models. Analytical reviews are a combination of financial ratios, derived from quarterly bank
balance sheets and income statements.
13.32 When undertaking analytical reviews, supervisors draw on their experience to weigh the information
content of these ratios. Econometric models also combine information from bank financial ratios
but relies more on statistical tests rather than human judgment to summarise bank condition. To
improve the quality of analysis and decisions, models should not be used mechanically.
13.33 The structure of a typical Quarterly Off-site Analysis Report, as tabulated below, includes an
indication of the overall condition; market share, ranking and significant developments; supervisory
actions in place or pending; current supervisory strategy; assessment of CAMELS factors and
stress testing; compliance to supervisory actions; matters requiring attention; and recommendations
for follow-up.
69
OFF-SITE ANALYSIS REPORT FORMAT
[Face cover]
[Table of Ratios ]
13.34 The overall condition should encompass the overall composite CAMELS rating of the bank.
Discussion of the CAMELS components should take into account the respective stress testing
results per component (and respective market share where applicable) over and above the usual
evaluation factors. In addition to discussion of issues, trends, causes, impact, and prospects,
reference should also be made to supervisory and internal benchmarks. See Table of Key
Indicators below for guidance. Supervisory concerns should be in line with the risk profile of the
institution.
70
Table of Selected Key Indicators
71
PRUDENTIAL MEETINGS
13.36 In a risk-based supervision framework, bank examiners may hold a number of prudential meetings
with banking institutions to get an insight into their risk management systems; financial condition
and performance; business prospects; and matters of concern. The frequency of prudential meetings
varies among banking institutions depending on their CAMELS and Risk Assessment ratings,
track record, internal and external environmental factors.
13.37 As a matter of policy, prudential meetings should be scheduled as per the following guidelines:
a. banking institutions rated "1" should have one prudential meeting per year;
b. banking institutions rated "2" should have prudential meetings twice a year; and
c. banking institutions rated "3" to "5" should have quarterly prudential meetings.
13.38 The Reserve Bank requires banking institutions to maintain a proper internal audit function as
part of an effective system of internal controls. Banking institutions are also required to establish
a board audit committee to oversee the operations of the internal audit function, which should
have independent reporting lines.
13.39 The Reserve Bank also expects external auditors to share any adverse findings of audits with
bank examiners. A copy of the management latter should be submitted directly to the Reserve
Bank at the conclusion of every audit.
13.40 Each banking institution is expected to publish audited financial statements within ninety days
from the end of each financial year. External auditors are also expected to certify the authenticity
of informational databases maintained by financial institutions on an annual basis.
13.41 Many off-site analysis systems and tools are readily described as "early warning systems." Early
warning systems help to identify problem banks for early intervention, and are also useful in
scheduling and prioritising examinations. In any early warning system the quality of data and
depth of analysis are very important in order to draw the right conclusions. Back testing of
models also helps to improve the quality of early warning systems deployed.
13.42 The Reserve Bank's early warning system makes use of macro-prudential indicators, in the form
of the IMF Financial Soundness Indicators (FSIs), over and above the usual CAMELS indicators.
FSIs are sub-divided into the Core Set, which is mandatory, and the Encouraged Set which can
be used at the discretion of national regulatory authorities.
13.43 The table overleaf summarises the FSIs adopted, or on the verge of being adopted by the
Reserve Bank in its off-site analysis of banking institutions. BLSS will use off-site analysis as a
pre-emptive tool to identify weak institutions.
72
Financial Soundness Indicators
73
13.44 The Off-site Analysis Reports will henceforth incorporate variables listed on the FSIs Core Set
and the Encouraged Set.
13.45 Results of early warning systems, just like those of economic models should not be used
mechanically but subjected to qualitative evaluation. It must be noted that some early warning
systems are just "warning lamps" at best due to time lags between the data delivery and the
period the data actually cover. Data quality may depend on submissions from the banks.
PRE-EMPTIVE STRATEGIES
13.46 The paradigm shift to enhanced risk-based supervision will be complimented by an array of pre-
emptive and market stabilisation strategies. The pre-emptive strategies will focus on financial
stability, stress testing, early warning systems, and prompt corrective action programs.
13.48 The Reserve Bank will publish Financial Stability Reports (FSRs) bi-annually. The objective is
to assess the condition of the Zimbabwean financial system, taking into account significant
developments in the financial sector and the greater economy, as well as international developments
with a bearing on financial stability as follows: international and domestic macroeconomic
environment; financial sector structure and condition; developments in the non-bank financial
sector and real sector; local and international regulatory developments.
13.50 The Reserve Bank uses stress testing models that encompass several risk factors such as interest
rate, exchange rate, credit, liquidity, and operational risk shocks. The major objective is
to assess impact of shocks on a bank's (i) earnings [income effect] and (ii) capital [economic
value of equity].
13.51 Conceptually, stress testing maybe conducted by the supervisors or the individual banking
institutions using uni-variate and/or multi-variate models.
74
13.53 With effect from 31 December 2006, the Reserve Bank's stress testing methodologies are
carried out assuming three different hypothetical scenarios as follows:
a. Minor Level Shocks: These represent small shocks to the risk factors. The level for
different risk factors can, however, vary;
b. Moderate Level Shocks: It envisages medium level of shocks and the level is defined in
each risk factor separately; and
c. Major Level Shocks: It involves big shocks to all the risk factors and is also defined
separately for each risk factor.
13.54 The major objective is to assess impact of shocks on a bank's earnings (income effect) and
capital (economic value of equity).
13.55 The Reserve Bank uses various forms of stress testing models including:
a. Sensitivity Analysis;
b. Scenario Analysis; and
c. Interbank Contagion Models
13.56 Simple sensitivity analysis measures the change in the value of a portfolio from shocks of various
degrees to different independent risk factors while the underlying relationships among the risk
factors are not considered. For example, the shock might be the adverse movement of interest
rate by 10 percentage points and 20 percentage points. Its impact will be measured only on the
dependent variable e.g. capital or earnings.
13.57 Scenario analysis encompasses the situation where a change in one risk factor affects a number
of other risk factors or there is a simultaneous move in a group of risk factors. Scenarios can be
designed to encompass both movements in a group of risk factors and the changes in the underlying
relationships between these variables (for example correlations and volatilities). Stress testing
can be based on historical scenarios, a backward looking approach, hypothetical scenario, or a
forward-looking approach.
13.58 Extreme value/maximum shock scenario measures the change in the risk factor in the worst-case
scenario, i.e. the level of shock which entirely wipes out the capital.
13.60 On the international arena, the Basel Committee has recommended a standard 2% interest
shock (scenario 2), or a rate equivalent to 99 percentile (or 1 percentile) using five year data.
Financial Stability Assessment Programs (FSAP) use shocks between 0.5% and 3%. Low
inflation countries usually adopt standard shocks of 1%, 2% and 5% for the three scenarios.
13.62 Internationally the Derivatives Policy Group assumes at least a 6% depreciation for major world
currencies and 20% for other currencies. FSAP missions often assume between depreciations
between 5% and 15%. The Basel Committee uses exchange rate swings of 8% to calculate
capital charges.
75
Stress Testing Credit shock …
13.63 The stress tests for credit risk assess the impact of an increase in the level of non-performing
loans of the banking institution. This involves three types of shocks:
a. The first one deals with the increase in the level of non-performing loans (NPLs) and the
respective provisioning.
b. The second one deals with the negative shift in the NPLs categories and the increase in
respective provisioning required.
c. The third deals with the fall in the forced sale value (FSV) of mortgaged collateral.
13.66 Under market-wide crisis, it is important to account for correlations between liquidity shocks
and other shocks that may indirectly affect liquidity, such as interest rate and exchange rate
shocks. Various shocks may be applied to the bank's liquid assets depending on market conditions.
5
One way of defining the Cost of Operational Risk (COOR) is :
COOR = Operational Losses + Costs Associated with administering the Operation Risk Function +
Insurance Costs-Recoveries From Insurance and Income from Other Activities.
76
Stress Testing
XYZ Bank Ltd
For the half year ended …………..2005
77
Other Stress Testing Models Under Consideration …
13.70 The Reserve Bank is in the process of developing additional econometric models to assess
financial stability, including:
a. Probit (simple and stepwise versions);
b. Logit (simple and stepwise versions);
c. Contagion models; and
d. Merton models
13.71 Logit and Probit models are econometric models that are used to model the probability of an
institution failing. The inputs into the models are major financial soundness indicators of a given
institution and the model outputs are the corresponding failure probabilities of the given institution.
13.72 The main differences in the models are the distributional assumptions of the sources of randomness
in the models:
a. The Probit model assumes that the residuals are normally distributed and develops a
probability function based on the standard normal distribution; and
b. The Logit model assumes a logistic distribution which differs from that of the normal
distribution in the tails of the distribution. Logit models are currently standard among off-
site analysis models, both in their practical application by regulators and in the academic
literature.
13.73 The Merton model is also used to measure the probability of an institution failing within a given
time frame. The distributional assumptions and the stochastic dynamics underlying this model are
different from both the Logit and the Probit models and the model brings in a different dimension
in the off-site analysis toolkit.
13.74 There are essentially three steps in determining the probability of failure using the Merton model:
a. Estimate asset values, and the asset volatility of the institution. The distress barrier
is found by adding the short term liabilities and half the long term liabilities adjusted for
interest due within the period under consideration.
b. Calculate the distance to default, and this is done by using the asset values, volatility
and the current values of the liabilities; and
c. Calculate the probability of failure from the distance to default. This can be calculated
in two ways, (i) using empirical scale of default probabilities or (ii) using a function,
parameters of which are estimated empirically.
13.75 Interbank Contagion Stress testing complements the standard set of stress tests by measuring
the risk that the failure of a bank or a group of banks will trigger the failure of other banks within
the system.
78
13.77 The key element of inter-bank contagion stress test calculations is a matrix of bilateral inter-bank
exposures;
13.78 The cells of the matrix contain the gross bilateral inter-bank exposures between banks, defined
as all uncollateralized lending from one bank to another, covering all on- and off-balance sheet
exposures. Each row in the matrix corresponds to a bank and the cells in the row give its gross
inter-bank exposure to every other bank in the inter-bank market, as depicted by each column.
79
APPENDIX 1 – RISK EVALUATION FACTORS
80
81
82
83
84
85
86
APPENDIX 2 –
87
STRICTLY CONFIDENTIAL
INSTITUTIONAL PROFILE
Contact Details
Date Operations
Commenced in Galaxia: 1980
30 June 2006
88
TABLE OF CONTENTS
A. OVERALL CONDITION ........................................................................................... 90
B. RISK ASSESSMENT SUMMARY ........................................................................... 90
C. CORPORATE PROFILE ........................................................................................... 90
C.1 BACKGROUND................................................................................................ 90
C.2 SHAREHOLDING STRUCTURE ...................................................................... 91
C.3 CAPITAL STRUCTURE .................................................................................... 91
C.4 RELATED ORGANIZATIONS .......................................................................... 92
C.5 VISION/MISSION/STRATEGIES ..................................................................... 92
C.6 KEY FUNCTIONAL LINES.............................................................................. 92
C.7 RISK MANAGEMENT FRAMEWORK ........................................................... 96
C.8 BRANCH NETWORK .................................................................................... 101
C.9 STAFF COMPLIMENT ................................................................................... 101
C.10 EXTERNAL AUDITORS AND LAWYERS ..................................................... 101
C.11 BOARD OF DIRECTORS ............................................................................... 101
C.12 SENIOR MANAGEMENT .............................................................................. 103
C.13 BOARD COMMITTEES.................................................................................. 103
C.14 MANAGEMENT COMMITTEES… ............................................................... 106
C.15 OVERVIEW OF MANAGEMENT .................................................................. 108
C.16 TOP TEN BORROWERS AS AT 30 JUNE 2006 ............................................. 108
C.17 TOP TEN DEPOSITORS AS AT 30 JUNE 2006 ............................................. 109
C.18 INDUSTRY RANKINGS AS AT 30 JUNE 2006 ............................................. 109
89
A. OVERALL CONDITION
A.1 The overall composite risk of Omega Banking Corporation (hereafter referred to as the bank/the
institution/OBC) is high, and the direction of risk is increasing. The bank’s risk management
systems are weak and its policies and procedures are inadequate.
A.2 Board and senior management oversight is considered inadequate as management has failed to
address liquidity and profitability challenges faced by the bank since 2003 when it almost collapsed
as a result of a huge exposure to the now defunct Nexus Investment Company.
A.3 The bank’s market share in terms of deposits decreased from 5.20% in June 2005 to 1.62% as
at 30 June 2006 as a result of the liquidity and profitability challenges faced by the bank since
2003 which made deposit mobilisation difficult for the institution.
C. CORPORATE PROFILE
C.1 BACKGROUND
i. OBC is 100% owned by OBC Holdings Limited which is based in Galaxia and listed on
the Galaxia Stock Exchange.
ii. OBC Bank had total assets of about Peso10.93 trillion as at 30 June 2006.
iii. OBC Bank has fifteen branches and eight ATMs countrywide.
90
OBC HOLDINGS GROUP STRUCTURE
i. OBC Limited is owned 100% by OBC Holdings Limited, a company listed on the Galaxia Stock
Exchange. The table below shows OBC Holdings shareholding structure as at 30 June 2006.
91
C.4 RELATED ORGANIZATIONS
C.5 VISION/MISSION/STRATEGIES
i) Vision
• To become the leading financial service provider in Galaxia.
ii) Mission
• Maximise stakeholder value through innovative strategies centered on effective and efficient
employment of resources and excellent service delivery.
iii) Values
• Honesty, integrity and uprightness
• Maximising stakeholder value
• Transparency in whatever we do in the name of the bank
• Commitment to teamwork and cooperation
• Respect for one another without discrimination
• Clients and customer focused
• Accountability
• Professionalism
ii) These functional lines are supported by the following support services:
• Risk Management;
• Finance;
• Marketing;
• Human Resources;
• Information Technology;
• Legal and Corporate Governance; and
• Internal Audit.
92
Retail Banking…
iii) The bank offers retail banking services through its network of 15 branches in Galaxia. The
branch managers report to the Head of Retail Banking.
iv) The bank offers the following products through retail banking:
• ATMs;
• Current and Savings Accounts;
• Time Deposits;
• Trade Finance Products;
• Loans and Overdrafts;
• Electronic Banking Products;
• Foreign Currency Accounts;
• Visa; and
• Safe Custody.
v) The corporate banking division consists of account relationship managers who are in charge of
servicing large corporate and institutional clients. The main products offered by the division are:
• Loans and Overdrafts;
• Bankers Acceptances (Borrowing);
• Foreign Currency Accounts;
• Import and Export Financing;
• Letters of Credit and Letters of Guarantee;
• Call and Current Accounts;
• Project Finance;
• New Share Issues and Rights Issues; and
• Agricultural Loans and Overdrafts.
Treasury Operations…
vii) The bank has a centralised Risk Management Department which is responsible for the management
of all risks. The department reports to ALCO on the management of market and liquidity risk.
The Risk Management department functionally reports to the Board Risk Management Committee
and administratively to the Managing Director.
93
Centralised Operations…
viii) The division has four units namely: Item processing (for branches in Luxia, Annexa and Fauna),
reconciliations, centralized ledgers and treasury operations. Treasury operations is a treasury
back office function. All units report to Heads of Departments who then report to the Operations
Director.
xi) Centralised Reconciliations carries out reconciliations for all bank suspense accounts i.e. both
Nostro and local currency accounts. However, reconciliations are done manually in Excel, by
officers, checked by the Head of Department and reviewed by the Operations Director. Any
outstanding issues on suspense accounts are referred to the Executive Risk Committee comprising
of Heads of Departments.
xii) The Finance & Administration division is under the Head of Finance & Administration who
reports to the Chief Finance Officer. The division has a staff compliment of fifteen (15). There are
three distinctive units under Finance and Administration and these are:
xiii) The Finance Unit - this is involved in financial control and management accounting.
xiv) The Salaries and Payroll Unit - which is involved in the processing of salaries and other benefits
for all the employees in the bank.
xv) The Administration Unit - responsible for the daily in house management of the institution.
xvi) The legal function of the bank is carried out by the Head of Legal and Compliance, with the
assistance of external lawyers.
xvii) Compliance issues are a departmental operational issue and the Compliance Officer’s primary
role is to monitor effectiveness.
94
xviii) The department has put in place monitoring tools in the form of two registers. One is a register of
every compliance issue whilst the other is a tick-off register specifying what each department is
supposed to do. Each department has an individual responsible for monitoring compliance.
Depending on the level of risk involved, this can be the sole duty or just one of the duties of the
individual concerned.
xix) On a quarterly basis the board receives two separate reports on compliance issues for the bank
and the holding company.
xx) The compliance function is audited by the bank’s Internal Audit as required by the Corporate
Governance Guideline.
xxi) All new product proposals are scrutinised by the Business Development Committee and are also
signed off by the Legal and Compliance department.
xxii) Training in compliance issues is part of initial and routine on the job training for all bank employees.
External sources of training are sought for specialised needs such as those to do with money
laundering and exchange control, which are often provided by the Central Bank.
xxiii) The head of Internal Audit reports functionally to the Audit Committee Chairman, and
administratively to the Managing Director. In the absence of the Managing Director, Audit reports
to the Chief Financial Officer.
xxiv) The division currently has seven staff members. The role of Internal Audit is to assist management
in the execution of their responsibilities through the following activities:
• reviewing reliability and integrity of financial and operating information and the means
used to identify, measure, classify and report such information;
• monitoring the process of risk management and corporate governance;
• assessing the existence of and compliance with systems of internal control;
• assisting in improving the effectiveness and efficiency of corporate activities; and
• reviewing the means of safeguarding corporate assets.
xxv) The department’s functions are guided by the Audit Charter which sets the role, authority and
responsibilities of the internal audit department. Further, the charter outlines the approach, scope,
reporting lines, independence and objectivity, rights of the department and obligations of business
heads to ensure that audit discharges its duties well. The department also has an audit manual
which details the procedures to be followed in conducting audits.
95
C.7 RISK MANAGEMENT FRAMEWORK
Credit Risk Management…
i) The bank has put in place a comprehensive credit policy which has been approved by the Board
Loans Review Committee. The credit policy sets out the policies for the conduct of credit facilities
in the following units:
• Corporate Banking;
• Treasury; and
• Retail Banking.
ii) In addition to the credit policy, a Corporate Banking procedure manual is also in place which
details the credit analysis and facilities application, credit administration, product activities, security,
undertakings, opening of new accounts, returns and bank reports produced.
iii) To manage credit risk, the institution has the following controls in place:
• independent Credit Compliance Unit chaired by the Head of Risk which checks for
anomalies on a daily basis;
• produces excess reports;
• produces facility letters and ensures that covenants are being respected; and
• receives periodic returns from each portfolio manager.
iv) Documentation relating to the credit approval granting process is handled by the risk management
department. Lending units receive communication via email on their respective portfolios. The
approved application is signed by the approving committee and a copy of the approval is kept by
the business unit. Risk management department also verifies terms as per facility letters against
actual conditions on disbursements.
v) To ensure effective credit risk management the bank has put in place four credit committees with
different approval limits. The Risk Management Committee has an approval limit of up to Peso300
billion. This committee comprises of the Head of Risk and head of the functional area generating
the credit file. Head of Risk has the final say in this committee. Risk management is also responsible
for provisioning, grading and sectorial analysis as well as securities administration. The onus to
check compliance with facility conditions lies with the risk management function. Credit classification
is done manually by scoring.
vi) The Executive Credit Committee has a limit of up to Peso900 billion. The committee comprises
of the Risk Management Committee as well as the Managing Director and Financial Director.
The Board Credit Committee lends out amounts in excess of Peso900 billion. This committee is
comprised of the Executive Credit Committee and two specific non executive directors.
vii) Further, the bank has set up an independent Loans Review Committee which sits quarterly and is
provided with a board pack containing sectorial spread, grading, progress on recoveries and
provisions. The committee approves grading and makes recommendations on the portfolios. In
terms of composition, the committee has three non- executive directors and the director of
corporate banking as members.
96
viii) The bank has set a Recoveries Unit, which reports to the Head of Risk. The decision to migrate
a loan to Recoveries can be made by the business unit or risk department, through the use of
early warning indicators.
ix) The bank’s Corporate Banking division is mainly responsible for credit origination. The division,
through relationship managers or analysts, does an initial evaluation process where they visit the
client and produce a call report, summarising the issues discussed.
x) The call report is then submitted to the respective portfolio manager who then forwards to the
Head of Corporate Banking. If the head is satisfied that the client has potential repeat business,
the analyst will prepare a detailed credit appraisal to be forwarded to the Risk Management
Division, after approval by the Head of Corporate Banking. The credit appraisal will be discussed
by the Risk Management Committee, Executive Credit Committee or the Board Credit Committee
depending on the loan amount.
xi) During the credit appraisal process the analyst is required to collect all relevant information from
the client, which includes but is not limited to:
• audited financial statements for the past three years;
• latest management accounts;
• projected income statements and balance sheet;
• age analysis of debtors and creditors;
• progress report on the performance of the company and the customer’s prospects for the
coming year;
• changes in management and shareholding structure if any; and
• details of other borrowings, type of facility, utilisation and security offered.
xii) The approval process takes a maximum of two weeks, which is also part of the bank’s competitive
advantage.
Operational Risk…
i) The bank has put in place an Operational Risk Policy Manual, which comprehensively covers all
key controls in business processes. The manual identifies the role of business units and departments
and the role of the internal audit department in reviewing implementation and adherence to the
manual.
ii) Further, the Risk Management Division has also identified key risk indicators, which indicate the
level of risk in a particular area of a business or function. The key risk indicators are generally
split into elements i.e. generic (which will usually be common across a whole business or function)
and business or departmental specific (which are usually customised by the unit in consultation
with Risk and Audit). An Operational Risk Report is also produced for the individual business
units on a monthly basis and discussed in the Risk Management Committee meetings.
iii) The bank manages operational risk with emphasis being placed on transaction risk. In this regard
the bank has identified areas where operational risk is considered high. Further, at branch level,
there are also Operations Managers to manage operational risk. Treasury Back Office reports to
97
the Risk Management division to ensure independence. It processes front office deals, manages
counterparty limits and dealer limits. It is also responsible for RTGS management as well as
balancing suspense accounts.
iv) The bank does reconciliations resulting in monthly reports on anomalies in suspense accounts. All
entries to suspense accounts have a given life span, which if exceeded, will be highlighted. The
monthly exception report is discussed by Risk and heads of the respective business units.
v) The Processing Centre runs the cheque clearing system for the bank and is managed by the
Cheque Processing System which is a standalone system from Mysis and is also responsible for
debiting of client accounts. The bank also has a centralised Ledger Unit, which verifies signatures
electronically. The unit is responsible for tick-back of printouts and call-back on large cheques.
It is also responsible for unpaying cheques.
Liquidity Risk…
i) The bank has put in place a comprehensive treasury risk management policy, ALCO, investment,
market risk policy, and foreign risk policy.
ii) The liquidity policy is designed to ensure that the bank maintains a consistent flow of funds and
that all its obligations are met at reasonable cost. The policy covers sources of the bank’s liquidity,
liquid assets, borrowing capacity, liquidity maintenance plan, liquidity monitoring plan and
quantitative targets. However, the contingency plan does not have action plans in the event of a
crisis.
iii) The risk department reports to ALCO on the management of market and liquidity risk.
v) The ALCO recommends to the board; policies, guidelines and procedures under which the bank
manages balance sheet growth, deposits, advances and investments, foreign exchange activities
and positions.
vi) The bank uses the following measurement tools to measure and monitor liquidity risk:
• maturity gap analysis;
• daily cash flow summary;
• daily cash-flow forecasting; and
• stress testing.
vii) In addition, to the abovementioned measurement tools the following quantitative targets are
adhered to:
• liquid assets to total assets ratio = 80% minimum
98
• advances to deposit ratio = 20% maximum
• wholesale borrowings to liquid assets = 35% maximum
• overnight borrowings to total assets = 10% maximum
i) The Head of Risk is responsible for the management of interest rate risk and works closely with
the Head of Treasury to ensure that risk issues for the bank are addressed. The bank uses the
Mysis System for treasury operations. The MIS produces maturity gap analysis, interest rate
spreads, marked-to market portfolio, interest margin analysis, scenario analysis and stress testing
for ALCO and the Risk Management department.
i) The bank has put in place an adequate foreign currency risk management framework. The
framework ensures that funding requirements are adequately met at all times. The Treasury function
is divided into two units, namely local money market and foreign exchange desk.
ii) Foreign currency liquidity risk is managed in the same way as the local money market liquidity
risk. Reports such as the liquidity gap analysis and asset and liabilities schedules are produced.
iii) Imports and exports documentation are done according to the Exchange Control guidelines
issued from time to time.
i) The Legal and Compliance Unit manages all the compliance related issues and handles matters
pending litigation and always liaise with external lawyers if need be.
ii) Each business unit has an individual responsible for monitoring compliance issues on a daily
basis. All personnel involved in compliance risk management must have acquainted themselves
with the Compliance Manual and other directives from the regulators as and when they come.
99
iii) Compliance risk is measured within the business units through the assigned persons, who are well
versed with the business unit’s operations and should be of appropriate seniority. They are
responsible for checking, recording, reviewing transactions, reporting findings, as well as escalating
any exceptions. Any tests carried out should be done timeously and test documents should contain
sufficient detail.
iv) Compliance issues are part of initial and routine on-the-job training for all bank employees.
External sources of training are engaged for specialised needs such as those to do with Money
Laundering and Exchange Control.
v) The Legal and Compliance Unit is responsible for signing off any new product developments
after the necessary authority is sought from the regulators. The main thrust being to ensure a
credible working relationship with the regulators and the other market players.
vi) The unit is the conduit between the organisation and the regulators which ensures that there is a
proper flow of accurate information between the two ends. The same information is cascaded
down to the respective departments. This ensures that compliance and regulatory risk is minimised.
i) The bank has two committees that manage information technology i.e. IT Steering Committee,
which oversees the definition, acquisition, implementation and maintenance of systems and
infrastructure and the Product Development Committee that takes part in the development of
banking products.
ii) The bank has put in place an Information Security Policy which ensures acceptable use of computer
resources and integrity of the bank’s information assets. In addition, there is a comprehensive
Disaster Recovery Plan. However, there is no formal IT risk management framework in place
and risk assessments are done on an ad-hoc basis.
iii) However, there has been an interface problem between the two systems Mysis (the core banking
system) and CompuBank (the reporting system) thereby affecting the accuracy of balance sheet
figures.
100
C.8 BRANCH NETWORK
Number of branches…
i) OBC Bank Limited has a network of fifteen (15) branches in the main business centers of Galaxia.
ii) In terms of staffing levels, the bank is the sixth largest employer, whereas it is the fifth largest in
terms of asset base.
101
ii) The board is well diversified in terms of experience, qualifications and age as follows:
102
C.12 SENIOR MANAGEMENT
i) Managerial skills and competences are adequate to efficiently run banking operations and the
mix is as follows:
i) The bank has five board committees, that is, the Board Audit Committee, Board Credit
Committee, Loans Review Committee, Remuneration Committee, and the Board Risk
Management Committee.
i) All members of the committee are independent non-executive directors and are as follows:
B. Tiger (Chairman) - Independent Non Executive Director
A. Fox - Independent Non Executive Director
L. Kudu - Independent Non Executive Director
103
ii) The quorum is two members.
Terms of Reference
The committee meets regularly with the company’s internal and external auditors and executive
management:
i) to review the adequacy of and compliance with the company’s accounting, auditing, internal and
external statutory reporting procedures;
ii) to review the internal control system of the bank;
iii) to make recommendations to the Board on the appointment of the external auditors, the audit
fees and any question of resignation or dismissal of the external auditor which may arise;
iv) to ascertain the independence of the external auditor and report to the Board thereon;
v) to discuss with the external auditor the nature and scope of the audit, co-ordination where more
than one auditor is engaged, any problems or reservations arising from the audit and any matters
which the external auditor wishes to discuss;
vi) to conduct a post-audit review which shall include a review of any correspondence from the
external auditor and to report to the Board thereon;
vii) to review the half-year and annual financial statements of the bank before submission to the
Board focusing particularly on:
• any changes in accounting policies and practices;
• major judgmental areas;
• significant adjustments arising from the audit; and
• the going concern assumption.
viii) to review any findings of internal investigations that it considers significant and to report thereon
to the board;
ix) to review the policies and procedures in effect for the appointment of Directors, Managers and
Consultants;
x) when the internal audit function exist, to report on whether that function is resourced adequately
and has appropriate standing within the Bank and to review its audit programme and reports; and
xi) to monitor compliance with the laws and regulations applicable to banking institutions and report
to the Board of Directors thereon.
104
Board Credit Committee…
Terms of Reference
i) The board credit committee, chaired by a non-executive director, meets regularly to review the
bank’s loan book for compliance with the board’s lending policies and for the adequacy of
provisions for doubtful debts. The members are independent of the lending process as per
regulatory requirements.
ii) Ensures that the loan portfolio and lending functions conform to the bank’s lending policy which
was adopted and approved by the Board.
iii) Ensures that the Executive Management and the Board of Directors are adequately informed
regarding portfolio risk.
iv) Ensures that problem accounts are timeously identified and classified.
vi) Ensures that non-performing accounts are written off in a timely manner.
Remuneration Committee…
i) The Committee is appointed by the Board and comprises of at least two non-executive directors.
The Board shall appoint the Chairman of the Committee.
Terms of Reference
iii) This committee sets the remuneration of the senior management of the bank and approves guidelines
for the bank’s annual pay reviews. The quorum is two members.
iv) The Committee will review recruitment policy to ensure that the most appropriate people are
being recruited at all levels.
105
v) The Committee reviews the way in which people are enabled to develop the range of skills and
experience, which the company will need to achieve its strategic plan. The development process
should be such that the departure of key people at any level of the organisation can be coped
with.
Terms of Reference
i) The committee reviews the Executive Management Committee’s (EXCO) reports detailing, the
adequacy and overall effectiveness of the company’s risk management function and its
implementation by management, and reports on internal control and any recommendations, and
confirm that appropriate action has been taken.
ii) The committee reviews the risk philosophy, strategy and policies recommended by EXCO and
consider reports by EXCO.
iii) The committee ensures compliance with policies, and with the overall risk profile of the company.
Risk in the widest sense includes market risk, credit risk, liquidity risk, operational risk and
compliance risk.
iv) The committee recommends corrective measures where existing and potential exposures are
identified in the above risk spheres.
vi) The committee monitors procedures to deal with and review the disclosure of information to
clients.
i) The bank has put in place the following committees: Management Credit Committee,
Executive Committee, Asset and Liabilities Committee.
106
Terms of Reference
i) Consider and approve deserving credit applications for amounts not exceeding an amount of
Peso900 billion.
ii) Ensure that its approvals in terms of authority herein delegated to it by the Board are documented
and take account of, and comply with, the various levels of credit quality, exposure limits and
credit risk management policies and procedures as may be determined by Board Credit Committee.
iii) Take such steps as are necessary to ensure the effective management of credit risk and individual
credit portfolios in accordance with policies and procedures determined by Board Credit
Committee, including:
• reviewing portfolio trends and provisioning;
• monitoring problem exposures;
• reviewing large exposures;
• ensuring appropriate pricing of credits, regard being had to the risk associated with the
credit granted ; and
• ensuring that all extensions of credit are done at an arms-length basis.
iv) Have overall accountability and authority for ensuring the effective management, in accordance
with applicable credit risk management policies and procedures, of any potential loss to the bank
as a result of counter-party default in lending transactions, whether in the form of loans and
advances, the advancement of securities and contracts to support customer obligations or any
potential loss as a result of trading activities.
v) Monitor compliance with the Central Bank’s regulations and other applicable laws regarding the
prudent management of credit exposures.
vi) Ensure compliance with such directives as the Board may give to ensure compliance with such
credit risk management policies and procedures as may, from time to time, be determined by the
Board Credit Committee.
vii) Generally ensure that, in respect of credit matters, there exists a climate of discipline and control
and that, as a result, the opportunity for bank losses, whether arising from fraud or any other act
or omission, are in strict conformance with the bank’s determined risk appetite.
107
Terms of Reference
i) Formulating strategies and policies of the company.
iii) Prioritizing the allocation of capital and technical and human resources of the Bank.
vi) Interfacing, on an on-going basis, with the regulators and shareholders on key policy decisions.
Terms of Reference
ii) The purpose of the Asset and Liability Committee is to recommend to the board, policies and
guidelines under which the bank will manage the matters regarding balance sheet growth, deposits
and investments, foreign exchange activities, market risk, liquidity risk and in so doing protect the
bank’s earnings, capital base and reputation.
108
C.17 TOP TEN DEPOSITORS AS AT 30 JUNE 2006
i) Deposit concentration risk is moderate as evidenced by a 26.48% ratio of top ten deposits to
total deposits as at 30 June 2006.
Exam Date Capital Asset Quality Management Earnings Liquidity Overall Rating
30/06/05 4 3 3 4 4 4
ii) OBC was inadequately capitalised with Tier 1 and Capital Adequacy ratios of 5.7% and 3.8%,
respectively. The capital was mainly depleted by losses and there is a threat from asset quality as
adversely classified loans constituted 30.51% of the total loan book as at 30 June 2005.
iii) Risk management was considered weak on the basis of inadequate board and senior management
oversight, an ineffective Risk Management Division and inappropriate policies and procedure
manuals.
109
iv) Internal controls were rated weak. It was noted that the bank had internal control weaknesses in
Treasury and branches as follows:
• some junior dealers were dealing without approved dealer limits;
• stop payments were not being done as per laid down procedures;
• branches did not have business continuity plans;
• there was no power back up in some of the branches;
• cash vaults/ strong rooms had no fire detectors;
• inadequate security at branch premises due to absence of surveillance cameras; and
• absence of money laundering guidelines.
v) Liquidity position was weak with a declining deposit base and sound liquidity risk management
practices.
110
D.4 EXTERNAL CREDIT RATING
i) The rating was done in 31 December 2005 by Planet Credit Rating Agency and the bank obtained
the following ratings:
• Short term rating: CCC-
• Long term rating: CC-
i) The overall CAMELS rating of OBC Limited as at 30 June 2006 was “5” i.e. critical, a
downgrade from “4” i.e. weak rating in the previous quarter on account of reasons discussed
below.
ii) Capital adequacy of the bank was rated “5” i.e. critical. The bank is critically undercapitalised
with capital adequacy and tier 1 ratios of 3.20% and 2.08% respectively. The bank’s net capital
of Peso 297.17 billion is below the minimum capital requirement of Peso500 billion. The plan to
recapitalise through retained earnings is not feasible since the institution has been making losses
for the past three years.
iii) Asset quality was rated “4” i.e. weak. The bank’s asset quality has been continuously deteriorating
as evidenced by the rise in the level of adversely classified loans to total loans ratio from 30.51%
as at 30 June 2005 to 41.8% as at 30 June 2006. The high level of non-performing loans is
mainly attributed to five connected non-performing and unsecured exposures of Peso500.78
billion. In the event of default, the bank’s capital of Peso 297.17 billion is likely to be completely
wiped out. The bank’s loan book is highly concentrated in the manufacturing sector which
constitutes 40.23% of the total loan book. Adverse developments in that sector will negatively
affect the quality of these loans.
iv) Management was rated “5” i.e. critical. Board and senior management oversight over critical
challenges being faced by the bank is considered inadequate. Management has failed to address
liquidity and profitability challenges since 2003 when the bank almost collapsed as a result of a
huge exposure to the now defunct Nexus Investment Company.
v) Earnings were rated “5” i.e. critical. The bank’s earnings position reflects inadequate capacity
to fund present and future operations. The bank reported a net loss of Peso160.38 billion for the
six months to June 2006. The bank’s income is skewed towards interest income on money
market investments, a position which is not sustainable and is subject to market volatility.
vi) Liquidity and Funds Management was rated “4” i.e. weak. There are huge negative funding
gaps in the 0-30 day time band amounting to Peso1.64 trillion as at 30 June 2006, which are
impacting negatively on the short term liquidity position. The bank continues to rely on costly
inter-bank and lender of last resort facilities.
111
vii) Sensitivity to market risk was rated ‘4’ i.e. weak. The bank’s assets are mainly funded by
short term interest rate sensitive liabilities thus exposing the bank to interest rate risk given the
prevailing trend of rising interest rates. An increase in interest rates will have a negative impact on
the interest income and economic value of equity.
i) The bank should rationalise the shareholding of Venus Shipping Company and Mercury Industrial
Company which are above the limit of 10% for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
ii) The bank should immediately raise additional capital to ensure that its capital adequacy ratio
complies with the minimum capital adequacy ratio of 10%.
iii) The five connected loans, which currently constitute 168.52% of capital base should be regularized
to a limit of 75% as per the provisions of the Banking Regulations, Statutory Instrument 10/1999.
iv) Management should devise strategies to steer the bank out of the current loss making position.
112
G. ENVIRONMENTAL CONSIDERATIONS
i) The institution’s operations may be adversely affected by the increasing inflation and interest
rates. A combination of rising inflation and interest rate levels is likely to reduce loans and
advances as corporate institutions may reduce their borrowing requirements. Default risk is
likely to increase as borrowers who are under siege from unfavourable economic environment
find it challenging to meet their loan repayment obligations. Consequently, the levels of provisions
for doubtful debts may be revised upwards which will eat in the institution’s bottom line.
Assumptions…
i) The model assumes that each variable will change while holding the other parameters
constant i.e. when interest rates change, exchange rates are held constant.
ii) Wholesale deposits will reprice faster than assets.
iii) Loans and other assets will be repaid in terms of their contractual agreements.
iv) Balance sheet structure will remain unchanged.
v) The table below shows the impact of interest rate changes on the bank’s capital and net
income at various levels of shocks as per the Central Bank model using the above
assumptions.
vi) Given that assets were mainly funded by short-term wholesale deposits and inter-bank borrowings,
a worst case scenario of 100% increase in interest rates would reduce the bank’s net income and
capital by Peso631.04 billion and Peso635.81billion respectively.
113
H.3 FUTURE PROSPECTS
i) The performance of the bank is set to deteriorate further given that stress tests results indicate
that the bank will be critically undercapitalised in the event of an increase in interest rate risk
which is the major risk in the bank.
I. ATTACHMENTS
Appendix (a) Key Ratios
114
APPENDIX (A) - KEY RATIOS
115
APPENDIX (B)COMPARATIVE BALANCE SHEETS
116
APPENDIX (C) COMPARATIVE INCOME STATEMENTS
117
APPENDIX (D) FUNCTIONAL STRUCTURE
118
APPENDIX 3 – RISK MATRIX
119
120
APPENDIX 4 – RISK ASSESSMENT NARRATIVE
121
OMEGA BANKING CORPORATION
RISK ASSESSMENT NARRATIVE
ii) The level of overall inherent risk is rated high and the quality of overall risk management systems
is considered weak.
iii) The overall composite strategic, credit, liquidity, interest rate and operational risks are considered
high.
iv) Legal and compliance and reputation risks are rated moderate, with low risk being noted for
foreign exchange risk.
i) The overall composite credit risk is high and the direction is increasing.
v) The bank had a high level of adversely classified loans amounting to Peso734.78 billion, and
constituting 41.8% of its total loan book as at 30 June 2006.
vi) The non-performing and unsecured five connected loans of Peso500.78 billion constitute 168.52%
of capital as at 30 June 2006 which is above the prudential lending limit of 75% and has the
potential of wiping out the bank’s capital. In addition there is no firm repayment plan for these
loans.
viii) A number of related party loans were written off without the approval of the Board Credit
Committee. Loans to Venus Shipping Company amounting to Peso100 billion were written off in
December 2005 without board approval.
x) Decision making on the approval of some related party loans is centralised on one individual, the
Head of corporate banking. This is against the bank’s credit policy which stipulates that any
loans to related parties should be sanctioned by the Board Credit Committee. For example,
facilities to Mrs. Benz and Mercury Investment Company amounting to Peso250 billion were
sanctioned by the Head of Retail Banking.
xi) There is no evidence that security was obtained and perfected as required by the respective
facility letters in the case of Lolita Industries, Pluto Coal Merchants, Casio (Private) Limited,
Sharp Farming (Private) Limited and Kudu Trucking Services.
122
Liquidity Risk Rating : High Date of Update: 30.06. 2006
Direction : Increasing
ii) The bank has been relying on expensive borrowings from the lender of last resort and inter-bank
market to cover its positions. For the month of June 2006, the bank borrowed a total of Peso3.56
trillion from the Central Bank and Peso1.16 trillion from the inter-bank market.
iii) The bank had cumulative negative funding gaps as at 30 June 2006 of Peso1.64 trillion, Peso565.53
billion and Peso215.16 billion in the 0-30 day, 0-90 day and 0-365 day time bands respectively.
iv) The bank’s funding structure is skewed towards volatile and market sensitive wholesale deposits
which accounted for 66.96% of total deposits as at 30 June 2006. This is in contrast with the
core funding structure of commercial banks which relies largely on cheaper retail deposits.
v) The bank’s liquidity challenges have been worsened by funding non-performing loans of
Peso734.78 billion as at 30 June 2006.
vii) Liquidity Management Committee meetings were not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006.
ix) Deliberations during ALCO meetings are mainly centred on the short-term trading strategies
rather than on long-term strategies for addressing persistent liquidity challenges.
x) There is no management information system to produce liquidity gap reports. The examination
noted some casting errors in weekly liquidity gap reports prepared since 10 March 2006 which
resulted in the size of the overall liquidity gap being underestimated.
xi) The bank does not make use of internal benchmarks to monitor liquidity risk such as liquidity
cumulative limits, loans to deposits limits, and deposit concentration limits.
xii) The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.
i) The bank’s interest rate risk is high and the risk direction is increasing.
ii) The bank had a net liability interest rate sensitive book of Peso1.35 trillion (18.11% of total
assets) over three months and of Peso267.60 billion (3.58% of total assets) over 12 months as
at 30 June 2006. Given the general increase in interest rates there is a high probability that the
bank’s earnings will be eroded if interest rates rise.
123
iii) The quality of interest rate risk management systems is weak.
iv) The quality of deliberations at board and ALCO meetings is weak as there is minimal coverage of
interest rate risk issues. There are no strategies in place to manage the bank’s exposure to
interest rate risk.
v) The market risk management policy does not explicitly cover all sources of interest rate risk viz
yield curve risk, basis risk, re-pricing risk and option risk.
vi) The bank’s market risk policy does not have stop loss limits on earnings and economic value of
equity at risk. The absence of limits on earnings and capital at risk therefore implies that interest
rate risk is not being effectively measured, monitored and controlled.
vii) There is no analysis being carried out to show the impact of changes in interest rates on net
interest income and economic value of equity.
viii) The bank does not conduct stress testing analyses to assess the bank’s vulnerability to interest
rate risk.
ii) The level of inherent foreign exchange risk is low due to the low level of foreign exchange
transactions.
iii) The quality of foreign exchange rate risk management systems is acceptable.
iv) The policies and procedures are considered inadequate as they do not specify the tools and
techniques to be used in managing foreign exchange rate risk.
ii) The bank’s reputation was negatively affected by the exposure to the collapsed Nexus Investment
Company in 2003 which currently makes deposit mobilisation difficult as investors are still
concerned about the security of their funds if placed with the bank.
iii) The bank’s market share in terms of total deposits has not significantly improved since 2003.
This is indicative of the continuing negative perception of the institution.
v) The bank has not devised meaningful strategies to improve its market and public perception.
124
vi) The bank does not have a corporate communication policy which covers procedures for internal
and external communication.
ii) The bank has been operating on a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames.
iii) The bank’s performance remains subdued with a cumulative loss of Peso338.89 billion for the
six months to 30 June 2006 and a capital adequacy ratio of 3.20% as at 30 June 2006, well
below the prudential minimum capital adequacy ratio of 10%.
iv) The exposure to the now defunct Nexus Investment Company affected the perception of the
institution in the market and hence its difficulties in raising enough cheap deposits to address
liquidity challenges.
vi) The board and senior management have failed to come up with appropriate long term strategies
to address the bank’s liquidity and profitability challenges.
vii) Management has failed to reposition the bank after its near collapse in 2003 as evident in the
persistent liquidity and profitability challenges.
ii) The bank is exposed to operational risk as a result of the following internal control weaknesses:
iii) There is no documentary evidence that hardware maintenance is carried out in line with vendor
requirements increasing the possibility of lapses in the maintenance cycle. This increases the risk
of equipment failure.
iv) The bank does not have a disaster recovery site that serves as a back-up of electronic data.
v) There is a high staff turnover in the Centralised Operations, with a total of 26 resignations during
2005. Staff exodus disrupts business continuity.
vi) Some dormant accounts were being held for more than a year in breach of the bank’s policy
which requires such accounts to be closed after a year.
vii) Branch overnight cash holding limits were being constantly exceeded. This was prevalent at five
branches in Luxia and three branches in Annexa. This exposes the bank to financial loss in the
event of theft as the excess cash is uninsured.
125
viii) The core banking system, Mysis, cannot process high value transactions or maintain balances
above Peso100 billion. This renders the monitoring of system limits ineffective.
x) The procedure manuals for centralised operations and compliance risk management are yet to be
adopted and approved by the board.
xi) There are system interface challenges between the reporting system, CompuBank, and the core
banking system Mysis. The balances reported by the two systems are different and have to be
reconciled manually thereby increasing the risk of human errors.
xii) The bank does not have a telephone recording system in the Treasury department. The bank may
find it difficult to settle disputes arising from telephonically confirmed deals.
xiii) There is no asset and liability management system and reports pertaining to liquidity and interest
rate risk management are being produced manually. This exposes the bank to human error.
xiv) Most of the business units are not submitting operational risk management returns, such as Key
Control Standards and Key Risk Indicators to the risk department.
ii) The shareholding structure is irregular as two non-financial institutional shareholders Venus Shipping
Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
iii) The bank is not in compliance with the prudential minimum capital adequacy ratio of 10% as its
ratio was 3.20% as at 30 June 2006.The exposure to five connected loans, which constitutes
168.52% of the bank’s capital, is in excess of the 75% prudential lending limit as prescribed by
the Banking Regulations S.I. 10 of 1999.
iv) The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director Mr. A. Benz is a member of both the Board Credit
Committee and the Loans Review Committee.
v) The bank has been executing foreign exchange transactions without Central Bank approval. For
example, the bank invested Euro 2 million on 26 April 2006 on behalf of Leopard Travel Company,
without exchange control approval.
vi) The quality of legal and compliance risk management systems is weak.
vii) The institution does not have a formal compliance risk management framework. There are no
documents that enable the institution to assess compliance risk.
viii) Weekly compliance reviews were last conducted on 20 December 2005, and no monthly and
quarterly reviews have been done since the beginning of 2006. This heightens the bank’s exposure
to compliance risk.
126
APPENDIX 5 – SUPERVISORY PLAN
127
STRICTLY CONFIDENTIAL
SUPERVISORY PLAN
30 JUNE 2006
128
Banking Institution Omega Banking Corporation Limited
Reporting Date 30 June 2006
A. Supervisory Concerns
1. Treasury Activities
1.1. Inherent risks in treasury activities namely interest rate, reputation, strategic and liquidity risks are
considered moderate while operational risk is considered high.
1.2. The need to review adequacy of risk management systems and internal controls to mitigate the
above risks is of utmost importance.
1.3. The bank is failing to raise liquidity to fund its negative gaps due to negative perception.
1.4. Due to its inability to raise funds from the interbank market, the bank has been funding its gaps
through high cost overnight accommodation from the Central Bank.
1.5. An adverse macro-economic environment which is characterised by volatile and increasing interest
rates has also heightened the bank’s exposure to interest rate risk.
1.6. Internal control weaknesses were noted in the processing of foreign payments.
2. Branch Operations
2.1. Operational risk in the branches is considered high and is expected to increase in the next twelve
months.
2.2. The following weaknesses were noted by the Internal Audit Department:
a) Frontline staff members were authorising their transactions in Mysis without the involvement
of a supervisor or manager.
b) The asset register was not being reconciled with computer records.
c) Not all revenue due to the bank was being recovered from the bank’s products and
services, which attract charges.
d) Cheque-books and cheque guarantee cards were not being retrieved from customers
when closing accounts. Some of these customers continued using these cheque-books
thereby exposing the bank to risk.
3. Centralized Operations
3.1. Operational risk is considered high in Centralized Operations. The bank experienced a number
of attempted frauds in this area.
3.2. The number of suspense accounts in place is considered high for the size of operations and
reconciliations for these accounts are done manually thereby increasing the risk of human errors.
3.3. Other issues of supervisory concern noted by both Internal and External Auditors include failure
to produce audit trail and exception reports after amendments, inadequacy of the Disaster
Recovery site and absence of documented business continuity processes.
129
4. Information Technology (I.T)
4.2. The bank continued to experience problems in producing reliable and accurate computer generated
financial information from its IT systems.
4.3. Access controls to the IT system are weak, as was highlighted by Internal Audit.
4.4. The bank still faces problems in the interface between Mysis and CompuBank with respect to
balance sheet accounts e.g. CompuBank fails to update changes in account status from debit to
credit.
5.2. The shareholding structure is irregular as two non-financial institutional shareholders Venus Shipping
Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
5.3. The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director Mr. A. Benz is a member of both the Board Credit
Committee and the Loans Review Committee.
Comments: OBC bank is subject to continuous off-site surveillance through quarterly CAMELS
assessment and evaluation of stress test results. In addition, interactions with the management and
auditors to gather information and obtain a better understanding of OBC Bank was undertaken:
130
B. Supervisory Strategies and Activities to be Conducted...
On-Site Examination
Comments: To enable the supervisory concerns to be adequately addressed, full and limited
scope on-site examinations should be performed across functional lines with moderate to high composite
risks. All issues of supervisory concern discussed under Section A above will be targeted. The proposed
on-site examination program for OBC Bank Limited is as follows:
131
APPENDIX 6 – EXAMINATION SCOPE MEMORANDUM
132
STRICTLY CONFIDENTIAL
30 JUNE 2006
133
EXAMINATION SCOPE MEMORANDUM
1 RATINGS
On-site as at Off-site as
30 June 2005 30 June 2006
Capital 4 5
Asset Quality 3 4
Management 3 5
Earnings & Provisions 4 5
Liquidity & Funds Management 4 4
Sensitivity to Market Risk - 4
Overall 4 5
1.2 Planet Credit Rating Agency rating: CCC- Short term rating
CC- Long term rating
2.1 The examination will focus on functional areas which were rated moderate to high composite
risks, following pre-examination prudential meetings held with management of the institution.
2.2 Follow ups on issues highlighted by internal and external auditors, such as IT challenges, liquidity
challenges and operational risk in branches.
134
4 OBJECTIVES
4.1 The objectives of this examination is to focus on risk areas rated moderate and high as indicated
in the above risk matrix. The examination will aim to evaluate the risk management and internal
control systems in the following functions:
a) treasury operations with emphasis on liquidity risk, interest rate risk and operational risk
in the foreign exchange transactions;
b) corporate banking with focus on credit risk emanating from five connected non-performing
loans;
c) emphasis will also be placed on strategic risk in the overall operations of the bank;
d) information technology;
e) centralised operations; and
f) branch operations.
135
6 EXAMINATION SCOPE AND FOCUS
The examination will focus on the following key functional activities:
Liquidity Risk…
a) Liquidity risk is considered high and increasing. The examination will focus on liquidity risk
management and internal controls in the Treasury Department, as well as strategies in place to
address the liquidity challenges.
b) The review will focus on:
i. the adequacy of board and senior management oversight on liquidity issues;
ii. policies and strategies for managing liquidity risk in respect to their adequacy in identifying,
measuring, monitoring and control of the risk;
iii. risk management tools and techniques (including benchmarks) to identify, measure , monitor
and control liquidity risk;
iv. the stability and diversification of deposits including the volume, composition, growth trends;
v. stress-testing done by the bank and reasonableness of assumptions underlying the stress
tests; and
vi. contingency liquidity plan and the reasonableness of the assumptions underlying the
contingent liquidity plan.
Operational Risk…
a) The operational risk was considered high.
b) The review will focus on the volume, type and complexity of transactions, products and services
offered by both local money market and foreign exchange desks.
c) Internal controls in back and front offices.
d) Adequacy of policies and procedures in mitigating operational risk.
136
6.2 Branch Operations
a) The examination will focus on risk management and internal control structures and processes to
determine the level of operational risk emanating from branch operations.
137
EXAMINATION RESOURCE NEEDS
138
APPENDIX 7 – EXAMINATION REPORT FORMAT
139
ON-SITE ANALYSIS REPORT FORMAT
[Face cover]
140
APPENDIX 8 – OMEGA BANKING CORPORATION
REPORT OF EXAMINATION
141
BANK SUPERVISION
In making this review, it should be remembered that while an examination includes some audit tests
and procedures, it is not the same as an audit, and this report is not an audit report. Signing this
report does not necessarily mean agreeing with the findings therein but that one has read and is
aware of the findings.
This report is the property of the Central Bank of Galaxia and is furnished to the examined bank for its
confidential use. Under no circumstances shall the bank or any of its directors, or employees disclose
or make public in any manner the report or any portion thereof. If a subpoena or other legal process
is received calling for production of this report, the Senior Division Chief, Bank Supervision of the
Central Bank of Galaxia must be notified immediately, and the person(s) who requested a copy of this
report should be advised to contact the Senior Division Chief.
142
TABLE OF CONTENTS
143
SECTION A: EXECUTIVE SUMMARY
1 INSTITUTIONAL OVERVIEW
1.1 Omega Banking Corporation Limited (“the bank”, “the institution” or “OBC Limited”) was
established in April 1980 as a commercial bank.
1.2 OBC Limited is owned 100% by OBC Holdings Limited, a company listed on the Galaxia Stock
Exchange. The table below shows the shareholding structure as at 30 June 2006.
1.3 The previous full scope on-site examination was conducted in June 2005.
1.4 The bank has a total of fifteen branches, seven in Luxia, five in Annexa and three in Fauna.
1.5 Out of the 17 commercial banks operating in Galaxia, OBC Limited had a market share of
1.62% in terms of total deposits, 6.05% in terms of total assets and 5.24% in terms of loans and
advances as at 30 June 2006. The comparative trends in the bank’s market share are depicted
below:
2.1 The Central Bank of Galaxia (“Central Bank”) conducted an examination of OBC Limited from
3 July 2006 to 11 July 2006, utilising data as at 30 June 2006.
2.2 The objective of the examination was to assess the condition of the bank using the CAMELS
rating model and Risk Assessment System (RAS). In addition, the examination also evaluated
management’s responsiveness to internal and external audit findings. The bank was also due for
a routine on-site examination.
144
2.3 On the basis of preliminary risk assessment (Risk Matrix and Risk Assessment Narrative), it was
noted that the overall composite risk in all risk categories was high except for foreign exchange
and reputation risk.
3 OVERALL RATING
a. The following is a summary of the ratings assigned to the bank.
**Composite “5”
This category is reserved for institutions with an extremely high immediate or near term
probability of failure. The volume and severity of weaknesses or unsafe and unsound
conditions are so critical as to require urgent aid from stockholders or other public or
private sources of financial assistance. In the absence of urgent and decisive corrective
measures, these situations will likely result in failure and involve the disbursement of
insurance funds to insured depositors, or some form of emergency assistance, merger or
acquisition.
4 RISK RATING
4.1 The overall composite risk in OBC Limited is considered high and the direction increasing. The
level of overall inherent risk is rated high and the quality of overall risk management systems is
considered weak.
145
4.2 The bank’s risk profile is summarised in the matrix below:
KEY
Level of Inherent Risk
Low – reflects a lower than average probability of an adverse impact on a banking institution’s capital and earnings.
Losses in a functional area with low inherent risk would have little negative impact on the banking institution’s overall
financial condition.
Moderate – could reasonably be expected to result in a loss which could be absorbed by a banking institution in the
normal course of business.
High – reflects a higher than average probability of potential loss. High inherent risk could reasonably be expected to
result in a significant and harmful loss to the banking institution.
146
4.3 The overall composite strategic risk is considered high due to a high level of inherent risk and
weak risk management systems. The institution has been operating with a draft strategic plan
since inception. Management has failed to address liquidity, capitalisation and profitability
challenges.
4.4 The overall composite credit risk is considered high on account of a high level of inherent risk
and weak risk management systems. The bank’s weak loan monitoring procedures contributed
towards unacceptably high levels of non-performing loans which have the potential of wiping out
the bank’s capital.
4.5 The overall composite liquidity risk is rated high as a result of a high level of inherent risk and
weak risk management systems. The institution relies on volatile wholesale deposits and expensive
borrowings from the lender of last resort and inter-bank market to cover its huge negative funding
gaps.
4.6 The overall composite interest rate risk is rated high due to a high level of inherent risk and
weak risk management systems. The bank has a high net liability sensitive book, which exposes
the institution to interest rate risk in light of the current high interest rate environment. The bank is
not analysing the impact of changes in interest rates on net interest income and economic value of
equity.
4.7 The overall composite foreign exchange rate risk is considered low on account of a low level
of inherent risk and acceptable risk management systems. The bank’s foreign exchange
transactions are minimal. The policies and procedures do not specify the tools and techniques to
be used in managing foreign exchange risk.
4.8 The overall composite operational risk is considered high as a result of a high level of inherent
risk and weak risk management systems. Information technology related risks are not being
monitored as required in terms of the bank’s operational risk management policy. There are no
policies and procedures for centralised operations. There are weaknesses in internal controls
and management information systems are inadequate.
4.9 The overall composite legal and compliance risk is rated moderate on account of a moderate
level of inherent risk and weak risk management systems. The shareholding structure is irregular
as two non-financial institutional shareholders own more than the stipulated 10% limit. The
institution is not in compliance with the prudential minimum capital adequacy ratio of 10% and the
prudential lending limit of 75% of capital.
4.10 The overall composite reputation risk is rated moderate as a result of a moderate level of
inherent risk and weak risk management systems. The bank’s market share of deposits has
deteriorated since December 2005. The risk management department does not report on reputation
risk issues faced by the bank.
147
5 CAMELS RATING
5.1 As indicated above, the composite CAMELS rating of OBC Limited as at 30 June 2006 was
“5” i.e. critical, a downgrade from “4” i.e. weak rating in the previous on-site examination of
2005, on account of reasons discussed below:
Capital…
5.2 Capital adequacy of the bank was rated “5” i.e. critical due to the following:
a. The bank’s capital adequacy ratio of 3.20%, tier 1 ratio of 2.08% and leverage ratio
of 1.89% as at 30 June 2006 indicate that the institution is critically undercapitalised;
b. The bank has an exposure to adversely classified loans of Peso 734.78 billion that
constitutes 41.8% of the total loan book. In the event of default, the bank’s capital of
Peso 297.17 billion is likely to be completely wiped out.
c. The plan to recapitalise through retained earnings is not feasible since the institution has
been making losses for the past three years.
Asset Quality…
5.3 Asset quality was rated “4” i.e. weak on account of the following:
a) Continual deterioration of the bank’s asset quality as evidenced by the rise in the level of
adversely classified loans to total loans ratio from 30.51% as at 30 June 2005 to 41.8%
as at 30 June 2006. The high level of non-performing loans is mainly attributed to five
connected non-performing and unsecured exposures of Peso500.78 billion.
b) The five connected loans to Y Limited account for 28.49% of the total loan book, and
168.52% of capital base, which is in violation of prudential lending limit of 75%.
c) The bank’s loan portfolio is highly concentrated in the manufacturing sector which constitutes
40.23% of the total loan book. Adverse developments in that sector will negatively affect
the quality of these loans.
d) Improper classification and under provisioning for non-performing loans which resulted in
a provisioning shortfall of Peso178.51 billion.
Management…
5.4 Management was rated “5” i.e. critical on the basis of:
a) Board and senior management oversight over critical challenges being faced by the bank
is considered inadequate. Management has failed to address liquidity and profitability
challenges since 2003 when the bank almost collapsed as a result of a huge exposure to
the now defunct Nexus Investment Company.
b) The bank has been operating with a draft corporate strategic plan since inception.
c) Management Information Systems were considered inadequate with respect to the
reporting requirements of the bank.
d) Management has not addressed some issues raised in the 2004 internal and external audit
reports.
148
e) The exposure of Peso500.78 billion to five connected loans constitutes 168.52% of the
bank’s capital, in violation of the 75% prudential lending limit.
f) The composition of the Loans Review Committee is in violation of Section 5 (2) of the
Galaxia Banking Regulations. One executive director (Mr. A. Benz), is a member of both
the Loans Review Committee and the Board Credit Committee.
Earnings…
5.5 Earnings were rated “5” i.e. critical on the basis of:
a) Management and board oversight on strategic issues relating to earnings was considered
weak as there are no strategies in place to turn around the bank’s negative earnings position.
b) The bank’s income is skewed towards interest income on money market investments, a
position which is not sustainable and is subject to market volatility.
c) The bank’s earnings position reflects inadequate capacity to fund present and future
operations. The bank reported a net loss of Peso95.26 billion for the five months to May
2006 which deteriorated to Peso160.38 billion for the period to 30 June 2006. Losses
incurred in the six months to 30 June 2006 are further exacerbated by a provisioning
shortfall of Peso178.51 billion, resulting in a net loss of Peso338.89 billion.
Capital…
6.1 The bank should rationalise the shareholding of Venus Shipping Company and Mercury Industrial
Company which are above the limit of 10% for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
149
6.2 The bank should immediately raise additional capital to ensure that its capital adequacy ratio
complies with the minimum capital adequacy ratio of 10%.
Asset Quality…
6.3 The bank should immediately downgrade five connected loans of Peso500.78 billion from
substandard to doubtful category, and the resultant additional provisioning requirements should
be effected.
6.4 The five connected loans to Y Limited, which currently constitute 168.52% of the capital base
should be regularised to a limit of 75% as per the provisions of the Banking Regulations, Statutory
Instrument 10/1999.
Management…
6.5 The bank’s corporate strategic plan should be adopted and approved by the board of directors.
6.6 There is need to enhance the reports sent to the board, which currently lack depth in terms of
addressing the bank’s challenges.
6.7 The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. There is a need to ensure independence of the loans review function from
the credit granting process.
6.8 Management should timeously address issues raised by auditors, some of which were raised in
2004. In addition, inadequacies in the interface between Mysis and CompuBank which have
been outstanding since 2003 require management’s attention.
Earnings…
6.9 Management should devise strategies to steer the bank out of the current loss making position.
6.10 The bank’s earnings position has been weakened by high funding costs. Management should
therefore employ strategies to mobilize cheap retail deposits.
6.13 The Liquidity Management Committee should meet weekly in accordance with its terms of
reference.
6.14 Management should expedite the implementation of a treasury system to facilitate monitoring
liquidity positions and production of liquidity reports both for management and for ALCO in a
timely and accurate manner.
6.16 The market risk policy should incorporate limits on earnings at risk and economic value of capital
at risk.
6.17 The bank’s market risk profile should be consistent with the bank’s overall strategies.
150
SECTION B: CORE ASSESSMENT
151
7 RISK MANAGEMENT REVIEW
Risk Management review is an assessment of the financial institution’s risk profile, i.e.; the types and levels of its
inherent risks, the quality of risk management over such risks and the resulting composite risk rating. Basic elements of
a sound risk management system comprise of; active board and senior management oversight, adequate policies, procedures
and limits, adequate risk monitoring and management information system and adequate internal controls. In assessing the
level of inherent risk, concentration is on understanding and identifying the key risk drivers for each risk category.
Assessment of the quality of risk management is guided by the risk management framework with the key components of
board and management oversight, adequate policies, procedures and limits, internal controls and management information
systems. The assessment of composite risk heavily depends on the quantity of inherent risk and adequacy of risk
management systems. The direction of risk should guide board, management and supervisors to devote more time and
resources to those areas where the direction is increasing.
Strategic Risk...
7.2 The overall composite strategic risk is considered high and the direction is increasing.
7.3 The level of inherent strategic risk is rated high on account of several factors.
7.4 The bank has been operating on a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames.
7.5 The bank’s performance remains subdued with a cumulative loss of Peso338.89 billion for the
six months to 30 June 2006, with a capital adequacy ratio of 3.20% as at 30 June 2006, well
below the prudential minimum capital adequacy ratio of 10%.
7.6 The exposure to the now defunct Nexus Investment Company affected the perception of the
institution in the market and hence its difficulties in raising enough cheap deposits to address
liquidity challenges.
7.8 The board and senior management have failed to come up with appropriate long term strategies
to address the bank’s liquidity and profitability challenges.
7.9 Management has failed to reposition the bank after its near collapse in 2003 as evident in the
persistent liquidity and profitability challenges.
Credit Risk…
7.10 The overall composite credit risk is rated high and the direction is increasing.
7.12 The bank had a high level of adversely classified loans amounting to Peso734.78 billion, and
constituting 41.8% of its total loan book as at 30 June 2006.
152
7.13 The non-performing and unsecured five connected loans to Y Limited of Peso500.78 billion
constitute 168.52% of capital as at 30 June 2006 which is above the prudential lending limit of
75% and has the potential of wiping out the bank’s capital. In addition, there is no firm repayment
plan for these loans.
7.15 A number of related party loans were written off without approval of the Board Credit Committee.
Loans to Venus Shipping Company amounting to Peso100 billion were written off in December
2005 without board approval.
7.17 Decision making on the approval of some related party loans is centralised on one individual, the
executive director for corporate banking. This is against the bank’s credit policy which stipulates
that any loans to related parties should be sanctioned by the Board Credit Committee. For
example, facilities to Mrs. Benz and Mercury Investment Company amounting to Peso250 billion
were sanctioned by the corporate banking director.
7.18 There is no evidence that security was obtained and perfected as required by the respective
facility letters in the case of Lolita Industries, Pluto Coal Merchants, Casio (Private) Limited,
Sharp Farming (Private) Limited and Kudu Trucking Services.
Liquidity Risk…
7.19 The overall composite liquidity risk is high and the direction is increasing.
7.21 The bank has been relying on expensive borrowings from the lender of last resort and inter-bank
market to cover its positions. For the month of June 2006, the bank borrowed a total of Peso3.56
trillion from the Central Bank and Peso1.16 trillion from the inter-bank market.
7.22 The bank had cumulative negative funding gaps as at 30 June 2006 of Peso1.64 trillion, Peso565.53
billion and Peso215.16 billion in the 0-30 day, 0-90 day and 0-365 day time bands respectively.
7.23 The bank’s funding structure is skewed towards volatile and market sensitive wholesale deposits
which accounted for 66.96% of total deposits as at 30 June 2006. This is in contrast with the
core funding structure of commercial banks which relies largely on cheaper retail deposits.
7.24 The bank’s liquidity challenges have been worsened by funding non-performing loans of
Peso734.78 billion as at 30 June 2006.
7.26 Liquidity Management Committee meetings were not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006.
153
7.27 The bank does not have a Contingency Liquidity Plan.
7.28 Deliberations during ALCO meetings are mainly centred on the short-term trading strategies
rather than on long-term strategies for addressing persistent liquidity challenges.
7.29 There is no management information system to produce liquidity gap reports. The examination
noted some casting errors in weekly liquidity gap reports prepared since 10 March 2006 which
resulted in the size of the overall liquidity gap being underestimated.
7.30 The bank does not make use of internal benchmarks to monitor liquidity risk such as liquidity
cumulative limits, loans to deposits limits, and deposit concentration limits.
7.31 The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.
7.32 Overall composite interest rate risk is rated high and the direction is increasing.
7.34 The bank had a net liability interest rate sensitive book of Peso1.35 trillion (18.11% of total
assets) over three months and of Peso267.60 billion (3.58% of total assets) over 12 months as
at 30 June 2006. Given the general increase in interest rates there is a high probability that the
bank’s earnings will be eroded if interest rates rise.
7.36 The quality of deliberations at board and ALCO meetings is weak as there is minimal coverage of
interest rate risk issues. There are no strategies in place to manage the bank’s exposure to
interest rate risk.
7.37 The market risk management policy does not explicitly cover all sources of interest rate risk viz
yield curve risk, basis risk, re-pricing risk and optional risk.
7.38 The bank’s market risk policy does not have stop loss limits on earnings and economic value of
equity at risk. The absence of limits on earnings and capital at risk therefore implies that interest
rate risk is not being effectively measured, monitored and controlled.
7.39 There is no analysis being carried out to show the impact of changes in interest rates on net
interest income and economic value of equity.
7.40 The bank does not conduct stress testing analyses to assess the bank’s vulnerability to interest
rate risk.
7.41 Overall composite foreign exchange risk is rated low and the direction is stable.
154
7.42 The level of inherent foreign exchange risk is low due to the low level of foreign exchange
transactions.
7.44 The policies and procedures are considered inadequate as they do not specify the tools and
techniques to be used in managing foreign exchange risk.
Operational Risk…
7.45 The overall composite operational risk is rated high and the direction is increasing.
7.47 The bank is exposed to operational risk as a result of the following internal control weaknesses:
7.47.1There is no documentary evidence that hardware maintenance is carried out in line with vendor
requirements increasing the possibility of lapses in the maintenance cycle. This increases the risk
of equipment failure.
7.47.2The bank does not have a disaster recovery site that serves as a back-up of electronic data.
7.47.3There is a high staff turnover in the Centralised Operations, with a total of 26 resignations during
2005. Staff exodus disrupts business continuity.
7.47.4Some dormant accounts were being held for more than a year in breach of the bank’s policy
which requires such accounts to be closed after a year.
7.47.5 Branch overnight cash holding limits were being constantly exceeded. This was prevalent at five
branches in Luxia and three branches in Annexa. This exposes the bank to financial loss in the
event of theft as the excess cash is uninsured.
7.47.6The core banking system, Mysis, cannot process high value transactions or maintain balances
above Peso100 billion. This renders the monitoring of system limits ineffective.
7.49 The procedure manuals for centralised operations and compliance risk management are yet to be
adopted and approved by the board.
7.50 There are system interface challenges between the reporting system, CompuBank, and the core
banking system Mysis. The balances reported by the two systems are different and have to be
reconciled manually thereby increasing the risk of human errors.
7.51 The bank does not have a telephone recording system in the Treasury department. The bank may
find it difficult to settle disputes arising from telephonically confirmed deals.
7.52 There is no asset and liability management system and reports pertaining to liquidity and interest
rate risk management are being produced manually. This exposes the bank to human error.
7.53 Most of the business units are not submitting operational risk management returns, such as Key
Control Standards and Key Risk Indicators to the risk department.
155
Legal and Compliance Risk…
7.54 The overall composite risk is moderate and the direction is stable.
7.56 The shareholding structure is irregular as two non-financial institutional shareholders Venus
Shipping Company and Mercury Industrial Company have shareholdings of 17.12% and 15.25%
respectively, which are above the 10% limit for non-financial institutions as stipulated under
Section 1 (7) of the Galaxia Banking Regulations.
7.57 The bank is not in compliance with the prudential minimum capital adequacy ratio of 10% as its
capital adequacy ratio was 3.20% as at 30 June 2006.The exposure to five connected loans to
Y Limited, which constitutes 168.52% of the bank’s capital, is in excess of the 75% prudential
lending limit as prescribed by the Banking Regulations S.I. 10 of 1999.
7.58 The composition of the Loans Review Committee is in violation of Section 5 (2) of the Galaxia
Banking Regulations. An executive director, Mr. A. Benz, is a member of both the Board Credit
Committee and the Loans Review Committee.
7.59 The bank has been executing foreign exchange transactions without Central Bank approval. For
example, the bank invested Euro 2 million on 26 April 2006 on behalf of Leopard Travel Company,
without exchange control approval.
7.60 The quality of legal and compliance risk management systems is weak.
7.61 The institution does not have a formal compliance risk management framework. There are no
documents that enable the institution to assess compliance risk.
7.62 Weekly compliance reviews were last conducted on 20 December 2005, and no monthly and
quarterly reviews have been done since the beginning of 2006. This heightens the bank’s exposure
to compliance risk.
Reputation Risk…
7.63 The overall composite risk is moderate and the direction is stable.
7.65 The bank’s reputation was negatively affected by the exposure to the collapsed Nexus Investment
Company in 2003 which currently makes deposit mobilisation difficult as investors are still
concerned about the security of their funds if placed with the bank.
7.66 The bank’s market share in terms of total deposits has not significantly improved since 2005.
This is indicative of the continuing negative perception of the institution.
7.68 The bank has not devised meaningful strategies to improve its market and public perception.
7.69 The bank does not have a corporate communication policy which covers procedures for internal
and external communication.
156
8 MANAGEMENT
Management is evaluated against all factors necessary to operate the bank in a safe, sound manner and in accordance with
acceptable practices. Consideration is given to technical competence, leadership, and administrative ability; compliance
with regulations and guidelines; ability to plan and respond to changing circumstances; effectiveness of management
information systems; adequacy of and compliance with internal policies; responsiveness to recommendations from
auditors and supervisory authorities; tendencies towards self dealing; demonstrated willingness to serve the legitimate
banking needs of the community; and management depth and succession. In addition, consideration is given to the extent
that management is affected by or susceptible to dominant influences or concentrations of authority.
8.2 Board and senior management oversight over critical challenges being faced by the bank is
considered inadequate. Management has failed to address liquidity and profitability challenges
since 2003 when the bank almost collapsed as a result of a huge exposure to the now defunct
Nexus Investment Company.
8.3 The bank has been operating with a draft corporate strategic plan since inception. The plan does
not have clearly defined objectives, how these will be attained and their specific time frames. This
is a clear indication that the board of directors is not involved in charting the strategic direction of
the bank, which thus limits its oversight on the operations of the bank.
8.4 Reports sent to the board lack depth in terms of assisting directors make decisions to address the
bank's capital, earnings and liquidity challenges. Deliberations at board meetings do not reflect
the gravity of the challenges.
8.5 The institution has failed to comply with the 75% prudential lending limits as prescribed by the
Banking Regulations Statutory Instrument 10 of 1999 as the exposure to five connected loans to
Y Limited, which constitute 168.52% of the bank's capital, is in excess of that limit.
8.6 Mr. A. Benz, an executive director, is a member of both the Board Credit Committee and the
Loans Review Committee in violation of Section 5 (2) of the Galaxia Banking Regulations.
8.7 The shareholdings of Venus Shipping Company and Mercury Industrial Company are above the
limit of 10% for non-financial institutions as stipulated under Section 1 (7) of the Galaxia Banking
Regulations.
8.8 Management Information Systems were considered inadequate with respect to the reporting
requirements of the bank. The examination noted that the balances produced by Mysis and
CompuBank are different due to inadequacies in the interface between the two systems. This
challenge has been outstanding since 2003 and may result in inappropriate decisions being made
due to management's reliance on inaccurate information.
8.9 The bank has been executing foreign currency transactions without exchange control approval.
8.10 The bank is exposed to a number of internal control weaknesses. The credit policy and the back
office procedure manuals have not been reviewed since January 2000, despite fundamental
changes in the macroeconomic environment. It was also noted that the bank was not making use
of limits and benchmarks as stated in the treasury policies. Absence of adequate operational
policies limits management's capacity to manage operational risk.
157
8.11 Management's responsiveness to recommendations from internal auditors is considered
inadequate. Management has not fully addressed some of the issues raised in the 2004 internal
audit reports. Major issues raised in Information Technology included employees having multiple
accounts on the Mysis System, dormant user accounts, user accounts for employees who have
resigned from the bank, and permitting a single user to be the imputer and authorizer.
158
9 CAPITAL ADEQUACY
Capital adequacy is evaluated in relation to supervisory guidelines; overall financial condition; the nature, trend, and
volume of marginal and sub-quality assets; intangibles; off-balance sheet activities, and earnings; balance sheet composition,
interest rate risk, concentration risk, and non traditional activity risk, growth trends and prospects; and the strength of
management. Additional consideration is given to retention of earnings and overall interest-rate risk in light of capital
needs; reasonableness of dividends; access to external sources of capital and other appropriate sources of financial
assistance; and plans for maintaining adequate capital and for correcting deficiencies.
9.1 Capital adequacy of the bank was rated "5" i.e. critical.
9.2 The bank's capital adequacy ratio of 3.20%, tier 1 ratio of 2.08% and leverage ratio of 1.89%
as at 30 June 2006 are below the prudential minimum ratios and indicate that the institution is
critically undercapitalised and is relying on borrowings to fund asset growth.
9.3 The bank reported a loss of Peso160.38 billion for the six month period ended 30 June 2006.
This however, deteriorated to Peso338.89 billion after factoring a provisioning shortfall of
Peso178.51 billion. This consequently depleted the bank's net capital base of Peso297.17 billion
to Peso118.66 billion. Therefore the bank's plan to recapitalise through retained earnings is not
feasible in light of these losses.
9.4 The bank is highly exposed to concentration risk as the three largest exposures amounting to
Peso839.01 billion, are three times the net capital base. The five connected exposures to Y
Limited amounting to Peso500.78 billion and constituting 28.49% of the total loan book were
reclassified doubtful. In the event of default, the bank's capital base will be completely eroded.
9.5 The amounts owing to the Central Bank constituted 32.57% of the total balance sheet as at 30
June 2006. This shows that the bank is relying on lender of last resort facilities for its funding.
Given the punitive interest rates of such facilities, the bank is likely to continue incurring huge
losses and ultimately erode its capital base.
9.6 In order to meet the minimum capital adequacy ratio of 10%, the institution needs to inject
Peso631.49 billion immediately.
9.8 Further stress testing results established that the bank's capital adequacy ratio is exposed to
combined credit, interest rate, foreign exchange shocks as indicated below:
159
9.9 Given the current balance sheet structure, a combined shock of 50% of performing loans becoming
non-performing loans, 50% depreciation of the Peso and increase in interest rates by 50 percentage
points indicates that the capital adequacy ratio would significantly decline from the current 3.20%
to negative 11.76%.
160
10 ASSET QUALITY
Asset Quality is evaluated in relation to the level, distribution, trend and severity of asset classifications; the level,
composition, and trend of past due, non-accrual, and non-performing loans; the adequacy of provision for bad debts; and
the demonstrated ability to administer and collect problem credits and the general economic environment. In addition, the
quality of investments, the adequacy of investment policies, trading account activities, as well as the volumes associated
with off-balance sheet items, are assessed. Also considered are any unusual concentrations of credits; investments and
transfer risk, trend and volume of assets listed for special mention; criticised or classified loans to insiders or their related
interests; volume and quality of participation; and the effectiveness of lending policies and credit administration procedures.
10.2 Asset quality was considered weak with high level of adversely classified loans constituting 41.80%
of the bank's total loan book of Peso1.76 trillion as at 30 June 2006.
10.3 The high level of adversely classified loans is largely attributed to a non-performing and unsecured
exposure to five connected borrowers amounting to Peso500.78 billion. As at 30 June 2006, this
exposure constituted 28.49% of the bank's total loans, and 168.52% of the bank's capital base,
which is in violation of the prudential lending limit of 75% prescribed under the Banking Regulations,
Statutory Instrument 10/1999.
10.4 The examination covered 70% of the total loan book and established the following classifications
as at 30 June 2006:
30-Jun-06 % of total
Category 31-Dec-05 31-Mar-06 (Peso billion) loan book
Pass 63.25% 30.27% 350.70 19.95%
Special Mention 22.00% 55.91% 672.36 38.25%
Sub-standard 3.06% 8.48% 73.00 4.15%
Doubtful 6.67% 4.36% 602.78 34.29%
Loss 5.02% 0.98% 59.00 3.36%
Total 100.00% 100.00% 1,757.84 100.00%
10.5 Loans with significant risk (i.e. classified doubtful to loss) aggregated Peso661.78 billion and
constituted 37.65% of the total loan book. The exposure to five connected loans constituted the
bulk of loans with significant risk, and there is no repayment plan for these loans. For the remainder
loans in this category, repayment is no longer from primary sources but secondary sources (i.e.
pledged security).
10.6 The special mention category of 38.25% largely consists of loans to the manufacturing sector.
The loans are generally performing and adequately secured. Proportion of loans in special mention
decreased from 55.91% to 38.25% as a result of the migration of five connected loans from
special mention to the doubtful category.
10.7 The bank is not properly classifying its loan book as per the provisions of Banking Regulations,
Statutory Instrument 10/1999. The bank had classified the five connected loans as substandard,
when in fact they are in the doubtful category, as they are not performing, capital has not been
repaid since the loan was advanced in February 2004, and payments up to October 2005 were
insufficient to cover the interest obligation. From November 2005 onwards, no repayments in
respect of capital and interest were made.
161
10.8 As a result of the reclassification of the five connected loans, the examination determined a
provisioning shortfall of Peso178.51 billion as at 30 June 2006.
10.9 While the bank is in the process of securing a holding company guarantee for the five connected
loans, this exposure heightens liquidity risk as the bank is largely funding its assets using expensive
inter-bank and lender of last resort facilities as discussed earlier.
10.10 Concentration risk was considered high. The institution's exposure to the five connected loans
constituted 168.52% of the bank's capital base, and 28.49% of the bank's total loan book. If the
five connected loans remain delinquent, they have the potential to impact negatively on the banks
solvency and going concern, by eroding the bank's capital base of Peso297.17 billion.
10.11 Sectorial concentration risk was also high. The bank has a high concentration of loans to the
manufacturing sector, which constituted 40.23% of the loan portfolio as at 30 June 2006. The
manufacturing loans are however, performing and adequately provided for.
10.12 Credit underwriting standards are not adhered to as decision making on the approval of loans to
related parties is centralised on the executive director for corporate banking. This has contributed
to significant loans to related parties being written off.
10.13 The bank did not perfect security as required in the facility letters as detailed below:
10.14 The examination established that the bank is vulnerable to deterioration in asset quality depicted
by the stress testing results below:
10.15 The stress testing results for migration of performing loans to non- performing loans reflect that
capital adequacy ratio will become negative given a 25% movement due to the extra provisions
of Peso142.25 billion.
162
11 EARNINGS
Earnings are evaluated in relation to the ability to support present and future operations, cover losses, and provide for
adequate capital. The level and trend of profits/losses, the quality and composition of net income, the strength of net
interest margin, the vulnerability to changes in economic conditions and rate scenarios are considered. Consideration is
also given to the adequacy of provisions to loan losses, compliance with proper accounting procedures, and the extent to
which extraordinary items, securities transactions, premises sale/leasebacks, tax effects and other nonrecurring transactions
contribute to net income.
11.2 The bank's earnings position reflects inadequate capacity to fund present and future operations.
The bank reported a net loss of Peso95.26 billion in May 2006 which worsened to Peso160.38
billion in June 2006. Losses incurred in the month of June 2006 are further exacerbated by a
provisioning shortfall of Peso178.51 billion, resulting in a net loss of Peso338.89 billion.
11.3 Under the circumstances, the bank will have to rely on equity injection by shareholders rather
than organic growth to satisfy regulatory capital requirements.
11.4 The examination established that there is inadequate board and management oversight over the
bank's operations. It was noted that deliberations at the bank's board meetings pay scant attention
to strategic issues that relate to improvement of the bank's earnings position.
11.5 The table below summarises the bank's key earnings indicators:
11.6 The bank's return on assets (ROA) and return on equity (ROE) were generally negative since
2003. This was due to negative returns attributable to high funding costs on inter-bank borrowings
and overnight accommodation from the central bank.
11.7 Cumulative funding by way of inter-bank borrowings and overnight accommodation amounted
to Peso1.16 trillion and Peso3.56 trillion respectively, against a balance sheet of Peso10.93
trillion as at 30 June 2006.
11.8 The examination noted that the non-performing five connected loans to Y Limited which constitute
28.49% of total loan book are on a non-accrual basis and are therefore not contributing to the
bank's income.
11.9 The changes to the bank's accounting policies and procedures have not been reviewed by the
board since 1999, which indicates inadequate board oversight over the accounting policies.
163
12 LIQUIDITY & FUNDS MANAGEMENT
Liquidity and funds management are evaluated in relation to the overall effectiveness of asset and liability management,
degree of deposit concentration, existence and adequacy of contingent funding plans, and general economic environment.
Consideration is given to the composition and stability of deposits; the availability of funds and the degree and trend of
reliance on short-term, volatile sources of funds, the nature, trend, and volume of off-balance sheet activities; and interest
rate risk management.
12.1 Liquidity and funds management was rated "4" i.e. weak.
12.2 The bank has experienced liquidity challenges since the year 2003. These challenges have not
been resolved as the bank continues to fund its operations using expensive inter-bank and lender
of last resort facilities as it has been failing to raise cheap retail deposits because of the continuing
negative perception in the market.
12.3 There is no indication of a clear long term strategy from monthly ALCO deliberations on how the
bank intends to address the persistent liquidity challenges.
12.4 ALCO meetings do not review the bank's profitability on a monthly basis against budgets as
stated in the ALCO terms of reference.
12.5 Liquidity Management Committee meetings are not being held weekly as stipulated in the terms
of reference. The last meeting was held on 3 February 2006. This limits management oversight
over liquidity issues.
12.6 A review of board minutes revealed that there were no deliberations on the funding structure of
the bank which is relying on costly sources of funds such as Central Bank accommodation and
borrowings from the inter-bank market.
12.7 The bank does not have a Contingency Liquidity Plan. There is thus no road map on the procedures
to be taken in the event of a liquidity crisis.
12.8 The bank does not have a management information system for liquidity risk management. The
bank has been producing gap reports manually, making them prone to errors and manipulation
and do not provide an audit trail.
12.9 The bank is relying on wholesale deposits, which constitute 66.96% of total deposits valued at
Peso7.59 trillion as at 30 June 2006. Wholesale funds are volatile and therefore pose greater
liquidity risk to a banking institution.
12.10 Due to the volatility of the wholesale deposits, the bank has had to borrow overnight from the
Central Bank and the inter-bank market to cover its negative position. The cumulative monthly
borrowings from the Central Bank as at 30 June 2006 are shown in the table below:
164
Central Bank Borrowings
Month in 2006 Amount (Peso bn) Rate (%) No. of Days
January 306.93 50 5
February 1,497.20 50 20
March 560.50 50 10
April 784.36 50 13
May 1,752.29 50 22
June 3,563.98 50 19
12.11 The bank's top twenty depositors amounted to Peso3.95 trillion constituting 52.04 % of total
deposits as at 30 June 2006. The deposits are short-term (mainly 7 days) and therefore expose
the bank to liquidity risk in view of the volatile market conditions.
12.12 The monthly liquidity gap report for six months ended 30 June 2006 is shown below:
Month 0-30 Days 0-90 Days 0-180 Days 0-364 Days 0-728 Days 728 Days+
Jan -530.409 -455.62 -65.67 391.38 543.4 543.4
Feb -594.583 -484.231 -14.256 330.099 467.236 469.15
March -992.629 -969.947 -385.055 1.298 144.353 146.949
April -771.65 -746.504 37.763 304.612 451.946 455.488
May -1,780.11 -1,135.11 -374.924 98.043 306.944 310.486
June -1,644.42 -565.532 -449.372 -215.16 -35.101 -31.823
12.13 The negative gap in the 0-30 day time band arose from the purchase of 720 day Bankers'
Acceptances worth Peso4.50 trillion at face value using short term liabilities.
12.14 The bank is also funding non performing loans which amounted to Peso734.78 billion as at 30
June 2006. This has heightened the bank's liquidity challenges.
12.15 The bank is not conducting stress testing on liquidity positions to assess its vulnerability to liquidity
risk.
165
13 SENSITIVITY TO MARKET RISK
Sensitivity to market risk reflects the degree to which changes in interest rates, foreign exchange rates, commodity prices,
or equity prices can adversely affect earnings or the economic value of capital; the ability of management to identify,
measure, monitor, and control exposures to market risk given the bank's size, complexity, and risk profile; the nature and
complexity of interest rate risk exposure arising from non-trading positions; and, where appropriate, the nature and
complexity of interest rate risk arising from trading and foreign operations.
13.2 Board and senior management oversight on interest rate risk and foreign exchange risk is inadequate
on account of:
13.2.1the market risk policy does not have stop loss limits on earnings and economic value of
equity at risk; and
13.2.2no quantitative analysis is carried out on the impact of changes in interest rates on the
bank's net income and economic value of equity.
13.3 Policies and procedures for foreign exchange risk management are deficient as they do not
specify the tools and techniques for managing foreign exchange risk.
13.4 The bank is exposed to high repricing risk as reflected by a huge net liability sensitive book of
Peso1.35 trillion and Peso267.60 billion over three months and 12 months respectively as at 30
June 2006.
13.5 Given that assets were mainly funded by short-term wholesale deposits and inter-bank borrowings,
a worst case scenario of 100% increase in interest rates would reduce the bank's net income and
capital by Peso631.04 billion and Peso635.81billion respectively.
13.6 The table below shows the impact of interest rate changes on the bank's capital and net income
at various levels of shocks as per the Central Bank model using the underlying assumptions.
• Wholesale deposits will reprice faster than assets
• Loans and other assets will be repaid in terms of their contractual agreements
• Balance sheet structure will remain unchanged.
166
SECTION III: SUPPLEMENTARY SECTION
167
14 APPENDIX 1 – DETAILED RISK MATRIX
168
15. APPENDIX 11 - SUMMARY OF KEY RATIOS
169
16. APPENDIX 111 - INCOME STATEMTENTS
170
17. APPENDIX 1V - COMPARATIVE BALANCE SHEETS
171
SECTION IV: SIGNATURES OF DIRECTORS
172
ACKNOWLEDGEMENT FORM
To the Senior Division Chief, Bank Supervision,
Central Bank of Galaxia:
We, the undersigned members of the Board of Directors of Omega Banking Corporation, do hereby
certify and acknowledge by affixing our signatures below that each of us has personally read, reviewed,
and is familiar with the Report of Examination conducted from 3 July 2006, to 11 July 2006. (Signing
this form does not mean that you agree with information or conclusions embodied in the report, but only
you have received, read, and are familiar with the contents of the report).
................................... .................................
(Name of Director) (Signature of Director)
................................... ....................................
(Name of Director) (Signature of Director)
.................................. ...................................
(Name of Director) Signature of Director)
............................... ..................................
(Name of Director) (Signature of Director)
.................................. .....................................
(Name of Director) (Signature of Director)
......................................... ........................................
(Name of Director) (Signature of Director)
................................... ........................................
(Name of Director) (Signature of Director)
....................................... ........................................
(Name of Director) (Signature of Director)
173
ACKNOWLEDGEMENTS
1. Comptroller of the Currency Administrator of National Banks(OCC), “Large Bank Supervision
Handbook”, May 2001].
174
BANK LICENSING, SUPERVISION & SURVEILLANCE’S
CORE FUNCTIONS
a) Licensing and de-licensing of banking and non-banking financial institutions.
b) Conduct On-site and Off-site supervision (and investigations) of banking and non-bank
institutions on a Solo as well as on a Consolidated basis.
c) Enhancing framework and perfecting the practice of Risk-Based Supervision and Consolidated
Supervision.
d) Enhance framework for Financial Stability, Early Warning Systems, Stress Testing, and
Problem Bank Resolution.
e) Monitoring compliance with laws and regulations; and enforcing quality assurance in the
supervisory process.
f) Conduct research and improve risk management practices within Reserve Bank of Zimbabwe
and the market.
g) Fostering co-operation and effective liaison with other regulatory authorities on the domestic
and international arena.
175
NOTES
176