Edge
Use the latest browser recommended by Microsoft
Get speed, security and privacy with Microsoft Edge

Risk-based Supervisory Framework

1. INTRODUCTION 

The objective of the ECCB Risk-Based Supervisory (RBS) Framework is to provide an effective approach to assess safety and soundness of the Licensed Financial Institutions (LFIs) against current and emerging risks that could arise in the future. The Risk-Based Supervisory Framework describes the principles, concepts, and core process that the Eastern Caribbean Central Bank (ECCB) Financial Sector Supervision Department (FSSD) will use to guide its supervision of the LFIs. These principles, concepts, and core process apply to all LFIs in the Eastern Caribbean Currency Union (ECCU), irrespective of their size. The ECCB will assess the safety and soundness of the LFIs, by evaluating the LFI’s risk profile, financial condition, risk management practices and compliance with applicable laws and regulation in the ECCU, to identify issues or areas of concern to intervene in a timely manner.

The Financial Sector Supervision Department (FSSD) of the Eastern Caribbean Central Bank has two functions: regulation and supervision. Regulation is applicable to the whole system and involves developing and issuing guidelines, as well as approving requests for licensing. The best regulation might become inadequate if there is no efficient supervision. On the other hand, supervision involves dynamic assessments of the risks and risk governance in the operations of the Licenced Financial Institutions to ensure they comply with laws and regulation. Therefore, supervision is LFI-specific, with the intensity of supervision being proportional to the size, nature, complexity and risk profile of the LFIs. Lessons learnt from the crisis made supervisors create robust, risk-based supervisory frameworks for understanding, assessing and monitoring the risks in LFI’s operations.

Consolidation, rapid expansion, and development of the financial sector require regular review of existing supervisory practices to ensure that they remain effective. Regulatory and supervisory frameworks in many countries have evolved as the financial systems developed. In recognition of the increased globalisation of the financial industry, the ECCB considered the risk-based supervisory practices developed by foreign regulators such as the Office of the Superintendent of Financial Institutions (OSFI) Canada, as well as guidelines issued by the Basel Committee on Banking Supervision (BCBS) in establishing this Risk-Based Supervisory Framework.

2. BACKGROUND AND RATIONALE

The Eastern Caribbean Central Bank (ECCB) continues to implement measures to enhance its regulatory and supervisory framework. In the early 2000s, a risk-based approach was introduced to determine the type, scope and frequency of supervisory responses. This entailed annual stress testing and the review of periodic, qualitative information submitted by commercial banks.

In 2003, a financial stability sector assessment of the Eastern Caribbean Currency Union (ECCU) was jointly undertaken by the International Monetary Fund (IMF) and the World Bank. The assessment highlighted one of the risks as “weaknesses in the regulatory and supervisory framework for bank supervision, relative to the requirements of the Basel Core Principles”. Between 2004 and 2006, new banking legislation was passed in the eight (8) member territories of the ECCU to address these regulatory and supervisory weaknesses.

In 2009, the financial system came under severe pressure from shocks to the banking and insurance sectors. In January 2009, the failure of the Trinidad and Tobago based CL Financial Group with its extensive cross-border activities, reverberated throughout the ECCU, where its subsidiaries Colonial Life Insurance Company and British American Insurance Company operated. In February 2009, there was a run on the Bank of Antigua, triggered by fraud charges brought by the United States Securities and Exchange Commission against the bank’s major shareholder. To protect depositors’ interest and preserve the stability of the financial system in the region, the ECCB exercised its emergency powers and assumed control of the bank.

In the period immediately following the 2009 intervention, the ECCB intensified its oversight of banks. Stress tests were performed with greater frequency and international bank branches operating in the ECCU were required to submit audited financial statements for each of their domestic branch operations.

Within five years of its first intervention, the ECCB took control of three other commercial banks. It was clear that the existing supervisory tools were inadequate to facilitate an early resolution of these banks.

Between 2015 and 2016, a new Banking Act was adopted. Central to the Banking Act are the Core Principles for Effective Banking Supervision issued by the Basel Committee on Banking Supervision in September 2012. The Banking Act establishes an enhanced regulatory and supervisory regime, which includes the following:

  • minimum standards for directors, officers, controlling and significant shareholders;
  • a full suite of corrective action tools including administrative penalties and the appointment of an observer or official administrator;
  • authority to issue and revoke licences; and
  • a framework for gone concern resolution which contemplates an extra-judicial process for receivership and compulsory liquidation.

The ECCB continues to enhance its risk-based supervision methodology, which was introduced more than a decade ago. This new legislation fully supports the methodology and will undoubtedly deepen the ECCB’s oversight function and ultimately boost the safety and soundness of the ECCU financial system.

3. SUPERVISORY APPROACH AND PRINCIPLES

The ECCB’s supervisory approach to risk-based supervision is based on the following concepts, and principles, which are considered as essential for an effective functioning of the financial system 

CONSOLIDATED SUPERVISION: The RBS Framework covers Licenced Financial Institution’s important entities such as subsidiaries, branches, and joint ventures, inside and outside of the ECCU. In other words, the supervision of the LFIs will be on a consolidated basis. Consolidated supervision evaluates the strength of an entire group, taking into account all the risks that might affect the LFI. This group-wide approach to supervision, where all the risks of a banking group are considered, goes beyond accounting consolidation. The ECCB will cooperate and share information with other national/foreign supervisors and will use information available from other supervisors as appropriate.

CONTINUOUS ASSESEMENT OF THE RISK PROFILE: The RBS Framework requires a continuous/on-going assessment of the LFI’s risk profile to be maintained current. Continuous supervision requires establishing an ongoing relationship and contact with the LFI. It is an international practice to adopt a portfolio approach to supervision by assigning a dedicated group of supervisors (both on-site and off-site) to the LFIs to empower continuous and consistent supervision. A Relationship Manager (RM) will lead the group and will be the ECCB’s primary contact with the LFIs. Assigning the same team or group to LFIs will be important for the standardisation of risk assessment and developing common understanding of the LFI’s risk profile. In RBS, both on-site examinations and off-site monitoring are integrated into the process such that each one feeds into the other.

PRINCIPLES-BASED AND FORWARD-LOOKING SUPERVISION: The RBS Framework is principles-based and forward-looking which will permit a timely and flexible response to the advances in the financial sector, as well as early identification of problems and timely intervention. Principles-based supervision applies sound judgment in identifying and evaluating risks to the effectiveness of the supervisory approach and distinguishes the complexity as well as diversity among the LFIs, avoiding a “one size fits all” approach.

SUPERVISORY INTENSITY AND INTERVENTION: There is a direct link between a LFI’s overall risk profile assessment, the level of supervision, and the degree of intervention. The level/intensity of supervision will reflect the LFI’s potential impact on the stability of the financial system in the ECCU. The level and frequency of supervision and the degree of intervention will depend on the nature, size, complexity and risk profile of the LFI. The ECCB will aim to intervene, when necessary, at an early stage.

FOCUSING ON MATERIAL RISKS: Risk assessment will focus on material risks and the drivers of risks. It will assess LFIs not just against current risks, but also against those that could probably arise in the future. Supervisors are expected to use sound judgment, based on evidence and analysis, in the risk identification and assessment process.

CORPORATE GOVERNANCE: The RBS Framework recognizes that LFI’s Board of Directors should provide effective Corporate Governance with the support of Senior Management. The Board and Senior Management are primarily responsible and ultimately accountable for the LFI’s financial safety, soundness, compliance with laws, regulation and supervisory guidance. The Board and Senior Management are expected to be proactive in providing ECCB with timely response/notification of significant matters affecting the LFI.

HOLISTIC ASSESSEMENT: The application of the RBS Framework culminates in a consolidated assessment of risk to a LFI. It enables the assessment of the risk profile of the LFI to stay current and provides an objective basis for allocating supervisory resources. This holistic assessment combines an assessment of capital and earnings in relation to the overall net risk from the LFI’s significant activities, as well as an assessment of the LFI’s liquidity, to arrive at the composite risk.

LICENCED FINANCIAL INSTITUTION FAILURE: A “No Failure” approach is not compatible with a dynamic market economy since it could damage and weaken the efficiency of the financial system. Although regulation and supervision can diminish the risk of failure, LFIs could face financial problems leading to their failure and resolution. The ECCB does not seek to operate a zero failure regime; it seeks to ensure that any LFI that fail do so in an orderly manner. 

4. ASSESSING RISK PROFILE OF A LICENSED FINANCIAL INSTITUTION - PRIMARY RISK ASSESEMENT CONCEPTS

The RBS Framework uses many concepts to enable a common approach to risk assessment over time and across LFIs. Assessing the risk profile of a LFI is a dynamic and on-going process comprising the following steps:

  • Knowledge of Business/Identifying LFI’s Significant Activities;
  • Assessing Key Inherent Risks in each Significant Activity;
  • Assessing Quality of Risk Management by assessing the Three Lines of Defence and Corporate Governance for each Significant Activity;
  • Assessing Net Risk in each Significant Activity;
  • Assessing Overall Net Risk for all Significant Activities;
  • Assessing Capital, Earnings, and Liquidity at enterprise-wide (LFI) level; and
  • Arriving at Composite Risk Rating, which is an assessment of the LFI’s overall risk profile.

The above-mentioned interrelated steps represent steps for the overall assessment of LFI’s risk profile. It is very important to understand each concept well because the quality of assessment in each step will affect the quality of assessment in the next one.

The primary concepts/steps for risk assessment are described below:
4.1. KNOWLEDGE OF BUSINESS / IDENTIFICATION OF SIGNIFICANT ACTIVITIES

The first step in the RBS Framework is the knowledge of business and identification of significant activities. The fundamental principle of the RBS Framework is that supervisors must “know the LFI” that they are responsible for. This knowledge will allow supervisors to identify those activities that are key (significant) to the achievement of the LFI’s business objectives or strategies.

The risk profile of the LFIs is determined by the activities they engage in, their associated risks, and the risk management practices. These activities and risks are affected by external factors such as general economic, political, and industry conditions and internal factors such as business objectives, strategies, risk appetite and organisation structure. Although external factors are beyond the control of a LFI, they can have a significant effect on its ability to achieve its business objectives and can contribute significantly to its risk profile.

Supervisors will identify and understand the various environmental and industry factors that affect a LFI’s business objectives, strategies and activities to assess its risk profile effectively. An understanding of the environment and industry in which a LFI operates provides the supervisor with a broad context for understanding the LFI’s business profile. To gain an understanding of a LFI’s business profile, supervisors will apprehend? its business model i.e. its business objectives and strategies, risk appetite and organisation structure. An understanding of a LFI’s business profile enables a supervisor to identify its activities.

Once all activities of the LFI are identified, supervisors will use sound judgment in selecting significant activities. Significant activities may be chosen for quantitative reasons (such as assets generated by the activity in relation to total assets; revenue generated by the activity in relation to the total revenue, etc.) and/or qualitative reasons (such as its risk, strategic growth, or important enterprise-wide process, etc.). It is important to note that significant activities are specific to the LFI and what is considered significant in one LFI, may be insignificant in another and vice versa. In general, activities identified as significant by a supervisor would be in line with those considered significant by the LFI’s management. A LFI’s significant activity could be a business line, business unit or enterprise-wide process. They are the vital activities of the LFI to meet its overall business objectives.

These activities can be identified from numerous sources of information such as LFI’s strategic and business plans, organisational structure, internal and external financial reporting, annual reports, and capital allocations. Lines of business and business units are generally readily identifiable from a LFI’s organisation structure. Enterprise-wide (LFI-wide) processes that are critical to the LFI’s effective operations, require a good understanding of how the LFI is organised and managed. Examples of these include, amongst others, Asset and Liability Management (ALM), Treasury Operations, Information Technology (IT). 

4.2. ASSESSMENT OF INHERENT RISKS 

The second step in the RBS Framework is assessing the key inherent risks in the Significant Activities. Inherent risk is the level of risk that is present in the LFI’s activities. Inherent risk is defined as exposure to loss from current or possible future events, or changes in business or economic conditions. Inherent risk is evaluated by considering the degree of probability and the potential size of an adverse impact on a LFI’s overall financial condition.

Inherent risk in the significant activities is assessed without considering the impact of risk mitigation through the LFI’s risk management process and controls. A LFI’s risk management process and controls are considered in the assessment of Quality of Risk Management. The assessment of inherent risk is primarily qualitative, a thorough understanding of both the nature of the LFI’s activities and the environment is essential to identify and assess the inherent risks.

The ECCB will be using the following four categories of inherent risk for assessment purposes: credit risk; market risk; operational risk (includes legal risk); and regulatory compliance risk.

The levels of inherent risks are assessed as:

Low: Low inherent risk exists when there is a lower than average probability of a material loss due to exposure and uncertainty arising from current and potential future events. The risk of loss would have very little impact on the LFI’s overall financial condition.

Moderate: Moderate inherent risk exists when there is an average probability of a material loss due to exposure and uncertainty arising from current and potential future events. Although the activity potentially could result in a loss to the LFI, the LFI could absorb the loss. 

Above Average: Above average inherent risk exists when there is an above average probability of a material loss due to exposure and uncertainty arising from current and potential future events. The activity potentially could result in a loss to the LFI.

High: High inherent risk exists when there is a higher than above average probability of a material loss due to exposure and uncertainty arising from current and potential future events. The activity potentially could result in a significant and damaging loss to the LFI.

The strategic and reputational risks are not considered as a separate category of inherent risk in the RBS Framework. LFIs are expected to have an embedded approach to managing strategic and reputational risks. Reputational risk is a consequence of each of the four inherent risk categories. Reputational risk exists throughout the LFI and exposure to reputational risk is essentially a function of the adequacy of the LFI’s internal risk management processes. Accordingly, it is an important consideration in the assessment of each inherent risk category. The strategic risk is also an enterprise-wide risk and will be considered, among others, in the assessment of business plans/strategy; risk appetite; capital planning; and oversight functions.

Regulatory compliance risk is included in the RBS Framework as an inherent risk. It arises from a LFI’s potential non-conformance with the Banking Act, ECCB’s rules, regulation, prescribed practices, or ethical standards. Regulatory Compliance risk exposes a LFI to fines, penalties and can result in diminished reputation, reduced enterprise value and limited business opportunities. 

The risk relating to the LFI’s liquidity has not been included as a separate inherent risk category, as the ratio of actual to required liquidity is taken as a reflection of liquidity risk. The financial crisis has shown that liquidity risk management must be treated at the enterprise-wide level since it can contribute to credit and market risks; might emerge from problems in the banking book. RBS Framework assesses liquidity risk and its management at the enterprise-wide level as suggested by the Basel Committee on Banking Supervision in line with the international practices.

Supervisors will develop expectations for the Quality of Risk Management based on the level of the inherent risks assessed in the significant activities. In other words, supervisors will expect vigorous Operational Management and strong oversight controls for the higher level of inherent risks.

4.3. ASSESEMENT OF QUALITY OF RISK MANAGEMENT

The Quality of Risk Management (QRM) is assessed at two levels: the Three Lines of Defence and Corporate Governance. The “Three Lines of Defence” model is a systematic approach, serves as an internationally accepted best practice and delivers a simple and effective way by defining roles and responsibilities in risk management at different levels in the LFIs organisational structure.

The Basel Committee on Banking Supervision (BCBS) defines the “three lines of defence” as “The business line, the first line of defence, has “ownership” of risk, whereby it acknowledges and manages the risk that it incurs in conducting its activities. The risk management function is responsible for further identifying, measuring, monitoring and reporting risk on an enterprise-wide basis as part of the second line of defence, independently from the first line of defence. The compliance function is also deemed part of the second line of defence. The internal audit function is charged with the third line of defence, conducting risk-based and general audits and reviews to provide assurance to the board that the overall governance framework, including the risk governance framework, is effective and that the procedures are in place and consistently applied."1

The Organization for Economic Cooperation and Development (OECD) defines corporate governance as “A set of relationships between a company’s management, its board, its shareholders, and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Good corporate governance should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring”2

Corporate governance is the system by which LFIs are directed and controlled. The purpose of corporate governance is to strengthen accountability, transparency, credibility and integrity of a LFI. The LFI’s Board and Senior Management are ultimately accountable for the LFI’s safety and soundness, and its compliance with governing laws and regulation.

1 Basel Committee on Banking Supervision Guideline “Corporate Governance Principles for banks”, July 2015, BIS.

2 OECD Principles of Corporate Governance, revised in April 2004

The Licenced Financial Institutions are expected to have in place separate oversight functions depending on the nature, size and complexity of their business. Oversight functions are responsible for independent oversight of Operational Management’s day-to-day management of the activity. Depending on the nature, size and the complexity of the LFI, they could be a group of individuals or a department, independent of the business lines, to ensure that operating controls are working effectively. Oversight functions provide enterprise-wide, independent control (independent of a LFI’s revenue-generating functions) of Operational Management (first line of defence). Where a LFI lacks some of the oversight functions; they are not independent; or they do not have enterprisewide responsibility, ECCB expects other functions, within or external to the LFI, to provide the independent oversight needed. In general, smaller LFIs do not have all the Oversight Functions; Senior Management generally carries out oversight responsibilities in these small LFIs.

Five oversight functions may exist in a LFI: 

  • The Board of Directors (hereinafter called the Board) – Corporate Governance;
  • Senior Management - Corporate Governance;
  • Risk Management - Second Line of defence;
  • Compliance – Second Line of Defence; and
  • Internal Audit – Third Line of Defence.
4.3.1. THE FIRST LINE OF DEFENCE: OPERATIONAL MANAGEMENT

As the first line of defence, Operational Management owns and manages risks in a LFI. Operational Management is responsible for planning, directing and controlling the day-to-day operations of a LFI’s activities/business lines in line with the policies, processes approved by the Board of Directors at each business line/ at each stage of the operations. 

Operational Management should ensure that these policies and procedures are implemented; control systems and resources are adequate to effectively manage and mitigate inherent risks in an activity/business line.

Operational Management should detect and prevent material errors, irregularities, weaknesses and take action in a timely manner, as the first line of defence. LFI’s line staff should be well informed by the Operational Management, of the risks that activities/business lines contain as well as the policies and procedures in mitigating these risks. Operational Management should also have a mechanism to escalate material issues to Senior Management.

Operational Management is assessed separately for each significant activity. The assessment will cover the following, amongst others:

  • organisational structure;
  • human resources, staffing and expertise;
  • implementation of internal policies and procedures, including the risk management framework ;
  • risk measurement/assessments;
  • risk control and monitoring; and
  • reporting.

In general, during the supervisory assessment, if the Oversight Functions for a particular significant activity are assessed as effective, this may substantially reduce the resources dedicated to the assessment of Operational Management. Conversely, weaknesses detected in Oversight Functions in a particular significant activity, will result in increased emphasis on the assessment of Operational Management.

4.3.2. THE SECOND LINE OF DEFENCE: RISK MANAGEMENT AND COMPLIANCE FUNCTIONS 

A single line of defence is not adequate to assure effective risk management in the LFIs. LFIs should have in place separate oversight functions depending on the nature, size and complexity of their business. Risk Management and Compliance functions are considered as a second line of defence and are responsible for providing independent, enterprise-wide oversight of Operational Management, the first line of defence. They are also responsible for the development and implementation of the internal control and risk systems as well as assuring oversight for the Board and Board Committees. 

The Risk Management Function - as a second line of defence - facilitates and monitors the implementation of effective risk management practices by Operational Management. The Chief Risk Officer (CRO) is the head of the LFI’s Risk Management function. The CRO and the Risk Management function are responsible for identifying, measuring, monitoring and reporting on the risks of a LFI on an enterprise-wide and disaggregated level, independently of the business lines or Operational Management. The oversight responsibilities delegated to the Risk Management Function typically include, amongst others:

  • identifying material individual, enterprise-wide and emerging risks;
  • developing and implementing enterprise-wide risk management frameworks;
  • establishing management policies and procedures to manage risks;
  • assisting and monitoring implementation of risk management procedures by Operational Management;
  • developing systems or models for measuring risk;
  • developing risk metrics (e.g., stress tests) and associated tolerance limits;
  • establishing an early warning system for the risk limit/appetite breaches;
  • continuous monitoring of risk taking activities, checking consistency of all material risks with the business strategies of the LFI, risk limits and corresponding capital or liquidity levels;
  • escalating significant breaches to Senior Management and the Board/Board Committees; and
  • periodically reporting to Senior Management and the Board/Board Committees.

The Compliance Function (including the Chief Anti-Money Laundering Officer) provides independent oversight of the LFI’s compliance with laws, regulation, and guidelines relevant to the activities of the LFIs. The Compliance Function, if it exists as a separate, independent function in the LFI, is considered as a second line of defence. Overall responsibility for assessment and management of regulatory compliance risk within the LFI should be assigned to an individual who is independent from Operational Management, and who should be designated, at least functionally, as the LFI’s Chief Compliance Officer (CCO) or equivalent.

In some LFIs, the CRO may have responsibility for the compliance function. Where a LFI combines its risk and compliance functions, the ECCB expects that the LFI would allocate adequate resourcing to fulfill the responsibilities of each function.

LFIs are expected to have an effective Regulatory Compliance Management framework as an essential component of their overall risk management to enhance the LFI’s compliance with laws and regulation in the ECCU. The oversight responsibilities delegated to the Compliance Function typically include, amongst others:

  • developing compliance policies and procedures;
  • identifying and communicating new and amended compliance policies or requirements to all impacted areas of the LFI;
  • assisting Operational Management in identifying, addressing and integrating significant legislative or regulatory compliance requirements into its business activities;
  • actively monitoring LFI’s compliance to applicable laws, regulation and internal and external guidelines;
  • escalating significant breaches of compliance requirements to Senior Management and the Board/Board Committees; and
  • periodically reporting to Senior Management and the Board/Board Committees.
4.3.3. THE THIRD LINE OF DEFENCE: INTERNAL AUDIT

The Internal Audit Function provides independent oversight of the effectiveness and adherence to the LFI’s organisational and procedural controls. The Internal Audit Function, as the third line of defence, provides independent review and objective assurance of effectiveness of the first and second lines of defence; the risk governance framework; strategic and business planning; compensation policies and the decision-making process.

The Internal Audit Function has the highest level of independence, which is not available in the second line of defence. Internal auditors must be competent and appropriately trained and not involved in developing, implementing or operating the Risk Management/Compliance functions or other first or second line of defence functions. The oversight responsibilities delegated to Internal Audit function typically include, amongst others:

  • assessing the effectiveness and efficiency of the internal control, risk management and governance systems and processes created by the business units;
  • reviewing objectives, strategies, events, initiatives and transactions for changes that could materially impact the LFI to assure that control practices are appropriate and effective;
  • ensuring the scope of the Internal Audit function’s activities adequately cover matters of regulatory interest within the audit plan;
  • assessing the overall LFI, branches, subsidiaries, other units, business lines, and supporting functions;
  • proactively following-up and reporting on significant issues to ensure timely resolution by Senior Management;
  • periodically assessing the effectiveness of Risk Management and Compliance functions;
  • assessing the quality of risk reporting to the Board and Senior Management; and
  • reporting on the results of its work on a regular basis to Senior Management and directly to the Board (Audit Committee).
4.3.4. CORPORATE GOVERNANCE

Effective Board and Senior Management oversight is the fundamental element of ensuring a safe, sound and successful LFI. The Board is responsible for providing stewardship, including direction-setting and general oversight of the management and operations of the entire LFI. Senior Management is accountable for implementing the Board’s decisions, and is responsible for directing and overseeing the operations of the LFI. The Board and Senior Management, as part of corporate governance, give support and direction for the effective implementation of the three lines of defence model. The recent financial crises revealed that most banks failed due to deficient corporate governance and management oversight causing capital and/or liquidity problems. The LFIs may have different corporate governance practices depending on their size, ownership structure, nature, scope and complexity of operations, corporate strategy, and risk profile.

The Board plays an important role in the success of a LFI. The Board approves overall business strategy, risk appetite of the LFI, as well as internal controls and Senior Management’s oversight. The Board has ultimate accountability for leading and managing the LFIs.

It is a common practice that the Board delegates some of its management and oversight responsibilities to Senior Management but cannot delegate its accountability to stakeholders.

The Board’s key responsibilities typically include, amongst others:

  • protecting the interest of all stakeholders;
  • establishing and communicating the LFI’s corporate culture and values;
  • establishing and approving the LFI’s business strategy, enterprise-wide risk appetite framework and related policies;
  • monitoring the LFI’s implementation and compliance with the approved policies;
  • providing oversight of Senior Management;
  • approving and monitoring the implementation of the LFI’s Internal Capital Adequacy Assessment Process (ICAAP), liquidity plans, and internal control compliance policies;
  • approving and selecting qualified, competent CEO and key Senior Management members;
  • providing independent assessment of oversight functions; and
  • approving financial statements, compensation policies, and succession planning.

Senior Management is responsible for directing and overseeing the effective management of the general operations of the LFIs. Senior Management facilitates the Board’s oversight role by providing relevant, accurate and timely information to the Board. Depending on the size and complexity of the LFI, Senior Management may delegate some of its oversight responsibilities to an individual or group, such as Internal Audit, Risk Management, and Compliance. Where Senior Management delegates some of its oversight responsibilities to other Oversight functions, Senior Management retains ultimate accountability for the oversight.

The key responsibilities of Senior Management typically include, amongst others: 

  • developing the LFI’s business strategy/model, objectives and plans in line with the size and complexity of the LFI, for the approval of the Board;
  • developing and establishing comprehensive risk management policies and processes in line with the established risk appetite framework;
  • establishing a sound management structure promoting transparency, good conduct, culture, ethics and accountability;
  • overseeing Operational Management and ensuring operations are in line with the Board approved policies and procedures;
  • ensuring risk management policies and practices remain appropriate and effective under the environmental and regulatory changes;
  • providing timely and comprehensive reports/information to the Board and its Committees as well as keeping the Board well-informed.
4.3.5. QUALITY OF RISK MANAGEMENT OVERALL RATINGS

The overall assessment process of an Oversight Function represents the ECCB’s view of its effectiveness in executing its oversight responsibilities for the LFI as a whole. It reflects a consolidation of the Oversight Function’s performance across all Significant Activities and considers any weaknesses in its characteristics that have not yet manifested themselves in performance issues, but that could do so in future. Supervisors will take into consideration the distinctive circumstances of LFIs in assessing the effectiveness of the LFI’s Oversight Functions. 

The following rating categories will be used to assess the Quality of Risk Management:

  • Strong: The mandate, organisation structure, human resources, methodologies and practices of the function are considered very good for the risk profile of the LFI. The performance of the function has been consistently highly effective.
  • Acceptable: The mandate, organisation structure, human resources, methodologies and practices of the function are considered adequate for the risk profile of the LFI. The performance of the function has been effective.
  • Needs improvement: Although the mandate, organization structure, human resources, methodologies and practices of the function are considered somehow adequate for the risk profile of the LFI, there are some important areas where effectiveness needs to be enhanced. The performance of the function has been generally effective. The areas where effectiveness need to be enhanced are not likely to affect the LFI in a material way, if corrective measures are promptly undertaken.
  • Weak: The mandate, organization structure, human resources, methodologies and practices of the function are considered inadequate, in a material way, for the risk profile of the LFI. The performance of the function has been poor and corrective measures should be taken immediately.

The assessment of Oversight Functions also includes a direction rating. The direction is the expected change, based on the current evidence/information, in the assessment of the Oversight Functions for the next 12-month period. It is characterised as improving, stable or deteriorating. 

4.4. ASSESEMENT OF NET RISK AND OVERALL NET RISK

The net risk for each significant activity is a function of the aggregate level of inherent risk offset by the aggregate level of Quality of Risk Management. It is a fundamental supervisory concept and a powerful tool in understanding major areas of risk in the LFIs. The aggregate levels are based on sound judgment. 

The following table displays typical net risk ratings (high, above average, moderate, low) in relation to the aggregate level of inherent and the aggregate level of quality of risk management in a Significant Activity:

Aggregate Level of Quality of Risk Management for a Significant ActivityAggregate Level of Inherent Risk for a Significant Activity 
LowModerateAbove AverageHigh
StrongLowLowModerateAbove Average
AcceptableLowModerate/LowAbove Average/ ModerateHigh/ Above Average
Needs ImprovementLow/
 Moderate 
Moderate/ 
Above Average
Above Average/ ModerateHigh
WeakModerate/ 
Above Average
Above Average/
High
HighHigh

The direction of the net risk is characterised as decreasing, stable, or increasing. The direction is the expected change, based on the current evidence/information, in the assessment of net risk for the next 12-month period. The direction of the net risk is based on the impact of potential changes in Inherent Risks; Quality of Risk Management; business and economic climate on the significant activity; and nature and pace of planned changes within the LFI.

Overall Net Risk is the weighted aggregate of the Net Risk of all Significant Activities of a LFI. In determining the Overall Net Risk, the relative importance of each Significant Activity is considered. The importance is rated as high, moderate or low. The importance is a judgement of the contribution of the net risk of the Significant Activity to the Overall Risk profile of the LFI. Overall Net Risk is an informed judgment-a qualitative assessment, as to the level of Net Risk to the LFI’s Capital and Earnings, arising from all of its Significant Activities. In general, supervisors will focus supervisory efforts on the Significant Activities with higher importance ratings. Overall Net Risk is rated as low, moderate, above average and high.

The direction of the Overall Net Risk is characterised as decreasing, stable or increasing. The direction is the expected change, based on the current evidence/information, in the assessment of Overall Net Risk for the 12-month period.

4.5. ASSESEMENT OF CAPITAL AND EARNINGS

Capital is a source of financial support to protect the LFIs against unexpected losses and it is a key contributor to the LFI’s safety and soundness. Licenced Financial Institutions are required to maintain sufficient capital to support their operations in accordance with regulatory requirements. Capital is not a substitute for effective risk management.

In assessing the LFI’s Composite Risk Rating, supervisors should take into account if capital and earnings provide a cushion against the LFI’s Overall Net Risk across all of the Significant Activities. The LFI’s ICAAP will provide additional information to supervisors in assessing inherent risk and Quality of Risk Management. 

The RBS Framework requires the LFIs to maintain capital levels above the regulatory minimum, where determined necessary as a function of each LFI’s risk profile. Senior Management and the Board/Board Committee should effectively oversee capital planning and management as well as implementation of the ICAAP. 

Capital is rated as strong, acceptable, needs improvement, or weak. The direction of capital is assessed as improving, stable, or deteriorating. The direction is the expected change, based on the current evidence, in the assessment of capital for the next 12-month period.

Earnings absorb normal and expected losses in a given period and provide a source of financial support by contributing to the LFI’s internal generation of capital and its ability to access external sources of additional capital. Strong and sustained earnings are an indicator of a LFI’s overall safety and soundness.

Quality and quantity of earnings are evaluated in relation to the LFI’s capacity to sustain present and future operations. Earnings are not a substitute for sound risk management. Earnings are assessed in relation to the LFI’s Overall Net Risk. The adequacy of a LFI’s earnings will be evaluated in the context of the nature, scope, complexity, and risk profile of the LFI. 

Earnings are rated as strong, acceptable, needs improvement, or weak. The direction of earnings is assessed as improving, stable, or deteriorating. The direction is the expected change, based on the current evidence, in the assessment of earnings for the next 12-month period.

4.6. ASSESEMENT OF LIQUIDITY

Licenced Financial Institutions have to be able to meet their liabilities on an ongoing basis with sufficient confidence, including in stressed circumstances. An Adequate level of liquidity is critical for the overall safety and soundness of a LFI. LFIs should engage honestly and prudently in the process of assessing liquidity risk, and not rely on regulatory minima. LFIs should elevate liquidity risk management to an enterprise-wide level and it should be included in the LFI’s business model and strategy.

Liquidity assessment will consider the LFI’s unique balance sheet composition, the current level and potential sources of funding, as well as the liquidity strategy and liquidity management practices. LFIs should hold an appropriate stock of high-quality, unencumbered assets that can be traded or exchanged, including in stressed circumstances. Senior Management and the Board/Board Committee should effectively oversee liquidity management.

Liquidity is rated as strong, acceptable, needs improvement, or weak. The direction of liquidity is assessed as improving, stable, or deteriorating. The direction is the expected change, based on the current evidence, in the assessment of liquidity for the next 12-month period. 

4.7. THE RISK MATRIX AND COMPOSITE RISK RATING (CRR)

The Risk Matrix is the key supervisory document. Licenced Financial Institution’s supervisory ratings are recorded in the risk matrix. The risk matrix facilitates the assessment of a LFI’s Composite Risk, recording all of the assessments described above: inherent risks, the quality of risk management, net risk evaluation for each significant activity, overall net risk as well as capital, earnings and liquidity. The ratings in the Risk Matrix are based on detailed information and analysis documented in working papers and summarised in the Risk Assessment Document (RAD).

The information in the Risk Matrix as well as the Risk Assessment Document should be updated through a continuous supervisory process to reflect the material changes in the LFI’s risk profile as they occur.

The following Chart illustrates the structure of Composite Risk Rating as well as the risk-based supervisory approach: 

Once the net risk in Significant Activities has been assessed, the importance of each activity is taken into account to arrive at the level and direction of Overall Net Risk (ONR) for the LFI as a whole. The adequacy of Earnings, Capital (given the LFI’s ONR), and Liquidity is assessed to arrive at the level and direction of the LFI’s Composite Risk.

Composite Risk is rated as:

  • Low: The LFI is strong, well-managed and very resilient to potential shocks without an impact on its risk profile. The performance of Oversight of Risk Management has been steadily effective, the LFI complies with laws and regulations, most key indicators are better than its peers/industry norms, and generate additional capital through earnings.
  • Moderate: The LFI is sound, generally well-managed and resilient to adverse changes in business and economic conditions without a material impact on its risk profile. The performance of Oversight of Risk Management has been satisfactory. The LFI complies with laws and regulations, key indicators are similar to its peers/industry norms and generate reasonable additional capital through earnings.
  • Above Average: The LFI is vulnerable to adverse business and economic conditions and has issues that indicate an early warning or that could lead to a risk to its financial viability and solvency. The performance of Oversight of Risk Management is unsatisfactory or deteriorating. The LFI partially complies with laws and regulations, some key indicators are marginally below its peers/industry norms and it is unable to generate additional capital within a short period. Although the LFI does not present an immediate threat to financial viability or solvency, it could deteriorate into serious problems if the corrective measures are not promptly undertaken.
  • High: The LFI has severe safety and stability concerns and is not resilient to most adverse business and economic conditions, which poses a serious threat to its financial viability and solvency, if the corrective measures are not promptly implemented. The performance of Oversight of Risk Management is poor. The LFI partially complies with laws and regulations, most key indicators are below its peers/industry norms and it is unable to generate additional capital within a short period of time.

The direction of Composite risk is the expected change in the LFI’s overall risk profile over the next 12 months and is characterised as decreasing, stable, or increasing.

The Composite Risk Rating is a significant factor in determining the supervisory response and supervisory plan for the LFI. The direction of risk will influence the supervisory strategy. A fundamental aspect of risk-based supervision is the relationship between the risk assessment/profile of a LFI and the supervisory action taken in response. The degree of supervisory intervention should be corresponding to the Composite Risk Rating. The Composite Risk Rating of a Licenced Financial Institution will be used in determining its stage of intervention. 

The table below shows the relationship between Composite Risk Rating and intervention rating.

INTERVENTION RATING COMPOSITE RISK RATING (CRR) 
LOWMODERATEABOVE AVERAGE HIGH
0-Normal     
1-Early warning     
2-Potencial risk to safety/stability     
3-High risk to safety/stability     
4-Severe safety and stability concerns     

5. THE SUPERVISORY PROCESS 

The ECCB uses a defined dynamic, effective process to guide its Licenced Financial Institution specific supervisory work on an ongoing basis. The supervisory process is comprised of six key steps as described in the table below. Each step uses written products to facilitate communication, reporting and coordination. 

STEPSPRODUCTS

1. Analysis

  • Knowledge of Business (Understanding the LFI)
  • Identification of Significant Activities
  • Assessing the LFI’s risks and developing a risk profile
  • Risk Matrix
  • Risk Assessment Document (RAD)

2. Planning

  • Planning and Scheduling Supervisory Activities
  • Supervisory Strategy
  • Supervisory Plan

3. Executing Supervisory Work 

  • Banking Supervision (conducting on-site reviews and on-going off-site monitoring)
  • Ongoing monitoring
  • Scope Document
  • Information Request
  • Entry letter
  • On-site reviews

4. Documentation

  • Preparing and filing information to support findings
  • Working Papers

5. Reporting and Intervention

  • Updating Risk Profile
  • Report of findings and recommendations to LFI
  • Updating Risk Assessment Document (RAD)
  • Supervisory letter
  • Intervention Report (Supervisory Stage rating)
6. Follow-up findings and recommendations
  • Follow-up document
  • Updated RAD

The supervisory steps are not sequential. Updating of the risk assessment is a continuous process; this might require reassessment at some stages of the supervisory process.  

The first step of the RBS process, “Analysis”, is a primary input into the risk assessment process. The supervisory groups are responsible for ongoing analysis and monitoring of LFIs as a part of their off-site function. Analysis comprises understanding the LFI; collecting information/data from the LFIs as well as relevant departments of the ECCB; identification of significant activities; assessing the LFI’s risks and developing a risk profile for the LFI. The analysis step is used to update the Risk Assessment Document (RAD) and Risk Matrix. The RAD is an executive summary of essential information about a LFI from a supervisory perspective. It clearly explains the current assessment of the overall risk profile of a LFI, the supervisory ratings and rationale for the assessments. The Risk Matrix, as an appendix, is an integral part of the RAD.

The second step of the RBS process, “Planning”, consists of developing or updating a supervisory strategy and developing an annual supervisory plan. The Supervisory Strategy document outlines the supervisory work planned for the next three years, but is primarily focused on the upcoming year. The Supervisory Strategy is the basis for the more detailed annual Supervisory Plan. A Supervisory Plan for each LFI will be prepared each year, which will identify the supervisory work necessary to keep the LFI’s risk profile current. The intensity of supervisory work will depend on the nature, size, complexity and risk profile of the LFI. The Risk Assessment Document will be used to determine priorities for the upcoming year and to allocate resources to the LFI accordingly.

The third step of the RBS process “Executing Supervisory Work” consists of preparing and executing on-site reviews. On-site reviews are a critical part of the supervisory process. A Scope Document identifies the key objectives of the on-site reviews in line with the Supervisory Plan. The ECCB may request information from a LFI in advance, when an on-site review is conducted. Information requested from a LFI is based on the specific requirements arising from the risk assessment process. The Entry Letter will be sent to the LFIs before the on-site review is conducted to inform the LFIs regarding the on-site supervision objective and the scope of the on-site review. These reviews and interactions with the LFI’s Oversight Functions are crucial to effective supervision, since supervisors will be able to understand the risk appetite as well as risk management of the LFI, and Senior Management of the LFI will deepen their understanding of the ECCB’s new risk-based supervisory framework. 

Under the RBS Framework, risk assessments should be updated on a regular basis through off-site and on-site activities. The continuous monitoring of LFI’s risk profile is a key element in the RBS process. Monitoring refers to the regular review of information on the LFI and its sector, as well as environment, to keep up with the changes that are occurring or planned in the LFI and externally, to identify emerging issues. The comprehensiveness of the monitoring process will vary depending on the risk profile and type of LFI being monitored. Changes and trends will be assessed to determine if there is any impact on the LFI’s composite risk rating and they should be embedded in the Risk assessment document

The fourth step of the RBS process is “Documentation”. All supervisory groups use the same documentation standards. Supervisory files include an updated copy of the RAD, together with related correspondence, and copies of working papers, which fully document an assessment of the activity, Oversight Functions, Capital, Earnings or Liquidity, identified for the on-site review. 

The fifth step of the RBS process is “Reporting and Intervention”. The Examination report/Supervisory letter is the primary written communication and the key document sent to the LFI. It summarises ECCB’s key findings and recommendations (and requirements, as necessary) based on the supervisory work that was conducted since the last report was issued. The Examination report/Supervisory letter will be issued after the completion of an on-site activity.

The sixth step of the RBS process is “Follow-up findings and recommendations”. The findings and recommendations reported to the LFIs are followed-up using the follow-up document, on a timely basis and the results are included in the Risk Assessment Document updates. Once the Examination report/Supervisory letter is issued, supervisors need to ensure that satisfactory response is received from the LFI on a timely basis, including actions planned to address prudential issues reported. Timely follow-up is a critical component of continuous supervision. LFIs will be afforded reasonable, but firm, deadlines for corrective action and will be expected to provide regular reports on progress achieved. Any unsatisfactory responses or disagreements will require further action by the ECCB. It may require further meetings with Senior Management and the Board, as well as intervention actions depending on the severity of the issues/concerns.

APPENDIX A – RISK MATRIX
APPENDIX B– ACRYNOMS
  • ALM: Asset and Liability Management
  • BCBS: Basel Committee on Banking Supervision
  • BIS: Bank for International Settlements
  • FSSD: Financial Sector Supervision Department
  • CAMLO: Chief Anti-Money Laundering Officer
  • CRO: Chief Risk Officer
  • CRR: Composite Risk Rating
  • CCO: Chief Compliance Officer
  • ECCB: Eastern Caribbean Central Bank
  • LFI: Licenced Financial Institution
  • ICAAP: Internal Capital Adequacy Assessment Process
  • IMF: International Monetary Fund
  • IT: Information Technology
  • OECD: Organisation for Economic Cooperation and Development
  • ONR: Overall Net Risk
  • QRM: Quality of Risk Management
  • RAD: Risk Assessment Document
  • RBS: Risk-based Supervision
  • RM: Relationship Manager
  • RWA: Risk-weighted assets
This website uses cookies to improve your experience. For more information view our privacy policy here. Cookie Settings

Accept
ECCB Celebrates 40th Anniversary