Monday April 1 2013 Top 10 Risk Management News
Upcoming SlideShare
Loading in...5
×
 

Monday April 1 2013 Top 10 Risk Management News

on

  • 1,159 views

Monday April 1 2013 Top 10 Risk Management News

Monday April 1 2013 Top 10 Risk Management News

Statistics

Views

Total Views
1,159
Views on SlideShare
1,159
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Monday April 1 2013 Top 10 Risk Management News Monday April 1 2013 Top 10 Risk Management News Document Transcript

  • Page |1 International Association of Risk and Compliance Professionals (IARCP) 1200 G Street NW Suite 800 Washington, DC 20005-6705 USA Tel: 202-449-9750 www.risk-compliance-association.com Top 10 risk and compliance management related news stories and world events that (for better or for worse) shaped the weeks agenda, and what is nextDear Member,Today I will start with the job description thatmade my day: Basel II/III and Solvency II riskspecialist, Mandarin Speaking!!!Basel III Risk Specialist - Mandarin SpeakingLeading Global Investment Bank, LondonA Leading Global Investment Bank is Expandingthe Regulatory Risk Function with the hire of aBasel III Risk Specialist for their London Group.- Basel III Regulatory Risk Specialist- Leading Global Investment Bank- Mandarin Speaking- London, UK- 50,000 + Excellent Bonus BenefitsAs a key member of the risk group you will becommunicating extensively with seniormanagement on a global scale includingdirect contact with senior management inHong Kong and Shanghai and will thereforerequire Mandarin speaking skills at business A Pillar 3 Disclosure??level proficiency. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |2An expert in regulatory frameworks, you will have practicalunderstanding of Basel II/III and knowledge of Solvency II ICAAP isalso highly preferred.This is a mid-level position within the group and will require a minimumof 3 years industry experience within the London and/or InternationalFinancial Markets.It is never too late to learn Mandarin. Is looks easy!Amazing job description…Just one slight problem with this job description: You cannot haveknowledge of Solvency II ICAAP … simply because there is nothing likea Solvency II ICAAP… perhaps they mean Solvency II ORSA (Own Riskand Solvency Assessment, the Pillar 2 document).It reminds me another job description, where they required 5+ years ofBasel III experience. Provided that Basel III was endorsed at the end of2010, they could hire someone after 2015…Another development:Auditors… it is your turn to suffer the consequences of the crisis…According to the BIS, The recent financial crisis not only revealedweaknesses in risk management, control and governance processes at _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |3banks, but also highlighted the need to improve the quality of externalaudits of banks.Given the central role banks play in contributing to financial stability, andtherefore the need for market confidence in the quality of external auditsof banks financial statements, the Basel Committee is issuing forconsultation this guidance on external audits of banks.This document describes, through sixteen principles and explanatoryguidance, supervisory expectations regarding audit quality and how thatrelates to the external auditors work in a bank.Read more at Number 1 below.Welcome to the Top 10 list. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |4External audits of banksGiven the central role banks play in contributing tofinancial stability, and therefore the need for marketconfidence in the quality of external audits of banksfinancial statements, the Basel Committee is issuingfor consultation this guidance on external audits ofbanks. This document describes, through sixteen principles and explanatoryguidance, supervisory expectations regarding audit quality and how thatrelates to the external auditors work in a bank.Meeting of the G20 Finance Ministersand Central Bank GovernorsUpdate by the IASB and FASBConvergence projectsThis report is a high-level update on the status and timeline of theremaining convergence projects.To G20 Ministers and Central BankGovernorsProgress of Financial Regulatory Reforms _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |5EIOPAThe new Risk DashboardFocusing on Low- and Moderate-IncomeWorking AmericansGovernor Sarah Bloom RaskinBoard of Governors of the Federal Reserve SystemAt the National Community Reinvestment CoalitionAnnual Conference, Washington, D.C.Islamic capital and money marketsWelcoming remarks by Mr Peter Pang, Deputy ChiefExecutive, Hong Kong Monetary Authority, at theworkshop on “Islamic capital and money markets”, Hong KongInterview with Gabriel Bernardino, Chairman ofEIOPA, conductedby Nataša Gajski Kovačić, Svijet osiguranja (Croatia) _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |6Reviewing filings for smaller publiccompaniesThese slides were presented at the Forums onAuditing in the Small Business Environment hostedby the PCAOB during 2012.The Global Financial Sector—Transformingthe LandscapeBy Christine Lagarde, Managing Director,International Monetary Fund, Frankfurt FinanceSummitManaging structural risks in the Swedishbanking sectorSpeech by Mr Stefan Ingves, Governor of the SverigesRiksbank and Chairman of the BaselCommittee on Banking Supervision, at Affärsvärlden’s“Bank & Finans Outlook”, Stockholm _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |7External audits of banksThe recent financial crisis not only revealedweaknesses in risk management, controland governance processes at banks, butalso highlighted the need to improve thequality of external audits of banks.Given the central role banks play incontributing to financial stability, andtherefore the need for market confidence inthe quality of external audits of banksfinancial statements, the Basel Committeeis issuing for consultation this guidance onexternal audits of banks. This document describes, through sixteen principles and explanatoryguidance, supervisory expectations regarding audit quality and how thatrelates to the external auditors work in a bank.Implementation of the principles and the explanatory guidance isexpected to improve the quality of bank audits and enhance theeffectiveness of prudential supervision which is an important element offinancial stability.This document sets out supervisory expectations of how: - external auditors can discharge their responsibilities more effectively; - audit committees can contribute to audit quality in their oversight of the external audit; - an effective relationship between the external auditor and the supervisor, which allows greater mutual understanding about the respective roles and responsibilities of supervisors and external _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |8 auditors, can lead to regular communication of mutually useful information; and - regular and effective dialogue between the banking supervisory authorities and relevant audit oversight bodies can enhance the quality of bank audits.This document enhances and supersedes the Committees guidance Therelationship between banking supervisors and banks external auditors(2002) and External audit quality and banking supervision (2008).In addition to the proposed guidance, the Committee is publishing aletter to the International Auditing and Assurance Standards Board(IAASB) on areas where it believes International Standards on Auditingcould be enhanced.Serving as an observer on the Basel Committee group that developed therevised guidance, the IAASB provided helpful and meaningful input tothis effort.Comments on the proposals should be submitted by Friday 21 June 2013by e-mail to: baselcommittee@bis.org.Alternatively, comments may be sent by post to: Secretariat of the BaselCommittee on Banking Supervision, Bank for International Settlements,CH-4002 Basel, Switzerland.All comments may be published on the website of the Bank forInternational Settlements unless a comment contributor specificallyrequests confidential treatment. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • Page |9External audits of banks1. Executive summary1. The recent financial crisis not only revealed weaknesses in riskmanagement, control and governance processes at banks, but alsohighlighted the need to improve the quality of external audits of banks.Given the central role banks play in contributing to financial stability, andtherefore the need for market confidence in the quality of external auditsof banks’ financial statements, the Basel Committee on BankingSupervision (the Committee) is issuing this document on external auditsof banks.It forms part of the Committee’s commitment to help improve auditquality at banks.This document enhances and replaces The relationship between bankingsupervisors and banks’ external auditors (January 2002) and Externalaudit quality and banking supervision (December 2008).2. Implementation of the 16 principles and observation of the explanatoryguidance in this document are expected to improve the quality of bankaudits and enhance the effectiveness of prudential supervision, which willthen contribute to financial stability.Through these principles and explanatory guidance, the documentdescribes supervisory expectations regarding audit quality and how thatrelates to the external auditor’s work in a bank.This document specifically sets out supervisory expectations of how:(a) external auditors can discharge their responsibilities more effectively;(b) audit committees can contribute to audit quality in their oversight ofthe external audit;(c) an effective relationship between the external auditor and thesupervisor, which allows greater mutual understanding about the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 10respective roles and responsibilities of supervisors and external auditors,can lead to regular communication of mutually useful information; and(d) regular and effective dialogue between the banking supervisoryauthorities and the relevant audit oversight bodies can enhance thequality of bank audits.3. The document also notes the Committee’s continued commitment towork through international bodies to enhance audit quality.2. Introduction, application, structure and the Committee’sinternational engagementIntroduction4. The banking sector is unique among sectors of the economy because itplays a central role in contributing to the financial stability of and theprovision of financial resources to the economy.This sector includes major global banks that are systemically importantbanks (SIBs), the failure of one or more of which could trigger a globalfinancial crisis.In addition, banks have a unique operating model.5. Supervisors are primarily concerned with maintaining the stability ofthe banking system and fostering the safety and soundness of individualbanks in order to maintain market confidence and protect the interests ofdepositors.Consequently, to enhance the effectiveness of supervision, supervisorshave a keen interest in the quality with which external auditors performbank audits.Building effective relationships with external auditors can also enhancebanking supervision. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 116. An external auditor plans and performs the audit of a bank’s financialstatements to obtain reasonable assurance about whether the financialstatements as a whole are free from material misstatements, whether dueto fraud or error, and are prepared, in all material respects, in accordancewith an applicable financial reporting framework.In many ways, the supervisor and the external auditor havecomplementary concerns regarding the same matters.For example, the audit of financial statements may help identifyweaknesses in internal controls relating to financial reporting at a bankwhich may, therefore, inform supervisory efforts in this area andcontribute to a safe and sound banking system.7. Although the focus of this document is on the quality of the auditperformed by the external auditor, an audit in accordance withinternationally accepted auditing standards is conducted on the premisethat the management and, where appropriate, those charged withgovernance have acknowledged certain responsibilities that arefundamental to the conduct of the audit.The audit of the financial statements does not relieve management orthose charged with governance of their responsibilities.8. The Basel Committee on Banking Supervision’s Core Principles forEffective Banking Supervision (September 2012, Core Principles) providea framework of minimum standards for sound supervisory practices andare considered universally applicable.Core Principle 27 focuses on prudential regulations and requirements forbanks in relation to financial reporting and external audits.This guidance set out in this document is consistent with Core Principle27.9. The application and the structure of each section in this document aredescribed below, followed by an outline of the key international _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 12relationships between the Committee and other groups relevant toexternal auditing.Application10. This document applies to the following entities subject to a statutoryaudit: - all banks, including those within a banking group; - holding companies whose subsidiaries are predominantly banks; and - holding companies subject to prudential supervision whose subsidiaries are predominantly banks.All of these structures are referred to as banks or banking organisations inthis document.11. The implementation of the principles set forth in this documentshould be proportionate to the size, complexity, structure, economicsignificance and risk profile of the bank and the group (if any) to which itbelongs.The Committee recognises that some countries have found it appropriateto adopt legal frameworks and standards (eg for listed firms), as well asaccounting and auditing standards, which may be more extensive andprescriptive than the principles and explanatory guidance set forth herein.Such frameworks and standards tend to be particularly relevant for largeror publicly traded banks or financial institutions.12. This document has been prepared with the full awareness thatsignificant differences exist in national institutional, legislative andregulatory frameworks amongst jurisdictions, including accounting andauditing standards, supervisory techniques and institutional corporategovernance structures.Supervisors should clearly communicate the recommendations containedherein to the banks they supervise and their respective external auditors, _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 13and articulate the measures banks and external auditors should undertaketo meet these best practices, where possible.13. The principles set out in this document should be applied inaccordance with the national legislation and corporate governancestructures applicable in each country.14. The following terms are used in this document, with the meaningsspecified: - Financial statement audit – An audit of a bank’s financial statements by an external auditor in accordance with internationally accepted auditing standards. - Statutory audit – An audit carried out to comply with the requirements of particular legislation or regulations. In some jurisdictions, this may include only the financial statement audit. In other jurisdictions, this may also include extended reporting by external auditors on matters such as internal controls and regulatory returns. - External auditor – The audit firm and the individual audit engagement team members. Where relevant, specific references are made to the audit firm or the individual audit engagement team members in certain paragraphs. - Banking supervisory authority – The body responsible for promoting the safety and soundness of banks and the banking system in a particular jurisdiction, including the persons who are involved with supervisory policy setting and policy issues, including policies regarding accounting and auditing. - Supervisor – The group of supervisory personnel at a banking supervisory authority who are directly involved with the supervision/examination of a specific institution. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 14- Board and senior management – The governance structure at a bank composed of a board and senior management. The Committee recognises that there are significant differences in the legislative and regulatory frameworks across countries regarding these functions. Some countries use a two-tier structure, where the supervisory function of the board is performed by a separate entity known as a supervisory board, which has no executive functions. Other countries, by contrast, use a one-tier structure in which the board has a broader role. Still other countries have moved or are moving to an approach that discourages or prohibits executives from serving on the board or limits their number and/or requires the board and board committees to be chaired only by non-executive board members. Given these differences, this document does not advocate a specific board structure. The terms “board” and “senior management” are only used as a way to refer to the oversight function and the management function in general and should be interpreted throughout the document in accordance with the applicable law within each jurisdiction.- Audit committee – A specialised committee established by the board, the mandate, scope and working procedures for which are set out in a charter or other instrument. As stated in the BCBS paper on Principles for enhancing corporate governance (October 2010), to increase efficiency and allow deeper focus in specific areas, boards in many jurisdictions establish certain specialised board committees – the audit committee being one of them. The paper further recommends that, for large and internationally active banks, an audit committee or equivalent should be required. It also outlines the overall responsibilities of the audit committee. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 15 - Those charged with governance – The person(s) or organisation(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity as defined by internationally accepted auditing standards. Such person(s) or organisation(s) is (are) typically the board of directors. Where the board of directors establishes an audit committee in a bank to assist it in meeting its responsibilities by charging the audit committee with specific tasks and responsibilities, in such circumstances the audit committee can be viewed as taking on the role of those charged with governance in relation to those specific tasks and responsibilities.StructureThe external auditor and audit quality15. Audit quality includes delivering an appropriate, independentprofessional opinion on the financial statements, in compliance withinternationally accepted auditing standards.Internationally accepted auditing standards require the external auditorto possess and demonstrate certain attributes while applying a rigorousaudit process.16. Given that internationally accepted auditing standards are applicableto all entities, Section 4 of this document builds upon these standards andlays out the supervisory expectations of the external auditor regarding theaudit of a bank.Moreover, Section 4 highlights the key areas where significant risks ofmaterial misstatement in banks’ financial statements often arise, whichtherefore require the auditor’s particular attention for a quality audit. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 16Engagement between the external auditor and the auditcommittee17. Regular and effective engagement and communication between theexternal auditor and the audit committee contribute to audit quality.18. Amongst its other responsibilities, the audit committee is responsiblefor overseeing the bank’s external auditor.A soundly constituted audit committee can play a key role in contributingto audit quality.Section 5 discusses the audit committee’s responsibilities in relation tothe oversight of, and its relationship with, the external auditor.Engagement between the supervisor and the external auditor19. Effective communication between the supervisor and the externalauditor enhances the effectiveness of supervision of the banking sector.This relationship will then also contribute to audit quality.20. The supervisor and the external auditor have a mutual interest inbuilding and maintaining an effective relationship, which fosters regularcommunication of useful information.Section 6 provides principles and explanatory guidance for facilitating aneffective relationship between the supervisor and the external auditor atthe levels of the supervised bank, the audit firm and the accountingprofession as a whole.Engagement between the banking supervisory authority and theaudit oversight body21. The banking supervisory authority and the relevant audit oversightbody share a strong mutual interest in ensuring quality independentaudits. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 17Regular and effective dialogue between the banking supervisory authorityand the audit oversight body at a national level can assist in identifyingand dealing with key issues in relation to the conduct of bank audits.Section 7 sets out the principles for facilitating effective communicationbetween these bodies.22. Supervisors are in a unique position to identify audit quality issues atboth the industry and individual audit level.Regular and effective engagement between the supervisor and therelevant audit oversight body may enable the supervisor to provide timelyfeedback on such issues.Additionally, the supervisor may, if necessary, take action to addressissues raised by the audit oversight body.The Committee’s international engagement on externalauditing23. Approaches for dealing with supervisory concerns about the quality ofthe audit of an individual bank may differ across jurisdictions, but allapproaches should be designed to contribute to enhancing audit quality.In its effort to promote audit quality, the Committee engages in regulardialogue and discussion with the relevant international stakeholders onexternal audit matters.These stakeholders include, but are not limited to, the following: - the Financial Stability Board (FSB), whose objectives include the enhancement of the effectiveness of banking supervision; - the Monitoring Group, which is responsible for advancing the public interest in areas related to international audit quality; - the Public Interest Oversight Board (PIOB), which is responsible for improving the quality and public interest focus of the international standards formulated by standard-setting boards operating under the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 18 auspices of the International Federation of Accountants (IFAC) in the areas of audit and assurance, education and ethics, including oversight of the public interest activities of three of the IFAC’s independent standard-setting boards and their respective consultative advisory groups; - the consultative advisory groups of the International Auditing and Assurance Standards Board (IAASB) and the International Ethics Standards Board for Accountants (IESBA), which are responsible for developing international auditing and ethics standards respectively; - the International Forum of Independent Audit Regulators (IFIAR), which is responsible for improving audit quality globally, including through independent inspections of auditors and/or audit firms; and - the Global Public Policy Committee (GPPC), which is comprised of representatives from the six largest international accounting networks and focuses on public policy issues for the accounting profession.24. The objective of this dialogue is to enable the Committee and therelevant international stakeholders to identify and discuss relevant issuesand topics on a timely basis so that supervisors, external auditors andaudit oversight bodies can take appropriate action.As such, these discussions should address not only current issues andtopics, but also emerging areas and trends that raise concern.3. Overview of the principles - Principle 1: The external auditor of a bank should have banking industry knowledge and competence sufficient to respond appropriately to the risks of material misstatement in the bank’s financial statements and to properly meet any additional regulatory requirements that may be part of the statutory audit. - Principle 2: The external auditor of a bank should be objective and independent in fact and appearance with respect to the bank, _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 19 consistent with the more stringent requirements applicable to public interest entities in internationally accepted ethical standards.- Principle 3: The external auditor should exercise professional scepticism when planning and performing the audit of a bank, having due regard to the specific challenges in auditing a bank.- Principle 4: Audit firms undertaking bank audits should comply with the more stringent requirements on quality control applicable to listed entities in internationally accepted quality control standards, having due regard to the complexity of a bank audit.- Principle 5: The external auditor of a bank should identify and assess the risks of material misstatement in the bank’s financial statements, taking into consideration the complexities of banking activities and the need for banks to have a strong control environment.- Principle 6: The external auditor of a bank should respond appropriately to the significant risks of material misstatement in the bank’s financial statements.- Principle 7: The audit committee should have a robust process for approving, or recommending for approval, the appointment, reappointment, removal and remuneration of the external auditor.- Principle 8: The audit committee should monitor and assess the independence of the external auditor.- Principle 9: The audit committee should monitor and assess the effectiveness of the external audit.- Principle 10: The audit committee should have effective communication with the external auditor to enable the audit committee to carry out its oversight responsibilities and to enhance the quality of the audit. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 20 - Principle 11: The audit committee should require the external auditor to report to it on all relevant matters to enable the audit committee to carry out its oversight responsibilities. - Principle 12: The supervisor and the external auditor should have an effective relationship that includes appropriate communication channels for the exchange of information relevant to carrying out their respective statutory responsibilities. - Principle 13: The external auditor should report to the supervisor matters that are likely to be of material significance to the functions of the supervisor. - Principle 14: There should be open, timely and regular communication between the banking supervisory authority, the audit firm and the accounting profession as a whole on key risks and systemic issues as well as a continuous exchange of views on appropriate accounting techniques and auditing issues. - Principle 15: There should be regular and effective dialogue between the banking supervisory authority and the relevant audit oversight body. - Principle 16: The banking supervisory authority and the audit oversight body should observe appropriate confidentiality requirements when sharing information.4. Supervisory expectations relevant to the external auditor andthe external audit of financial statements25. External audits of financial statements performed in accordance withinternationally accepted auditing standards enhance the confidence of allusers, including supervisors, in the reliability of the audited financialstatements and the quality of the information provided.26. Audits of banks should be performed in accordance withinternationally accepted auditing standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 21As these standards are not industry-specific, for a quality auditsupervisors expect external auditors not only to comply withinternationally accepted auditing standards but also to tailor their auditwork in response to the significant risks and issues applicable to banks.27. External auditors are required to comply with applicable jurisdictionaland, where relevant, internationally accepted ethical standards.However, given the complexity and systemic risks associated with banks,the external auditor of a bank should follow the most stringent rules forindependence under these standards.Similarly, the external auditor of a bank should also follow the moststringent standards on quality control at the engagement level.28. Part A of this section describes the supervisor’s expectations as a userof the bank’s financial statements, specifically with respect to the externalauditor’s knowledge, competence, objectivity, independence,professional scepticism and quality control over the bank’s audit.Part B identifies areas where supervisors believe there is often asignificant risk of material misstatement in a bank’s financial statementsand factors to which the supervisor expects the external auditor to payattention when auditing those areas.29. While the primary focus in this section is on the financial statementaudit, particularly in Principles 5 and 6, the external auditor may identifymatters in the course of the audit that are of interest to the supervisor andtherefore should be considered for communication to the supervisor.Examples of such matters have been included in Section 6.30. In some jurisdictions, as part of the statutory audit, the externalauditor may also undertake additional work to provide assurance oninternal controls or other aspects of a bank’s operations.The principles set out in this section provide a relevant reference for theperformance of such additional work. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 2231. The principles and explanatory guidance set out in this sectionprovide a framework for the supervisor’s interactions with the externalauditor, the audit committee and the relevant audit oversight body.The outcome of these interactions will inform the supervisor’s views as tothe quality of the external audit and contribute to the supervisory process.These principles and explanatory guidance also provide a framework toassist the audit committee in selecting the external auditor and inassessing the external auditor’s knowledge, competence, objectivity andindependence as well as the effectiveness of the audit process.A. The supervisor’s expectations of the external auditor of abankKnowledge and competencePrinciple 1: The external auditor of a bank should have banking industryknowledge and competence sufficient to respond appropriately to therisks of material misstatement in the bank’s financial statements and toproperly meet any additional regulatory requirements that may be part ofthe statutory audit.32. Given the complexity and diversity of banking activities, and the legaland regulatory framework in which banks operate, the external auditor ofa bank should have specialised knowledge and competence in auditingbanks and should use experts as appropriate.Knowledge33. The resources required to perform the audit should be such that theaudit engagement team, as a whole, has: - proficient knowledge and understanding of, and practical experience with, the banking sector, associated banking industry and bank - specific risks, and the operations and activities of banks and bank audits. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 23 The audit engagement team may acquire this proficiency through specific training, participation in bank audits or work in the banking sector; - proficient knowledge of applicable accounting, assurance and ethical standards, industry practice and relevant guidance such as International Auditing Practice Note (IAPN) 1000; - proficient knowledge of relevant regulatory requirements in the areas of capital and liquidity, and a general understanding of the legal and regulatory framework applicable to banks; and - proficient knowledge and understanding of IT relevant to bank audits.34. In addition, the external auditor should consider whether the auditengagement team should include specialists with a high degree oftechnical accounting knowledge relevant to banking, particularly giventhe complexity of the requirements of the applicable financial reportingframework pertaining to accounting estimates, including loan lossprovisions, fair value measurements, and any areas known to be subject todiffering interpretation or inconsistent or developing practices.Competence35. Audit firms should have documented policies and procedures that setminimum competency criteria for members of a bank’s audit engagementteam.36. Supervisors may have the ability to influence the competencyrequirements for external auditors.Where regulations and standards in particular jurisdictions do not includespecific competency requirements for banks’ external auditors, thesupervisor may encourage professional and regulatory bodies tointroduce requirements regarding training in, and experience with, bankauditing and accounting so that the audit engagement teams for bankaudits are comprised of sufficiently competent staff. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 2437. Competence is particularly important in underpinning an externalauditor’s ability to exercise professional judgment and carry out keyaspects of the audit, such as identifying and assessing the risks ofmaterial misstatement and designing and implementing appropriateresponses to those risks.Use of experts38. In some instances, such as the auditing of certain complex accountingestimates, more specialised knowledge may be required to support theaudit engagement team, eg additional expertise beyond that possessed bythe audit engagement team’s members in a field other than accounting orauditing.Examples of such areas are valuation of complex financial instruments,commercial property valuations and evaluation of highly complex ITenvironments, particularly in areas subject to significant risks of materialmisstatement.39. Internationally accepted auditing standards set out requirements forthe nature, timing and extent of audit procedures which the externalauditor should perform to assess the competence, capabilities andobjectivity of the experts the external auditor may use.These are important factors in considering the reliability of theinformation or results produced by the expert.Objectivity and independencePrinciple 2: The external auditor of a bank should be objective andindependent in fact and appearance with respect to the bank, consistentwith the more stringent requirements applicable to public interest entitiesin internationally accepted ethical standardsObjectivity _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 2540. Objectivity is a fundamental ethical principle and a key element ofaudit quality. It requires that the external auditor’s judgment is notaffected by conflicts of interest.As objectivity is a state of mind that in most cases cannot be directlyobserved by users of financial statements, it is important for the externalauditor to be independent in both fact and appearance.Independence41. Independence is freedom from situations and relationships in which areasonably informed third party would conclude that an external auditor’sobjectivity is impaired.Jurisdictional and internationally accepted auditing standards andinternationally accepted ethical standards lay out frameworks for externalauditors to identify and respond to threats to independence.42. The external auditor of a bank must comply with the applicablejurisdictional and internationally accepted ethical standards.Furthermore, the Committee believes that the external auditor of a bankshould comply with the more stringent independence standards forpublic interest entities.To the extent that any of the rules within any one of these standards onethics is more restrictive than the corresponding rule in the otherstandards on ethics, the external auditor must comply with the morerestrictive rule.43. Independence should be observed not only in the context of the bankthat is being audited but also with respect to the bank’s related entities.44. External auditors of a bank should comply with applicablejurisdictional requirements on the rotation of members of the auditengagement team. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 2645. The audit engagement team members, the audit firm and, whenapplicable, network audit firms should comply with the independencerequirements of both the home jurisdiction and the overseas regulatoryauthority (in the case where the bank is ultimately regulated by anoverseas authority).46. When assessing whether any relationship or circumstance poses athreat to an external auditor’s independence, the external auditor shouldevaluate not just the specific rules on independence, but also thesubstance of the threat to independence, and how a reasonably informedthird party would perceive the threat and its effect on the externalauditor’s objectivity.The provision of significant non-audit services by the audit firm and,when applicable, network audit firms to the bank being audited mayparticularly affect a third party’s perception of the external auditor’sindependence. Such situations should be carefully evaluated for threats to the externalauditor’s objectivity and perceived independence.47. The supervisor expects the external auditor to consider activelypotential threats to the auditor’s independence, specifically the threat ofself-review, when discussing accounting matters with the management.For example, complex transactions may be structured to achieve aparticular accounting treatment and/or regulatory outcome.When an external auditor discusses with or provides advice tomanagement on such matters, the external auditor must exercise care soas not to take on a management role or responsibility.Professional scepticismPrinciple 3: The external auditor should exercise professional scepticismwhen planning and performing the audit of a bank, having due regard tothe specific challenges in auditing a bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 2748. Professional scepticism is defined as “an attitude that includes aquestioning mind, being alert to conditions which may indicate possiblemisstatement due to error or fraud, and a critical assessment ofevidence”.Professional scepticism should manifest itself not only through theauditor obtaining corroborating evidence for management’s assertions,but also challenging management’s assertions, actively consideringwhether there are alternative accounting treatments that are preferable tothose selected by management, and documenting the approach, theevidence obtained, the rationale applied and the conclusions reached.Throughout the audit, the auditor should “adopt a questioning approachwhen considering information and forming conclusions”.49. Exercising appropriate professional scepticism is critically importantin audits of banks because of the number and significance of accountingestimates and the potential for limited objective evidence supportingthose estimates.Professional scepticism is particularly important when auditing areasthat:(a) involve significant management estimates and judgments becausethese are more prone to management bias;(b) involve significant non-recurring or unusual transactions; or(c) are more susceptible to fraud and errors being perpetuated due toweak internal controls.50. Specific areas where professional scepticism should be exercised bythe external auditor of a bank include impairment calculations, fair valuemeasurements and going concern assessments, including assessments ofsolvency and liquidity.Other examples may include complex transactions structured to achieve aparticular accounting treatment and/or regulatory outcome by the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 28management where the audit engagement partner has or ought to havereasonable doubt that the proposed accounting treatment and/orregulatory outcome is consistent with the relevant financial reportingframework or regulatory requirements.In this context, the external auditor should actively challengemanagement’s assumptions and judgments and form independent views.This includes challenging evidence obtained from management thatcorroborates management’s view.51. Where a bank consistently utilises valuations that are at the high orlow end of a range of acceptable valuations or when there are otherindications of possible management bias, the external auditor shouldconsider this in the overall risk assessment of the bank and should informthose charged with governance, where appropriate.52. The evidence of the extent of professional scepticism exercised shouldbe demonstrable and understandable through audit documentation thatdescribes how, why and what conclusions were reached by the externalauditor.In this regard, internationally accepted auditing standards establishminimum requirements for audit documentation.Quality controlPrinciple 4: Audit firms undertaking bank audits should comply with themore stringent requirements on quality control applicable to listedentities in internationally accepted quality control standards, having dueregard to the complexity of a bank audit.53. Audit firms must comply with the applicable jurisdictional andinternationally accepted standards on quality control.Furthermore, the Committee believes that the external auditor of a bankshould comply with the more stringent requirements on quality control _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 29applicable to listed entities in internationally accepted quality controlstandards.To the extent that any of the rules within any one of these quality controlstandards is more restrictive than a corresponding rule in the other qualitycontrol standards, the external auditor must comply with the morerestrictive rule.54. The audit of a bank should be subject to an engagement qualitycontrol review (EQCR) performed internally by the audit firm prior to theissuance of the audit opinion.The engagement quality control reviewer should have the appropriateknowledge and competence to review bank audits.The reviewer should exercise professional scepticism in assessing thequality of audit evidence and whether the auditor’s judgments areappropriate.55. EQCR should be part of a broader firm-level internal system of qualitycontrol that emphasises quality and consultation and creates a culture ofcompliance with auditing and ethical standards.56. Where a network of audit firms is involved in the audit of a bank, theindividual audit firms within the network should apply quality controlprocesses that comply with this document.In such cases, the lead audit engagement partner should be responsiblefor the performance of a quality audit by all the teams reporting to it.In doing so, the lead partner may place reliance on the processes bywhich quality control is exercised within the network firms that report toit.For example, the lead audit engagement partner of a group audit may relyon the firm’s processes for(a) ensuring that each audit engagement team member _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 30(i) acquires the appropriate skills, knowledge and experience to performbank audits and(ii) complies with independence rules, and(b) monitoring adherence to the audit firm’s policies and procedures onquality control.57. The involvement of the engagement quality control reviewerthroughout the audit, and the outcome of the quality control review,should be evident in the audit working papers.Any significant discussions between the engagement quality controlreviewer and the audit engagement team, particularly in areas whereviews may have differed and as to how conclusions were reached, shouldbe fully documented in the audit working papers.Thus in jurisdictions where the supervisor has access to the externalauditor’s working papers, the quality control review would also be at thesupervisor’s disposal.B. Supervisory expectations of the audit of a bank’s financialstatementsIdentifying and assessing significant risks of materialmisstatement specific to a bank’s financial statementsPrinciple 5: The external auditor of a bank should identify and assess therisks of material misstatement in the bank’s financial statements, takinginto consideration the complexities of banking activities and the need forbanks to have a strong control environment.Identifying potential risks58. Banks are exposed to a variety of risks that can potentially affect theresults of their operations or financial condition. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 31These include, but are not limited to, credit risk, market risk, liquidityrisk, operational risk and regulatory risk.New risks may emerge or the significance of each risk may change overtime as a result of various factors that may be driven by changedcircumstances or developments both internal and external to the bank.59. In designing and performing the audit of a bank, the external auditorshould assess the inherent and control risk to determine the risk ofmaterial misstatements at the financial statement and assertion levels.By doing so, the external auditor gains an understanding of internalcontrols that are relevant to the audit, and particularly of the controlenvironment designed by the bank.60. To respond to the assessed risk of material misstatement, an externalauditor follows an audit strategy that includes both substantiveprocedures and control testing.Given the nature of bank activities, including those involving a highvolume of transactions, banks implement controls designed to addressrisks posed to the organisation.As a result, the external auditor of a bank should perform extensive testsof controls over financial reporting to assess whether, and to what extent,the auditor can rely on them.Materiality61. An understanding of the concept of materiality and determination ofmateriality thresholds is needed in order to establish the audit strategy,and identify and assess whether a risk of material misstatement exists inthe financial statements.62. The determination of what is material to the financial statements as awhole is a matter for the external auditor’s professional judgment aboutmisstatements that could reasonably be expected to influence economicdecisions of users taken on the basis of the financial statements. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 3263. The external auditor should exercise caution when evaluatingidentified misstatements.These misstatements could be an indicator of wider issues within thebank which could potentially lead to material misstatements in thefinancial statements as a whole.Therefore, individual misstatements should not be dismissed solelybecause they are below the level of materiality set for planning purposes.64. For individual account balances, specific classes of transactions ordisclosures, internationally accepted auditing standards require theexternal auditor to determine a lower level of materiality for thoseparticular account balances, classes of transactions or disclosures, if theexternal auditor believes that “misstatements of lesser amounts thanmateriality for the financial statements as a whole could reasonably beexpected to influence the economic decisions of users taken on the basisof the financial statements”.This is particularly relevant for audits of banks because certain financialstatement items are used in the calculation of key metrics used by a widerange of users of the financial statements.For example, regulatory ratios such as the leverage ratio, liquidity ratioand capital adequacy ratio are calculated based on account balances inthe financial statements or are derived from the financial statements.Assessing the risks of material misstatementInternal control and its components65. According to internationally accepted auditing standards, internalcontrol components are the control environment, risk assessmentprocess, information and communication systems and processes, controlactivities and monitoring of controls. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 3366. As stated in the BCBS Principles for enhancing corporate governance,a robust internal control environment is critical to the strength of a bank’sgovernance system and its ability to manage risk.Consequently, when obtaining an understanding of the bank’s internalcontrol environment, the external auditor should, amongst otherconsiderations: - assess the “tone at the top”, ie whether management, with the involvement of those charged with governance, is promoting a robust control environment; - determine whether the control environment extends to all types of operations and service offerings and encompasses all subsidiaries and branches of the banking group; - understand the bank’s approach to outsourcing/offshoring of business activities and functions and assess how internal control over these activities is maintained; and - obtain an adequate understanding of the organisation of key control functions within the bank and its subsidiaries. At a minimum, key control functions include the internal audit, risk management, compliance and other monitoring functions.67. Compensation arrangements at a bank may be a good indicator of theculture within the organisation because they can influence the behaviourof the bank’s personnel and the quality of corporate governance.The external auditor should pay particular attention to the risks ofmaterial misstatement in the financial statements due to fraud,particularly where banks employ compensation arrangements that mayencourage excessive risk-taking or other inappropriate behaviouramongst their personnel. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 34Control activities68. Internationally accepted auditing standards require the externalauditor to obtain an understanding of control activities relevant to theaudit which, in the auditor’s judgment, are necessary to assess the risks ofmaterial misstatement and to establish the audit strategy.The assessment of the control activities over financial reporting is criticalfor the design of further audit procedures responsive to assessed risks.When identifying and assessing risks of material misstatement andassessing controls, the external auditor should take account of thefollowing factors: - the knowledge and competence of those in charge of financial reporting and of other control functions having an impact on financial reporting; - the nature of hedging strategies employed by the bank which, if complex, improperly structured or inadequately monitored, can have accounting and solvency implications; - the use of complex financial instruments involving significant estimates of fair value; - the provision of custodial services to retail and/or institutional clients and the procedures in place to avoid co-mingling of client and proprietary assets; - the volume of transactions by type of activity and/or presence of significant non-routine transactions; - the use and monitoring of internal accounts; - the structure and complexity of IT systems for conducting business and for facilitating efficient business and financial reporting, as they may lead to increased risk of fraud or error, particularly where there is potential for individual override of the control system or the potential for fraudulent transactions to go undetected due to the sophistication and complexity of the IT systems; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 35 - the number, scope and geographical dispersion of subsidiaries and the necessity for complex consolidation procedures; - the existence of significant transactions with related parties; and - the use of off-balance sheet financing arrangements, such as special purpose entities (SPEs) and other complex structures.69. Banking supervisors and those charged with governance, such as theaudit committee, need to be satisfied that the internal control iscommensurate with the nature, volume and complexity of the bank’sactivities and is organised in accordance with regulatory and legalrequirements.The internal control of a bank must be robust and reliable in order to copewith stressed environments.Significant deficiencies in internal control which have been identified bythe external auditor should be communicated in writing to those chargedwith governance and senior management, and other deficiencies ininternal control should be communicated to the senior management at anappropriate level of responsibility on a timely basis.In addition, the Committee believes that the external auditor shouldcommunicate in writing all matters that are likely to be significant to theresponsibilities of those charged with governance in overseeing thestrategic direction of the entity or the entity’s obligations related toaccountability.Such matters may include significant decisions or actions bymanagement that lack appropriate authorisation.Internal audit70. The internal audit function is an important element of the overallinternal control environment. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 36It provides assurance to the board of directors and senior management onthe quality and effectiveness of a bank’s internal control, riskmanagement and governance systems and processes.The work of internal auditors can help external auditors assess the qualityof the internal control processes and identify risks.71. Whether or not the external auditor expects to use the work of a bank’sinternal auditors, provided there is no reason to doubt their knowledge,competence and objectivity, the external auditor should engage with, andseek information on key internal audit findings from, the internalauditors.This may provide valuable input into the external auditor’s understandingof the entity and its environment and aid in identifying and assessingrisks of material misstatement.The external auditor should consider reading relevant internal auditreports if the information obtained from engaging with the internalauditors indicates issues that may have an impact on the financialstatement audit.72. The external auditor’s observations on and, where relevant, evaluationof a bank’s internal audit function are of particular interest to the auditcommittee and the bank’s supervisor given the role an effective internalaudit function plays in maintaining a robust control environment in abank.Responding to significant risks of material misstatementspecific to a bank’s financial statementsPrinciple 6: The external auditor of a bank should respond appropriatelyto the significant risks of material misstatement in the bank’s financialstatements.73. Having identified and assessed the risks of material misstatement,internationally accepted auditing standards require the auditor to identifyany areas where there is a significant risk of material misstatement. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 37Paragraphs 78-98 below set out key audit areas of a bank’s financialstatements, where there is often a significant risk of materialmisstatement.74. In addition to the areas set out in paragraphs 78-98, there are otheritems in a bank’s financial statements whose regulatory treatment couldgive rise to incentives for management bias in the recognition ormeasurement of such items.As a consequence, there is a greater risk of material misstatement of theseitems in the financial statements.This may lead to inappropriate application of regulatory rules to theseitems and a material misstatement of the bank’s capital position.Examples of such items are deferred tax assets, investments inunconsolidated entities, pension fund assets, and the classification offinancial instruments.External auditors should therefore be alert to any likelihood that thetreatment of such items in the financial statements is influenced bymanagement bias towards a desired regulatory outcome and consider thisin their risk assessment of the bank.External auditors should also be aware that management bias maychange over time depending on, for example, the extent to which thebank is able to meet its regulatory requirements.External auditors should evaluate estimates which may be subject to thisbias, and any potential audit differences otherwise identified, in thecontext of the impact on regulatory capital or regulatory capital ratios,consistent with paragraph 64.75. Areas of significant risk of material misstatement particularly requirean external auditor to apply professional judgment and experience.Internationally accepted auditing standards require that the externalauditor obtain sufficient appropriate audit evidence51 regarding the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 38assessed risks of material misstatement, through designing andimplementing appropriate responses to those risks.76. Internationally accepted auditing standards require special auditconsideration for areas where significant risks of material misstatementare identified.Given that these areas are associated with issues that the external auditoridentifies as highly important for the bank, these areas are worthy ofdiscussion with those charged with governance.77. As the categories of what may be a significant risk for a bank maychange over time, the list of audit areas provided in paragraphs 78-98 ofthis document as areas where there is often a significant risk of materialmisstatement is not intended to be comprehensive.Loan loss provisioning78. Loan loss provisioning is generally material for a bank’s financialstatements and the calculation of capital and key performance metrics.The measurement of loan loss provisions in accordance withinternationally accepted accounting principles involves complexjudgments about credit risk which may be subjective in nature.79. The factors that the external auditor needs to consider in identifyingand assessing the significant risks of material misstatement in relation toloan loss provisioning and the related allowance for loan losses include:(a) The estimation techniques used to compute provisions and how thetechniques vary among and within banks.(b) How management has assessed the effect of estimation uncertaintyon the level of provisioning, and the effect such uncertainty may have onthe appropriateness of the recognised provision and the sufficiency of therelated allowance for loan losses in the financial statements. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 39(c) All known and relevant impairment indicators for loan exposureswhich include previously unexpected adverse developments in the marketor economic environment, adverse movement in interest rates,restructuring, inadequate underwriting policies adopted by the bank,overdue payments, failure of the borrower to meet budgeted revenues ornet income, covenant breaches and forbearance.(d) Whether the bank has sought perspectives and data from differentfunctions within the bank, including risk management, credit andinternal audit, as well as reliable sources external to the bank, includingpeer data and regulator perspectives so as to consider all relevant andavailable information in assessing impairment.(e) Accounting rules for provisioning may differ from the provisioningrules that apply for regulatory reporting or capital purposes.It may therefore be customary for banks to have different processes andsystems to generate loan loss provisions for accounting purposes and forregulatory purposes.Further, there can be material differences in the application of the sameset of accounting and/or regulatory rules by individual banks.Large differences between provisions for accounting purposes and forregulatory purposes may indicate a risk of material misstatement of theaccounting provision.In addition, whilst for regulatory capital purposes under the Baselframework the accounting loan loss provision for internal ratings-basedapproach (IRB) portfolios is replaced by the regulatory expected lossprovision, the level of the accounting provision may nevertheless have animpact on the level or the composition of regulatory capital, due to thetreatment of the tax effect of provisions and the allocation of any excessprovision to capital tiers.External auditors should be alert to any management bias in this area. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 40(f) Disclosures should enable users to assess the loan loss provisioningmethodology applied by the bank, regarding how it relates to credit riskfor that bank, and how it compares with methodologies applied across thebanking sector.Financial instruments measured at fair value80. A bank’s portfolio of financial instruments measured at fair value canrange from “plain vanilla” financial instruments which are frequentlytraded in liquid markets with observable market prices, and involve lessmeasurement uncertainty, to those which are customised, complex, andwhere the valuation is based on significant unobservable inputs with asubstantial amount of management judgment.Financial instruments measured at fair value also include financialinstruments that are subject to an impairment assessment which is a keyarea of judgment.81. Where there are changes in the composition of a bank’s portfolio offinancial instruments – whether due to changes in customer demand, thebank’s approach to managing risk and liquidity, or changes in prudentialregulation – the bank will need to evaluate any accounting implications ofthe changes.82. Accounting standards contain requirements on recognition; initialand subsequent measurement (including impairment); reclassificationfrom fair value to amortised cost; presentation; and disclosures.Because these requirements are complex, they may be difficult tointerpret and apply, and therefore the external auditor often needs toutilise more complex and wider-ranging audit procedures to obtainsufficient appropriate audit evidence to satisfy him/herself that thefinancial statements are not materially misstated.The classification of an individual financial instrument may beparticularly important for achieving a favourable regulatory outcome. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 4183. In adopting a sceptical approach to management’s assumptionsregarding the valuation of financial instruments for which there aresignificant unobservable inputs, IAPN 1000, Special considerations inauditing financial instruments, sets out specific audit procedures thatmay be followed in auditing financial instruments measured at fair value.Liabilities including contingent liabilities arising fromnon-compliance with laws and regulations, and contractualbreaches84. Non-compliance with, or material breaches of, the prudentialframework, conduct requirements, legal requirements or contractualagreements could lead to legal or supervisory actions against a bank,thereby exposing the bank to potential litigation and/or the imposition ofsubstantial penalties.Such events may require recognition of provisions, contingent liabilitiesand/or qualitative disclosures in the bank’s financial statements.Further, any adverse impact on the bank’s reputation resulting from thisnon-compliance could have consequences for the bank’s going concernassessment.85. In the course of the audit, the external auditor should remain alert toactual or suspected breaches of prudential regulations, particularly thosethat are likely to be of material significance to the functions of thesupervisor.As noted in Section 6 below,55 if the external auditor identifies any suchbreaches of material significance, the auditor should notify the supervisorimmediately.Disclosures86. A number of factors have contributed to an increased demand fromusers for more relevant and extensive qualitative and quantitativedisclosures. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 42These include the increased complexity of business transactions,including off-balance sheet transactions and non-recognition of assetsand liabilities, and increased use of fair value and other accountingestimates, with significant uncertainties and changes in measurementattributes.87. While accounting standards specify disclosure objectives, thestandards may not always prescribe in all circumstances specificdisclosures to meet those objectives.Therefore, there may be a substantial amount of judgment in assessingwhether disclosures are presented fairly in accordance with the disclosureobjectives in the relevant accounting framework.88. Increased transparency through fairly presented public disclosuresenhances market confidence.It is therefore important that the bank provide disclosures which presentthe bank’s financial condition, the risks to which it is exposed and howthey are managed, and are meaningful and responsive to changes inmarket conditions and perceived risks.89. In responding to the significant risks in this area of audit, the externalauditor has an important role to play in encouraging consistent andmeaningful disclosures which present the bank’s financial condition in away that is informative and understandable to users of financialstatements.90. In the course of its audit work, the external auditor should be alert toany indications that disclosures in financial statements are not consistentwith the bank’s prudential information such as capital adequacy andliquidity position disclosures within the financial statements.Going concern assessment91. A going concern gives rise to two separate issues: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 43(a) whether the going concern basis of preparation of financial statementsis appropriate; and(b) the external auditor’s evaluation of the bank’s assessment of its abilityto continue to meet its obligations for the foreseeable future (for at least 12months after the date of the financial statements) and whether there arematerial uncertainties in this regard that should be disclosed in theapplicable accounting framework.92. The work the external auditor performs to assess the going concernstatus of a bank is different from that likely to be performed for anon-bank entity because of the contractual terms of bank assets andliabilities (maturity mismatch), the potential for regulatory intervention,and the impact that the signalling of any uncertainty over the bank’sability to continue as a going concern could have on the short-termviability of the bank.93. Examples of reasons that make the going concern assessment of abank unique are as follows:(a) Current emerging risks and concerns specific to the bank or thebanking industry as a whole may have an impact on the historical trendsfor the specific bank in such a manner that the historical trends may notreflect the likely trend over the next year.For example, during periods of market turmoil, normal sources offunding may no longer be available, as deposits payable on demand mayrun off more quickly than historical experience would contemplate andsuch deposits may be difficult to replace.(b) As banks are highly leveraged, a small change in asset valuation mayhave a substantial impact on the adequacy of a bank’s regulatory capital.Market risks may be such that financial instruments held at fair value maybe subject to substantial changes in value in the short term andsignificant volatility over the longer term.A decrease in regulatory capital may result in a downgrade by ratingagencies making funding more expensive and possibly harder to obtain. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 4494. Given these and other risks, banks are required to meet liquidityrequirements and capital ratios set by the bank supervisory authority.There should be equal emphasis on the evaluation of liquidity andsolvency of the bank for the period over which the going concernassumption has been assessed:(a) Liquidity: Factors to assess include the reasonableness and reliabilityof the cash forecast for at least 12 months after the date of the financialstatements, liquidity risk disclosures, regulatory or contractualrestrictions on cash, loan covenants, and pension funding.(b) Solvency: Given the potential adverse impact of capital adequacyconcerns on the confidence in a bank and, as a consequence, on the bankoperating as a going concern, the external auditor will need to considerthe robustness of the bank’s system for managing capital.In addition, the external auditor will need to consider the capital positionin relation to the current and any known future capital requirements,definitions of capital resources, and challenges of raising capital.This is particularly critical where capital levels are strained, access tocapital resources is restricted or where, for example, the bank’s annualreport or internal capital projections include ambitious projections ofimprovements in capital levels.95. In responding to the significant risks in this area of audit, andassessing management’s assertion that a bank is a going concern, factorswhich are necessary to consider are:(a) the robustness of the bank’s own systems and controls for managingliquidity, capital and market risk;(b) the prudential information that is reported to supervisors covering thebank’s solvency and capital;(c) any external indicators that reveal liquidity or funding concerns; and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 45(d) the availability of short-term liquidity support.96. Given the above risks and the possible systemic implications, if thereare any significant doubts which may cause material uncertainty over thebank’s ability to continue as a going concern, and if the external auditorconsiders referring to the going concern issue in the audit report, theexternal auditor should promptly communicate this fact to thesupervisors.Securitisations – SPEs97. The banking sector is involved in activities such as sponsoring (ororiginating) structured products/transactions that support maturity,credit and liquidity transformation risks more often than other industrysectors.The sponsoring bank does not ordinarily fund such activities.The funding is generally provided by other parties.However, the sponsoring bank may be exposed to risks such asreputational risk in the event of the sponsored entity encounteringfinancial or operational difficulties.98. Such activities require special consideration by the external auditorand are of interest to the supervisor for the following reasons:(a) Accounting concern – Accounting frameworks are oftenprinciples-based, which may result in different treatments of each of thesecomplex transactions.In addition, because these are highly structured products, theiraccounting treatment may vary based on the facts and circumstances ofeach transaction, eg where SPEs are tailored to remain off the bank’sbalance sheet. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 46In these instances, it is necessary for the auditor to evaluate thejudgments made by the management and consider whether theaccounting treatment is appropriate and the disclosures are sufficient.(b) Regulatory concern – Because of the complexity of the securitisationand the chain of financial intermediation, the sponsoring bank in an“originate to distribute” model may underestimate the real risktransferred or the risk retained on its balance sheet (including reputationrisk and conflicts of interest in case of defaults on the securitised assets).Even so, the originator may be able to benefit from an off-balance sheettreatment for the assets underlying these transactions and hence may notbe required to hold additional regulatory capital unless specificallyrequired by the supervisor.The external auditor should be alert to when the supervisor requiresadditional capital even though the off-balance sheet accountingtreatment applied by the bank is appropriate.(c) Interconnectivity – Increases the correlation between banks and othernon-banking sectors, which can add to the global systemic risk.5. Supervisory expectations with regard to a bank’s auditcommittee and its relationship with the external auditor99. The BCBS’s paper on the Internal audit function in banks (June 2012)and its paper on Principles for enhancing corporate governance (October2010) describe the main responsibilities of a bank’s audit committee.The audit committee has, amongst others, a number of responsibilitieswith respect to the external auditor and the statutory audit.The audit committee approves, or recommends to the board of directorsfor approval, the appointment, reappointment, dismissal andcompensation of the external auditor.The audit committee also monitors and assesses the independence of theexternal auditor. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 47100. The audit committee oversees the bank’s statutory audit process.Key aspects of the audit committee’s work encompass the assessment ofthe effectiveness of the external audit process.The audit committee should require that senior management take thenecessary corrective actions to address the findings andrecommendations of the external auditor in a timely manner.101. The discussion below focuses on the audit committee’sresponsibilities in relation to the oversight of, and its relationship with,the external auditor to promote and support the integrity, objectivity andindependence of the auditor, the quality of the external audit and thecompetencies that underpin that quality.To enable the audit committee to carry out its oversight responsibilities,which also contribute to the effectiveness of the audit process, theprinciples in this section promote effective two-way communicationbetween the audit committee and the external auditor.It is important to note that all the discussions below stem from animportant overarching principle: namely, that there should be a frank,open working relationship and a high level of mutual respect amongst allparties involved.102. The principles and explanatory guidance in this section form thebasis for the supervisor’s monitoring of the effectiveness of the auditcommittee in its oversight of the external auditor.Appointment of the external auditorPrinciple 7: The audit committee should have a robust process forapproving, or recommending for approval, the appointment,reappointment, removal and remuneration of the external auditor.103. The audit committee has the primary responsibility for approving, orrecommending to the board of directors for approval, the appointment,reappointment, removal and remuneration of the external auditor. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 48In doing so, the audit committee should determine appropriate criteriafor selecting the external auditor and regularly assess the knowledge,competence, independence (see Principle 8 below) of the external auditorand effectiveness (see Principle 9 below) of the external audit, having dueregard to the guidance in Section 4.104. The audit committee’s procedures for approving or recommendingthe approval of the external auditor should also include a risk assessmentof the likelihood of the withdrawal of the external auditor from the audit,and how the bank would respond to that risk.105. The audit committee should contribute a section to the bank’sannual report which explains the approach taken regarding therecommendation of the appointment or reappointment of the externalauditor, and should include supporting information on the tenure of theincumbent auditor.106. If the board of directors has approval responsibilities with respect tothe external auditor, but does not accept the audit committee’srecommendation, it should include in the annual report, and in anypapers relating to the appointment/reappointment/dismissal of theexternal auditor, a statement explaining the audit committee’srecommendation and the reasons why the board of directors has taken adifferent position.107. The audit committee should assess the overall quality of the externalauditor, prior to its first appointment and at least annually thereafter.To that end, the audit committee should request that the external auditorreport on the external auditor’s own internal quality control procedures,including the audit firm’s EQCR process, and any significant matters ofconcerns arising from these procedures.The audit committee should also consider, where available, the externalaudit firm’s annual transparency report and any inspection reports on theaudit firm issued by the relevant oversight body. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 49108. The audit committee should maintain an understanding andknowledge of: - the structure and governance of the audit firm; - the current nature of the audit environment, including any overseas jurisdictions where the bank operates; - significant issues and concerns raised by the relevant audit oversight body regarding the audit firm, and the auditor’s action in addressing these concerns, to understand how these shortcomings may affect the quality of the audit of the bank; - the nature of banking regulatory actions and conditions that could have an impact on the external auditor’s work on the bank, including any regulatory actions and conditions specific to the bank being audited, or to actions and conditions that the supervisor is imposing on all banks (for example, through newly implemented regulations and policies); and - public lessons learned from any recent external audit failures associated with the bank’s audit firm and how the firm has dealt with them so that similar deficiencies do not occur.109. The audit committee should also satisfy itself that the level of theaudit fees is commensurate with the scope of work undertaken.Where fee reductions are offered and accepted, the audit committeeshould seek assurance that these reductions do not imply aninappropriate increase in the materiality level to be applied by theexternal auditor, or a narrowing of the external auditor’s proposed scopeof the audit, or a reduction in the attention which will be given to eachbusiness component and the significant audit risks identified.110. The audit committee should discuss and agree to the terms of theengagement letter issued by the external auditor prior to the approval ofthe engagement. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 50Where relevant, the audit committee should agree to an engagementletter that has been updated to reflect changes in circumstances, such asthose arising from changes in legal requirements and changes in thescope of the external auditor’s work as a result of revisions tointernationally accepted auditing standards which have arisen since theprevious year.111. If the external auditor resigns or communicates an intention toresign, the audit committee should follow up on thereasons/explanations giving rise to such resignation and considerwhether the audit committee needs to take any action in response to thosereasons.Independence of the external auditorsPrinciple 8: The audit committee should monitor and assess theindependence of the external auditor.112. The independence of the external auditor is one of the mainprerequisites for an adequate level of audit quality.As such, the audit committee should understand the applicableindependence requirements.The audit committee should have procedures to monitor and assess theindependence of the external auditor at least annually, taking intoconsideration relevant national laws, regulations and professionalrequirements.The assessment should also involve a consideration of all relationshipsbetween the bank and the audit firm (including the provision of non-auditservices) and any safeguards established by the external auditor.113. Where the audit firm has been the external auditor of the bank formany years, there may be a perception that there is a familiarity orself-interest threat to the external auditor’s objectivity and independencein its audit of the bank. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 51However, when the bank changes its external auditor, there is a risk thatthe depth of understanding of the bank and its activities and systems willbe lost.This may affect the new external auditor’s ability to identify risks ofmaterial financial statement misstatements and respond to themappropriately, and hence may detract from the quality of the audit.114. Audit committees should have a policy in place that stipulates thefrequency with which there should be a tender for the external auditcontract.The policy should also call for the audit committee to considerperiodically whether there should be a limit to the length of an externalauditor’s tenure as the bank’s external auditor given the potential impactof audit firm rotation on independence and audit quality.115. Audit committees should understand the audit firm’s policy onrotation of members of the audit engagement team and the audit firm’scompliance with any jurisdictional or other local regulatory requirementsin this regard.116. As described in Principle 2, the audit committee should seekassurance that the audit engagement team members and their firm and,when applicable, the network external auditors have no financial,personal, business or other relationships with the bank which couldadversely affect the auditor’s actual or perceived independence andobjectivity.The audit committee should seek from the external auditor, at least on anannual basis, information about the audit firm’s policies and processes formaintaining independence and monitoring compliance with the relevantindependence requirements.117. Audit committees of banks should develop a formal policy whichgoverns the acceptance of non-audit services provided by the auditor. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 52Amongst other provisions, the policy should include criteria for the typesof non-audit services that the external auditor may provide or isprohibited from providing, and rules stipulating when advance approvalby the audit committee is required for the auditor’s performance ofnon-audit services.The policy should be reviewed periodically and compliance should bemonitored, taking into account the contents of Section 4 of thisdocument.118. Where non-audit services are provided by the external auditor, theaudit committee should monitor and establish that the provision of suchservices does not impair the external auditor’s objectivity andindependence, taking into consideration various factors including theskills and experience of the external auditor, safeguards in place tomitigate any threat to objectivity and independence, and the nature of andarrangements for non-audit fees.119. Where the external auditor provides non-audit services to the bank,the bank’s annual report should explain to shareholders the nature of andthe fee arrangements for the non-audit services received, and how auditorindependence is safeguarded.Effectiveness of the external auditPrinciple 9: The audit committee should monitor and assess theeffectiveness of the external audit.120. At the start of each audit, the audit committee should considerwhether the audit approach is appropriate, including considerations onthe audit scope, the level of materiality, areas of focus and whetherplanned audit procedures address the areas of significant risk for thebank, in particular those areas described in Section 4 of this document.121. The audit committee should consider whether the proposedresources to execute the audit plan are reasonable given the scope of theaudit engagement, the nature and complexity of the bank’s operations,and its structure and activities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 53The audit committee should understand the nature and extent of auditwork that the external auditor intends to rely upon where the audit work isperformed by network firm personnel or other audit firms.122. The audit committee should obtain confirmation from the externalauditor that there is adequate knowledge, competence and expertisewithin the audit engagement team and that the audit will be conducted incompliance with internationally accepted auditing standards, as well asany applicable laws and regulations.123. The audit committee should discuss with the external auditor thefindings of the latter’s work.In the course of its monitoring, the audit committee should: - Obtain an understanding of the external auditor’s view on any major issues that arose during the audit (including those issues that were subsequently resolved as well as those that have been left unresolved), in particular the external auditor’s explanation of the significant judgments the audit engagement team made and the conclusions it reached. This should include the discussions with management and the judgments involved, the range of possible outcomes and, where available, a comparison of the bank’s position with that of its peer group (on an anonymous basis), including a comparison with previous periods on such major issues; - Obtain an understanding of the rationale behind the final conclusions drawn by the audit engagement partner on significant accounting and auditing matters, particularly in those circumstances where the audit engagement partner’s conclusions differed from those of the engagement quality control reviewer; and - Review the nature and levels of misstatements identified during the audit, obtaining explanations from management and, where necessary, the external auditor as to why certain errors might remain unadjusted. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 54124. The audit committee should also discuss with the external auditorthe audit representation letters before signature by the board ofdirectors/senior management and give particular consideration tomatters where specific representation has been requested.The audit committee should consider whether the information providedon each of the items in the representation letters is complete andappropriate based on its own knowledge.125. As part of the ongoing monitoring process, the audit committeeshould discuss with the auditor the management letter (or equivalent)and any other audit-related reports provided to the bank.In particular, the audit committee should discuss with the externalauditor any significant deficiencies identified in the bank’s controlenvironment and in its internal control over financial reporting.126. At the end of the audit engagement period, the audit committeeshould: - consider whether the audit firm has followed its audit plan and understand the reasons for any changes, including changes in perceived audit risks and the work undertaken by the external auditor to address those risks; - obtain feedback about the conduct of the audit from key bank personnel involved, eg the heads of finance and internal audit; and - report to the board of directors on the effectiveness of the external audit process.127. The audit committee should seek to obtain information from theexternal auditor on the main findings of audit quality reviews of thebank’s audit and the audit firm’s quality control systems by auditoversight bodies. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 55Relationship between the audit committee and the externalauditorPrinciple 10: The audit committee should have effective communicationwith the external auditor to enable the audit committee to carry out itsoversight responsibilities and to enhance the quality of the audit.128. The foundation for an effective relationship is regular, timely, openand honest communication between the audit committee and the externalauditor.Regular dialogue between the two parties should be held throughout thereporting cycle of the bank.129. While both cooperation and challenges are needed between theexternal auditor and the audit committee for the external audit to beeffective, the need for cooperation should never prevent robust challengesfrom being made when needed.Such challenges are a key responsibility of the audit committee and arepart of the productive dialogue on key judgments that can result instronger and deeper understanding of and views on the positions of allparties.130. In order to reinforce the audit committee’s effectiveness and enhancethe quality of the audit, the audit committee should consider inviting theexternal auditor to attend audit committee meetings (except whendiscussing matters in relation to the assessment of the external auditor),even if there are no items explicitly relevant to the external audit on theagenda.The external auditor’s attendance should facilitate the exchange of viewson business performance, risk and other topics.Further, to enhance audit quality, the audit committee should consider, ifnecessary, assisting the external auditor to gain access to any othercommittee meetings that the external auditor determines to be relevantfor the auditor’s work. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 56131. The audit committee should have the right and authority to meetregularly – in the absence of executive management – with the externalauditor.This will enable the audit committee to understand and discuss all issuesthat may have arisen between the external auditor and bank managementin the course of the external audit and how these issues have beenresolved.In addition, these meetings should address any other matters that theexternal auditor believes the audit committee should be aware of in orderto exercise its responsibilities.132. The audit committee should discuss with the auditor any mattersarising from the statutory audit that may have an impact on regulatorycapital or disclosures.This may include discussion of the interaction between the accountinginformation and the regulatory information, eg accounting impairmentcharges versus regulatory expected losses, or the consistency of thebank’s Pillar 3 reporting with its annual report.133. The audit committee should discuss with the external auditor anysignificant issues identified in the course of the audit, in particular inareas which could be relevant to future financial statements, to promoteearly discussion and planning.This includes upcoming changes in accounting standards or regulationsand the consequences of material transactions.134. The audit committee should also communicate to the externalauditor matters that are likely to be of significant influence on theconduct of the statutory audit.Such matters may encompass subjects that the audit committee believeswarrant particular attention, significant communications with thesupervisor, or other matters that the audit committee considers mayinfluence the audit of the financial statements. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 57Reporting by the external auditor to the audit committeePrinciple 11: The audit committee should require the external auditor toreport to it on all relevant matters to enable the audit committee to carryout its oversight responsibilities.135. In some jurisdictions, as part of the statutory audit, the auditors arealso required by law or regulations to express an opinion on the controlenvironment of the bank and provide additional reporting of mattersidentified accordingly.The explanatory guidance in the following paragraphs only coversreporting to the audit committee that may be required in the context ofthe financial statement audit.136. The audit committee should expect the external auditor tocommunicate promptly to the audit committee any significant auditfindings noted in the course of the audit and any significant problemsencountered in carrying out the audit.137. Upon completion of the audit work, the external auditor shouldreport to the audit committee on the outcome of the audit in writing.The contents of these written reports should be aligned with therequirements set by internationally accepted auditing standards formatters to be communicated to those charged with governance, therecommendations made in this document, and any additionalrequirements under applicable laws and regulations.138. In addition to the above, where not already covered by therecommendations in other parts of this document and the relevantauditing standards, the audit committee should request that the externalauditor report to it in writing on other significant matters, including thefollowing: - Key areas of significant risk of material misstatement in the financial statements, in particular on critical accounting estimates or areas of measurement uncertainty (eg loan loss provisioning and valuation _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 58 uncertainties), including potential valuation bias and consequential effects on earnings, compensation structures and regulatory ratios. - Areas of significant management and auditor judgment, including judgments pertaining to the recognition, de-recognition, measurement or disclosure of relevant items within the financial statements and, where relevant, judgments about material uncertainties that may cast doubt on an entity’s ability to continue as a going concern (including consideration of liquidity/funding issues of the entity). - Outsourcing of key external audit work (eg with respect to audits of subsidiaries) to another audit firm or use of external experts to assist with the external audit. - Significant internal control deficiencies identified in the course of the statutory audit. - Matters that are likely to be significant to the responsibilities of those charged with governance in overseeing the strategic direction of the entity or the entity’s obligations related to accountability. - Areas of financial statement disclosures, for the bank itself and relative to its peers, which the auditor believes could be improved, including the results of discussions with management.139. For the purposes of complying with the requirements ofinternationally accepted auditing standards, where significant matters arecommunicated to the audit committee, the external auditor should alsodetermine if these matters need to be communicated to the board ofdirectors.6. The relationship between the supervisor and the externalauditor140. This section sets out the principles that promote effectiverelationships that will enable regular communication of mutually usefulinformation in the context of a statutory audit between: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 59 - the supervisor and the external auditor at the supervised bank level, regardless of whether the communication is mandatory (Subsection A – Principles 12 and 13); and - the banking supervisory authority and the audit firm, and the accounting profession as a whole that is not specific to an individual bank (Subsection B – Principle 14).141. The key objective of having effective relationships between theparties referred to above is to enhance the effectiveness of the supervisionof the banking sector.This relationship will then also contribute to the quality of external audits.142. An effective relationship should enable each party to carry out itsrespective statutory responsibilities while not implying that either party isresponsible for or should or can perform the statutory responsibilities ofthe other party.A. Effective relationship at the supervised bank level143. The external auditor can provide the supervisor with valuable insightinto various aspects of a bank’s operations and management’s attitude tothe application of key accounting policies, judgments and modelsadopted.Conversely, the external auditor may obtain helpful insights frominformation originating from the supervisor where the supervisorprovides an independent assessment in areas significant to the externalaudit and may focus attention on specific areas of supervisory concerns.In certain jurisdictions, the supervisor may also request the externalauditor to perform specific assignments that go beyond the statutoryaudit work of the auditor.Principle 12: The supervisor and the external auditor should have aneffective relationship that includes appropriate communication channels _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 60for the exchange of information relevant to carrying out their respectivestatutory responsibilities.144. Supervisors and external auditors should have an open andconstructive relationship, with confidence in each other that informationexchanged will be treated appropriately and confidentially.145. For an effective relationship to exist, the engagement between thesupervisor and the external auditor should involve individuals who areknowledgeable, informed and empowered by their respectiveorganisations to exchange information.146. The supervisor may benefit from the results of the external auditor’swork because in many respects the two parties have complementaryconcerns regarding the same matters although the focus of their concernsis different.Similarly, the external auditor may benefit from insights that thesupervisor can communicate.However, in order to discharge their respective statutory responsibilities,each party should not use the work of the other as a substitute for its ownwork and the supervised entity should remain the main source ofinformation for their respective work.147. The terms, nature and scope of this relationship can be determined inindividual jurisdictions and should be clear to both the supervisor and theexternal auditor – for example, through guidance issued by the bankingsupervisory authority.Access to communication with the bank148. The external auditor’s work gives rise to the auditor’s report on theannual/consolidated financial statements which is often used forprudential supervisory purposes.When performing a financial statement audit in accordance withinternationally accepted auditing standards, the external auditor _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 61communicates with management and/or those charged with governanceabout significant matters relating to financial reporting or supplementarymatters, and these communications may be accessed by the supervisor.In the same manner, in certain jurisdictions, the external auditor may alsohave access to the supervisor’s communications to the bank.149. Given the benefits that may ensue, when communicating withmanagement and/or those charged with governance of the bank, both thesupervisor and the external auditor should consider communicatingmatters that may also be of mutual interest to each other in writing so thatthey form part of the bank’s records to which the other party should haveaccess.Direct communication at the supervised bank level150. In addition, effective communication should be established throughone or a combination of direct written and oral communication channels,as dictated by the circumstances.151. Written communication channels may include extended audit reportson the audited financial statements, which are submitted to thesupervisor and are not available to the public.In certain jurisdictions, these reports may be part of the external auditor’sstatutory audit work and may also cover assignments related to prudentialsupervisory requirements.152. Oral communication channels may include bilateral meetingsbetween representatives of the supervisor and the external auditor, andmay be formal or ad hoc.In addition to bilateral meetings, trilateral meetings involvingrepresentatives of the supervisor, the external auditor and those chargedwith governance at the supervised bank can also be held. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 62153. Whilst not excluding any other effective communication channels,bilateral and trilateral meetings are examples of sound practicecommunication channels, particularly for SIBs.Communication of matters outside the scope of the externalauditor’s duty to report/alert154. The communication channels described in paragraphs 150-153, canbe a helpful source of information for the supervisor about matters thatare outside the scope of the external auditor’s duty to report/alertdiscussed in Principle 13 and on which the supervisors can reasonablyexpect the auditors to form a view in the course of their audit of the bank’sfinancial statements.155. The contents of the external auditor’s communication could cover allissues that the supervisor might consider relevant in carrying out itsfunctions.Such issues may include current, emerging and thematic issues, andentity-specific and sector-wide issues.The external auditor should remain alert to the fact that these issues mayalso fall within the scope of the external auditor’s duty to report/alert.156. In addition to discussing with the supervisor areas where there isoften a significant risk of material misstatement in the financialstatements, Section 4 includes examples of areas where matters of interestto the supervisor may be identified by the external auditor in the course ofthe financial statement audit and therefore are relevant forcommunication to the supervisor.Examples of these matters are: - Where a bank undertakes transactions to achieve a particular accounting or regulatory outcome such that the accounting treatment is technically acceptable, but it obscures the substance of the transaction. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 63 - Where a bank consistently utilises valuations which are at the extreme ends of a range of acceptable valuations or there are other indications of possible management bias. - Significant deficiencies in internal control processes and their observations on matters that are significant to the responsibilities of those charged with governance in overseeing the strategic direction of the entity or the entity’s obligations related to accountability. This may include where relevant, their observations on the effectiveness of the internal audit function, the risk management function and the compliance function (where not already required by statute). - Actual or suspected breaches of prudential regulations noted in the course of the audit. - Indications that disclosures in financial statements are not consistent with published prudential information.157. Annex 1 to this document provides examples of the potential contentof the extended audit reports described in paragraph 151.Annex 2 to this document provides guidance on the timing and examplesof the potential content of the meetings between the supervisor and theexternal auditor, as circumstances may dictate.158. Where bilateral and trilateral meetings are held, particularly in thecase of SIBs, the timing and content of these meetings could be alignedwith the typical phasing of the bank’s external audit and/or thesupervisory assessment of the bank.Of particular importance are the planning and concluding phases of theexternal audit.The meetings should focus on the key issues and judgments within thescope of the external auditor’s statutory audit work. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 64159. The form, frequency and content of the communication described inthis document between the supervisor and the external auditor of thesupervised entity will vary depending on the jurisdictional circumstances,the characteristics and circumstances of the bank, and the supervisorymodel adopted in the relevant jurisdiction.Safe harbour available to external auditors160. External auditors are required by internationally accepted ethicalstandards to treat much of the information received while carrying outtheir functions as confidential.The existence of a legal provision that protects external auditors fromdisciplinary proceedings, any prosecution and liabilities when makingdisclosure in good faith to the supervisor (safe harbour) permits auditorsto share information with the supervisor without contravening their dutyof confidentiality.161. In communications on matters that fall outside the scope of the dutyto report/alert discussed in Principle 13 and which may be of interest tothe supervisor, where a safe harbour does not exist, it is reasonable for thesupervisor to expect the external auditor to communicate these mattersthrough the bank or directly with the bank’s consent.Gateways available to supervisors162. If appropriate confidentiality rules are in place, the supervisor maydecide to communicate bank-specific information to the external auditorwhen the information-sharing will help in its supervisory work and in turnassist the external auditor in conducting a quality external audit.163. Before disclosing any information to the external auditor, supervisorsshould carefully consider how sensitive the information is and the extentto which disclosing the information to the external auditor would supportthe supervisor discharging its duties. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 65Principle 13: The external auditor should report to the supervisor mattersthat are likely to be of material significance to the functions of thesupervisor.Communication of matters within the scope of the externalauditor’s duty to report/alert164. When required by the legal or regulatory framework or by a formalagreement or protocol, the external auditor should promptlycommunicate matters of material significance to the supervisor (referredto as “duty to report/alert” matters).165. On many occasions, the external auditor will have already identifiedand discussed these matters with the bank’s management and/or thosecharged with governance as appropriate.However, it is not sufficient for the external auditor to rely on the bank tonotify the supervisor when there is a duty on the part of the externalauditor to report to/alert the supervisor directly on such matters.166. Laws or regulations provide that external auditors who make anysuch disclosure in good faith to the supervisor cannot be held liable forbreach of a duty of confidentiality.The following are examples of matters that most jurisdictions prescribe aswithin the scope of the external auditor’s duty to report/alert: - information that indicates the bank’s failure to fulfil one of the requirements for a banking licence; - a serious conflict within the bank’s decision-making bodies or the unexpected departure of a manager in a key function; - information that may indicate a material breach of laws and regulations or the bank’s articles of association, charter or by-laws; - material adverse changes in the risks of the bank’s business and possible risks going forward; and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 66 - a refusal to certify the financial statements or the expression of reservations in the audit report (other than a clean opinion) by the external auditor.167. It is also usual practice for the external auditor to notify thesupervisor of the external auditor’s intent to resign or the bank’s removalof the external auditor from office.B. Effective relationship at the levels of the audit firm and theaccounting profession as a whole168. To assist in effective supervision of banks, it is important to identifysystem-wide, macroprudential risks which may have an impact on banks.In the course of their work, the banking supervisory authority andexternal audit firms obtain information which, when reviewed in itsentirety, can assist in identifying changing and emerging key trends anddevelopments that may be indicative of emerging systemic risk.169. Audit firms may also identify emerging issues over inconsistent orinappropriate application of accounting standards which, if identifiedearly, permit external auditors and supervisors to take timely remedialaction.Principle 14: There should be open, timely and regular communicationbetween the banking supervisory authority, the audit firm and theaccounting profession as a whole on key risks and systemic issues as wellas a continuous exchange of views on appropriate accounting techniquesand auditing issues.170. The banking supervisory authority and external audit firms shouldhave regular discussions on existing and emerging key risks and systemicissues at the national level, as the exchange of such information ismutually beneficial.The communication should be open and in an environment that allows afrank exchange of views and ideas. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 67If circumstances dictate, ad hoc meetings should be held to discussmatters requiring urgent action to allow each party to take appropriateaction in a timely manner.171. There should be periodic meetings at the national level between thebanking supervisory authority and audit firms and professionalaccountancy bodies to discuss existing and emerging key risks andsystemic issues.172. Key risks may be identified from discussions on: - the appropriateness of accounting techniques for newly developed financial instruments, other aspects of financial innovation and securitisation; and - existing issues such as market opacity, and impairment evaluations for a particular asset class.These discussions on key risks could be indicative of systemic issues.They could also assist in achieving banks’ adoption of the mostappropriate accounting policies and their consistent application.173. It is advisable for banking industry associations to be involved indiscussions on these topics.7. The relationship between the banking supervisory authorityand audit oversight body174. Supervisory authorities often use audited information, either directlyor as a basis for regulatory information.In many jurisdictions, audit oversight bodies are responsible forindependently monitoring the quality of statutory audits as well as auditfirms’ policies and procedures supporting audit quality.Therefore, banking supervisory authorities and audit oversight bodieshave a strong mutual interest in ensuring quality audits by the firms. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 68175. To promote effective dialogue between the banking supervisoryauthority and the audit oversight body, their respective roles should beclearly understood.The banking supervisory authority’s focus is on the safety and soundnessof the institutions under its supervision and the stability of the financialsystem as a whole.The audit oversight body’s main role is to monitor the quality of audits inorder to protect the interests of investors or further the public interest.176. To facilitate effective dialogue between the banking supervisoryauthority and the audit oversight body, it is also beneficial to have anappropriate framework (eg through a memorandum of understandingbetween the two parties) for cooperation and information-sharingbetween the two bodies, subject to the confidential obligations of bothparties and the relevant laws of the jurisdiction in which they are located.This may include the form, frequency and content of the dialogue.The cooperation framework should enable the banking supervisoryauthority to take appropriate actions to address the identified issues ortopics.Principle 15: There should be regular and effective dialogue between thebanking supervisory authority and the relevant audit oversight body.177. Where there is an audit oversight body, the banking supervisoryauthority should establish regular dialogue with the relevant auditoversight body to deal with relevant issues in relation to the conduct ofaudits of the banks under supervision.178. Effective dialogue can be established through both formal (egscheduled regular meetings) and informal channels (eg ad hocdiscussions).There should be an open and constructive two-way dialogue between thetwo parties. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 69179. Meetings between the banking supervisory authority and the auditoversight body should take place as frequently as deemed necessary toenable them to inform each other of topics or issues of mutual concern orinterest arising from the performance of their duties that could be ofrelevance to the other authority, subject to relevant legal constraints.180. Information exchanges between the two parties could include therobustness of the audit of certain areas particularly relevant to thebanking supervisory authority, such as loan loss provisioning, or theauditor’s consideration of the internal controls or risk managementprocedures of banks.The discussions may also include any issues or topics identified by theaudit oversight body in the course of its inspections relating to audits offinancial institutions (including audit deficiencies), and the auditoversight body’s response to such issues, including follow-up withexternal audit firms and any corrective actions or other steps taken by theaudit oversight body or external auditors to further strengthen externalaudits of financial institutions.181. The banking supervisory authority may also discuss with the auditoversight body areas where there can be a significant risk of materialmisstatement, their concerns about the quality of the audit of a particularfinancial institution or any significant matters of concern in relation to thebank’s external auditor or audit firms in general which may be relevant tothe work of the audit oversight body.182. Although identifying audit deficiencies is not a primary focus of thebanking supervisory authority’s work, on becoming aware of matters thatmay require action by the audit oversight body, the banking supervisoryauthority should consider communicating such matters to the auditoversight body.183. The discussions should not be restricted to current issues or topicsbut should also include any significant thematic or emerging topics. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 70184. Depending on the outcome of the dialogue between the bankingsupervisory authority and the audit oversight body, where permitted,actions taken by the banking supervisory authority could include: - raising issues identified by the audit oversight body with individual banks or their external auditors and encouraging remediation of these issues where appropriate; and - initiating a cross-sector thematic review to analyse the impact of issues or topics identified by the audit oversight body.Principle 16: The banking supervisory authority and the audit oversightbody should observe appropriate confidentiality requirements whensharing information.185. Information shared between the banking supervisory authority andthe audit oversight body is likely to be subject to legal confidentialityrequirements.186. Where information is subject to a confidentiality requirement, theauthority/body receiving the information should handle it in accordancewith those requirements, and should consider: - consulting the authority/body providing the information before disclosing the information to any third party; and - notifying the other party if it receives a request or demand to provide the information on any basis potentially enforceable in law.Annex 1Guidance on the content of extended reports provided by theexternal auditors to supervisorsIn certain jurisdictions, it is a well-established practice that externalauditors submit to the supervisor an extended report (the so-called _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 71long-form audit report) on the audited financial statements of banks.These reports form part of the statutory audit work.The following is a list of examples of the potential content of such reports,which is not meant to be exhaustive.Contents relating to the audit of the financial statements: - description of the annual audit mandate, the audit strategy and the audit procedures; - description and assessment of the significant accounting and valuation methods, including structured and complex accounting activities (eg asset-backed securities transactions, sale and leaseback transactions, use of special purpose entities, and barter transactions); - description of significant events that took place during the year under review; - description of material changes to the legal, financial and organisational basis of the bank (eg changes to the legal form, the capital structure, the company structure, the organisational structure, the composition of the board, the structure of banking operations and financial services provided, the lines of business, and the relations with affiliated parties); - description of the internal controls over significant procedures and internal control functions (eg risk management, compliance, internal audit, audit committee, and management information systems); - assessment of business performance; - assessment of the development of the net asset position, especially the nature and extent of off-balance sheet assets and liabilities; - comments and explanation on individual balance sheet items and profit and loss accounts, taking the principle of materiality into consideration; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 72 - comments on whether the balance sheet items have been properly valued, the valuation adjustments and provisions are appropriate and the reporting requirements have been fulfilled; - description of material agreements and pending legal disputes where these may have adverse effects on the net asset position; - description of the contents and assessment of the enforceability of letters of comfort issued; - assessment of the earnings position, including a description of the most important sources of and factors for generating earnings; - assessment of the risk situation, the procedures for determining risk provisioning and the adequacy of risk provisioning; - description of major features and material risks of the lending business, including risk concentrations and the way they are dealt with within the bank; - description of general credit lines and noteworthy loans (eg significant non-performing loans, loans for which sizeable loan loss provisions are necessary or were necessary in the concluded financial year, significant loans to board members, and loans for which an exceptional type of collateral has been provided); - follow-up on serious irregularities and weaknesses observed during previous audits; and - summary of the key findings and results of the audit.Contents relating to special prudential supervisoryrequirements: - assessment of the adequacy of risk management, including the internal control system and the internal audit and compliance functions; _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 73 - analysis of the bank’s exposure to credit risk/counterparty risk, market risk, interest rate risk, settlement risk, foreign exchange risk, liquidity risk, profitability risk and operational risk; - analysis of the amount and composition of the bank’s own funds that have to be reported to the supervisor; - assessment of the appropriateness of procedures for the preparation of prudential returns; - assessment of the appropriateness of measures taken by the bank to determine the level of own funds, its liquidity ratio and its solvency ratio; - assessment of the liquidity position and the liquidity management system of the bank; - description and assessment of the provisions for preventing money laundering and terrorist financing; and - description and assessment of the provisions on conduct of business rules.Annex 2Guidance on the timing and content of meetings betweensupervisors and external auditorsThis annex provides guidance on the timing and examples of thepotential content of meetings between supervisors and external auditors,as circumstances may dictate.The examples include types of matters of supervisory interest on whichexternal auditors can reasonably be expected to form views, but which falloutside the usual “duty to report/alert” obligations. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 74Planning stage - Risk assessment and scope – assessments in light of the external environment and the firm’s performance, business model and risk appetite. - Recent supervisory risk assessments and other supervisory reviews if appropriate confidentiality rules are in place. - Audit strategy/approach and views on materiality. - Observations on internal controls (eg governance effectiveness, control environment, application controls and monitoring controls). - Fraud due to deficiencies in the control environment. - Views and judgments on key risk areas based on audit/supervisory work performed to date (where confidentiality rules permit), including specific significant transactions, material valuations and impairment decisions, methodologies and assumptions. - Assessment of risks relating to the going concern assumption. - Accounting policy application and changes. - Sources of potential management bias. - Culture and tone set from the top. - Issues from previous years and how the firm had addressed them. - Extent of work on internal controls over regulatory reporting, including capital.Pre-close - Update on all areas covered in previous meetings. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 75 - Adequacy and reliability of disclosures in light of statutory reporting requirements and risks, transactions, judgments, and assumptions discussed in this and previous meetings. - Critical accounting estimates and indications of management bias. - Analysis of management’s going concern assessment. - Content of (anticipated) reporting to those charged with governance. - Unadjusted differences and the auditor’s evaluation in light of materiality. - Material control weaknesses identified in the bank’s financial and regulatory reporting processes. - Views on the control environment around regulatory reporting and calculation of capital resources. - Possible modifications to the audit report. - Additional matters arising from the audit.OthersAdditional meetings may be held as appropriate during the audit phase,and after the conclusion of the audit to debrief on matters consideredduring the annual audit cycle and to consider any assessment of risks andanticipated issues. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 76Meeting of the G20Finance Ministers andCentral Bank GovernorsUpdate by the IASB andFASBConvergence projectsThis report is a high-level update on the status and timeline of theremaining convergence projects.This includes an update on the impairment phase of our joint projecton financial instruments (included in the appendices to this report).BackgroundIn the past ten years, since the US Financial Accounting Standards Board(FASB) and the International Accounting Standards Board (IASB) (theboards) signed the Norwalk Agreement in 2002, we have maderemarkable progress in improving and converging major globalaccounting standards.In 2006, the boards agreed a Memorandum of Understanding (MoU) thatidentified several short-term and longer-term convergence projects thatwould bring the most significant improvements to IFRS and US GAAP.The MoU was updated in 2008 and then again in 2010.Achievements and challengesMost of the short-term projects and several of the longer-term projectshave been completed or are nearing completion. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 77In 2012 the boards made significant progress on the remaining jointprojects and they continue to appreciate the importance of developingconverged accounting standards.The boards have achieved converged solutions for Revenue Recognitionaccounting and will be exposing converged proposals for accounting forLeases.There have, however, been some challenges to developing completelyconverged solutions, especially for the Impairment and InsuranceContracts projects.For the Impairment project, it has been a challenge to bring together thedifferent perspectives of the boards’ respective stakeholders and thedifferent markets in which such stakeholders conduct their primarybusiness activities.While the goal continues to be the development of a converged Standardfor impairment, the extent of future convergence in this project willdepend, in part, on the feedback that is received during the boards’respective comment periods.However, it is also important to note that under both sets of proposals theprovisions for loan losses continue to be based on the same informationset, updated for changes in loss expectations.Developing a converged solution for the Insurance Contracts project maybe more difficult.IFRS does not currently include accounting requirements for insurancecontracts, so the IASB needs a final Standard urgently and will beundertaking a targeted re-exposure of its proposals.The FASB has existing models for insurance contracts but will initially beexposing proposed amendments for public comment in mid-2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 78The difference in the scope of the questions in these exposure documentsand the need for the IASB to issue timely guidance will make achieving afully converged solution for the Insurance Contracts project challenging.Financial instrumentsClassification and MeasurementDuring 2012, the boards worked together to eliminate differences in theirrespective classification and measurement models and have convergeddecisions in the following areas:• Contractual Cash Flow Characteristics Assessment: a financial assetwould be eligible for a measurement category other than fair valuethrough profit or loss if the contractual terms of the financial asset giverise to cash flows that are solely payments of principal and interest on theprincipal amount outstanding, where interest is consideration for the timevalue of money and for credit risk.• Business Model Assessment: the assessment of the business modelwould apply to those financial assets that ‘pass’ the assessment of thecontractual cash flow characteristics.Financial assets would qualify for amortised cost accounting if the assetsare held within a business model whose objective is to hold the assets inorder to collect contractual cash flows.The frequency and nature of sales would prohibit some financial assetsfrom qualifying for amortised cost.• Fair value through other comprehensive income: financial assets wouldbe measured at fair value through other comprehensive income if they‘pass’ the assessment of the contractual cash flow characteristics and areheld within a business model whose objective involves both holding thefinancial assets to collect contractual cash flows and selling financialassets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 79• Fair value through profit or loss would be the residual measurementcategory that would include all assets that ‘fail’ the assessment of thecontractual cash flow characteristics.Given the different stages of development of the classification andmeasurement phases of their respective projects, (the IASB is makinglimited amendments to IFRS 9 Financial Instruments whereas the FASBis proposing completely new guidance), the boards’ exposure documentswill not be identical.The IASB published its Exposure Draft in November 2012.These proposed amendments were intended to further align the boards’classification models, address some of the insurance community’sconcerns about the interaction with accounting for insurance contracts,and clarify the existing classification and measurement requirements forfinancial assets.The comment period ended on 28 March 2013.The FASB expects to issue a second Exposure Draft on classification andmeasurement in February 2013 and will conduct outreach withstakeholders during the exposure period.The comment period will end on 30 April 2013.The boards are planning to begin joint redeliberations about the feedbackreceived on the proposals later this year.The timing of the issuance of final requirements will depend on thenature and extent of the feedback received.Impairment (Loan Loss Provisioning)This is probably the most important phase of our project to overhaul theaccounting for financial instruments. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 80While the boards worked jointly to develop an ‘expected loss’ approach toimpairment, US stakeholders raised numerous concerns about earlydrafts of the so-called ‘three-bucket’ approach.The most significant concerns related to the use of two differentmeasurement approaches—a portion of the expected losses for all new orpurchased financial assets and a full loss recognition approach forfinancial assets that have exhibited ‘more than insignificantdeterioration’.The FASB believed it was necessary to address these concerns beforemoving to an Exposure Draft.To address these concerns, the FASB developed a different expected lossmodel whereby at each reporting date, an entity would recognise anallowance for credit losses for its current estimate of all expected creditlosses on financial assets held at the reporting date.The same objective applies to all financial assets held in any period;however, the measure of the allowance would be commensurate with thecurrent assessment of risk for the financial assets held.In late December 2012 the FASB published its Exposure Draft.The FASB’s comment period ends on 30 April 2013.The IASB decided to maintain the concept of the ‘three-bucket’ approachbut will revise it to address concerns that had been raised about the pointat which full lifetime expected losses should be recognised.The revised model will result in an initial recognition of a portion of thelifetime expected losses, with full lifetime expected losses beingrecognised only once a financial asset significantly deteriorates (ie to thepoint that an economic loss is suffered beyond the level that wasoriginally anticipated and priced into the financial asset).The IASB is aware of the importance of publishing its proposals as soonas possible, and will publish an Exposure Draft in the first quarter of 2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 81There will be a 120-day comment period.The boards appreciate the importance of converged requirements in thisarea and continue to have open lines of communication.However, as noted above, challenges to achieving a converged solutioninclude bringing together the different needs of the respective boards’stakeholders and the different markets in which such stakeholdersconduct their primary business activities.It is also important to note, however, that under both sets of proposals theprovisions for loan losses continue to be based on the same informationset, updated for changes in loss expectations.The boards will continue to discuss developments as they move forward,and participate in each other’s outreach during both boards’ exposureperiods.The comment periods will have some overlap and the boards willconsider public comments on both approaches during redeliberations.The timing of the issuance of final requirements will depend on thenature and the extent of feedback received, but the boards expect tocomplete deliberations in 2013.Hedge AccountingThe objective of the IASB’s project is to improve hedge accounting bymore closely aligning the accounting with a company’s risk managementactivities, thereby improving financial reporting.As previously discussed, the Hedge Accounting phase of the FinancialInstruments project is not a joint project.However, the FASB sought comments from its stakeholders on theIASB’s Hedge Accounting Exposure Draft, and will consider these andthe decisions reached during redeliberations in conjunction with _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 82feedback on its own proposals, when it recommences its hedgeaccounting deliberations.Other projectsLeasesLease obligations are widely considered to be a significant source of offbalance sheet financing.The objective of the Leases project is to improve financial reporting bylessors and lessees, in particular by recognising leases on the balancesheet.The boards have completed discussions on the Leases project and haveagreed to re-expose the revised proposals for identical standards on leaseaccounting.The boards plan to publish exposure drafts in the second quarter of 2013with a 120-day comment period.During the comment period, the boards will conduct additional outreachwith users of financial statements and with entities that undertake leaseactivities.The boards plan to jointly redeliberate the proposals later this year.The timing of the issuance of the final requirements will depend on thenature and extent of the feedback received.Revenue RecognitionThe objective of this project is to improve financial reporting by creatingidentical standards on revenue recognition that clarify the principles thatcan be applied consistently across various transactions, industries andcapital markets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 83The project applies to all contracts with customers (except leases,financial instruments and insurance contracts).In December 2012 the boards completed the substantive redeliberationsof the recognition and measurement principles in the 2011 ExposureDraft.The boards plan to redeliberate the remaining topics, including thescope, disclosure, transition and effective date, in the first quarter of 2013and issue final standards in mid-2013.Insurance ContractsThe objective of this project is to eliminate inconsistencies andweaknesses in existing practice and to provide a single principles-basedStandard to account for all insurance contracts.While the boards are working together on the Insurance Contracts projectthey have reached different decisions on several basic matters.For example, while both boards have agreed to measure the insuranceliability using a current measure of the estimated cost to fulfil theobligation, the boards have reached different decisions on several aspectsof the model, including the recognition of changes in estimate, theinclusion of a risk margin in the measurement of the liability and thetreatment of acquisition costs.The boards finalised their joint discussions in January 2013.The obstacles to finding a converged solution for the Insurance Contractsproject may be difficult to overcome.In particular, the different decisions reached by the boards are a resultof different starting points (IFRS currently does not include accountingrequirements for insurance contracts so the IASB needs a final Standardurgently, whereas the FASB is proposing amendments to itslong-standing insurance model). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 84Due to the importance of the project and in view of the extensive debatethe IASB has undertaken over the years, the IASB will only seek feedbackon five key matters which have significantly changed since the 2010Exposure Draft.The IASB hopes that this approach will avoid further undue delays infinalising this much-needed Standard for insurance contracts.The IASB plans to publish this Exposure Draft in the first half of 2013.The FASB plans to publish its first Exposure Draft in mid-2013.Investment EntitiesThe Investment Entity project was, in the most part, jointly deliberated.However, the FASB is addressing the accounting for investment entitiesmore broadly than the IASB did, as the latter’s focus was solely on anexemption from consolidation.Consequently, the boards’ final requirements will be similar but notidentical.The IASB issued its final requirements in October 2012.The FASB plans to finalise its redeliberations and issue a final Standard inthe first half of 2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 85To G20 Ministers and Central BankGovernorsProgress of Financial Regulatory ReformsFinancial market conditions have improved over recent months.Nonetheless, medium-term downside risks remain, given weak growthprospects and high levels of public and private sector debt in manyeconomies.The recent improvement in financial market conditions owes much tocentral bank actions, in particular, the accommodative monetary policyaimed at stimulating the economic recovery.As a consequence, market participants’ appetite for risk has increased,but this has not yet translated into a robust recovery in real investment.The beginning of the return of risk appetite to financial markets – whileintended and welcome – raises a number of issues.First, market participants and authorities need to be on guard againstmispricing of risk and valuations of assets.Second, the importance of timely completion of the reforms toover-the-counter (OTC) derivatives markets and the shadow bankingsystem has increased.Third, historically low interest rates in many countries pose challenges forinstitutional investors with long-dated liabilities and may leave marketparticipants more vulnerable to unanticipated movements in the yieldcurve.Financial institutions and supervisors should continue to assess theresilience of the financial system through regular stress testing, notably of _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 86credit and interest rate risk, and complete the process of balance-sheetrepair.1. Reports submitted for this meetinga. Regulatory factors affecting the availability of long-termfinanceAs part of the diagnostic work you requested of the internationalorganisations, the FSB has prepared an assessment of the effect of theG20 financial reform programme on the availability of long-terminvestment finance.The reforms include Basel III, OTC derivatives market reforms, andchanges affecting the regulatory and accounting framework forinstitutional investors.The general conclusion is that, while there may be some short-termadjustment effects, the most important contribution of the financialreform programme to long-term investment finance is to rebuildconfidence and resilience in the global financial system.As a result, these reforms should substantially enhance the financialsystem’s capacity to intermediate investment flows through the cycle atall investment horizons.Hence, the G20 regulatory reforms are unambiguously supportive oflong-term investment and economic growth.The submissions of FSB members found little evidence that theregulatory reforms have had a notable impact on long-term financing tothis point.This is not surprising given the fact that the reform process is still at anearly stage. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 87Several features of the reforms are designed to avoid major unintendedconsequences: the long phase-in period for reforms; the ongoingimplementation monitoring; and, in certain cases, the flexibility to adjustrules during the observation period.The financial reform programme is not specific to the regulation oflong-term finance.Nevertheless, the reforms will change the incentives of some financialinstitutions and the costs of certain transactions, which may affect thecomposition of long-term finance.In particular, institutional and other long-horizon investors are expectedto assume a greater role in funding long-term assets and more of thisinvestment may be intermediated via capital markets rather than thebanking system.There are three areas for specific follow-up by the FSB.First, there should be ongoing monitoring to identify any regulatoryfactors that may disproportionately affect the provision of long-termfinance so that they can be addressed.Second, the FSB could work with others to examine whether regulatoryfactors may constrain the ability of non-banks to expand their provision oflong-term finance.Third, the FSB can contribute to the work of other internationalorganisations to help promote the development of longer-term domesticsavings and the capacity of domestic financial systems to intermediatethem, particularly in emerging market and developing economies(EMDEs).b. Update on accounting convergenceThe Chairs of the International Accounting Standards Board and the USFinancial Accounting Standards Board have written you on their work onconvergence of accounting standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 88The two Boards expect to make progress on the two key outstandingissues of impairment of loans, where they expect to complete theirdeliberations in 2013, and insurance contracts, where both Boards will beholding public consultations this year.Of these two outstanding issues, the need for convergence on a newforward-looking expected loss approach to provisioning is of mostimmediate concern for end-users and from a financial stabilityperspective.We note with concern the delays in convergence to date.We therefore recommend that the G20 ask the IASB and FASB to prepareby end-2013 a roadmap for converging to a common approach forimpairment and for achieving the G20 objective of a single set of highquality accounting standards.2. Priorities and work plansa. Creating continuous marketsThe FSB remains fully committed to the rapid completion of the G20’sagreed reforms to OTC derivatives markets.As you are aware, these complex reforms are taking somewhat longerthan originally planned.The FSB will submit for your April meeting its latest progress report onimplementation, including a comprehensive stock-take of reforms as ofend-2012, estimates of the extent to which transactions are being centrallycleared and reported to trade repositories, and an overview of theremaining issues to be resolved.It is important that all jurisdictions promptly complete the necessarychanges to legislative and regulatory frameworks to put these reformsinto practice.To maintain momentum, I have asked FSB member jurisdictions toconfirm before the September Summit that the legislation and regulation _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 89for reporting to trade repositories are in place, and also the steps they aretaking to complete the implementation of other OTC derivatives reforms.Ministers may wish to take a particular interest in progress in theirjurisdictions to ensure timely compliance with these important reforms.The FSB has previously identified regulatory uncertainty as the mostsignificant impediment to full and timely implementation of the OTCderivatives reforms.To reduce this uncertainty, regulators are working together to identifyand address conflicts, duplication and gaps in the cross-borderapplication of rules.They will provide an update in April on their progress and next steps, anda report to the Summit on how the identified cross-border issues havebeen resolved.International policies in remaining important areas will also be publishedby the Summit.These include capital requirements for exposures to centralcounterparties, margining standards for non-centrally clearedtransactions and guidance on resolution of central counterparties.Standard setters are undertaking an assessment of the incentives tocentrally clear transactions that these standards create and will adjustthem as necessary to ensure a robust system.The FSB will also report at the Summit the findings of a newmacroeconomic impact assessment of the OTC derivatives regulatoryreforms.Standard setters are also developing international guidance onauthorities’ access to trade repository data, including in such a way that itcan be aggregated across trade repositories. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 90This guidance, which will be issued for consultation shortly and finalisedby the Summit, will be important for ensuring that authorities can useinformation from trade repositories in their oversight of OTC derivativesmarkets and assessment of systemic risk.Ministers and Governors will wish to ensure there is effective cross-borderaccess to this information, which is vital to the monitoring of emergingfinancial vulnerabilities.The global Legal Entity Identifier (LEI) system will enhance the usabilityof the data; the Regulatory Oversight Committee as the governance bodyof the global LEI system was established in January 2013.Establishing the Global LEI Foundation is the key next step to launch thesystem in March 2013.The FSB continues to offer strong support to the LEI initiative and theFSB Secretariat will serve as ROC LEI Secretariat for the initial period.b. Strengthening the oversight and regulation of shadowbankingAs you will recall, the FSB delivered to you last November an initial set ofrecommendations to strengthen the oversight and regulation of shadowbanking.We have received useful feedback through a public consultation on theinitial recommendations.The FSB is refining the recommendations relating to securities lendingand repos, and those relating to the policy measures for shadow bankingentities other than money market funds.The recommendations will address bank-like risks to financial stabilityemerging from outside the regular banking system while not inhibitingsustainable non-bank financing models that do not pose such risks.The approach is designed to be proportionate to financial stability risks _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 91by focusing on those activities that are material to the system, using as astarting point those that were a source of systemic risk during the crisis.We will deliver certain recommendations to the St Petersburg Summit.These measures should be viewed as the start of a broader process sincethey address the specific risks that arose during the crisis and we allrecognise the ability of the shadow banking sector to innovate.c. Building resilient financial institutionsIn January, agreement was reached by the Group of Governors and Headsof Supervision on the Liquidity Coverage Ratio (LCR) to be applied tobanks.The agreement expands the range of high-quality liquid assets that canbe included in the LCR and incorporates evidence-based assumptionsabout liquidity outflows in times of stress.The LCR will be introduced in 2015 as planned, with the minimumrequirements beginning at 60% and reaching 100% by 2019 to allow theglobal banking system sufficient time to adjust.d. Ending “too-big-to-fail”Progress is being made by the IAIS in developing and testing amethodology for identification of global systemically important insurers(G-SIIs), and in developing appropriate policy measures.This work should be completed in the second quarter of 2013.An identification methodology for non-bank G-SIFIs will be issued forconsultation in the second half of 2013.Although implementation of the G-SIFI framework has much farther togo, we will deliver an assessment to the St. Petersburg Summit of theprogress made in developing credible policies for ending too-big-to-fail(TBTF). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 923. Implementation of reformsBasel IIIConsistent implementation of Basel III is fundamental to strengtheningthe resilience of the global banking system, maintaining marketconfidence in the regulatory reforms and providing a level playing fieldfor internationally active banks.The 27 member jurisdictions of the Basel Committee on BankingSupervision (BCBS) continue to make progress toward implementation;11 had issued final regulations by 12 February 2013 and the remaining 16jurisdictions have tabled draft regulations (see Annex to this letter).The European Union and the United States published draft regulations in2012 and intend to finalise them over the course of 2013.The FSB and BCBS will prepare a full update on countries’ adoption ofBasel III in domestic regulation for your April meeting.The countries that have missed the January 2013 start date are working tofinalise their regulations and are expected to meet the 2019 timeline forfull implementation.Several more members will undergo a consistency assessment of theirfinal regulations by the BCBS in 2013.By end-2013, all jurisdictions that are the home regulator to globalsystemically important banks (G-SIBs) will have been subject to anassessment of their Basel III implementation.Other jurisdictions will be subject to regulatory consistency assessmentsshortly thereafter.The BCBS has concluded an initial examination of the internationalconsistency in the application of the Basel III risk weighting scheme fortrading book assets.A similar review is underway regarding the banking book. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 93The analysis for banks’ trading books indicates that supervisory decisionsand variations in banks’ models contribute to the substantial differencesin banks’ calculations of market risk.(The average risk weighting of trading assets for most banks in the studyvaried between 15% and 45%.)The study also shows that banks’ public disclosures are insufficient forunderstanding how much of these variations in banks’ reported riskweightings of assets are owing to differing levels of actual risk versus thatowing to other factors.This situation is unacceptable, and the study highlights three policyoptions which are being addressed in the Basel Committee’s ongoingwork:(i) Improving banks’ public disclosures, building on therecommendations of the Enhanced Disclosure Task Force;(ii) Narrowing down modelling choices for banks; and(iii) Further harmonising supervisory practices over approval of models.Resolution regimes and G-SIFI resolution plansAn effective and credible resolution regime for SIFIs is a criticalcomponent of the policy framework for ending TBTF.Full implementation of the FSB Key Attributes of Effective ResolutionRegimes will provide authorities with the powers and tools necessary forthis purpose.We will shortly conclude the first peer review of FSB members’implementation of the Key Attributes.The work under the review confirms that reforms are underway in manyjurisdictions to align national statutory regimes with the FSB KeyAttributes, but that significant work remains. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 94We are developing an assessment methodology to assist countries withtheir implementation, and to provide a basis for future peer reviews andIMF and World Bank assessments.The methodology will be tested in pilot assessments by the IMF andWorld Bank later this year and published in the second half of 2013.The FSB and its members will also this year address the specific aspectsof resolution of insurers and financial market infrastructures and theprotection of client assets in resolution.By June 2013, resolution strategies and plans should be in place for allG-SIFIs designated in November 2011.To assist this process the FSB has publicly consulted on specific aspectsof recovery and resolution planning and is now finalising its guidance.Progress in ending TBTF is contingent on the feasibility and credibilityof putting these resolution plans into operation.We will launch in the second half of 2013 a first round of assessmentsunder the G-SIFI Resolvability Assessment Process to evaluate theprogress made.Reducing the reliance on Credit Rating Agency (CRA) ratingsThe FSB has recently launched a thematic peer review to assist itsmembers to fulfil their commitments under the roadmap forimplementing the FSB principles for reducing reliance on CRA ratings.This will include a stock-take of references to CRA ratings in nationalauthorities’ laws and regulations and of actions being taken to remove orreplace these references.The findings will feed into the progress report on CRAs for the Summit,while the peer review will be completed by early 2014. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 95Monitoring the impact of reforms on EMDEsThe FSB will organise a workshop for EMDEs in the first half of 2013 toshare lessons and experiences on implementing agreed financial reformsand on undertaking ex ante assessments of their impact.FSB members with significant experience in undertaking suchassessments will be asked to present their methodologies.The FSB will report the findings of the workshop and other relevantmonitoring processes at the St. Petersburg Summit.4. FSB resources, capacity and governanceFinally, I am pleased to report that the FSB has now been establishedwith a legal personality.Alongside this, a rolling five-year agreement under which the BIS willhost and provide resources for the FSB has been activated, and aninstitutional mechanism for the FSB’s financial and resource governanceestablished.The FSB has also adopted Procedural Guidelines for its operational andadministrative activities and practices.These are important steps towards implementation of the G20recommendations at Cannes and Los Cabos to place the FSB on anenduring organisational footing, with strengthened governance, greaterautonomy in resource use and enhanced capacity to coordinate thedevelopment and implementation of financial regulatory policies, whilemaintaining strong links with the BIS.The FSB will next elect new chairs for three of its Standing Committeesand begin a review of the composition of their memberships. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 96Following the St. Petersburg Summit, the FSB will set in train a review ofthe structure of its representation, which we envisage to be completedunder the Australian Presidency of the G20. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 97 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 98The new Risk Dashboard _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 99 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 100 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 101 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 102EIOPA Risk Dashboard – Background noteExecutive SummaryEIOPA publishes a Risk Dashboard on a quarterly basis, in accordancewith its obligations under the EIOPA Regulation1 and following aframework determined in cooperation with the other ESAs, the ESRB andthe ECB.The Risk Dashboard is based on mechanical aggregation of indicatorsand additional expert judgment if deemed necessary.Besides publicly available market data, extensive use is made of companydata which is reported by 30 large and important insurance groups fromthe EEA and Switzerland under EIOPA’s quarterly fast-track reporting.Within the common structure agreed upon by the ESAs, the ESRB andthe ECB, the Risk Dashboard is designed to be flexible, so EIOPA canreact quickly to upcoming risks which are deemed necessary to becovered.EIOPA expects the Dashboard to gradually evolve further, takingfeedback by the addressees of this product into account.ContextAs part of the new European legislation, EIOPA as well as the other ESAsand the ESRB are called upon to “develop a common set of quantitativeand qualitative indicators (risk dashboard) to identify and measuresystemic risk”.The legislation further stipulates that these dashboards should beconstructed in cooperation between the ESAs and ESRB.In response to this requirement, the ESAs, together with the ESRB andthe ECB have determined a set of general features for all dashboards tofollow: _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 103 - Each risk dashboard will be constructed based on the same set of risk categories: macro risk, credit risk, market risk, funding and liquidity risk, profitability and solvency risk and risks resulting from interlinkages and imbalances. Furthermore, each institution has the option to add categories to allow for sector specific risks (e.g. insurance risk). - It was noted that all Risk Dashboards should be constructed on a flexible basis in order to allow each authority to reflect the most imminent risks identified. - Further development and implementation of the Risk Dashboards should be taken forward individually by each of the authorities concerned. However, the ESAs and ESRB should continue to work together closely in this regard to ensure interplay regarding the underlying information presented e.g. consistency when the same indicator is used in different Risk Dashboards.ApproachWork on the EIOPA Risk Dashboard has since been brought forward bythe Financial Stability Committee of EIOPA.In defining the methodology for the Risk Dashboard, the Committee hasconsidered the approach taken by other institutions in the field of riskassessment, for instance by the IMF2.The Risk Dashboard has been created to give a structured view of risks tothe insurance sector and the environment in which it operates, in order tofacilitate a regular assessment of these risks and possible mitigatingpolicy actions.In creating it, care has been taken to keep the dashboard as concise,forward-looking and flexible as possible. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 104Furthermore, it is worth noting that the dashboard is designed as ahigh-level tool showing the most relevant trends and risks on a macrolevel.As significant differences between individual institutions exist, thefindings presented are not always applicable to all EU insurers.MethodologyIndicatorsA set of currently 40 quantitative indicators forms the basis of the riskassessment presented.These indicators, which signal potential risks and vulnerabilities for theEuropean insurance sector as well as its resilience, are generated usingboth supervisory and publicly available data.This data is used – and in some cases combined – as the basis of the riskassessment for each indicator.Given that the distribution of risks and vulnerabilities is at least asimportant as its central tendency, the risk indicators are, where possible,assessed by taking both the median and outliers (e.g. 10th or 90thpercentiles) of the underlying sample into account.Based on this information an initial risk score for each indicator isderived.These scores basically serve as proxies when combining various riskindicators to an assessment for the overarching risk category.Risk categoriesThe indicators are mapped to aggregated categories of(1) macro risk, _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 105(2) credit risk,(3) market risk,(4) funding & liquidity risk,(5) profitability & solvency,(6) interlinkages & imbalances and(7) insurance risk.Based on the individual risk scores for each underlying indicator anaggregated risk score for each category is generated by either - an unweighted average (for categories 4, 6 and 7); - a weighted average referring to a long-term average of actual portfolio holdings (for categories 2 and 3); - a sub-aggregation within some indicators of a risk category and an aggregation of these “sub-risk scores” by using the simple average o for category 1 with a split in (1a) real-economy risks and (1b) the riskiness of the insurance sector as perceived by financial market participants, o for category 3 with a split in (3a) asset side risks and (3b) ALM matching risks, o for category 5 with a split in (5a) life business, (5b) non-life business and (5c) total business.For a quick and comprehensive interpretation the overall risk score arevisualized through four color codes in the Risk Dashboard.Quarterly changes are represented through arrows.Risk assessmentThe mechanically estimated risk scores per category form the basis of therisk assessment in the Risk Dashboard. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 106These scores are complemented by other information available on risks,e.g. from stress test results, topical risk analyses or other available data.If necessary, this information is used to adjust the scores.This way, it is ensured that all available information is used for the riskassessment and the most complete picture is generated.However, decisions to change the mechanically aggregated scores (i.e.expert judgment) are documented to ensure transparency of this process.To ensure flexibility, the Risk Dashboard contains space to elaboratefurther on the most prominent risks in a ‘user-defined’ non-mechanicalway.Additional dimensions of each risk (e.g. the potential impact as well astiming aspects) have been derived partially on expert judgment as well.Expert judgmentExpert judgment is considered crucial for complementing or substitutingthe mechanical process of the risk assessments and for makingforward-looking statements about the expected evolution of risks.The process for adjusting the initial risk scores (both upward anddownward adjustment) by expert judgment is intended to be transparentand used consistently over time.Any uncertainty in the assessment and/or element of judgment that willinfluence the final assessment, such as risk mitigating factors will bemade explicit and will be documented.The transparency and documentation requirements should ensure asufficient level of confidence in the expert judgment.This confidence in expert judgment is important in order to producecredible risk assessments. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 107This confidence should be further maintained by tracking the adjustedassessments against actual experience or new information that becomesavailable.Such “reality checking” is especially important where the expertjudgment leads to significant deviations from the mechanical assessmentor where it has a material impact on the overall assessment output.Data sourcesData for the Risk Dashboard is obtained from both public sources(market data) and the quarterly supervisory reporting of 30 largeEuropean insurance groups to EIOPA (fast-track reporting).Data availability for Risk Dashboard purposes is expected to improvesubstantially with the introduction of Solvency II reporting.Indicators usedMacro riskAs macro risks are obviously the major domain of the ESRB’s RiskDashboard, EIOPA’s contribution focuses mainly on insurance-linkedaspects.Besides consensus forecasts of GDP growth, development of consumerprices and unemployment rates, this section therefore encompasses thefinancial markets’ perception of the healthiness and profitability of theEuropean insurance sector.For this purpose, relative stock market performances of Europeaninsurance indices against the total market are assessed, as well asfundamental valuations of insurance stocks (price/earnings ratio,price/book-value ratio), CDS spreads and ratings/rating outlooks. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 108Market riskMarket risk is, for most asset classes, assessed by analysing both theinvestment exposure of the insurance sector and an underlying riskmetric.The holdings give a picture of the vulnerability of the sector to adversedevelopments; the risk metric gives a picture of the current level ofriskiness.For equity investments, the relevant risk metrics are the implied volatilityas a short-term indicator and the price/book-value ratio as medium-termindicator.Also for property investments the valuation comes in as a risk metric, viathe current yield of commercial real estate investments.In addition, the current level of long-term interest rates and someasset-liability matching indicators are assessed, e.g. by comparing theduration of the bond portfolio (including the effect of derivative holdings)with the duration of technical provisions.The difference between guaranteed interest rates and investment returnscompletes the assessment in this risk category.Credit riskFor measuring credit risk the holdings of credit asset classes arecombined with risk metrics applicable for these asset classes.For instance, the holdings of government securities are combined withthe credit spreads on European sovereigns.Such indicators are also constructed for the holdings of bank bonds(secured and unsecured) and non-financial corporate bonds. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 109Liquidity and funding riskGenerally speaking, insurers are less prone to liquidity risk than banks.As indicators, the lapse rate of the life insurance sector has been used witha high lapse rate signaling a potential risk.Furthermore, holdings of cash & deposits are used as a measure of theliquidity buffer available, both in absolute terms and as a share of lessliquid assets.The last indicator used is the issuance of catastrophe bonds, where a verylow volume of issuance and/or high spreads signal a reduction indemand which could form a risk.Profitability and SolvencyNine risk indicators were considered in the determination of the riskscore for this category.While the return on equity provides an overall assessment of theprofitability in the whole sector, a more detailed breakdown ofprofitability trends is available by analysing the combined ratio and thereturn to premiums for non-life business and the return on assets for lifeinsurers.Solvency ratios for both life and non-life insurers complete the picture inthis risk category as well as the year-on-year change in capital&reserves.Interlinkages and ImbalancesUnder this section various kinds of interlinkages are assessed, bothwithin the insurance sector, namely between primary insurers andreinsurers, between the insurance sector and the banking sector, as wellas via derivative holdings. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 110In addition, as an indicator on imbalances the debt/equity ratio of theinsurance sector has been included.Insurance RisksAs indicators for insurance risks gross written premiums of both life andnon-life business are an important input.Both significant expansion and contraction are taken as indicators ofrisks in the sector; the former due to concerns over sustainability and thelatter as an indicator of widespread contraction of insurance markets.Premiums are also analysed in comparison to insurers’ capital&reserves(insurance leverage).Information on insurance losses due to natural catastrophes rounds upthis risk category. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 111 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 112 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 113 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 114 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 115 _____________________________________________________________International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 116Governor Sarah Bloom RaskinBoard of Governors of the Federal Reserve SystemAt the National Community Reinvestment CoalitionAnnual Conference, Washington, D.C.Focusing on Low- and Moderate-IncomeWorking Americans I am delighted to be here at the National Community ReinvestmentCoalition (NCRC) Annual Conference today, and to be gathered with somany people who have been working for decades to strengthencommunities and the integrity of our nations economic institutions andfinancial practices.Those of you involved in community development and communityreinvestment know all too well the trauma and hardship experienced bylow-income communities over the last several years.You know it in a way that is lost on people whose communities have notbeen so badly battered by these economic storms.Thats why Im looking forward this morning to sharing with you myperspective on the importance of focusing on the situation and prospectsof low- and moderate-income working Americans.In my remarks, I will start by discussing the types of jobs beinggenerated in the current recovery.Certainly, the pace of recovery in employment has improved, but itsimportant to look at the types of jobs that are being created because thosejobs will directly affect the fortunes and challenges of households andneighborhoods as well as the course of the recovery.I will then suggest that we think about how the absence of a substantialnumber of new high-paying jobs, when combined with changes in the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 117landscape for financial services, affects access generally to affordable,sustainable credit.Finally, I will explore some of the monetary, supervisory, and regulatorytouchpoints in which the situation and prospects of low- andmoderate-income working Americans can be addressed.Challenges Posed by Labor Market Conditions The Great Recession stands out for the magnitude of job losses weexperienced throughout the downturn.These factors have hit low- and moderate-income Americans the hardest.The poverty rate has risen sharply since the onset of the recession, after adecade of relative stability, and it now stands at 15 percent--significantlyhigher than the average over the past three decades.And those who are fortunate enough to have held onto their jobs haveseen their hourly compensation barely keep pace with the cost of livingover the past three years. While todays 7.7 percent unemployment rate is a marked improvementfrom the 10 percent rate we reached in late 2009, it is still higher than theunemployment rate for the 24 years before the Great Recession, a span oftime over which the rate averaged about 6 percent.Moreover, the governments current estimate of 12 million unemployeddoes not include nearly a million discouraged workers who say they havegiven up looking for work and 8 million people who say that they areworking part time even though they would prefer a full-time job.A broader measure of underemployment that includes these and otherpotential workers stands at 14.3 percent. About two-thirds of all job losses resulting from the recession were inmoderate-wage occupations, such as manufacturing, skilledconstruction, and office administration jobs. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 118However, these occupations have accounted for less than one-quarter ofsubsequent job gains.The declines in lower-wage occupations--such as retail sales and foodservice--accounted for about one-fifth of job loss, but a bit more thanone-half of subsequent job gains.Indeed, recent job gains have been largely concentrated in lower-wageoccupations such as retail sales, food preparation, manual labor, homehealth care, and customer service.Furthermore, wage growth has remained more muted than is typicalduring an economic recovery.To some extent, the rebound is being driven by the low-paying nature ofthe jobs that have been created.The slow rebound also reflects the severe nature of the crisis, as the slowwage growth especially affects those workers who have become recentlyre-employed following long spells of unemployment.In fact, while average wages have continued to increase steadily forpersons who have remained employed all along, the average wage for newhires have actually declined since 2010.The faces of low-wage Americans are diverse.They include people of varying employment status, race, gender,immigration status, and other characteristics.Many such Americans are attached to the workforce and are deeplycommitted to both personal success and to making a contribution tosociety.For purposes of reference, in 2011, low wage was defined as $23,005 peryear or $11.06 per hour.Today, about one-quarter of all workers are considered "low wage." _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 119They are sanitation workers, office receptionists, and nursing assistants;they are single mothers of three who worry: How will I be able to send mychildren to college?What if my landlord raises the rent this year?Tens of millions of Americans are the people who ask themselves thesequestions every day.This diverse group of workers faces numerous barriers when trying toaccess the labor market or advance in their current positions.Many of these barriers were identified in an initiative that the FederalReserves Community Development function launched in 2011.Over the course of a year, Reserve Banks across the country hosted aseries of 32 regional discussions aimed at examining the complex factorscreating chronic unemployment conditions and identifying promisingworkforce development solutions.The kinds of problems faced by low-wage workers are familiar to all ofyou and have long been part of the structural conditions of poverty andnear-poverty in America. We know, for example, that location presents thorny challenges for manylow-wage workers.Within metropolitan areas, jobs are not spread out evenly and job creationtends to be depressed in low-income communities.As a result, many low-wage workers face long commutes and seriouscommuting difficulties due to less reliable transportation and aninadequate transportation infrastructure.Moreover, a number of low-wage employees work non-standard hours,exacerbating both transportation and childcare issues, as well as personalhealth problems. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 120 Traditionally, many workers find jobs through social networks andthrough personal connections that they have to the labor market. But,because low-income individuals are typically less mobile, more isolated,and less socially connected than other people, they are often left out of thesocial networks that, in practice, lead to jobs for most Americans.Addressing These ChallengesAmong those responding to these challenges are innovative localpractitioners who are implementing programs designed to expand jobopportunities for low-wage workers.Consider Impact Services in Philadelphia, an organization that buildsrelationships with the local business community to better understandtheir hiring needs and then devises programs that supply those firms withappropriately skilled workers from the community.The National Fund for Workforce Solutions is another example. Thisorganization works with local communities to organize fundingcollaboratives to support regional industries.More Recent Challenges for Low-Wage Workers So progress is being made, thanks to coalitions like these across thecountry that are working for practical changes at the community level.But the 21st century labor market is increasingly complex; it continues togenerate new challenges.For example, growth in sectors such as green industries and advancedmanufacturing is creating jobs, but these jobs may demand differentskills.Access to reliable information becomes critical for workers who areconsidering a new job, and must carefully weigh the skills and credentialsrequired by potential employers with the cost of training and thelikelihood of gaining employment. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 121And, more and more, employers are requiring post-secondary credentials.Today, a high school diploma alone is less likely to qualify an individualfor a job with a path toward meaningful advancement. And, as demandfor more credentials increases, workers who lack those credentials willfind it increasingly difficult to gain upward mobility in the job market.Contingent Work Many employers are looking to make the employment relationship moreflexible, and so are increasingly relying on part-time work and a variety ofarrangements popularly known as "contingent work."This trend toward a more flexible workforce will likely continue.For example, while temporary work accounted for 10 percent of job lossesduring the recession, these jobs have accounted for more than 25 percentof net employment gains since the reces-sion ended.10 In fact, temporaryhelp is rapidly approaching a new record, and businesses use of staffingservices continues to increase. Contingent employment is arguably a sensible response to todayscompetitive marketplace.Contingent arrangements allow firms to maximize workforce flexibility inthe face of seasonal and cyclical forces.The flexibility may be beneficial for workers who want or need time toaddress their family needs.However, workers in these jobs often receive less pay and fewer benefitsthan traditional full-time or "permanent" workers, are much less likely tobenefit from the protections of labor and employment laws, and oftenhave no real pathway to upward mobility in the workplace. Many workers who hold contingent positions do so involuntarily.Department of Labor statistics tell us that 8 million Americans say theyare working part-time jobs but would like full-time jobs. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 122These are the people in our communities who are "part time bynecessity."As businesses increase their reliance on independent contractors andpart-time, temporary, and seasonal positions, workers today bear far moreof the responsibility and risk for managing their careers and financialsecurity.Indeed, the expansion of contingent work has contributed to theincreasing gap between high- and low-wage workers and to theincreasing sense of insecurity among workers. Flexible and part-time arrangements can present great opportunities tosome workers, but the substantial increase in part-time workers does raisea number of concerns.Part-time workers are particularly vulnerable to personal shocks due tolower levels of compensation, the absence of meaningful benefits, andeven a lack of paid sick or personal days.Not surprisingly, turnover is high in these part-time jobs.Access to Credit The economic marginalization that comes with the growth of part-timeand low-paying jobs is exacerbated by inadequate access to credit formany working Americans.Ideally, people chronically short of cash would have access to safe andsound financial institutions that could provide reliable and affordableaccess to credit as well as good savings plans.Unfortunately, many working Americans have no practical access toreasonably priced financial products with safe features, much less thekind of safe and fair credit that is available to wealthier consumers.Working Americans have several core financial needs. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 123They need a safe, accessible, and affordable method to deposit or cashchecks, receive deposits, pay bills, and accrue savings.They may also need access to credit to tide them over until their next cashinfusion arrives.They may be coming up short on paying their rent, their mortgage, anemergency medical expense, or an unexpected car repair.They may want access to a savings vehicle that, down the road, will helpthem pay for these items and for education or further training, or start abusiness.And many want some form of non-cash payment method to conducttransactions that are difficult or impossible to conduct using cash. Products and services that serve these core financial needs are notconsistently available at competitive rates to working Americans.Those with low and moderate incomes may have insufficient income orassets to meet the relatively high requirements needed to establish acredit history.Others may have problems in their credit history that inhibit their abilityto borrow on competitive terms.Many workers simply may not have banks in their communities, or maynot have access to banks that actually compete with each other in terms ofpricing or customer service.There is a growing trend toward greater concentration of financial assetsat fewer banks. In my mind, this raises doubts about whether bankingservices will continue to be provided at competitive rates to all incomelevels of customers wherever they may live. According to a study of bank branch locations published by NCRC in2007, there are more persons per branch in low- and moderate-incomecensus tracts than in moderate- and upper-income census tracts. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 124While branch-building has been on the rise, indications are that theincrease in the number of bank offices has not occurred evenly acrossneighborhoods of varying income.In fact, a significant number of low- and moderate-income families havebecome--or are at risk of becoming--financially marginalized.The percentage of families earning $15,000 per year or less who reportedthat they have no bank account increased between 2007 and 2009 suchthat more than one in four families was unbanked.Families slightly further up the income distribution, earning between$25,000 and $30,000 per year, are also financially marginalized: 13 percentreport being unbanked and almost 24 percent report being underbanked. This combination of economic insecurity and financial marginalizationhas incentivized more low- and moderate-income families to seek outalternative financial service providers to meet their financial needs.Some of the providers they find, such as check-cashers and outfitsfurnishing advance loans on paychecks, can lead unwary workers intovery deep financial holes.In light of these challenges, I ask questions that have been asked before:What can economic policy do to reduce unemployment, economicmarginalization, and the financial vulnerability of millions oflower-income working Americans?There is no simple cure to these conditions, but governmentpolicymakers need to focus seriously on the problems, not simply becauseof notions of fairness and justice, but because the economys ability toproduce a stable quality of living for millions of people is at stake.Our country cannot achieve prosperity without addressing the powerfulundertow created by flat wages and tenuous financial security for so manymillions of Americans. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 125The Role of Monetary PolicySo how can the Federal Reserve address these challenges? Let me startwith monetary policy.Congress has directed the Federal Reserve to use monetary policy topromote maximum employment and price stability.The Federal Reserves primary monetary policy tool is its ability toinfluence the level of interest rates.Federal Reserve policymakers pushed short-term interest rates downnearly to zero as the financial crisis spread and the recession worsened in2007 and 2008.By late 2008, it was clear that still more policy stimulus was necessary toturn the recession around.The Federal Reserve could not push short-term interest rates downfurther, but it could--and did--use the unconventional policy tools tobring longer-term interest rates such as mortgage rates down further. Fed policymakers intend to keep interest rates low for a considerabletime to promote a stronger economic recovery, a substantial improvementin labor market conditions, and greater progress toward maximumemployment in a context of price stability.Both anecdotal evidence and a wide range of economic indicators showthat these attempts are working to strengthen the recovery and that thelabor market is improving. Nonetheless, and again, the millions of people who would prefer to workfull time can find only part-time work.While the Federal Reserves monetary policy tools can be effective inpromoting stronger economic recovery and job gains, they have littleeffect on the types of jobs that are created, particularly over the longerterm. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 126So, while monetary policy can help, it does not address all of thechallenges that low- and moderate-income workers are confronting.That said, the existing mandate regarding maximum employmentrequires policymakers on the Federal Open Market Committee (FOMC)to understand labor market dynamics, which obviously must include anunderstanding of low- and moderate-income workers.Regulatory and Supervisory Touchpoints In addition to monetary policy, the Federal Reserves regulatory andsupervisory policies have the potential to address some of the challengesfaced by low-income communities and consumers.The Federal Reserve is required by law--by virtue of the Bank HoldingCompany Act--to approve various applications, such as mergers,acquisitions, and proposals to conduct new activities.This statutory review requires an explicit consideration of public benefitsand the effects of the proposed transaction on the convenience and needsof the communities to be served.This assessment is, as many of you know, a critical opportunity forcommunity input and analysis. Indeed, as people with their feet firmly planted on the ground incommunities across America, you probably remember James Q. Wilsonstheory of "broken windows" in community policing: Move in quicklywhen vandalism and disorder first start to appear--even if it is only abroken window or graffiti on a stop sign--or else face losing the wholeneighborhood as disrespect for the law rapidly spreads. The "broken windows" strategy is every bit as compelling when it comesto addressing the disorder that comes from sloppy practices by financialinstitutions.If banking practices are undermining the ability of the economicallymarginalized to become financially included and to access the credit they _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 127need in an affordable way, regulators must move in quickly to stop thedisorder and repair the broken windows of financial intermediation. Bank supervisors should be prepared to respond to the earliest signs oftrouble by requiring operationally challenged banks to address problemsquickly and completely.If corrections are made, then the regulators can move on. If not, then theregulators need to escalate enforcement. Swift and decisive corrective action is not always how federal bankregulators have responded to broken windows in the past.In my view, for example, regulators response to the rampant,long-running problems in loan-servicing practices at large financialinstitutions was not swift and was not decisive.The point is that federal regulators must listen carefully to communityinput and analysis in order to keep track of where windows are breakingand how they are being broken.And they must carefully study and take responsibility for analyzingcomments provided by organizations such as the NCRC whenconsidering the public benefit of an application.Both the exam process and the application process must be strengthenedas key venues for federal regulators to incorporate the voices of affectedcommunities; Id like to see us revise and strengthen these processes toinclude the analysis in these voices.The Role of BusinessNow lets shift back to the private sector.In particular, to the question of whether businesses can be competitive inthe current marketplace and still provide a pathway out of poverty fortheir employees. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 128The Hitachi Foundation recently set out to answer this question byidentifying firms that provided upward job mobility for their employees.They found that the identified employers showed noteworthy consistencyin how they train and educate workers, develop career ladders, and craftsupportive human resources policies and other motivators.They also found some evidence to indicate that the companies benefitedfrom strategic and financial returns while their lower-wage workers alsobenefited from increased earnings and career advancement. "Anchor institutions," such as hospitals and universities, which arefirmly rooted in their locales, can also be powerful engines for job creationin their communities.Anchors may include cultural institutions, health care facilities,community foundations, faith-based institutions, public utilities, andmunicipal governments.These institutions have the potential to generate local jobs throughtargeted procurement purchases of food, energy, supplies, and servicesfrom local businesses.This can be a substantial, positive development in the local economy.The Evergreen Cooperative in Cleveland, Ohio, is an example of anetwork of worker-owned businesses, launched in low-incomeneighborhoods, to support local anchor institutions.The cooperatives were initially established to provide services to localhospitals and universities that had agreed to make their purchases locally.This model is effective because it capitalizes on local production, andbecause it forges a local business development strategy that effectivelymeets many of the anchor institutions own needs. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 129Role for Community-Based Organizations Clearly, the challenges facing low-wage workers are multi-faceted andcomplex.In addition to the challenges that workforce development and communityorganizations have addressed for years, structural changes in theeconomy heighten obstacles, make the stakes higher if we fail to conquerthem, and, therefore, require new levels of openness and creativity bypolicymakers.You are the ideal audience for this message because you know how to linkfederal policymaking with economic empowerment. NCRC has grown to an association of more than 600 community-basedorganizations that promote access to basic banking services to create andsustain affordable housing, jobs, and vibrant communities for Americasworking families.Community-based organizations like many of those represented in thisroom will need to consider how to work with low-wage workers to bridgeinformation gaps by expanding workers networks, providing legitimateinformation, and identifying new job opportunities. But finally, the pressure that community-based organizations exert onfinancial regulators must continue.Access to credit is an enduring challenge, and the obstacles andproblems--all the "broken windows" you see on the block--must bereported and explained.They must be understood by the federal policymakers who areresponsible for enforcing our countrys laws and regulations in the realmof access to credit; by the federal policymakers who engage in theconduct of monetary policy; and by the federal policymakers whoseactions contribute to the shaping of the landscape for financial services inthis country. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 130Your voices--whether you are reporting, documenting, monitoring,analyzing, proposing, or even protesting--must be heard.Your voices are crucial to alerting policymakers to the significantdevelopments and emerging trends in the nations communities thatmust be confronted--and confronted in a swift and decisive way--if we areto make prosperity a national agenda that touches every American.Thank you. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 131Islamic capital and money marketsWelcoming remarks by Mr Peter Pang, Deputy ChiefExecutive, Hong Kong Monetary Authority, at theworkshop on “Islamic capital and money markets”,Hong KongDistinguished guests,ladies and gentlemen,1. It is my great pleasure towelcome you to this Islamic finance workshop.We are particularly grateful to Mr. Mohd. Radzuan, Mr. Azidy and Mr.Azahari, the experts from Malaysia, who have flown all the way to HongKong to share with us their knowledge on Islamic capital and moneymarkets and their valuable experience in developing these criticalcomponents of Islamic finance.I would also like to thank Mr. Najmuddin of Bank Negara Malaysia forbringing the Malaysian delegation here.Two fast developing asset classes in the global markets2. This workshop comes at a very opportune time as Hong Kong islooking to develop Islamic finance as a way to diversify our financialplatform and further enhance our capability as an international financialcentre.In my view, to be a truly international financial centre, one needs todevelop a conducive platform for the two fast developing asset classes inthe global markets – Islamic financial products and RMB-denominatedinvestment assets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 1323. The development of Islamic financial markets has been phenomenal inthe past two decades.The size of global Islamic finance assets made a quantum leap from onlyUS$150 billion in the mid-1990s to US$1.3 trillion at the end of 2011.Although the investment climate has been clouded by the US sub-primecrisis and the European sovereign debt problems in recent years, theglobal sukuk market is powering ahead.Indeed, last year was the best year for the global sukuk market on record,with sukuk issuances growing by more than 60% year-on-year, taking theoutstanding sukuk amount to a new height of US$240 billion.According to some market estimates, the size of the global Islamicfinance industry has the potential to increase five-fold from the currentlevel to some US$6.5 trillion by 2020.34. The development of RMB-denominated investment products is equallyimpressive.In a short space of 6 years, the size of the RMB dim sum bond market inHong Kong has grown from a modest amount of 10 billion yuan in 2007 to237 billion yuan at the end of 2012.Offshore RMB financial products have also become more diversified,expanding from only RMB bonds to RMB equities, RMB investmentfunds, RMB A-share exchange-traded funds (ETFs) as well as RMBinsurance products.The growth momentum of the offshore RMB financial markets isexpected to pick up further, as more and more financing and investmentactivities can now be conducted in RMB, especially following theintroduction by theMainland authorities of the arrangements for inward and outward directinvestments in RMB and the RMB Qualified Foreign InstitutionalInvestors (i.e. RQFII) scheme. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 1335. Hong Kong is fortunate to have made a good start in offshore RMBbusiness.Since the introduction of offshore RMB business in 2004, we havedeveloped a wide variety of RMB denominated financial products.In particular, the offshore RMB bond market in Hong Kong is by far thelargest in the world.We also possess the largest RMB liquidity pool outside of MainlandChina.As at the end of 2012, the aggregate amount of RMB customer depositsand certificates of deposits has reached a high of 720 billion yuan.Notwithstanding these, when it comes to Islamic finance, Hong Kong isa relative newcomer and would need to catch up in this area.Legislative exercise to promote the development of sukukmarket6. In developing Islamic finance, we are taking a step by step approach.As a first step, our current focus is to put in place the supporting legalinfrastructure.Specifically, the HKSAR Government is set to change the tax laws inHong Kong to facilitate the development of the sukuk market.In terms of economic substance, sukuk are no different from conventionalbonds.However, since Islamic law prohibits the payment and receipt of interest,sukuk are often structured with the use of special purpose vehicles andmultiple transfers of underlying assets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 134This may result in additional tax liabilities and hence higher issuancecosts for sukuk when compared with conventional bonds under theexisting tax regime.7. It is therefore necessary to refine our tax laws to provide a taxframework for sukuk that is comparable to the one applying toconventional bonds.But this does not mean that we are going to confer special tax favours onthe Islamic finance sector; rather, our aim is to level the playing field sothat financial instruments of similar economic substance will be givensimilar tax treatments.8. On this, I am very pleased to see that an amendment bill has beenintroduced into the Legislative Council earlier this year.The bill adopts a prescriptive and religion-neutral approach, and coversfive of the most common types of sukuk globally.Products that can meet the key features and qualifying conditionsspecified in the bill will be given tax treatments similar to those currentlyafforded to conventional bonds.This means that sukuk issuers and investors alike will no longer besubject to additional tax and stamp duty charges over and above whatthey would need to pay for conventional bonds.So, passage of the bill will be a very positive step forward in furthering thedevelopment of Islamic finance in Hong Kong.Synergy between Hong Kong and Malaysia9. With the legal infrastructure to be in place soon, the next importantstep will be to develop the Islamic financial markets here.We definitely have a lot to learn from Malaysia in respect of productdevelopment and market operation. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 135As I see it, Hong Kong and Malaysia each has different edges in thefinancial services industry, and the potential synergy between the twoplaces in developing the Islamic financial markets is tremendous.10. Malaysia is undoubtedly an important leading centre in the globalIslamic finance industry that has accumulated vast experiences andinvaluable expertise over the past three decades.It has developed a well-diversified Islamic financial market, offering a fullsuite of products covering sukuk, Islamic equities, Islamic funds, IslamicETFs, etc.Its sukuk market is by far the largest in the world, accounting for morethan 70% of global sukuk issuances last year.It has also put in place well-developed financial infrastructure which canfacilitate local and overseas market players alike in conducting Islamicfinancial transactions.11. On the other hand, Hong Kong as an international financial centre hasdeveloped a deep and highly liquid capital market with a diverse base ofinvestors coming from all around the world.More importantly, with Hong Kong’s unique role as a gateway toMainland China and a leading hub for offshore RMB business, HongKong can offer an ideal platform to link Islamic and RMB financingtogether by developing financial products that are Shariah-compliant and,at the same time, denominated in RMB.Through Hong Kong’s platform, international investors in the Islamicworld can easily tap the appealing growth story of the Mainland.This is especially given the fact that many investors are now activelylooking for investment opportunities in Asia, particularly MainlandChina, to diversify their investment portfolios.At the same time, Mainland issuers can also make use of our platform toreach out to the increasingly wealthy investor base in the Islamic world. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 13612. Clearly, there is a strong foundation for both sides to work together tocomplement each other, grow the pie bigger and achieve a win-winproposition in developing Islamic finance.For this important reason, the HKMA entered into a Memorandum ofUnderstanding (MoU) with Bank Negara Malaysia in 2009 to strengthenmutual co-operation in the area of Islamic finance.We are very pleased to have worked closely with Bank Negara Malaysia toput together and bring this workshop to Hong Kong under the frameworkof the MoU.Building a deep talent pool is crucial for further development of theIslamic finance industry.Workshops of this kind will undoubtedly help to promote marketawareness and knowledge of Islamic finance, while also providing anexcellent forum for market players to exchange views and businesscontacts.We will continue to work closely with the Treasury Markets Associationto raise the expertise in Islamic finance in Hong Kong.13. Apart from our continuous efforts to put in place a conducive platform,it is also crucial for market players to maximize their readiness to graspthe opportunities brought by the development of Islamic finance in HongKong.After all, market players will be the ones who drive the growth of themarket ultimately.So, I highly encourage you all to gear up for the new opportunities aheadof us.On this, I am pleased to note that some financial institutions have alreadystarted to get ready by mobilizing their staff in the Middle East orMalaysia to Hong Kong, as well as providing training to their staff inHong Kong. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 137The fact that you are here today is also a good indication that you arekeen to prepare yourselves.I hope you would take the most out of this workshop.14. Thank you. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 138Interview with Gabriel Bernardino,Chairman of EIOPA, conductedby Nataša Gajski Kovačić, Svijet osiguranja(Croatia)In the best scenario, the beginning of Solvency IIimplementation should be either in 2015 or 2016,as Mr. Bernardino has recently said.He added that the date depends on the length ofthe legal and political process.Previously it was announced that fullimplementation of Solvency II will happen at thebeginning of 2014?What is the reason of the delay of Solvency II?First of all let me give you an overview of the EUlegal process that precedes the implementation ofSolvency II.We have a Level 1 text – the Solvency II Directive,which was adopted in 2009, it is a principles baseddocument.The Level 2 text will contain detailed rules of theSolvency II regime.This document is called Implementing Measuresand will be prepared by the EuropeanCommission.Finally we have Level 3 & Technical Standards,which concerns purely technical matters andrequire supervisory expertise rather than strategic _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 139decisions or policy choices.The Technical Standards are to be prepared by EIOPA and then adoptedby the European Commission.The EU trilogue parties (the European Commission, the EuropeanParliament and the Council of the EU) still need to decide the scope andthe legal basis for the Technical Standards that EIOPA has to draft.This decision will be introduced in the so called Omnibus II Directive.Only after the finalization of the Omnibus II Directive, the Commissionwill come up with the Implementing Measures and EIOPA – withTechnical Standards.Last year the trilogue parties agreed that a final decision on the OmnibusII Directive can be taken only after EIOPA conducts the Long TermGuarantee Assessment (LTGA).EIOPA supports this approach because before moving forward withSolvency II we indeed need to agree on a sound and prudentregime for the valuation of long term guarantees.On 28 January 2013 we launched this study and hope to present itsfindings and our conclusions in June 2013.Afterwards we expect that the Omnibus II Directive will be finalized.Some insurance companies complain that the Solvency II scheme favorsbigger insurers who have the resources to easily adjust to the new regime.They complain that the cost of preparation are too big already.How do you comment that?No, Solvency II is a neutral framework. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 140Already the level 1 text states that the Directive should not be tooburdensome for small and medium sized insurance companies.And one of the means to achieve this objective is the proper application ofthe proportionality principle.In our work related to the drafting of Technical Standards, we always takeinto account proportionality aspects that are related to the size,complexity or risk profile of insurance companies.As regards the costs of preparation, let’s ask ourselves: do we want tokeep the existing Solvency I regime?No, because Solvency I is not risk sensitive, it contains very fewqualitative requirements regarding risk management and governance anddoes not provide supervisors with adequate information on theundertaking’s risks.Comparing to the current regime, Solvency II has a clear benefit – it is arisk& based regime, it helps companies to better understand and managetheir risks.Solvency II is a huge step in terms of transparency as it will bringharmonized reporting framework and reliable disclosure.I am convinced that Solvency II will provide an appropriate basis forincreased policyholder protection and will contribute to reinforcingfinancial stability in general.The costs of preparation will be higher for the companies that want to useinternal models for the calculations of their capital requirement.That will not be the case for the vast majority of companies in the EU.Do you think that European insurers are prepared for the transition toSolvency II?Where do you expect the biggest problems to occur? _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 141We are confident about the preparation level of insurance undertakings.At the same time we want to use the delay in Solvency II implementationfor tackling possible problems in a consistent and convergent way andhere I would like to mention EIOPA Opinion on interim measures relatedto Solvency II, which we issued in December last year.In this document we indicated that we see a great necessity in suchinterim measures because there is a risk that due to the delay of a finalagreement on Solvency II, a number of European supervisors maydecide to develop national solutions in order to ensure sound risksensitive supervision.So instead of reaching consistent and convergent supervision in the EU,different national solutions may emerge to the detriment of a goodfunctioning internal market.EIOPA will develop Guidelines that are addressed to the nationalcompetent authorities and that are related to such stable elements ofSolvency II that are unlikely to be influenced by the finalized Omnibus IIDirective.These Guidelines will cover the system of governance, including riskmanagement, ORSA, pre application of internal models, and reporting tosupervisors.I must say that our initiative to develop the Guidelines was approved byEIOPA Board of Supervisors (BoS), which consists of all the nationalsupervisory authorities of the European Economic Area and also receiveda very positive feedback from the European Commission.In April we hope to have the first draft Guidelines ready.Afterwards we will put them out for a public consultation.After the public consultation the Guidelines will be finalized and will betabled to EIOPA Board of Supervisors in Autumn 2013. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 142As of 2014 the Guidelines are supposed to start to be implemented,however we are fully aware that it will not be possible for the supervisorsto comply with everything as of 1 January 2014.So here again we take into account the proportionality principle: whilepreparing the Guidelines we are considering their gradualimplementation.The Guidelines are focused on the preparation for Solvency II.With this step we will ensure a smoother transition to the new regime,both by undertakings and supervisors.Croatia is about to join the EU thus July – what big changes can weexpect in insurance world?As all the other EU members, Croatia will have to comply with the EUlegislation and, thus, for example with EIOPA Guidelines related to theinterim measures for the Solvency II implementation or with theGuidelines on complaints handling by insurance undertakings that weissued in 2012.I am confident that the membership in the EU will open to Croatianinsurance market the possibilities for future growth, while the EuropeanSystem of Financial Supervision will contribute to preserving the financialstability and enhancing consumer protection in the Croatian insurancemarket.Are you familiar with the work of insurers in Croatia?How do you cooperate with our national supervisory authority Hanfa?Yes, the information exchange among competent supervisors and EIOPAis one of the purposes for which the European System of FinancialSupervision (ESFS) was created.As regards the cooperation, EIOPA started to prepare the ground _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 143for welcoming the Croatian Financial Services Supervisory Agency(HANFA) to our Board of Supervisors already in 2011.In 2012 HANFA became an observer of the BoS and started thepreparatory work in order to comply with all the necessary requirements.The members of the HANFA Board and its staff members alreadyactively participate in EIOPA activities such as the meetings of EIOPABoard of Supervisors, various committees and working groups andEIOPA trainings and seminars.Soon the HANFA will become a voting member of EIOPA Board ofSupervisors.The tasks of our BoS are wide ranging.The BoS is the main decision making body of EIOPA, it adopts all theopinions, recommendations and decisions issued by our Authority;approves our budget, annual and multi annual work programmes andannual reports.So National Supervisory Authorities closely participate in the work ofEIOPA and are aware of all our initiatives and achievements.Is there some kind of special treatment towards new members in EIOPA,do they have some period of adjustment?No, the preparation started well in advance and no special transitionperiod for the CFSSA will be needed.When Croatia becomes part of the EU, what will your authorities ininsurance politics in Croatia be?EIOPA is responsible to develop technical standards, that will becomemandatory and guidelines that HANFA will need to comply or explain.So the regulatory framework will be influenced by EIOPA. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 144Furthermore, EIOPA has the power to investigate possible breaches ofthe EU Legislation in EIOPA’s scope of activities.If EIOPA makes a conclusion that the Breach of the EU indeed tookplace, the Authority will issue a recommendation addressed to therespective national supervisor.In some limited cases EIOPA action can be applied to the individualcompanies.But this might happen only in case the national authority does not complywith actions recommended by EIOPA or the European Commission.In this case the Chairman of EIOPA has a right to propose to the Board ofSupervisors an individual decision addressed to a financial institution inwhich requiring the necessary action to comply with its obligations underthe Union law.Such a decision may require the cessation of any practice.Many insurers operate on the European and global level so they aresometimes confronted with different supervisory regimes or practices ;how can that be resolved?The first step is to build up a harmonized prudential framework in theEU.That is the purpose of the Solvency II.Secondly we need to assure that day to day supervision of financialinstitutions is done within a consistent framework.EIOPA will develop a Supervisory Handbook that would work as aguidebook for supervision in Solvency II, setting out good practices in allthe relevant areas of supervision.This handbook will foster the implementation of a more consistentframework for the conduct of supervision. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 145Furthermore, there is a strong role for the colleges of supervisors.In the end of 2012, 91 insurance groups with cross&border activity wereidentified in the European Economic Area (EEA).Colleges represent a very important tool of group supervision becausethey provide necessary platform for the gathering and dissemination ofinformation especially in case of concerns or emergency situations thatoccur.Colleges help to develop a common understanding of the risk profile ofthe groups, to achieve coordination of supervisory review and riskassessment at a group level as well as to establish supervisory plans forthe mitigation of risks at a Group level.The Regulation establishing EIOPA empowered our Authority toparticipate in the colleges with a view to streamlining the functioning andthe information exchange within colleges.The strategic goal of our college work is to set up consistent, coherentand effective EEA-wide supervision of cross-border insurance groups forthe benefit of both group and solo supervision.Every year we set a yearly action plan for colleges and also publish ourannual reports on the functioning of colleges.In the course of 2012, EIOPA attended almost all college meetings for 75insurance groups.We contributed to the work of colleges by developing a catalogue forregular information exchange and by providing specific presentations incolleges about EIOPA’s regular assessment of risks faced by the EEAinsurance industry.How will Solvency II apply to pension funds? What can pension fundsexpect out of Solvency II? _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 146Right now & nothing. The review of the IORP Directive is a differentprocess and is in a different stage.We believe that occupational pension funds also need to have a muchmore risk based regulation.As part of the process to advise the European Commission on the reviewof the IORP Directive,, we conducted the first Quantitative Impact Studyfor occupational pensions.But sufficient time needs to be taken to get the right approach.At the moment we have three main conclusions.First, is that the requirements and principles that we have in Solvency IIon the governance side should also be applied to occupational pensionfunds.The principles, especially the requirements about risk management, arevery much relevant for occupational pension funds, too.But of course they should be applied using a proportionality principle.The second conclusion is about transparency.Solvency II improves information not only for supervisors but also for allthe externals parties.We recommended the Commission for example that in case of definedcontribution schemes a key information document should be given to thepotential and already existing members of the pension plan.This document should outline costs, charges, commissions and risks.The third conclusion is that also in the occupational pension funds youshould have an economic valuation of assets and liabilities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 147We need to prevent the situation when a problem is faced, but it is too lateto solve it.At the same time I used to repeat that we are very much against acopy&paste exercise from Solvency II to IORP Directive.We do realize the differences between insurance companies and IORPsand these differences should necessarily be taken into account.Your opinion on the role that insurance companies dealing with lifeinsurance have in providing for wellbeing of elderly people?Insurance companies can and do play a particularly relevant role inprioritizing security and long term savings.Life insurers are experts in risk management, they are used to deal withdemographic, biometric and investment risks.They are very well placed to offer good solutions for retirement savings.Due to this important role, regulation and supervision are much relevantto ensure that insurance undertakings have robust solvency and that theyprovide policyholders with transparent information about the productsand their risks. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 148Interview with Carlos Montalvo, Executive Director of EIOPAConducted by Victoria Tozer Pennington, the Risk Universe (the UnitedKingdom)The recently announced further delay to Omnibus II have been greetedwith dismay by firms eager to see the final rules to Solvency II.How do you account for the delays and what is your advice to firms?Carlos Montalvo Rebuelta: A credible timeline for the implementation ofSolvency II is a must have.Regardless of these uncertainties, there is a strong need for risk-basedsupervision.This need has been only reinforced by the lessons taken from the currentcrisis.In order words, the idea and the principles of Solvency II are more actualand valid than ever.Our advice to the firms is not to wait until the political discussions areover, but to use the time in order to better prepare for Solvency IIinternally: to make sure that the Boards of firms keep consideringSolvency II a priority; and to take advantage of the information that theyare already collecting, as part of such exercise, in terms of betterunderstanding the risks they face, and how to address them.In the absence of a final agreement on Solvency II in the scheduledtimeline, EIOPA has expressed an opinion in order to ensure andenhance sound risk based supervision and prepare the industry for thefinal Solvency II Directive.Instead of reaching consistent and convergent supervision in the EU,different national solutions may emerge to the detriment of a goodfunctioning internal market.In order to avoid this scenario EIOPA decided to develop guidelines and _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 149to take a lead in the preparatory process aimed at a consistent andconvergent approach with respect to the preparation of Solvency II.EIOPA Guidelines will allow supervisors and undertakings to be betterprepared for the application of the new regulatory framework.To cut a long story short, the guidelines are an excellent way for all partiesto use the extra time of the delay as a way to be better prepared forimplementation.How have the individual Member States of the European Unionprogressed with their adoption of Solvency II and are you confident allwill be able to implement the final rules on time?Montalvo: The Member States can and must successfully implementSolvency II and they have already started to make necessary preparationsfor it.Some steps in the right direction have already been taken, there is a goodwork already in progress, but there are still challenges with regards to thewhole implementation process both for companies and supervisors.Ignoring them would be irresponsible.In your opinion how will Solvency II serve to reduce cost, complexityand risk for insurance firms?Montalvo: First of all, it is not possible to eliminate or even reduce risks.The insurance business is a risk-related business that by its nature isbased on taking, managing risks and making profit out of those risks.The objective of Solvency II is not to reduce risks, but to allow companiesto properly understand, price and manage the risks they face.Solvency II will enhance better understanding of the risks, and suchunderstanding will help companies to better manage the risks andtherefore, to make better decisions. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 150This will create an immediate benefit to the undertakings.As regards complexity, complexity is particularly challenging for smalland medium-sized enterprises.Solvency II is more complex than it was originally foreseen.Beyond the principle of proportionality and its application, we havecurrently on our table such initiatives as looking for the calculation of theSolvency capital requirements (SCR) and developing an IT tool tofacilitate it, or a toolkit to convert data required into XBRL.We acknowledge the problem and together with industry we want to findways to tackle the excess of complexity of the framework, becausecomplexity should never be an obstacle to the clear benefits of SolvencyII.Why are insurers having such difficulty communicating the impact ofSolvency II to the business?Montalvo: Solvency II provides firms with a lot of relevant information forthem to run their business, and to do so in a more sound manner.But this also implies changes and it is always challenging to explain thebenefits of change, to send the message that we may have to change ourapproach to certain risks, products… that are embedded in the normalfunctioning of the company, simply because they can threaten the firmitself.Compliance with the rulebook is certainly not the driver towards SolvencyII, as it only brings the downside of it, costs and complexity, but not theupside, namely quality information, understanding of risks and thesubsequent opportunities.Therefore, a change of approach, in terms of both action andcommunication, should take place to deal with the described situation. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 151There are significant data management issues connected with SolvencyII; do you recognise the challenges firms face and what advice do youhave in this area?Montalvo: We are aware of the challenges originated by reportingrequirements and we are working in order to minimize this burden forcompanies.The data challenges come from two sources: the valuation of the activityusing a harmonised market consistent approach and the detailedrequirements for public disclosure and supervisory reporting.The market consistent valuation is a high_level principle, which was setearly on in the process (Article 75 of the Solvency II Directive).EIOPA recognised from the start the data challenge that undertaking willface and has expended maximum effort to allow undertakings to startpreparing themselves, by consulting on the detailed expectationsregarding public disclosure and supervisory reporting.The implied advice remains the same: continue (or urgently start for thelate comers) to prepare your internal systems to be ready on time.EIOPA has also recently launched an IT development project (Tool forUndertaking) to make sure that all undertakings will have access to atleast one costless possibility to create the Solvency II reportingsubmissions expected by supervisors.The ORSA [Own Risk and Solvency Assessment] remains a challenge formany insurers, which has not been helped by a lack of detailed guidancefrom the regulators.Given how much firms are struggling with this, do you expect to offermore guidance once the final rules are published? Ifso, when and on which areas?Montalvo: The ORSA process must be owned by the company. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 152We indicate the aim of ORSA but cannot provide very detailed guidancebecause we don’t want to intervene in the management processes ofcompanies and to tell them how exactly they should conduct the ORSA.At the same time we understand the concerns of industry and preciselybecause of this, we already conducted public consultation on ourpreliminary views on the ORSA.And this is not the end of our work on ORSA, but a link to the work weare doing in terms of supervisory review process and other areas.We plan to continue involving the industry on how to enhanceunderstanding and how to make the ORSA an operative toolkit for thecompanies, a toolkit that would allow them to understand their solvencyposition, their risk challenges and the continuity of their business, beyonda one year time horizon.In terms of supervision, the ORSA should be brought to a qualitative leveland that is what EIOPA is also working on.A final point I think appropriate to raise on ORSA is its use as a way toimpose add-ons by supervisors.If we would do so, it would be a one and done exercise, we would neverrealistically be able to pretend that undertakings would perform, for theirown internal purposes, a serious ORSA exercise, but a compliance boxticking one.A recent survey showed that although firms (in the UK specifically) arewell on their well to implementing their internal models, sources saythat the bigger issue of passing the use test could be a problem.Do you have any advice on preparing for the use test?Montalvo: Internal models go beyond a simple toolkit to calculate capitalrequirements because they are a fundamental management toolkit. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 153On the basis of this, since day one, the use test became a cornerstone ofthe whole process.As part of the use test, undertakings need to demonstrate that the internalmodel is widely used in terms of decision making and plays an importantrole in their system of governance, and that the model at all times reflectsthe risk profile of the undertaking.EIOPA is developing guidelines that will clarify the requirements relatedto the use test.These guidelines have already been pre-consulted with selectedstakeholders.One of the most crucial points is that national supervisory authorities(NSAs) should asses individually the compliance with the use test foreach undertaking individually according to the requirements.Although there are minimum requirements for the use test, there is nodetailed and complete list of uses that the undertakings have to abidewith.EIOPA recognises that the uses of the internal model will vary fromundertaking to undertaking.NSAs will assess compliance with requirements based on proportionality.Some uses may not be materially important to the undertaking given thenature of their business.Does EIOPA have any information on the preferred blend of scenariosand loss data from a modelling perspective?Montalvo: Internal models by definition are tailored to the specific needsof individual companies. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 154On that basis EIOPA cannot have any concrete preferred approach whenit comes to blend of scenarios and loss data and in general to internalmodels as they are specific to companies.It is up to the undertaking to justify its own approach and methodology tothe supervisory authority as part of the approval process of the use of aninternal model for the calculation of the solvency capital requirement.This justification includes demonstrating both that the approach isadequate taking into account the specific risk profile of the undertaking,and that the internal models requirements related to test and standardsare fulfilled.From an operational risk loss data point of view, firms are coping with adearth of data and scaling issues using external loss data.Has EIOPA done any work on this area or can you offer some advice tofirms on the issue of the preferred use of internal and external loss data,sources of loss data, and scaling problems?Montalvo: EIOPA or more precisely, its predecessor CEIOPS hasperformed several studies in order to calibrate the Operational RiskCapital Charge.The studies were based on different sample sizes (number and size ofundertakings) in different Member States.The final calibration was based on the analysis of larger sample of data.It is important to note that the results are not far different from thoseproduced by other analyses. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 155Reviewing filings for smaller publiccompaniesThese slides were presented at the Forumson Auditing in the Small BusinessEnvironment hosted by the PCAOB during2012.Participants were auditors from smallerregistered public accounting firms.The slides are intended to provide a sampling of issues that the Staff ofthe Division of Corporation Finance (“CF” or the “Division”) frequentlyencounters when reviewing filings for smaller public companies as well asan overview of developments within the Division.Comments issued by the CF Staff may be different from those includedhere based upon individual facts and circumstances.The slides are accompanied by detailed notes that provide additionalcontext. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 156The Division assists the Securities and Exchange Commission (the“Commission”) in executing its responsibility to oversee corporatedisclosures to the investing public.Companies are required to comply with regulations pertaining todisclosure that must be made when securities are publicly sold and thenon a continuing and periodic basis.The Division Staff reviews the disclosure documents, provides companieswith assistance interpreting the Commissions rules, and recommends tothe Commission new or revised rules for adoption.The Division reviews documents that publicly-held companies arerequired to file with the Commission.These documents disclose information about the companies financialcondition and business practices to help investors make investmentdecisions.Through the Divisions review process, the Staff checks to see ifpublicly-held companies are meeting their disclosure requirements in aneffort to improve the quality of the disclosure. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 157The Division provides administrative interpretations of the Securities Actof 1933, the Securities Exchange Act of 1934, and the Trust Indenture Actof 1939, and related rules and regulations.The Staff provides interpretative guidance to registrants, prospectiveregistrants, and the public to help them comply with the law and relatedregulations.For example, a company might ask whether the offering of a particularsecurity requires registration with the SEC.The Division may communicate its guidance orally, or the Division usesno-action letters and interpretive letters to provide guidance on theregulations in a more formal manner.Additional information about the Commission’s implementation of theDodd-Frank Wall Street Reform and Consumer Protection Act can befound at http://www.sec.gov/spotlight/dodd-frank.shtml.TheJumpstart Our Business Startups (JOBS) Act, which was enacted on April5, 2012, made several significant changes to the securities laws.Title I of the JOBS Act, which was effective immediately upon enactment,creates a new category of company called an “emerging growth _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 158company,” which is defined as a company with total annual grossrevenues of less than $1 billion during its most recently completed fiscalyear and has either(1) not yet had or(2) had after December 8, 2011, its first sale of common equity securitiespursuant to an effective registration statement under the Securities Act of1933.A company retains its status as an emerging growth company until theearliest of the following:•The last day of the fiscal year of the issuer during which it had totalannual gross revenues of $1 billion or more (the Commission is requiredto index this amount for inflation every five years);•The date it is deemed to be a large accelerated filer under Commissionrules (including a public float of $700 million or more);•The date on which it has issued more than $1 billion in non-convertibledebt in the previous three years; or•The last day of the fiscal year following the fifth anniversary of the firstregistered sale of common equity securities of the issuer.Accommodations available to EGCs include the following, depending ontheir facts and circumstances:•Confidential submission•Financial reporting accommodations related to: •Number of years of financial statements presented •MD&A •Selected financial data _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 159•Delay in adoption of new or revised accounting standards until the datethat a non-issuer would be required to comply with such standards•Exemption from auditor attestation on internal controls over financialreporting (SOX 404(b))•Other Additional information about the JOBS Act can be found athttp://www.sec.gov/divisions/corpfin/cfjobsact.shtml.Additional information about the Commission Statement in Support ofConvergence and Global Accounting Standards can be found athttp://www.sec.gov/spotlight/globalaccountingstandards.shtml.The Final Staff Report on the Work Plan for the Consideration ofIncorporating International Financial Reporting Standards into theFinancial Reporting System for U.S. Issuers can be found athttp://www.sec.gov/spotlight/globalaccountingstandards/ifrs-work-plan-final-report.pdf.The Division of Corporation Finance Financial Reporting Manual can befound at:http://www.sec.gov/divisions/corpfin/cffinancialreportingmanual.shtml. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 160The summary of updates can be found athttp://www.sec.gov/divisions/corpfin/cffinancialreportingmanual.pdf#changes.The Corporation Finance Compliance and Disclosure Interpretations canbe found at http://www.sec.gov/divisions/corpfin/cfguidance.shtml.CF DisclosureGuidance Topics can be found athttp://www.sec.gov/divisions/corpfin/cfdisclosure.shtml#cfguidancetopics. SEC CF Staff Review of Common Financial Reporting IssuesFacing Smaller Issuers (Dec. 2011) slides can be found athttp://www.sec.gov/news/speech/2012/spch020912co.pdf.As required by the Sarbanes-Oxley Act of 2002, the Division undertakessome level of review of each reporting company at least once every threeyears and reviews a significant number of companies more frequently.In addition, the Division selectively reviews transactional filings –documents companies file when they engage in public offerings, businesscombination transactions, and proxy solicitations. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 161To preserve the integrity of the selective review process, the Division doesnot publicly disclose its review criteria.This Division continues to exceed the Sarbanes-Oxley review mandate.CF Staff conducted over 5,000 company reviews last year.The Division’s comments are in response to a company’s disclosure andother public information and are based on the CF Staff’s understanding ofthat company’s facts and circumstances.Make sure you understand the type of response we are looking for.We usually issue three types of comments:(1) request for additional information;(2) request for additional or clarifying disclosure in a future filings; or(3) request for amendment of the filing to revise financial statements ordisclosure.If you do not understand which type of comment we issued, give us a call. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 162A company is generally expected to respond in writing to each commentin a letter from the CF Staff.A company’s explanation or analysis of an issue will often satisfactorilyresolve a comment.Depending on the nature of the issue, the CF Staff’s concern, and thecompany’s response, the CF Staff may issue additional commentsfollowing its review of the company’s response to its prior comments.This comment and response process continues until the CF Staff and thecompany resolve the comments.In some cases, it may be necessary to amend a previously filed report orother filings as the result of comments.Once we complete our review, we typically send the company a letterindicating we have completed our review and have no further comments.The SEC publicly releases comment letters and response letters no earlierthan 20 business days following the completion of the review of the filing.In the event that a company does not respond to a comment letter or staffinquiries, we will consider what additional actions may be necessary inorder to resolve the issues raised in our comment letter.If we are unable to satisfactorily communicate with the company, we mayeventually issue a “review termination letter” that includes a ten daydeadline for response.This letter explains that, in the event the company does not provide aresponse, the staff will consider how to resolve any outstanding issues.Among other things, we may decide to release publically comment lettersand response letters relating to disclosure files it has reviewed to ensurethat we fulfill our investor protection responsibilities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 163All correspondence must be filed on EDGAR.If you do not want certain parts of your response to be released publiclyafter completion of the review process, consider discussing with yourlegal counsel how to request confidential treatment of a portion of yourresponse under Rule 83.Companies are allowed to request that certain information receiveconfidential treatment, but you can not request that too much or all ofyour response be provided to us confidentially.Check our website, which includes helpful information about requestingconfidential treatment.It may be easier to respond to comments if you have documented yoursignificant accounting decisions along with the literature you relied upon,the alternatives considered, and the basis for your conclusions,contemporaneously with the transaction.Going through this process at the time of the transaction will allow you torespond more efficiently and effectively to CF Staff comments. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 164Our comment letters request that you respond to the letter within tenbusiness days.If you are unable to respond within this timeframe, please call us todiscuss a potential extension. In some circumstances we may ask to havethe extension request in writing and submitted to EDGAR.Companies should respond to all comments in the letter, including allparts of the comment.We sometimes send a follow up letter since some portions of our originalcomment letter were not fully addressed.If you do not understand what is being asked in the comment letter, pickup the phone and call us.Our phone numbers are located in the last paragraph of our commentletters.We generally appreciate if you could schedule a conference call inadvance.It allows us time to prepare for the call - so we can make the call asproductive as possible.We also encourage you to invite all interested parties to the first call toeliminate the need to repeat information in any subsequent calls. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 165This is not a pre-determined list of staff focus.When we review a registrant’s filings we are literally “reviewing thatregistrant.”Any comments that result are specific to the registrant, including itscurrent circumstances, what is happening in its industry and any otherrelevant factors. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 166Reverse mergers refers to a private operating company merging with apublic shell company.This method of registration is reported on a Form 8-K rather than a 1933Act registration statement.There are several accounting and reporting complexities with thesetransactions.They can be problematic in the review process because at the time the CFStaff reviews these transactions, the Form 8-K has already been filed andthe transaction has been consummated.In certain circumstances, the due date or filing date of the Form 8-K,whichever is earlier, occurs after the end of the private company’s mostrecently completed annual or quarterly period, but before financialstatements for that annual or quarterly period would be required to bepresented in a Form 10.In these circumstances the financial statements of the private operatingcompany required by Items 2.01(f) and 9.01 of Form 8-K may not includethe private company’s most recently completed annual or quarterlyperiod.The registrant, however, remains subject to Exchange Act Rules 13a-1and 13a-13, or 15d-1 and 15d-13, requiring annual and quarterly reports,respectively.The registrant must file its applicable annual and quarterly reports.Additionally, the registrant must file an amended Form 8-K with thefinancial statements of the private operating company’s most recentlycompleted annual or quarterly period prior to the date of the reverserecapitalization, as applicable, within the number of days applicablebased on the shell company’s filing status (60, 75, and 90 days for annualperiods and 40, 40, and 45 days for interim periods for large accelerated,accelerated, and non-accelerated filers, respectively) after the privateoperating company’s period end. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 167Unless the same audit firm audited both the registrant and theaccounting acquirer, a reverse merger always results in change ofaccountants for purposes of Item 4.01 of Form 8-K.While the historical financial reporting for pre-transaction periods maychange to that of the private operating company once the transaction hasoccurred, the registrant has not changed in this transaction. It is still thepublic shell company, and therefore is not a newly public company forpurposes of SOX 404.However, CF Staff has issued a CDI to provide guidance to companiesthat find themselves in this situation.It acknowledges that it might not always be possible to conduct anassessment of the private operating company or accounting acquirer’sinternal control over financial reporting in the period between theconsummation date of a reverse acquisition and the date ofmanagement’s assessment of internal control over financial reportingrequired by Item 308(a) of Regulation S-K.It also recognizes that in many of these transactions, such as those inwhich the legal acquirer is a non-operating public shell company, theinternal controls of the legal acquirer may no longer exist as of theassessment date or the assets, liabilities, and operations may beinsignificant when compared to the consolidated entity.Therefore, CF Staff does not object if the registrant excludesmanagement’s assessment of internal controls over financial reporting(“ICFR”) in the Form 10-K covering the fiscal year in which thetransaction was consummated.However, this CDI would not apply if the company had to file anamended Form 8-K under the Rule 13a-1 interpretation discussed above . _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 168This slide provides an example of the reporting under the CF StaffInterpretation of Rule 13a-1 discussed on the prior slide.In SEC Release No. 33-8587, the SEC determined that investors inoperating businesses newly merged with shell companies should obtainthe same level of information as provided for reporting companies thatdid not originate as shell companies.Therefore, they are required to include equivalent information as if theywere registering under the Exchange Act. Accordingly, the CF Staff looksto the accounting acquirers eligibility as a smaller reporting company atthe time of the reverse acquisition for purposes of the disclosures to beprovided in the Form 8-K. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 169Under current accounting literature, the acquisition of a private operatingcompany by a non-operating public shell company is considered by theCF Staff to be a capital transaction in substance rather than a businesscombination (it is outside the scope of FASB ASC Topic 805).That is, the transaction may be viewed as a reverse recapitalization —issuance of stock by the private operating company for the net monetaryassets of the public shell company accompanied by a recapitalization.In order to reflect the change in capitalization, earnings per share shouldbe recast for all historical periods to reflect the exchange ratio.The common stock account of the public shell continues post-merger,while the retained earnings of the shell company should be eliminated asthe historical operations are deemed to be those of the private operatingcompany.Where the registrant is a public shell company requiring the Form 10-leveldisclosure in the Form 8-K, the private operating company’s financialstatements must be audited by a PCAOB-registered firm and audited inaccordance with PCAOB standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 170Slides 18 through 20 provide a summarized example of reporting for a“back door” registration statement accounted for as a recapitalization. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 171CF Staff continues to issue comments on the evaluation of disclosurecontrols and procedures in quarterly and annual reporting.Item 307 requires companies to “disclose the conclusions of theregistrant’s principal executive and principal financialofficers…regarding the effectiveness of the registrant’s disclosurecontrols and procedures…” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 172Registrants should be aware that the definition of disclosure controls andprocedures is broader than the definition of internal control over financialreporting (internal control over financial reporting is generally subsumedin disclosure controls and procedures) so it is possible that disclosurecontrols and procedures can be ineffective even while internal controlover financial reporting is effective.However, the CF Staff may ask the company to support a conclusion thatdisclosure controls and procedures are effective when internal controlover financial reporting is ineffective.While there is significant overlap between the definition of disclosurecontrols and procedures and internal control over financial reporting, theconclusions related to internal control over financial reporting areseparate and distinct from the conclusions regarding the effectiveness ofdisclosure controls and procedures.In this regard, the rules require that registrants explicitly state whetherinternal control over financial reporting is effective or ineffective with noqualifying language or scope limitations.The CF Staff generally asks companies to amend their filings when itappears they have not completed an assessment, they have not disclosedtheir conclusion on effectiveness, or they have concluded that internal _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 173control over financial reporting is effective when material weaknessesexist.From a compliance perspective, companies that are subject to the auditorattestation requirement or voluntarily comply must disclose all fourelements required by Item 308(a) of Regulation S-K (non-acceleratedfilers and EGCs must only disclose the elements relevant for theirpurposes).As it relates to the framework, the Commission specified thecharacteristics of a suitable control framework and identified the“Internal Control – Integrated Framework (1992)” created by COSO as anexample of a suitable framework.The Commission Guidance Regarding Managements Report on InternalControl Over Financial Reporting Under Section 13(a) or 15(d) of theSecuritiesExchange Act of 1934 or “Management’s Guidance” highlightstwo other frameworks that meet the characteristics outlined in theadopting release and encourages companies to examine and select aframework that may be useful in their own circumstances.The CF Staff continues to comment on and observe areas wheredisclosures of material weaknesses can be improved. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 174Disclosures of material weaknesses are most useful if they provide sometransparency into the pervasiveness and impact a particular materialweakness could have on the financial statements.The CF Staff often sees material weaknesses that are narrowly focused onone particular financial statement line item in which an error wasdiscovered.For example, a company may disclose that it has material weaknessesrelated to its accounts receivable.Not only does this disclosure not specifically address the internal controlsin which there are weaknesses, it does not consider the impact that theweakness could have on other financial statement line items.Similar questions may also arise through a review of remediationdisclosures.For example, the remediation disclosures may indicate that the registrantis improving internal controls that go well beyond and impact more areasthan the narrow material weakness disclosed.The disclosures required by Item 308(c) of Regulation S-K pertaining tochanges in internal control over financial reporting are intended to alertinvestors to circumstances that may create risk through their effect onregistrants’ internal control.Since these disclosures are required on a quarterly basis, they are helpfulin providing timely information that may speak to the quality of acompany’s financial reporting in any given period and provide an updatefrom the company’s most recent annual evaluation of internal control overfinancial reporting.The CF Staff may issue comments when there is “boilerplate” disclosurethat there have been no material changes in the period in situations whereconclusions have changed from one year to the next or other identifiableevents exist, such as layoffs, change in an outsourcing arrangement, orchanges in accounting policy. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 175If a company’s conclusion on effectiveness changes from ineffective toeffective, the company shouldconsider disclosing the reasons for thosechanges.There are a number of registrants that conduct all, or substantially all, oftheir operations in foreign countries.These registrants include domestic companies that are required toprepare their financial statements in accordance with U.S. GAAP andforeign private issuers that elect to prepare their financial statements inaccordance with U.S. GAAP.In certain situations, we have issued comments to understand how thesecompanies have prepared their financial statements and assessed theirinternal control over financial reporting.In certain cases, companies have had to amend their filings to disclosethe lack of U.S. GAAP knowledge within the company as a materialweakness.Our comments focus on such issues as: the existence and extent ofeducation and ongoing training relating to U.S. GAAP; professionalqualifications of members of the accounting staff, such as a U.S. CPA _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 176license; and professional experience of members of the accounting staff,either as an auditor or preparer of U.S. GAAP financial statements.If the company uses an outside consultant to assist it, the staff may askabout that relationship and the consultant’s qualifications.We sometimes see audit reports in EDGAR filings that do NOT containthe auditing firm’s signature.The Staff believes that readers should be able to easily determine thename of the firm that audited a registrant’s financial statements andtherefore, we will request amendments for any filings that do not complywith the requirements of Regulation S-X, which requires a signature.As a result of Regulation S-T, such signature should be in typed form.We have noticed a fair number of audit reports referring to “auditingstandards of the PCAOB” instead of “the standards of the PCAOB.”Use of the word “auditing” implies that the auditor did not comply withother standards, such as the PCAOB’s professional practice standardsand the SEC’s independence standards. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 177The PCAOB requires an issuer’s auditor to refer to the “standards of thePCAOB.”However, the PCAOB does not preclude an auditor of a non-issuer fromissuing an opinion in accordance with “the auditing standards of thePCAOB,” unless the issuer’s principal auditor makes reference to theaudit report covering the non-issuer.Auditor association with cumulative amounts from inception included ina registrant’s or its predecessor’s annual financial statements is requiredas long as the registrant or its predecessor is in the development stage.This is premised on the fact that U.S. GAAP identifies these amounts as“additional information,” rather than supplemental information that isnot required to be audited.Where an auditor assumes responsibility for the audit of the entirety of thecumulative amounts from inception, the current auditor’s report wouldnot refer to the work of a predecessor auditor.Alternatively, a current auditor may rely on the work of a predecessorauditor (or predecessor auditors) with respect to discrete reportingperiods that are part of the cumulative amounts since inception, in whichcase the current auditor’s report must include a reference to thepredecessor auditor(s) and identify the periods audited by thepredecessor auditor(s) in the introductory paragraph of the audit report,and refer to the report of the other auditor in expressing the currentauditor’s opinion.When a current auditor refers to a predecessor auditor (or predecessorauditors) the filing must include the predecessor auditors’ report(s) and,where applicable, consent(s).If the PCAOB revokes the registration of an audit firm, audit reportsissued by that firm may no longer be included in a registrant’s filingsmade on or after the date the firm’s registration is revoked, even if thereport was issued before the date of revocation. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 178Financial statements previously audited by a firm whose registration hasbeen revoked would need to be reaudited by a PCAOB registered firmprior to inclusion in future filings or if included in a registration statementthat has not yet been declared effective.The test for SRC status is:-Public float < $75 million on last business day of Q2, or-If public float = $0, <$50 million annual revenues If an issuer fails toqualify as an SRC, it is not eligible for SRC status until:-Public float < $50 million on last business day of Q2, or- If public float = $0, < $40 million annual revenues If a company newlyqualifies as a smaller reporting company based upon its second quarterpublic float, it may elect to provide the scaled disclosure starting with itsnext quarterly report on Form 10-Q.While the company can provide the scaled disclosure immediately, it isstill considered an accelerated filer through the end of the fiscal year, atwhich time it becomes a nonaccelerated filer. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 179SRC Status in Transition to Other Reporting Company Status - Public float > $75 million on last business day of Q2 - If public float = $0, > $50 million annual revenuesWhile the thresholds may align with the thresholds for filer status (i.e.,nonaccelerated or accelerated), the test is for different purposes and theremay be circumstances where a smaller reporting company is anaccelerated filer or where a larger reporting company is a nonacceleratedfiler.If a company is required to exit smaller reporting company status, it maycontinue to report as a smaller reporting company through the filing ofthe annual report on Form 10-K for that year.However, while this company may still provide scaled disclosure in theForm 10-K, if the company is an accelerated or large accelerated filer itmust follow those deadlines for the Form 10-K for that year and includethe attestation report on internal control over financial reporting requiredby Section 404(b) of the Sarbanes-Oxley Act. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 180The Global FinancialSector—Transforming the LandscapeBy Christine Lagarde, Managing Director,International Monetary Fund, FrankfurtFinance SummitBonjour! Guten Tag ! Good day.It is a pleasure to be back in Germany andto be a part of this year’s Frankfurt FinanceSummit. I would like to thank Dr. LutzRaettig, the Chairman of the Board ofFrankfurt Main Finance, for inviting me toparticipate.Let me also thank Jens Weidmann for his very kind words of introduction.It is indeed an honor to speak today about financial sector reform, here inFrankfurt—for centuries the center of commerce and finance in the heartof Europe.This year’s Summit examines “how regulation and crisis managementwill change the world’s financial landscape”.This is exactly what we are all working towards: a new financiallandscape.History shows that financial crises often alter the financial sectorlandscape.The terrain that emerges usually features restructured balance sheets, astronger regulatory framework, and often a different population of banks.We can point to examples such as those in the Nordic and Asiancountries after crises in the 1990s. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 181But there are also examples where there was little fundamental change, orwhere improvements weakened over time as the architecture failed tokeep up with innovation.Take the United States ─ barely 20 years had elapsed between theresolution of the Savings and Loan crisis and the sub-prime debacle.While these were vastly different crises, as were their spillovers(unfortunately), real estate lending and the failure of regulation andsupervision were common denominators.The industry did not learn the right lesson.Here we are, more than five years into this crisis; has the “landscape”been transformed?In other words, have we built a stronger system?Not yet.We have made progress, but there is more to do.Our job today as policymakers and regulators is to bring about changethat is more effective and permanent; that results in a robust set of banksand also reduces the frequency and severity of systemic busts.I would like to focus today on what we believe is needed to bring thisabout.Each is a necessary, but on its own, not sufficient condition for successfultransformation.1) Global regulatory reform─how close are we to a solid set of rules?2) Balance sheet repair and banking union ─necessary and worthwhile _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 1821. Global Regulation: Reform and ReinforcePolicymakers and regulators around the world and in Europe have laidout a comprehensive reform agenda.Many long nights were spent burning the midnight oil to negotiateagreements on regulation.I participated in just a few of those “nuits blanches”.I can tell you, what Otto Von Bismarck said is true: “Laws are likesausages, it is better not to see them being made.”But the sausage-making did happen, and has produced some historicachievements.Agreements on global bank capital and liquidity regimes, and FSBstandards on Effective Banking Supervision and Resolution Regimes aremajor steps forward.Here in Europe, deeper policy commitments have greatly reducednear-term stability risks.My main concern is that progress is uneven.This risks un-doing some of our achievements.The pace of implementation has been adjusted intentionally to supportbanks on the mend, but delays also reflect difficulties in agreeing on theway forward, and pushback from industry averse to changing outmodedand dangerous business models.Let me address some of the key regulatory issues, beginning with bankcapital and liquidity:Capital and liquidityMuch has been done both on capital rules and liquidity standards as wellas setting capital surcharges for globally systemically important banks.We are, however, worried about uneven implementation of these rules,particularly the delay of Basel III in major jurisdictions.Different rates of implementation could contribute to dilution of overallminimum standards.These delays affect longer term business decisions, straining creditmarkets and spilling over to the real economy. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 183The IMF is also worried about national differences in the calculation ofthe riskiness of assets—the very basis for determining the capital needsof all banks, and the success of the new rules.Recent studies by the U.K. authorities, the Basel Committee, and theEuropean Banking Authority have found a wide variation in bank riskweights with similar risk profiles.In an interconnected world, the lowest common denominator isconnected to all.AccountingProgress with accounting standards is also mixed.For example, on this same issue of risk measurement, the two mainaccounting bodies, the International Accounting Standards Board andU.S. Financial Accounting Standards Board, have not reached agreementon a common approach for asset impairment, that is, whether to base iton expected or incurred losses.This is not just an academic exercise.As you know, it materially affects the assessment of asset quality andvaluation, which of course informs investors and regulators about aninstitution’s financial strength.Too big to fail and resolutionWhat about resolution and the big banks?The FSB led the initial progress, and the United States and the UnitedKingdom recently moved forward on coordinating contingency planswhen winding down failing cross border banks.But some banks are still considered “too-important-to-fail,” due to theirsize, complexity, and interconnectedness.This is unacceptable.The IMF estimates the implicit subsidy available to big banks in terms oflower borrowing costs at about 0.8 percentage points.Others have used this to derive a dollar figure for the five largest banks inthe U.S. of about $64 billion, roughly equivalent to their typical annualprofits — a gift from the taxpayer. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 184While this may be a simplistic approach, it highlights the socialdimension of the issue.Pressure to address the moral hazard from this problem and facilitateresolution has fostered the development of regional initiatives to legislatebanking activities or ring-fence operations, such as the Liikanen, Vickersand Volcker proposals, and the soon-to-be legislated German and Frenchreforms.While well-intentioned, these separate plans could undermine commongoals of harmonizing global standards if they are not well coordinated.The bottom line is that we have yet to fix “too-big-to-fail”.We need to forge ahead on three fronts to address the root cause of thisproblem:(1) regulation, like systemic surcharges;(2) intensive supervision; and(3) frameworks for orderly failure and resolution, nationally and acrossborders.In the coming months, jurisdictions need to spell out plans to resolveeach systemic institution, regardless of its size, inter-connectedness andcomplexity.In addition to cross-border collaboration arrangements, this requires anability to impose discipline on the managers, shareholders and juniordebt holders of large failed banks, using bridge banks or other resolutiontools to preserve the liquidity of borrowers, depositors and othercounterparties.Over the counter derivativesProgress on reform of derivative markets is too slow.We all agree that wider use of clearing houses —central counterparties —will raise transparency of over-the-counter markets and make the systemsafer.However, no authorities have met the deadlines to implement reforms.First, available data shows that the increase in the value of centrallycleared contracts has been modest. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 185For example, as of September 2012, only 10 percent of all credit defaultswaps were contracted through central counterparties.Second, data is limited, and almost nonexistent for commodity, equityand foreign exchange asset classes.This is a problem we need to address.Recent headlines suggest that banks’ internal risk management systemsare not keeping up with derivative innovation.For example, the loss by JP Morgan Chase of over $6 billion in theso-called London Whale case demonstrates the daunting complexity ofassessing risks in these big institutions, and the glaring failure of riskmanagers and policymakers in this area.Shadow bankingBack in 2009, when I was with the G-20 Finance Ministers, we made thepoint that regulation needed to cover “all markets, all products, and alloperators”On shadow banking, however, I am afraid there is not much progress toreport.This is worrisome since regulators were largely in the dark before thecrisis hit and since then, I suspect that funds have been migrating to newunregulated activities.For example, we have anecdotal evidence—because there is no officialdata—that trading is moving to unregulated hedge funds.While “Guidance” on the monitoring and regulation of money marketfunds has been published, there is little consensus on actualimplementation.There is other work in the pipeline at the FSB, but we need to see moreconcrete progress.CompensationCompensation? This has been in the headlines lately, particularly inEurope.Mark Carney stressed recently that “an important lesson from the crisiswas that compensation schemes encouraged individuals to take on toomuch long-term risk and tail risk”. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 186From a financial stability perspective, the level and structure ofcompensation must align incentives with risk profiles, and ultimatelywith performance.The common goal here is to make sure that the structure ofcompensation curbs incentives for excessive risk taking.The financial sector has a duty to live up to the highest ethical standards.To that end, the FSB forged consensus on compensation practices sometime ago.We fully support these principles and encourage all jurisdictions toimplement them.Impact in EuropeTogether with Outright Monetary Transactions and other liquiditysupport from the ECB, these reforms have helped to calm markets,particularly in Europe.Borrowers, however, particularly small business and households, havenot yet felt the impact, and rates of lending to the real economy have notyet incorporated this framework of stronger discipline, nor the pathtowards banking union.Some financial systems are still facing pressure and negative feedbackloops between sovereigns and the real economy continue.To fix this, troubled banks need to be recapitalized or wound down.This brings me to the second aspect of a new landscape—balance sheets.2. Balance Sheet Repair and Banking Union – Necessary andWorthwhileBalance Sheet Repair: The Missing Link in the Quest forRecoveryIt is possible that delays in agreement on regulatory reforms reduced thedrive to deal with needed balance sheet repair and bank resolution.Or has insufficient balance sheet repair acted as a brake on reformprogress?Either way, we need to move beyond this chicken and egg question andtackle both balance sheet repair and regulatory reform simultaneously. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 187Further progress on the regulatory reform agenda is essential, but to getcredit flowing in support of a recovery, banks have to be in a financialposition to respond.Again we can point to some progress: U.S. and European banks havesubstantially increased their capital ratios.During 2007-2012, the number of credit institutions in Europe declinedby about 5 percent (20 banks were resolved and 60 banks have undergonedeep restructuring).But more needs to be done.Many banks are still shackled by the leftover effects of the crisis.This is the weak link in the chain of recovery.We still see fragmentation in funding conditions—a direct result ofconcerns about the quality of bank assets—which is impairing the credittransmission to the real economy.In addition, peripheral euro area banking systems remain relativelyweak, with capital buffers still low relative to impaired assets.These banks are less able to absorb losses, which worsens the drag onnew lending.This chokes off credit to viable firms and reinforces weaknesses incorporate sectors, perpetuating “zombie” companies as well as zombiebanks.There is a way out of this adverse spiral: clean up balance sheets and usea common backstop—the European Stability Mechanism (ESM)— forsystemic cases.Enhanced disclosure and credible asset quality reviews will help restoreconfidence and banks should be urged to deleverage by raising equityand cutting business lines that are no longer viable.Country authorities and the Single Supervisory Mechanism (SSM) shouldundertake selective asset quality reviews.For direct recapitalization by the ESM, modalities and governancearrangements should be established as soon as possible. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 188Banking Union in Europe—Necessary and WorthwhileOf course this is part of the bigger picture ─ full banking union inEurope.What exactly do we mean by “banking union”?We mean a single supervisory and regulatory framework, a singleresolution mechanism and resolution authority, and a common safety netthat includes deposit insurance and lender of last resort capabilities.This integrated oversight framework is the logical extension of anintegrated banking system, but it also plays a central role in the globalprocess of transformation.In many ways it represents a microcosm of the aims of the globalregulatory reform agenda.Banking union will move responsibility for supervision and potentialfinancial support to a shared level which would help contain systemicrisks and curb moral hazard.This would remove destructive incentives for deposit flight andfragmentation, and weaken the vicious loop of rising sovereign and bankborrowing costs.The IMF recently released two important papers on these issues,including last week the inaugural Financial System Stability Assessmentfor the European Union.And I would encourage you to take a look at them.Let me first recognize the considerable progress on banking union so far:agreement on the Single Supervisory Mechanism; proposals by the EC toharmonize regulations on capital (CRR ─ the Capital RequirementsRegulation, and CRD-IV, the Fourth Capital Requirements Directive),on resolution regimes, and for national deposit insurance schemes;agreement to draw on the ESM to recapitalize banks, with ECBsupervision; and finally, commitment to a Single Resolution Mechanismwith backstop arrangements to recoup taxpayer support over time.“To do” listPolicymakers need to plow ahead with their “to do” list. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 189Recent agreements are major steps towards a new landscape, but followthrough will be critical.This means swift adoption of the various directives, and ensuring thatthey are in full compliance with global accords, namely Basel III and theFSB “Key Attributes”.Other priorities include endowing the single supervisor with requisiteresources and authority; implementing the common resolution andsafety nets with a coherent, credible backstop; and setting up theresolution authority and insurance fund with access to commonbackstops.Full embrace of this Union-wide architecture is needed to ensure durablefinancial stability, but also to sustain the currency union and the singlemarket for financial services in Europe.This includes severing the link between weak sovereigns and futurebanking sector risks, otherwise, the impact of new rules and institutionson economic growth, and on the citizens of Europe, will be limited.Conclusion: enlightened stewards of the financial systemLet me conclude: I asked earlier if the financial landscape beentransformed?I would say not yet.I believe that we are making progress, but it is mostly in the wiring andthe plumbing—essential elements of a solid structure, but under thesurface.The structure is still half-built and not safe.Weak banks are still a drag on growth.Balance sheet repair needs to be tackled at the same time as regulatoryreform, in a mutually reinforcing manner.Finishing the business in both areas is necessary to reap the fruits ofhard-won gains in regulatory reform and to restore the full functioning ofthe financial sector so that it can do its job of intermediating funds toborrowers and support growth.I am an optimist, drawing inspiration from Martin Luther, who said“Everything that is done in the world is done by hope.” _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 190…. But I am also a realist.Immanuel Kant, one of the greatest German philosophers, said that“using reason without applying it to experience only leads to theoreticalillusions”.The free exercise of reason by the individual was a theme of theEnlightenment.Hopefully, we are moving toward an “Enlightened” era in global financeand regulation, one based on experience and reason. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 191Managing structural risks in the Swedishbanking sectorSpeech by Mr Stefan Ingves, Governor of theSveriges Riksbank and Chairman of the BaselCommittee on Banking Supervision, atAffärsvärlden’s “Bank & Finans Outlook”,StockholmToday I intend to speak about the Riksbank’s view of the structural risksin the Swedish banking sector and how they can be managed.As so often in recent years, I will take the crisis of 2007–2009, and the riskreassessments that banks, investors, researchers and decision-makers allover the world were forced to make as a result of the crisis, as my startingpoint.I will begin by saying a few words about the international work onregulations that arose as a consequence of the crisis.Then I will go into a little more detail about the structure and specialcharacteristics of the Swedish banks.On the basis of this, I will present my view of the possible implications ofthe implementation and follow-up of the Basel III regulations for theSwedish banks.The risks associated with banking operations need to be limitedFirst, however, I would like to give you a small example of the risks we aretalking about.The US mortgage crisis became acute in 2007 and marked the start of theglobal financial crisis. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 192At that time, the capital adequacy ratio, that is the amount of capital inrelation to risk weighted assets, in the major Swedish banks averagedaround 7 per cent.This means that for every SEK 1 000 in risk-weighted assets, the banksfunded their operations with SEK 70 of their own money and with SEK930 in borrowed money.This is in fact a rather generous calculation and includes capital thatturned out be of dubious quality.Decisions had also been made at that time that allowed the banks to usetheir own internal risk models to a greater extent to calculate their capitaladequacy requirements.The banks were thus able to substantially reduce the risk weights of theirassets, including mortgages, in the long term.The major banks’ internal risk models indicated that the risks associatedwith mortgage lending were extremely low.In several cases this meant that the risk weight of a typical mortgagecould easily be as low as 6 per cent, which meant that only 6 per cent ofthe mortgage would need to be covered.With a capital adequacy ratio of 7 per cent and a risk weight formortgages of 6 per cent, this meant that a bank could fund each SEK 1 000of a mortgage loan with SEK 996 in borrowed money and SEK 4 in its ownmoney.The risk the bank itself took when it lent SEK 2 million for the purchase ofa house thus corresponded to SEK 8 000 of its own capital.There were in fact transitional regulations that initially meant that thebanks were not able to calculate so liberally, but these were theregulations that would apply in the longer term and thus those that thebanks and investors, and often the authorities, primarily focused on. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 193Given that the banks, in Sweden and in other countries, only needed asmall amount of capital, and given that it was often assumed that theywere backed by government guarantees, it was highly profitable for themto take substantial risks.The banks themselves carried only a small part of these risks, while itturned out that the banks’ customers and the taxpayers had to carry themajor part.In several countries – Spain, Ireland and Denmark for example, inaddition to the United States – we have seen how substantial falls in theprices of the banks assets, mainly in the form of mortgages, have led tomajor economic problems.The point is that the risk capital that the banks and their shareholdersprovide is limited to the value of the share capital.But society’s risks are greater than this.A mainstream assessment in economic research is that a national crisis inthe financial system costs the economy around 60 per cent of GDP.In Sweden, this would be equivalent to over SEK 2 000 billion, or morethan SEK 200 000 per Swede.This is more than two and a half times the joint stock market value of thefour major Swedish banks at the turn of the year 2012/2013.In Sweden, we succeeded in managing the acute phase of the financialcrisis in 2008 and 2009 in a way that made it possible to limit the costs tosociety.One contributing factor was probably that the crisis of the 1990s was freshin the minds of the banks and they thus limited their risk-taking morethan might otherwise have been the case, at least with regard to theiroperations in Sweden.As we know, not all countries were as lucky. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 194The negative effects of the crisis are still in evidence in large parts of theworld – not least in several countries in central and southern Europe – andwill probably remain so for some time to come.In retrospect, it is easy to note that the combination of shortcomings inthe regulations and the profit motives of the participants on the financialmarkets contributed to one of the worst financial crises of the modern era.The details regarding the build-up of risk and the course of the crisis havebeen described several times and I will not repeat them here.It is enough this time to note that banks with a limited amount of capitaland banks with a high degree of market funding proved to be vulnerablewhen the storm broke.These insights from the crisis lie behind the regulatory work that is nowunderway in Sweden and abroad today.There is broad agreement that risk-taking in the banking sector must belimited and that its costs must be taken into account by the banks andtheir investors to a greater extent.Important steps have been taken in this direction in the global agreementon future standards for regulations in the banking sectors referred to asthe Basel III Accord.The worlds’ banks will be safer when this is implemented, which willbenefit everyone.Basel III increases the safety margins in the systemThe Basel III regulations represent the introduction of much-neededstandards that will require the banks to hold more and better capital.The minimum requirement for CET 1 capital, that is share capital andretained earnings, will be raised to 4.5 per cent of the risk weightedassets. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 195In addition to the minimum requirements there will be a capitalconservation buffer, a countercyclical capital buffer and a buffer forsystemically-important banks, which all sharpen the requirements for thelevel of CET 1 capital.In total, the Basel III Accord will represent a capital-adequacyrequirement of 7 to 12 per cent of CET 1 capital depending on howimportant the bank is in a global systemic perspective and where thecountrys economy is in the credit cycle.This is a much higher level than previously.The countercyclical capital buffer is particularly interesting.This will be built up in good times, when credit growth is higher thannormal, with the aim of creating airbags to protect the banking sector introubled times.So far, this is the instrument on which international agreement has beenreached in the field of macroprudential policy, that is a policy thatcomprises measures to prevent financial crises that are directed at thesystem as a whole.A leverage ratio requirement will also be introduced under which,irrespective of risk weights, a banks assets may not exceed 33 times itsown capital.A leverage ratio requirement represents an extra safety measure that alsolimits the banks’ possibilities to use internal risk models to actually keeprisk weights down.Basel III also sets quantitative standards for the banks’ liquidity, ashort-term (Liquidity Coverage Ratio, LCR) and a long-term (Net StableFunding Ratio, NSFR).The short-term measure means that every bank should have sufficientliquid assets to survive for at least 30 days in a stressed scenario. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 196The long-term measure, in principle, limits the gap between the maturityof a bank’s assets and the maturity of its liabilities.The standards stipulated in the Basel III Accord will be implemented innational legislation during the 2010s and should be implemented in theirentirety by 2019, with several interim targets along the way.Establishing better regulations on the banks’ capital and liquidityrepresents a major step forward.However, in a wider perspective we can note that even in the future theworlds’ banks will have capital that only amounts to a few per cent of theirassets.This is almost within the margin of error for a valuation of the total assets.The equity/assets ratio in the banking sector is only one fifth, or even onetenth, of that for companies in other sectors.However, a central element of the Basel III Accord is that the standardsare minimum regulations – countries that want to impose stricterrequirements may and should do so.We have already seen cases of this – for example in the United States, theUnited Kingdom and Switzerland.Decisions have also been made in both the United States and the UnitedKingdom on more structural measures to protect the central functions ofthe financial sector, for example through the Dodd-Frank Act and thefollow-up of the Vickers Report.In the EU, the Liikanen Report has taken up the issue of ring-fencing,that is separating the different operations of the banks from each other.The reason is that the financial systems are different in different parts ofthe world. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 197It is therefore important to design regulations that are tailored to thebanking system that has to comply with them.We also need to maintain a respectable distance to the minimumregulations.Considering what we know about the Swedish banking system, there aregood reasons for ensuring that Swedish banks comply with the globalstandards by a broad margin.The Swedish banking system is specialIt is thus important to put the Swedish banking system into perspective.The total domestic and foreign assets of the four major banking groupsamount to 400 per cent of Swedens GDP.In other words, out banking system is huge.Relatively speaking, it is on a par with the banking system in the UnitedKingdom, for example.The Swedish banking system is also highly integrated, which means thatproblems in one bank can easily lead to a crisis of confidence for theentire system.If we were hit by a financial crisis, the costs to society could thus be veryhigh.With this in mind, I intend to focus in more detail on two vulnerabilitiesin the Swedish financial system that are interlinked.The first is the indebtedness of the Swedish households.The second is the banks’ funding in foreign currencies and theirdependence on the currency-swap market. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 198The Swedish mortgage market has structural weaknessesAn issue that has been widely discussed recently is the indebtedness ofthe Swedish households and the risk of a fall in housing prices.Experience in several countries has shown that indebtedness and thedevelopment of housing prices are the main explanations of why somecountries are hit harder than others during economic crises.Similarly, crises that are preceded by a credit and housing boom tend tobe longer and more severe than other economic crises.A fall in housing prices may lead households to save rather than consumein order to compensate for the fact that the value of their homes has fallen.If many households behave in this way, this may weaken economicactivity, increase unemployment and create loan losses in the bankslending to companies.This, for example, is what has happened in our neighbouring countryDenmark in recent years.What we can note is that the credit conditions for mortgages changed inthe early 2000s.Interest-only mortgages became increasingly common at the same timeas the loan-to-value ratios increased.The banks also began to fund mortgages by issuing so-called coveredbonds on the financial markets to an increasing extent.Easy access to inexpensive funding in combination with a high demandfor mortgages led to rapid credit growth.Now, the debts of the Swedish households are high in both historical andinternational terms. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 199Although the rate of credit growth has slowed down and loan-to-valueratios have fallen – the mortgage cap introduced in 2010 has probablycontributed to this – there are still structural weaknesses on the Swedishmortgage market.For instance, the mortgage survey recently published byFinansinspektionen identifies one such weakness: approximately half ofall new mortgages are interest-only loans.This increases the scope for the households to take larger loans, which inturn increases the debt stock.Figure 1 shows household debt in relation to disposable income.It also illustrates how indebtedness in the household sector grows underdifferent assumptions about amortisation.This raises a number of questions about the future.For example, how will the average loan-to-value ratio in the banksmortgage stocks develop when older mortgages are paid off and newinterest-only mortgages are paid out?What will the long-term consequences of a weak or non-existentamortisation culture be for peoples private finances, the nationaleconomy and expectations of economic policy?These are questions that we are considering and that we will analysefurther together with Finansinspektionen. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 200The banks’ extensive market funding in foreign currenciesmakes the system vulnerableAnother structural weakness in the Swedish banking system is that thedegree of market funding is high.We can see this, for example, by looking at lending in relation to deposits.Lending is significantly higher in the Swedish banking system than inmany other European countries (see Figure 2).This is partly because Swedes to a large extent save in funds rather than inbank accounts.Another reason is that Swedish banks retain their mortgage loans on _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 201their balance sheets, while banks in many other countries “sell” them orsecuritise them.Swedish banks are thus highly dependent on the capital markets to fundtheir lending.A large proportion, almost 45 per cent, of the funding from the capitalmarkets is in foreign currencies.This borrowing funds assets in both Swedish kronor and foreigncurrencies.This dependence on market borrowing in foreign currencies gives rise totwo risks. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 202The first relates to the extent to which participants are prepared to buythe banks’ mortgage bonds and when necessary convert borrowing inforeign currencies to Swedish kronor.The second lies in the fact that the maturities for assets and liabilities inforeign currency differ.Few counterparties fund the long-term lending in Swedish kronorThe borrowing in foreign currencies also funds lending in Swedish kronorto some extent, for example for housing purposes.The Swedish banks typically fund their mortgage loans by issuingcovered bonds for which the mortgages act as collateral.A large proportion of these bonds are issued in foreign currencies, mainlyeuro and US dollars.The reason that the banks have chosen to get funding on the foreignmarkets is probably that they want to spread their sources of fundingacross different markets.This is also something that the credit-rating agencies encourage.It has also often proved to be an inexpensive method of funding mortgageloans.However, broadening the investor base may also mean that it consists of alarger percentage of volatile investors.Problems on the Swedish housing market may therefore lead to the banksfinding it difficult to refinance their mortgage loans.We actually believe that the banks can manage rather substantial falls inthe market value of housing, but if the investors assessment is that therisk have increased they may choose not to buy the Swedish banksbonds, despite the fact that they only entail a minor credit risk. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 203Such concerns may also make other types of market funding moreexpensive and more inaccessible if the investors choose to reduce theirexposures to the Swedish banking sector.We saw examples of this in the autumn of 2008, when foreign investorswished to offload Swedish mortgage securities and the market demandfor more liquid instruments, particularly Swedish government securities,increased.The Swedish National Debt Office then carried out extra issues oftreasury bills and provided loans through reverse repos in coveredmortgage bonds.At the same time, the Riksbank expanded its list of approved forms ofcollateral.All in all, this meant that in principle the government assumed the riskthat lay in the outstanding stock of Swedish mortgage loans.In order to convert borrowing in foreign currencies to lending in Swedishkronor without taking a currency risk, the banks usually conduct currencyswaps.In simple terms, this is done like this: A Swedish bank borrows euros inGermany at a maturity of five years.However, as the bank does not really need the euros but needs kronor tofund mortgage loans to Swedish households, the bank has to exchangethe euros for kronor.To protect itself against the currency risk, the bank enters into a currencyswap in which the euros are exchanged for kronor today under anagreement to exchange the kronor back to euro at a predetermined rate infive years’ time.In this way the bank matches the currencies of its assets (the mortgages)and its liabilities and thereby eliminates the currency risk. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 204The Swedish banks are thus dependent on acquiring kronor in thelong-term from a counterparty in a currency swap.They can in principle do this in three ways: through a foreign bank,another Swedish bank or an insurance company.Today, it is often a foreign bank that acts as the counterparty in theseswaps.The foreign banks do not themselves usually have any natural access toSwedish kronor.They therefore fund part of their lending in kronor by borrowing kronor inthe short-term from other Swedish banks.However, the risk is that foreign investors will leave the Swedish market ifproblems arise, as the Swedish krona is a small currency.There are also reasons for believing that the number of foreign banks thatact as counterparties to the Swedish banks is limited.Moreover, participating in the swap market is often not a central part ofthe operations of the foreign banks.This in turn has consequences for liquidity and pricing on the swapmarket.We saw an example of this when the last extraordinary loan that theRiksbank had offered the banks during the crisis matured in the autumnof 2010.Uncertainty then arose on the money market, and consequently swapcounterparties abroad who had acquired short-term funding in kronorthrough Swedish banks became less willing to enter into swapagreements with Swedish banks.It thus became both more expensive and more difficult for Swedish banksto convert foreign currency into Swedish kronor at long maturities. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 205To a certain extent, Swedish banks also act as counterparties to eachother in the swaps.However, from the perspective of the Swedish banking system this isreally only a matter of redistributing the maturity risk.The fact that the banks act as counterparties to each other also forges thelinks within the Swedish banking system even tighter.A natural counterparty for the Swedish banks could be the Swedish lifeinsurance and pension companies.These companies have long-term liabilities in kronor in the form ofpension savings that they partly invest in assets abroad.At present, these companies are not active on the long-term currencyswap markets to any great extent.The Swedish banks are therefore dependent on a tight circle ofcounterparties on the currency swap markets.A small and concentrated market means in turn that there is aconsiderable risk of disruptions and contagion effects.Long-term assets and short-term funding in foreign currencies createrisks Swedish banks have substantial assets in foreign currencies and alsohave a deposit deficit, that is they are dependent on market funding.As a large part of this market funding is short term, a liquidity risk inforeign currency also arises.The US dollar is a currency for which this risk is clear.Following the collapse of Lehman Brothers, when the dollar market waspractically closed for a while, the Riksbank needed to lend the equivalentof almost 250 billion kronor in US dollars to the banking system to preventthe liquidity risk spreading to the real economy. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 206However, as the Riksbank cannot create liquidity in foreign currencies inthe same way as it can in Swedish kronor, there are limits on the size ofthe liquidity risks the banks can take in foreign currencies without posingrisks to financial stability.There are therefore good reasons for the banks to examine the matchingof the maturities of their assets and liabilities in foreign currencies.The market for bank certificates in kronor has shrunk.It is not only long-term funding that takes place in foreign currencies.A large part of the banks’ short-term funding also takes place in foreigncurrencies, mainly US dollars and euros.The Swedish banks are, for example, important counterparties for USmoney-market funds.Sweden is the second-largest European market for the money-marketfunds – larger than the United Kingdom or Germany.Although this indicates a high level of confidence in the Swedish banks, italso entails risks.During the crisis, we saw that the money-market funds were among themore volatile investors.A high degree of funding from the money market funds also makes thebanks dependent on US regulatory frameworks and legislative processes.For short-term funding in Swedish kronor there is a market for bankcertificates.However, this market has shrunk (see Figure 3).We may wonder why this market has declined so dramatically when itseems that there should be incentives to maintain it. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 207A thriving domestic market for bank certificates in kronor would increasethe banks scope for diversification.Their dependence on markets in foreign currencies and on the swapmarket would be reduced.Although these markets usually work well and Swedish banks currentlyhave a good reputation among investors this does not always need to bethe case, as we saw in 2008 and 2009.We should of course think about how to create a liquid market for bankcertificates in kronor.One problem is that the benefits of such a market fall to the bankscollectively while the costs in the form of higher borrowing costs fall toeach bank individually.In this perspective it may be necessary to investigate whether the coststhat each individual bank pays for its shortterm funding in foreigncurrencies reflects the true costs to the Swedish financial system andSwedish society. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 208Swedish conditions require a complement to the reform agendaThe Swedish banking system is thus marked by a number ofcharacteristics that make it somewhat special in an internationalperspective – characteristics that either increase the risk of problems orthe economic costs to society if problems arise in the banking sector.There are therefore good reasons for establishing a safe margin – arespectable distance – to the minimum regulations in the Basel IIIAccord.As you know, we have already taken several steps to strengthen theSwedish banking system, over and above the commitments that Basel IIIentails.In November 2011, the Riksbank, the Ministry of Finance andFinansinspektionen announced that the four major Swedish banks would _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 209meet the capital adequacy requirements of 10 per cent of therisk-weighted assets from 1 January this year and of 12 per cent from 1January 2015.All of the four major banks now have CET 1 ratios that are higher than 10per cent according to the definition in Basel III.Three of the banks are also above 12 per cent.The Swedish authorities have also said that the banks should meet theshort-term liquidity measure in Basel III (the LCR) both in total andseparately for the euro and the US dollar.This requirement has been compulsory for the eight largest Swedishbanks since 1 January this year.The Riksbank has also recommended the banks to improve their publicinformation on liquidity risks and the degree of encumbered assets.This is because greater transparency increases both confidence andmarket discipline.I am pleased to say that the banks’ public reporting has improved in linewith the Riksbanks recommendations, although some work still remainsto be done (see Table 1). _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 210These measures have contributed to the relative stability of the Swedishbanks.But I don’t think we have finished yet.The financial system is important, and the risks in the system must beconstantly reviewed.Let me give you some examples of areas that I believe will need to beinvestigated.As I mentioned earlier, the Swedish banks’ high dependence on marketfunding entails an increased risk that they will suffer liquidity problems ina stressed situation.It is of course always possible for the Riksbank to lend Swedish kronor,but it is unreasonable for the banks to take liquidity risks based on the _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 211expectation that the Riksbank will provide extraordinary loans if thingsdo not go according to plan.The ability of the banks to comply with the Liquidity Coverage Ratio inthe Basel III Accord should therefore be investigated.The differences in the maturities of the banks’ assets and liabilities inforeign currencies that I described above are also a potential source ofconcern in more troubling times.The Riksbank cannot after all offer unlimited liquidity in any othercurrency than our own.As you know, the Riksbank has therefore recently strengthened itsforeign-exchange reserve so that in a situation in which theforeign-exchange market is seriously disrupted the Riksbank will be ableto provide extraordinary loans in US dollars and euros.The aim of course is to strengthen the Riksbank’s preparedness tosafeguard the basic workings of the financial system and thereby help usto avoid major economic costs.Given that all the Swedish banks benefit from the Riksbank’sforeign-exchange reserve, it would not be unreasonable for themto share the costs of maintaining it.If we can price this in an effective way it will also give the banks anincentive to reduce their own currency risks.This would reduce the risks to financial stability in the Swedish economy.It is of course no secret that we are also looking at mortgage loans fromthe asset side in the banks’ balance sheets.As I have already pointed out, the banks’ risk weights are very low.Finansinspektionen intends to begin applying a risk-weight floor of 15 percent for the banks’ portfolios of Swedish mortgage loans. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 212The Riksbank supports the proposal for a risk-weight floor of 15 per cent.We also believe that there are good reasons for analysing whether thisfloor needs to be raised even further.One important reason is that the public sector and non-financialcompanies would have to bear a large part of the risk if the debt-servicingability of the households were to weaken.I have also spoken about the risks arising from the fact that a largeproportion of the mortgage loans are interest-only loans.In this context, the Swedish Bankers’ Association’s recommendation thatall mortgages that exceed a loan-to-value ratio of 75 per cent should beamortised is of course welcome, although one may ask whether this isenough.Mortgages were amortised to a greater extent a few decades ago, at thesame time as inflation automatically reduced the real debt ratio.I believe that more amortisation may be needed, especially in the currentsituation with low and stable inflation.However, before the authorities impose amortisation requirements it maybe worth reviewing other aspects of the provision of loans.One example may be how different amortisation alternatives arepresented to the borrowers.Another may be to demand that the borrowers have the financial scope toamortise their loans at a certain rate.The important thing is to restore an amortisation culture so that thehouseholds’ margins are safeguarded and the economy is protected.The Riksbank focuses on these issues because we wish to safeguard theSwedish financial system. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 213All our analysis and all our measures aim to reduce the risk of Swedenincurring major economic costs when the banking sector gets intotrouble.As a complement, Sweden also needs to put a clear framework formacroprudential policy in place.The global financial crisis demonstrated the need to complementtraditional financial supervision – micro supervision – which focuses onrisks in individual institutions, with supervision that focuses on the risksin the financial system as a whole.In January, the Financial Crisis Commission presented an interim reportwhich proposed how responsibility for macroprudential policy could beallocated in Sweden.We will therefore need to consider the Riksbanks stance on this issue.A guiding principle for us is that the body that is given responsibility formacroprudential policy needs a clear mandate with both the right andobligation to take action against risks that arise and appropriate tools thatcan be used to limit the risks.The discussion of macroprudential policy also comprises the issue of theRiksbank’s balance sheet, and particularly the foreign-exchange reserve.As you know, the inquiry conducted by Harry Flam recently presented itsproposals.Here too, the Riksbank is in the process of formulating its stance.The public are entitled to expect that the authorities act toprevent and manage financial crises in the best possible wayAll of the things I have talked about here are measures that aim to reducethe risk of a financial crisis recurring, or to limit the damage if a financialcrisis nevertheless breaks out. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 214The international process that has come to expression in the Basel IIIAccord is creating better regulations for the banks in all countries.This also benefits us here in Sweden.Over and above this, however, we have to manage the Swedish bankingsystem and its special characteristics.Sweden is a small open economy with its own currency and large banks.We need special regulations.This means that we, like a number of other countries, want to proceedmore quickly and impose stricter requirements than those in the Basel IIIAccord.However, the measures we have taken so far have already clearlystrengthened the Swedish banks.The financial sector is central in every modern society.We cannot afford recurring crises that threaten the basic functions of thefinancial sector.The public are entitled to expect that the authorities act to prevent andmanage financial crises in the best possible way.Regulations that cover the special characteristics and structural risks ofthe Swedish banking sector are central instruments in the work topromote financial stability. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 215DisclaimerThe Association tries to enhance public access to information about risk andcompliance management.Our goal is to keep this information timely and accurate. If errors are brought to ourattention, we will try to correct them.This information:- is of a general nature only and is not intended to address the specificcircumstances of any particular individual or entity;- should not be relied on in the particular context of enforcement or similarregulatory action;- is not necessarily comprehensive, complete, or up to date;- is sometimes linked to external sites over which the Association has no controland for which the Association assumes no responsibility;- is not professional or legal advice (if you need specific advice, you shouldalways consult a suitably qualified professional);- is in no way constitutive of an interpretative document;- does not prejudge the position that the relevant authorities might decide totake on the same matters if developments, including Court rulings, were to lead it torevise some of the views expressed here;- does not prejudge the interpretation that the Courts might place on the mattersat issue.Please note that it cannot be guaranteed that these information and documentsexactly reproduce officially adopted texts.It is our goal to minimize disruption caused by technical errors.However some data or information may have been created or structured in files orformats that are not error-free and we cannot guarantee that our service will not beinterrupted or otherwise affected by such problems.The Association accepts no responsibility with regard to such problems incurred as aresult of using this site or any linked external sites. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 216Certified Risk and Compliance Management Professional(CRCMP) distance learning and online certification program.Companies like IBM, Accenture etc.consider the CRCMP a preferredcertificate. You may find more if yousearch (CRCMP preferred certificate)using any search engine.The all-inclusive cost is $297.What is included in the price:A. The official presentations we usein our instructor-led classes (3285 slides)The 2309 slides are needed for the exam, as all the questions arebased on these slides. The remaining 976 slides are for reference.You can find the course synopsis at:www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htmB. Up to 3 Online ExamsYou have to pass one exam.If you fail, you must study the officialpresentations and try again, but you do not need to spend money. Upto 3 exams are included in the price.To learn more you may visit:www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdfwww.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdfC. Personalized Certificate printed in full colorProcessing, printing, packing and posting to your office or home. _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com
  • P a g e | 217D. The Dodd Frank Act and the newRisk Management Standards (976slides, included in the 3285 slides)The US Dodd-Frank Wall Street Reformand Consumer Protection Act is themost significant piece of legislationconcerning the financial servicesindustry in about 80 years.What does it mean for risk andcompliance management professionals?It means new challenges, new jobs, newcareers, and new opportunities.The bill establishes new riskmanagement and corporate governanceprinciples, sets up an early warningsystem to protect the economy from future threats, and brings moretransparency and accountability.It also amends important sections of the Sarbanes Oxley Act. Forexample, it significantly expands whistleblower protections under theSarbanes Oxley Act and creates additional anti-retaliationrequirements.You will find more information at:www.risk-compliance-association.com/Distance_Learning_and_Certification.htm _____________________________________________________________ International Association of Risk and Compliance Professionals (IARCP) www.risk-compliance-association.com