Journal Issue
Share
Article

Republic of Korea

Author(s):
International Monetary Fund. Monetary and Capital Markets Department
Published Date:
October 2014
Share
  • ShareShare
Show Summary Details

Summary, Key Findings, and Recommendations

The Republic of Korea has a moderate level of compliance with the Basel Core Principles for Effective Banking Supervision (BCP). Building upon the 2003 FSAP recommendations, the authorities have taken resolute steps to strengthen the regulation and supervision of the banking sector. However, the assessment identified gaps that need to be addressed and although the Republic of Korea counts with a strong—albeit overly complex—regulatory framework and with thorough supervisory practices, a number of areas require attention so that the Republic of Korea can meet the highest standards of supervisory effectiveness. Those areas include: broader powers to apply minimum capital requirements to individual banks; full implementation of Pillar 2 and ICAAP; and a more comprehensive approach to conglomerates. The application of Basel II to Financial Holding Companies (FHCs) would complement the transition to group supervision which began through the introduction of the FHC Act.

Despite the deficiencies identified in the assessment, the current supervisory structure has been reasonably effective and the overall vulnerability of the Korean banking system has diminished since the 2008 crisis with stronger capitalization across the sector. Supervision of the banks is structured around sound off-site supervision techniques and onsite inspections. Strengths lie in sophisticated offsite monitoring capabilities and an extensive onsite capability. The FSC-FSS collects and analyzes a broad suite of information including detailed financial and management information. The supervisory approach relies heavily on off-site monitoring and notifications of exceptions, which are supplemented by biannual full-scope on-site examinations. The existence of multiple points of responsibility, where subject matter experts are responsible for different areas of surveillance poses challenges of coordination and to derive an overall understanding risk to an institution.

The Republic of Korea is one of the first countries to be assessed under the revised Basel Core Principles (BCP) issued by the Basel Committee in September 2012. Like other countries being assessed under the new methodology, the Republic of Korea has agreed to be assessed and rated not only on the essential criteria but also on the additional criteria. It is important to note that since last assessment, conducted in 2003, the bar of the standards has been raised twice by the BCBS (the BCP methodology was revised in 2006 and again in 2012). This assessment, consequently, is not comparable with the previous assessment and, as prescribed by its methodology, should not be compared or across countries. Within the revised BCP methodology, more is expected of supervision and regulation, and much of what was considered “desirable” is now considered essential, with the lessons of crisis and evolution of financial markets and international standards. The assessment also brings a new relevance to observed implementation and practices.

There is a need to further strengthen the independence of the FSC-FSS from the political process to facilitate greater focus on promoting the safety and soundness of the banking sector. The current supervisory and enforcement structure raises a number of concerns pertaining, in particular, to its independence from political influence or the perception of it, multiple objectives that dilute the focus on the core supervisory mandate, and overlapping responsibilities and complex processes requiring intense inter-agency communication.

The FSC-FSS has a broad range of powers, measures and tools available to address threats to banks and the banking system however the length of time to communicate results of supervisory activities needs to be enhanced. The process of providing recommendations to banks based on on-site examinations, albeit recently improved, is still lengthy, which weakens its effectiveness. The follow-up process has been recently been enhanced although there is still room for improvement.

The authorities have put significant effort over the last few years towards implementing consolidated supervision but further enhancements are still necessary. Several of Republic of Korea’s main banks are large complex financial institutions with a diverse business model and a variety business lines within the group. Offsite supervision of the group is conducted through a dedicated team focusing principally on banking issues and liaises with subject matter experts. Given such background, greater coordination between the teams responsible for offsite supervision to identify exposures between group companies, and in particular, non-financial activities of a conglomerate, is needed.

Implementation of the ICAAP will be an important stepping stone in achieving an integrated approach to capital planning and higher standards of bank risk management. When fully implemented, the ICAAP process will provide a framework for a comprehensive assessment of risk and capital and will help to facilitate the transition to the full implementation of Pillar 2 of Basel II to assign individual bank capital ratios. The extension of Basel II to bank Financial Holding Companies (FHCs) will improve the consistency and comparability of the capital base for Korean banks. BII applies to the commercial banks but has not yet been extended to FHCs where capital is calculated using Basel I. The FSC-FSS plans to apply BII and BIII to FHCs by December 2013 which will strengthen the quality of regulatory capital.

The regulatory framework for concentration risk is mostly focused on large exposures and ‘name risk’ and should be expanded to incorporate a broader definition. Currently the large exposure regime is the main tool used by supervisors to monitor and identify concentration risk which captures exposures to a single name or connected parties and does not sufficiently cover a broad spectrum of concentration risk such as by industry, economic, geographic region and by market (e.g., asset classes). In addition to a broader definition of concentration risk, the regulations should explicitly require a delegation framework for the approval of large exposures.

While non-performing ratios for the domestic banks remain relatively low by international standards, there are areas to improve provisioning practices, especially where loans are reclassified as performing. Prudential regulations covering loan loss provisioning have been strengthened since the last FSAP and in transitioning to IFRS; a reserve for Credit Loss was introduced to prevent a decrease of banks’ loss absorbent capacity which has been effective. An area of weakness in the provisioning framework is the criteria for exposures to return to performing status. Regulations allow banks considerable discretion when reclassifying exposures as performing without the borrower having proved repayment capacity under revised terms. A lack of conservatism and prudence in reclassifying exposures as performing could negatively impact underlying quality of the credit portfolio. While the FSS has increased its oversight of banks’ application of internal policies for reclassification of assets, a greater amount of supervisory attention is required to ensure banks’ apply appropriate risk management around this process, especially at this point in the cycle. Since the financial crisis, government sponsored asset management companies (AMCs) have been introduced to acquire delinquent loans in several sectors of the economy. The AMCs have continued to operate as open-ended vehicles with a perception of permanency which might introduce the risk of moral hazard into bank underwriting practices.

A regulatory and supervisory framework consistent with banks should be applied to the larger NBFIs to strengthen their resilience to external shocks. The capital framework for NBFIs is a net capital ratio of equity over total assets subtracting deductions and loan loss provisions. For those NBFIs that accept deposits and are of an equivalent size to banks, the capital framework should be strengthened and calculated using the Basel Accord. Equally, the definition of default for non-banks is not consistent with the commercial banking sector creating potential for arbitrage. The definition of default for commercial banks is 90 days, whereas for non-banks it is 180 days.

A. Introduction

1. This assessment of the current state of the implementation of the BCP in the Republic of Korea has been completed as part of an FSAP update undertaken by the International Monetary Fund (IMF) and the World Bank (WB) during 2013. It reflects the regulatory and supervisory framework in place as of the date of the completion of the assessment. It is not intended to represent an analysis of the state of the banking sector or crisis management framework, which have been addressed in the broader FSAP exercise.

2. An assessment of the effectiveness of banking supervision requires a review of the legal framework, and detailed examination of the policies and practices of the institution(s) responsible for banking regulation and supervision. In line with the BCP methodology, the assessment focused on the FSC-FSS and did not cover the specificities of regulation and supervision of other financial intermediaries, which are covered by other assessments conducted in this FSAP.

B. Information and Methodology Used for Assessment

3. The Republic of Korea authorities agreed to be assessed according to the Revised Core Principles (BCP) Methodology issued by the BCBS (Basel Committee of Banking Supervision) in September 2012. This assessment was thus performed according to a significantly revised content and methodological basis as compared with the previous BCP assessment carried out in 2003, which was conducted under the first BCP methodology. It is important to note, for completeness’ sake, that this assessment cannot and should not be compared to the previous undertaking, as the revised BCP have a heightened focus on risk management and its practice by supervised institutions and its assessment by the supervisory authority, raising the bar to measure the effectiveness of a supervisory framework (see box for more information on the Revised BCP).

4. The Republic of Korea authorities also chose to be assessed and rated against the Essential and Additional Criteria. In order to assess compliance, the BCP Methodology uses a set of essential and additional assessment criteria for each principle. The essential criteria (EC) were usually the only elements on which to gauge full compliance with a CP. The additional criteria (AC) are recommended best practices against which the Korean authorities have agreed to be assessed and rated. This option was not available to assessed countries before the 2012 Revised BCP; in fact, Korea is one of the first countries being assessed under the current methodology and rated also against ACs. The assessment of compliance with each principle is made on a qualitative basis. A four-part grading system is used: compliant; largely compliant; materially noncompliant; and noncompliant. This is explained below in the detailed assessment section. The assessment of compliance with each CP is made on a qualitative basis to allow a judgment on whether the criteria are fulfilled in practice. Effective application of relevant laws and regulations is essential to provide indication that the criteria are met.

Box 1.The 2012 Revised Core Principles

The revised BCPs reflect market and regulatory developments since the last revision, taking account of the lessons learnt from the financial crisis in 2008/2009. These have also been informed by the experiences gained from FSAP assessments as well as recommendations issued by the G-20 and FSB, and take into account the importance now attached to: (i) greater supervisory intensity and allocation of adequate resources to deal effectively with systemically important banks; (ii) application of a system-wide, macro perspective to the microprudential supervision of banks to assist in identifying, analyzing and taking pre-emptive action to address systemic risk; (iii) the increasing focus on effective crisis preparation and management, recovery and resolution measures for reducing both the probability and impact of a bank failure; and (iv) fostering robust market discipline through sound supervisory practices in the areas of corporate governance, disclosure and transparency.

The revised BCPs strengthen the requirements for supervisors, the approaches to supervision and supervisors’ expectations of banks. The supervisors are now required to assess the risk profile of the banks not only in terms of the risks they run and the efficacy of their risk management, but also the risks they pose to the banking and the financial systems. In addition, supervisors need to consider how the macroeconomic environment, business trends, and the build-up and concentration of risk inside and outside the banking sector may affect the risk to which individual banks are exposed. While the BCP set out the powers that supervisors should have to address safety and soundness concerns, there is a heightened focus on the actual use of the powers, in a forward-looking approach through early intervention.

The number of principles has increased from 25 to 29. The number of essential criteria has expanded from 196 to 231. This includes the amalgamation of previous criteria (which means the contents are the same), and the introduction of 35 new essential criteria. In addition, for countries that may choose to be assessed against the additional criteria, there are 16 additional criteria.

While raising the bar for banking supervision, the Core Principles must be capable of application to a wide range of jurisdictions. The new methodology reinforces the concept of proportionality, both in terms of the expectations on supervisors and in terms of the standards that supervisors impose on banks. The proportionate approach allows assessments of banking supervision that are commensurate with the risk profile and systemic importance of a wide range of banks and banking systems.

5. The assessment team reviewed the framework of laws, rules, and other materials provided and held extensive meetings with officials of the FSC-FSS, and additional meetings with auditing firms, and banking sector participants. The assessment was made by Christopher Wilson, Monetary and Capital Markets Department, IMF, and Valeria Salomao Garcia, the World Bank. The authorities provided a self-assessment of the CPs, as well as responses to additional questionnaires, and provided access to supervisory documents and files, staff and systems.

6. The team appreciated the cooperation received from the authorities. The team extends its thanks to staff of the authorities who provided cooperation, including provision of documentation and access, at a time when staff was burdened by many initiatives related to the a change in President, responsible Minister, Heads of FSC and global regulatory changes.

7. The standards were evaluated in the context of the Republic of Korea financial system’s structure and complexity. The CPs must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of application, according to the methodology, a proportionate approach is adopted within the CP, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize that its supervisory practices should be commensurate with the complexity, interconnectedness, size, and risk profile and cross-border operation of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria. For these reasons, an assessment of one jurisdiction will not be directly comparable to that of another.

8. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. Reaching conclusions required judgments by the assessment team. Nevertheless, by adhering to a common, agreed methodology, the assessment should provide the South Korean authorities with an internationally consistent measure of the quality of its banking supervision in relation to the CPs, which are internationally acknowledged as minimum standards.

9. To determine the observation of each principle, the assessment has made use of five categories: compliant; largely compliant, materially noncompliant, noncompliant, and non-applicable. An assessment of “compliant” is given when all EC and ACs are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” assessment is given when there are only minor shortcomings, which do not raise serious concerns about the authority’s ability to achieve the objective of the principle and there is clear intent to achieve full compliance with the principle within a prescribed period of time (for instance, the regulatory framework is agreed but has not yet been fully implemented). A principle is considered to be “materially noncompliant” in case of severe shortcomings, despite the existence of formal rules and procedures and there is evidence that supervision has clearly not been effective, the practical implementation is weak or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not substantially implemented, several ECs are not complied with, or supervision is manifestly ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would not relate the country’s circumstances.

C. Institutional and Macroeconomic Setting and Market Structure—Overview

Overview of the institutional setting and market structure

10. The institutional setting in the Republic of Korea regarding banking supervision is based on an integrated supervisory approach through the Financial Services Commission (FSC) and the Financial Supervisory Service (FSS). The FSC is in charge of financial policies and supervision of financial industries, while the FSS regulates financial markets and institutions under the direction and supervision of the FSC.

11. The majority of non-bank deposit taking financial institutions are supervised by the FSC-FSS and encompass mutual savings banks, credit unions and credit cooperatives, which account for 20 percent of total deposits (credit cooperatives 14 percent). Other deposit taking institutions include the community cooperatives and the Korea Post office, which are under the supervision of the Ministry of Public Administration and Security and the Ministry of Knowledge and Economy, respectively and respond for 8 percent of total deposits in Korea.

12. The commercial banking sector, which dominates the financial sector, maintains adequate buffers above minimum prudential capital adequacy requirements. As of end-2012 the BIS capital and Tier 1 capital ratios of commercial banks are at 14.3 percent and 11.1 percent respectively. Non-performing loans are low, and the banks have retained a solid profit generation capacity.

13. The Korean financial system is dominated by twelve financial holding companies (FHCs) that constitute about 50 percent of financial sector assets. The FHCs have steadily increased their market share in total financial sector assets from about 39 percent at end 2010. The FHCs have 87 percent of their consolidated assets in banking (accounting for about 70 percent of the banking sector assets). Of the 18 commercial and specialized banks in Korea, 14 are operating under bank 10 holding companies, which have a total of 275 subsidiaries. The financial companies under the bank holding companies operate across a broad cross-section of the financial sector.

14. Foreign financial institutions operating in Korea constitute roughly 11 percent of the financial sector assets. In the banking sector, there are 41 foreign-owned banks from 16 countries (two subsidiaries and remaining have branch presence) which make up about 14 percent of the banking sector. In the insurance sector, 12 insurance companies’ subsidiaries from five countries make up 10 percent of the domestic insurance sector. About six percent of the securities sector assets are held by 20 foreign companies from eight countries. Korean banks operate 100 entities in 28 countries, 64 securities companies operate in 13 countries and 22 collective investment companies (asset management) operate in 9 countries.

15. There are 18 domestic banks consisting of 7 commercial banks, 6 regional banks, and 5 specialized banks. Specialized banks are owned by government and Standard Chartered bank and Citibank are held by foreigners. The total assets of domestic banks come to W 1,827.9 trillion at the end of 2012, which amounts to 143.7 of GDP. 41 foreign banks are operating 56 branches with total assets approximately W 204.1 trillion at the end of 2012.

16. Funding conditions of Korean banks have improved considerably since 2008. Most notably, Korean banks’ large external short-term debt and dependence on wholesale funding that were key vulnerabilities prior to the global financial crisis and have been reduced in recent years.

D. Preconditions for Effective Banking Supervision

17. Korea’s growth moderated over the course of 2012 in the face of strong headwinds from the global economy (table 3). Economic growth declined from 3½ percent in 2011 to 2 percent in 2012 as a result of a sharp decline in exports that spread to a broad-based weakening of domestic demand, particularly fixed investment. However, recent indicators suggest that the economy has bottomed out and growth is projected to rebound to 2.8 percent in 2013 and 3.9 percent in 2014. Inflation has declined significantly to 1.4 percent at end 2012 as compared to 4.2 percent at end 2011, reflecting mostly slowing activity and the moderation of commodity prices. With activity strengthening over the course of 2013, inflation is expected to pick up to 2½ percent, the lower bound of the inflation target band.

18. Against this background, the Government’s response has been timely and measured. In June 2012, the Government announced two modest fiscal support packages within the confines of the 2012 budget, and the Bank of Korea (BOK) cut its policy rate by 25 bps in July 2012 and another 25 bps in October 2012, ending the extended pause of about a year. In addition, the 2013 budget entails reduction of the overall fiscal deficit (excluding social security funds) to 0.3 percent of gross domestic product (GDP), a slight replacing of the fiscal consolidation compared to the previously committed path which was more ambitious. The Government’s measured response to the weakening growth outlook so far has been largely appropriate. The main short-term risks to the outlook are a re-intensification of the euro area crisis and lingering concerns over U.S. fiscal policy.

19. Reflecting swings in global risk appetite, capital flows into Korea have been highly volatile. In the third quarter of 2012, portfolio flows strengthened and the currency appreciated as risk appetite improved in the wake of further monetary easing in advanced economies. In addition, the recent appreciation of won to a large extent reflects Korea’s larger-than-expected current account surplus. Staff position so far has been that the won is still undervalued; therefore the exchange rate should be allowed to appreciate further and followed by fine-tuning of the macroeconomic policy mix. Against this background, the authorities view the existing macroprudential measures as geared primarily towards limiting short-term external bank borrowings. They are now considering capital flow management measures to insulate Korea from surges in portfolio inflows, including a possible foreign exchange (FX) transaction tax.

20. The mandates and powers related to financial stability in the Republic of Korea are clearly allocated among five authorities: The Financial Services Commission (FSC), the Financial Supervisory Service (FSS), the BoK, the Korea Deposit Insurance Corporation (KDIC), and the Ministry of Strategy and Finance (MoF). The relevant laws and their enforcement decrees have provided the FSC-FSS, KDIC, and BoK with explicit mandates for financial stability. FSC and FSS are assigned with the responsibility “to promote the advancement of the financial industry and the stability of financial markets, establish sound credit order and fair financial transaction practices, and protect depositors, investors, and other financial consumers.” KDIC is assigned with the responsibility “to contribute to the protection of depositors and the maintenance of the stability of the financial system.” On top of its price stability mandate, the BoK has been assigned with the responsibility to “pay attention to financial stability in carrying out its monetary and credit policies.” The MoF develops and coordinates economic and fiscal policies of the country, and serves on various decision-making bodies of the financial regulators.

21. The legal framework establishes a special resolution regime for distressed financial institutions in Korea and identifies the roles and responsibilities of different authorities with clear mandates. The Act on Structural Improvement of the Financial Industry (ASIFI) identifies the FSC and KDIC as the resolution authorities, with the FSC acting as the lead resolution authority. Although BoK is not a resolution authority, it has a role in providing financial assistance, through participation in funding the KDIC or public funds. The special resolution regime for the financial sector entities, under the ASIFI and the Deposit Protection Act (DPA) extends to banks (except the specialized banks), the Industrial BoK, investment traders, brokers, collective investment business entities, investment advisory business entities, discretionary investment business entities, insurance companies, mutual savings banks, trust business entities, merchant banks, and financial holding companies.

22. A broad range of resolution tools are available to the resolution authorities. The resolution options include merger and acquisition, purchase and assumption, bridge bank, funding by government and other relevant authorities (including the KDIC), and liquidation. The FSC is empowered to appoint an administrator (management supervisor) and direct the administrator to undertake the necessary resolution process if the insolvent bank fails to comply with prompt corrective actions. DPA mandates the application of the least cost test in the choice of a resolution method by the KDIC, which has established the Korea Resolution and Collection as a separate entity for the conduct of resolution proceedings.

E. Summary Compliance with the Basel Core Principles

Core PrincipleGradeComments
C—Compliant; LC—Largely Compliant; and MNC—Materially Non-Complaint
1. Responsibilities, objectives and powersLCResponsibilities, objectives and powers related to banking supervision are clearly defined although conflicting objectives and responsibilities might not concur with the objectives related to safety and soundness of the banking system. Responsibilities related particularly to fair financial transactions and consumer protection and the way they are being implemented through FSC and FSS can results in conflicts between “developmental” and safety and soundness objectives.



The legal framework currently in place reasonably provide the necessary powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake corrective actions to address safety and soundness concerns. Limitations include the fact that the FSC-FSS does not have the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance.



2. Independence, accountability, resourcing and legal protection for supervisorsMNCThe legal status of the FSC within the Government structure as a Ministerial agency can potentially grants the FSC additional means to exercise its independence in comparison to structures were the supervisory agency is within the authority of the MoF. On the other hand, the direct subordination to the Prime Minister can also potentially threat its independence.



In principle there are some checks and balances processes in place including the FSC and the FSS internal audit, the BAI as well as the investigations conducted by the Assembly, in particular the role of the Assembly in inspecting the FSC-FSS activities.



Nevertheless, the fact that the Commissioners encompass representatives from the MoF and the Korea Chamber of Commerce and Industry poses challenges in terms of conflicts of interest.



In addition, legal protection for supervisors needs enhancements as the current setting can potentially jeopardize staff willingness to act and effectiveness of supervision.



3. Cooperation and collaborationC
4. Permissible activitiesC
5. Licensing criteriaLCThe FSC has the power to set licensing criteria and reject applications The FSC has the power to set licensing criteria and reject applications that do not meet such criteria. The FSC hasn’t licensed a bank in twenty years but does have a structured process in place encompassing guidance for new applicants.



Limitations in the definition of large shareholders and related parties in the case of specialized and regional banks were not explored nor taken into consideration in the CP as the issue has been covered in other CPs.



Given the fact that no new licenses have been granted in 20 years, the assessors did not have the chance to go through files and confirm licensing practices.



Drivers for the rating included the fact that criteria to be assessed for licensing do not explicitly encompass elements relative to the detection and prevention of criminal activities or the oversight of proposed outsourced functions.



Another shortcoming relates to the suitability assessment (including potential conflicts of interest) of large shareholders encompassing the ultimate beneficial owners.



Regarding assessment criteria for Board members, the authorities informed that legislation on the ownership structure of financial companies submitted to the National Assembly and yet to be approved provides that the outside directors should be persons who possess hands-on experience in the financial sector or professional financial knowledge, or who hold hands-on experience in management, law, or accounting.



6. Transfer of significant ownershipLCThe FSC has the power to review, reject and impose prudential conditions on proposals to transfer significant ownership or controlling interests held directly or indirectly to other parties. In practice though, transfer of significant ownership or controlling interest do not require approval in several cases.



In addition, the definition of large shareholder provided by the Banking Act is too narrow, as it does not contemplate the possibility of shareholdings below 4 percent resulting in “de facto” control or controlling interest, although in practice all commercial banks are subsidiaries of FHCs.



7. Major acquisitionsLCMajor acquisitions of non-financial companies are restricted in the Republic of Korea. Overall the authorities rely on reporting for dealing with and monitoring acquisitions of financial companies (as well as the establishment of overseas operations.



The assessors understand that the current framework could result in acquisitions being made that might be not in the best interest of safety and soundness, as well as the settlement of subsidiaries in countries with a lax supervisory environment.



8. Supervisory approachLCThe supervisory approach in place relies heavily on off-site monitoring and notifications of exceptions, as well as on a biannually full-scope on-site examination, with a robust and strong compliance foundation.



The existence of multiple points of responsibility with various teams in charge of particular sub segments operating autonomously limits to a certain extent the ability of the FSS to maintain a thorough understanding of the overall risk profile of individual banks and banking groups, also potentially undermining the willingness to act and overall accountability regarding a bank or a banking group. The over reliance on a comprehensive and relatively homogeneous full-scope examination performed every two years as the major source for qualitative assessment of risk management limits the forward looking capability of its supervisory approach.



Albeit the examinations conducted seem thorough, judgment considerations as part of the qualitative assessments have still a limited role in the overall process.



9. Supervisory techniques and toolsLCThe FSS uses a broad range of techniques and tools to implement its supervisory approach. It counts with comprehensive and detailed set of data requested, encompassing financials and management information, as well as its systems and dedicated staff, result in a robust off-site framework. On-site examinations are supported by check lists and guidance to ensure consistency in the supervisory process. Deployment of resources is based on the type of bank and total assets, which to a certain extent reflects banks’ risk profile.



The authorities would benefit from intensifying engagement with banks’ senior management as part of the on-site examination processes, focusing partial examinations on core supervisory issues and risks, enhancing information sharing procedures within the FSS, formally requiring banks to immediately report on any material adverse developments.



10. Supervisory reportingLCThe FSC-FSS have powers to require banks to submit information on both a solo and a consolidated basis.



In practice, the FSC-FSS maintains an integrated financial information analysis system to collect and manage data from the banks both on a monthly and a quarterly basis. The data collected ranges from banking operations to financials, to information related to regulatory compliance.



Shortcomings in compliance with this CP relate to the lack of systematic procedures to ensure reliability of data provided by banks, quality control, lack of a systematic process to assess suitability of external experts, the use of third parties to perform supervisory work, the lack of a requirement that external experts bring to the FSS attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes, as well as limitations regarding access to information from non-financial companies within a group.



11. Corrective and sanctioning powers of supervisorsLCThe FSC-FSS has a range of powers, measures and tools available to address threats to banks and the banking system. The process of providing recommendations to banks based on on-site examinations, albeit recently improved, is still lengthy, which weakens its effectiveness. In addition, there are no provisions allowing the FSC to impose more stringent prudential limits and requirements, barring individuals from the banking sector, replacing or restricting the powers of Board members or controlling owners.



12. Consolidated supervisionLCThe FSC-FSS has put significant effort over the last few years towards implementing consolidated supervision. The issuance of the FHC Act, as well as the implementation of the RFI for FHCs, has been key steps in that direction.



Several of Republic of Korea’s large banks are conglomerates with a wide variety of entities within the banking group and banks part of wider non-bank groups. Given such background, the framework in place does not fully allow for an in depth understanding and forward looking analysis needed. Group-wide supervision is based on monitoring of consolidated financials and on assessments regarding its internal controls for managing the various businesses.



Group monitoring is conducted through a dedicated team focuses mostly on the banking side, particularly through stand-alone supervision, given its relevance within the activities of the FHCs. The overall monitoring is based on consolidated financials and assessment of the FHC regarding its internal controls for managing the various businesses.



13. Home-host relationshipsLCThe FSC-FSS has put in place procedures to share information and cooperate for supervisory purposes although mechanisms for effective handling of crisis situations from a cross-border perspective, as well as group resolution plans are yet to be established.



The FSC-FSS set up a task force that has been working on standards and rule changes for D-SIB and is looking to complete the task in the near future.



14. Corporate governanceLCRegulations are generally sound, although lack specificity in some aspects to fully satisfy the criteria, with scope for supervisory practices to be strengthened with specific minimum requirements for corporate governance. Greater intensity of supervision and inspection of corporate governance could be applied across the entire deposit taking sector which includes non-banks where the regulations and oversight by boards are generally less developed.



15. Risk management processLCMinimum requirements within the regulations not sufficiently broad to extend across the entire banking group. Risk management and compliance obligations should be given greater attention by supervisors through more frequent onsite reviews.



16. Capital adequacyMNCBasel II has not been fully implemented to include FHCs which are internationally active and calculate regulatory capital according to Basel I.



Pillar 2 of BII has not been fully implemented across the population of domestic banks (including - internationally active banks).



While an annual validation of internal models is performed by banks, there is no requirement in the regulations for the results of the validation to be assessed by the FSS prior to the updating of estimates used in the calculation of risk-weighted assets to determine the capital adequacy ratio. Notification requirements to the FSS regarding the ongoing discriminatory ability of models should be strengthened to ensure that models used as inputs into the risk-weight calculation are robust and meet minimum expectations as set out at accreditation.
17. Credit riskLCMain factors driving the rating:
  • More frequent onsite credit risk examinations for the larger systemic banks to accurately assess credit underwriting standards and identify adjustments in risk-taking behavior; and

  • Greater verification of sound operation of collateral management systems.

Credit risk is the most relevant risk in the banking system in South Korea. Current macroeconomic conditions are challenging in this part of the credit cycle with an upward trend in unemployment and past due loans, albeit off a low base and potentially vulnerable credits could exist in performing credit portfolios. As a result, compliance with this Principle is critical. The FSS are aware of the vulnerabilities that current developments on credit risk entail for the financial system, and monitors data carefully on a quarterly basis. Owing to the importance of effective credit risk management, the team believes greater attention to this area is warranted. The team recommends that the FSS increase its attention to on-site inspections of credit risk. More frequent onsite inspections will improve the ability to assess underwriting standards and forward looking indicators such as: exceptions and overrides to policy; changes in the application of credit risk policies; application of covenants for commercial lending and covenant monitoring by risk management – each of which might not be easily visible from offsite monitoring. Special attention onsite should be given to independent valuation of collateral management systems.



Credit underwriting standards could be strengthened across the industry. Particular weaknesses in the unsecured segment which has led to increasing levels of total debt, and with limited capacity to repay. Stricter attention to capacity to repay at time of writing loan and monitoring exceptions to policy. Particular weaknesses in the non-bank sector in credit underwriting that impact competitive tensions for market share with the banking sector.



18. Problem assets, provisions, and reservesMNCThe FSS does not meet EC9 as the regulations allow banks considerable discretion when reclassifying exposures as performing. The regulations permit the reclassification of loans to performing without the borrower having proved repayment capacity under revised terms. While the FSS has increased its oversight of banks’ application of internal politics for reclassification of assets, a greater amount of supervisory attention is required to ensure banks’ apply appropriate risk management around this process. Attention to this aspect of provisioning should be enhanced, especially in the current credit cycle.



Supervisory oversight of collateral valuation practices for defaulted loans needs greater attention. While the FSS implemented thresholds in December 2011 for exposures to be individual assessed and managed, greater supervisory attention is needed to ensure banks are applying the thresholds appropriately. In practice, internal bank officers are predominantly responsible for valuing collateral. FSS processes to assess the application of policies and the robustness of risk management of collateral valuation was not uniform across the major banks leading to potential inconsistencies and weaknesses. Prudent collateral valuation processes are necessary to help ensure adequacy of provisions. For the mortgage portfolios of banks (particularly inner-city apartments), collateral is re-valued on a regular basis against a market index (where available). Regulations stipulate at least quarterly re-valuation of collateral, and industry practice is generally monthly. In a reducing asset price environment, more frequent valuations are prudent, however, in a rising asset price environment this practice will lower the average portfolio LTV and raise collateral coverage against provisions through no change in debt reduction or increase in provisions respectively.



Contributing to the rating is a lack of consistency in the definition of default between the commercial banking sector and non-banks. The definition of default differs across deposit taking institutions (mainly the domestic banks and non-banks). For domestic banks it is 90 days past due whereas for non-banks it is 180 days.



19. Concentration risk and large exposure limitsMNCThis CP has been considerably expanded from the previous methodology, and the focus has shifted from “large exposures” to “risk concentration”, which includes not only name risk but by industry, economic sector, geographic region, and by market (for instance, when banks are exposed to particular asset classes, products, collateral, or currencies). South Korea, as most countries, has not yet established guidance covering the whole spectrum of concentration risk management and monitoring. It is acknowledged that at the time of this assessment, the revised guidance by the BCBS on concentration risk has not yet been published. The CP goes beyond large exposures and into management of concentration risk which requires more of a portfolio approach. LE is by its nature focused on single name exposure requirements (or connected parties). Whereas concentration risk can be built up within a portfolio to the same asset class even where there are no LEs. The ICAAP captures references to concentration risk which is about management of the risk, not about how to manage when it comes onto the book ex ante. Risk management standards are not sufficiently detailed (i.e. Board reporting, management information systems, etc). Regulations not clear about definition of connected counterparties or the instances where this might be considered. No requirement in the Regulations for a LE to be approved by Senior Management or the BoD.



20. Transactions with related partiesLCRelated party regulations for transactions with related parties permit exclusions under certain thresholds (30 percent for companies and 50 percent for non-profit organizations). As a result, the definition might not be comprehensive to capture a sufficiently broad number of related party transactions. The current definition of related party transactions is heavily geared towards credit exposures which is reflected in the reporting obligations of banks and the offsite analysis performed by supervisors. Related party transactions such as lease contracts, derivatives, write offs etc are not included in the definition of credit extension and not captured by supervisory oversight. Equally, scope to further develop specific guidance for banks on enhanced governance required for related party exposures i.e. Board reporting and approval. Given a full scope onsite review is only performed every two years whereby related party transactions are assessed in detail, offsite surveillance processes need to be strengthened to identify risks.



21. Country and transfer risksLCThe regulations are general in nature without an explicit requirement for transfer risk which inhibits the effectiveness of oversight of this risk by supervisors. Supervisory processes are not well developed to fully identify and assess this risk across the larger more complex banking groups. For example, intra-group transactions not specified in the regulations. The reporting by banks does not sufficiently aggregate across different asset classes, exposures and types of risk to provide an accurate and timely presentation of country and transfer risk.



22. Market riskLCRegulations for market risk permit banks to exclude Trading Book (TB) exposures from the calculating of market risk regulatory capital under two conditions: (i) where the ratio of the TB to total assets on the consolidated balance sheet is less than 5 percent maximum per day; and (ii) A bank where the TB is less than W 100 billion maximum per day. De-minimis exclusions from market risk are not unknown, however, the current thresholds are considered excessive. Given the exclusions allowed in the regulations, supervisory processes should be strengthened to monitor and assess traded market risk where exemptions are applied.



23. Interest rate risk in the banking bookCThe regulations require quarterly measurement and in the case of large change in risk, more frequent. In practice, banks calculate and measure IRR on a monthly basis.



24. Liquidity riskLCThe regulations do not require banks to comply with the liquidity ratios on a continuous basis, only at end of month. The method of calculation does not necessarily reflect the potential volatility in the preceding month or expected/forward looking volatility in deposit outflows. The method of calculating the one month won liquidity mismatch does not encourage banks to term out issuance of wholesale funding in an effort to reduce potential roll over risk in a crisis. To maximize management efficiency of assets to meet the one month maturity mismatch, banks are encouraged to invest in assets that mature within 30 days (which is actually the case in Korea where much of the wholesale money is short term). The requirements for liquidity stress tests are not prescriptive. As a result, the basis for stress tests will differ across institutions through bank discretion of inputs and parameters and the identification of outliers and peer comparison is not easily performed. For example, banks with similar liquidity profiles might be applying vastly different run off assumptions obfuscating inherent risk profile.



25. Operational riskLCRegulations in relation to disaster recovery and business continuity do not set expectations for frequency of testing and recovery and the reporting of test results to the FSS, especially in the instance where results are adverse. There is a lack of specificity in the regulations of minimum requirements for data security and outsourcing. Supervisory assessment for embedment of operational risk management systems as part of the onsite examination needs improvement in respect of assessing the extent of risk and the adequacy of operational risk capital. Inputs into offsite analysis of operational risk could be improved with more granular detail, mainly nature of internal loss data. Peer group benchmarking of loss data would enrich the benefits of this analysis. The analysis of operational risk loss data could be enhanced. Out-sourcing requirements are not well developed. DR BCP minimum expectations are not well developed.



26. Internal control and auditCThe regulations pertaining to internal control and audit are generally comprehensive. There is a strong focus on internal controls within the Regulations which is reflected in the extent of offsite analysis and data submitted by the bank to the FSS. The onsite examination also has a strong focus on the effectiveness of Internal Audit.



27. Financial reporting and external auditLCThe regulations do not permit the FSS the power to establish the scope of external audits and in practice the scope of onsite and offsite supervision does not incorporate results from external audit. If the supervisor considers a specific risk type of line of business to be higher risk, there is no provision within the regulations to commission the External Auditor to look at this issue as part of the external audit.



The Act of External Audit for Stock Companies does not apply to all depository institutions leaving the minimum standards for non-banks materiality short of banks.



The FSS does not have the power to reject and rescind the appointment of an external auditor, who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. Removal of external auditors is left to the audit profession. There have been no incidence where the FSS or FSC has taken action in this regard to dismiss an auditor.



28. Disclosure and transparencyLCThe regulations are not sufficiently comprehensive to require public disclosure of accounts on a solo basis and does not specify the circumstances where this would be appropriate. The regulations do not refer to principles of transparency and comparability, relevance and reliability.



Regulations that govern Pillar 3 disclosure are not well developed and industry practice exhibits a number of inconsistencies with insufficient detail specifically in relation to banks that have been accredited to use the internal models. There is room for the publicly available financial data to be used in the supervisory process. The FSS reviews the public data but the supervisory framework is not complete or comprehensive as to how to use this data and integrate into the SREP and CAMEL-R approach by performing analysis and comparison against prudential data.



29. Abuse of financial servicesLCThe supervisory approach does not use a risk-based methodology for supervising banks (although the FIU is exploring a methodology) whereby higher risk firms would receive greater intensity and frequency of oversight.



Scope to expand oversight across the entire population of deposit taking institutions. At present attention has been focused on the domestic banks of which practices for AML are improving. FIU will transition its focus to strengthening practices in securities and insurance sectors and finally smaller non-banks where risk profile is comparatively higher but asset size is lower.



F. Detailed Assessment

Supervisory Powers, Responsibilities, and Functions
Principle 1Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.1 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.2
Essential Criteria
EC1The responsibilities and objectives of each of the authorities involved in banking supervision3 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings regarding EC1Banking supervision is conducted in Korea through the Financial Services Commission (FSC), which delegates some of its supervisory functions to the Financial Supervisory Service (FSS), fully subordinated to the FSC.



The FSC is an integrated supervisory authority, encompassing banking, insurance and securities supervision.



The overall objectives of the FSC and the FSS are clearly defined through the Act on the Establishment of the Financial Services Commission (Establishment Act), enacted with the purpose to contribute to the growth of the national economy of the Republic of Korea (Article 1 of the Establishment Act).



Article 1 of the Establishment Act also lay out the purpose for establishing the FSC and the FSS as:
  • To promote the advancement of the financial industry;

  • To promote the stability of the financial markets;

  • Establish sound credit activity and fair financial transaction practices; and

  • To protect depositors, investors and other financial consumers.

Article 2 of the Establishment Act states that the FSC and the FSS shall endeavor to keep fairness, ensure transparency and refrain from disturbing the autonomy of financial institutions in performing their affairs.



The FSC website http://www.fsc.go.kr/eng/ab/ab0304.jsp lists FSC missions as follows:
  • First mission—“Creative Finance” to create more job opportunities (i) create virtuous cycle of capital among entrepreneurs and investors; (ii) reform policy finance system’; and (iii) promote the financial industry as the next growth driver;

  • Second mission—“Financial Inclusion” to ensure financial consumers’ happiness and safety (i) manage household debt growth/establish the National Happiness Fund; (ii) strengthen financial consumer protection; and (iii) prevent computer network failure for e-finance; and

  • Third mission—“Solid financial system” to ensure fairness and transparency and to prevent financial crises (i) facilitate corporate finance to business; (ii) improve corporate governance of financial institutions; and (iii) eradicate unfair financial practices).

The FSC was established under Article 2 of the Government Organization Act, as a central administrative agency, with Ministry status under the jurisdiction of the Prime Minister to perform affairs regarding financial policies, FX supervision and financial supervision (Article 3(1) of the Establishment Act), independently performing the administrative affairs under its authority as a central administrative agency (Article 3(2)).



Article 17 of the Establishment Act lays out the administrative affairs that are within the jurisdiction of the FSC, encompassing, among others:
  • Finance-related policies and systems including proposing amendments to acts and presidential decrees;

  • Supervision and enforcement against financial institutions;

  • Licensing and other authorizations, including mergers, transfers and acquisitions;

  • Issuing regulations;

  • Bilateral and multilateral negotiations and international cooperation in relation to banking supervision; and

  • Other affairs specified by other acts and subordinate statutes as the jurisdictional affairs.

The FSS was established to perform affairs relating to the inspection and supervision over financial institutions under the instruction and supervision of the FSC (Article 24 of the Establishment Act).



Article 18 expressly grants the FSC the powers to deliberate and resolve on matters related to the approval and amendment to the articles of incorporation of the FSS, approval of the budgets and the settlement of accounts of the FSS, as well as other matters as deemed necessary to perform its duties of supervising and instructing.



The FSS is a non-capital special corporation, established in 1999 as a result of the merger of four supervisory bodies: Banking Supervisory Authority, Securities Supervisory Board, Insurance Supervisory Board and Non-Bank Supervisory Authority.



Article. 37 of the Establishment Act lays out the business affairs of the FSS, including:
  • Inspection of the business affairs and the financial status of banks;

  • Sanctions resulting from examinations;

  • Assistance to the FSC and the institutions affiliated with the FSC (SFC and KOFIU); and

  • Other business affairs.

Currently the Securities and Futures Commission (SFC) and the Korea Financial Intelligence Unit (KOFIU) are the only institutions affiliated with the FSC.



From a broader perspective, the protection of the stability of the overall financial system is shared among five organizations: the FSC and the FSS, as well as the Ministry of Strategy and Finance (MoF), the BoK, and the Korea Deposit Insurance Corporation (KDIC). While the FSC is in charge of the supervision and regulation of the financial system with the support of the FSS, the MoF is responsible for macroeconomic policies, international finance and FX policies; the KDIC is in charge of deposit insurance and the BoK of monetary and credit policies (please refer to the Technical Note—TN on Crisis Management for a detailed discussion on the matter). Further information on the roles and characteristics of the FSC and the FSS can be found throughout this CP.



EC 2The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.



Description and findings regarding EC2The Establishment Act (Article 1) lays out the purpose for the establishment of the FSC and the FSS as follows:



To promote the advancement of the financial industry;
  • To promote the stability of the financial markets;

  • Establish sound and credit order and fair financial transaction practices; and

  • To protect depositors, investors and other financial consumers.

Article 2 states that the FSC and the FSS shall endeavor to keep fairness, ensure transparency and refrain from disturbing the autonomy of financial institutions in performing their affairs.



It is not clear that in practice the primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. Although objectives do encompass the promotion of financial stability, there is no indication that such is effectively the primary objective.



In fact, some of the FSC and FSS objectives (in particular. to promote the advancement of the financial industry and the requirement to refrain from disturbing the autonomy of financial institutions in performing their affairs) might conflict with the supervisory objectives.



Moreover, responsibilities related to consumer protection, as well as FX controls, which are not clearly separated from banking supervision activities, might not only drain important resources from banking supervision but also result in safety and soundness of banks and banking systems not being the first and foremost focus of the FSC and the FSS on its activities related to banks and banking groups.



While within the FSS, consumer protection affairs are the responsibility of the Financial Consumer Protection Bureau, while the FX Supervision Department is in charge of FX supervision. In practice though, examinations related to those topics are conducted by the examination departments, diverting resources and focus to non-core banking supervisory activities.



EC3Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile4 and systemic importance.5



Description and findings regarding EC3Article 34 of the Banking Act lays down instructions on safety and soundness for banks:
  • Requiring banks to insure safety and soundness through solid capital and appropriate liquidity;

  • Requiring banks to observe prudential standards determined by the FSC relative to capital, assets, liquidity and other necessary matters for ensuring safety and soundness of banks; and

  • Allowing the FSC to request banks to take the necessary measures to comply with prudential requirements including ordering capital increases, restrictions on dividends, etc.

Article 50 of the Financial Holding Companies (FHC) Act—Guidelines for Sound Management—requires FHCs to maintain equity capital in good faith, manage liabilities, cash flow, etc., as well as secure safety and soundness through proper management of its subsidiaries. It also requires FHCs to comply with prudential standards prescribed by the FSC, as well as other matters to secure its safety and soundness. The FHC Act empowers the FSC to order corrective measures if an FHC is deemed to significantly undermine its safety and soundness due to non-compliance with prudential standards. The FHC Act also empowers the FSC to require submission of an action plan for management improvement, a capital increase, restriction on distribution of profits, and disposal of stocks of any subsidiary.



The legal framework does not explicitly grant the FSC or the FSS power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance.



EC4Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.



Description and findings regarding EC4The legal and regulatory framework for banking supervision in place in the Republic of Korea has been updated often, with several amendments over the last years in Laws, Presidential Decrees, Regulations and Detailed Regulations, evidenced through the legal and regulatory framework reviewed by the assessors.



The Administrative Procedures Act governs the processes for passing Acts and issuing Decrees and Regulations. Pre-announcements for new legislation is required, with a few exceptions (e.g., urgency, in case it may damage public interest). Administrative agencies may hold a public hearing in case of legislation and also new regulation. Market participants confirmed the existence of such consultations.



Changes to the Banking Act and other financial laws can be proposed by the FSC (the government/executive body) or a member of the National Assembly and approved by the National Assembly (the legislature) after parliamentarian deliberation. The Banking Act was last updated in September 2011.



The republic of Korea makes use of Presidential Decrees to issue enforcement rules relative to Acts. Presidential Decrees on Acts pertaining to its scope are drafted by the FSC and are also updated frequently, with the last update being issued as of February 2012.



Changes to banking regulations are proposed by the FSC and approved by the FSC Commissioners, while detailed regulations are drafted by the FSS and approved by the Governor. The authorities reported, and market participants confirmed, that consultations are regularly held regarding new regulations/detailed regulations. The FSS also issues guidelines, as needed.



The Regulatory Reform Committee, under the line of authority of the President, reviews all Acts and Presidential Decrees. Regulations and detailed regulations are subject to review depending on an assessment of its potential effects to the economy or Korean citizens (in case of potential effects on the economy over W 10 million and/or impact over one million citizens).



EC5The supervisor has the power to:
  • (a) Have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations;

  • (b) Review the overall activities of a banking group, both domestic and cross-border; and

  • (c) Supervise the activities of foreign banks incorporated in its jurisdiction.

Description and findings regarding EC5Article 40 of the Establishment Act enables, for supervisory purposes, the FSS Governor to require any institution subject to inspection by the FSS to submit necessary information (and in the case of FHCs, as per Article 51 of the FHC Act, it also encompasses subsidiaries) or require board members, executives or staff to present an oral statement. In practice, the FSS informed to also have access to board members, executives and staff on-site whenever deemed necessary.



Article 38 of the Establishment Act lists the institutions subject to inspection by the FSS, which comprise banks, insurance and security firms, mutual savings banks, credit unions, specialized credit financial business companies and others. There are no explicit powers to have full access to non-licensed non-financial subsidiaries of banks or FHCs.



Article 43–2 of the Banking Act requires banks to submit a report stating the details of business performed in each month to the Governor of the FSS. It also grants a general power to the Governor to request data deemed necessary to perform supervision and inspection.



Article 51 of the FHC Act grants the Governor of the FSS power to require FHCs to report on their business or assets, furnish data and require officials in charge to be present and state their opinions upon request.



EC6When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to:
  • (a) Take (and/or require a bank to take) timely corrective action;

  • (b) Impose a range of sanctions;

  • (c) Revoke the bank’s license; and

  • (d) Cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.

Description and findings regarding EC6The Banking Act grants powers to the FSC to take (and/or require a bank to take) corrective actions, impose sanctions and revoke a bank’s license.



Article 34(4) of the Banking Act grants the FSC the power to request banks to take the necessary measures to insure compliance with prudential standards (including risk management and overall management), such as an increase of capital, restriction on dividends, etc.



Article 53(1) of the Banking Act—Sanctions against Banks—grants the FSC power to issue a corrective order or to order a partial suspension of business for not more than six months. The measures are to be taken upon the recommendation of the Governor of the FSS. Alternatively, the FSC can require the Governor of the FSS to take appropriate measures (such as suspending the relevant violation, issuing warnings, etc.,—further elaborated under the Regulation for Examinations and Sanctions).



Article 53(2) grants the FSC the power to order a bank to suspend all of its business within a fixed period of at least six months or revoke authorization for banking business. Grounds for such measures include: obtaining a license under false or illegal means; violation of a condition or term of authorization; carrying out business during a suspension period; failure to execute a corrective order; interests of depositors or investors likely to be greatly undermined due to a violation.



Article 54 of the Banking Act—Sanctions against Senior Management and Employees—grants the FSC the power, upon recommendation of the Governor of the FSS, to order the suspension of the execution of its functions, recommend the general meeting of stockholders to dismiss the executive and also to have the Governor of the FSS to take an appropriate measure (e.g., issuance of warnings). The FSC has also the power to request the Governor of the FSS to take other disciplinary measures against senior management and employees such as dismissal, suspension, deduction of salary and reprimand, etc.



Article 66, 67, 68, and 69 of the Banking Act on Penal Provisions lay out penalties and fines that shall be applied as a result of particular legal breaches.



There are no legal provisions for cooperation and collaboration with relevant authorities to achieve an orderly resolution of a bank, including triggering resolution, where appropriate. Nevertheless, decisions related to banks’ resolution are taken by the FSC commissioners, which encompass representatives of all the relevant domestic authorities and are based on majority of those present. The commissioners encompass a Chairman, a Vice Chairman, the Vice Minister of the MoF, the Deputy Governor of the BoK, the President of the KDIC, the Governor of the FSS, as well as two members recommended by the Chairman of the FSC, and one recommended by the Chairman of the Korea Chamber of Commerce and Industry.



EC7The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.



Description and findings regarding EC7As detailed in previous ECs, The FSC-FSS does have the power to license and supervise FHCs. Powers do not go beyond the FHC to controlling interests and their affiliates with the exceptions of a few particular cases, including the possibility of illegal transactions (Article 48–2 of the Banking Act and Article 51–2).



Assessment of Principle 1LC



CommentsResponsibilities, objectives and powers related to banking supervision are clearly defined in the Republic of Korea. Nevertheless, conflicting objectives and responsibilities might concur with the objectives related to safety and soundness of the banking system. Responsibilities related particularly to fair financial transactions and consumer protection and the way they are being implemented through FSC and FSS can results in conflicts between “developmental” and safety and soundness objectives. In addition, the objectives of the FSC-FSS are apparently, to a certain extent, tilted to the promotion of the financial industry.



The legal framework currently in place reasonably provide the necessary powers to authorize the establishment of banks, conduct ongoing supervision, address compliance with laws and regulations, as well as undertake corrective actions to address safety and soundness concerns. Limitations include the fact that the FSC-FSS does not have the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance.



The current legal limitations for access to affiliates and non-financial entities of banking groups were not factored in rating this CP as they were reflected under CP12.



The authorities should consider:
  • Clarify the primary importance and priority of safety and soundness duties;

  • Clearly segregate its safety and soundness duties from the other assigned to the supervisory body; and

  • Amend the legal framework in order to enable the supervisors to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance.

In May 2013 two departments not directly related to banking supervision (the corporate credit department and the micro credit support department) were put directly under the FSS Senior Deputy Governor for banking and non-banking supervision.



Principle 2Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.



Essential Criteria



EC1The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor.



The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.



Description and findings regarding EC1The Establishment Act sets broad principles regarding independence and accountability as follows: Article 3(2) states that the FSC shall independently perform its duties under its authority as a central administrative agency, while Article 2 requires the FSC and the FSS to aim to ensure transparency.



The FSC is a central administrative agency under the jurisdiction of the prime minister. It is composed of nine commissioners: a Chairperson, a Vice Chairperson, the Vice Minister of the MoF, the Deputy Governor of the BoK, the President of the KDIC, the Governor of the FSS, as well as two members recommended by the Chairman of the FSC, and one recommended by the Chairman of the Korea Chamber of Commerce and Industry.



Article 11 of the Establishment Act rules on the functioning of the Commissioners’ meetings and provides, to a certain extent, on conflict of interest.



Article 11(4) rules on the circumstances under which an FSC commissioner may be rescued or may not participate in the deliberation/resolution of matters in which: he has a direct interest; matters in which his/her spouse, his/her relative within the fourth degree of consanguinity, or his/her relative within the second degree of affinity, a corporation with which he/she is affiliated has an interest; a matter regarding budgeting, settlement of accounts, or amendment of articles of incorporation of the relevant institution related to the previous cases. Article 11(5) establishes that if a Commissioner has grounds to believe that it is difficult to expect his impartiality of a Commissioner in deliberation and resolution of a certain case, he may file a recusal request for the Chairperson to decide on the matter. Article 11(6) allows a Commissioner to voluntarily withdraw himself from deliberation and resolution on particular case.



The FSC states that, as a general rule, FSC commissioners must be excused from any matter that raises the potential for conflict of interest. Meetings are to be held with a majority of commissioners (5 members) and decisions should be achieved through majority.



All major decisions regarding authorizations and corrective actions and significant sanctions are under the authority of the FSC and are subject to approval through a Commissioners’ meeting. Given the current structure of commissioners, it is not clear how independence can be guaranteed.



EC2The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.



Description and findings regarding EC2As per Article 4 of the Establishment Act, the Chairman of the FSC is appointed by the President, on the recommendation of the Prime Minister. The Chairman has to undergo a non-deliberative confirmation hearing held by the National Assembly. The term of the Chairman is three years, renewable for one more term. Dismissals can occur based on mental or physical disability, breaches of any official obligation, bankruptcy, if the Chairman is found incompetent to perform his/her duties (Article 10), or if during its mandate fails to fulfill the qualification requirements to be appointed Commissioner, which would include being sentenced to prison or sentenced to a fine.



There are no legal requirements for the reasons for dismissal to be publicly disclosed. The last three Chairmen and Vice-Chairmen resigned prior the end of their term.



The Governor of the FSS is also appointed by the President upon the recommendation of the Chairman of the FSC, for a three-year term, also renewable for one further term (Article 29). Reasons for dismissal include bankruptcy, criminal sentence, mental of physical disabilities or violation/breach of the Establishment Act or the articles of incorporation. According to the FSS/FSC of the three most recent FSS governors (excluding the incumbent), the two most recent governors served out their full three-year terms. The third governor resigned before the start of a new administration. A total of three senior deputy governors and seven deputy governors currently serve under the governor. Out of the ten, six are from within the FSS.



It has been practice for Governors and Commissioners to resign once a new government term is initiated.



EC3The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.6



Description and findings EC3The FSS issues an annual report (the last one available as of 2011) which discloses information, on a consolidated basis (including banking, insurance and securities), on number of examinations conducted and post-examination actions, summarizing also organizational efforts and changes. The FSC does not issue an annual report. The FSC and FSS are subject to regular audits by the National Assembly and the Board of Audit and Inspection (BAI).



The BAI mandatory audits (Article 22(1) of the Board of Audit and Inspection Act) encompass audits related to the accounts of the state. The BAI can also conduct discretionary inspections in cases it deems needed, or as a result of a Prime Minister request. (Article 23—selective inspection) on revenues and expenditures; acquisition; custody; management; disposal, etc. of properties (including articles, negotiable instruments and rights, etc). (Article 22(2)).



Other matters subject to inspection (Article 24(1(4)) encompass affairs of administrative agencies and duties of public officials assigned to them, applicable to both the FSC and the FSS.



The FSC is also subject to ad-hoc inspection and investigation of state affairs by the Assembly (Article 7 of the Inspection and Investigation of State Administration Act).



EC4The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.



Description and findings EC4The FSC was established through the merger of the financial policy function of the former Ministry of Finance and Economy, and the financial supervisory function of the former Financial Supervisory Commission. The FSC is the primary supervisory authority, enacting, amending and interpreting laws related to supervision of financial industry and financial institutions.



The framework in place, comprising acts and regulations, provides grounds for enabling the authorities to take supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. Chapter II of the Establishment Act sets forth rules for the operation of the FSC encompassing rules for convening meetings, preparation of written resolutions (which are mandatory), consideration of opinions (it may consider opinions from Deputy Governors and other relevant experts), as well as emergency measures. Those emergency measures can be taken by the Chairperson in case of any internal or external trouble, a natural disaster or a grave financial or economic crisis and are required to be reported to the Commissioners afterwards, which can confirm, amend or suspend them. The FSC is supported by a secretariat.



The executive officers of the FSS encompass the governor, senior deputy governor, deputy governors, and the auditor. The governor sets forth the duties for the executive officers (Articles of Incorporation, articles 7–11; Organization and Management Bylaws, article 33).



For a discussion on conflicts of interest please refer to EC1 and EC5.



EC5The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.



Description and findings regarding EC5The Establishment Act sets out some rules aimed at avoiding conflict of interest. Appointed Commissioners cannot join any political party or participate in political campaigns (Article 7 of the Establishment Act). The Chairperson, the Vice Chairperson and the two financial experts Commissioners cannot engage in for-profit business, be an executive or employee of a supervised institution, be a member of the National Assembly or the local council, or hold any office which entitles remuneration while holding such positions.



The FSC is staffed by public officials and their conduct is governed by the State Public Officials Act. The Public Service Ethics Act (Article 2–2) requires public officials to avoid conflicts of interest. Article 60 of the State Public Officials Act also established that public officials are bound by confidentiality requirements.



All employees of the FSS are subject to its Code of Conduct, in which Article 5 states the obligation to avoid any possible conflict of interest. Article 35 of the Establishment Act requires information received by FSS senior management and staff not to be disclosed or used for any purpose other than their duties. In addition, the Rules of Employment (Article 8) clearly state the requirement of confidentiality of information. In case of any violations, the Ethical Committee may take punitive actions, in accordance with the rules of Personnel Management.



The Governor, Deputy Governors, the Auditor, and also staff of the FSS are not allowed to engage in any affairs for profit other than their duties, or to hold any office without approval from the relevant appointing authority (Article 34 of the Establishment Act).



Article 35 expressly forbidden the Governor, Deputy Governors, the Auditor and employees of the FSS to exercise influence over financial institutions, its executives and employees, in order to receive money, valuables or any other benefits, or the financial institution to grant a loan.



Any person who divulges confidential information acquired in the course of performing his duties, or uses such information for any purpose other than for his duties, is subject to imprisonment up to three years and a fine up to W 20 million (Article 68 of the Establishment Act).



Non-public official Commissioners, as well as executives and employees of the FSS are deemed public officials for the purpose of penal provisions under the Criminal Act or any other Act (Article 69 of the Establishment Act), which relates to bribes.



In addition, violations of duties by public officials are subject to removal, dismissal, demotion, suspension from office, reduction of salary and reprimand (Article 78 of the State Public Officials Act). Interfering with examinations and engagement in political activities can result in imprisonment for up to a year and a fine of up to W 5 million.



Overall, staff seemed diligent, dedicated and very thorough and professional in conducting tasks assigned to them.



EC6The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes:
  • (a) A budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised;

  • (b) Salary scales that allow it to attract and retain qualified staff;

  • (c) The ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks;

  • (d) A budget and program for the regular training of staff;

  • (e) A technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and

  • (f) A travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g. supervisory colleges).

Description and findings regarding EC6The FSC’s budget allocation and deliberation processes are equivalent of those of other government organizations and are reviewed and approved by the MoF and the National Assembly (Article 54 of the Constitution). The FSC follows the salary scale of the government’s civil servants. The FSC staff is composed by government officials who are selected based through a national exam, reported to be successful in attracting and retaining quality staff. FSC reported not to have, in practice, constraints in terms of budget that could limit its supervisory actions.



The FSS is funded by fees charged to the regulated financial institutions and securities issuers (Article 47 of the Establishment Act). The fees charged to private financial institutions and securities issuers are levied in accordance with clear standards and fixed rates, calculated taking into account costs of supervision and asset size. The FSS budget is approved by the FSC (Article 45 of the Establishment Act) and so far has been sufficient to cover all expenditures planned. The Establishment Act also provides for the FSS to borrow funds upon approval of the FSC (Article 48), in case of need. Article 47 also lists the Government and the BoK as additional sources of funding.



The FSS is required to set its budget in accordance with “The Guidelines for the budget compilation on Public Institutions and Quasi-Government Organizations” of the MoF.



Currently, the major budget expenditures include the following:
  • Salaries;

  • Staff training;

  • Consultation fees for external experts;

  • Technology expenditure; and

  • Budget for travel, on-site examination, and other field work.

Authorities stated that the salary scale of the FSS is comparable to that of the BOK and also that the FSS looks into the salary scales of other comparable entities and industries for reference purposes. Staff stated that in practice the total compensation of the public servants under the FSC ends up being somewhat equivalent to the FSS compensation package.



The FSS reported to carry out regular and ad-hoc staff rotation and reassignments to ensure efficient allocation of supervisory resources. Turn-over rate is believed to be low due to restrictions on financial sector employment for employees who leave the FSS. Managerial-level employees who leave the FSS are required to have a 2 year cooling off period from the date of the termination of employment with the FSS prior accepting employment in a private company that has had any contact or relationship with the FSS within the previous five years. Exceptions may be granted by the Government Officials Ethics Committee under special circumstances.



The FSS reported to conduct wide-ranging training programs and run an examination academy, in order to enhance staff supervision and examination skills. The FSS also operates a training credit acquisition system, which requires employees to periodically take training and acquire the minimum credits. The entry-level associate employees receive training on financial supervision and regulation prior their job assignment and are tested for promotion to the next level.



EC7As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.



Description and findings regarding EC7The FSS annual resource planning exercise, conducted at the end of each year, includes a review of the annual operations and an estimate of the staffing needs and the budget required for the following year. Recent revisions included the expansion of the division in charge of participating in global financial supervisory standard setters. Other actions included the expansion of divisions, staffing, as well as budget, to enhance financial consumer protection, in addition to small loans financing and IT security.



EC8In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.



Description and findings regarding EC8Supervisory programs and allocation of resources, within banking supervision, are largely determined by assets’ size. Risk profile and systemic importance of individual banks and banking groups are not explicitly taken into account when determining supervisory programs and allocating resources.



Moreover, the current structure and allocation criteria for staff does not seem to adequately prioritize or segregate safety and soundness concerns for banks or the financial system relative to its other mandates. The deputy governors in charge of banking supervision are also in charge of other activities related to consumer protection. In practice, the number of staff directly allocated to banking supervision does not seem proportionate to the scope or relevance of their activities.



The authorities state that the organizational structure and allocation of human resources of the FSS are flexibly adjusted in response to changes in the financial environment, as well as supervisory demands. The scope and workload of each supervision department is reviewed annually to determine the staffing needs. In addition, the authorities also stated that the FSS conducts extensive surveys of staff needs in each department and that results are reflected on the resource allocation decision. It was also stated that supervisors are assigned to the Banking Supervision and the Bank Examination departments based on such analysis, with due weight given to the importance of the banking system. In practice, nevertheless, staff, which is overall highly committed, seemed extremely overloaded in key areas.



EC9Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.



Description and findings regarding EC9According to the Rules of the Board of Audit and Inspection of the Republic of Korea, actions taken and omissions made by bank supervisors, while discharging duties in good faith, are exempt from sanctions, provided that certain conditions of public interest, transparency, and validity are met.



In practice, when civil or criminal lawsuits are brought against FSS employees, the FSS, through the decision of a Litigation Support Committee comprised of senior executives, can provides an internally employed counselor to assist with the lawsuit or financial support, to retain an outside counselor, or to cover the costs of defending employees’ actions or omissions made while discharging their duties in good faith (Regulation on Support for Employees facing lawsuits). The financial support is deemed to be adequate to cover 70 percent of expenses.



The FSC-FSS reported that there are currently a total of 87 cases of litigations and appeals involving the FSC, the Securities and Futures Commission (SFC), and the FSS and from those, 4 relate to banking.



Out of the 258 appeals and litigations that have been filed against the FSC, the SFC, and the FSS over the last five years—the large majority referred to non-banking cases the favorable rulings accounted for 93.1percent (202 out of 217 cases closed); a total of 14 cases were ruled unfavorably and one case was determined to have no relevance by the Prosecutor’s Office. During the past five years there has been no case in which the FSC or the SFC or the FSS has been required to compensate a third party for damages.



Assessment of Principle 2MNC



CommentsThe legal status of the FSC within the Government structure as a ministerial agency can potentially grant the FSC additional means to exercise its independence in comparison to structures were the supervisory agency is within the authority of the MoF. On the other hand, the direct subordination to the Prime Minister can also potentially threat its independence.



In principle there are some checks and balances processes in place including the FSC and the FSS internal audit, the BAI, as well as the investigations conducted by the Assembly, in particular the role of the Assembly in inspecting the FSC-FSS activities.



Nevertheless, the fact that the Commissioners encompass representatives from the MoF and the Korea Chamber of Commerce and Industry poses challenges in terms of conflicts of interest.



In addition, legal protection for supervisors’ needs enhancements as the current setting can potentially jeopardize staff willingness to act and effectiveness of supervision.



The authorities should consider:
  • Reviewing the current composition/functioning of the Commission in order to shield the Commission against conflicts of interest;

  • Revising the legal protection framework in order to ensure that supervisors cannot be sued directly by market participants in cases of actions or omissions made in good faith; and

  • Revising the current structure, staffing and distribution of activities within the FSS in order to allocate the appropriate volume of resources to safety and soundness and risk profile of activities.

Principle 3Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.7



Essential Criteria



EC1Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.



Description and findings regarding EC1In September 2009, a MoU was signed on information sharing and joint examination between the MoF, the FSC, the FSS and the KDIC) to minimize systemic risks by identifying risks early and responding to them jointly. In 2012, the MoU was updated to encompass into the scope of information sharing ad-hoc reports, in addition to the regular reports submitted by banks. Detailed information on examinations or internal reports produced by the FSS is not shared under the MoU.



There are a few committees attended by domestic authorities that foster cooperation and information sharing. The Macroeconomic and Financial Committee is composed by the deputy-heads of the FSC, FSS, the MoF, the BOK, and the KDIC, which meet to discuss trends and risks in the economy and in the financial/FX markets. The Economic and Financial Council is composed by the heads of financial authorities and is conveyed to coordinate and decide on macroprudential policies. The Financial Condition Check Meeting is conducted between the FSC and the FSS to review and discuss the financial agenda on a monthly basis.



The BOK and the KDIC can request the FSS to conduct an examination or carry out joint examinations for the purpose of carrying out monetary policies and protecting financial consumers, respectively (Articles 62 and 66, Establishment Act).



EC2Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.



Description and findings regarding EC2The authorities have signed information sharing MoUs with banking supervisors of 14 countries including the U.S., China, Japan, France, and Germany bank supervisors, enabling the authorities to obtain supervisory information from relevant foreign authorities. In addition, the FSS exchanges bank supervisory information with foreign supervisors by participating in supervisory colleges held by the home supervisors; it also invites host supervisors from abroad to attend its own supervisory colleges.



EC3The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.



Description and findings regarding EC3The FSS regularly provides information obtained from financial institutions to other supervisory authorities including the BOK and the KDIC, based on a MoU, as described in EC1. The recipient authorities may use the information only to fulfill objectives unique to the authority under strict confidentiality, as per the MoU.



Information exchange with foreign supervisory authorities usually take places under MoUs that limit the use of information to supervision purposes only, and requires prior consent before passing it on to a third party.



EC4The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.



Description and findings regarding EC4Article 35 of the Establishment Act provides that information obtained by the FSS senior management and staff, or while performing official duties, must not be disclosed for any purpose other than for their duties.



The MoU on information sharing was signed between the MoF, the BoK, the FSC, and the KDIC in 2009 and updated in September 2012. Information shared through the MoU is intended to be used solely for the purpose of carrying out their duties. Basic principles laid out at the MoU encompass the requirement to mutually respect the legal discretion and duties of each institution, as well as to cooperate based on the principle of reciprocity.



The authorities informed that the MoUs signed by the FSC with foreign supervisory authorities provide that no information may be passed on to a third party without prior consent of the originating authority. The MoUs made available to the assessors confirmed such practice.



EC5Processes are in place for the supervisor to support resolution authorities (e.g. central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.



Description and findings regarding EC5The FSC is the resolution authorities in the Republic of Korea. The FSC is granted the power (Article 10 of the Structural Improvement of the Financial Industry Act—Structural Improvement Act) to impose corrective measures including as mergers and P&A. The FSC may entrust to the Governor of the FSS the authority governing timely corrective measures (Article 10 of the Structural Improvement Act).



The FSC is also empowered to appoint special administrators to manage a bank on behalf of its executives, or recommend a general meeting of stockholders to dismiss its executives (Article 14 of the Structural Improvement Act).



The authorities recently established a Macroeconomic Financial Committee, composed by representatives of the MoF, the BoK, the FSC, and the KDIC. In practice, the Committee does not have decision power (for a detailed discussion on the Macroeconomic Financial Committee, please refer to the Technical Note on Crisis Management).



Assessment of Principle 3C



Comments
Principle 4Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.



Essential Criteria



EC1The term “bank” is clearly defined in laws or regulations.



Description and findings regarding EC1Article 2 of the Banking Act defines banking business as the business of lending funds raised from many unspecified persons by taking deposits or through the issuance of securities and other bonds. It also defines a bank as a legal person other than the BoK, which regularly and systematically manage banking business.



Article 27 states that a bank may be engaged in all services in banking business within the scope of the Banking Act and other related Acts, which effectively currently refers to foreign currency transactions through the FX Transaction Act.



EC2The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.



Description and findings regarding EC2Permissible activities of institutions that are licensed and subject to supervision as banks are defined under the Banking Act.



Banks are allowed to operate banking business, services incidental to banking business, and services concurrent to banking business.



Article 2(1(1) defines the term “banking business” as the business of lending funds raised by bearing debts from many unspecified persons through the receipt of deposits or through the issuance of securities and other banks.



Article 3 of the Banking Act states that all banks in the Republic of Korea shall be operated under the Banking Act, the BoK Act, the Establishment Act and regulations and orders issued under those. Article 5, nevertheless, sets up a special case for the National Federation of Fisheries Cooperatives, stating that any credit operations of the National Federation of Fisheries Cooperatives shall be deemed as a bank. Article 6 states that insurers and companies exclusively engaged in savings bank business shall not be deemed as banks and are regulated through specific Acts.



Article 27 of the Banking Act states that a bank may engage in all services in banking business, comprised of the following: receipt of deposits and saving deposits, and issuance of securities and other debentures; loans of funds or discount of notes; domestic and FX.



If a bank is to engage in a new service incidental to banking business, it is required to report to the FSC. Article 27–2 allows banks to operate services incidental to banking services, in which case banks are required to file it at the FSC within seven days prior to the date in which it intends to start such services. Incidental services include: guarantee of debts or takeover notes; mutual savings, factoring; custody activities; execution of collection and payment as an agent; to be a credit depository of a local government as an agent; execution of payment related to electronic commercial transactions as an agent; sale and lease of computer systems and software related to banking business; training on finance and publication of books and periodicals on finance; investigations and research on finance; other incidental services to banking services prescribed by Presidential Decree. Article 18 of the Enforcement Decree of the Banking Act (EDBA) defines those other services as: lease of real estate for business purposes; sale of revenue stamps, lotteries, gift certificates, etc. as an agency; advertisement; other services determined and publicly announced by the FSC. The RSBB (Article 25) lays out those cases—sale on consignment of bullion coins, development and sale of gold related financial products, as well as other services such as the issue of electronic tax invoices for another person, etc.



Banks are required to report incidental business seven days prior to the date in which they intend to initiate such services (Article 27–2). In cases where the FSC assess the incidental services to undermine soundness in the management of a bank, to hindrance the protection of bank users (e.g., depositors, etc.) or to threat the stability of financial markets, the FSC may order the restriction or correction of such incidental service (Article 27–2(5) of the Banking Act). Albeit the short notice, the FSC-FSS reported that in two cases limitations to those incidental business were imposed.



Article 28 of the Banking Act allows banks to operate on “concurrent business” which are defined as other than banking business within the following:
  • Financial business prescribed by Presidential Decree among business requiring authorization, permission, registration, etc. (e.g., derivatives, underwriting, as detailed in the EDBA Art 18–2(2)), which require applying for authorization;

  • Finance-related business provided for in Acts and subordinate statutes prescribed by Presidential Decree that are permitted for a bank to run under the relevant Acts and subordinate statutes (up to know there has been no cases), for which there is a requirement to file a report seven days prior commencing the finance-related business; and

  • Financial business prescribed by Presidential Decree that have no risk of being characterized as incidental services that can undermine a bank’s soundness, hindrance the protection of bank users (e.g. depositors, etc.) or threat the stability of financial markets. The EDBA (Article 18–2(4) lays out those cases, which include asset management (including asset-backed securities through SPVs), M&A services and sale of commercial bills, among others. For such financial business, there is a requirement to file a report with the FSC seven days prior commencing the new business.

For those cases under Article 28, where authorization is not required, the FSC has the power to order a restriction or correction of the new business in deemed necessary.



EC3The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.



Description and findings regarding EC3Article 14 of the Banking Act states that no entities other than the BoK and banks shall use the word “bank” in their name, or the expressions “banking business” and “banking services” or any word prescribed by Presidential Decree that is a word in a foreign language meaning bank, banking business or banking services. Identified cases of improper use of the word “bank” and derivations are made public through the FSS website.



EC4The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.8



Description and findings regarding EC4Non-bank deposit taking financial institutions encompass mutual savings banks, credit unions and credit cooperatives, which are supervised by the FSC-FSS and respond for 20 percent of total deposits (credit cooperatives 14percent). Other deposit taking institutions include the community cooperatives and the Korea Post office, which are under the supervision of the Ministry of Public Administration and Security and the Ministry of Knowledge and Economy, respectively and respond for 8 percent of total deposits in the Republic of Korea.



The Act on the “Regulation of conducting fund raising business without permission”, enacted in 2010, encompass not only direct deposit taking but also other activities that can result in deposit taking. Performing non-authorized activities can result in up to five years of imprisonment and a fine not exceeding fifty million Won. Advertising of non-authorized business can result in up to two years of imprisonment and a fine of up to 20 million Won. (Article 6).



EC5The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.



Description and findings regarding EC5The FSS publishes on its website an updated list of licensed banks including branches of foreign banks.



Assessment of Principle 4C



Comments
Principle 5Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)9 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and



projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.



Essential Criteria



EC1The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.



Description and findings regarding EC1Article 8(1) of the Banking Act states that any person who intends to engage in banking business is required to obtain authorization from the FSC.

The Banking law also grants the FSC broad powers to revoke a license (Article 53(2)), including: cases where the authorization on banking business was obtained through false or illegal means; violation of a condition of the term of authorization; and failure to execute a corrective order; among others.



In practice, the FSS is in charge of conducting the review process regarding the assessment of the fulfillment of the requirements and submits a recommendation to the FSC on the matter. The decision regarding a new license is achieved through a Commissioners’ meeting.



EC2Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or-supervisor determines that the license was based on false information, the license can be revoked.



Description and findings regarding EC2Criteria for licensing banks are prescribed through the Banking Act, the EDBA and the RSBB.



Article 8(2) of the Banking Act sets the requirements to be met in order to obtain authorization for banking business. Articles 1–7 and Article 3 of the EDBA, together with Articles 5 and Annex 2–2 of the RSBB, further detail the necessary requirements and content of the application for authorization, and also grants the FSC power to set additional requirements and necessary information to be provided when applying for a banking license.



Article 53 (2) of the Banking Act allows the FSC to suspend a bank’s business or revoke authorization for banking business if the authorization was based on false information.



The authorities reported that no application has been filed (either from a domestic applicant or a foreign applicant) for a commercial or specialized banking license over the past 20 years. No license has been revoked over the last five years.



The FSC has the power to impose conditions when granting a license deemed to be necessary for the stability of financial markets, securing the soundness of banks and/or the protection of depositors. (Article 8(4).



Over the last several years there have been no applications for licenses of new banks or subsidiaries of foreign banks although branches of foreign banks have been authorized to operate in the Republic of Korea. No case has been denied. In one particular case the authorities instructed the foreign entity to adjust their proposal prior the official submission.



EC3The criteria for issuing licenses are consistent with those applied in ongoing supervision.



Description and findings regarding EC3Necessary requirements to be met while applying for a banking license are broadly consistent with those applied in ongoing supervision.



Criteria include complying with shareholding limits; promoters and executives (which include Board members) to meet fit and proper criteria (Article 8 of the Banking Law—qualifications for executives); the entity to meet prudential standards, to have adequate internal control systems, human resources, physical facilities (Article 1–7 of the EDBA).



EC4The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.10 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.



Description and findings regarding EC4Overall, banking license requirements in the Republic of Korea are extensive. There are no explicit references in the legal or regulatory framework, nevertheless, determining that the proposed legal, managerial, operational and ownership structures of the banks and its wider group will not hinder effective supervision on both a solo and consolidated basis but taking into account the overall assessment criteria provided under Appendix 2–2 of the RSBB it seems that it wouldn’t be possible to establish shell banks in the Republic of Korea.



The RSBB, Appendix 2–2, lays out the examination standards for approval of banking business, encompassing minimum requirements on business feasibility assessments, as well as human resources, physical facilities, IT systems, risk management and others. In addition, in case of foreign financial companies aiming at establishing operations in the Republic of Korea, there is a requirement to obtain approval from the home supervisor in cases where such approval is necessary (from a home supervisor perspective) for the establishment of entities overseas. Other requirements include solid and internationally acknowledged financial and management status of the parent, as well as that such financial institution is subject to consolidated supervision by the home supervisor.



EC5The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.



Description and findings regarding EC5A person or an entity seeking to hold shares of a bank as a major shareholder must have sufficient investment capabilities, sound financial conditions and social credibility (Article 8 of the Banking Act).



The FSC-FSS reviews, among others, information provided by the applicant on any sanctions received, as well as information from the KDIC and law enforcement authorities.



Sources of initial capital have to be appropriate and it has to be possible to raise additional capital, if necessary (Appendix 2–2 of the RBB). There is no explicit reference within the legal/regulatory framework to transparency of the ownership structure.



In the case of FHCs, shareholders exercising “de facto” control are required to have adequate investment capacity, financial soundness and social credibility. Article 2 (2–9) of the FHC Act provides the definition of a “large shareholder”, which consists of the largest shareholder and major (principal) shareholders. A major shareholder is defined as a shareholder that exerts “de facto” influence over the important management decisions of an FHC, its subsidiaries, and sub-subsidiaries through the appointment and/or dismissal of board members or senior executives, as described by the presidential decree (Article 3–3 of the Enforcement Decree of the FHC Act provides the definition of a shareholder with “de facto” influence.) For an FHC, a shareholder with less than 4 percent of the shares of an FHC is considered a large shareholder in cases where the shareholder exerts de facto control over the FHC.



In the Republic of Korea, all the commercial banks are currently subsidiaries of FHCs; therefore their large shareholders are subject to the FHC Act.



It is not clear that the current assessment procedures regarding large shareholders in practice would encompass ultimate beneficial owners and others that would exert significant influence in the case of banks which are not under a FHC.



In case of branches of foreign banks, the FSC-FSS reported that applicants are required to provide the group structure of the head office. Within the requirements there is no reference to information on affiliates and other related parties. Overall, the assessment is based on a letter of commitment from the parent and a no-objection letter from the parent supervisory authorities.



EC6A minimum initial capital amount is stipulated for all banks.



Description and findings regarding EC6The Banking Act (Article 8(2)) provides for a minimum capital of KRW 100 billion for a nationwide commercial bank and KRW25 billion for a regional commercial bank.



No bank has been licensed over the last 20 years.



EC7The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.11 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.



Description and findings regarding EC7Licensing criteria does encompass a fit and proper test for banks’ executives (Article 8(2(6)) in combination with Article 18 of the Banking Act).



The EDBA (Article 12) defines an executive as those who are not directors but execute businesses of a bank, using a title which is deemed appropriate for the execution of businesses of the bank, such as honorary chairperson, chairperson, vice chairperson, president, vice president, chief executive officer, vice chief executive officer, assistant chief executive officer, senior managing director, managing director, director, or any other title.



Actual fit and proper criteria (Article 18 of the Banking Act and Article 13 of the EDBA) encompass impediments related to criminal activities or adverse regulatory judgment, as well as skills and experience in finance. Article 18 (Paragraph 2) of the Banking Act provides that “the executives of a bank shall be persons who have experience and knowledge in finance and who are unlikely to impede the public interest, sound management, and order of credit of the bank.”



There are no requirement for individual Board members or the Board to collectively have a sound knowledge of the material activities which the bank intends to pursue, and its associated risks.



There are no explicit requirements or procedures for the assessment of potential conflicts of interest. Article 18(2) of the Banking Article require executives to be “unlikely to impede public interest and safety and soundness of a bank.”



EC8The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.12



Description and findings regarding EC8As mentioned in previous ECs, the FSC-FSS hasn’t licensed a bank in 20 years.



Appendix 2 of the RBB—Standards for Approval for Banking Business—details the criteria for licensing banks and encompass, among others, appropriate internal control systems, corporate governance and risk management.



In the case of branches of foreign banks, reviews are also conducted relative to the adequateness of proposed strategic and operating plans as well as the IT risk management, internal controls and human resources (Appendix 2–5 of the RSBB). Files reviewed by the assessors confirmed such practices.



There is no explicit mention to checks for the internal controls relative to the detection and prevention of criminal activities or the oversight of proposed outsourced functions.



EC9The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.



Description and findings regarding EC9Appendix 22 of the RBB—Examination Standards for Approval of Banking Business details matters concerning business plans, including reviews of pro forma financial statements and projections (should be appropriate and feasible); the strategy (which should take into account long term objectives, competition, etc.); the business plan (should be based on objective data and to be feasible, taking into account the market conditions); the consistency between the business plan and the pro forma financial statements. Article 8(2(4)) of the Banking Act require large shareholders to have sufficient investment capabilities, sound financial conditions and social credibility.



EC10In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.



Description and findings regarding EC10Foreign financial companies aiming at establishing operations in the Republic of Korea (as described in EC4), are required to comply with requirements laid out in the RSBB. Appendixes 2(6) and 2–5 of the RSBB establish that in the case of a foreign financial company that has applied for the establishment of a financial institution (or holding company) approval from the home supervisor is required in cases where such approval is necessary—from a home country perspective—for the establishment of foreign subsidiaries. Other requirements include that the parent is systemically (including subsidiary companies and offices) supervised by the home supervisor; solid and internationally acknowledged financial and management status of the parent; provision of sufficient information on the parent’s management and business activities.



There is no explicit requirement for a no-objection from the home supervisors although in practice the FSC-FSS reported to systematically require it.



In the case of foreign banks which intend to establish a branch in the Republic of Korea, regulation (Appendix 25 of the RSBB) expressly requires approval from the home supervisors.



EC11The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.



Description and findings regarding EC11New entrants are submitted to the same on and off site processes applied to those entities already operating in the Republic of Korea. There are no on and off site processes applicable specifically to new entrants. General requirements include several periodic business reports, as well as financial reports. Regular reports submitted include detailed information on financials including assets, earnings, liquidity (quarterly), headcount (quarterly), productivity (quarterly), risks, business plans and others. Particularly in the case of foreign branches, main business activities, branch personnel and financial conditions are required to be reported annually.



Assessment of Principle 5LC



CommentsThe FSC has the power to set licensing criteria and reject applications that do not meet such criteria. The FSC hasn’t licensed a bank in twenty years but does have a structured process in place encompassing guidance for new applicants.



Limitations in the definition of large shareholders and related parties in the case of specialized and regional banks were not explored nor taken into consideration in this CP as the issue has been covered in other CPs.



Given the fact that no new licenses have been granted in 20 years, the assessors could not to go through files and confirm licensing practices.



Drivers for the rating included the fact that criteria to be assessed for licensing do not explicitly encompass elements relative to the detection and prevention of criminal activities or the oversight of proposed outsourced functions.



Another shortcoming related to the suitability assessment (including potential conflicts of interest) of large shareholders encompassing the ultimate beneficial owners.



Regarding assessment criteria for Board members, the authorities informed that legislation on the ownership structure of financial companies submitted to the National Assembly and yet to be approved provides that the outside directors should be persons who possess hands-on experience in the financial sector or professional financial knowledge, or who hold hands-on experience in management, law, or accounting.



In addition, the authorities should consider:
  • Amending the banking and respective enforcement decree and regulation to ensure that suitability of shareholders encompass the ultimate beneficial owners;

  • Amending the legal/regulatory framework to expressly require a no-objection from the home supervisor in all cases of establishment of subsidiaries of foreign banks in the Republic of Korea; and

  • Amending the RSBB to explicitly include assessments regarding the detection and prevention of criminal activities and oversight of outsourced functions.

The authorities informed their intention to revise the relevant regulations to enhance the transparency of the ownership structure of foreign bank branches, requiring further information on the group structure, including its affiliates and related parties, when they seek regulatory approval for a branch operation.



The authorities also reported their intention to act to revise the licensing criteria to incorporate an evaluation of the proposed internal controls relative to the identification and prevention of criminal activities, the oversight of proposed outsourced functions, as well as to expressly include the requirement for a no-objection from the home supervisor.



Principle 6Transfer of significant ownership. The supervisor13 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.



Essential Criteria



EC1Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.”



Description and findings regarding EC1The definition of significant ownership in the Banking Act is based on percentage of shareholding (encompassing related parties (10 percent of total shares) or a combination of shareholding (4 percent) and influence (being the largest shareholder or being able to exercise influence).



Article 2(1(10)) defines “large shareholder” as
  • A shareholder of a bank where the shareholder and its related parties (as defined in Article 2(1(8))) hold more than 10 per cent (15 per cent of a bank which does not operate nationwide (“regional bank”)) of the total number of voting stocks issued by the bank; and

  • A shareholder of a bank where the shareholder and its related parties have holdings of more than 4 per cent (10 per cent for local banks) and exercises de facto influence over the major managerial matters of the financial institution in a manner of appointing or dismissing its executives or, as a non-financial business operator, participates in the management of the financial institution by appointing or dismissing its executives.

Article 2(1(8)) defines the term “same person” as the principal and a person having a special relationship with the principal (a “specially related person”, i.e. related parties). Article 14 of the EDBA defines related parties as spouse, blood relatives in a second cousin relationship and relatives in a first cousin relationship, as well as companies where there is a shareholding over 30 percent, although certain exclusions apply.



In practice, currently in the Republic of Korea, all commercial banks (nationwide and regional banks) are subsidiaries of bank holding companies; thus large bank shareholders are subject to the FHC Act.



Article 2(19) of the FHC Act sets forth the definition of large shareholder of a bank holding company. Large shareholder is further divided into the largest shareholder and the major (principal) shareholder.



Major shareholder is a shareholder that exercises material influence on the management of the FHC or the subsidiaries or the sub-subsidiaries of the FHC through representation in the board or the senior management; Article 33 of the Enforcement Decree of the FHC Act also defines it as a shareholder who exercises material influence (“de facto influence”).



Please refer to CP 20 for further information on related parties.



EC2There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.



Description and findings regarding EC2Article 15 of the Banking Act establish that pre-approval from the FSC is required when a shareholder (or potential) and its related parties intend to acquire voting shares in excess of 10 percent (15 percent in the case of regional banks), 25 percent, and 33 percent of the total voting shares. Holdings beyond 10 percent can be authorized only if it is deemed to be necessary in view of the possibility to contribute to the efficiency and soundness of the banking business.



Article 15 also requires reporting to the FSC cases where a shareholder and its related parties seek to hold shares in excess of four percent of the voting shares and become the bank’s largest shareholder; where they hold over four percent and become the largest shareholder; any one percent increments over four percent of the voting shares (i.e., 5, 6, and 7 percent etc.); when there is any change in partnership of a private equity fund holding over 4 percent; when there is change in shareholding or partnership in an special purpose company (SPC) which holds over four percent of the voting shares.



Article 15–2 deals with “non-financial business operators” as banks’ shareholders, requiring approval from the FSC in cases where a shareholder (or potential) and its related parties intend to acquire voting shares in excess of four percent, or participate in the management by appointing or dismissing executives.



In the case of FHCs, Article 61 of the FHC Act requires only reporting in cases of transfer of significant ownership (no approval required), with the exception of non-financial business operators.



After the crisis in 1997 the Republic of Korea took measures to avoid having the main business groups in the country (the “Chaebols”) as banks’ large shareholders. For that purpose, the Banking Act (Article 2(9) defines a “non-financial business operator” as a company and its related parties with total assets over three trillion Won (Article 1–5(2) of the EDBA). Art 2(8) of the FHC Act defines a non-financial business operator in a similar manner.



EC3The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.



Description and findings regarding EC3In the case of banks, changes of ownership between four and ten percent require reporting to the FSC (Article 15(2)). Holdings over 10 percent require approval and are subject to several requirements, with the exception of the non-financial business operators, which are required to seek approval for holdings over four percent. In such cases where approval is required the supervisor.



The FSC-FSS reported that over the past five years, a total of seven requests for transfer of significant ownership have been filed. All were approved without appeal or any special conditions.



The legal framework does not explicitly give the authorities power to reject, modesty or reverse changes in significant ownership that were authorized based on false information. Nonetheless, hold.



EC4The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.



Description and findings regarding EC4Article 16–4 of the Banking Act requires the FSC to examine whether holdings of a bank’s stocks comply with the various limits and the necessary qualifications established through the Banking Act and the EDBA.



Article. 11–4 of the EDBA requires the FSC, on a semiannual basis (and through ad-hoc examinations, if necessary), to verify whether qualifications for significant ownership are met.



Article 10 of the DRSBB require banks to report to the Governor of the FSS the names and holdings of significant shareholders within one month prior the general meeting of shareholders.



In case of FHCs, information major shareholders and their related parties is obtained quarterly.



In addition, under Article 11–9 of the Regulation on Supervision of Financial Holding Companies (RSFHC), banks and bank holding companies are required to provide to the authorities an updated list of the 50 largest shareholders (including related parties) on an annual basis. In practice though, shareholdings below four percent are not monitored, irrespectively of considerations regarding exertion of influence.



EC5The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.



Description and findings regarding EC5According to Article 16 of the Banking Act and Article 10 of the FHC Act, in cases where the same person has holdings that exceed the limits without the proper authorization, shareholding rights cannot be exercised until approval is obtained, which should be sought promptly. In case of failing to seek approval, the FSC may order the disposal of those stocks.



There have been no cases of disposal of shares of a bank, reversal or modification of change in control that took place without the necessary notification/approval (there has been one case related to an insurance company).



EC6Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.



Description and findings regarding EC6Under Article 16–6 of the RSBB and Article 13–11 of the Regulation on Supervision of FHCs, banks and bank holding companies must promptly report to the FSC-FSS any financial deterioration of large shareholders and other major adverse developments that threaten the safety and the soundness of the bank or the banking holding company.



There are no additional provisions requiring banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or party that has a controlling interest.



Assessment of Principle 6LC



CommentsThe FSC has the power to review, reject and impose prudential conditions on proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. In practice though, transfer of significant ownership or controlling interest do not require approval in several cases.



In addition, the definition of large shareholder provided by the Banking Act is too narrow, as it does not contemplate the possibility of shareholdings below 4 percent resulting in “de facto” control or controlling interest, although in practice all commercial banks are subsidiaries of FHCs.



The authorities are recommended to:
  • Require approval for transfers of ownership that can result in changes in effective control; and

  • Amend the Banking Act in order to expand the definition of large shareholder.

Principle 7Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.



Essential Criteria



EC1Laws or regulations clearly define:
  • (a) What types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and

  • (b) Cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.

Description and findings regarding EC1As a general rule, banks cannot hold more than 15 percent of a non-financial company, with the exception of corporate restructuring, which requires approval from the FSC (Article 37 of the Banking Act).



Article 24 of the Improvement Act, requires banks to seek pre-approval from the FSC when a bank, including a banking group that owns a bank, intends to hold more than 20 percent of another company or 5 percent of another company and at the same time has a “de facto” control of the company.



Article 49 of the RSBB lays down cases where banks are allowed to hold over 15 percent of certain companies, which broadly encompass either supervised institutions or finance-related entities:
  • Supervised Financial Institutions performing Banking businesses under the Banking Act; Insurance business under the Insurance Business Act; Mutual savings and banking business as under the Mutual Savings Banks Act; Specialized credit financial business under the Specialized Credit Financial Business Act;

  • Any of the following types of business under the Financial Investment Services and Capital Markets Act: (a) Financial investment business; (b) Merchant banking business; (c) Business of a collective investment scheme (including the collective investment scheme under Article 6 (5) 1 of the aforesaid Act); (d) Business of a general administration company; and (e) Business of a company with an objective of holding equity shares of private equity funds;

  • Credit information business under the Use and Protection of Credit Information Act;

  • Banking computerization business and banking research service directly related to performance of banking business;

  • Factoring business;

  • A special purpose company for asset-backed securitization and asset management business under the Asset-Backed Securitization Act;

  • A special purpose company for mortgage-backed bonds under the Special Purpose Companies for Mortgage-Backed Bonds Act;

  • Business designated by competent administrative authorities as eligible for private investment pursuant to Article 8–2 of the Act on Private Participation in Infrastructure (limited to cases where the business is operated through a company falling under Article 51–2 (1) 6 of the Corporate Tax Act);

  • Procurement of equity capital by a bank (limited to cases where the business is established only for the procurement of the equity capital of the relevant bank that owns the total number of outstanding voting stocks or equity shares of the business); and

  • Other equivalent businesses recognized by the FSC.

Such exceptions are subject to limits, namely 15 percent of its regulatory capital or 30 percent (Article 21 of the EDBA), the latter if the bank CAMELR is 1 or 2, the CAMELR of the existing subsidiaries is 1, 2, or 3, the regulatory capital ratio is above 8 percent, the won currency liquidity ratio at the end of the previous year is at least 100 percent, the loan to deposit ratio is no more than 100 percent and the aggregate amount of investment in subsidiaries is within 30 percent—excluding statutory investments and those deemed unavoidable by the FSS (Article 50 of the RSBB). Article 50 also states that if the subsidiary stocks are issued through the capitalization of either capital reserves or asset-revaluation reserves, or when are issued as profit dividends, those conditions do not need to apply. Neither the Banking Act (Article 37) nor the RSBB (Article 49) refer to the need of notification or approval for those exceptions. Article 47(7) of the Banking Act require in general that capital injections into subsidiaries should be reported to the FSC.



Article 38 of the Banking Act limits to up to 100 percent (currently 60 percent as per Article. 21—2 of the EDBA) of equity the total amount that can be hold as equity investments of the following stocks or securities:
  • Debt securities and equity securities with some exceptions;

  • Those prescribed by Presidential Decree, among derivative-combined securities; and

  • Other securities prescribed by Presidential Decree, among beneficiary certificates, investment contract securities and securities depositary receipts.

In line with the Banking Act, Article. 18 of the FHC Act require only notification for certain cases where a subsidiary is to acquire more than 50 percent (30 percent in the case of joint stock companies) of a financial institutions with total assets under 100 billion won, a finance-related company (e.g., data processing) and others.



For all other entities, approval is required for including a company as a subsidiary (Article 16).



EC2Laws or regulations provide criteria by which to judge individual proposals.



Description and findings regarding EC2Article 24(6) of the Improvement Act requires acquisitions to fulfill the following requirements:
  • Type of business: financial institutions or activities auxiliary to financial services, companies linked to a special purpose corporation under the Rental Housing Act or finance-related companies, including credit information business;

  • Not to restrict competition; and

  • In the case of FHCs, criteria for approval (which can also be conditional) encompass assessment of business plan, safety and soundness of the FHC, as well as impact on competition pursuant to the Fair Trade Act (Article 17 of the FHC Act).

EC3Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.14 The supervisor can prohibit banks from making major acquisitions/ investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.



Description and findings re EC3The establishment of cross-border operations, in principle, does not require prior authorization.



Article 47(4) of the Banking Act requires banks to report (after the fact) establishment of cross-border operations, including overseas local corporations, branches or offices. Article 3–3 of the EDB, in combination with Article 10 of the RSBB, lays out particular cases requiring prior reporting to the FSC, which include: banks with a regulatory capital ratio under eight percent and a CAMELR of 3 or higher; countries rated below B+ or with no credit rating; cases where the overseas corporation is planned to run business other than banking services, incidental services or concurrent business or business different from those that the bank is currently running; as well as in countries that do not have a friendly relationship with the Republic of Korea. Articles 16 and 18 of the FHC Act also provide that the takeover of a foreign financial firm with assets in excess of KRW100 billion must be approved by the FSC.



Currently there are no legal or regulatory provisions in place that encompass among the objective criteria to be used within the approval process that any new acquisitions and investments do not expose the acquirer to undue risks or hinder effective supervision.



There are also no provisions to enable the supervisor to prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. There are also no provisions to take into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.



Where it is determined that the proposed investment is likely to undermine the bank’s safety and soundness or adversely affect the stability of the financial market, the FSC-FSS may impose restrictions or changes to the investment plan (Article 13(3) of the Banking Act). Supervisory actions may follow in the event of noncompliance (Article53 of the Banking Act).



EC4The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.



Description and findings regarding EC4Legal provisions, as described in EC 2, are set under Article 24(6) of the Improvement Act, which requires that potential acquisitions encompass only financial institutions or activities auxiliary to financial services, companies linked to a special purpose corporation under the Rental Housing Act (Article 51–2(1) 6 of the Corporate Tax Act) or finance-related companies, including credit information business. Those transactions are also required to not restrict competition.



In practice, nevertheless, a case made available to the assessors indicated that the decision process encompasses, in addition to the legal requirements, considerations regarding the financial impact of the acquisition to the acquirer, as well as business purpose.



EC5The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities.



Description and findings regarding EC5As described in EC1, as a general rule, banks cannot hold more than 15 percent of a non-financial company or non-financial related company, with the exception of corporate restructuring, which requires approval from the FSC, reflecting the awareness of the risks that non-banking activities can pose to a banking group.



For acquisitions over five percent, when there is effective control, approval must be obtained. Approval can be granted in the case of non-bank activities only if those activities are directed related to financial business.



Assessment of Principle 7LC



CommentsMajor acquisitions of non-financial companies are restricted in the Republic of Korea. Overall the authorities rely on reporting for dealing with and monitoring acquisitions of financial companies.



The assessors understand that the current framework could result in acquisitions being made that might be not in the best interest of safety and soundness, as well as the settlement of subsidiaries in countries with a lax supervisory environment.



The authorities are recommended to amend the legal framework in order to:
  • Require approval for major acquisitions or for the establishment of cross-border subsidiaries;

  • Have legal basis to consider the impact on banks business in making approvals; and

  • Establish criteria to be used within the approval process requiring that new acquisitions and investments do not expose the acquirer to undue risks or hinder effective supervision.

The authorities reported that in order to ensure effective prior regulatory review for the establishment of cross-border banking, the FSC-FSS will take appropriate regulatory measures in order to assess whether the host country provides information flows necessary for satisfactory consolidated supervision and whether the host country has the ability to exercise effective supervision on a consolidated basis.



Principle 8Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable.



Essential Criteria



EC1The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
  • (a) Which banks or banking groups are exposed to, including risks posed by entities in the wider group; and

  • (b) Which banks or banking groups present to the safety and soundness of the banking system.

The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.



Description and findings regarding EC1The FSC-FSS supervisory methodology encompasses the use of rating tools, as well as on and off-site monitoring. The use of ratings aims at enabling comparisons between banks and peer groups. Peer groups are split between large commercial banks, regional banks, specialized banks, and foreign branches.



One of the cornerstones of the FSS approach to supervision of commercial banks is the CAMEL-R, a rating system comprising the assessment of Capital adequacy, Asset quality, Management, Earnings, Liquidity and Risk management. The CAMEL-R was recently introduced, replacing the CAMELS. Ratings are assigned to each component and combined into a composite rating.



In case of branches of foreign banks operating in the Republic of Korea, as well as overseas branches of domestic banks, the FSS makes use of the ROCA (Risk management,



Operational control, Compliance, and Asset quality), which is focused at monitoring controls of overseas operations, and factored into the CAMELR.



The CAMELR is comprised of quantitative and qualitative components. The quantitative components derive from an off-site methodology (CAEL – Capital, Asset quality, Earnings and Liquidity) which is updated quarterly and enable the monitoring of trends and sudden movements. The qualitative component is updated every two years, through a full-scope examination.



In the case of the ROCA, the quantitative component is derived from the AELS (Asset quality, Earnings, Liquidity and Support), which is updated quarterly. The strength of support from the parent is assessed based on their credit ratings (from internationally recognized credit rating providers). For overseas branches, the quantitative components of the ROCA are derived from the AEL, which is updated semiannually.



The FSC-FSS also make use of a tool solely focused on risk management assessment – RADARS (Risk Assessment and Dynamic Assessment Rating System). The RADARS is conducted by using a risk matrix, splitting the activities of banks into 14 business lines, where each of them with a defined set of inherent risks, which are rated taking into account previously established indicators (quantitative component) as well as risk management level (qualitative component). Banks are assigned ratings (from 1 to 5) and directions, achieving 13 levels of risk. The quantitative element of RADARS is updated semiannually, and its results are used as inputs to plan examinations for the following year. During the full scope examinations of banks, which occur every two years, the qualitative elements are assessed and fed into CAMELR (R component).



The CAMELR is linked to the Prompt Corrective Action (PCA) framework (please refer to CP 11) which hasn’t yet been triggered for banks.



Currently the FSC-FSS supervisory approach focus mostly on the dominant entity within a group (measured by total assets). The extent of the assessment of business focus, group structure and overall risk profile, or resolvability of banks and groups is limited. Particularly regarding the FHCs, the supervisory approach focuses mostly on controls and management tools (please refer to CP 12).



Full-scope on-site examinations are performed biannually for all banks, irrespectively of their risk profile. The authorities state that the reason for not differentiating the frequency of full-scope examinations is the perceived soundness of banks.



The authorities also state that since asset size, portfolios, and business focus of the seven local private commercial banks are similar to each other, in addition to having similar systemic importance and as a consequence roughly same the number of supervisors assigned, the length, and the frequency of full-scope examinations are also similar. In addition, all seven banks have the same CAMEL-R rating. Regional banks and foreign bank branches are reported to be subject to shorter examinations—3 weeks and 2 weeks respectively—and inspection cycles might vary.



Partial examinations are triggered by particular issued flagged by the off-site monitoring, the CAEL, or specific issues industry-wide, although in practice a significant portion of those partial examinations have been focused on non-core supervisory issues.



EC2The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.



Description and findings re EC2The process for understanding the risk profile of banks (encompassing its subsidiaries) is based on on-site examination and off-site surveillance, supported by the CAEL, CAMEL-R and RADARS as detailed in EC1. The RADARS, also as detailed in EC1, incorporate a direction component (decreasing, stable, and increasing).



In practice, those monitoring tools do not seem to have embedded a forward-looking view of banks risk profile. It is also not clear that the nature of the supervisory work in each bank is based on the result of those analyses.



The authorities state that the Republic of Korea commercial banks are similar to each other in terms of size and operation, resulting in examination processes being similar.



Processes regarding FHCs are mostly focused on internal controls and management (please refer to CP12). Bank supervisors closely and thoroughly monitor the financials of banks and bank holding companies (i.e., capital adequacy, asset quality, liquidity, etc.), as well as how those entities manage risks. Periodic Business Reports, off-site surveillance and on-site examination are used to perform such monitoring. The results of the financial monitoring are incorporated into the supervision of banks, as well as the overall banking industry.



Major risk indicators are made public on a regular basis.



EC3The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.



Description and findings regarding EC3The FSC-FSS has a comprehensive process to assess banks and bank’s holding companies compliance with prudential regulations and other legal requirements. The process comprises the use of several tools encompassing off-site surveillance through the assessment of business reports (received on a quarterly basis), as well as on-site examinations. Prudential regulation and legal requirements assessments encompass: capital requirements, large exposures, connected lending, limits to shareholdings and to real estate investments, among others. The FSS receives a very broad and detailed set of information on a regular basis, which enables a robust process for checking compliance with limits and others. Qualitative assessments are mostly conducted on-site, through their full-scope examinations.



EC4The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in non-bank financial institutions, through frequent contact with their regulators.



Description and findings regarding EC4The FSS utilizes an early warning system, as well as stress testing, to assess the potential impact of macroeconomic changes on individual banks and the overall banking industry on an ongoing basis, encompassing also insurance, securities and other non-bank financial institutions.



The early warning system is composed by “handy indicators” and early warning models. The “handy indicators”, are monitored through a report generated on a monthly basis (data is generated daily). Currently there is a set of seven indicators, encompassing asset quality, funding and risk-premium. Findings can trigger meetings and requirements for banks to take actions (e.g. submission of an improvement plan). The early warning models combine individual financials and other information from banks with macroeconomic data and focus on likelihood of changes in the capital ratio and bankruptcy, among others. It is produced on a quarterly basis by the Macroprudential Department.



The FSS has robust information systems for sharing data and documents among the different areas in charge of banking, insurance and securities. In practice public data is freely available and in preparation for an examination, an inquiry is submitted to the various areas of FSS requesting input on areas or issues that should be covered by the examination to be initiated.



EC5The supervisor, in conjunction with other relevant authorities identifies, monitors, and assesses the build-up of risks, and trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.



Description and findings regarding EC5The FSC-FSS duties encompass the supervision of banks, insurance and securities. In addition, the BoK, the MoF and the KDIC are represented by Commissioners. A Macroeconomic Financial Committee, composed by representatives of the MoF, the BoK, the FSC and the KDIC has been recently established. For a detailed discussion on the Macroeconomic Financial Committee please refer to the TN on Crisis Management. Please refer to CP 3 for further details on cooperation and coordination.



The FSC-FSS monitor and assess the risk profiles of banks and the overall banking industry, by analyzing periodic Business Reports through the CAEL, which cover, among others, asset quality and liquidity (both local and foreign currency), as well as utilizing early warning models and “handy indicators”. Overall, industry-wide reports are also produced on an ad-hoc basis, triggered by detected trends or recent events.



EC6Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.



Description and findings regarding EC6The Republic of Korea is not required to introduce such plans under the “Key attributes of Effective Resolution Regimes for Financial Institutions” as no domestic bank has been designated as a Global Systemically Important Financial Institution (G-SIFI). Authorities have informed to be drafting a regulation on Domestic SIFIs (D-SIFIs). After the regulation is finalized, the establishment of a recovery and resolution regime for D-SIFIs will be considered.



EC7The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.



Description and findings regarding EC7The FSC also counts with a wide range of corrective measures, including a corrective action framework that enables action-taking in times of stress. Triggers include the capital ratio or CAMELR rating falling below a certain level, among others triggers (please refer to CP 11).



Over the last years, there has not been any case of use of the corrective action framework.



FSC decides on the resolution proceedings for a bank, particularly related to corrective actions, designation of a troubled bank, merger, transfer of contractual commitments to its customers to a stronger institution, and bankruptcy. The FSC is to decide on the resolution proceedings based on the plan submitted by the bank on improving its conditions.



EC8Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.



Description and findings regarding EC8Bank-like activities are regulated and defined by Acts and legally punishable (please refer to EC 4). Investigations are triggered in case of file of complaints, or information provided on potentially bank-like activities being performed fully or partially outside the regulatory perimeter. In case of need, findings are submitted to the responsible authority for further proper legal actions, including reporting to the prosecutor’s office. Non-authorized deposit taking is also subject to a fine of negligence up to 50 million won, to be applied by the FSC (Article 5 and Article 8 of the Act on Regulation of Conducting Fund-raising Business without permission.



Assessment of Principle 8LC



CommentsThe supervisory approach in place relies heavily on off-site monitoring and notifications of exceptions, as well as on a biannually full-scope on-site examination, with a robust and strong compliance foundation.



The existence of multiple points of responsibility with various teams in charge of particular sub segments, operating more or less autonomously, limits to a certain extent the ability of the FSS to maintain a thorough understanding of the overall risk profile of individual banks and banking groups., also potentially undermining the willingness to act and overall accountability regarding a bank or a banking group.



The over reliance on a comprehensive and relatively homogeneous full-scope examination performed every two years as the major source for qualitative assessment of risk management limits the forward looking capability of its supervisory approach.



Albeit the examinations conducted seem thorough, judgment considerations as part of the qualitative assessments have still a limited role in the overall process, with supervision focusing mostly on the dominant entity (from a total assets perspective) and a somewhat limited assessment of business focus, group structure and overall risk profile, or resolvability of banks and groups.



The authorities should consider:
  • Establishing a point of contact in charge of a particular banking/banking group, consolidating off and on site surveillance and any other information pertaining to a particular bank, including macroeconomic analyses;

  • Conducting partial examinations or (maybe with a mix of off and on site activities) on particular risks;

  • Developing capacity/procedures to allow a more in-depth and judgmental qualitative assessments; and

  • Reviewing its overall assessment process and check lists in order to incorporate more in-depth judgmental qualitative procedures into the assessments.

Principle 9Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.



Essential Criteria



EC1The supervisor employs an appropriate mix of on-site15 and off-site16 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.



Description and findings regarding EC1The FSC-FSS employs a combination of off-site surveillance and on-site examination which build upon a series of tools, namely the CAEL, CAMEL-R, RADARS, ROCA, as well as industry-wide assessments, and thematic off-site surveillances.



Full-scope examinations are performed biannually for all banks, and teams are composed of 25 up to 30 staff, combining staff from various divisions within a department, encompassing staffs from the Risks team, which will focus on the R element of CAMELR, as well as specialists from other departments to cover FX operations, derivatives and IT. Full-scope on-site examinations provide the qualitative inputs to the CAMELR.



The length of full-scope examinations or number of staff allocated to those examinations does not seem to depend on the risk profile or systemic importance of banks.



The authorities state that since asset size, portfolios, and business focus of the seven local private commercial banks are similar to each other, in addition to having similar systemic importance, the number of supervisors assigned, the length, and the frequency of full-scope examinations are similar as well. In addition, all seven banks have the same CAMEL-R rating. Regional banks and foreign bank branches are subject to shorter examinations – 3 weeks and 2 weeks respectively.



Partial examinations can be triggered by developments in the banking industry, as well as bank specific events. Length of examinations and staff allocation varies according to the issues to be examined. A good part of the partial examinations is dedicated to examining local branches of domestic banks, deal with complaints and other activities not necessarily related to the safety and soundness of banks.



Off-site surveillance is performed through the CAEL and RADARS periodically for all banks and sudden changes in trends and other abnormal movements trigger further assessment, irrespectively of the bank’s risk-profile or systemically importance.



The FSS counts with a division focused on quality control of examinations, dedicated to improving examination programs and practices but there is no systematic procedure for reviewing the quality, effectiveness and integration of its on-site and off-site functions.



EC2The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.



Description and findings regarding EC2Bank supervision functions are spread among several departments within FSS, which can pose challenges to coordination and to achieve an overall view of banks and banking groups.



The core banking supervisory functions are centralized in two deputy governors, which are in charge of both banking and non-banking supervision as follows:
  • Deputy Governor 1—Banking Supervision Department, FX Supervision Department, Corporate Credit Department, Small Business Support Office, Cooperative, Finance and Loan Business Supervision Department, Microcredit Support Department; and

  • Deputy Governor 2—Banking Examination Department 1, Banking Examination Department 2, Foreign Bank Branch Examination Office, Mutual Savings Department, Mutual Savings Bank Examination Department 1, Mutual Savings Bank Department 2, Cooperative Finance & Loan Business Examination Department.

On-site examinations responsibilities and most off-site surveillance are split among the Examination Departments and the Foreign Bank Branch Examination Department. Banks are split between Examination Department 1 and 2, segregating commercial and regional banks from the specialized banks.



The Supervision Department is in charge of: drafting detailed regulations, guidance and manuals; industry-wide assessments; internal model validations for regulatory purposes; as well as surveillance of stress-tests.



Within each Examination Department, the FSS has a monitoring team dedicated to the off-site surveillance of banks. They produce the CAEL quarterly and gather and share with FSS on-site examiners further ad-hoc information on individual banks. The monitoring team engages with banks in order to clarify sudden variations on financials and can follow up on measures taken in case of need.



The quality control and coordination team within the Supervision Department establishes policies and processes for standardized examination procedures. Other activities encompass updates of the examination manual, and quality assessment of examination reports.



Information sharing is bound by serious security/confidentiality concerns. In preparation for a full-scope on-site examination the examination team circulates within the FSS a memo requesting relevant information on the bank to be examined. Files examined by the assessors indicated that the various areas do share information in the form of reports.



Other departments involved in the supervisory process encompass the Enforcement Review Office, the Supervision Coordination Department and the Planning and Coordination Department, within the Deputy Governor in charge of Planning and Management support, as well as the IT supervision department (under the Deputy Governor in charge of Insurance) and the Derivatives, Trust, Structured Products and Pension Department (under a Deputy Governor in charge of Financial Investments Supervision, as well as the Accounting Supervision Department (under the Deputy Governor in charge of Accounting.



Deployment of resources varies according to the type of bank as commercial banks full scope inspections are conducted through the employment larger teams and usually take a slightly longer period.



EC3The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable17 and obtains, as necessary, additional information on the banks and their related entities.



Description and findings regarding EC3Banks are required to provide the FSS with a wide range of data and information on a regular basis. All banks, banking groups, and the other regulated financial entities file prudential reports (e.g., composition of regulatory capital, RWAs, solvency ratios, large exposures) and statistical returns (e.g., balance sheet and income statement, credit quality, securities holdings, residual maturities, etc.), in accordance to the relevant regulations.



CAEL reports are produced on a quarterly basis, containing information on capital adequacy, asset quality, earnings and liquidity, encompassing emerging trends, as well as peer analysis. Abnormalities are further investigated through the request of additional information or through meetings with banks, conducted by the off-site teams.



There is no systematic procedure to check the reliability of information provided by banks. The authorities sustain that reliability of information is tested through the periodic issuance of CAEL reports, as well as the on-site examinations.



Information on banks’ related entities beyond the scope of related party lending and large exposures are requested on a need basis.



Public information is collected through various areas within the FSS (e.g., off-site team, examination team) and uploaded into a centralized database. The FSS also reviews public available data and meets with market participants as necessary.



The FSS receives from banks detailed information on financial incidents and consumer complaints, and report that such information provides a useful input in overseeing the business conduct and internal controls of banks.



EC4The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as:
  • (a) Analysis of financial statements and accounts;

  • (b) Business model analysis;

  • (c) Horizontal peer reviews;

  • (d) Review of the outcome of stress tests undertaken by the bank; and

  • (e) Analysis of corporate governance, including risk management and internal control systems.

The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.



Description and findings regarding EC4The CAEL report produced on a quarterly basis by the FSS encompasses the analysis of financial statements and accounts, as well as horizontal peer reviews. Business model analyses encompassing business plans and business strategy are conducted on an annual basis. Industry-wide assessments are also conducted on an annual basis.



Reviews of the outcome of bottom-up stress tests are performed semiannually and encompass the assessment of risk parameters and methodologies, which are built on guidance issued by the FSS. Top-down stress tests are conducted annually by the banks based on parameters and criteria provided by the FSS. Analysis of corporate governance, risk management and internal control systems are mostly performed through the full-scope on-site examinations.



Findings are communicated as appropriate, triggered by on-site, off-site or industry wide analysis, with requirements for actions to be taken to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness, as needed.



EC5The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.



Description and findings regarding EC5Surveillance of individual banks through the CAEL and CAMELR is complemented by macro-prudential analysis through the early warning system, as well as stress tests



Reviews of the outcome of bottom-up stress tests are performed semiannually and encompass the assessment of risk parameters and methodologies, which are built on guidance issued by the FSS. Top-down stress tests are conducted annually by the banks based on parameters and criteria provided by the FSS. Industry-wide assessments are also produced on an ad-hoc basis focused on emerging issues and can trigger thematic examinations or recommendations to the market participants.



EC6The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.



Description and findings regarding EC6The FSS performs an overall assessment of the work of banks’ internal audit function in order to assess the effectiveness such work (please refer to CP 26 for further details).



The CAMELR includes a “Management” component, which encompasses banks’ internal audit and internal controls. For the assessment of the internal audit function, bank supervisors take a close look at internal control policies and organizational resources and self-examination programs and functions to prevent financial incidents, so as to determine whether the bank is able to identify areas of potential risk and has effective internal controls to mitigate it.



Currently the FSS does not rely on the internal auditor’s work to identify areas of potential risk.



EC7The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.



Description and findings regarding EC7The FSS senior management (i.e. deputy governor, director general, senior manager and head examiner) hold “partnership meeting” with banks’ senior management prior to the full-scope on-site examination to discuss current issues and vulnerable areas. Meetings with Board members are uncommon and information at that level is mostly gathered through reviewing Board resolutions, albeit meetings can be held and are commonly led by the deputy governor and the director general. The discussion of particular issues can also trigger meetings with banks’ CEO, CFO, CRO etc., with the FSS represented by the Director General and the Lead Examiner/Head of off-site depending on which area requested the meeting.



A dedicated team reviews business plans, which are submitted by banks on an annual basis, which results in a consolidated report, comparing plans with time series and peers. The tea can also meet with banks if deems it necessary, inviting on and off-site representatives to those meetings.



EC8The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.



Description and findings regarding EC8The FSS communicates to banks the overall findings of its on-site examination through a meeting with the bank’s senior management. The FSS reports that the chief of examination, on the last day of general examination, holds a management meeting with the senior management of the bank to deliver the CAMELR assessment results and key findings of examination, as well as to hear from the bank management. The inspection report is not left with the bank upon the completion of examination. The FSS review team conducts an independent review of the examination results based on the inspection report, mostly for legal issues. On average, a review process for a report that does not result in sanctions takes approximately five months for a general examination, and two to three months for thematic examinations.



Results of the off-site surveillance, namely the CAEL and RADARS, are not communicated to the banks. Particular concerns resulting from off-site surveillance are usually further discussed with banks.



Meetings with external auditors are rare. Meetings with board members are held collectively once the final examination report is completed. There is no practice of meeting separately with the bank’s independent Board members.



EC9The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.



Description and findings regarding EC9Article 14 of the RES requires the FSS Governor to notify examination results through an examination report. The Governor may take necessary measures or request the head of the financial institution to take such measures. Article 14 also requires the Governor oversight the measures taken by financial institutions regarding the supervisory concern. Banks submit progress reports and in practice the FSS reports that banks usually comply with the deadlines or that those are extended in exceptional circumstances, in particular related to more complex projects.



Article 15 of the RES establishes clear time frames for banks to address supervisory concerns (except when there is a special reason to the contrary), namely six months for management matters requiring attention and three months for all other issues. In practice the FSS reports that banks respect deadlines.



Bank supervisors require banks to implement requirements communicated to them and may require them to take additional measures if their implementation is not satisfactory. Bank supervisors may also impose sanctions on the executive officers and/or employees of the bank that hinder sufficient progress in the implementation of those requirements.



The follow up process on recommendations has been recently enhanced. In 2012 a new framework was established requiring banks to report on action plans. Files made available to the assessors indicated that under the new process the authorities have been able to effectively and systematically follow up on recommendations.



Currently the FSS seems to be following up on matters requiring management attention, although historically processes have been extremely lengthy, not ensuring that concerns would be addressed on a timely manner. Reports are shared with the banks several months (taking in some cases a year) after completion of examinations, encompassing recommendations and also sanctions.



EC10The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.



Description and findings regarding EC10The legal/regulatory framework does not encompass a general requirement for banks to notify in advance any substantive changes in their activities, structure and overall conditions, although Article 47 of the Banking Act, described below, cover some of the events that could fall into such category.



Similarly, there are no overall requirements for banks to report, as soon as they become aware, of any material adverse developments, including breach of legal or prudential requirements. Articles 41 and 42 of the RES, also described below, encompass some of those adverse developments.



Article 47 of the Banking Act requires banks to report to the FSC the following events:
  • Amendment of its article of associations;

  • Reduction of capital that does not require previous authorization;

  • Relocation of the head office to another city;

  • Establishment of an overseas local corporation, overseas branch that does not require prior authorization, when closes an overseas local corporation or branch or when opens or closes an overseas office;

  • Change in trade name;

  • Appointment or dismissal of executives;

  • Injection of capital into a subsidiary (including cases approved by the FSC for the promotion of corporation restructuring);

  • Provision of loans on the security of equity securities exceeding 20 percent of the equity securities of another company;

  • Relocation of a branch or agency within the same city or when closing its office; and

  • Whether it performs an act prescribed by Presidential Decree that could undermine the sound management of the bank or infringe on the interests of the bank users, including depositors, etc.

Article 41 of the RES requires banks to promptly report to the FSS Governor financial incidents, i.e., cases where an illegal or improper act is committed by an officer or an employee or any other person causes a loss upon such financial institution or financial customers or disturbs financial order. In practice the authorities stated that banks do report most of those cases.



Article 42 of the RES requires banks to report to the FSS Governor in case a civil suit has been decided against the bank without possibility of further appeal or a civil action with a claim exceeding one percent of equity (or one billion won, the higher of the two) or if a 10 billion won lawsuit is filed against the has been raised against the bank. In practice banks report most of those cases.



EC11The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.



Description and findings regarding EC11Article 47–2 of the RES establishes that in cases where the Governor of the FSS delegates or consigns examination business to a third party institution pursuant to the relevant statutes, the Governor shall determine methods and procedures for the examination to be conducted by such institution, except for those cases as separately prescribed by the relevant statues and e regulations.



In practice the FSS makes use of external auditing firms, derivatives experts and CPAs among others to perform specialized tasks when conducting full or partial examinations. In particular for accounting and derivatives, the FSS always count the third parties.



The chief examiner is in charge of assessing whether the output produced by third parties can be re relied upon to the degree intended, although there is no standardized format or a formal requirement for such review.



Article 3 of the DRES require all examiners (including hired third parties) to observe regulations related to service and examinations, as well as the Examiners Code of Conduct.



Conflicts of interest, in the case of third parties, are avoided solely by not allowing the accounting firm currently in a contractual relationship or obligation (e.g. audit engagement or business consulting) with the subject to be selected as an outside specialist.



EC12The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.



Description and findings regarding EC12The FSS has in place a number of information systems to facilitate the monitoring of banks, namely the Financial Information Exchange System (FIES), the Integrated Financial Information System (IFIS), Examination Management System (EMS), and the Safety and Soundness Assessment System (SSAS). The monitoring of financial markets statistics, approval of bank’s credit risk models, monitoring of assets and investments, use of “handy indicators”, as well as examinations of foreign currency transactions are also supported by dedicated systems.



The FIES and the IIFIS enable bank examiners to access and analyze bank’s Business Reports (including financial information). The EMS and the SSAS support on-site examinations and safety and soundness assessments.



Additional Criteria
AC1The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.



Description and findings regarding AC1There is no systematic procedure in place to assess the adequacy and effectiveness of the range of available supervisory tools and their use in order to make changes, as appropriate. Nonetheless, a series of bodies perform audits in the FSC and the FSS, including the internal audit, the BAI (under Article 24 of the Board of Audit and Inspection Act, although the scope of review dos not explicitly encompass the assessment of the effectiveness of the range of supervisory tools.



In addition, the FSS counts with an advisory committee, consisting of independent external experts, who has over the years provided advice on specific issues of concern (e.g. credit unions).



Assessment of Principle 9LC



CommentsThe FSS uses a broad range of techniques and tools to implement its supervisory approach. It counts with comprehensive and detailed set of data requested, encompassing financials and management information, as well as its systems and dedicated staff results in a robust off-site framework. On-site examinations are supported by check lists and guidance to ensure consistency in the supervisory process.



Deployment of resources is based on the type of bank and total assets, which to a certain extent reflects banks’ risk profile.



The authorities should consider:
  • Reviewing the annual planning process regarding banking supervision in order to focus the partial examinations on core supervisory issues and risks;

  • Reviewing its policies for information sharing within the FSS in order to provide a more comprehensive and easier access to information to the examination team;

  • Intensifying engagement with senior management as part of the on-site examination processes beyond the partnership meetings;

  • Developing standard rules for hiring third parties, as well as ensuring quality control, as well as develop more robust procedures to avoid the existence of conflicts of interest;

  • Reviewing the distribution of activities within the FSS in order to better allocate resources into its core supervisory functions (please refer to CP 2); and

  • Formally requiring banks to immediately report on any material adverse developments.

The FSC-FSS has informed its intention to hold more meeting with outside directors.



The FSC-FSS also reported that it will improve the post-examination process, by giving a separate notice on the CAMEL-R results, matters that require special attention and improvement, etc. before notifying the full examination results.



Principle 10Supervisory reporting. The supervisor collects, reviews, and analyses prudential reports and statistical returns18 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.



Essential Criteria



EC1The supervisor has the power19 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.



Description and findings regarding EC1Article 40 of the Establishment Act states that when deemed necessary by the FSS Governor any supervised institution might be required to submit a report or data, while the Banking Act require banks to submit on a monthly basis to the Governor of the FSS a “report stating details of business performed”(Article 43–2 of the Banking Act).



The scope and periodicity of data requested by the authorities vary depending on whether it is requested on a solo or consolidated basis, as well as on the type of entity (bank, FHC). Overall, the FSS receives a broad and detailed set of data on a daily, monthly, quarterly, semiannually or annually basis, as well as ad-hoc reports.



Information encompasses detailed financial information, as well as other types of information, necessary to check regulatory compliance. More specifically, submitted reports encompass information regarding on and off-balance sheet assets and liabilities, P&L, capital adequacy, liquidity, large exposure and risk concentrations, as well as asset quality, loan loss provisioning, related party transactions, interest rate risk and market risk, among others. In the case of related parties, information is requested on an ad-hoc basis.



Information relative to supervised entities that are not part of the consolidated financial statements (e.g., insurance companies) is obtained on an unconsolidated basis.



Currently there are no requirements in place for banks and financial holding companies to provide information/balance sheets on unregulated entities that are subordinated to regulated entities, albeit having the power to request information on financial statements.



EC2The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.



Description and findings regarding EC2Reporting standards follow the accounting standards for banks operating in the Republic of Korea.



Article 32 of the RSBB requires banks to comply with the Korean International Financial Reporting Standards (KIFRS), laid down by adopting the international accounting standards of the International Accounting Standards Board (IASB). In case of certain items not covered by IFRS, banks are required to comply with specific guidelines issued by the FSS. Specific guidance on fair valuation in line with IFRS, calculation standards for foreign currency exposures, as well as on how to prepare Business Reports, have also been issued by the FSS. The National Agricultural Cooperative Federation and the National Federation of Fisheries Cooperatives are required to be compliant with the KIFRS for the fiscal year of 2014 (beginning in January).



EC3The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and are consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.



Description and findings regarding EC3Article 2–2—Operation of Internal Accounting Management System – of the Act on External Audit of Stock Companies (Act on External Audit), require companies with total assets over 100 billion won to have an internal accounting management system for the preparation of accounting information, encompassing methods of discrimination, mensuration, classification, recording and reporting of accounting information. The system should also encompass matters concerning the method of controlling and revising errors, methods for internal inspection and adjustment, among others.



The FSS provides guidance on valuation through Appendix 4 of the DRSBB. The supervisory assessment of adequacy of valuations is conducted during on-site examinations. In case the FSS determines that valuations are not sufficiently prudent, banks are required to make adjustments.



EC4The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.



Description and findings regarding EC4The FSC-FSS maintains an integrated financial information analysis system to collect and manage data from the banks both on a monthly and a quarterly basis. The data collected ranges from banking operations to financials, to regulatory compliance.



The quantity and the types of the data collected from the commercial banks, the specialized banks, and foreign bank branches reflect differences in the rules and regulations that apply to each of those groups. All commercial banks have to submit an extensive set of information within the same frequency. Information submitted by banks is analyzed on a regular basis through the CAEL, irrespective of the risk profile and systemic importance of each bank. Specialized banks, regional banks and branches of foreign banks operating in the Republic of Korea, as well as branches of domestic banks operating abroad are required to submit a smaller, although relatively comprehensive, set of information.



EC5In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).



Description and findings regarding EC5Information relative to a banking group, including all banks and the financial holding company, are collected on a comparable basis and are related to the same dates and periods. Financial holding companies are required to slightly different set of requirements.



Banks are required to provide data on a consolidated basis and individual data on banks is also submitted, enabling comparisons and analysis.



EC6The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.



Description and findings regarding EC6The Establishment Act (Article 40)—Requests to submit data, etc.—states that when the Governor of the FSS deems it necessary to perform its duties, he may request any supervised entity “to submit a report or data about its business affairs or property,” which includes internal management information. Non-financial entities are not under the scope of supervised entities.



EC7The supervisor has the power to access20 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.



Description and findings regarding EC7The Establishment Act (Article 40)—Requests to submit data, etc.–states that when the Governor of the FSS deems it necessary to perform its duties, he may request any supervised entity “to submit a report or data about its business affairs or property,” or may require “a person involved to appear before the FSS to make an oral statement”.



The Banking Act (Article 43–2) grants the FSS with a general power to access all banks records for the furtherance of supervisory work, by stating that a bank is required to provide the Governor of the FSS requested data to perform supervision and inspection duties.



EC8The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines-the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.



Description and findings regarding EC8The FSC-FSS reported to mostly relies on fines and moral suasion for enforcing compliance with the requirements that information is to be submitted on a timely and accurate basis



Article 54 of the Banking Act empowers the FSC-FSS to impose sanctions on senior management and staff for intentional misreporting. Article 69 of the Banking Act on fines for negligence enables the FSC-FSS to fine banks that violate the Banking Act or any rules, orders or instructions under such act. The fine for negligence cannot exceed 50 million won.



There are no explicit regulations regarding sanctions to be applied to banks in cases of misreporting and persistent errors on the information provided by banks. In practice moral suasion is reported to be successful in requiring banks to amend inaccurate information.



Article 43–2 of the Banking Act requires the signature of the representative, person in charge or his agent, for information provided to supervision, while Article 54 of the Banking Act—Sanctions against Executives and Employees—enables the FSC, in case an executive of a bank willfully violates the Banking Act or any rules orders or instructions under such act, to order an executive of a bank to suspend the execution of his functions or have the FSS Governor to take appropriate measures such as issuance of warnings.



EC9The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.21



Description and findings regarding EC9The process of producing the CAEL, as well as the information received from banks and assessed during on site examinations is the way the FSS perceives it can ensure the validity and integrity of information provided by banks.



EC10The supervisor clearly defines and documents the roles and responsibilities of external experts,22 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.



Description and findings regarding EC10Article 47–2 of the RES grants the FSS power to determine methods and procedures for the examination to be conducted by third parties. The authorities informed that roles and responsibilities, including the scope of work, as well as conflicts of interest and liability and damages are detailed in standard contracts signed by those consultants. There are no comprehensive criteria in place regarding conflicts of interest (please refer to CP9), no systematic process to assess suitability of experts for designated tasks, or to assess the quality of the work performed by those experts. The FSS stated that quality of work is assessed by the lead examiners.



EC11The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.



Description and findings regarding EC11There is no explicit requirement that external experts promptly bring to the FSS attention any material shortcomings identified during the course of any work undertaken by them for supervisory purposes. The authorities stated, although without providing supporting evidence, that third parties hired to perform examination functions are subject to rules and responsibilities equivalent to those applicable to bank examiners.



Article 47–2 of the RES has a general statement regarding delegation or consignment of examination functions to third party institutions (not making reference to individuals), delegating to the FSS Governor to determine methods and procedures for conducting examinations.



EC12The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.



Description and findings regarding EC12There is no systematic process in place for reviewing the information collected, to determine that it satisfies the FSS needs. Nevertheless, as already discussed, the FSS receives a very detailed set of information and reported that changes to the scope of information that banks are required to file with the FSS are performed, as needed.



Assessment of Principle 10LC



CommentsThe FSC-FSS have powers to require banks to submit information on both a solo and a consolidated basis.



In practice, the FSC-FSS maintains an integrated financial information analysis system to collect and manage data from the banks both on a monthly and a quarterly basis. The data collected ranges from banking operations to financials, to information related to regulatory compliance.



Shortcomings in compliance with this CP relate to the lack of systematic procedures to ensure reliability of data provided by banks, quality control, lack of a systematic process to assess suitability of external experts, the use of third parties to perform supervisory work, lack of a requirement that external experts bring to the FSS attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes, as well as limitations regarding access to information from non-financial companies within a group. The latter has not been taken into account in granting the rating since it has been addressed through CP 12.



The authorities should consider amending the legal framework in order to be able to have access to all relevant data and information from non-financial entities within a bank or banking group.



The FSC-FSS should consider:
  • Requiring external auditors (as mandated by banks) to review the quality of regular reports submitted to the FSS; and

  • Enhancing rules and guidance for hiring third parties to perform supervisory work.

Principle 11Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.



Essential Criteria



EC1The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.



Description and findings regarding EC1Article 14 of the RES—Notification of and Measures upon Examination Results – requires the FSS Governor to notify banks of examination results through an examination report. The Governor may take the necessary measures to request the head of the financial institution to take the necessary measures to address issues of concern. The report covers matters requiring management attention, as well as those requiring sanction or correction, which include disciplinary matters.



Article 14(3) requires the FSS Governor to supervise banks’ implementation of the necessary measures, which responsibility rests with banks’ head of internal audit or the banks’ CEO.



Article 15 of the RES require banks to report on the corrective actions taken to the FSS Governor within an objective timeframe, except in cases of special circumstances, as follows:
  • Matters requiring attention—6 months; and

  • Matters requiring sanction or correction range from 2 to 3 months.

In case the Governor determines that the corrective actions were poorly or improperly implemented due to negligence or incompetence of officers or employees, he is granted the power to apply sanctions.



Article 20–2 allows the authorities to enter into MoUs with banks, which allow more flexibility in terms of committing to timeframes, in particular regarding grave matters.



There are no requirements in place for the banks’ Board to be notified in case banks are required to take significant corrective actions.



The FSS follows-up on matters requiring management attention, although historically processes have been extremely lengthy, not ensuring that concerns would be addressed on a timely manner. Reports are shared with the banks several months (taking in some cases a year) after completion of examinations, encompassing recommendations and also sanctions. Notwithstanding, the follow up process on recommendations has been recently enhanced. In 2012 a new framework was established requiring banks to provide an action plan for addressing the recommendations, report progress and provide evidence of implementation of the action plan. Files made available to the assessors indicated that under the new process the authorities have been able to effectively and systematically follow up on recommendations.



EC2The supervisor has available23 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.



Description and findings regarding EC2The FSC-FSS counts with a range of supervisory tools for dealing with non-compliance with laws and regulations and for addressing safety and soundness issues.



Article 53(1) of the Banking Act empowers the FSC to issue warnings, impose corrective actions, or partially suspend business for no more than 6 months in cases of threats to banks’ safety and soundness through violations of the Banking Act or its regulations. Article 53(2) grants the FSC the power to order a bank to suspend all of its business for a fixed period of at least six months or revoke authorization for banking business. Grounds for such measures include: obtaining a license by false or illegal means; violating a condition or term of authorization; carrying out a business during a suspension period; failing to execute a corrective order; the fact that interests of depositors or investors are likely to be greatly undermined due to a violation; or any orders or dispositions issued or taken under the Banking Act. Article 17 of the RES details the types and reasons for sanctions to be applied against banks, encompassing: revocation of license; suspension of business in whole or in part; closing of business office or a full or partial suspension of business office; stoppage of the illegal or improper acts and warnings; among others.



Willful violations of the Banking Act or its rules, orders or instructions or actions that greatly undermine a bank’s soundness by banks’ executives or employees, are subject to sanctions. Article 54(1) of the Banking Act—Sanctions against Senior Management and Employees—grants the FSC the power, upon recommendation of the Governor of the FSS, to order the suspension of the execution of its functions, recommend the general meeting of stockholders to dismiss the executive and also to have the Governor of the FSS to take an appropriate measure (e.g., issuance of warnings) In addition, the FSC has the power to request the Governor of the FSS to take other disciplinary measures such as dismissal, suspension, deduction of salary and reprimand, etc,.



Violations of prudential requirements relative to related parties and large exposures and other exposure limits are subject to penalty charges (Article 65–3). Criteria for imposing a penalty charge include: (a) details and severity of the violation; (b) period and frequency of the violation; (c) amounts of profits gained from the violation; or others (Articles 65–4).



Banks are subject to fines up to 50 million won related to the following: (a) failure to file a report relative to the establishment of overseas local corporations, incidental or concurrent business, stockholding limits or non-financial holding limits; (b) fail to comply with requests to submit data on large shareholders; (c) fail to undergo a resolution by the board of directors on prescribed cases; (d) fail to report to the FSS or to the public loans to large shareholders or exposures to securities issued by shareholders above certain thresholds; and (e) fail to collaborate or evade from inspections; among others (Article 69 of the Banking Act).



EC3The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.



Description and findings regarding EC3The Banking Act (Article 34) require banks to comply with regulatory requirements including capital adequacy, asset quality and liquidity, and empowers the FSC to take the necessary measures (including ordering an increase in capital, restriction on dividends, among others) in cases where it is deemed that a bank is likely to “greatly undermine” its soundness by failing to comply with those regulatory requirements.



In addition, Article 46 of the Banking Act grants the FSC the power to restrict a bank from taking deposits or granting credit, suspend deposit payments or take other necessary measures in case it deems that a bank could seriously harm the interests of its depositors, such as the fear of bankruptcy or insolvency.



Article 26(3) of the RSBB grants powers to the FSS Governor to required banks to submit a correction plan or an agreement for improvement in cases where minimum regulatory ratios are deemed to deteriorate or when it is judged (through examinations) to have vulnerabilities in management.



Article 10 of the Improvement Act reinforces those powers and also encompasses the situation where it is deemed evident the non-compliance with the standards due to the occurrence of any major financial scandal or deterioration of the loan portfolio.



EC4The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.



Description and findings regarding EC4The FSC has a range of measures available to address concerns regarding banks’ capital ratios (as detailed in EC3), as well as deterioration of banks’ CAMELR ratings due to deterioration of the loan portfolio or due to the occurrence of serious financial accidents (Article 34 and 35 of the RBB).



In the case of CAMELR ratings, for composite ratings of 1, 2 or 3, where the rating for asset quality or capital adequacy is 4 or 5, the FSC is required to recommend actions, while in cases where the composite rating is 4 or 5 the FSC is required to require actions (please refer to EC3 for further details on the actions).



Specific actions that bank supervisors may order the bank to implement to improve its conditions include: personnel and organizational changes; cost savings; more efficient management of branches; restrictions on new business or investment; disposal of distressed assets; increase or decrease in capital; restrictions on the distribution of earnings; branch closures or restrictions on new branch openings; downsizing; restrictions on the holding of risky assets; sale of assets; restrictions on deposit interest rates; disposition of subsidiaries; replacement of executive officers; partial suspension of business; merger; acquisition by a holding company as its subsidiary; acquisition by a third party; development of a plan to transfer all or part of business; retirement of all or some of shares; suspension of duties of executive officers or the appointment of an administrator; transfer of all or part of business; suspension of business up to six months; and transfer of all or part of contractual commitments to customers to a stronger institution.



There are no provisions allowing the FSC to impose more stringent prudential limits and requirements, barring individuals from the banking sector, replacing or restricting the powers of, Board members or controlling owners.



In practice the authorities reported that there has been no need to use the corrective action framework since the Asian Crisis.



EC5The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.



Description and findings regarding EC5Article 54 of the Banking Act—Sanctions against Senior Management and Employees—grants the FSC the power, upon recommendation of the Governor of the FSS, to order the suspension of its functions, recommend the general meeting of stockholders to dismiss the executive, and also to have the Governor of the FSS to take an appropriate measure (e.g. issuance of warning). The FSC has also the power to request the Governor of the FSS to take other disciplinary measures such as dismissal, suspension, deduction of salary and reprimand, etc.



There are no provisions within the legal and regulatory framework that enables the FSC-FSS to apply sanctions to the Board collectively.



In practice the FSC makes regular use of fines, with XX fines imposed over the last 5 years. In case of sanctions to banks would also apply sanctions to the executives. The authorities reported that appeals to sanctions to management are not common.



EC6The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.



Description and findings regarding EC6As described in previous ECs, the FSC-FSS has the power to take corrective actions regarding matters that could impair the safety and soundness of a bank or the banking system.



There is no explicit legal/regulatory framework in place, granting power to the FSC-FSS to ring-fence a bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.



EC7The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).



Description and findings regarding EC7The FSC-FSS is the resolution authority in the Republic of Korea. The decision on when and how to effect an orderly resolution of a problem bank is made through a Commissioners’ meeting. Meetings are to be held with the attendance of a majority of all incumbent Commissioners and adopt a resolution by majority of votes. As detailed in CP1, the roster of commissioners encompass representatives from the other relevant authorities operating in Korea, namely the BoK, MoF and KDIC. The KDIC can take part in the process by arranging banks’ mergers, transfer contracts and establishing a financial resolution institution, as well as providing financial support for distressed banks, if needed be.



Additional Criteria
AC1Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.



Description and findings regarding AC1As already detailed in previous ECs, the corrective framework in place in the Republic of Korea is laid down through Articles 34, 35, and 36 of the RBB. Article 37 allows for postponing the requirement of such measures in cases where the bank is judged to be unable to meet the required standards in a short period of time due to capital increase, disposal of assets, or similar.



Banks are required to submit action plans regarding recommended and required management actions within two months (Article 39 of the RBB). The FSC is required to decide whether to approve the plan within one month (and in exceptional cases 45 days) of submission. Action plans are required to be revised by a Management Evaluation Committee comprised of outside professionals.



Recommended actions related to management improvements are to be implemented within a year from the approval date; required actions, 18 months (Article 40 of the RBB). Banks are required to submit quarterly reports (Article 39(7)). Based on the quarterly reports, implementing periods can be exceeded in cases where the FSS Governor deems that the result of the plan is insufficient or inadequate, for no more than one year or 18 months, respectively (Article 40 of the RBB).



Overall, the legal/regulatory framework seems to reasonably guard against the FSC-FSS unduly delaying appropriate corrective actions. Provisions related to Article 37 in particular, nevertheless, can potentially result in unduly delaying appropriate corrective actions. In practice such measures have been used since the Asian crisis.



AC2When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them.



Description and findings re AC2The FSC-FSS is in charge of supervising both bank and non-bank financial entities. There has been no need to take corrective action since the Asian crisis.



Assessment re principle 11LC



CommentsThe FSC-FSS has a range of powers, measures and tools available to address threats to banks and the banking system. The process of providing recommendations to banks based on on-site examinations, albeit recently improved, is still lengthy, which weakens its effectiveness. In addition, there are no provisions allowing the FSC to impose more stringent prudential limits and requirements beyond certain particular cases, barring individuals from the banking sector, replacing or restricting the powers of Board members or controlling owners.



The authorities are recommended to:
  • Further enhance its process of providing recommendations and sanctions in order to increase its effectiveness; and

  • Amend the legal/regulatory framework in order to be able to impose more stringent prudential limits and requirements to individual banks, bar individuals from the banking sector and to replace and restrict the powers of Board members or controlling owners.

The authorities reported to be planning to improve the post-examination process by giving a separate notice on the management status evaluation results, matters that require special attention and improvement, etc.



The FSC-FSS has set up a task force that has been working on standards and rule changes for D-SIB and is looking to complete the task in the near future with more stringent prudential limits and requirements.



Principle 12Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.24



Essential Criteria



EC1The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.



Description and findings regarding EC1The FSC-FSS seems to have an understanding of the overall structure of banking groups but there is no evidence that the FSC-FSS is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border.



The FSC-FSS monitors how group-wide consolidated risks are managed from an internal controls and operational management perspective. In addition, surveillance of the consolidated balance sheet of banks is performed through the use of the CAEL, to the extent that refers to consolidated entities. Full-scope examinations of the large banks, which are conducted every two years, encompass a module related to the FHC, resulting in an RFI (Risk management, Financial Condition and Potential Impact).



There are currently no procedures in place for overall monitoring/assessing relative to contagion and reputation risk that may jeopardize the safety and soundness of the bank and the banking system. The FSC-FSS has placed limitations on credit extension within the group and does not allow subsidiaries to own shares in the FHC (Article 48 of the FHC Act).



EC2The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, and exposures to related parties, lending limits and group structure.



Description and findings regarding EC2Banks and FHCs are required to consolidate their subsidiaries for reporting and regulatory purposes (Article 54 of the FHC). Non-financial entities and insurance companies are not required to be consolidated and those investments are deducted from the FHC.



Specific prudential standards are applied on a consolidated basis to FHCs (Article 45 and 45–2 of the FHC Act), encompassing capital adequacy (eight percent, based on the 1988 Accord), large exposures (25 percent), and lending to major shareholders (25 percent). As already discussed in previous CPs, banks are also required to apply prudential standards on a consolidated basis.



Exceptions to large exposures and related parties lending limits encompass situations where it might be necessary to do so due to national economy reasons, as well as situations of reductions in capital of the FHCs (for the latter the FHC will have a year to comply with the limit).



Lending over one percent or five billion won up to 25 percent of regulatory capital can be granted upon unanimous approval of the Board of Directors, followed by communication to the FSC.



Business reports are required to be submitted on the same consolidated basis, covering information on capital adequacy, liquidity, single borrower exposures, and credit exposures to major shareholders.



EC3The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.



Description and findings regarding EC3CAMELR and ROCA are applied, respectively, for subsidiaries and branches operating overseas as part of on and off-site examination procedures. In addition, FHCs are required to report financial incidents or sanctions of overseas subsidiaries and to fulfill detailed requirements regarding internal controls, which encompass overseas operations regarding proper coordination and management.



The authorities indicated that effectiveness of supervision conducted in host countries is not relevant within their supervisory processes, in view of the relative small exposures of Korean banks operating overseas albeit meeting with the host supervisor when performing on-site examinations overseas.



The FSS reported that full scope on-site examinations of the parent encompass reviewing the procedures for appointing employees including, overseas subsidiaries. Authorities also reported that when performing on-site examinations overseas, senior management of branches and subsidiaries are interviewed and meeting minutes reviewed, adding that in practice, senior management appointed to those positions have had some direct/indirect experiences in dealing with operations in that particular country before becoming a manager.



EC4The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.



Description and findings regarding EC4The FSS performs periodic examination in subsidiaries and branches overseas and usually meet the host supervisor during those visits. Korean banks had a total of 100 branches and subsidiaries overseas as of March/2012, standing for 4 percent of total assets of banks.



The FSS currently receives a full set of information on a quarterly basis and also has the power to require additional data and reports, as needed.



Criteria for assessing the need to conduct on-site examinations of foreign branches and subsidiaries encompass asset size, date of last examination, as well as increase in assets or non-performing loans, in addition to issues related to internal controls (financial incidents).



The FSS annual plan encompasses on-site examination of foreign branches and subsidiaries they wish to undertake (branches or subsidiaries indistinctly). Over the last few years, the FSS has managed to perform on-site examinations of foreign operations every year. The annual budget encompasses the examinations that the FSS wishes to undertake.



Prior performing an on-site examination overseas, the teams usually meet with the head office department to gather information used by the bank to oversee those operations. In addition, the FSS examiners reported to usually meet with the host supervisor during those oversees on-site examinations.



EC5The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.



Description and findings regarding EC5Most groups in the Republic of Korea operate under a FHC framework. FHCs are subject to periodic monitoring (every two years) through RFI (Risk management, Financial Condition and Potential Impact).



The monitoring of activities of affiliate companies seems to be limited mostly to reviewing financial information. Where insurance groups and other nonbanking entities are subsidiaries of a FHC, the FSC-FSS require them to submit financial information (profitability, asset soundness, credit extension limit, capital adequacy, insider trading, etc.) on a solo-basis for monitoring purposes.



In the case of a bank which is not under an FHC structure (all commercial banks are under FHCs); there is no evidence that activities of parent/affiliate companies were monitored. In practice, as groups consolidated assets are predominantly within the banking business, focus has been put on banks.



EC6The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
  • (a) The safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed;

  • (b) The supervision by other supervisors is not adequate relative to the risks the activities present; and/or

  • (c) The exercise of effective supervision on a consolidated basis is hindered.

Description and findings regarding EC6Article 13(3) of the Banking Act require that banks pre-submit plans for establishing an overseas corporation in cases where:
  • The bank regulatory capital ratio is below 10 percent or the bank has a CAMELR of 3 or higher;

  • the bank plans to establish an overseas corporation through a merger with a corporation rated B+ or lower;

  • Intends to engage in business other than banking, incidental or concurrent services or business different from what it runs domestically; and

  • Intends to establish the business in countries rated B+ or lower or that have no diplomatic relations with the Republic of Korea.

The legal framework in place in the Republic of Korea restricts the types of activities that the consolidated group may conduct to financial activities or financial related activities. There are no restrictions, nonetheless, based on the quality of host supervisors or if the exercise of effective supervision on a consolidated basis is hindered.



EC7In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group.25



Description and findings regarding EC7The FSC-FSS does supervise individual banks in the banking group on a stand-alone basis, as per the Banking Act and other applicable regulations. Understanding the relationships between entities within a group seems limited to the extent that information on transactions among subsidiaries is periodically reported to the FSC.



Additional Criteria
AC1For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.



Description and findings regarding AC1The FSC-FSS require a fit and proper test for the promoters of a bank under the licensing process (please refer to CP5) but not for all large shareholders and not for senior management of parent companies.



During the authorization process, Article 4(3) of the FHC Act requires the largest shareholder as well as major shareholders (holdings of 10 percent or more) and its related parties, as well as shareholder(s) deemed to exercise “de facto” influence” to have “adequate investment capacity, financial soundness and social credibility”. There is no requirement regarding senior management of parent companies.



Assessment of Principle 12Materially Non-Compliant



CommentsThe FSC-FSS has put significant effort over the last few years towards implementing consolidated supervision. The issuance of the FHC Act, as well as the implementation of the RFI for FHCs, has been key steps in that direction. Nevertheless, Several of Republic of Korea’s large banks are conglomerates with a wide variety of entities within the banking group and banks part of wider non-bank groups. Given such background, the framework in place does not fully allow for an in depth understanding and forward looking analysis, as it would be expected. Group-wide supervision is based on consolidated financials and assessments regarding its internal controls for managing the various businesses.



Group monitoring is conducted through a dedicated team and focuses mostly on the banking side, particularly through stand-alone supervision, given its relevance within the activities of the FHCs. The overall monitoring is based on consolidated financials and assessment of the FHC regarding its internal controls for managing the various businesses.



Going forward, the authorities should consider:
  • Developing a framework in order to systematically assess the risks of the non-financial business within the group;

  • Enhance its qualitative assessment regarding overall groups’ strategy and risk appetite;

  • Seeking and incorporating in a systematic way information provided by other departments regarding non-bank financial entities supervised by the FSS;

  • Expanding the scope of its fit and proper test to encompass related parties of all large shareholders; and

  • Eliminating the possibility of exceeding the related parties lending limit based on Board approval.

Principle 13Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.



Essential Criteria



EC1The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.



Description and findings regarding EC1FSC-FSS has started bank-specific supervisory colleges for two of the largest banks operating in the Republic of Korea. So far, it has held two colleges, one for Shinhan Bank in November 2011, and another for Woori Bank, in November 2012. The authorities plan to hold one college every year. The decision to establish colleges for those particular banks was based in total assets booked abroad (excluding Hana Group, which major shareholder is the National Pension Plan). At this stage there are no plans to establish colleges for other Korean banks operating overseas.



All jurisdictions where those banks had subsidiaries or branches were invited to the supervisory colleges and around five jurisdictions attended per meeting. The colleges presented an overview of the FSS and the Korean supervisory approach (including informing the composite rating CAMELR), as well as overall remarks regarding the operations of the banks. Host supervisors have had also a session dedicated to further discuss cooperation among supervisory authorities. So far colleges have been focusing on banking issues.



The FSS has been also participating in colleges as a host supervisor for Deutsche Bank, HSBC, ICBC, Bank of China, ING Bank, China Construction Bank Corporation, Bank of Communication, and SC Bank since 2009. Currently the largest subsidiaries of foreign banks are Standard Chartered and Citibank. While the FSS has been able to participate in the colleges for Standard Chartered., The authorities have systematically tried to reach to the home supervisor to participate in the colleges for Citibank with no success.



EC2Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group26 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.



Description and findings regarding EC2The FSC-FSS has signed MoUs with foreign banking supervisory authorities in 14 countries. Information is shared upon request and so far has focused on fit and proper analysis related to executives of subsidiaries, as well as violations of laws and regulations. Authorities reported that they may consider providing further information upon request.



Currently the FSC-FSS shares information on an ad-hoc basis but informed to have plans to establish a process for more regular exchanges of information regarding Shinhan and Woori bank.



The FSS reported that so far has been able to request and receive necessary information relative to foreign bank branches from home supervisors, in particular history of violations of laws/regulations by executives and employees and whether or not they were granted a banking license. For further information on colleges please refer to EC1.



EC3Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.



Description and findings regarding EC3The FSS has informed that in some instances host supervisors have requested the FSS to perform inspections, to which they agreed.



Up to now there has been no need to coordinate and plan supervisory activities or undertake collaborative work, such as joint inspections. The FSS understands that its current supervisory processes regarding cross-border exposures of Korean banks are adequate.



Authorities reported that in case a foreign supervisor was to ask for them to perform a joint examination, they might consider it.



EC4The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.



Description and findings regarding EC4The FSC reported to have a direct line of contact with major hubs for Korean banks’ off-shore operations. Communications are conducted through the MoU dedicated unit, as well as FSS examination and supervision units.



Please refer to EC1, EC2, and EC3 for further discussions on college meetings and joint activities.



EC5Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.



Description and findings regarding EC5At the moment the Republic of Korea does not have any G-SIFI and has been working on a methodology for determining D-SIFIs. As a result, there are no arrangements or framework for cross-border crisis cooperation and coordination relative to Korean banks amongst home and host authorities.



EC6Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.



Description and findings regarding EC6The Republic of Korea does not have any G-SIFI and has been working on a methodology for determining D-SIFIs. As a result, the FSC, Korea’s resolution authority, has not prepared resolution plans for local banks in cooperation with overseas supervisory authorities.



The FSC, FSS, BOK and the Korea Banking Institute have launched a joint task force to introduce a D-SIB regulatory framework in the Republic of Korea. The joint task force held its first meeting on January 3, 2013 and was also attended by seven commercial banks and the Korea Federation of Banks. The authorities expect the draft for the new rules and regulations on D-SIB, including the assessment methodology, to be ready sometime in 2013 and the actual regulatory revision to take place in 2015.



The FSC-FSS has been involved in the Crisis Management Group (CMG), which was set up in October 2011, pursuant to the bank resolution system recommendations by the FSB, and has been preparing resolution plans of global SIFIs in cooperation with home resolution authorities.



EC7The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.



Description and findings regarding EC7The Banking Act broadly treats local branches of foreign banks in the same manner as local banks.



Article 59 of the Banking Law requires branches or agencies of foreign banks authorized to operate in the Republic of Korea to be seen as a bank under the Banking Act, and the executive representative of a foreign bank as an executive of a bank operating under the Banking Act.



In addition, Article 33 (3) of the RSBB requires the FSS to assess the management of foreign branches operating in the Republic of Korea relative to risk management, operation and internal control, compliance and asset quality.



EC8The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.



Description and findings regarding EC8Overseas subsidiaries and branches of Korean banks are subject to on-site examination every few years. Three overseas branches were subject to examination in 2011 and eight in 2012, covering six banks.



The FSS reported to inform in advance host supervisors of its examination plans. Examiners also meet with the host supervisor as part of the on-site examination program.



The authorities reported to have never being denied access to branches and subsidiaries located overseas with only one exception, and to have never denied a foreign supervisor access to a branch or subsidiary of a foreign bank.



EC9The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.



Description and findings regarding EC9Banking license applications encompass a review of a wide range of elements such as: fit-and-proper tests for the executives and shareholders, personnel, business facilities, IT systems, and business plans, among others (please refer to CP 5 for further information on the licensing process). After being licensed, all banks are subject to regular off site monitoring and on site examinations. In that sense, shell banks are not permitted to operate in the Republic of Korea.



EC10A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.



Description and findings regarding EC10The authorities reported that so far, there has been no case of information received by the FSS that would require the FSC-FSS to entail enforcement actions. The authorities state that they may take actions, if necessary, on the basis of information received from other supervisor when illegal or inappropriate conducts were identified during examination.



Assessment of Principle 13LC



CommentsThe FSC-FSS has put in place procedures to share information and cooperate for supervisory purposes. Overall, exchanges of substantial information with foreign supervisors are not yet fully in place. From a proportionality perspective, given the current limited scale of foreign operations by Korean banks, as well as Korean operations of foreign banks, the assessors understand that the current arrangements, albeit needing further improvements, were reflected in the rating.



Mechanisms for effective handling of crisis situations from a cross-border perspective, as well as group resolution plans are yet to be established. The FSC-FSS set up a task force that has been working on standards and rule changes for D-SIB and is looking to complete the task in the near future. The FSC-FSS should expedite its process for establishing criteria for determining D-SIFIs and consequently developing mechanisms for cross-border crisis cooperation and group resolution plans.



PRUDENTIAL REGULATIONS AND REQUIREMENTS



Principle 14Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,27 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank.



Essential Criteria
EC1Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance.



Description and findings regarding EC1The Commercial Act and the Banking Act provides for the responsibilities of a bank’s Board and senior management. Bank corporate governance standards (including composition of the Board, the Audit Committee, the standard of internal control etc) are provided in the related laws such as the Banking Act. (Article 18–25, Banking Act).



Article 18 of the Banking Act sets out the qualifications and other expectations for bank executives which includes a number of exclusions such as a person that has been dismissed or removed from office by disciplinary punishment (paragraph 6) or a person that was previously an executive of a financial institution that was subject to timely correct measures by the FSC etc. Paragraph 9(2) sets out expectations for bank executives, such as: a minimum level of experience and knowledge of finance, who are unlikely to impede the public interest, sound management and order of credit to the bank. In an effort to encourage higher levels of corporate governance, the Banking Act (Article 22) was amended for the Board of Directors to comprise a majority of outside directors (independent directors). Articles 12 and 13 of the Enforcement Decree of the Banking Act also covers expectations for qualification requirements for executives. Overall, the regulations establish a set of minimum requirements for executives and directors in terms of qualifications and experience and certain prohibitions.



In addition, the FSS has published guidance to banks and banking groups on expectations of sound corporate governance (e.g., Model Compensation Guidelines for Banking Institutions, Model Guidelines for Banks’ Independent External Directors etc). The specific responsibilities for senior management and Boards are established in bank supervisors’ examination manuals and routinely verified through the onsite examinations. Governance is also included in the partial examination where appropriate, for example: in 2011 a thematic review focused on adequacy of senior management across a sample of large systemic banks.



The relevant regulations governing FHCs is derived from FHC Act 38–41.5 Enforcement Decree Art 17–20, Regulations Supervision FHC 13–13, 14, 15,16, detailed regulation Article 5–9, and 10. While generally comprehensive, there is one particular omission in the FHC regulations that is particularly relevant for good corporate governance in complex group, and that is the requirement for subsidiaries within a group that are regulated by the FSS to have a majority of independent outside directors to protect the interests of their relevant stakeholders, such as in the case of insurance subsidiaries under a bank FHC.



EC2The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner.



Description and findings regarding EC2Article 23–j4 of the Banking Act, stipulates that banks will have internal regulations on controlling structures observed by the BoD. Paragraph 2 reflects the detail of the requirements in relation to composition of the BoD and establishment of Board committees. Article 20–24 of the Regulations establishes the expectations for corporate governance across a number of criteria, including: qualifications of executives, operation of the BoD, dismissal of compliance officers (internal auditors) and internal standards of corporate governance.



Appendix 5 of the Regulations set out the areas to be assessed as part of the CAMELR onsite risk assessment. The management category assesses the following in relation to corporate governance for head office banks and subsidiary banks:
  • Adequacy of management structure and establishment and enforcement of management policy;

  • Actual status of promotion of management efficiency and management improvement;

  • Subsidiaries management status and operating results;

  • Risk management system and operation status;

  • Internal control system and status; and

  • Enforcement status of laws and regulations, policies and matters pointed out as a result of examination.

The items for evaluation listed in the bank examination manual governing onsite examinations refers to a review of ‘management status’ evaluation in Chapter 5. The onsite supervisory process for assessing corporate governance consists mainly of verifying documentation such as Board resolutions, Board agendas and meeting minutes, and adequacy of management structure. A meeting with the Permanent and independent (Outside) Directors might be conducted in exceptional circumstances but is not typically part of the onsite examination. The assessment did not appear to extend to subsidiary boards.



While the self assessment states that banks are required to develop and disclose to the public their corporate governance policies there is no regulation supporting this assertion. A sample of the annual reports for the larger banks reviewed (typically listed on the exchange) do summarize their corporate governance arrangements in their annual reports. Industry practice for smaller banks not listed on the exchange will not be required to disclose details of their corporate governance arrangements.



The assessment of corporate governance is primarily through the full scope onsite CAMELR examination performed every two years. Within that two year period, the assessment of corporate governance is not conducted systematically for the domestic banks and while partial examinations might include a topic on governance (as demonstrated in 2011), the depth of analysis and frequency is variable. In the case of FHCs, the complexity of the group warrants heightened corporate governance processes, and a more continuous assessment.



A separate list of items for evaluation are required for foreign bank branches compared to commercial banks. In addition, a separate examination process is carried out for state owned banks. The examination manuals for Korea Asset Management Corporation and Korea Housing Finance Corporation do not include a review of management or corporate governance (see FSS Examination Manual). As these two banks are government owned, an onsite review is only permitted when the FSC approves an examination to be performed and the onsite examination will not include an assessment of corporate governance. (The only examination of these Specialized banks was in 2008). Assessment procedures for EXIM Bank (also a specialized bank), are unique as the FSS will report the outcome of its assessment to the Ministry of Strategy and Finance which has the ultimate authority for supervising EXIM Bank.



EC3The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members.



Description and findings regarding EC3The Banking Act (Article 18–22) provides clear guidance regarding the election procedures for directors and the criteria for selection of directors which is extensive. The Article sets out prohibitions for directors that are not fit and proper. The regulations require that more than half of the Board should comprise of independent non-executive directors “outside directors”. Board members should satisfy certain experience and expertise criteria so that they do not threaten public interests or the bank’s prudential soundness.



Article 23–2 of the banking Act sets out the requirements for a bank to establish an Audit Committee (AC). The Article stipulates the requirements for an AC to be composed of at least 2/3 outside directors (independent) and at least one member of the AC must be an accounting or financial specialist. In January 2010, the FSS issued a guidance note regarding good practices for compensation. The major banks and FHCs have each established remuneration committees to oversight compensation practices.



EC4Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty.”28



Description and findings regarding EC 4The Commercial Act requires Board members to exercise their “duty of care” and “duty of loyalty.” According to Articles 382 and 382–3, Commercial Act and Article 681, Civil Act. Board members are required to exercise due care in the course of performing their duties and exercise their duties in accordance with relevant law and the bank’s Articles of Incorporation.



EC5The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite29 and strategy, and related policies, establishes and communicates corporate culture and values (e.g., through a code of conduct), and establishes conflicts of interest policies and a strong control environment.



Description and findings regarding EC5The Board is required to evaluate and approve the bank’s key organizational and management matters such as management targets and performance assessment, risk management, and internal controls (including conflicts of interest policies). Article 23(1) of the Banking Act prescribes the matters that will be decided by the Board which includes:
  • Matters on management objectives;

  • Mattes on amendments of the Articles of incorporation;

  • Matters on the budget and settlement of accounts, including the remuneration of executives and employees;

  • Matters on major organizational change, such as dissolution, business transfer, merger etc; and

  • Matters on internal control standards under Article 23–3.

Article 31 of the RSBB sets out the responsibilities of the BoD in relation to risk management and risk tolerances, specifically Article 31(1)(1) and (2) “Establishment of basic policy on risk management consistent with the management strategy; determination of risk levels which the bank can bear.”



As part of the examination process, the FSS will verify the bank’s plans, risk tolerances, risk management strategies and policies, and conflicts of interest and other internal control policies, as part of the assessment of management.



The regulations are not specific in relation to a requirement for a bank’s Board to regularly review and approve all material policies and procedures on a frequent basis. While this is the expectation of the FSS and is observed as industry practice, it is not stipulated in the Regulations.



EC6The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them.



Description and findings regarding EC6Article 23–2, Banking Act; Article 23–4, requires banks to formulate and disclose to the public internal corporate governance policies that would encompass, among others, the qualification criteria and appointment procedures for Board members and senior management and the development of plans for succession. Bank supervisors assess whether the bank’s Board has in place appropriate qualification criteria and appointment procedures for senior management and plans for succession.



EC7The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies.



Description and findings re EC7In line with the Financial Stability Board’s Principles for Sound Compensation Practices, the FSS developed a ‘Model Compensation Guidelines for Banking Institutions’ circulated to banks in January 2010. However, the compensation principles have not been translated into law or regulations governing banks. In files reviewed, there was evidence that banks have commenced transitioning to compliance with the FSS guidelines, however, extent of focus by supervisors through onsite and offsite activities is not well developed, for example: conducting meetings with Board Compensation Committees to assess how they are discharging their role and key drivers of remuneration, identification of material risk takers within a bank or group, confirmation that a compensation packages are risk-adjusted etc,.



EC8The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g. special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate.



Description and findings regarding EC8The main supervisory activity used by the supervisor to assess that the Board adequately understands the bank’s risk and operational structure is through a review of verification of documentation and review of Board minutes. While the full scope examination will meet with the CEO/Chair, meetings with the full BoD are not typical and would only occur in exceptional incidences (the FSS was not able to provide an example where this had occurred).



EC9The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria.



Description and findings regarding EC9Article 54(1) and (2) of the Banking Act gives the FSS the power to (i) suspend the executive; (ii) recommend that the general meeting of stockholders dismiss the executive; or (iii)request that the bank take appropriate action and dismiss the executive. However, the Act does not give the FSS direct unilateral power to act to dismiss or make changes in the BoD. Bank supervisors may recommend changes in the composition of the bank’s Board (i.e., the dismissal or replacement of Board members), if any of its Board members violate laws, regulations, or supervisory actions or engage in activities that threaten the soundness of the bank. As such, the supervisor may require a bank to replace Board members, if they do not comply with the Banking Act, the Regulation on Supervision of Banking Business, supervisory guidelines, or the Model Corporate Governance Guidelines.



No evidence whereby the FSS-FSC had dismissed or removed a Board member or senior manager after not complying with the examination manual.



Additional Criteria
AC1Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management.



Description and findings regarding AC1Banks must report to bank supervisors information on transactions with related parties such as Board members and senior management and Board members’ other engagements outside of the bank. As such, any material information that may negatively affect the fitness and propriety of the bank’s Board members and senior management must be reported to bank supervisors. Bank supervisors may also require banks to submit certain information on the fitness and propriety of their Board members and senior management (Article 47, Banking Act; Articles 15 and 99, Detailed Regulations).



Assessment of Principle 14LC



CommentsTwo key drivers of this rating: (i) gaps in regulations for corporate governance; and (ii) greater range of supervision practices required to effectively test corporate governance. Regulations are not sufficiently detailed to encourage sound corporate governance across the range of responsibilities of the Board of Directors. In some instances, powers are not sufficiently formalized into the Regulations but remain as ‘guidance’ which is a lower level of enforcement. Specifically:
  • FSS lacks authority to remove directors and has not exercised this power;

  • Sound compensation principles have not been transposed into regulations (currently guidance for banks);

  • No regulations for policies and procedures to be reviewed and approved by the Board of Directors on a minimum frequency;

  • No requirement in the regulations for the regulated subsidiary board to be composed of independent directors; and

  • No reference in the regulations for a conflict of interest policy.

FSS oversight of corporate governance and the inputs into the risk rating could be further developed, particularly in relation to FHCs given the added complexity and scale of their organizational structure and inter-related transactions. There is no separate FHC examination manual which would provide a methodology for an assessment of corporate governance reflecting their complexity and need for greater intensity of inspection. The FSS does not assess the corporate governance of the Specialized banks.



Principle 15Risk management process. The supervisor determines that banks30 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate31 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.32



Essential Criteria
EC1The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
  • (a) A sound risk management culture is established throughout the bank;

  • (b) Policies and processes are developed for risk-taking, that are consistent with the risk management strategy and the established risk appetite;

  • (c) Uncertainties attached to risk measurement are recognized;

  • (d) Appropriate limits are established that are consistent with the bank’s risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff; and

  • (e) Senior management takes the steps necessary to monitor and control all material risks consistent with the approved strategies and risk appetite.

Description and findings regarding EC1Under Article 31 of the Regulations, the BoD must determine the following: key risk management processes; the level of risks to be tolerated; appropriate level of investment exposures and acceptable losses; and, internal risk processes commensurate with the bank’s business and management strategies.



Article 31 clearly sets out the responsibilities of the Board in setting risk appetite of the bank. The Board is required to: (i) establish basic policy on risk management consistent with the management strategy; (ii) determine risk levels which the bank can bear; (iii) approve limits; and (iv) revise regulations on risk management.



Article 30 of the Regulations (paragraphs 1 and 2) states that “a bank shall establish a system for ensuring a timely recognition, assessment, monitoring, and control of various risks arising in all kinds of transactions and for evaluating and managing appropriateness of its inside capital.” For efficient risk management, a bank shall set up and operate an adequate risk-bearing limit and transaction limit by department, transaction or person in charge. According to the Regulations, a bank shall comprehensively recognize and monitor any significant change in risks in connection with its subsidiaries, etc. The Article also sets out requirements for the organization of risk management for comprehensive management of risks (paragraph 2). Paragraph 3 discusses the independence of the risk management function.



The FSS assesses the soundness of the bank’s risk decision processes (the Board and senior management) through the onsite CAMEL-R examination. Through the on-site supervision the FSS assesses risk management systems of banks. While the FSS performs frequent offsite monitoring of data submitted through the bank’s quarterly Business Reports, this is mainly quantitative and a thorough review of risk management is typically only conducted within the full scope examination. For example, banks will not submit risk management strategies for review of the FSS outside of the full scope examination. While onsite examination schedules can be adjusted depending on the profile of risk management, a more frequent onsite assessment of risk management was exceptional. In the event limit breaches are reported or other types of data, the FSS will actively consider the appropriateness of their supervision approach.



EC2The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate:
  • (a) To provide a comprehensive “bank-wide” view of risk across all material risk types;

  • (b) For the risk profile and systemic importance of the bank; and

  • (c) To assess risks arising from the macroeconomic environment affecting the markets in which the bank operates and to incorporate such assessments into the bank’s risk management process.

Description and findings regarding EC2Article 30, paragraph 3 of the regulations require banks to have comprehensive risk management policies and processes to mitigate all material risks. The Article specifies the following risk types as examples: credit risk, operational risk, market risk, interest rate risk in the banking book, and liquidity risk. The Article also requires banks to take into consideration risk of strategy and reputation and other various risks which may occur in transactions for each type. The regulations satisfy the criteria.



In addition to Article 30, the ICAAP requirements also establish a thorough set of minimum expectations for banks to consider its risk profile and capital adequacy. Importantly, there is an obligation for the bank to evaluate its risk profile and capital against changes in the external environment on a regular basis. The ICAAP is at an early stage of implementation for domestic banks, and FHCs are yet to prepare and submit an ICAAP for a full assessment cycle. Guidance for FHC’s to produce an ICAAP was circulated to industry in 2012 and 2013 will be the first year receiving ICAAPs for the FHCs.



EC3The supervisor determines that risk management strategies, policies, processes and limits are:
  • (a) Properly documented;

  • (b) Regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk profiles and market and macroeconomic conditions; and

  • (c) Communicated within the bank.

The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorization by, the appropriate level of management and the bank’s Board where necessary.



Description and findings re EC3Article 30 in RSBB is the relevant section for risk management strategies and Paragraph 2 gives a specific reference to risk limits (see EC1 & 2). The FSS ensures through the CAMEL-R assessments that a bank’s risk strategy, policy, processes, and limits are appropriately executed and documented. Banks are required to submit details regarding compliance with risk limits on regular basis and is overseen by offsite supervision. A change in risk limits or breaches will trigger a supervisory response.



Banks are required to establish formal risk management policies and to approve changes, however the requirement for Board’s to review and approve policies and limits in line with risk appetite is not prescribed by the Regulations. The onsite examination will include an evaluation of risk management and a focus on the effective oversight by the Board which includes review and approval of policies and limits. Banks accredited to use internal models for calculating Pillar 1 capital are required to perform regular stress testing and report results to the Board and the Regulations pertaining to ICAAP also enforce the Board’s role.



EC4The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive.



Description and findings regarding EC4Article 31 of the regulations establishes the need for the Board to perform effective oversight of the risk management framework that consists of an independent risk management unit. Regulations are less clear about Board reporting requirements and management information requirements.



As a minimum, the FSS will perform the full onsite examination on a two year frequency. While a review of Board papers is a core element of the onsite review, the process to confirm that a Board and senior management remain effectively engaged and informed of the changing risk profile of the bank was not well developed. In regards of offsite surveillance, an assessment of the quality and nature of Board reporting was not part of normal procedures. Consultation with the Board and the senior management to ensure they understand and are kept abreast of the bank’s risk management activities (e.g., identification, measurement, monitoring, and controls) was typically through the full scope but processes were not intrusive at questioning Board’s understanding and oversight of risks and risk management.



EC5The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies.



Description and findings regarding EC5The FSS makes use of CAMEL-R and RADARS to assess whether the bank’s internal controls are functioning effectively to maintain appropriate levels of capital and liquidity in a manner commensurate with the bank’s risk appetite and profile. Banks also have to regularly carry out stress tests in order to assess the impact of negative events on the liquidity risk exposure and quantitative and qualitative liquidity buffers adequacy. As per the Regulations, the liquidity risk management system must be consistent with the characteristics, size and complexity of the banks’ operations and includes: the capacity to identify the risk factors; measure the risk exposure, and identify mitigation tools. Roles and responsibilities within the liquidity risk management process must be clearly defined and the liquidity risk management system has to periodically be revised to check its validity over time (Regulations for ICAAP, Annex 3). The FSS will receive capital projections for banks at the start of the calendar year and offsite analysis will track trends in capital adequacy on a quarterly basis.



Outside of the respective requirements for capital and liquidity, banks are required to establish and submit to the FSS an ICAAP which will include a robust analysis of all material risks. The review of bank’s ICAAP is in the early stages of implementation. Further time is needed to be fully embedded in the supervision framework as well as development of guidance material for supervisors to benchmark and assess the ICAAP (see CP 16).



EC6Where banks use models to measure components of risk, the supervisor determines that:
  • (a) Banks comply with supervisory standards on their use;

  • (b) The banks’ Boards and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and

  • (c) Banks perform regular and independent validation and testing of the models.

The supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed.



Description and findings regarding EC6Oversight by the BoD is established in the Regulations for IRB, AMA and market risk to approve models, scrutinize assumptions, and understand the limitations of models and the uncertainties of model outputs.



The FSS performs periodic assessments of model outputs, comparisons across benchmarks and industry, assessment of validation reports. When new models are implemented the FSS approve which includes an assessment of model governance. On an ongoing basis, the BoD is provided with reports attesting to the performance of models. BoD’s set thresholds for model performance and validation reports are submitted to Boards on a regular basis.



EC7The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use.



Description and findings regarding EC7Banks must operate with information systems supported by a dedicated risk management unit that measures, assesses, and reports risks in relation to the types, products, and counterparties. Reporting to the board and the senior management is a key feature of the risk information system.



EC8The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,33 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board.



Description and findings regarding EC8When conducting analysis using the RADARS framework, the FSS assesses whether the roles and responsibilities assumed by the board and senior management are consistent and commensurate with the bank’s risk management system and processes. The key areas of interest to bank supervisors are: (i) whether the board of directors appropriately receives all the material risk-related reports and deliberates on them; (ii) whether the management makes earnest effort to improve the reliability of risk measurements; and (iii) whether the board of directors and the management understand the methods, tools, and approaches taken to manage risk; and (iv) whether the composition and activities of the risk committee are appropriate.



In terms of new strategic directions, there is no requirement in the regulations to require banks to notify the FSS of a new acquisition of a financial or non-financial business. The FSS does not review the strategic plan of the bank on an annual cycle and strategy is not a feature of CAMELR or RADAR. No specific obligation within regulations regarding new product approval process.



EC9The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function.



Description and findings regarding EC9Under Article 31 of the Regulations, banks must operate with a dedicated risk management unit that oversees bank risks and supports the senior management and the board of directors. Such a dedicated unit must be segregated from, and independent of, the bank’s risk-taking activities. Other activities of the risk management unit may include monitoring adherence to risk parameters, managing the risk information system, and providing timely risk information to the senior management. Paragraph 2 of Article 31 addresses the comprehensiveness of all risks a bank faces and supports the Board i.e. a bank shall set up a risk management unit for comprehensive management of the risks which may occur in its business and support of the board of directors (including the committee) and the management.



As per paragraph 3 of the same Article, the risk management unit shall be independent of other business departments and perform the duties under any of the following subparagraphs: Article 31 does not, however, mention the requirement for the risk management function to be subject to regular review by the IA function referred to in this EC.



EC10The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor.



Description and findings regarding EC10All banks must maintain a dedicated risk management unit irrespective of their size or complexity (Article 31 of the Regulations). Proposals to amend the provisions on the governance of financial institutions has been put forth to the National Assembly, and the FSS has been working on guidelines on the Chief Risk Officer for banks, and it is expected to be completed and take effect during the first half of 2013. While the regulations do not currently stipulate a CRO function, in practice each of the domestic banks maintains a CRO function. The removal of a CRO is therefore not stipulated as an action which would require FSS engagement, but will occur as a matter of course.



EC11The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk.



Description and findings regarding EC11The supervisory regulations provide detailed standards for measuring credit risk, market risk, and operational risk for use in capital adequacy calculations. In addition, the supervisory regulations also contain specific rules on risk calculations for liquidity risk and interest rate risk. Regulations establish requirements and standards that banks must comply with respect to measurement, management and oversight of all those risks. Also, the supervisory manuals provide guidance for supervisors both in the off-site and in the on-site analysis, on the evaluation of risk management and organizational safeguards with respect to each main risk type.



EC12The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified.



Description and findings regarding EC12Contingency plans are required under the relevant regulations covering liquidity and capital, as well as IT etc (see EC16, 24 and 25 respectively). Banks are also required to include contingency plans based on stress tests in the bank’s capital decisions, but not for other material risks. Korea is not required to introduce the resolution plan for G-SIFI because no domestic bank has been designated as a G-SIFI. Under the law—e.g., Act on the Structural Improvement of the Financial Industry, Depositor Protection Act, Banking Act, etc.—bank supervisors can demand submission of resolution plan only to troubled banks. However, when regulation on D-SIFI is confirmed, establishment of recovery plans for D-SIFI will be reviewed.



EC13The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing program and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing program:
  • (a) Promotes risk identification and control, on a bank-wide basis;

  • (b) Adopts suitably severe assumptions and seeks to address feedback effects and system-wide interaction between risks;

  • (c) Benefits from the active involvement of the Board and senior management; and

  • (d) Is appropriately documented and regularly maintained and updated.

The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing program or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process.



Description and findings regarding EC13The FSS has published guidance on stress testing by banks ‘Model Guidelines for Stress Testing’. As per the guidelines, banks should conduct stress testing of their risk mitigation and control systems and, where necessary, the adequacy of their internal capital. Through this exercise, banks will evaluate their vulnerability in the case of various scenarios.



EC14The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities.



Description and findings regarding EC14The main supervisory tools (RADARS & CAMELR) are used to assess banks’ use of risk measurements in setting interest rates and service fees, allowance for loan losses, capital allocation, and performance measurement. Banks are obliged to improve the reliability of their risk measurements. For this, the FSS monitors and verifies the following: (i) whether risk considerations are taken into account in a new product, interest rate decisions, capital allocation, and allowance for loan losses; (ii) whether there is an effective reporting system providing timely information to the senior management; and (iii) whether the bank operates with effective risk-adjusted performance measurement (RAPM) systems. For example, the market risk management function is responsible for both the validation of the new product pricing models and of the periodic estimation of the parameters underlying the model (correlations, volatilities). In addition, the new product procedures should define the interaction mechanisms among the bank’s functions involved in the introduction of new products, markets or activities, ensuring a correct management of risks, an accurate accounting representation and price adequacy.



Additional Criteria
AC1The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks.



Description and findings regarding AC1Annex 3 of the Detailed Regulations provides that banks must maintain appropriate internal capital adequacy assessment process (ICAAP) as set by the FSS. When assessing bank ICAAP, all bank risks—pillar 2 risks in addition to pillar 1 risks—must be taken into consideration.



Assessment of Principle 15LC



CommentsMain factors driving this assessment include:
  • Regulations do not adequately reflect the need for an independent risk management function that reports to a head of risk management such as a CRO and the linkages with a Board Risk Committee which is chaired by an outside (independent director) and supported by other non-executive directors. Industry better practice reflect three lines of defense model where the assurance function is a hard line throughout an organization;

  • No independent external verification of compliance with the Regulations;

  • Oversight by supervisors of group-wide risks could be enhanced by transposing the FHC risk management guideline into regulation. Scope for supervision practices to be developed further;

  • While the ICAAP process for assessing adequacy of capital given the group risk profile is mature and embedded in banks, the same level of rigor for liquidity is less well developed. Mainly, the process for ensuring sufficient liquidity across the group and identifying liquidity risks on a forward looking basis. Liquidity ST, liquidity limits across group, maximum liquidity risk exposure not well developed; and

  • Regulations and supervision practices do not appear fully developed to effectively link stress testing outcomes and risk management and Board involvement in re-setting risk limits and risk appetite.

Principle 16Capital adequacy.34 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards.



Essential Criteria
EC 1Laws, regulations, or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis.



Description and findings regarding EC1The Banking Act (Article 34(2) and the Enforcement Decree (Article 1–2) provides for banks’ capital adequacy. The Banking Act stipulates that banks will maintain soundness in their management of matters concerning proprietary capital. Under the Act, the FSC will enforce the minimum capital requirements of 8 percent risk-weighted assets and implement corrective action as per the framework described in CP11.



The Enforcement Decree defines the components of the capital base for domestic banks. Core capital is the sum of amounts of capital, capital surplus and earned surplus, which incurs from the issuance of common stocks and equity securities that have been issued. The definition clearly refers to the ability for the capital instruments to absorb losses. Supplementary capital is defined as subordinated to core capital and available for losses incurred where a bank is liquidated.



The minimum legal capital requirement is W 100 billion for a nation-wide commercial bank and 25 billion won for a regional bank. The FSS maintains consolidated and risk-adjusted capital standards as recommended by the BCBS (referred to the BIS ratio in the regulations and Article 26(2)). Korea adopted the first Basle Accord at the end of 1995 and the market risk amendment was implemented January 1, 2002. For the 18 domestic banks, the FSS uses the BII framework to calculate regulatory capital which was introduced in 2008. For the non-bank sector the FSS applies BI. The FSS also applies BI to bank Financial Holding Companies (hereafter FHCs). Each category of bank will be governed by an individual Act. For the commercial banks, the FSS adopted the Basel II.5 amendments for market risk in 2010 (with implementation in 2012).



For the commercial banks the minimum capital requirement is 8 percent risk-weighted assets (RWAs). Tier 2 capital can be no more than 100 percent core equity capital which equates to a minimum of 4 percent, and there is no minimum common equity T1 requirement. The average CIS ratio for the domestic banks as at December 2012 was 14.30 percent.



Foreign Bank Branches must have core operational funds of at least three billion won at the time of establishment. Branches must also keep a minimum 8 percent of capital ratio against risk weighted assets and a 10 percent reserve rule also applies (discussed later in the CP).



How often banks need to calculate capital is uncertain within the regulations as there is no stipulation. In practice banks report capital quarterly as part of their prudential reporting obligations.



EC2At least for internationally active banks,35 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards.



Description and findings regarding EC2The Regulations (Appendix 1) sets out the components of capital. Tier 1 Capital consists of: (i) capital (except cumulative preferred stocks and redeemable preferred stocks); (ii) capital surplus (excluding revaluation reserve); (iii) earned surplus (excluding cumulative amount of unrealized gain or loss of financial debt due to changes in credit risk of banks; (iv) exchange

difference from accumulated other comprehensive income; (v) unissued stock dividends from capital adjustment account; and (vi) hybrid bonds.



Tier 2 is composed of: (i) amount equivalent to 70 percent of the amount for which dividend distribution is restricted due to the resolution of the board of directors, general meeting of stockholders; (ii) revaluation reserve under the asset revaluation approach; (iii) An amount equivalent to 45 percent of gains on valuation of securities available for sale and gain on valuation of investment securities by the equity method and an amount equivalent to 70 percent of gain on revaluation of tangible assets, out of sum of total cumulative other income; (iv) loan loss provisions accumulated for the assets classified as ‘normal’ and precautionary as a result of asset classification; (v) fund raised by debt capital instruments such as perpetual bond and cumulative preferred stocks; (vi) redeemable preferred stocks with maturity of 5 years or more; and (vii) issuance amount of term subordinated bond with maturity of 5 years or more and term subordinated loan with maturity of 5 years or more.



Deductions consist of: (i) equivalent amount of goodwill, deferred income tax assets, discount on stock issuance, evaluation loss; (from AOCI) of securities available for sale, negative changes in equity accounted for by equity method and treasury stocks (deducted from T1 capital); (ii) fund raised by stock cross held with other banks in order to enhance equity capital ratio, debt capital instruments or term subordinated bond with maturity of 5 years or more (deducted from T1 capital); (iii) subordinated claim against financial institutions determined by the Governor; and (iv) asset or capital item not appropriated for loss of bank, determined by the Governor.



The method of deducting from capital for banks subject to the Basel II framework appeared consistent with Basel II, that is, 100 percent from T1 capital for items such s goodwill etc. For the FHCs that are subject to Basel I, the FSS has instructed the banks to deduct from T2 until exhausted and then from T1. Guarantees under 10 percent of capital do not need to be deducted from the capital base. The amortization schedule for T2 instruments with a maturity of less than five years is 20 percent per year.



Capital is composed of the sum of Tier 1 and Supplementary Capital. Supplementary Capital is limited to 100 percent of Tier 1 capital. As per the Detailed Regulations, Supplementary capital and T3 capital appropriated for market risk cannot exceed 250 percent of the core capital appropriated for market risk. Composed of T2 and T3 cannot be more than 250 percent of equity capital (Appendix 3–2, paragraph 6.B. (2)). The exact amount of T3 capital was not able to be confirmed during the mission.



The inclusion of hybrid securities in T1 capital is limited to a maximum of 30 percent (or 15 percent if subject to a condition of raising interest rate) of equity capital (after subtracting deductions). Hybrid securities exceeding the ceiling maybe included in the higher tier supplementary (T2) capital (Appendix 1, Detailed Regulations, paragraph 6). Maximum allowance for credit losses included in supplementary capital is 1.25 percent for standardized banks and for an IRB bank maximum is 0.6 percent of RWAs if eligible credit losses exceed expected loss (EP>EL).



Banks are required to notify the FSS prior to redeeming term subordinated debt (Appendix 1, paragraph 9) and will consult with the FSS prior to issuing capital instruments that will be included in the definition of regulatory capital.



To assess capital adequacy as part of the CAMELR methodology, the FSS uses a ratings schedule consisting of 15 grades from +1 to +5 (i.e., -1, 1 +1) with established benchmarks for comparison across the industry. For example, to assign a +1 CAMELR rating for capital total capital will need to exceed 12 percent RWAs. In practice, the ratings will not lead to a materially different supervisory approach by the FSS for oversight of capital. In arriving at the assessment of capital the supervisor takes into consideration a range of individual indicators and cohort analysis.



The Regulations do not require the submission of a detailed capital management plan to the FSS, although if there is a need as a result of offsite analysis and concerns about the level of capital, the FSS will request capital plans. Banks report on a quarterly basis their capital ratios as part of the Business Reports with earnings information etc.



Analysis of banks’ capital management plans was not systematic process and one which evaluated capital projections with consideration of all the underlying drivers and assumptions, for example: expected credit growth, RWAs, profitability, provision levels, dividend payments by subsidiaries etc.



Offsite analysis includes detailed information regarding a bank’s capital adequacy which is compared across the peer group and through trend analysis. In terms of the quarterly analysis, they receive detailed information for the main Pillar 1 risks (operational, credit and market risks). The responsibility for conducting offsite analysis is distributed into several subject matter experts within the FSS, for example, separate teams will consider IRRBB, country and transfer risk, credit concentration and stress testing results etc. In practice, the process for incorporating the results into a single view of the sufficiency of capital is not as well developed.



The requirement for banks to continuously monitor their capital adequacy ratios was not stipulated in the Regulations. Article 17(2) of the Detailed Regulations states that banks shall calculate the capital to risk-weighted assets ratio based on the numerical value as of the provisional settlement date or final settlement date. The lack of a requirement to calculate capital adequacy on a more frequent basis and continuously comply weakens the robustness of the capital framework.



One unique exception to the definition of capital exists: The capital base for National Fisheries is a fund that technically is contributed from the central association and can be withdrawn. As a result, the capital base does not meet the perpetuity characteristic of capital as per the Basel guidelines.



The FSS applies BII to the commercial banks, however, has not extended BII to FHCs which have commercial bank subsidiaries. At the FHC level, BI is applied to the FHCs. The Core Principles methodology requires internationally active banks in jurisdictions that are adopting BII to apply it to the bank and extend this treatment of calculating capital adequacy consistently to its holding company. The authorities plan to apply BII and BIII to FHC’s by 1 December 2013.



EC3The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)36 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements.



Description and findings regarding EC3Pillar 2 of Basel II has not been fully implemented and all banks operate with a minimum capital ratio of 8 percent RWAs. Typically the FSS will encourage banks to establish capital buffers usually through a written letter, although the FSS does not have the power to set minimum capital ratios above the Basel 8 percent RWAs and all banks’ minimum capital ratio is 8 percent notwithstanding their risk profile. In this respect, the ability to enforce prudent capital buffers and triggers above the minimum is undermined. In addition, supervisory processes for assessing ICAAPs are only in an early stage of implementation (ICAAPs have not been received for FHCs).



While all banks operate with a minimum of 8 percent capital, the FSS has attempted to encourage banks to operate with prudent capital buffers.



EC4The prescribed capital requirements reflect the risk profile and systemic importance of banks37 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements.



Description and findings regarding EC4The regulatory level of capital is not higher than the minimum Basel requirement, but banks’ capital adequacy is verified with reference to both regulatory capital and internal capital, taking into account the composition and the level of own funds.



A requirement with approbation of net profit earned in a business year calls for banks to credit at least 10 percent of net profit to a legal reserve until it accumulates to a level equal to the total paid-in capital. This legal reserve requirement compels banks to grow the core capital composition of the capital base. In addition, the FSS recommends banks which have an equity to assets ratio less than 5.5 percent to reserve 10 percent of net profit. Both mechanisms help to encourage organic growth in the capital base.



In relation to domestic systemically important banks, currently no formal framework to identify D-SIBs exists and capital requirements do not reflect systemic characteristics of banking groups. However, the FSS plans to implement the D-SIB framework as promulgated by the BCBS commencing 2016.



EC5The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use:
  • (a) Such assessments adhere to rigorous qualifying standards;

  • (b) Any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor;

  • (c) The supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken;

  • (d) The supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and

  • (e) If a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval.

Description and findings regarding EC5The current framework offers both Standardized and Advanced model approaches for credit, market and operational risk. The various approaches are available to different institutions, considering their size, sophistication and systemic importance. In terms of the advanced approaches, 7 banks have been authorized to use internal models for market risk, 11 banks authorized to use IRB, 5 authorized to use AMA.



The Regulations stipulate the minimum expectations and qualifying criteria for accreditation. For IRB as an example, banks applying for the advanced approach to IRB will need to submit a suite of documents including: current status of the bank; implementation plan; an internal audit report; self assessment of compliance with the criteria; and other associated material (Detailed Regulations Appendix 1, paragraph 106). A two year parallel run will be performed by the bank and submitted to the FSS with associated analysis. Similar qualifying criteria is replicated for AMA and market risk.



Processes within the FSS to verify on a continuous basis banks’ compliance with the minimum criteria is not well established. The responsibility for approving AMA models rests within the BCBS team, however, changes to internal models is the responsibility of the Bank Examination Team. For credit and market risk the decision is centralized within the BCBS team.



No examples where the FSS imposes additional conditions with reference to some aspects of the process or model not perfectly coherent with the complexity and the risk profile of the bank. In the event banks are assessed not to have met the minimum criteria, the FSS can revoke accreditation.



Validation is an important aspect of the FSS’s controls on the integrity of estimates produced by internal models users. Validation is required to be performed by an independent unit within the bank and is submitted to the FSS three months after the end of financial year. However, the refresh of the new estimates, model parameters and risk factors

are not subject to FSS approval prior to being used by the bank in calculating regulatory capital.



EC6The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).38 The supervisor has the power to require banks:
  • (a) To set capital levels and manage available capital in anticipation of possible events or changes in market conditions that could have an adverse effect; and

  • (b) To have in place feasible contingency arrangements to maintain or strengthen capital positions in times of stress, as appropriate in the light of the risk profile and systemic importance of the bank.

Description and findings regarding EC6Banks submit the results of stress tests semi annually to a centralized team within the BCBS team in the Bank & Non-Banking Supervision Division. The BCBS team will receive only the annual plan but also the six monthly stress test reports. Stress testing guidelines have been circulated to industry based on the BCBS guidance. A checklist is used to verify compliance and capital numbers are verified. In practice, the FSS encourages banks to apply a forward looking approach to capital management where stress testing informs the adequacy of capital. The FSS has also performed specific stress testing exercises where the external environment has deteriorated. While the FSS has the power to require banks to perform stress testing, the outcomes of the periodic stress test exercises are not linked to the FSS applying higher capital requirements as all banks maintain a standard 8 percent capital to RWAs.



AC1For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks.



Description and findings regarding AC1See EC2. Regulations do not distinguish between internationally and non-internationally active banks.



AC2The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.39



Description and findings regarding AC2The FSS does not have the power to require the FHC to distribute capital throughout the banking group or FHC.



Assessment of Principle 16MNC



CommentsKey factors driving the rating include:
  • While the BII calculation of regulatory capital is applied to the commercial banks, BI is applied to FHCs. The BCP methodology requires internationally active banks in jurisdictions that are adopting BII to apply it to the bank and extend this treatment of calculating capital adequacy consistently to its holding company, which has not been implemented;

  • The FSS does not set individual minimum capital requirements and does not impose higher capital requirements on individual banks commensurate with their risk profiles. Pillar 2 of BII has not been implemented. ICAAP assessment process at early stage of implementation and not integrated with the supervisory framework;

  • Regulations do not formally require a bank to seek prior approval before executing a capital reduction; and

  • While an annual validation of internal models is performed by banks, there is no requirement in the regulations for the results of the validation to be assessed by the FSS prior to the including new estimates in the calculation of regulatory.

Principle 17Credit risk.40 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify measure, evaluate, monitor, report and control or mitigate credit risk41 (including counterparty credit risk)42 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios.



Essential Criteria
EC1Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring.



Description and findings regarding EC1Banks are required to have in place appropriate tools to identify, measure, monitor, and control credit risk and manage capital adequacy (Article 30, Regulations). The FSS assesses the adequacy of banks’ internal assessments of risks and capital and reflects the results of these assessments in its supervision of banks.



Through the onsite CAMELR examination, the FSS will assess credit underwriting practices and test the quality of risk management. Importantly, the onsite examinations will sample loans to determine whether banks have complied with requirements on LTV and DTI which are prescribed by the FSS. In addition to requirements for LTV and DTI limits, domestic banks need to comply with a loan to deposit ratio of 100 percent (Detailed Regulations, Appendix 3–5). By receiving detailed portfolio metrics on a quarterly basis, the FSS is able to monitor changes in credit quality through the acceptance of higher risk.



EC2The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,43 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that



senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes.



Description and findings regarding EC2Article 30 of the Regulations establishes the minimum expectations for banks to implement a risk management system for the timely recognition, assessment, monitoring and control of various risks in all kinds of transactions and for evaluating and managing these risks against capital. Under Article 31, the Board of Directors is responsible for: (i) establishing a basic policy on risk management consistent with management strategy; (ii) determination of risk levels; (iii) approval of risk limits and thresholds; and (iv) establishment and revision of regulations on risk management. While the Board is responsible for establishing the policies and procedures for credit risk, the continuous oversight is not mandated.



In regards to IRB accredited banks, the Detailed Regulations provide for a complete list of minimum expectations for the credit risk management framework. All critical aspects of a comprehensive framework are prescribed by the Regulations including: validation of credit management system; maintenance of management data; integrity of rating procedure; documentation and design of the credit assessment system, use of the model and stress testing. However, Board approval of policies in relation to the framework is not stipulated. The onsite examination will review the full suite of Board resolutions over a two year period to assess whether policies and procedures have been approved by the Board.



EC3The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
  • (a) A well documented and effectively implemented strategy and sound policies and processes for assuming credit risk, without undue reliance on external credit assessments;

  • (b) Well defined criteria and policies and processes for approving new exposures (including prudent underwriting standards) as well as for renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures;

  • (c) Effective credit administration policies and processes, including continued analysis of a borrower’s ability and willingness to repay under the terms of the debt (including review of the performance of underlying assets in the case of securitization exposures); monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system;

  • (d) Effective information systems for accurate and timely identification, aggregation and reporting of credit risk exposures to the bank’s Board and senior management on an ongoing basis;

  • (e) Prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff;

  • (f) Exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board where necessary; and

  • (g) Effective controls (including in respect of the quality, reliability and relevancy of data and in respect of validation procedures) around the use of models to identify and measure credit risk and set limits.

Description and findings regarding EC3The FSS has in place effective policies and procedures to assess credit risks of banks through the onsite examination CAMELR regime and through quarterly monitoring of a bank’s Business Reports with detailed submission of credit risk information.



In conducting the onsite review, FSS staff will review Board Minutes and minutes of the Board Risk Committee. Information about credit extended by the bank will be used to identify loans for file reviews where staff will assess various aspects of the credit risk framework. Staff will assess risk budgeting for all relevant departments to determine how banks have set return hurdles and risk thresholds. Observance with credit limits will be assessed and whether risk management has performed an effective tertiary oversight. Overrides and exceptions will be assessed for compliance with credit standards.



To evaluate risk governance, staff will examine risk reports (typically monthly) circulated through senior management. If risk settings have been changed, staff will assess whether the changes to credit underwriting standards is within acceptable limits set by the Board. When sampling credit files, staff will pay particular attention to reviewing the capacity to repay assessment and the valuation. The Regulations prescribe Loan-To-Value and Debt-To-Income ratios and other restrictions on granting housing loans (Article 29–2) and FSS staff will examine compliance with these ratios.



The size of the file sample for full scope onsite examinations will cover approximately 20–30 percent of total loans (by asset size) and include a review of 80–90 borrowers (FSS examiners are onsite for approximately 20 days).



The FSS will verify the ability of the information management system to provide adequate reporting to senior management that includes portfolio metrics of asset soundness and forward looking metrics of vintage analysis.



EC4The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged FX risk.



Description and findings re EC4The Detailed Regulations set out the minimum expectations for bank’s internal management systems to continuously monitor changes in risk status of borrowers (Article 48 (2)). In practice, banks are expected to have in place lending limits for different borrower classes and to maintain lending administration systems that can easily aggregate a borrowers total indebtedness for a comprehensive loan assessment which would include direct credit exposures as well as FX, derivatives and contingent loans (such as guarantees). Supervisors will assess the accuracy and limit compliance as part of the onsite examination.



EC5The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis.



Description and findings regarding EC5Clear guidance in the Banking Act (paragraph 34–2(8) provides for ensuring credit decisions are free from conflicts of interest and extended on an arm’s length basis in relation to shareholders, but more generally in relation to all other credits, the Regulations are not prescriptive. Conflicts can arise from a variety of sources, one of which is granting shareholders credit. There is no provision in the rules for banks to define internal procedures for director loans, or other related party loans and ensure that appropriate risk management like segregation of approval, escalation and reporting is applied. In practice, the full scope onsite review is a thorough exercise reviewing loan files and obtaining detailed data of credits extended by banks.



EC6The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities.



Description and findings regarding EC6As per Article 35–2 of the Banking Act, where a bank intends to extend its large stockholders credit of not less than 0.1 percent of equity capital or W 5 billion, it shall undergo resolution thereon by the board of directors, in advance. In such cases, the resolution shall be passed by an affirmative vote of all incumbent members of the board of directors.



In terms of Large Exposures, Article 35 of the Banking Act sets the limit on single borrower credit exposures for banks, but it does not explicitly require Board approval. For large credits that do not reach the LE threshold, the Regulations do not have a requirement for banks to establish a delegations register and that the register is being adhered to. In this respect, the role of the Board and senior management to oversee this aspect of credit risk is not prescribed.



During the full scope examination, the request for information on credits extended by the bank is extensive and based on this information; files will be selected for review.



EC7The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk.



Description and findings regarding EC7Article 48, of the Banking Act allows Bank supervisors the legal authority to request information on a bank’s operation and assets, and to question and interview bank officers. Prior to the full scope CAMELR onsite examination, the FSS receives a broad range of data across all portfolios of the banking book and investment portfolios broken down into sub portfolios and with detailed information for each portfolio such as: borrowers name, type of loan, length of loan, amount, collateral value, name of external appraisal, LTV, DTI etc. Access to data is unfettered.



EC8The supervisor requires banks to include their credit risk exposures into their stress testing programs for risk management purposes.



Description and findings re EC8For banks that are accredited as IRB, there is an obligation to conduct regular stress tests in a conservative manner, considering a mild recession scenario, for credit exposures to assess impacts on the required equity capital under the IRB approach (Detailed Regulations, paragraphs 166 and 167, Annex 3). For banks that are not IRB accredited the requirement to perform a regular stress test is not prescriptive. Of course banks do need to perform a stress test as part of the ICAAP. The FSS has issued a guideline on Stress Testing which recommends banks to conduct stress testing to assess capital adequacy by taking into account incidents or changes in the future economic conditions that can have adverse effect on its credit risks.



Assessment of Principle 17LC



CommentMain factors driving the rating:
  • Greater focus on independent valuations; and

  • More frequent onsite credit risk examinations for the larger systemic banks to accurately assess credit underwriting standards and identify adjustments in risk-taking behavior.

As in most banking systems, credit risk is the most relevant risk in the banking system in South Korea. Moreover, current macroeconomic conditions are somewhat challenging in this part of the credit cycle with an upward trend in unemployment and past due loans, albeit off a low base. Potentially vulnerable credits could exist in performing credit portfolios. As a result, compliance with this Principle is critical. The FSS appears fully aware of the vulnerabilities that current developments on credit risk entail for the financial system, and monitors data carefully on a quarterly basis. Owing to the importance of effective credit risk management, the team believes greater attention to this area is warranted.



The team recommends that the FSS increase its attention to on-site inspections of credit risk. More frequent onsite inspections will improve the ability to assess underwriting standards and forward looking indicators such as: exceptions and overrides to policy;



changes in the application of credit risk policies; application of covenants for commercial lending and covenant monitoring by risk management–each of which might not be easily visible from offsite monitoring. Special attention should be given to independent valuations for collateral, particularly level of conservatism for construction and project finance.



A focus on a borrowers’ ability to repay, particularly under stressed economic and financial circumstances, and to loan restructurings that might mask borrowers’ weaknesses.



Principle 18Problem assets, provisions and reserves.44 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.45



Essential Criteria
EC1Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs.



Description and findings regarding EC1Under Article 27 of the Regulations banks shall categorize all loans into five categories (normal, precautionary, substandard, doubtful and presumed loss) based on borrower’s debt servicing ability and credit history. The regulations explicitly provide for the FSS to require banks to write-off bad assets if needed, and oversee adequacy of asset classification, provisioning and write-off through bank examinations which is a strong feature of the regulations. The Regulations do not, however, contain a comprehensive set of provisions for the identification and management of problem loans. Importantly, expectations for continuous credit risk monitoring and valuation of collateral needs to be developed further.



In terms of the management of problem assets, the Regulations require banks to operate an internal control system that is independently operated by a credit review function and to maintain a suitable early write-off policy for assets classified as “doubtful” and “presumed loss.”



The Regulations prescribe assets that are subject to asset classification for the purpose of provisioning, including: (i) claims such as loans, advance for payments on guarantees etc; (ii) payment guarantee, the principal liability of which is fixed; (iii) securities; (iv) lease assets; and (v) suspense received or amount receivable; (vi) interest receivable; and (vii) other assets recognized by a bank to be in need of forward looking criteria (Article 28).



Article 29 stipulates the calculation of allowance for credit loss based on the five categories for loans by the type of asset class. The schedule for loan loss provisioning is as follows:
  • 0.85/100 for normal loans (0.9/100 for construction loans; wholesale and retail trade; hotels and restaurants and rental businesses);

  • 7/100 precautionary; and

  • 20/100 substandard;

  • 50/100 doubtful; and

  • 100/100 presumed loss.

A slightly more conservative approach is applied to residential mortgage loans which increase the credit loss provisioning for normal to 1/100 and doubtful to 55/100 reflecting a more conservative approach and potential greater volatility in the asset prices realized in a forced sale. Credit cards also have a bespoke schedule for provisions which is more conservative: Normal (1.1/100); Precautionary (40/100); Substandard (60/100); Doubtful (75/100); and Presumed loss 100/100. Cash advances and revolving credit have an even more conservative schedule.



For assets that are guaranteed by the Government or directly extended to the Government, a 0 percent for Normal is applied.



In transitioning to IFRS, a reserve for Credit Loss was introduced to prevent a decrease of banks’ loss absorbent capacity caused by the change of loan loss reserve standard according to KIFRS. The reserve for credit loss is calculated by deducting accounting reserves from regulatory reserves. Regulatory reserves are determined based on the level of the larger of the minimum regulatory ratios or the expected loss under IRB approach. The definition of default differs between the domestic banks and non-banks. For domestic banks (and FHCs) the default is 90 days past due whereas for non-banks it is 180 days past due. The FSS plans to reconcile this difference with the non-bank definition to be harmonized by 2017. (Article 172 of the Detailed Regulations provides for a comprehensive definition of default for banks).



EC2The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes



Description and findings regarding EC2Banks must establish internal rules on asset classification, provisioning, credit rating model consistent with the banking laws. Asset classification must take into account borrower’s debt servicing ability. Bank supervisors determine the adequacy of asset classification, provisioning and bad-debt write-offs and takes supervisory actions if weaknesses are identified. Through CAMEL-R ratings, the FSS determines the objectivity and adequacy of internal rules and internal controls necessary for an independent inspection of bank lending activities.



Establishing prudent provisioning levels requires a robust classification system of assets (portfolio or individual) timely recognition of default—definitions and characteristics, sound collateral management processes to ascribe collateral to loans correctly, value collateral (including the sound and prudent valuation of security); etc,. When the FSS introduced the forward looking criteria for credit losses in 1999 thematic examinations were performed throughout 2000. Since that time, the main focus of surveillance has been through individual bank examinations and offsite surveillance. The approach for FHCs is to concentrate on the asset profile of the major banking subsidiaries and banks. Specific focus on bank’s collateral management systems was not a feature of the onsite examination, offsite surveillance or thematic reviews and the assessor was unable to determine the integrity of banks systems to assign and identify collateral that has previously been pledged for other facilities. Bank internal controls could not be confirmed.



During full scope onsite examinations, FSS staff assesses a large cross section of files of a significantly large sample of individual loans, including the highest risk exposures. In particular, loans are selected on the basis of judgmental criteria and/or by means of statistical sampling. The sample size is related to the risk exposure, the reliability of bank’s data and quality of internal controls. The analysis aims to verify whether the bank’s classification and valuation decisions comply with the legislative framework in force as well as internal regulation.



To assess valuations, FSS staff will evaluate market indices used by banks for valuation purposes and if they detect a material difference from other benchmarks, the matter will be investigated. It was explained that banks put in much effort to put in fair value for collateral—they use the housing price survey price by Kumin Bank. For commercial property, the valuation will be a mix of indices and independent appraisal.



As part of offsite monitoring, staff assess trends in measures and ratios related to problem assets and provisions, also through comparisons among banks with similar organizational and risk profiles. This analysis heavily leverages on detailed information of peer benchmarks and loss history.



EC3The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.46



Description and findings regarding EC3Under the Regulations, the credit loss schedule prescribed by the FSS is applied to the unused commitment of various facilities as of the settlement date (Article 28, paragraph 6). Thus, banks are required to classify off-balance sheet exposures, including outstanding guarantees, under the same standards applied to regular loans and to establish provisioning for those items by applying credit conversion factor.



For off-balance sheet exposures, the method to calculate the value of the exposure is by multiplying a credit conversion factor plus the provision required under Article 29 of the Regulations. For securitized assets the FSS categorizes these as commitments or guarantees, applying a 50 percent CCF. For project financing related exposures that have ABCP they apply 100 percent CCF (this guidance has not been included in Regulations per se, but issued a guidance note to banks 8 March 2010). Note, it was advised that this guidance was classified as Administrative Guidance Note which has the force of the Regulations and will trigger the same level of sanctions if breached as in banking Act etc.



EC4The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions.



Description and findings regarding EC4Where events with an adverse effect on bank credit risk or deterioration of economic conditions require additional loss absorbing capacity, the FSC can make amendments to the Regulations to adjust standards on asset classification and supervisory provisioning to reflect changes in the market and economic conditions. For instance, an amendment to credit loss schedule which is prescribed by the FSS in the Regulations. Based on recent evidence, this process would not be protracted. The FSS has the power to require banks to revise the adequacy of asset classification, provisioning and bad-debt write-offs and takes supervisory actions if weaknesses are identified (Regulations, Articles 28 and 29).



In the most recent example of the problems experienced in the Mutual Savings bank sector in 2010, FSS staff assessed the asset quality of banks through a rigorous process and involved instructing MSBs to reclassify loans from performing status (Normal and precautionary to substandard). FSS performed their own valuation of collateral for large assets (many of which were project financing and construction loans where the economic feasibility of the project was considered uneconomic against the debt profile).



Asset soundness is an integral component of the CAMELR onsite examination. Through on-site examinations FSS examiners will verify that policies and procedures on provisioning and write-offs are designed in such a way so as to encompass and to take into account all relevant factors. In analyzing the selected sample of individual loans, staff will assess whether banks have appropriate policies and procedures to ensure that loan-loss provisions and write-offs reflect realistic repayment expectations.



EC5The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g. 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g. rescheduling, refinancing or reclassification of loans).



Description and findings regarding EC5Article 48 of the Detailed Regulations sets out the requirements for banks to have an adequate management of credit risks, a loan administration framework which includes the following components: (i) on-going monitoring of changes in borrower credit risk; (ii) credit rating system for regular adjustments of borrower credit score and appropriate follow-up actions; (iii) early warning system for management of at-risk borrowers; (iv) audits to determine the adequacy of lending policies and administration; and (v) resolution of insolvent companies. The process to test banks’ treatment of assets to identify examples of mis-classification is mainly through the full scope examination which occurs every two years.



EC6The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels.



Description and findings regarding EC6Articles 18 of the Regulations require banks to submit on a regular basis (quarterly) Business Reports on asset classification and provisioning and to have adequate documentation on asset classification and provisioning standards. Data submitted by the banks is both comprehensive and detailed and include a number of different metrics to support the classification such as repayment capacity and value of collateral.



Policies and procedures are reviewed as part of the full scope onsite examination performed every two years. Outside of the onsite, limited examples of qualitative information received by the supervisor to assess adequacy of documentation, application of policies and processes by the bank such as internal audit reports etc.



EC7The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g. if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures.



Description and findings regarding EC7FSS examiners conduct off-site monitoring and on-site examination to assess whether asset classifications and provisioning are adequate. In case the classification is not adequate for certain assets, bank supervisors may order the bank to reclassify the assets and make additional provisioning. The Regulations are sufficiently prescriptive for the supervisor to ensure banks fully reflect losses in the amount of provisions. The experience of the MSBs in 2010 demonstrates that the FSS is willing and capable to exercise this discretion.



EC8The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions.



Description and findings regarding EC8Risk mitigants including bank guarantees, credit derivatives and collateral can be taken into account in the calculation of risk-weighted assets only when they meet certain qualification criteria (Annex 3, chapter 6 Detailed Regulations). Collateral value is defined as the fair value of the collateral less applicable haircut rate determined by factoring in price volatilities. Collateral value must be monitored at least once a year. Financial guarantees are permitted under the Regulations and there is no guidance regarding the frequency of revaluation. In practice, the FSS only allows financial guarantees that are domestic government bonds.



EC9Laws, regulations or the supervisor establish criteria for assets to be:
  • (a) Identified as a problem asset (e.g. a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and

  • (b) Reclassified as performing (e.g. a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected).

Description and findings regarding EC9Banks are required to classify a loan as non-performing if it finds reasonable grounds to believe that the principal and interest will not be collected according to contract terms based on banks’ assessment of borrower’s future debt servicing ability. A bank’s credit rating model must take into account factors that affect debt servicing ability such as counterparty’s industry risk, management risk, financial soundness, and cash flow.



The Regulations allow banks considerable flexibility when returning exposures from restructured to performing status. Appendix 13 of the Detailed Regulations allows restructuring of loans back to performing without the borrower having proved repayment capacity under revised terms. On this issue, the FSS issued an ‘Administrative Note’ to industry in 2009 to clarify expectations. Under the Regulations, banks will decide whether to classify a loan as normal based on their own internal policies. For example, one of the criteria allows a customer to return to performing status if they are considered able to pay the principal and interest because his/her ability to repay debts has been improved considering their business performance or financial status and future cash flow. In this circumstance, the borrower has not demonstrated an ability to meet agreed repayment amounts but the loan has been re-aged and classified as ‘Normal’.



EC10The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred.



Description and findings re EC10Banks are required to report to the Board matters that are in relation to a range of activities under the bank’s control i.e. transfer, mergers, internal control standards (Article 23–2) of the Banking Act. Article 34 of the Act is more prescriptive and stipulates that banks shall observe sound management of “soundness in assets”. Articles 29, 30, and 31 of the Regulations establish the Board’s role in the overall risk management system. However, the Act and Regulations do not provide guidance as to minimum reporting to the Board regarding loan loss provisions, asset classification or reserves.



EC11The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold.



Description and findings regardingBanks are required to conduct valuation, classification, and provisioning on an individual item basis, only for significant exposures (the threshold differing from 500 million won to 5





EC11billion won depending on bank sizes). The FSS has provided guidance to banks in December 2011 to categorize loans which are impaired to be individually assessed. Through this exercise, banks were grouped into four categories:
  • Group 1: Hana, KB, Woori Shinhan, KEB;

  • Group 2: Citi Bank, Standard Chartered, KB;

  • Group 3: National Fisheries, Industrial Bank, Industrial Credit Cooperative, Import Export, KDB; and

  • Group 4: All others banks.

The FSS applied various thresholds to each group and any exposure which exceeded the threshold would require the amount to be individually assessed.



To accurately calculate loan loss provisions, an independent valuation of collateral supporting the exposure when default occurs (classified as substandard) is critical. Where this does not occur, there is a risk that actual loan loss provisions is not based on actual realizable value.



EC12The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment.



Description and findings regarding EC12The FSS regularly analyzes banks’ delinquency rate on a monthly basis and non-performing loans on a quarterly frequency. In the case of retail mortgage exposures, there is a culture of assisting borrowers to return to performing status. In the case of medium to large borrowers where exposures are syndicated, banks will participate in evaluating the ability to rehabilitate the borrower and enter a work-out arrangement. If banks have to take residual risks after the sale of a problem asset, banks are required to include this in the computation of their BIS capital ratios.



Assessment of Principle 18MNC



CommentsThe FSS does not meet EC9 as the regulations allow banks considerable discretion when reclassifying exposures as performing. The regulations permit the reclassification of loans to performing without the borrower having proved repayment capacity under revised terms. While the FSS has increased its oversight of banks’ application of internal politics for reclassification of assets, a greater amount of supervisory attention is required to ensure banks’ apply appropriate risk management around this process. Attention to this aspect of provisioning should be enhanced, especially in the current credit cycle.



Supervisory oversight of collateral valuation practices for defaulted loans needs greater attention. While the FSS implemented thresholds in December 2011 for exposures to be individual assessed and managed, greater supervisory attention is needed to ensure banks are applying the thresholds appropriately. In practice, internal bank officers are predominantly responsible for valuing collateral. FSS processes to assess the application of policies and the robustness of risk management of collateral valuation was not uniform across the major banks leading to potential inconsistencies and weaknesses. Prudent collateral valuation processes are necessary to help ensure adequacy of provisions. For the mortgage portfolios of banks (particularly inner-city apartments), collateral is re-valued on a regular basis against a market index (where available). Regulations stipulate at least quarterly re-valuation of collateral, and industry practice is generally monthly. In a reducing asset price environment, more frequent valuations are prudent, however, in a rising asset price environment this practice will lower the average portfolio LTV and raise collateral coverage against provisions through no change in debt reduction or increase in provisions respectively.



Contributing to the rating is a lack of consistency in the definition of default between the commercial banking sector and non-banks. The definition of default differs across deposit taking institutions (mainly the domestic banks and non-banks). For domestic banks it is 90 days past due whereas for non-banks it is 180 days.



Principle 19Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.47



Essential Criteria
EC1Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.48 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured.



Description and findings regarding EC1The requirements for banks to have policies and processes for extending large credit exposures exists under the Regulation of Banking (Article 76). In addition to principles for credit risk management (contained within Article 78, paragraph 5 of the Regulations) banks are required to prevent loan concentration of credit extension by industries and customer groups. As part of bank ICAAP, banks are required to identify credit concentration risks (paragraph 260 of the Detailed Regulations).



Banks are required to establish internal guidelines for management and control of large credit extensions (RSBB Art 76 paragraph 2) including:
  • An automated management information system to monitor the LE at all times; and

  • A system to detect LEs to control and prevent LE being extended.

A large exposure is defined as 10 per cent of the relevant bank’s equity capital (Banking Act, Article 35(4)). In terms of monitoring, banks are required to assess its Large Exposures (LEs) based on the balance at the end of every month and will submit a report to the FSS every quarter.



For single name concentration, Article 35(1)–(4) of the Banking Act sets the limit on borrower credit exposures for banks:
  • Single name (individual or connected individuals) credit exposures must not exceed 20 percent of bank me (individual); and

  • Credit exposures to a single enterprise (an enterprise group) must not exceed 25 percent of bank’s capital.

The treatment of connected counterparties is defined under the Fair Trade Act where banks will obtain guidance for whether exposures to separate individuals or customers should be aggregated for the purpose of calculating LEs. The definition of borrower refers to (the same individual, corporation or person) categorized as “same borrowers”. For corporate exposures to be classified as connected there are a number of criteria, including: need to meet or exceed a 30 percent threshold of voting stock, ability to appoint a Board member or provide a guarantee.



To complement the individual large exposure limits, the FSS applies an aggregate limit of all large exposures to five times the bank’s equity capital (Banking Act, Article 35,(4)).



There are several exceptions to the Large Exposure requirements in the circumstances where (i) it is necessary for the national economy or for a bank to promote effectiveness in securing claims; and (ii) where a bank exceeds the limit referred due to changes in its equity capital or changes in the composition of the same borrowers although it did not extend further credit (Article 35, paragraphs 1–4 of the Banking Act). In these instances, the exemptions are prescribed by Presidential Decree.



In the second case, the FSS will offer a bank one year to comply with the LE limits. In terms of experience with examples where the FSS has agreed to increases in the LE limits, the most recent was in 2008 where a bank had exposure to a counterparty with high FX volatility.



Outside of the large exposure limits, management and monitoring of other sources of risk is not standardized/systematic, and is supervised on a case by case basis through on and off site supervision. Concentration other than name concentration is not considered in the quantitative measure. Credit concentration risk does not appear to include on- and off-balance sheet items.



Appendix 2 of the Regulations sets out the credit items that will be included in the definition of credit extension. It also denotes a number of exclusions to the calculation of large exposures, including types of exposures such as receivable spot exchange and tender

guarantees. Exclusions are also applied to certain types of counterparties, such as: credit extensions to central government or central bank, banks in a country of risk weight 0 percent and credit extensions guaranteed by said bank; credit to an investment trader or broker subject to regulation at the level such as banks. While some items that are excluded from the LE calculation will not be large, the dimensions of these exposures are not visible to the FSS and the impact on the overall concentration exposure of individual banks or the sector. The existence of an extensive list of exceptions to the calculation undermines the integrity of the LE regime and potentially hidden concentration risks could build up.



EC2The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure49 to single counterparties or groups of connected counterparties.



Description and findings regarding EC2Banks are required to implement internal guidelines for management and control of large credit extensions in terms of a computerized system to monitor present conditions and a self screening system which enables control and prevention of occurrence of large exposures (Article 76, paragraph 2, Detailed Regulations).



The requirements for banks to measure the LE at month’s end and not continuously is a weakness in the way the regulations are drafted. The regulations are not broad as to require timely monitoring of concentration risk. Given the unique risks presented by LEs, there is benefit in having greater specificity in the monitoring expectations for banks on an individual single name basis and a portfolio and bank-wide basis. There is no specific requirement for identification and aggregation of exposures creating risk concentration (such as on a same industry, economic sector or geographic region or in market and other risks when the bank is exposed to particular asset classes, products, collateral, or currencies). In practice, the analysis of concentration other than name risk is conducted by on and off site supervision on a case by case basis.



EC3The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board.



Description and findings regarding EC3Banks are required to have in place adequate internal systems to identify, monitor and report LEs. As per Article 76(2) of the Regulations, banks are required to implement internal guidelines for management and control of large credit extension. Credit concentration risk is also measured and managed through the bank’s ICAAP: Article 260 of the Detailed Regulations, paragraphs A &B, requires all material risks to be identified specifically referring to concentration risk.



While the ICAAP clearly establishes the requirement for concentration risk to be included in the assessment of a bank’s risk profile and evaluated against capital adequacy, specific risk management policies for LEs is not contained within the regulations. During the full scope examination, the FSS will verify risk management policies and processes for managing concentration risk. There was not a robust process to integrate the results from the assessment of concentration risk with the assessment of capital adequacy in the calculation of the CAMELR composite rating. In addition, while the ICAAP rules have been implemented, the FSS has not yet fully implemented the ICAAP and will need time to mature and be fully embedded. Equally, the implementation of Pillar 2 to allocate higher minimum capital ratios is a work in progress. As a result, capital add-ons have not been used in the process to set minimum capital ratios for banks (see CP16).



In the analysis of concentration risk, there was not a sense of an agreed set of industry benchmarks or tolerances used by the FSS to consistently assess and evaluate concentration risk.



EC4The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical, and currency exposures to be reviewed.



Description and findings regarding EC4Specific reporting obligations in relation to concentration risk and large exposures limits are not explicitly defined in the regulations. Banks will however, submit a quarterly Business Report with a full suite of financial information. In practice, the FSS receives a broad range of concentration risk related information. Through the submission of the quarterly Business Report, a specialist team within the Corporate Credit Department will assess LE and concentration risk data. The centralized structure enables systematic monitoring of LE data across the banking sector. FSS uses the information available to conduct analysis of the material risks in the banking sector, including by industry, economic sector or geographic region or in market and other risks when the bank is exposed to particular asset classes, products, collateral, or currencies.



The data submitted by banks will include: name of the borrower, exposure value, ratio of the LE to capital, and usage of the limit. A report is produced quarterly and submitted to the Deputy Governor responsible for Banking and Non-Banking Supervision. Banks are required to report on the level of credit concentration risk by borrower class, economic sector, industry, country, and the like on a quarterly basis.



In the event offsite analysis identifies a specific issue or considers concentration risk to be excessive, meetings will be held with the individual bank to obtain a greater understanding of the exposure.



In addition to regular quarterly offsite monitoring, the assessment of concentration risk is part of the full scope onsite examination which is performed every two years and includes quantitative and qualitative analysis.



EC5In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis.



Description and findings regarding EC5The Banking Act (Article 35(1) defines single borrower as a person who shares credit risk with the same individual or entity. A person who shares credit risk can be classified as a firm which belongs to “enterprise group” under Article 2 of the Monopoly Regulation and Fair Trade Act. It also includes a person with economic substance in or actual control over the firm.”



The regulations do not provide for the FSS to apply discretion over the interpretation of connected counterparties.



EC6Laws, regulations or the supervisor set prudent and appropriate50 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis.



Description and findings regarding EC6The Banking Act sets clear limits on credit extension to single borrowers (see EC1). The definition of credit extensions includes all on- and off-balance sheet exposures that can trigger credit risks (Appendix 2 Regulations).



Banks must calculate LEs to a single counterparty or group of connected counterparties on a monthly basis and report quarterly to the FSS.

The expectations for reporting concentration risk and Large Exposures to senior management or the Board is not prescribed by the regulations. In practice, however, banks have robust delegation frameworks in place which are assessed as part of the full scope onsite examination.



EC7The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programs for risk management purposes.



Description and findings regarding EC7The Regulations not specific in regard to risk concentrations and the conduct of stress testing. Offsite analysis will regularly assess risk concentration by borrower and by industry and by different groups. Guideline on Stress Testing issued by the FSS encourage banks to conduct firm-wide stress testing which encompasses all identifiable risks including market, credit, operational, interest rate, and liquidity risks. For commercial real estate still, the FSS uses downturn LGDs from data during the Asian crisis (1998).



Additional Criteria
AC1In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
  • (a) Ten per cent or more of a bank’s capital is defined as a large exposure; and

  • (b) Twenty-five per cent of a bank’s capital is the limit for an individual large exposure to A private sector non-bank counterparty or a group of connected counterparties.

Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialized banks.



Description and findings re AC1The FSS has adopted LE limits of 20 percent for single name and 25 percent for an enterprise group pursuant to article 35 of the Banking Act. Over and above these single name limits, the sum of large credit exposures exceeding 10 percent of bank’s capital must not exceed five times the bank’s capital. If changes in bank’s capital or changes in the composition of single borrowers caused the sum to exceed the maximum limit, the bank must bring it into compliance within one year.



Assessment of Principle 19MNC



CommentsKey factor driving this rating include:
  • Governance and reporting obligations in relation to Large Exposures should be developed further to ensure appropriate level of oversight and risk management applied to LEs and a full risk assessment (using the definition of LE as exposures greater than 10 percent). Given their unique risks, LEs should be reported and approved by at least senior management and preferably by the Board of directors. In practice, the FSS should be more active at assessing LEs prior to settlement to adjust its supervisory settings in the event the exposure creates an undesirable level of concentration risk. Absence of a notification or approval requirement outside of normal reporting obligations weakens LE regime;

  • Several exceptions to the limits which could allow banks to circumvent, either intentionally or otherwise, and build up concentration risks. The treatment for connected counterparties to calculate LE compliance is defined under the Fair Trade Act and not the specific regulations for banks. The treatment includes a number of exclusions and is not really bank specific to capture unique prudential risks; and

  • The requirements for banks to have policies and processes in place to manage and monitor concentration risk, especially on a bank-wide basis could be developed further to include a greater range of sources of concentration risk in addition to risks from Large Exposure.

This CP has been considerably expanded from the previous methodology, and the focus has shifted from “large exposures” to “risk concentration”, which includes not only name risk but by industry, economic sector, geographic region, and by market (for instance, when banks are exposed to particular asset classes, products, collateral, or currencies). South Korea, as most countries, has not yet established guidance covering the whole spectrum of concentration risk management and monitoring. At the time of this Assessment, the revised guidance by the BCBS on concentration risk has not yet been published. Risk management standards are not sufficiently detailed (i.e., Board reporting, management information systems, etc). Regulations not clear about definition of connected counterparties or the instances where this might be considered.



Principle 20Transactions with related parties. In order to prevent abuses arising in transactions with related parties51 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties52 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes.



Essential Criteria
EC1Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis.



Description and findings regarding EC1A related party is defined in the Banking Act (Article 2.(1) 8) and means the principal and a person having a special relationship prescribed by Presidential Decree with the principal (also referred to as “special related person”). The scope of a related party is set out in Article 1–4(1) of the Enforcement Decree and includes the following:
  • A relative;

  • Non-profit organization where the principal has a majority;

  • A company where the principal has more than 30 percent issued voting stock;

  • A person employed by the principal;

  • A company in which the principal owns not less than 30 percent;

  • A company that belongs to the group; and

  • A person that exercises voting rights against voting stocks.

Article 1–4(2) of the Enforcement Decree contains three explicit exclusions to transactions classified as related party: (i) where a private equity fund acquires stocks of other companies

for the purpose of raising the value of the company it has invested (paragraph 3); (ii) where the bank provides funds to Public-Private Partnerships for infrastructure projects; and (iii) where a bank acquires stocks of other companies by conversion of investment for corporate restructuring under the Corporate Restructuring Promotion Act and the Debtor Rehabilitation and Bankruptcy Act.



In addition to the explicit exclusions above, if a transaction with a company where the principal does not meet the 30 percent threshold, the exposure will not be treated as a related party transaction. A threshold exemption to the definition is also applied to non-profit organizations with a 50 percent threshold. Given the explicit exclusions to the related party definition and a relatively high threshold for investment in companies and non-profit organizations (30 percent and 50 percent respectively), there is some question about whether the definition and application will capture a comprehensive set of related parties as intended by the criteria. Related party exposures carry a unique set of risks where the exceptions to policies and definitions should be limited with high hurdles.



In the instance where a bank wants to exercise a debt for equity swap, it will be subject to The Corporate Restructuring Promotion Act and the Bankruptcy Act. The objective of this exclusion is to enable resolution of distressed companies through the restructure of debt i.e. lower the interest rate, extend term etc.



The Regulations include a detailed list of transactions to be included in the scope of credit extension (Regulations, Appendix 2) and include on and off-balance sheet credit exposures. The expanded nature of related party transactions articulated in the criteria is broader than that detailed in the Regulations. For example, construction contracts, lease arrangements, derivative transactions and write offs.



For related party transactions, banks are obliged to report exposures to the FSS on a monthly basis. Credits that will be reported include Large Exposures, credits that are in excess of 0.1 percent of paid in capital or $5 billion won (lesser of the two).



Offsite monitoring of related party exposures of banks is performed by a specialized unit within the Corporate Credit Department. The reports are routinely checked to identify any potential breaches of related party rules. In the case of large individual credits, the team will investigate through direct engagement with the bank. The data that is submitted for related party transactions include: date of the loan; interest rate; value of exposure; the borrower, collateral etc. The team produces reports based on this material covering related party transactions for three groups (i) shareholders, executives and employees; (ii) subsidiaries and; (iii) other related parties. In practice, the number of breaches that have been identified has been negligible.



The full scope examination will verify policies and processes associated with related party exposures and effectiveness of compliance controls.



The Banking Act contains a number of provisions limiting the exercise of influence over the bank by ‘Large Stockholders’ (see Article 35–2 to 35–b5). However, related party exposures can apply to a broader class of exposures.



EC2Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees,

amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.53



Description and findings regarding EC2Article 35–2(8) of the Banking Act makes explicit references to credit extended to stockholders—”No bank shall gratuitously transfer its assets to any large stockholder of the relevant bank, or trade or exchange its assets or extend credit to or with the relevant bank under substantially favorable conditions compared with ordinary terms and conditions”. In this regard the prohibitions on related party transactions are clear.



EC3The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions.



Description and findings regarding EC3There are no specific provisions within the regulations that require transactions with related parties and write-offs of related party exposures exceeding a specified amount to be subject to prior approval by the Bank’s Board.



The Commercial Act, does however, contain provisions for Board responsibility in relation to disposition and transfer of important properties, borrowings of large scale assets, appointment or dismissal of managers, and management affairs shall be made by the resolution of the Board of Directors (Article 393). However, the scope of the provisions in the Commercial Act are not sufficiently broad to include write offs of related party exposures. The Commercial Act (Article 368(4) does require Board members with conflicts of interest to exclude themselves from the approval process.



EC4The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction.



Description and findings regarding EC4The Regulations require policies and processes in relation to Large Stockholders (Paragraph 8, Article 35–2 (9) Banking Act & 35–4), which extends to related parties as defined within the Enforcement Decree. There did not appear to be a requirement that staff declare material interests in an exposure before making an input into the assessment. There is no general requirement in the Regulations that persons who are to benefit from the transaction (or persons related to such a person) should not be part of granting and managing the transaction.



EC5Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties.



Description and findings regarding EC5The regulations contain a limit on credit extensions to borrowers at 20 percent in the case of a single counterparty and 25 percent in the case of a group counterparty exposure (paragraph 1, Article 35–2, Banking Act), however these two limits are for all borrowers and not specific to related party transactions. Article 35–2 also does not include a broad definition of transactions (i.e., lease arrangements, service contracts, derivatives etc).



Within the FHC Act, there are restrictions on Intra-group single borrower credit exposure should be secured by appropriate collateral. There is no scope within the regulations for supervisors to deduct related party exposures from capital if the exposure was assessed to be problematic.



EC6The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions.



Description and findings regarding EC6In general, banks are required to adhere to strict internal control limits. It is the expectation that related party transactions are monitored by appropriate policies and procedures and governance such as senior management and Board of Directors. The regulations are not prescriptive in this regard however. As a general rule, any credit exposure to related parties which exceed the current limit of the lower of 0.1 percent of bank’s capital or W 5 billion must obtain the approval of the bank’s Board made by a unanimous decision.



EC7The supervisor obtains and reviews information on aggregate exposures to related parties.



Description and findings regarding EC7Bank supervisors monitor information on aggregate exposures to related parties and compliance of the limit on exposures to related parties through monthly Business Report submitted by banks.



Assessment of Principle 20LC



CommentsFSS’s regulations on a bank’s transactions with related parties provides for exclusions to various counterparties below certain thresholds (30 percent for companies and 50 percent for non-profit organizations). As a result, the definition might not be comprehensive to capture a sufficiently broad number of related party transactions.



The current definition is geared towards credit exposures and is reflected in the reporting obligations of banks and the offsite analysis performed by supervisors. I.e. lease contracts, derivatives, write offs etc are not included in the definition of credit extension and not captured by supervisory oversight. Equally, scope to further develop specific guidance for banks on enhanced governance required for related party exposures i.e. Board reporting and approval.



Principle 21Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate

country risk54 and transfer risk55 in their international lending and investment activities on a timely basis.



Essential Criteria
EC1The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures.



Description and findings regarding EC1Under the regulations, banks that deal with FX affairs are required to set up and operate their own internal management standards for risks arising from FX transactions which will encompass risks such as: country risk, large credit risk, foreign currency liquidity risk, market risk and others (Article 67(1), Regulation on Supervision). In practice, the FSS manages transfer risk as a subset of country risk (country risk is the overarching risk), although the regulations are couched in terms of FX risk. The specific reference in the Regulations (Article 67) is to country risk through FX transactions which may not fully capture the totality of the risk contained within this Principle.



Article 41 of the Detailed Regulations requires banks that deal in FX to establish and implement risk management standards for FX and country risk as contained in Article 67 of the Regulations and further elaborated in the Appendix 15 of the Detailed Regulations. In terms of FX risks, the Regulations require certain disclosures by banks in the following categories (Article 72 of the Regulations on Supervision):
  • (1) The current status of assets and liabilities in foreign currency and liquidity ratio in foreign currency by remaining maturity as of the end of each month;

  • (2) The current status of maturity of borrowings in foreign currency as of the end of each month;

  • (3) The current status of financing and operation of funds in foreign currency as of the end of each month;

  • (4) The current status of riskless assets held in foreign currency as of the end of each quarter; and

  • (5) Other matters determined by the Governor for the soundness of institutions to deal with FXs affairs.

To perform offsite supervision, banks will report data as part of their quarterly Business Reports, such as: amount of credit extended, payment securities by country and for large borrowers. The Foreign Exchange Supervision Department (FXSD) is responsible for performing offsite analysis across the commercial banks. In assessing these risks FSS staff will focus on three areas: (i) whether banks set appropriate limits for FX; (ii) whether banks are adequately assessing country risk; and (iii) whether banks have sufficient reserves against that country risk. As a centralized unit, the FXSD aggregates the information into a report for each regulated entity within the FSS.



In the case of credit exposures to a non-resident corporate borrower that operates outside Korea, the creditor bank is expected to classify the loan with due consideration given to the FX risk of the borrower in addition to the debt-servicing ability of the borrower. The FXSD will specifically be assessing whether the bank has performed this function by verifying FX rates, compliance with statutory limits etc. Offsite monitoring will look at the flow of country credit and the distribution of country ratings and attempt to identify potential concentrations below investment grade. Asset quality will also be assessed and whether banks are maintaining statutory minimum FX reserves.



As part of offsite monitoring, the Bank Supervision Department will be responsible for assessing the adequacy of loan loss provisioning and FX reserves, with the FXSD responsible for overall country and transfer risk monitoring. The responsibility for coordinating analysis of country and transfer risk between the teams was not well defined.



There is no basis in the Regulations for the data to be consolidated, however, in practice the data is submitted on a consolidated basis. In the instance where the regulated entity is a bank, the data would include the bank and its subsidiaries, and in the instance of an insurance entity, the data would be the insurance company and its subsidiaries. The FXSD will perform offsite analysis for all subsidiaries regulated by the FSS.



Supervision practices for country and transfer risk are skewed towards transfer risk. Furthermore, ongoing monitoring of country and transfer risk focused on offsite analysis of quantitative information. Qualitative data on the application and effectiveness of risk management insufficient to make an ongoing assessment that policies and procedures are appropriate to risk profile.



Assessment of policies and procedures will typically only occur during the full scope onsite examination every two years.



Currently there is no framework to comprehensively assess country and transfer risk within the financial holding company across all entities (regulated and unregulated). In this case, bank-wide analysis is not performed across the bank and the affiliate companies under a bank FHC.



EC2The supervisor determines that the bank’s strategies, policies, and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.



Description and findings regarding EC2As per the Regulations, if a bank seeks to alter its risk management standards regarding country and transfer risk, it is required to refer the matter to its internal risk management committee for a resolution (Article 67(2) of the Regulations). However, the regulations do not stipulate that this risk committee regularly approve and oversee management to ensure that the policies and processes are implemented effectively and fully integrated into the bank’s overall risk management. Furthermore, it is ambiguous whether the internal risk committee is required to be a subcommittee of the Board or a management committee.



In addition to normal offsite supervision, when conditions warrant, the FSS will make an ad hoc request. For example, during the heightened awareness of risks within the Eurozone the FXSD requested details from the major banks on their exposure to the PIGS countries (Portugal, Ireland, Greece and Spain). The FSS requested exposure data by country per loans, payment guarantees etc. At the end of 2010, the banks’ exposure to PIGS countries was $3 billion, dropping to $2 billion in 2011 and at the end of 2012 the exposure was $2.5 billion. However, offsite surveillance will not typically include qualitative inputs such as reports on risk management, updates to policies and procedures, internal audit findings, compliance reports, changes in risk appetite, strategy etc,.



In terms of onsite analysis which is performed as part of the full scope examination through CAMELR, the Bank Examination Department is responsible for assessing compliance with risk management and adherence to compliance for foreign currency-related risks—such as country risk, large credit risk, and foreign currency liquidity risk—according to the risk type and manage the risks.. Banks have their own risk management and compliance schedules and put in place limits on an individual country basis. The onsite examination will examine whether banks went through an appropriate process for amending limits etc.



EC3The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits.



Description and findings regarding EC3Bank’s information management systems will be assessed as part of the full scope onsite examination. Within the review, all aspects of a bank’s internal control processes and systems will be evaluated, including an assessment of aggregation procedures. However, between the full scope examinations which occur on a two year frequency, the supervisor will not assess the integrity of information systems, risk management systems and internal control systems, unless in exceptional circumstances.



When data has been submitted by banks as part of their periodic submissions (Business Reports etc), the FSS will perform reconciliations i.e. matching FX loan balances and FX loans extended to resident and non-resident.



EC4There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:



  • (a) The supervisor (or some other official authority) decides on appropriate minimum provisioning by regularly setting fixed percentages for exposures to each country taking into account prevailing conditions. The supervisor reviews minimum provisioning levels where appropriate;

  • (b) The supervisor (or some other official authority) regularly sets percentage ranges for each country, taking into account prevailing conditions and the banks may decide, within these ranges, which provisioning to apply for the individual exposures. The supervisor reviews percentage ranges for provisioning purposes where appropriate; and

  • (c) The bank itself (or some other body such as the national bankers association) sets percentages or guidelines or even decides for each individual loan on the appropriate provisioning. The adequacy of the provisioning will then be judged by the external auditor and/or by the supervisor.

Description and findings re EC4Under the Regulations (paragraph g, Annex 3), in cases of loans to a non-resident enterprise, soundness shall be classified in consideration of the country risk where the relevant company is located in addition to such enterprise’s ability to repay debts. When classifying credit exposure to non-resident foreign corporate borrowers, banks must give due weight to the borrower’s country risk in addition to the borrower’s debt-servicing ability and set the provisions accordingly. During on-site examination, supervisors will verify whether provisioning takes into account country risk.



The FSS has not developed consistent benchmarks for assessing whether the provisions applied by banks are conservative or accurate, instead expert judgment is applied by supervisors.



EC5The supervisor requires banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis for risk management purposes.



Description and findings re EC5While banks are required to perform stress testing generally, there is no specific stipulation in the Regulations for banks to formally consider country and transfer risks as part of their stress testing programs. Under the Regulations, banks will perform stress tests on their sources of offshore funding. Supervisory practice and oversight was not well developed in terms of examination manuals and extent of attention devoted to this risk. The ICAAP requirements in the Detailed Regulations require banks to perform stress testing and include all material risks (paragraph 262). A similar stress testing requirement is contained within Detailed Regulations for credit risk (Appendix 3–1). Country exposure for the domestic banks is less than 3 percent of total capital and that at least half of that is allocated into developed countries where the systemic risk is considered low.



EC6The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g. in crisis situations).



Description and findings regarding EC6The Regulations (Article 72) stipulate the reporting requirements of banks in relation to foreign affairs transactions. The exposure status report contains information pertaining to FX risks. This information is submitted to the FSS on a quarterly basis and reviewed and assessed by the FXSD.



Banks set management criteria and any changes for country risks (e.g., credit extension limit for a country) and credit extension in foreign currency above the established limits must be approved through the internal risk management processes. Bank supervisors will assess the effectiveness of internal risk controls and management (including the role and functions of the board members and the management) during on-site examinations. Offsite surveillance will assess credit as well as FX and will look at credit and loans on an individual country basis. They will examine trends to identify risks as well as changes in international financial markets.



The processes to integrate the qualitative assessment of risks with the results of quantitative analysis was not well developed. The sharing of information between the FXSD and Bank Supervision Teams and ultimate accountability for supervision of the risks could be better coordinated.



Assessment of Principle 21LC



CommentsIn the case of FHCs, group-wide analysis is not consistently performed across each regulated entity (and unregulated) to form a comprehensive view of risk. South Korean banks are active in exposures abroad and the FSS reviews country risk in depth for the large internationally active banks. The regulations should be strengthened for data to be consolidated. While banks are required to perform stress testing generally, there is no specific stipulation in the Regulations for banks to formally consider country and transfer risks as part of their stress testing programs.



Principle 22Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis.



Essential Criteria
EC1Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk.



Description and findings regarding EC1Banks are required to articulate the slotting criteria for its trading book with internal guidelines and the trading book (TB) needs to be managed separately by a separate trading department. TB positions are managed in accordance with a trading strategy and limits on positions are established. Reporting to senior management is principles based with TB positions reported to senior management on a regular basis, though not prescribed (Detailed Regulations, Appendix 3–2 and paragraph 3).



Banks are required to value positions on a daily basis and calculate market risk equity capital on a daily basis. Externally sourced market rates and the validation of rates into mark-to-market models not explicitly required by the Detailed Regulations, although this has been recommended to banks through the good practice guide (Market Risk Management Guideline final revision Nov 2009). It is understood that this Guideline will be translated into the rules when the ICAAP rules are revised.



The Detailed Regulations (Appendix 3–2, paragraph 1A) permit banks to exclude TB exposures from the calculating of market risk regulatory capital under two conditions: (i) where the ratio of the Trading Book (TB) to total assets on the consolidated balance sheet is less than 5 percent maximum per day; and (ii) where the TB is less than w 100 billion maximum per day. De minimus exclusions from market risk are not unknown, however, in order to remain risk based and in conformity with the principles the threshold exclusion would need an additional limitation in terms of the size of the bank. The current threshold is considered excessive.



In practice, 17 of the 18 commercial banks are subject to the calculation of market risk equity capital for TB exposures. One commercial bank is excluded which has a limited traded market risk exposure and one Specialized Bank is also exempt from calculating market risk-weighted assets (National Federation of Fisheries Cooperatives is also exempt from IFRS and the ratio of Market Risk to total capital is 0.39 percent as at the end 2012).



To monitor compliance with the threshold exclusions allowed under the Regulations, banks need to report daily trading positions. TB assets as a percentage of total assets for the commercial banks is on average less than 5 percent, although the results are skewed as several of the regional banks have very small TB assets (for example, 6 regional banks between 1–2 percent). On the other hand, the ratio for one domestic bank is as high as 11 percent.



Regarding Korean banks’ trading positions subject to calculation of market risk (as of end of June 2012), 52.7 percent was OTC derivatives trading and 42.9 percent was securities trading. Most of OTC derivative transactions are interest rate and FX related derivatives transactions for the purpose of short-term capital gains whereas most of securities trading are treasury securities trading for back-to-back transaction56 of Korean interest-rate swap transactions.



Instruments that are permitted to be allocated into the TB are defined in the Detailed Regulations (Appendix 3–2, paragraph 2.G) and include:
  • Financial instruments held for short term trading;

  • Financial instruments held with intent to earn risk-free return;

  • Financial instruments held for underwriting, broking, or market –making;

  • Derivatives classified as trading items pursuant to KIFRS;

  • Financial instruments for hedging risks of trading book; and

  • Other instruments that are similar to TB.

This is an exhaustive list. In terms of the first item of short term financial instrument, the FSS relies upon banks to define this in terms of their own internal controls and trading book policies. In effect, banks will have the discretion to define the duration of short term and will differ from bank to bank. Typical definitions of short term range 180 days, although there was no definitive data available. Assets in the TB attract a concessional risk weighting and require robust risk management by banks internally and by external verification. The risk is that assets that are not actually intended for trading be classified in the TB. To monitor this risk banks are required to have risk management over sighting the TB and the FSS will assess compliance with the TB policy statement as part of the onsite review.



In the case of exotic instruments like structured products, each risk factor is calculated separately to calculate market risk-weighted assets. Most instruments traded in Korea are traditional (IRS, FX, commodity, stock, call option etc,) and new products are expected to go through a new product approval process.



The Regulations permit banks to hold T3 capital against market risk exposures (Detailed Regulations Appendix 3–2, paragraph 2.C). When BIII is implemented these instruments will be excluded, which at the time of the assessment has not been announced.



EC2The supervisor determines that banks’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process.



Description and findings regarding EC2Guidelines issued by the FSS recommends that banks advise the FSS if a change to its internal rules on market risk and trading has occurred. However, there is no specific requirement in either the guidelines or the Regulations that Board approval is required for a change in strategy or TB policy. Furthermore, Board’s are not required to review and approve market risk policies on a regular basis. In practice, banks are expected to inform the Board of a change in policy through normal reporting. When conducting the onsite examination, the FSS will request and analyze a large sample of TB assets and perform sample tests to assess compliance and evaluate risk management.



Where a bank has been approved to use an internal model to calculate its market risk equity capital, the qualitative requirements in the Detailed Regulations clearly establish the role of the Board in governance of market risk (Appendix 3–2, paragraph 22). Senior management and the Board are required to take part in the risk control process positively and recognize the risk control as an essential aspect of management which needs sufficient input of resources (paragraph C). The internal model also needs to be integrated with the daily control process of a bank to measure the daily risk control process.



Of the 18 commercial banks, 7 have been accredited to calculate market risk equity capital using internal models and the remainder calculate market risk using the Standard approach.



EC3The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
  • (a) Effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the bank’s Board and senior management;

  • (b) Appropriate market risk limits consistent with the bank’s risk appetite, risk profile and capital strength, and with the management’s ability to manage market risk and which are understood by, and regularly communicated to, relevant staff;

  • (c) Exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board, where necessary;

  • (d) Effective controls around the use of models to identify and measure market risk, and set limits; and

  • (e) Sound policies and processes for allocation of exposures to the trading book.

Description and findings regarding EC3According to the Detailed Regulations (Annex 3, paragraph 248) banks are required to obtain regulatory approval for the internal trading guidelines, which must stipulate the key functions of the trading divisions, the basic requirements for trading, the range of trading positions to be taken, internal controls for the classification and management of trading positions, valuation of the trading positions, and internal audit lists. Extensive criteria for market risk management is prescribed in the ‘Qualitative Standards’ for internal model users (see Annex 3, paragraph 22), such as: independent front office that reports to senior management and takes responsibility for the design and management of the risk management system; preparation of daily risk reports based on the result of risk measurement by the internal model including the value of measurement of the amount of exposure to risk and appraisal on the relationship between transaction limits and report to senior management; and daily back testing.



Through offsite supervision, bank supervisors monitor data submitted by the bank for limit breaches, and volume of TB transactions. Examiners will request complete transaction reports from the bank during an onsite examination by portfolio and sub-portfolio with a breakdown of products, limits, risk metrics etc. Internal controls and data systems for market risk management are also evaluated during the full scope onsite examination as are risk reports submitted through the Board Risk Committee.



EC4The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions.



Description and findings re EC4Banks are required to value all relevant positions in the TB on a daily basis (Annex 3–2, Detailed Regulations). The FSS has issued a guideline to banks describing expectations for valuation practices for TB exposures as the Regulations are not specific in terms of prudent valuation methods.



According to the guidelines, valuation of TB exposures should be validated by an independent and technically qualified division within the bank. The valuation guidelines contain the following guidance: instruments should be valued by the market in which the instrument is traded within; if no such market, banks can use a proxy price for alternative instruments; or if not possible they would do a valuation on the instrument by using a price agreed by bond assessment company or brokers. (Appendix 2–3, paragraph 5).



For exposures that are marked-to-model, the governance requirements are not sufficiently developed in the Detailed Regulations for: (i) the bank to identify the material risks of the exposure; and (ii) to derive reliable estimates for the key assumptions and parameters used in the model.



When the FSS performs an onsite examination, the examination manual suggests a number of areas are reviewed: verify valuation processes, responsibilities, and the reliability of the market information used and the independence of the revaluation process from risk-taking units. For example, testing of limits on all types of trading, type of risk limits, record of approval or changes made to the limits, banks frequency of monitoring etc.



EC5The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities.



Description and findings regarding EC5FSS guidelines recommend that assets including stocks, bonds, and derivatives must be valued according to IFRS. Any adjustment needed must be separately determined and reflected in the income statement. For expected losses, adjustments for liquidity risk and counterparty risk must be made as an expense in the income statement. For unexpected losses, adjustments for the first day are made. The impact (sensitivity) of difficult-to-estimate variables on asset valuation must be disclosed.



During the onsite examination, the FSS conducts an assessment of their capital adequacy, taking into account all risk sources. For market risk, specific attention is devoted to banks using internal models for calculating capital requirements. At the end of the validating process or in the course of monitoring the FSS may impose specific add-on when deficiencies are spotted in the model and in its use, which generate doubts on the adequacy of calculation performed by the bank.



The FSS adopted the market risk amendments to Basel II in 2011 with the exception of correlation trading portfolios (of which domestic banks have no exposure). Standards for incremental risk charge and counterparty valuation adjustment is covered in appendix 3–2.



EC6The supervisor requires banks to include market risk exposure into their stress testing programs for risk management purposes.



Description and findings re EC6Banks must conduct stress tests involving market risk on a regular basis (more frequently in a distressed market conditions). The results of the stress tests must be reported to the bank’s board and the senior management and incorporated in the bank’s management policy and trading limits. Step-by-step contingencies must be ready at all times for execution (e.g., pre-crisis phase, cautionary phase, critical phase, and full crisis phase). Where a bank identifies critical risks (including market risk), the bank must stress tests for each risk type along with integrated stress tests. For internal model users, the results of stress tests must be reported quarterly to the FSS.



For those banks that calculate market risk-weighted assets using the Standardized method the Regulations do not require submission of stress testing results outside of stress testing performed as part of the ICAAP process.



While the Regulations are not comprehensive in terms of stress testing requirements, guidelines issued by the FSS provide greater certainty to banks on expectations.



Assessment of Principle 22LC



CommentsThe Detailed Regulations (Appendix 3–2, paragraph 1A) permit banks to exclude TB exposures from the calculating of market risk regulatory capital under two conditions: (i) where the ratio of the Trading Book (TB) to total assets on the consolidated balance sheet is less than 5 percent maximum per day; and (ii) A bank where the TB is less than 100bn Won maximum per day. De minimis exclusions from market risk are not unknown, however, in order to remain risk based and in conformity with the principles would need an additional limitation in terms of the size of the bank. The current threshold is considered excessive (EC1).



While the FSS has issued guidance material to prudent valuation for TB exposures, this guidance is not part of the Regulations.



Principle 23Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk57 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions.



Essential Criteria
EC1Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control, or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments.



Description and findings regarding EC1Article 30 of the Regulations establishes the overall expectations of risk management frameworks to effectively identify, measure, monitor, and control risks, which includes interest rate risk in the banking book. In addition, the requirements on banks to consider all material risks as part of the ICAAP include measurement and consideration of IRR.



The more detailed requirements are contained within Appendix 9 of the Detailed Regulations. IRR is calculated on non-trading positions on a consolidated basis (Appendix 9–1, paragraph 2.A). IRR is comprised of interest rate change risk, yield curve risk, basis risk and option risk. The Regulations prescribe that IRR recognizes fluctuations in net inertest profits accruing from assets, liabilities and off-balance sheet transactions according to fluctuation in interest rates and also measured against future cash flow risk. Interest rate risk is measured in two ways: (i) interest rate Earnings at Risk (EaR) and (ii) interest rate Value at Risk (VaR). Interest rate risk of a bank is measured on a consolidated basis and for subsidiaries.



Banks are expected to measure their IRR on at least a monthly basis in normal times, and to report quarterly (the regulations do however only specify at least quarterly paragraph 24.B). Although in the case of a big change in interest rates, banks are expected to have a system that can measure more frequently.



The periodicity of Board reporting for IRR in practice is monthly, yet not stipulated as part of the regulations. The larger banks are all reporting on a monthly basis.



In the CAMELR rating schedule, if a bank is rated 4 (5 being the worst), the FSS will intervene through discussions with senior management and requesting adjustments to risk through available hedging etc. At the end of December 2012, the combined EaR for the domestic banks was 1.6 trillion Won or 1 percent of capital. The banks’ exposure is to a decreasing interest rate environment. Historically the structure of Korean banks deposits were fixed and loans were floating rate, over time however banks have restructured to move to fixed rate loans and EaR has considerably reduced so even if rates are going down the earnings loss is small.



EC2The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively.



Description and findings regarding EC2The BoD is required to approve strategies and policies on IRR management and ascertain whether management monitors and controls risk consistent with approved strategies and policies (Detailed Regulations, Appendix 9–1, and paragraph 23). The Board can delegate responsibility for oversight of IRR to a Board risk management committee to examine whether IRR is within tolerances.



Offsite monitoring is performed quarterly by a centralized team within the Prudential Supervision Team, in the Bank and Non-Bank Supervision Division. The centralized team is able to systematically compare and contrast the quarterly reports for each of the 18 commercial banks to identify outliers and perform trend analysis. The data is submitted as part of the normal Business Reports by banks and includes information on interest rate risk including rate gap, interest rate EaR and interest rate VaR, all of which are calculated using a standard method. Measurement of IRR is performed by applying a 200bp parallel shift in the yield curve.



The FSS will assess the appropriateness of banks’ risk management through the onsite full scope examination conducted every two years. During this review, FSS staff will verify management strategies, board reporting, limit compliance and a variety of activities to check adequacy of policies and procedures. The onsite review will also involve a meeting with the bank Treasurer. The onsite will evaluate three key areas for IRR: (i) risk government and risk management; (ii) risk controls and procedures; and (iii) risk measurement assessment. In terms of risk governance, FSS staff will determine whether the risk department has adequate independence and expertise and is reporting to Board or ALCO; In terms of risk controls, the FSS will assess whether reporting frequency is adequate and monitoring properly against agreed tolerances and in terms of risk measurement, they will assess the adequacy of data integrity in source systems.



The FSS require a bank’s board to play roles and responsibility attributed by the regulation, and through on site examinations assesses that boards overall role and awareness of IRR limits and tolerances. Banks are only required to submit policies regarding IRR when IRRBB exceeds 20 percent of equity capital, but not on a frequency such as annually. However, the policies are verified when the CAMELR onsite is performed.



There is no requirement for banks to have an Assets-Liability Committee ALCO and the practice differs from bank to bank. Equally there is no requirement for a Treasurer, though all banks do have a designated treasury function that reports through to either the CFO or the CEO and then through the ALCO and Risk Committee.



EC3The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
  • (a) Comprehensive and appropriate interest rate risk measurement systems;

  • (b) Regular review, and independent (internal or external) validation, of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions);

  • (c) Appropriate limits, approved by the banks’ Boards and senior management, that reflect the banks’ risk appetite, risk profile and capital strength, and are understood by, and regularly communicated to, relevant staff;

  • (d) Effective exception tracking and reporting processes which ensure prompt action at the appropriate level of the banks’ senior management or Boards where necessary; and

  • (e) Effective information systems for accurate and timely identification, aggregation, monitoring and reporting of interest rate risk exposure to the banks’ Boards and senior management.

Description and findings re EC3Within the Detailed Regulations (paragraphs 24 and 25 of Annex 9–1), banks are required to maintain an interest rate risk framework that identifies key underlying risks and provides a measure of likely interest rate scenarios. For this purpose, banks estimate interest rate risk beyond one quarter and operate with appropriate interest rate risk guidelines and procedures. To ensure interest rate risk stays within the acceptable range, banks must set the appropriate parameters and criteria. The risk management unit within the bank must periodically review the ex-ante and ex-post interest rate risks and report the findings to the senior management and the BoD. Annex 9 requires banks to set up organizational arrangements adequate to the materiality of IRR exposures and to the complexity of the related activities.



Through onsite reviews, the FSS verifies that internal control systems are adequate to ensure that any breach would be communicated in a timely manner to an appropriate level within the organization. During its general on-site examinations, the FSS assesses adequacy of a bank’s interest rate risks and the bank’s risks management system by carrying out CAMEL-R and RADARS.



Where required, the FSS monitors those interest rate risks through thematic examinations. The FSS carries out off-site examinations by receiving regular business reports on interest rate risk from banks.



EC4The supervisor requires banks to include appropriate scenarios into their stress testing programs to measure their vulnerability to loss under adverse interest rate movements.



Description and findings regarding EC4The Detailed Regulations establish expectations for banks to perform regular stress testing (Appendix 9–2, paragraph). Under times of stress, it is expected that the frequency of stress testing will increase commensurate with the severity of the event. Results from the stress tests should be adequately reflected in the bank’s risk parameters and policy adjustments. Stress tests for interest rate risks must incorporate the following: (i) interest rate shock well beyond the typical levels; (ii) yield curve twisting, inversion, and other yield curve risks; (iii) basis risk; and (iv) sharply deteriorating liquidity conditions in systemically important institutions and the variability of market interest rates.



The threshold for total IRR calculated by VaR is 20 per cent of equity capital. Banks are required to reduce this risk through hedging or position adjustment or such or take measures on additional holding of equity capital (paragraph 27.B).



The FSS assesses adequacy of those measures through on-site and off-site examinations. The FSS carries out assessments on a bank’s interest rate risk measurement method, risk allowance and management method through the full scope examination every two years. The FSS monitors the risk level by receiving outputs of a bank’s interest rate risk management activities including interest rate gap, interest rate EaR and interest rate VaR, all of which are calculated by using the standard method.



Additional Criteria
AC1The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book.



Description and findings regarding AC1In respect of the consolidated interest-bearing assets-liabilities, banks must produce interest measurements on earnings at risk (EaR) from earnings perspective and value at risk (VaR) from economic value perspective. Banks file quarterly report to the FSS on interest rate risk data such as interest rate gap, interest EaR, and interest VaR.



AC2The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book.



Description and findings regarding

AC2
Banks must evaluate at least once on a quarterly basis capital adequacy under the assumptions of normal scenarios and stress scenarios. If the total interest rate risk measurements exceed 20 percent of the bank’s capital, the bank must file a report to the FSS on the causes for the increase and corrective steps to be taken (Para 27 of Annex 9–1, Detailed Regulations).



Assessment of Principle 23C



CommentsThe regulations require quarterly measurement and in the case of large change in risk, more frequent. In practice, banks calculate and measure IRR on a monthly basis.



Principle 24Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards.



Essential Criteria
EC1Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards.



Description and findings regarding EC1There is a separate regime for domestic Won liquidity and FX liquidity (the FX being dominated by USD). Domestic liquidity requirements for banks are twofold: a liquidity ratio for Korean Won and a loan to deposit ratio, with both ratios a minimum one to one (Article 26(1) of the Regulations):
  • The ratio of current assets in won currency to current liabilities in Won to be 1:1 or more (liquidity (the FX being dominated by; and

  • Ratio of loans in won to deposits received in won (excluding the certificate of deposits) to be 1:1 or more (liquidity the FX being do).



The Korean Won liquidity ratio is based on the numerical value as of the end of every month, and the loan to deposit ratio is based on the monthly average balance respectively from among business guidance ratios.



The calibration of the foreign liquidity requirements are more conservative: in respect of foreign-currency liquidity risk; (i) the minimum is 85 percent for A/L with maturity of less

than 3 month; (ii) for A/L with maturity of less than 7 days, the maturity mismatch ratio for L in excess of A must be less than 3 percent; and (iii) for A/L with maturity of less than a month, the maturity mismatch ratio for L in excess of A must be less than 10 percent (Article 64 of the Regulations). The FX liquidity ratios are calculated by multiplying the value of each asset by liquidation weights prescribed by the FSS as follows (see Appendix 7 of the Regulations):

  • FX currency and deposits, FX call loans FX bills: 100 percent;

  • Loans between banks, demand funds for o/s, syndicated loans and FX equivalents; 90 percent;

  • Working capital and loans in FX: 80;

  • Government bonds A-AAA: 100;

  • Government bonds BBB- A: 90;

  • Government Bonds below BBB: 60;

  • Corporate Bonds A-AAA: 90;

  • Corporate bonds BBB—A: 85;

  • Corporate Bonds below BBB: 50;

  • Securities publicly traded: 55;

  • Securities not publicly traded: 35;

  • Futures: 85; and

  • Others: 100.



For banks to deal in FX, they are required to confirm on a daily basis that they meet the limit on overbought and oversold FX amounts. When in violation of the limit, the bank will report to the Governor of the FSS three business days after the date of the breach.

The standards for liquidity risk management are contained within the Detailed Regulations (Appendix 9–2). Chapter 2 sets out the requirement for banks to establish a liquidity management strategy including: the management target; management policies and internal control systems for liquidity risk. Banks must also maintain liquidity risk management strategies and contingency funding mechanisms.



Article 39 of the DRSBB relates to the methods for calculating liquidity ratios of foreign currency. The classification methods of remaining maturities, the scope of assets and liabilities and the methods are covered under this paragraph. It is not stipulated in the Banking Act or the Regulations, that liquidity the ratios need to be calculated and measured and complied with on a solo and consolidated basis.



Appendix 3–4 of the DRSBB sets out in more detail the liquidity requirements:



In principle, all the assets and liabilities on the balance sheet and those with remaining maturity of one month or less related to transactions in off-balance sheet derivatives shall be subject to the calculation. Unclear whether all derivatives are included.



Korea’s exposure to foreign banks on the funding side is among the highest in Asia. Reliance on foreign currency denominated short-term funding could raise the possibility of rollover difficulties, particularly when external shocks cause a simultaneous short term funding squeeze and currency depreciation, as happened in 2008. Worsening conditions in parent banks’ jurisdictions may also lead to funding problems in foreign bank branches.



There is a requirement for banks to hold sufficient assets of good quality (HQLA) with no limits on disposal which can be liquidated in a crisis (Appendix 9–2 Detailed Regulations, paragraph 6). However, there is no specific definition of HQLA. The regulations do provide several criteria:



  • Liquidation is possible without excessive loss;

  • Immediate availability without restrictions on disposal;

  • Transparency in the risk structure and characteristics;

  • Easiness of the valuation;

  • Meeting the requirements for qualified security possible to offer to the central bank; and

  • Existence of trading markets.



While there is a requirement for banks to have HQLA, there is no definition of HQLA outside of the general characteristics and no quantitative limit. In terms of the composition of current assets to meet the Won liquidity ratio,—approximately 60 percent consist of loans with duration less than 30 days. The remaining 40 percent comprises of 20 percent securities, 10 percent FX loans and 10 percent other. In terms of the securities, these need to meet a test of being investment grade (Appendix 3–4, paragraph 1.5.(b)).



There are a number of exclusions in terms of what assets will be included in the calculation as per the Appendix 3–4, for example: any securities regardless of maturity for collateral will be excluded.



The FSS has published guidance to banks on the introduction of the LCR as part of the BIII reforms. Korea intends to adopt the first phase in the LCR commencing in 2015 and monitors LCR data submitted by banks on a quarterly basis. The FSS indicated that banks’ average LCR was approximately 130 percent.



The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on-and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate.



Description and findings regarding EC2The won-denominated A/L liquidity ratio includes all on-balance sheet A/L and off-balance sheet derivatives with maturity of less than one month. Though not all off-balance sheet

items will be included in the calculation. For example, contingent liabilities are omitted (see Detailed Regulations Appendix 3–4 for an exhaustive list of off-balance sheet items).



With respect to foreign currency-denominated A/L that are used to compute liquidity and maturity mismatch ratios (in foreign currencies), the A/L include (i) on-balance sheet foreign currency-denominated A/L; (ii) forward contracts outstanding from currency swap arrangements; (iii) forward contracts outstanding, including NDFs; (iv) currency futures; and (v) 20 percent of any outstanding off-balance sheet acceptances and guarantee, foreign currency-denominated acceptances and guarantees, and acceptances involving foreign counterparties.



The calculation methods of the various ratios are not necessarily fully reflective of the current liquidity positions and even less as forward looking tools. For example, measurement of the Won liquidity ratio is calculated on the numerical value as of the end of month (Article 17 of the Detailed Regulations). While the regulations only stipulates end of month compliance, in practice, banks are expected to comply intra-month. In theory, there is scope for banks to smooth their Won liquidity ratio at end-of-month and not intra-month. In terms of the loan to deposit ratio it is based on the monthly average balance respectively from among business guidance ratios. Banks with historically lower volatility in their core deposits will, as a result, typically have a higher loan to deposit ratio under the methodology. The method of calculation does not necessarily reflect the potential volatility in the preceding month or expected/forward looking volatility in deposit outflows.



In terms of the FX ratio, the calculation of the weights is based on a prescribed liquidity weighting set by the FSS and not reflective of market value. However, the weightings do closely reflect the haircuts applied by the BoK—but the BoK has discretion to set haircuts.



EC3The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance.



Description and findings regarding EC3Banks must operate with an effective liquidity risk framework that facilitates liquidity risk management, liquidity policy execution, and internal controls, the details of which are explained in the Detailed Regulations (Appendix 2, Chapter II, paragraphs 4–13)). The liquidity risk framework must also incorporate the maximum risk to be permitted, early distress warnings, analysis of stress tests and contingency funding plans, and actions aimed at diversifying funding sources and avoiding maturity concentration.



Banks are required to conduct a stress test and assess the impact on the bank’s liquidity position. When deciding the scope and cycle of the stress test, a bank shall consider a scale of the relevant liquidity risk exposure. The results of the stress test, the scenario and assumptions and measures for improvements of deficient factors will be reported to the BoD (Appendix 9–2, Chapter 3, paragraph 12.H). While the FSS does not prescribe the frequency, the severity or the survival horizon, it does stipulate certain aspects regarding the design of the scenario. The scenario must consider both an idiosyncratic and whole of market crisis. The frequency of Board reporting of liquidity stress test results is not prescribed and left to bank discretion (Detailed Regulation 9–2, paragraph 7.D).



The FSS also provides a number of examples of assumptions to be used, such as: shortage of liquidity in the money market; secession of retail deposits; decline in wholesale funding; incidental cash flow from off-balance sheet items. There is scope to strengthen the conservatism (or severity of the assumptions, through run off assumptions and access to funding sources i.e., no access to wholesale funding in an idiosyncratic crisis).



Given that each bank applies a different set of assumptions for the liquidity stress test, the ease of identifying outliers and detecting weakness in a particular bank is made more difficult requiring more intensive analysis by the supervisor into the inputs. Also, there is no requirement for the results of the stress test to be submitted to the FSS, although in practice banks submit the results of stress testing at least annually.



The analysis of bank’s practices typically occurs through the full scope onsite examination performed as part of the CAMELR assessment which will occur every two years. During this examination, a thorough review of liquidity risk management is performed verifying all aspects of liquidity risk management and measurement and compliance with limits etc. However, outside of the examination, there is no requirement for banks to submit qualitative data such as policies and processes, results of stress testing etc to the FSS. The FSS will receive quantitative data on a quarterly and often more frequent basis for liquidity. The data will not include information on risk management.



EC4The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
  • (a) Clear articulation of an overall liquidity risk appetite that is appropriate for the banks’ business and their role in the financial system and that is approved by the banks’ Boards;

  • (b) Sound day-to-day, and where appropriate intraday, liquidity risk management practices;

  • (c) Effective information systems to enable active identification, aggregation, monitoring and control of liquidity risk exposures and funding needs (including active management of collateral positions) bank-wide;

  • (d) Adequate oversight by the banks’ Boards in ensuring that management effectively implements policies and processes for the management of liquidity risk in a manner consistent with the banks’ liquidity risk appetite; and

  • (e) Regular review by the banks’ Boards (at least annually) and appropriate adjustment of the banks’ strategy, policies and processes for the management of liquidity risk in the light of the banks’ changing risk profile and external developments in the markets and macroeconomic conditions in which they operate.

Description and findings regarding EC4The BoD or the risk committee within the Board must establish the bank’s liquidity framework that supports the bank’s liquidity management strategy. Their responsibilities extend to the level of risk to be tolerated, limits on investment activities or loss levels to be tolerated, and internal rules on risk management.



Management must report the bank’s liquidity conditions to the board on a regular basis, although the frequency is not stipulated in the Regulations. In practice, this will occur at

least annually. Such reporting includes summary assessment of the liquidity conditions, liquidity risk relative to the maximum to be tolerated, analysis of short- and longer-term liquidity outlook, the annual amount of debt issues, results of stress tests, assessment of early distress warning indicators, the ability to secure funding with bank assets, and any other material issues of concern to the board.



Management must also promptly alert the board and take appropriate actions in the event of a sharp increase in funding costs, continuing funding shortages, general drying up of liquidity, increased concentration of funding sources, and any significant liquidity risk above the established levels. The information system for liquidity risk management must function effectively to generate meaningful information to the management and to the board (Articles 30 and 31, Regulation on of Banking Supervision; Article 29, Annex 9–2, Detailed Regulation on Supervision of Banking Business).



The frequency of Board review of liquidity management is not stipulated in the regulations and does not meet the criteria of at least annually. The requirement for managing liquidity is not explicitly articulated in the Regulations, although there are more general requirements to manage liquidity as the need arises.



EC5The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g. credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
  • (a) An analysis of funding requirements under alternative scenarios;

  • (b) The maintenance of a cushion of high quality, unencumbered, liquid assets that can be used, without impediment, to obtain funding in times of stress;

  • (c) Diversification in the sources (including counterparties, instruments, currencies and markets) and tenor of funding, and regular review of concentration limits;

  • (d) Regular efforts to establish and maintain relationships with liability holders; and

  • (e) Regular assessment of the capacity to sell assets.

Description and findings regarding EC5Banks must maintain high-quality liquid assets. The general characteristics for HQLA include: liquidated without significant loss, can be used immediately as collateral without any restriction, easily qualify as safe assets to the central bank, and can be unloaded to the mark (Annex 9–2, Detailed Regulations). There is, however, no prescribed definition of HQLA or minimum holdings as for example calculated under the LCR.



When formulating management strategies of liquidity risk, banks are required to specify concentration limits and sources of funding across different maturities to be reflected in short term, medium term and long term funding plans (paragraph 7, Detailed Regulations). For banks that have a heavy reliance on wholesale funding, they are expected to regularly consider the adequacy of their holdings of HQLA together with diversification strategies. Equally, banks that deal in multiple foreign currencies must take steps to diversify funding for each currency as a precaution against crisis situations that render ready currency conversion difficult.



Banks are required to formulate a contingency funding plan by incorporating the results of stress tests under a variety of different scenarios. The Regulations provide guidance to banks on the possible scenarios (Detailed Regulations, paragraph 14). As part of the assessment of ongoing funding plans and measuring liquidity risk, banks are required to continually reassess underlying assumptions and inputs in the measurement of liquidity i.e., stickiness of principal funding vehicles; changes in behavior of trade partners; influence of offering services (e.g., trust settlement etc). This expectation for ongoing reassessment applies to the bank’s HQLA.



To maintain confidence in a crisis situation, banks must keep their customers and creditors informed of their liquidity conditions and provide credible and meaningful information. When setting up the contingency funding plan, banks must take into account the impact of the crisis on asset disposition and securitization and any secondary impact (e.g., on the bank’s reputation) with the execution of the funding plan.



EC6The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies.



Description and findings regarding EC6Contingency funding plans must be prepared with due consideration given to the range of possible scenarios and analyses of stress environments. The feasibility of the funding plan must be regularly evaluated and validated and renewed at least once a year by the bank’s board (Annex 9–2, Detailed Regulations). Moreover, the contingency funding plan must provide step-by-step actions to be taken to secure funding and specify the composition, functions, and the responsibilities of the bank’s stress management team. The plan must also unambiguously stipulate how the stress management team is to operate, how distress is to be dealt with, and the how much funding is to be secured. Due considerations must be given to the potential effect of the stress and loss of funding on asset disposition and securitization. All potential secondary effect from the execution of the funding plan (e.g., on the bank’s reputation) must be taken into account.



The range of funding actions to be taken in a stress environment must include, in addition to central bank credit, repurchase agreements (RP), asset disposition, securing more deposits, restriction on the acquisition of non-current assets, and communication with the supervisors, the central bank, the credit-rating providers, and the news media.



EC7The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programs for risk

management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans.



Description and findings regarding EC7Banks must conduct stress tests to evaluate the impact of a stress on liquidity risk. The results of the stress tests should be used to decide liquidity risk management strategy, recalibrate the maximum liquidity risk to be tolerated, adjust the holdings of high quality liquid assets, and set a contingency funding plan (Annex 9–2, Regulation on Supervision of Banking Supervision).



The stress scenarios that banks design must incorporate the bank’s unique business characteristics and vulnerabilities so that the key liquidity risks can be adequately taken into account. The stress tests must also give due weight to stress scenarios that incorporate the bank’s unique stress conditions, the market-wide stress conditions, and the self-reinforcing stress cycle.



EC8The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or-the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities.



Description and findings regarding EC8Banks with significant foreign currency business must consider exchange rate and market volatility and access to the FX markets in a stress environment. Theses consideration should be appropriately incorporated in the bank’s liquidity risk management strategy for each currency. (Annex 9, Regulation on Supervision of Banking Business).



For the currency with large-size activities, the permissible currency mismatch boundary should be set. Where liquidity risk in a currency is particularly high, alternative funding and other follow-up actions should be sought. For banks dealing in diverse foreign currencies, more diversified funding sources for each currency should be secured in anticipation of stress situations that may make currency conversion difficult.



Additional Criteria
AC1The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks.



Description and findings regarding

AC1
Banks manage their encumbered asset positions by separating encumbered assets from assets with no restrictions and qualified as collateral to the central bank. Banks must also continually monitor whether their assets qualify as collateral to the central bank and in the funding market.



Assessment of Principle 24LC



CommentsThe key drivers of the rating include:
  • The regulations do not require banks to comply with the liquidity ratios on a continuous basis, only at end of month. The method of calculation does not necessarily reflect the potential volatility in the preceding month or expected/forward looking volatility in deposit outflows;

  • The Regulations are not clear that all off-balance sheet assets and liabilities are included in the mismatch liquidity ratios. For example, contingent assets (such as credit lines in Won and FX that would often be drawn down in a crisis) and contingent liabilities such as overdrafts, revolving facilities held by customers that can be drawn down with short notice; and

  • The method of calculating the one month Won liquidity mismatch does not encourage banks to term out issuance of wholesale funding in an effort to reduce potential roll over risk in a crisis. To maximize management efficiency of assets to meet the one month maturity mismatch, banks are encouraged to invest in assets that mature within 30 days (which is actually the case in Korea where much of the wholesale money is short term).

Other factors include:



While banks are required to perform a liquidity stress tests, the FSS does not prescribe severity, survival horizon, or that the results need to be reported to the BoD or the FSS on a minimum frequency. The requirements for liquidity stress tests are general and not prescriptive. The inputs and parameters of liquidity stress testing are not prescribed which will mean that the basis for stress tests will differ across institutions. The result is that banks have applied a wide variation in assumptions in the stress tests they perform and report to supervisors. As a result, comparison and supervision intensity is not easily performed, inhibiting identification of outliers and need for prompt action. Without a consistent basis for inputs and parameters into stress tests, the assumptions will differ widely, the basis for comparison becomes difficult requiring intensive inspection of models, assumptions, parameters and back testing. For example, banks with similar liquidity profiles might be applying vastly different run off assumptions obfuscating inherent risk profile.



Principle 25Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk58 on a timely basis.



Essential Criteria
EC1Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase).



Description and findings regarding EC1Banks are required to establish risk management systems for ensuring a timely recognition, assessment, monitoring and control of various risks, including operational risk (Article 30, Regulations). Banks are also required to consider operational risk as part of their ICAAP assessment (paragraph 260 Detailed Regulations). Specific requirements for operational risk measurement and management are outlined in the Detailed Regulations (paragraph 248(A)) for banks to establish a control structure with well defined responsibilities for major functions related to operational risk. In particular, banks that use the AMA approach must have an operational risk management function responsible for designing, developing and maintaining the operational risk management and measurement systems and for calculating the capital requirement. For these banks, an internal validation process is required to verify the overall quality of these systems and their continued compliance with regulatory requirements, business needs and developments in the relevant market.



In AMA banks, the measurement system must be closely integrated into decision-making and risk management processes. An additional minimum requirement regarding collecting and processing operational risk data such as internal loss data and external loss data is described in paragraph 250, of the Detailed Regulations.



The BCBS team within the FSS is responsible for establishing the operational risk framework and other policy related work. This team is responsible for approving AMA models and proposed changes to those models will be assessed and approved by the Bank Examination Department. Offsite supervision of operational risk is also the responsibility of the Bank Examination Teams on ongoing basis. Both teams share findings from their respective analysis. During the onsite examination, bank supervisors evaluate a bank’s operational risk management framework through the full scope examination and consideration of the adequacy of capital against internal loss data, the results of scenario analysis and quality of internal control. From the review of supervisory files, the extent of operational risk analysis was limited.



The application of operational risk management across the operations of the bank FHCs was seen as problematic.



EC2The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively.



Description and findings re EC2Banks are required to establish a control structure with well-defined responsibilities for major functions related to operational risk with the BoD taking final responsibility for operational risk management. The Board has the power to take responsibility to approve

and inspect the operational risk management system on a regular basis. Senior management is also required to take responsibility to implement the operational risk management system and develop policies and processes. Responsibility for operational risk management is then delegated to an independent operational risk unit that implements a firm-wide operational risk management system.



No formal requirement for risk management policies to be assessed, reviewed and approved by the Board on a regular basis. The Detailed Regulations (paragraph 248) stipulates the responsibility of the Board in taking final responsibility and in general banks do report through the Board Risk Committee on risk management status, and to the Board.



The FSS assesses the appropriateness of the role of the Board and the risk committee in the bank’s CAMEL-R. The review of Board papers and minutes and reporting was thorough, though the amount of attention dedicated to operation risk was limited.



EC3The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process.



Description and findings regarding EC3The FSS utilizes CAMEL-R and RADARS to assess how effectively the management leads the Board-approved risk management system. As a minimum for operational risk measurement, the management must ensure the board-approved operational risk management system functions effectively and takes any follow-up steps to improve or strengthen the bank’s risk policy or procedures (Paragraph 248(Annex 3), Detailed Regulations). The qualitative assessment occurs in practice only once every two years as part of the full scope examination. Offsite monitoring does not consist of multiple qualitative inputs to form a comprehensive and accurate assessment of risk management. Important inputs into the assessment of whether the operational risk system is fully integrated into a bank’s overall risk management process are not considered outside of the full scope onsite. The partial onsite will not typically test this level of detail.



Five banks have been accredited to use the AMA approach to calculate operational risk regulatory capital. The modeling approach differs between each bank and each actively considers the four basic inputs: ILD, ELD, BEICFs and scenario analysis. Of the five banks, three rely upon scenarios for the majority of model estimates of loss. The other two AMA banks use a mix of scenarios and ELD. AMA banks actively access ELD from a local data consortia—KOREC. The level of maturity in reporting operational risk losses to the FSS was considered as relatively basic and did not typically map to the Basel categories of loss. On the other hand, reporting of financial incidence was well established.



EC4The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption.



Description and findings regarding EC4Banks are not required in the Regulations to develop and implement a comprehensive disaster recovery plan. The FSS issued a guideline in 2006 on BCP which banks are expected to implement (though not legally enforceable).



There is no requirement within the Regulations for banks to advise the FSS if they fail to adhere to the plan or a requirement to update the plan on a minimum frequency. The expectation of the FSS was that for banks using the AMA approach more rigorous testing of their DR plans would be conducted, whereas banks using the Basic Indicator or Standardized Approach would have less emphasis. Internal FSS benchmarks for acceptable DR testing and BCP capability was not well developed. More attention could be paid to this area of operational risk.



EC5The supervisor determines that banks have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management.



Description and findings re EC5To ensure banks operate with appropriate information technology, banks must maintain information technology infrastructure, including various contingency plans. Bank supervisors periodically assess bank information technology infrastructure to ensure safety and soundness. The Regulations do not stipulate requirements for sound information technology. Alternatively, the FSC has issued a document that provides guidance for banks -’Regulation of Supervision of Electronic financial transaction’.



EC6The supervisor determines that banks have appropriate and effective information systems to:
  • (a) Monitor operational risk;

  • (b) Compile and analyze operational risk data; and

  • (c) Facilitate appropriate reporting mechanisms at the banks’ Boards, senior management and business line levels that support proactive management of operational risk.

Description and findings regarding EC6For the purpose of operational risk measurement, banks must maintain an effective information system that regularly assesses the bank’s operational risk processes and framework. The Bank Examination Team will assess a bank’s operational risk management framework during the full scope onsite examination as part of the CAMELR. The examination will include a checklist of governance items, management and measurement, including how data is verified and reported through the operational risk unit to the BoD.



For AMA banks, scrutiny of how internal loss data is managed in a consistent and bank-wide fashion is critical for the bank’s internal models to produce accurate estimates. Supervisory processes for verifying the input of operational risk losses into the operational risk system was not well developed. Importantly the Regulations permit the exclusion of credit related operational risk losses from inclusion in statistical models, even when the losses are caused by fraud (external and internal). This has the potential to minimize operational risk loss data history.



EC7The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions.



Description and findings regarding EC7Banks must maintain management systems that identify and measure operational risk and facilitates data collection on operational activities. An evaluation mechanism for operational risk management must also be maintained. In addition, banks must take steps to keep bank supervisors apprised of operational risk performance and records each quarter. While banks are required to report changes to operational risk management systems or where an event occurs that makes it unable to satisfy the minimum requirements of the operational risk framework, there is no compulsion in the Regulations, for the bank to keep the FSS apprised of developments affecting operational risk at banks on a continuous basis. That is, immediately if an incident occurs. The expectations for reporting of financial irregularities is well established within the banking system and appears to be highly efficient. For operational risk events that do not satisfy the ‘financial irregularity definition, the reporting protocol is not well developed.



EC8The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management program covers:
  • (a) Conducting appropriate due diligence for selecting potential service providers;

  • (b) Structuring the outsourcing arrangement;

  • (c) Managing and monitoring the risks associated with the outsourcing arrangement;

  • (d) Ensuring an effective control environment; and

  • (e) Establishing viable contingency planning.

Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank.



Description and findings regarding EC8The assessor could not confirm the regulations for out-sourcing. This will be followed up in due course.



Additional Criteria
AC1The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g. outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities).



Description and findings regarding

AC1
The bank regulations do not stipulate any requirements for outsourcing. There are however ancillary regulations for electronic banking that set general standards—[Article 60, Regulation on Business Delegation of Financial Institutions; Annex 3(260), Detailed Regulation on Business Delegation of Financial Institutions]. For outsourcing on electronic banking, banks must provide for contingency plans for disruption, protection of the backup data and the backup system.



It was not clear that the FSS had mapped the providers of outsourced services to the domestic banks and identified whether common points of vulnerability or concentration existed.



Assessment of Principle 25LC



CommentsRegulations are generally comprehensive regarding the responsibilities for the measurement and management of operational risk. There are however, gaps in relation to expectations of minimum standards associated with business continuity and disaster recovery. There is an absence of notification requirements that would alert supervisors promptly if weaknesses were identified i.e. failure of a BCP or DR test.



Inputs into offsite analysis of operational risk could be improved with more granular detail, mainly detail regarding nature of internal loss data i.e. high value - low frequency or low frequency—high value etc. Currently, qualitative loss data from banks as an input to offsite analysis does not allow for (i) comparison between banks to identify emerging trends or outliers; and (ii) lack of detail about the individual loss. In this regard, peer group benchmarking of loss data would enrich the benefits of this analysis.



Processes concerning validation and monitoring of internal models needs improvement. Currently, models are not validated independently and is not a requirement within the regulations. Typically validation is performed by members associated with development of internal models which could create a conflict of interest. Validation of model outputs is an important component of the risk management and governance framework and the requirement strengthens the robustness of the process.



Principle 26Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent59 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations.



Essential Criteria
EC1Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
  • (a) Organizational structure: definitions of duties and responsibilities, including clear delegation of authority (e.g., clear loan approval limits), decision-making policies and processes, separation of critical functions (e.g., business origination, payments, reconciliation, risk management, accounting, audit and compliance);

  • (b) Accounting policies and processes: reconciliation of accounts, control lists, information for management;

  • (c) Checks and balances (or “four eyes principle”): segregation of duties, cross-checking, dual control of assets, double signatures; and

  • (d) Safeguarding assets and investments: including physical control and computer access.

Description and findings regarding EC1Bank internal control and audit requirements are addressed in Article 23–3 of the Banking Act and Article 17–2 of the Enforcement Decree.



The Act defines internal controls as a set of fundamental standards to ensure sound management, and to protect a banks’ stockholders, depositors etc (Article 23–3), and requires at least one person (referred to as ‘compliance officer’) assigned to monitor whether the internal control standards are observed and to investigate and report any violation to the Audit Committee. The reference to the compliance officer in the Article means, in practice, an Internal Auditor.



Article 23–2 sets out the requirements for banks to establish an Audit Committee (AC) including the requirement for the AC to be comprised of at least two-thirds ‘outside directors’ (independent directors). In addition, the Article requires at least one member of the AC to be an accounting or financial specialist. Article 17 of the Enforcement Decree of the Banking Act sets out more details regarding what is meant by a ‘financial specialist’ in Article 23–3 of the Banking Act, i.e., qualified CPA etc.



Article 17–2 establishes what matters shall be contained within banks’ internal control standards as prescribed by Article 23–3 of the Banking Act, including: division of duties and organizational structure, procedures for internal control standards, management information systems etc. Annex 8–2 of the Detailed Regulations sets out the individual items to be included in the scope of work performed by the Internal Audit function, including:
  • Appropriateness of internal control standards;

  • Appropriateness of organization for internal control;

  • Appropriateness of management of internal control system;

  • Appropriateness of functions for prevention of financial accidents;

  • Appropriateness of management of in-house inspection affairs; appropriateness of management of compliance officer system; and

  • Actual conditions of observance of laws and regulations, policies and matters indicated in inspection.

Each of the above topics are broken down further into specific areas.



The FSS oversees bank’s compliance with internal controls through various supervisory tools. The information that is required to be submitted to the FSS regarding IA is governed by Articles 41–42 of the RSBB which covers any major financial deficiencies. In addition to exceptional reporting, the regulations require banks to submit to the FSS results of IA reports, the IA annual plan and how the IA function is tracking against the audit plan. In the event the FSS has been advised of any financial irregularities, the FSS is obliged to verify the incident as per Article 41 of the Regulations. Based on the report, the FSS will investigate as part of the onsite review.



A review of internal controls and the Internal Audit function is required as part of the full scope examination that is performed every two years, but not required as part of the partial examination which is thematic based. In preparing for the onsite examination, supervisors will take into consideration a variety of material such as:
  • Financial reports;

  • Any reports of financial irregularities;

  • The results from specific internal audit reports;

  • An evaluation of the internal audit plan;

  • Audit Committee papers;

  • IA policies and procedures; and

  • Structure diagrams of BoD.

The onsite examination will involve interviews with staff and sample testing of IA reports. The FSS examination team will typically meet with several levels of relevant IA and compliance staff. Typically, a meeting with the Chair of the AC will be conducted via the Deputy Governor or Head of Banking and Non-Banking Supervision. However, the examination team will not meet directly with the AC.



Findings from the examination of internal control and audit will be included in a report to the bank and the risk assessment will be updated in the management section of the CAMELR rating.



EC2The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units.



Description and findings regarding EC2Article 23–3 of the Banking Act, paragraph 4 sets out the minimum requirements for the Compliance Officer (Head of IA) which must meet a number of criteria, including experience i.e. at least ten years at an institution that has been subject to inspection etc. Article 17–4 of the Enforcement Decree prescribes the powers of the compliance officer to request material from bank executives and officers.



As per the FSS Bank Examination Manual, the adequacy of expertise and authority of IA and compliance is assessed as part of CAMEL-R via the onsite examination. For the larger systemic banks, this process is performed every two years as part of the full scope examination. The FSS assesses a bank’s organizational structure as part of this process to assess independence of the control functions.



Greater linkage of the banks’ risk profile is warranted to be risk-based rather than compliance based. The FSS uses both interviews and sample testing of IA files to verify the adequacy of the IA and compliance function.



In order to assess the expertise and integrity of control functions and back office staff within the organization, the FSS carries out onsite inspections aimed at verifying whether:
  • The staff assigned to control functions have skills and competences adequate to their responsibilities and to the degree of specializations of the tasks that they carry out; there are proper and dedicate recruitment procedures;

  • The tasks and the resources assigned to the control functions are coherent with the dimensions and features of the business;

  • There are training programs for the staff and investments to strengthen the internal control framework; and

  • There is adequate job rotation within each control function and proper tutorial program for new staff.

EC3The supervisor determines that banks have an adequately staffed, permanent and independent compliance function60 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function are suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function.



Description and findings regarding EC3The FSS undertakes offsite and onsite analysis to determine that banks have an adequately staffed, permanent and independent compliance function.61 The examination verifies resourcing for internal control staff, determines that staff within the compliance function are suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. Minutes of the Audit Committee and Board resolutions are examined.



Banks are typically structured with separate compliance functions and IA with individual reporting lines, in some cases compliance directly through to the Risk Committee. In most cases, Internal Audit reported directly to the AC.



EC4The supervisor determines that banks have an independent, permanent and effective internal audit function62 charged with:
  • (a) Assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are effective, appropriate and remain sufficient for the bank’s business; and

  • (b) Ensuring that policies and processes are complied with.

Description and findings regarding EC4Through on-site examinations of the CAMEL-R, the FSS assesses whether the bank’s Board or senior management adequately oversees the effectiveness of bank’s internal control framework on an ongoing basis, and complies with necessary procedures to establish or change internal controls. The examinations will verify the existence of bank’s policies, procedures and internal controls. The degree of testing and depth of examination could be enhanced.



The audit plan is submitted by the bank to the FSS on an annual basis. FSS staff will assess the plan against their own view of risk and compliance. Through the onsite examination, staff will review the execution of the plan and will analyze audit findings and how audit issues have been closed.



EC5The supervisor determines that the internal audit function:
  • (a) Has sufficient resources, and staff that are suitably trained and have relevant experience to understand and evaluate the business they are auditing;

  • (b) Has appropriate independence with reporting lines to the bank’s Board or to an audit committee of the Board, and has status within the bank to ensure that senior management reacts to and acts upon its recommendations;

  • (c) Is kept informed in a timely manner of any material changes made to the bank’s risk management strategy, policies or processes;

  • (d) Has full access to and communication with any member of staff as well as full access to records, files or data of the bank and its affiliates, whenever relevant to the performance of its duties;

  • (e) Employs a methodology that identifies the material risks run by the bank;

  • (f) Prepares an audit plan, which is reviewed regularly, based on its own risk assessment and allocates its resources accordingly; and

  • (g) Has the authority to assess any outsourced functions.

Description and findings regarding EC5Bank supervisors verify whether a bank’s internal audit function (i) has sufficient resources and staffs with relevant experience and expertise; (ii) has internal rules which include reporting duties to the audit committee and complies with these rules; (iii) is able to obtain bank’s risk management strategy, process and policies on a timely basis; (iv) has access to and communication with any member of staff as well as full access to records, files or data of the bank and its affiliates; (v) has methodologies to identify key risk factors; (vi) has the authority to access any outsourced functions; and (vii) prepares and implements audit plans and reports the result to the audit committee. The FSS Bank Examination Manual covers the following:
  • (a) Sufficiency of resources and experience and expertise;

  • (b) Appropriate independence;

  • (c) Material changes to risk management;

  • (d) Full access to bank staff and records—access does not extend to other affiliates; within the group;

  • (e) Methodology to identify material risks; and

  • (f) The audit plan is reviewed regularly by the AC.

The regulations do not refer to the minimum expectations in regards to outsourcing. The supervisory activities to assess outsourcing is inconsistently applied across the banks and FHCs.



Assessment of Principle 26C



CommentsThe regulations pertaining to internal control and audit are generally comprehensive. There is a strong focus on internal controls within the Regulations which is reflected in the extent of offsite analysis and data submitted by the bank to the FSS. The onsite examination also has a strong focus on the effectiveness of Internal Audit.



Area for comment. For bank FHC’s, the onsite assessment of internal audit focuses principally on the bank operations. While the bank might account for the majority of total assets, potential internal control issues might exist that could create contagion risks. FHC’s by their nature are complex and engage in a multitude of business lines with potential for intra-group transactions and the need for enhanced controls. The FSS is not currently provided with a sufficient amount of detail regarding Internal Audit’s assessment of the non-bank, including other regulated entities to identify potential thematic issues, but also importantly, the non-regulated entities.



Principle 27Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function.



Essential Criteria
EC1The supervisor63 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data.



Description and findings regarding EC1Article 32 of the Regulations requires banks to prepare their financial statements according to IFRS. The Article states that “Every financial institution shall comply with accounting standards referred to as Korean IFRS as determined by IFRS of the IASB and pursuant to Article 13(1) of the Act on External Audit of Stock Companies (AEASC).” Article 13(1) states that the FSC shall determine the accounting practices for companies in accordance with IASB. The definition of financial institutions is sufficiently broad to encompass all deposit taking institutions.



As per Article 7.3 of the Enforcement Decree of the AEASC, the Korea Accounting Standards Board (KASB) has been delegated responsibility for establishing accounting standards which are then endorsed by the FSC and in 2011, Korea adopted the translated version of IFRS for stock listed corporations and financial institutions set by IASB. In order for the standards to be fully effective, KASB re-established them as K-IRFS and were then endorsed by the FSC.



While all banks are required to prepare their financial statements in accordance with KIFRS, there are two exceptions: KEXIM and Suhyup Bank. Both banks remain using Korea GAAP. KEXIM plans to implement IFRS from fiscal year 2013 and Suhyup Bank from 2014. Both banks are specialized banks which are government owned. The reason for the exception to the accounting rules for these two banks was not confirmed. Both banks are within the top 10 banks in Korea. No gap analysis has been performed to identify the main differences between the financial statements for these two banks. In terms of the accounting treatment for loan losses, both apply either the minimum accumulation rate of allowance or expected loss, whichever is the largest.



Article 447 of the Commercial Act provide for full Board responsibility of the financial reports.



Article 43–2 of the Banking Act establishes the power for reporting to the FSS. The article states that banks are required to report to the FSS stating the details of its performance. The report is required to be signed by a representative person in charge or his agent. The Act does not however require the financial statements to be prepared and approved by an independent officer of the bank such as a CFO. This necessary separation of preparation and approval of financial statements from the head of business and those of financial control is seen as a material weakness for integrity of financial data.



According to Article 2–2 of AEASC a representative bank’s senior management is responsible to run internal controls on financial reporting, including identification, measurement, classification, recording, reporting, error control, internal verification, and record keeping of accounting information.



According to AEASC a stock company (defined as a company that is limited by shares) which meets the following criteria is required to have its financial statements audited by an external auditor:



  • A stock company with total assets equal to or greater than KRW 10 billion as of the end of the preceding fiscal year;

  • A listed company and a stock company which intends to be listed in the relevant business year or the following business year; a stock company with total assets and total liabilities each equal to or greater than 7 billion won as of the end of the preceding fiscal year; and

  • A stock company with total assets equal to or greater than 7 billion won and with 300 employees or more as of the end of the preceding fiscal year.

Article 2.2 of AEASC, paragraphs 3–5 establishes the need for an individual to be accountable for the reporting of financial statements and a dedicated director of the Board. However, the Article does not specify that the officer of the company hold an independent role separate from business management. Nor does the director need to be an outside director (independent non executive).



The Act of Capital Markets and Financial Investment Services Article 159—requires a CEO and CFO that report financial statements will both sign, this Act does not necessarily cover all deposit taking institutions, but will capture all the domestic banks and those listed on the stock exchange.



Reporting of financial information (Business Reports) submitted to the FSS on a quarterly basis are not required to be produced by an independent officer of the bank and are not required to be audited. To validate the Business Reports, the FSS performs analysis to determine outliers etc.



Under the Commerce Act, banks are required to submit to its auditors and external auditors the financial statements approved by the Board. General meeting of the shareholders grants the final approval of the financial statements based on the result of the audit.



EC2The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards.



Description and findings regarding EC2The Act on External Audit of Stock Companies requires banks to ensure that the financial statements issued annually bear external auditor’s opinion. Publicly listed banks or banks with outstanding stock and/or bond issues offered and sold to more than a certain number of investors are required to publicly disclose their quarterly and semi-annual financial statements bearing the opinion of external auditors pursuant to the Financial Investment Services and Capital Markets Act.



Currently, external audits are conducted in accordance with the International Standards on Auditing (2005). However, starting from financial year 2014, Korea will implement use of Clarified ISA (2012).



EC3The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes.



Description and findings regarding EC3The FSS establishes the standards on fair value estimation and foreign currency translation within the range allowed under the IFRS. In principle, securities portfolios are classified and valued according to IAS 39 or IFRS: trading, available for sale, and held to maturity. Securities classified as trading and available for sale are subject to fair valuation principles and securities classified as held to maturity are evaluated based on their amortized cost. Transfer of classified securities is supervised through both offsite and onsite analysis (Annexes 4 and 5, Detailed Regulations).



Banks are required to adhere to the standards and have their fair value estimations audited by external auditors (Article 32, Regulations). Annex 3 of the Detailed Regulations provides a list of deductions to be excluded in the calculation of BIS capital ratio. Banks are required to include this in the Business Report submitted to the FSS.



EC4Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit.



Description and findings regarding EC4Under Article 5 of the Act on External Audit of Stock Companies, companies that meet the definitions and thresholds within the Act are subject to external audits which follow auditing standards that are based on the ISA. However there is no specific reference in the banking regulations per se that requires banks to have an external auditor appointed to prepare financial statements. The larger systemic banks in Korea meet the definitions and thresholds within the AEASC based on total assets and listing status.



The exception are specialized banks or state owned banks which are not subject to the AEASC.



The bank regulations do not provide the FSS the power to establish the scope of external audits of banks and non-banks or the standards of such audits.



Under the ISA, auditing approaches are based on the risks and importance of audit planning and implementation. (Starting from financial year 2014, Clarified ISA will apply.) The Korean auditing standards are set by the Korean Institute of Certified Public Accountants (KICPA) subject to approval by the FSC.



EC5Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting.



Description and findings re EC5Article 2–3 of the Act on External Audit of Stock Holding Companies requires the bank to have its internal controls on financial reporting reviewed by external auditors. The audit report must include auditor’s opinion on the result of the review of the internal controls on financial reporting.



In terms of the financial statements, as per the AEASC, a bank is required to adhere to the KIFRS, and to cover in its external audits areas such as loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of off-balance sheet items. (Articles 2–3, and 5, Act on External Audit of Stock Companies; Article 32, Regulations).



The AEASC does not prescribe what work the external auditor needs to perform to confirm the calculation of risk-weighted assets or the eligibility of capital instruments in the calculation of regulatory capital as disclosed in the annual report. The external auditor will provide an audit opinion of the reasonableness of the capital base in accordance with KIFRS, but not in relation to compliance with the banking Act and Regulations. Because the AEASC is a standard for stock companies generally and not a bank specific standard, it is questionable whether the AEASC is sufficiently bespoke to sufficiently capture the capital adequacy calculation.



EC6The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards.



Description and findings regarding EC6In the event of a disciplinary action against an external auditor, including license revocation and business suspension, prevents the bank’s external auditor from conducting audits, the bank must appoint another auditor within two months and report the change to the FSS (as per Article 4 of the AEASC).



However, the regulations do not provide the FSS or FSC the power to reject or rescind the appointment of an auditor. No examples where the supervisor has acted to rescind or reject an EA. Where evidence of malfeasance or breach of duty has been identified, the FSS has exercised its powers. Examples include mid 2000 where one commercial bank was found to be in violation and ordered to change auditor.



A particular weakness of the existing framework is that there is no additional hurdle for auditors to be appointed a bank auditor. The Korean Institute of CPAs (KICPA) is responsible for licensing, monitoring and disciplinary actions of its membership. The process for certification as an auditor involves two examinations followed by two years of practice and at least 100 hours of training per year in those two years followed by another exam. Within the training offered, there is no specific banking-related modules, but mainly IFRS.



EC7The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time.



Description and findings re EC7An auditor who is an accounting firm must not have the same partner perform the audit of a company for six or more consecutive business years (four or more consecutive business years in case of stock-listed companies). In case of stock-listed companies, the partner of an audit firm who has performed the audit of a company for three consecutive business years is prohibited from performing the audit of the company for the next three business years (Article 3, Act on External Audit of Stock Companies).



If CPAs from the same accounting firm as the auditor who is an accounting firm has participated in the audit of a listed company as auditing assistants for three consecutive years, the auditor must replace more than two thirds of assistances in the next business year.



EC8The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations.



Description and findings regarding EC8Pursuant to Article 48 of the Banking Act, the FSS can request the external auditor to submit information, including data on soundness of a bank, obtained in the course of auditing the bank. Further, under Article 15 of the Act on External Audit of Stock Companies, the FSS may assess whether an audit has been performed fairly and request the auditors to submit data, state opinions or make reports.



However, the FSS will not meet with the external auditor as part of the full scope examination or partial. The FSS requests the working papers every time they perform the full scope examination. In the case of FHCs, the selection of working papers is driven by the materiality of subsidiary as opposed to risk profile. In practice, only significant subsidiaries (measured by total assets) are focused upon.



To enhance audit quality, the FSS oversees the auditing systems of auditors by conducting inspections on a regular basis for accounting firms that (i) audit one percent or more of all listed companies, (ii) audit any listed companies with assets of KRW 1 trillion or more, (iii) employ 30 or more CPAs, or (iv) require an inspection in the SFC/FSS judgment. For all other firms that do not meet the above thresholds, the responsibilities for performing inspection of external audit firms audit systems is delegated to the KICPA.



The onsite examinations performed by the FSS consist of two parts: inspection of the quality control system and a review of audit engagements. The inspection of quality control systems will consider the adequacy of the audit firms ‘organizational arrangements such as leadership, ethical requirements of staff, human resources etc.



EC9The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality.



Description and findings regarding EC9Pursuant to Article 48 of the Banking Act, the FSS can request the external auditor to submit information, including data on soundness of the bank, obtained in the course of auditing the bank. While the Banking Act permits the supervisor access to results of the external auditor, the EA is not required to inform the FSS if it identifies matters of material significance to the FSS.



Under Article 15 of the Act on External Audit of Stock Companies, the FSS may assess whether an audit have been performed fairly and request the auditors to submit data, state opinions or make reports. The regulations do not, however provide for the protection of the auditor.



Additional Criteria
AC1The supervisor has the power to access external auditors’ working papers, where necessary.



Description and findings regarding AC1Pursuant to Article 48 of the Banking Act, the FSS can request the external auditor to submit information, including data on soundness of a bank, obtained in the course of auditing the bank.



Assessment of Principle 27LC



CommentsKey factors driving the rating:



  • The regulations do not permit the FSS the power to establish the scope of external audits and while the supervisor will review the working papers of the external auditor in performing its onsite examination, there were no examples in practice where the FSS had influenced the scope of an external audit;

  • The Banking Act and Regulations do not require an auditor to be appointed to a deposit-taking institution. Alternatively, the Act of External Audit for Stock Companies applies a threshold for an auditor to be approved which will typically capture the domestic banks due to their size. In the case where an auditor does not need to audit the financial statements of a deposit taking institution, the integrity and reliability of the accounts is weakened;

  • If the supervisor considers a specific risk type of line of business to be higher risk, there is not the provision within the regulations to commission the EA to look at this issue as part of the external audit;

  • The Act of EA does not contain specific reference to audits that need to be risk and materiality based; and

  • The FSS does not have the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. EC6 Instead, the removal of external auditors is left to the audit profession. There have been no incidences where the FSS or FSC has taken action in this regard to dismiss an auditor.

Other comments: The FSS will not typically meet with the external auditor as part of the supervision process. The supervisory will meet on an exception basis only. Use of external auditor in reviewing subsidiaries. Currently not risk based, could better leverage their risk assessment supervisory tools to identify particular risk areas within the FHCs for the EA to assess.



Principle 28Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes.



Essential Criteria
EC1Laws, regulations or the supervisor require periodic public disclosures64 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed.



Description and findings regarding EC1Article 32 of the Banking Act requires banks to prepare their financial statements according to IFRS under which banks have public disclosure obligations. Under the Uniform Disclosure Standards for Financial Businesses set by the Korea Federation of Banks, banks are required to disclose information required by Pillar 3 of Basel II standards. The annual Pillar 3 disclosures are required to be disclosed on the Korean Federation of Banks website and typically are not made as part of the Annual Reports of the larger systemic banks or made available on their websites. The Pillar 3 disclosures follow standardized templates across the various financial and qualitative areas. Article 43–3 in the banking Act states that a Bank shall disclose matters prescribed by Presidential Decree that are necessary for the protection of depositors and investors to the general public as determined by the FSC. Article 24 (Public Disclosure of Management) sets out the matters that should be included in the public disclosures:



  • (1) Matters concerning financial affairs, and profits and losses;

  • (2) Matters concerning fund raising and operation; and

  • (3) Details of sanctions.

The Article states that the FSC can determine detailed standards concerning matters that need to be disclosed.



Article 41 of the Regulations on Supervision prescribe the requirements for banks’ disclosures. Banks are required to publicly release their financial statements within three months of its end of financial year and two months for quarterly financial reporting. Banks’ financial statements shall be published in accord with the Uniform Management Publication Standards of Financial Business determined by the Chairman of the Korea Federation of Banks (Article 41, paragraph 2). Accounts are prepared on a six monthly basis and annual audited by an external auditor.



There are no requirements within the regulations for banks to disclose information on a solo basis even when they are significant banks within a banking group. There are a number of FHCs with significant/material bank subsidiaries within the group structure. Where a bank is a subsidiary of a listed company or listed itself, the disclosure rules are governed by the Korea Exchange Disclosure Regulations, which do not require accounts for material subsidiaries of a bank to disclose financial statements. The regulations are not sufficiently comprehensive to require public disclosure of accounts on a solo basis and does not specify the circumstances where this would be appropriate. The regulations do not refer to principles of transparency and comparability, relevance and reliability.



The FSS has not issued stipulations for Pillar 3 disclosure statements. This responsibility has been delegated to the Federation of Korean Banks. Requirements for Regulations that govern Pillar 3 disclosure are not well developed for the qualitative aspect of disclosures and for internal model user’s level of detail insufficient.



The FSS reviews the public data but the supervisory framework does not integrate the Pillar 3 data into the onsite or offsite surveillance.



EC2The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank.



Description and findings regarding EC2Under the Uniform Disclosure Standards for Financial Businesses, the required disclosures include information on bank’s organizational structure (organizational chart, number of branches and ATMs), employees and management, subsidiaries (both on consolidated and non-consolidated bases), capital, large shareholders, overall shareholding structure, profit, productivity, soundness, liquidity, capital adequacy, business size, credit rating, financial statements, and earnings by division (Article 41, Regulations).



Specific weakness is the requirements with regard to compensation which is not disclosed in the financial statements of the major banking groups.



Listed banks are required to disclose information on corporate governance in the report on operations, according to accounting provisions. In some cases, banks issue a specific and detailed report on corporate governance (available on their web-site), referenced in the report on operations. On the basis of the principle of proportionality, the level of detail of the disclosures is commensurate with the organizational complexity of the banks and the type of business they engage in. Furthermore, banks must disclose information related only to the activities in which they are engaged, the risks assumed and methodologies used to measure and monitor them.



EC3Laws, regulations or the supervisor require banks to disclose all material entities in the group structure.



Description and findings regarding EC3The Uniform Disclosure Standards for Financial Businesses requires banks to disclose financial information including financial statements of subsidiaries, credit exposures to and other financial transactions with subsidiaries (both outstanding and changes - Article 41, Regulations).



EC4The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards.



Description and findings regarding EC4Non-compliant banks can be subject to disciplinary actions including fines as per (Articles 43–3, and 53, Banking Act; Article 8, Regulation on Examination and Sanctions against Financial Institutions). Managerial Disclosure Article 43.3 of the Banking Act requires certain financial information to be disclosed at the Federation of Korean Banks. But not on websites or in annual reports.



The FSS on-site examination does not place a heavy reliance on assessing compliance with disclosure standards. The onsite examination will assess the reliability of systems to produce financial information with a strong focus on internal controls. In performing offsite analysis, there was not an emphasis on the analysis of Pillar 3 disclosures to complement and compare against data submitted directly to the FSS through the quarterly Business reports.



EC5The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles).



Description and findings regarding EC5The FSS provides information on banks both on an individual and aggregate base on its website under the Financial Statistics section. Information available includes financial statements, funding, lending, profitability, asset soundness, capital adequacy, liquidity, types of loans receivables, and productivity.



Additional Criteria
AC1The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period.



Description and findings regarding AC1The Uniform Disclosure Standards for Financial Businesses requires banks to disclose information on average balance of funding and lending, earnings, expenses, and average interest rates.



Assessment of Principle 28LC



CommentsMain drivers of this rating include:



  • No requirement for FHC’s with large banking subsidiaries to be disclosed. The regulations governing Pillar 3 disclosures are not sufficiently comprehensive to require public disclosure of accounts on a solo basis and does not specify the circumstances where this would be appropriate;

  • Oversight of compensation arrangements for key executives not fully embedded within the supervisory framework; and

  • Pillar 3 reports not well embedded into supervisory processes.

There is room for the publicly available financial data to be used in the supervisory process. The FSS reviews the public data but the supervisory framework is not complete or comprehensive as to how to use this data and integrate into the CAMEL-R approach. FSS does not use consistently the public disclosed data to analyze against prudential reporting or perform reconciliations to identify key differences.



Principle 29Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.65



Essential Criteria
EC1Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities.



Description and findings regarding EC1Korea’s anti-money laundering (AML) legislation comprises the Financial Transaction Reports Act (FTRA) and the Proceeds of Crime Act (POCA). According to Articles 3 and 11 of FTRA, Korea Financial Intelligence Unit (KoFIU) is Korea’s AML authority. The KoFIU, which is part of the Financial Services Commission (FSC), is the lead agency in Korea for AML/CFT matters.



While KoFIU is responsible for AML/CFT supervision, it may delegate responsibility for supervision to the FSS. In practice, the FIU has delegated responsibility to conduct the onsite examination of banks compliance with AML/CFT legislation to the Financial Supervisory Service (FSS). In practice, the FIU and FSS share the responsibility for supervision: FIU predominantly offsite supervision and FSS onsite examination of banks.



The FIU will receive regular reporting by the banks at a quarterly frequency such as Suspicious Transaction Reports (STR) and Counter Terrorist Reports (CTRs). The FIU will also receive exception reports from the banks in the instance of financial irregularities. Based upon the reported data, the FIU will establish the direction and often influence the scope of the onsite examinations conducted by the FSS and the FIU developed the examination manual used by the FSS to conduct onsite examinations. However, the FIU does not have a well developed risk-based methodology to identify higher risk banks for enhanced supervision. In practice, the banks to be selected for onsite examination will be determined by the FSS as part of their supervisory cycle. In the event the FIU detects specific irregularities through bank reporting, it has the power to suggest and, if needed, instruct the FSS to examine a specific bank. The FIU is however, in the process of exploring a risk-based methodology for implementation in the near-term after the appropriate due diligence is completed.



The FSS performs onsite examinations based on a two year frequency for full scope onsite examinations and partial examinations performed annually, but on a thematic basis. In establishing its onsite supervision plan, the FSS will liaise with the FIU and will adjust the scope of its supervision depending upon the policy direction set by the FIU.



Banks are required to appoint an executive within the bank as a compliance officer responsible for AML/CFT as per Article 5 FTRA and Enforcement Decree. South Korea is a member of both the Financial Action Task Force (FATF; the AML/CFT standard setter), and of the Asia/Pacific Money Laundering Group (APG; the FATF-style regional body for Asia).



South Korea was last assessed against the AML/CFT standard in November 2008 by a joint team of the FATF and the APG, and the mutual evaluation report was adopted in 2009. South Korea is tentatively scheduled to undergo its next full assessment in 2016.



Since the last mutual evaluation report in 2009, Korea has made progress in addressing the main deficiencies identified, in particular by taking legislative and regulatory measures, and improving the implementation of the AML/CFT framework.



The sanctions regime, nevertheless continues to raise some concerns because (i) the primary targets are not the financial institutions, but rather their employees and officials; and (ii) sanctions applied are mostly non-pecuniary sanctions. Pursuant to the action plan established after the adoption of the assessment report, Korea was to abolish the threshold for the reporting of suspicious transactions and to explicitly require financial institutions to file reports on attempted transactions, but, in 2012, Korea was behind schedule on both actions.



EC2The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities.



Description and findings regarding EC2Banks are required to establish procedures and standards for internal control as set out in Article 23–3 of the Banking Act to be followed by its executives in performing their duties to ensure sound management, and protect stockholders and depositors. The internal controls established under Article 23–3 are further elaborated through Article 17–2, Enforcement



Decree of the Banking Act) and include matters concerning the division of duties and organizational structure, matters concerning procedures to be observed by executives and employees in the course of performing their duties, matters concerning procedures and methods for verifying whether the internal control standards are observed by executives and employees, and the dispositions against executives and employees who have violated the internal control standards.



In addition, banks are required to establish and perform preventive measures and internal standards, including matters related to branch management, internal audit, and internal on-site examination (Article 91, Regulation on Supervision of Banking Business).



Articles 4, 4–2, and 5, Financial Transaction Reports Act require financial firms including banks must report all suspicious activities such as large cash transactions as provided for under the FTRA and comply with customer due diligence requirements. Specifically, financial institutions must report Suspicious Transactions Reports (STRs) and CTRs to KOIFU and when deemed necessary, the reports are also submitted to enforcement authorities.



Financial firms must operate with appropriate information systems and other internal controls that provide for, among others, monitoring, and identification of suspicious activities and clear line of duties and responsibilities and staff training. The full scope onsite examination performed by the FSS to assess the adequacy of controls during its CAMELR and thematic examination includes a review of the policies and processes in place for prevention of criminal activities. With a focus on internal controls, AML and CFT is routinely included in the scope of the full onsite examination and sampling of files and records for compliance with requirements.



EC3In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank.66



Description and findings regarding EC3According to Article 4 of the FTR Act, Banks report suspicious financial activities to KoFIU. Any other suspicious activities or incidents of fraud that may compromise financial firms’ safety and soundness or lead to financial losses to financial firms or their customers must be reported immediately to bank supervisors. The FSS will share reports of financial losses through suspicious activity or fraud to the KoFIU. The FSS will also share other types of information relevant to the KoFIU collected through its onsite examination process, such as internal audit reports on AML etc.



EC4If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities.



Description and findings regarding EC4As per Article 7 and 11 of the FTR Act, where necessary, KoFIU can share suspicious transaction report (STR) with the FSC and vice versa (which is internal within the FSC). The FSS reports information on suspicious banking activities to KoFIU and other law enforcement authorities, including the government prosecution authority.



Korea continues to maintain a reporting threshold for suspicious transactions of 10m Won. A Bill has been put to the national assembly to repeal the threshold and is anticipated to abolish this. In reality 8–10 percent are below the 10m KW threshold.



EC5The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management program, on a group-wide basis, has as its essential elements:



  • (a) A customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks;

  • (b) A customer identification, verification and due diligence program on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant;

  • (c) Policies and processes to monitor and recognize unusual or potentially suspicious transactions;

  • (d) Enhanced due diligence on high-risk accounts (e.g. escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk);

  • (e) Enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and

  • (f) Clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period.

Description and findings regarding EC5When assessing the compliance of banks with AML requirements, bank supervisors verify whether the banks maintain appropriate policy and processes for CDD, record retention, and staff training. Bank supervisors also evaluate whether risk-based AML systems are in effect and whether the bank’s CDD programs appropriately incorporate recommendations put forth by the Financial Action Task Force (FATF), the inter-governmental organization.



EC6The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include:



  • (a) Gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and

  • (b) Not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks.

Description and findings regarding EC6Under the anti-money laundering laws and regulations, specifically Articles 58 & 59 of the Regulation on Anti-Money Laundering and Prohibition of Financing for Offenses of Public Intimidation, banks must ensure that their correspondent banks abide by AML systems and take the necessary precautions. The AML precautions include: (i) information collection and verification on the correspondent bank’s place of business, business activities, and governance; and (ii) the reputation and supervision quality of the correspondent bank’s home country, the AML regime, and CDD.



EC7The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism.



Description and findings regarding EC7As provided for under the AML and anti-terror financing regime, banks must maintain effective controls and systems against potential misuse of the financial system. Bank supervisors monitor and assess the controls and system during bank examinations.



EC8The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities.



Description and findings regarding EC8KoFIU has the authority to take actions against the breach of the AML legislation by financial institutions. Articles 11, 14, and 17, Financial Transaction Reports Act). The FSS is responsible for the supervision and regulation of all banks within Korea with no exemptions. The FIU has delegated responsibility for the examination of banks to the FSS. In terms of sanctions, the authority for sanctions against institutions lies with the FIU but is based on a FSS recommendation. This change had been implemented in March 2012 and took effect 2013. When it comes to light disciplinary action FSS can act—sanctions against executives authority relies with FSS-FSC is in charge of examinations and sanctions and if in the course of offenses where fines imposed this will be decided by FIU.



EC9The supervisor determines that banks have:



  • (a) Requirements for internal audit and/or external experts67 to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports;

  • (b) Established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported;

  • (c) Adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and

  • (d) Ongoing training programs for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities.

Description and findings regarding EC9KoFIU and bank supervisors jointly conduct on-site examinations to assess AML compliance. The checklist includes the following:



  • The overall effectiveness of the control system, the composition and the suitability of the internal controls;

  • Operational procedures and management;

  • Recordkeeping and retention of reports;

  • Appointment procedure for the reporting persons, their independence and professional expertise, the effectiveness of the internal control system;

  • Information system for identifying suspicious activities, reporting of suspicious activities;

  • CDD and operational procedures for large cash transactions; and

  • Staff training and soundness of internal audit procedures.

The reference in the regulations is as follows: Article 11, Financial Transaction Reports Act; Article 15, Regulation on Anti-Money Laundering and Prohibition of Financing for Offences of Public Intimidation.



EC10The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilize adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities.



Description and findings regarding EC10The board, the senior management, and the reporting persons must have clear role and responsibility for the bank’s AML management system. In particular, the person responsible for reporting of AML matters must regularly evaluate the bank’s overall AML system and report the findings to the management. During on-site examination, bank supervisors periodically assess the soundness and effectiveness of the bank’s AML system and scrutinize transactions that warrant further inquiry for regulatory compliance.



The reference in the regulations is as follows: Article 81, Regulation on Anti-Money Laundering and Prohibition of Financing for Offences of Public Intimidation.



EC11Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable.



Description and findings regarding EC11Financial institutions and their employees (and anyone related to them) are not held liable for reporting suspicious transactions to the supervisory and enforcement authority unless they make false report either deliberately or due to gross negligence.



See Article 4, Financial Transaction Reports Act.



EC12The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes.



Description and findings regarding EC12KoFIU and bank supervisors cooperate and support each other for AML supervision and enforcement. KoFIU also actively engages in information exchange with foreign AML authorities.



See Articles 7, 8, and 11, Financial Transaction Reports Act.



EC13Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks.



Description and findings re EC13KoFIU employees highly trained specialists for its AML enforcement and regularly disseminate AML and anti-terror financing information updates to financial institutions.



Assessment of Principle 29LC



Comments
  • Factors driving the rating: Not a fully risk-based methodology for supervising banks (although the FIU is exploring a methodology); and

  • Scope to expand oversight across the entire population of deposit taking institutions. At present attention has been focused on the domestic banks of which practices for AML are improving. FIU will transition its focus to strengthening practices in securities and insurance sectors and finally smaller non-banks where risk profile is comparatively higher but asset size is lower.

Recommeded Actions and Authorities Comments

A. Recommended Actions

Recommended Actions to Improve Compliance with the Basel Core Principles and the effectiveness of regulatory and supervisory frameworks
Reference PrincipleRecommended Action
1. Responsibilities, objectives and powers
  • Clearly segregate its safety and soundness duties from other assigned objectives; and

  • Amend the legal framework in order to enable the supervisors to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance.

2. Independence, accountability, resourcing and legal protection for supervisors
  • Review the current composition/functioning of the Commission in order to shield the Commission against conflicts of interest;

  • Revise the legal protection framework in order to ensure that supervisors cannot be sued directly by market participants in cases of actions or omissions made in good faith; and

  • Review the current structure, staffing and distribution of activities within the FSS in order to allocate the appropriate volume of resources to safety and soundness and risk profile of activities.

5. Licensing criteria
  • Amend the banking and respective enforcement decree and regulation to ensure that suitability of shareholders encompass the ultimate beneficial owners;

  • Amend the legal/regulatory framework to expressly require a no-objection from the home supervisor in case of establishment of subsidiaries of foreign banks in the Republic of Korea;

  • Amend the RSBB to explicitly include assessments regarding the detection and prevention of criminal activities and oversight of outsourced functions;

  • The authorities informed their intention to revise the relevant regulations to enhance the transparency of the ownership structure of foreign bank branches with information on the group structure, including its affiliates and related parties, when they seek regulatory approval for a branch operation; and

  • The authorities also reported their intention to act to revise the licensing criteria to evaluate the internal controls relative to the identification and prevention of criminal activities, the oversight of proposed outsourced functions, as well as to expressly include the requirement for a no-objection from the home supervisor.

6. Transfer of significant
  • Require approval for transfers of ownership that can result in changes in effective control; and ownership

  • Amend the Banking Act in order to expand the definition of large shareholder.

7. Major acquisitions
  • Amend the legal framework in order to require approval for major acquisitions or for the establishment of cross-border subsidiaries.

The authorities reported that in order to ensure effective prior regulatory review for the establishment of cross-border banking, the FSC-FSS will take appropriate regulatory measures in order to assess whether the host country provides information flows necessary for satisfactory consolidated supervision and whether the host country has the ability to exercise effective supervision on a consolidated basis.



8. Supervisory Approach
  • Establish a point of contact in charge of a particular banking/banking group, consolidate off and on site surveillance and any other information pertaining to a particular bank, including macroeconomic analyses;

  • Conduct partial examinations or (maybe with a mix of off and on site activities) on particular risks;

  • Develop capacity/procedures to allow a more in-depth and judgmental qualitative assessments; and

  • Review its overall assessment process and check lists in order to incorporate more in-depth judgment qualitative procedures into the assessments.

9. Supervisory techniques and tools.
  • Review the annual planning process regarding banking supervision in order to focus the partial examinations on core supervisory issues and risks;

  • Review policies for information sharing within the FSS in order to provide a more comprehensive and easier access to information to the examination team;

  • Intensify engagement with senior management as part of the on-site examination processes beyond the partnership meetings;

  • Develop standard rules for hiring third parties, as well as ensuring quality control, as well as develop more robust procedures to avoid the existence of conflicts of interest; and

  • Review the distribution of activities within the FSS in order to better allocate resources into its core supervisory functions.

10. Supervisory Reporting
  • Amend the legal framework in order to be able to have access to all relevant data and information from non-financial entities within a bank or banking group;

  • Require external auditors (as mandated by banks) to review the quality of regular reports submitted to the FSS; and

  • Enhance rules and guidance for hiring third parties to perform supervisory work.

11. Corrective and sanctioning powers of supervisors
  • Further enhance its process of providing recommendations and sanctions in order to increase its effectiveness; and

  • Amend the legal/regulatory framework in order to be able to impose more stringent prudential limits and requirements to individual banks, bar individuals from the banking sector and to replace and restrict the powers of Board members or controlling owners.

The authorities reported that they plan to improve the post-examination process by giving a separate notice on the management status evaluation results, matters that require special attention and improvement, etc.



The FSC-FSS has set up a task force that has been working on standards and rule changes for D-SIB and is looking to complete the task in the near future with more stringent prudential limits and requirements.



12. Consolidated supervision
  • Develop a framework in order to systematically assess the risks of the non-financial business within the group;

  • Enhance its qualitative assessment regarding overall groups’ strategy and risk appetite;

  • Seek and incorporate in a systematic way information provided by other departments regarding non-bank financial entities supervised by the FSS;

  • Expand the scope of its fit and proper test to encompass related parties of all large shareholders; and

  • Eliminate the possibility of exceeding the related parties lending limit based on Board approval.

13. Home-host relationships
  • Expedite process for establishing criteria for determining D-SIFIs and consequently developing mechanisms for cross-border crisis cooperation and group resolution plans.

14. Corporate governance
  • Strengthen regulations to require BoD to review and approve policies and procedures on a minimum frequency;

  • Introduce regulations that require subsidiaries within a group that are regulated by the FSS for the BoD to be a majority of outside (independent) directors; and

  • Develop further supervision practices to fully implement compensation principles as prescribed by the FSB.

15. Risk management process
  • Strengthen regulations and supervisory processes of risk management, particularly for FHCs.

16. Capital adequacy
  • Fully implement ICAAP assessments across all deposit taking institutions;

  • Implement Pillar 2 of BII for all banks where an individual capital ratio is applied to banks based on an assessment of their individual risk profile; and

  • Amend Regulations for banks to obtain prior approval from FSS for capital reductions.

17. Credit risk
  • Increase the frequency of onsite credit risk reviews; and

  • - Issue guidance requiring that credit transactions be made on market terms and that large and/or high risk operations be approved by the Board.

18. Problem assets, provisions, and reserves
  • Require that collateral be valued at net realizable value which includes appropriate haircuts which take account of realization costs

  • Require that a valuation of collateral be performed at the time an asset is categorized as defaulted-non-performing, preferably by an independent third party.

19. Concentration risk and large exposure limits
  • Issue guidance/regulation covering the whole spectrum of concentration risk management and monitoring required by the revised CP;

  • Review current exceptions to large exposures regime that may undermine prudential considerations;

  • Review limits as to apply consistently on both solo and consolidated;

  • Develop reporting requirements for LE and concentration risk information; and

  • Develop the notification requirements by banks to the FSS in relation to LE above 10 percent.

20. Transactions with related parties
  • Amend regulation to require that related party transactions should be approved by the board;

  • Amend regulation to require that related party transactions do not occur in more favorable terms than those to non-related party clients; and

  • Consider strengthening the capacity of FSS to impose broader definitions of related party, based on influence of decision or economic dependence, on a case by case basis.

21. Country and transfer risks
  • Issue guidance on country and transfer risk that can be understood and applied by all banks. In particular, banks need to be made aware that an overall deterioration of credit risk in a country can lead to many private contracts not being observed, even when not linked to any specific restrictions imposed by governments. In another words, country risk may be linked to the possibility that political and/or economic events occur and influence the quality of the banks portfolio.

22. Market Risk
  • Amend thresholds for exemptions from the Regulations to calculate market risk equity capital for trading book exposures; and

  • Amend the Regulations to include valuation expectations contained within FSS guidance notes.

23. Interest Rate Risk
24. Liquidity
  • Amend regulations to require continuous compliance with liquidity ratios;

  • Develop greater specificity for liquidity stress testing (severity, input assumptions, parameters etc) to enable consistency across industry; and

  • Amend Regulations to contain a more explicit definition of high quality liquid assets.

25. Operational risk
  • Amend regulations to provide more guidance, in particular to BIA banks, on how to identify, assess, evaluate, monitor, report and control or mitigate operational risk;

  • Amend regulations to clarify that the operational risk management policy needs approved by the board, that all banks must have adequate channels of information of operational risk data and events to boards or the supervisor;

  • Enhance regulations on IT and outsourcing, as planned;

26. Internal control and audit
  • Strengthen the oversight of IA as part of the partial examination; and

  • Ensure the examination team meets with the full AC, currently an FSS Deputy Governor which is not part of the examination team meets with the Chair. Allows a more informed assessment by the examination team as an important input into the banks’ risk assessment captured in the CAMELR rating.

27. Financial reporting and external audit
  • Expand scope of the FSS within the regulations to review working papers of the external auditor and place greater emphasis on the results of the external audit when planning onsite examinations;

  • Review the Banking Act and associated Regulations for an external auditor to be appointed to all deposit taking institutions; and.

  • Increase the threshold for the appointment of an external auditor to a deposit taking institution in relation to expertise and experience.

28. Disclosure and transparency
  • Strengthen the Pillar 3 disclosure regime whereby Pillar 3 reporting is made available on a banks’ websites or annual report. Where material banking subsidiaries within a FHC exist, amend regulations to require disclosure of accounts on a solo basis;

  • Greater use of Pillar 3 disclosures in offsite surveillance; and

  • Strengthen regulations in regards to compensation principles specifically in relation to risk adjusted returns in line with FSB principles.

29. AML/CFT
  • Implement a risk-based methodology for supervising banks which discriminates risk profile and allocates recommendations for frequency and intensity of supervision. Extend the risk-based approach to supervision across deposit taking institutions.

B. Authorities’ Response to the Assessment

23. The Financial Services Commission and the Financial Supervisory Service of Korea (FSC/FSS) would first like to thank the IMF, the World Bank, and the FSAP mission team for their assessment work. The FSC/FSS fully expects to utilize the assessment outcome as an opportunity to further improve and strengthen Korea’s banking regulation and supervision. In fact, the FSC/FSS has already started on some of the mission team’s recommendations and plans to work on the remaining recommendations under an appropriate timetable. The FSC/FSS also reiterates the admonition the mission team has made in its report that this assessment is not appropriate for comparison with either previous assessments or other countries’ assessments.

24. From the outset, the FSC/FSS welcomed the BCP assessment as an opportunity to take a fresh look at the effectiveness of Korea’s banking regulation and supervision regimes and identify areas in need of improvement. It was for this reason that the FSC/FSS agreed to BCP assessment on the basis of both the Essential Criteria (EC) and the Additional Criteria (AC) under the revised core principles (CPs) even though the new criteria would subject Korea’s banking regime to far greater scrutiny than in the past.

25. The FSC/FSS disagrees with many of the CP ratings in the final assessment report with the judgment that the ratings do not adequately reflect the overall strength or effectiveness of Korea’s banking regulation and supervision. One case in point is the well-established practice of bank supervisors issuing supervisory guidance—such as guidelines on integrated risk management, stress test, and performance-based pay—that the banks promptly incorporate into their internal policy and carry out for full compliance. Supervisory guidance has long proven an effective and expeditious means of banking supervision in Korea, but the mission team’s assessment appears to suggest that supervisory guidance is not sufficient simply because it is an aberration from written rules and regulations. The FSC/FSS therefore provides additional arguments for the following CPs in order to bring greater balance to the mission team’s assessment.

Independence, accountability, resourcing and legal protection for supervisors (CP2)

26. The FSC/FSS does not agree with the assessment of Principle 2 (Independence, Accountability, Resourcing and Legal Protection for Supervisors) for the following reasons. The mission team recommends that the FSC/FSS reconsider the representation of the Ministry of Strategy and Finance (finance ministry) and the Korea Chamber of Commerce and Industry in the composition of the FSC commissioners because of the potential for conflict of interest. Article 11 of the Act on the Establishment of the Financial Services Commission, however, directly addresses this matter by expressly providing for the recusal of FSC commissioners (voluntarily or involuntarily) from any proceedings, deliberations, and resolutions that may pose a conflict of interest.

27. Another recommendation in respect of independence and accountability is to change law in order to give regulators and supervisors immunity from litigation for actions taken in the performance of their duties. While this is a laudable proposition, the overwhelming constraint for this matter is that Korea’s constitution does not provide for any selective immunity for the FSC/FSS. More importantly, FSC/FSS regulators and supervisors are liable for damage under the State Compensation Act only in the event of a violation of law resulting from an intentional wrongdoing or negligence. Therefore, for all practical purposes, there is virtually no chance of individual regulator or supervisor being held liable for good-faith actions taken in the course of performing their official duties. In short, Korea’s regulators and supervisors already perform their duties with virtual immunity from litigations that can threaten their independence or accountability.

Licensing criteria (CP5)

28. It is recommended that the criteria for a banking license include the consent of the home supervisor, internal controls related to the detection and prevention of criminal activities, and the oversight of proposed outsourced functions. The FSC/FSS notes that the laws and regulations currently in effect already enable bank supervisors to closely examine and assess the above-mentioned criteria items when reviewing banking license applications.

Transfer of significant ownership (CP6)

29. The assessment report suggests that a shareholder with less than 10 percent of share ownership should be required to seek approval for the transfer of significant ownership or controlling interest and that a shareholder with less than 4 percent should be classified as a large shareholder if the shareholder exercises “de facto” control of a bank. The FSC/FSS closely monitors shareholder status and ownership structure through the banks’ shareholder reports and onsite examinations. The FSC/FSS also monitors shareholders who exercise “de facto” control on an ongoing basis.

Major acquisitions (CP7)

30. It has been suggested that prior approval should be required for a major subsidiary acquisition and that provisions specifically designed to prevent exposure to undue risk from a new acquisition or investment should be included in the banking regulation. The FSC/FSS already requires a bank to obtain approval when it seeks to hold more than 20 percent of a company or take over a subsidiary that the bank effectively controls. In addition, bank supervisors continuously monitor whether a new acquisition or investment hinders the safety and soundness of the bank.

Supervisory approach (CP 8)

31. The mission team makes the observation that the existence of multiple points of responsibility among various teams at the FSS that take charge of particular sub-segments of banking supervision and operate autonomously tends to limit the ability of the FSS to fully grasp the overall risk profile of individual banks and banking groups. The reality, however, is that the Off-Site Surveillance Team at the Bank Examination Department effectively coordinates such information and functions as the central repository of information and the central point of contact for individual banks and financial holding companies.

32. The assessment report also points to the seeming over-reliance of the FSC/FSS on comprehensive biennial full-scope examination and recommends expanded risk-based partial examinations and qualitative assessments where supervisory judgment is critical. The FSC/FSS stresses that qualitative assessment takes place not merely as part of a biennial full-scope examination, but also on an ad hoc basis as part of a partial examination performed to address vulnerabilities and risk factors as they are identified. In addition, a considerable amount of assessment criteria for CAMEL-R, the Management and Risk components in particular, is dedicated to qualitative aspects that incorporate the examiners’ supervisory judgment. Nevertheless, the FSC/FSS will act on the mission team’s recommendation in order to further strengthen qualitative assessment with more in-depth risk analysis and partial examinations.

33. In addition, the assessment report notes in EC1 that CAMEL-R is linked to the PCA framework but has not yet been triggered for banks. This is factually incorrect: Korea’s bank supervisors issued PCAs to four banks upon CAMELS assessments conducted between April and November 1998 following the Asian financial crisis.

Supervisory techniques and tools (CP 9)

34. Under the current system, the FSC/FSS conducts ad hoc partial examination when the off-site surveillance identifies weaknesses and vulnerabilities to risks. In addition, the FSC/FSS has been working on plans to bolster partial examination in order to more effectively address risk vulnerabilities of the banks.

Supervisory reporting (CP 10)

35. Under the Financial Holding Company Act, non-financial subsidiaries of a financial holding company file quarterly reports on their financial conditions and business activities. The FSC/FSS also has the authority to compel them to submit data or comply with interview requests regarding their business affairs or properties.

36. Regarding the use of external experts in bank examination, there are guidelines in place to help assess the quality of work performed by external experts and prevent conflict of interest. Currently, external experts are required to comply only with their contractual obligations on suitability assessment and reporting mainly because their participation very much remains limited (1.8 percent or 15 of the 811 examinations conducted as of the end of November 2013). The FSC/FSS, however, expects to come up with more formally established rules and regulations on the use of external experts in anticipation of growing demand for them.

Corrective and sanctioning powers of supervisors (CP 11)

37. The FSC/FSS undertook a number of changes to the examination procedures in January this year. As a result, the FSC/FSS now sends examination findings to the bank within five months for a full-scope examination and within four months for a partial examination. Findings unrelated to sanctions on the bank or its employees—such as CAMEL-R ratings—can be notified separately before the final exam report is issued. Going forward, the FSC/FSS will continue to work on improving post-examination notification and supervision.

Consolidated supervision (CP 12)

38. The risk management assessment criteria for financial holding companies currently consist of ten qualitative components including group-wide risk strategy and profiles. (The qualitative components relate to, among others, whether there is sufficient understanding of the management on group-wide risk profile or strategies to manage capital at risk, whether the group maintains a risk management framework commensurate with its business strategies, and whether the management of the subsidiaries was consulted before group-wide business strategies were set.) The plan going forward is to continue to work on improving the qualitative components as needed.

39. The FSC/FSS maintains a centralized information management system for information produced by non-bank departments. Under the system, departments charged with examination and supervision of bank holding companies share and access business reports from the FSS Integrated Financial Analysis System. Information on material changes taking place at each individual financial institution is accessed from the FSS Information Management System.

Corporate governance (CP 14)

40. The assessment report recommends the integration of the Model Guidelines on Sound Compensation Principles into the supervisory regulations. The FSC/FSS notes that the proposed Act on Governance of Financial Institutions, which encompasses most of the sound compensation principles in the model guidelines, was submitted to the National Assembly on June 18 and is being deliberated at the National Assembly. The assessment report also refers to the absence of regulation on conflict of interest. The FSC/FSS notes that the Banking Act explicitly sets forth provisions designed to prevent conflict of interest between the board of directors of a bank and other stakeholders and between a bank and its customers.

Risk management process (CP 15)

41. Currently, banks are required by law to incorporate the results of risk assessment and stress testing to their capital planning in accordance with the Model Guidelines on Stress Testing. The FSC/FSS regularly assesses the banks’ compliance with stress testing and plans to formally adopt the guidelines into the regulation.

42. With regards to the recommendation for independent external verification of compliance with the regulations, the FSC/FSS notes that banks are required to conduct internal audit of risk management. The adequacy of internal audit of risk management also comes under regulatory scrutiny under the CAMEL-R assessment.

43. The assessment report recommends regulations for mandatory reporting of the bank’s risk management unit to the chief risk officer (CRO) and the composition of the bank’s risk committee. The proposed Act on Governance of Financial Institutions, which is making its way through the National Assembly, expressly provides for risk committee and its composition.

Capital adequacy (CP 16)

44. The FSC/FSS does not agree with the assessment of Principle 16 (capital adequacy) for the following reasons:

  • First, the FSC/FSS has faithfully and consistently complied with Basel standards, including capital standards, definition of capital compositions, and the regulatory ratios. This partly explains why domestic banks were able to maintain more than sufficient levels of capital throughout the global financial crisis. It also explains why the common equity tier 1 capital of Korean banks is expected to rise under Basel III unlike that of many large banks in the developed countries.

  • Second, with regard to Pillar II, the FSC/FSS has carried out well-tailored capital supervision. The rigorous off-site surveillance of the 18 domestic banks enables bank supervisors to take immediate follow-up supervision action (and disciplinary action if warranted). For example, the stress tests the FSC/FSS conducted during the financial crisis period were tailored to the risk profile of each individual bank, and banks with the capital ratio below 10 percent under stress scenario were directed to raise capital.

  • Third, the FSC/FSS does not agree to the finding that bank supervisors did not verify in advance changes to estimates and parameters that had been used in the internal ratings-based models because such changes were in practice subject to advance approval from bank supervisors. The FSC/FSS will take appropriate follow-up actions where more clearly established rules will minimize the likelihood of such misunderstanding.

45. In short, the FSC/FSS feels strongly that the materially non-compliant finding is based on an inaccurate assessment that fails to take into account the full breadth and scope of Korea’s capital regulation regime in terms of enforcement and compliance, or the high quality of bank capital. It appears that the materially non-compliant finding is more or less driven by minor deficiencies in the explicitness of regulations on ICCAP.

Problem Assets, Provisions, and Reserve (CP 18)

46. The FSC/FSS does not agree with the assessment of Principle 18 (problem assets, provisions, and reserve) for the following reasons:

  • Since the introduction of the IFRS in 2011, domestic banks have been setting aside loan loss provisions as provided for under the IFRS. The FSC/FSS ensures high loss-absorbing capacity by directing the banks to perform credit assessment of individual borrowers at risk of default when performing provision calculations. Where the level of provisioning required under the IFRS falls below the level of estimated loss, the difference must be made up and set aside as additional provisions. (At the end of September of this year, domestic banks’ loan loss provisions were KRW10.4 trillion more than the IFRS-based provisions of KRW21.2 trillion).

  • Bank supervisors use the SBL ratio or the ratio of loans classified as substandard or below as a measure of soundness and for reporting purposes. The SBL ratio is more conservative than the more common NPL ratio because it incorporates the borrowers’ debt-servicing ability. (At the end of September, domestic banks’ SBL ratio was 1.79 percent and the NPL ratio 1.23 percent).

  • A loan under debtor-creditor workout is also subject to stringent loan classification requirements. It must be classified as an SBL at the time of the workout and can be reclassified to a higher loan classification category only after the borrower has met the rescheduled payment obligations for a considerable period of time and can demonstrate the capacity to fully service the loan (principal and interest) under the forward-looking criteria. Similarly, the reclassification of an NPL into a performing loan may be made only after the borrower’s debt-servicing capacity has significantly improved. The FSC/FSS wishes to note that rule changes are currently in the works to provide specific regulations on NPL reclassification.

  • For the fair value of collateral supporting an SBL, Korea’s banking regulation provides specific and prudent rules on estimating the recovery amount net of any incidental expenses. The standard practice for the banks is to perform conservative collateral valuation on the basis of market price and appraisal value with additional pricing information from the collateral’s cash convertibility (liquidity) and bids and offers in court auctions.

47. The FSC/FSS acknowledges some discrepancy between banks and nonbanks on the criteria to be met for a default—e.g., 90 days past due for banks and 180 days past due for nonbanks—as noted by the mission team. It must be stressed, however, that both banks and nonbanks must adhere to the same set of classification and provisioning standards on a consolidated basis, and the FSC/FSS has been fine-tuning the supervision rules to encourage convergence on default criteria for both banks and nonbanks. (Default for mutual savings banks will be changed to 120 days beginning July 2014; for credit cooperatives and unions, it has already been changed to 120 days in July 2013 and will become 90 days—as is the case for banks—in July 2014).

Concentration risk and large exposure limits (CP19)

48. It is difficult to agree to the overall thrust of CP 19 assessment. Because of domestic banks’ heavy business concentration at home, bank supervisors take the due care in order to ensure domestic banks effectively manage concentration risk stemming from specific borrowers, industries, and other identifiable concentration categories. While the rules and regulations on concentration risk and large credit exposures may fall short of highly detailed provisions, such risks are effectively managed and controlled in practice because large credit extensions are carefully scrutinized and decided through deliberations by the bank’s loan review committee and risk committee with the participation of a member of the board of directors of the bank. In addition, bank supervisors periodically inspect the banks’ management of concentration risk through on-site examinations and monthly or quarterly reports and examine the adequacy of internal controls for concentration risk.

49. The mission team makes the observation that bank supervisors make use of the term “same borrower” (a borrower together with any party specially connected with or related to the borrower) as the term is defined under the Fair Trade Act. The FSC/FSS notes that this is essentially an insignificant matter of formality and that bank supervisors employ strict prudential standards on bank credit extensions not only to the borrower, but also to any related persons that effectively share the risk of default with the borrower.

50. It should also be noted that bank regulators at the Basel Committee have not yet come up with the final rules and regulation on concentrated risk or large credit exposures. The FSC/FSS is looking to set more concrete rules and regulations in line with what the Basel Committee sets forth.

Transactions with related parties (CP20)

51. The FSC/FSS carries out strong and effective supervision of related-party transactions. This is also a matter yet to be firmly dealt with by the Basel Committee. When it does, the FSC/FSS expects to follow up with additional measures to further reinforce the regulatory regime on related-party transactions.

Market risk (CP22)

52. Under the existing banking regulation, 17 of the 18 domestic banks are already subject to strict capital charges for market risks, and the FSC/FSS disagrees with the assessment that current exclusions are excessive, especially because it deviates from assessments given tocountries that exercise similar capital charges. The FSC/FSS also wishes to stress that Korea’s banking regulations clearly provide for mark-to-market valuation of the banks’ trading positions, domestic banks have faithfully adhered to the regulations, and bank supervisors will continue to take steps to improve the valuation of traded market risks and ensure strong capital regimes for them.

Liquidity risk (CP24)

53. Korea’s liquidity regulations provide for won liquidity ratio ≧100 percent) and foreign currency liquidity ratio ≧85 percent) to ensure effective liquidity risk management. In July 2012, the FSC/FSS set loan-to-deposit ratio requirement in order to reduce wholesale and market funding and preempt liquid risk.

54. The FSC/FSS is looking to introduce the LCR regime beginning in 2015 as set by the Basel Committee. Since the Basel Committee proposed new liquidity rules near the end of 2010, Korea’s bank supervisors have been working on the implementation of the new liquidity regime with quarterly review of domestic banks’ LCR calculation and other preparatory measures. Korea’s bank supervisors believe that it is premature for the assessment team to point to shortcomings on the basis of detailed LCR provisions well before the new LCR regime is completed.

55. For liquidity stress tests, bank supervisors encourage the banks to design stress scenarios with their own individually tailored risk variables and assess their effectiveness. The FSC/FSS welcomes the proposal from the mission team to further improve the utilization of liquidity stress tests with more specific regulations.

Operational risk (CP25)

56. Regulatory issues pertaining to the authorization of the board of directors on operational risk management, reporting of operational incidents, the verification of the suitability of internal models, and disaster recovery have already been faithfully incorporated in the regulation. IT-related issues have also been specifically integrated into the regulation. The plan going forward is to review some of the details in the Model Guidelines on Integrated Risk Management for new regulation.

Financial reporting and external audit (CP27)

57. The mission team asserts that the bank supervisors’ onsite and offsite supervision does not incorporate results from external audit. To this, the FSC/FSS responds that, under Article 48 of the Banking Act, bank supervisors may direct the external auditor to provide external audit information. In addition, the Examination Manual and RM Manual, which provide details on carrying out a bank examination, states that bank examiners may cooperate or consult with the external auditor at any time and obtain audit results during the examination.

58. The Act on External Audit of Stock Companies subjects listed companies, companies to be listed, and companies with assets in excess of certain thresholds to independent external audit. This requirement extends to most deposit-taking institutions. In addition, deposit-taking institutions not subject to external audit under the Act on External Audit of Stock Companies are subject to external audit under sector-specific regulations.

Disclosure and transparency (CP28)

59. Domestic banks have been faithfully complying with regulatory disclosure requirements, and the disclosure items encompass most of those covered under Pillar 3. The FSC/FSS does not use Pillar 3 as a separate disclosure regime; disclosures are instead made through the Korea Federation of Banks’ Uniform Disclosure Standards for Financial Businesses. It is therefore erroneous to assume that Pillar 3 is not in effect in Korea.

60. For regulation on compensation arrangements, the FSC/FSS has issued model compensation guidelines in January 2010 as supervisory guidance. As a way to encourage compliance, the FSC/FSS regularly collects implementation data and incorporate compliance performance in the supervisory ratings. In November 2013, bank supervisors conducted an extensive review of the status of compensation arrangement and issued supervisory guidance on areas in need of improvement.

In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries, affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for example non-bank (including non-financial) entities, may also be relevant. This group-wide approach to supervision goes beyond accounting consolidation.

The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the subsequent Principles.

Such authority is called “the supervisor” throughout this paper, except where the longer form “the banking supervisor” has been necessary for clarification.

In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank.

In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically important banks: assessment methodology and the additional loss absorbency requirement, November 2011.

Please refer to Principle 1, Essential Criterion 1.

Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host relationships” (13) and “Abuse of financial services” (29).

The Committee recognizes the presence in some countries of non-banking financial institutions that take deposits but may be regulated differently from banks. These institutions should be subject to a form of regulation commensurate to the type and size of their business and, collectively, should not hold a significant proportion of deposits in the financial system.

This document refers to a governance structure composed of a board and senior management. The Committee recognizes that there are significant differences in the legislative and regulatory frameworks across countries regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the board is performed by a separate entity known as a supervisory board, which has no executive functions. Other countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these differences, this document does not advocate a specific board structure. Consequently, in this document, the terms “board” and “senior management” are only used as a way to refer to the oversight function and the management function in general and should be interpreted throughout the document in accordance with the applicable law within each jurisdiction.

Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003).

Please refer to Principle 14, Essential Criterion 8.

Please refer to Principle 29.

While the term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these issues might be addressed by a separate licensing authority.

In the case of major acquisitions, this determination may take into account whether the acquisition or investment creates obstacles to the orderly resolution of the bank.

On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on supervisory concerns, etc.

Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of further off-site and on-site work, etc.

Please refer to Principle 10.

In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27.

Please refer to Principle 2.

Please refer to Principle 1, Essential Criterion 5.

Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions.

Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.

Please refer to Principle 1.

Please refer to footnote 19 under Principle 1.

Please refer to Principle 16, Additional Criterion 2.

See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on supervisory colleges for further information on the extent of information sharing expected.

Please refer to footnote 27 under Principle 5.

The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to Approach the affairs of the company in the same way that a ‘prudent man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business judgment rule.” The OECD defines “duty of loyalty” as “the duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.”

“Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and “risk tolerance” are treated synonymously.

For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure, encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group.

To some extent the precise requirements may vary from risk type to risk type (Principles 15–25) as reflected by the underlying reference documents.

It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a bank’s Board and senior management.

New products include those developed by the bank or by a third party and purchased or distributed by the bank.

The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.

The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test that banks are adequately capitalized on a stand-alone basis.

Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital measurement and capital standards: a revised framework, comprehensive version, June 2006.

In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses, among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base; (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures; (c) the adequacy of provisions and reserves to cover loss expected on its exposures; and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the appropriate level of capital to support the risks it is running and the risks it poses.

“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverses stress testing.

Please refer to Principle 12, Essential Criterion 7.

Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.

Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities.

Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.

“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments.

Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.

Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).

It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.

Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof.

This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.

The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e. it should encompass actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).

Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of September 2012, a new Basel standard on large exposures is still under consideration.

Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related interests, and their close family members as well as corresponding persons in affiliated companies.

Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.

An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g., staff receiving credit at favorable rates).

Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks, or governments are covered.

Transfer risk is the risk that a borrower will not be able to convert local currency into FX and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistic—Guide for compilers and users, 2003).

Back-to-back transaction; a special type of transaction through which fees are collected by close trading.

Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book. Interest rate risk in the trading book is covered under Principle 22.

The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.

In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.

The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines.

The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines.

The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small banks to implement a system of independent reviews, e.g., conducted by external experts, of key internal controls as an alternative.

In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisors.

For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.

The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the criteria mentioned in this Principle.

Consistent with international standards, banks are to report suspicious activities involving cases of potential money laundering and the financing of terrorism to the relevant national centre, established either as an independent governmental authority or within an existing authority or authorities that serves as an FIU.

These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions.

Other Resources Citing This Publication