A. General

1. This assessment of U.K. compliance with the Basel Core Principles for Effective Banking Supervision was undertaken as part of the Financial Sector Assessment Program (FSAP) that the IMF has conducted at the request of the U.K. authorities over the period February–July 2002. The assessment was conducted by John Abbott (IMF-MAE), Laurie Edlund (Office of the Comptroller of the Currency), and Jan Rein Pruntel (Netherlands Bank).

B. Information and Methodology Used for the Assessment

2. The assessment has been based on the Core Principles Methodology that was published by the Basel Committee On Banking Supervision in October 1999.

3. In view of the highly developed nature of the U.K. banking sector, this assessment takes into account both the essential and the additional criteria that have been set out in the Core Principles Methodology.

4. The assessment takes into account a comprehensive self-assessment of compliance with the Basel Core Principles that was submitted by the U.K. authorities to the IMF prior to the May mission. Major further sources used for the assessment include numerous publications available from the FSA website, the Financial Services and Markets Act 2000 (FSMA), a CD-ROM provided by the FSA containing its Handbook of rules and guidance, presentation material and internal documents provided by FSA officers, and background material from various industry sources.

5. In addition extensive interviews were held with FSA officers, representatives of major U.K. incorporated banks and U.K. branches of overseas banks, senior representatives of the British Bankers Association, the Foreign Bankers and Securities Association, the Practitioners Panel on transparency established under the FSMA, and the Institute of Chartered Accountants in England and Wales. The assessment team gratefully acknowledges the cooperation received from all concerned which has added substantially to the effectiveness of the assessment.

C. Institutional and Macroprudential Setting—Overview

6. The FSA was established by the U.K. Government in May 1997, and commenced operation in an interim or transitional way in June 1998. The relevant law, the FSMA, was passed in 2000, and took full legal effect on December 1, 2001, a date usually referred to in this context as N2. The FSA initially absorbed the activities of a nine previous regulators or government departments, and in bank supervision specifically, the previous supervisory function of the Bank of England, and has since taken on even more responsibilities.

7. The U.K. banking industry has benefited from a remarkably stable macroeconomic environment and sustained growth over nearly a decade. The favorable environment owes much to sound macroeconomic policies as well as a strong policy framework, and to sustained structural reforms. Recently, however imbalances have emerged, particularly in the expansion of credit to consumers and businesses and burgeoning house prices. Although these imbalances are, on the whole, not large and likely to be resolved gradually, they do pose risks to the financial system that require monitoring and management.

D. General Preconditions for Effective Banking Supervision

8. The United Kingdom has a well developed judicial system with a reputation for probity and professionalism. Civil commercial matters are normally heard in one of the divisions of the High Court, with appeal processes available through the Court of Appeal and, if accepted, the House of Lords. The senior EU Court is the European Court of Justice and it has similar professional standing to the English upper courts. The legal system is based on case law as modified by equity considerations and domestic legislation. As the U.K. has no written constitution, Parliament is the supreme domestic law making body, but as a general principle EU law overrides domestic law under the Treaty of Rome. EU directives agreed by the Council of Ministers do not have the status of law but must be converted into national law by member states. From a regulatory point of view the legal and judicial precondition to effective banking supervision are very well satisfied.

9. The professions important to the financial sector are also well developed in the U.K. and are subject to full liability for breach of duty. The U.K. chartered accountants are expected to continuously maintain minimum levels of professional training. They have world class qualification and accreditation requirements and are seen as best practice resources by educators and professionals in many other countries. A new system of non-statutory independent regulation of the accountancy profession’s audit activities has recently been established under the auspices of the Accountancy Federation, which will raise the standards for oversight of the accountancy profession. The convergence toward fair value accounting (IAS 39) will introduce new issues for both firms and for regulators, issues that the U.K. profession is now beginning to address. Again, this precondition for effective regulation and supervision is well satisfied.

10. The auditing profession is also well established. External auditors need to be members of recognized supervisory organizations and to remain eligible to be a member under the rules of that organization (leading to a practicing certificate). Recognized organizations have to ensure that all their members are ‘fit and proper’ and that audit processes are carried out in a professional manner and with integrity. The main coordinating body for the six U.K. accounting bodies, the Counsultative Committee of Accounting Bodies, is a recognized supervisory body. The assessment team was not able to determine the level of performance of the internal audit function within the banking sector, but there appear to be varying degrees of competence and awareness of the risk based approach.

11. The United Kingdom is among the leading countries in the world in setting standards for corporate governance, including public disclosure practices. With regard to the regulated financial sector, market discipline is reinforced by the fact that the U.K. authorities have publicly stated their view that it is neither possible nor desirable to remove all risk of financial failure.

12. The United Kingdom has no special statutory insolvency procedures for banks. As limited liability companies, banks and other FSA-supervised financial institutions are generally subject to the same insolvency laws and procedures as those that apply for non-regulated companies. FSMA gives the FSA a limited role in statutory insolvency procedures for financial institutions, including the power to petition for an institution to be placed in administration or winding-up proceedings. Under the current system, bank depositors are treated like other creditors at the beginning of administration proceedings and delays in repayment of deposits can span several weeks. In terms of pre-statutory resolution of a troubled institution, however, the FSMA provides the FSA with a broad range of powers to resolve problems in banks, ranging from public censure to withdrawal of authorization, and the financial stability Memorandum of Understanding (between HMT, the FSA and the Bank) provides a broad framework within which official intervention of various sorts could be contemplated in more systemically important cases.

13. Overall the U.K. satisfies the Basel Core Principles preconditions for effective banking supervision.

Table 1.

Detailed Assessment of Compliance of the Basel Core Principles

Table 1.

Detailed Assessment of Compliance of the Basel Core Principles

Principle 1.	Objectives, Autonomy, Powers, and Resources An effective system of banking supervision will have clear responsibilities and objectives for each agency involved in the supervision of banks. Each such agency should possess operational independence and adequate resources. A suitable legal framework for banking supervision is also necessary, including provisions relating to the authorization of banking establishments and their ongoing supervision; powers to address compliance with laws, as well as safety and soundness concerns; and legal protection for supervisors. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place.
Principle 1(1)	An effective system of banking supervision will have clear responsibilities and objectives for each agency involved in the supervision of banks.
Description	Responsibilities and objectives of the FSA as supervisor and regulator are set out in the FSMA. The FSA’s general functions are set out in the FSMA Section 2 (4), and consist of rulemaking, preparing and issuing codes, providing guidance, and determining the general policy and principles by which the FSA will perform its functions. In carrying out the general functions, the FSA is required to act in a way that is compatible with the regulatory objectives and have regard for the principles of good regulation. The four regulatory objectives, identified in the FSMA Section 2 (6), are market confidence, public awareness, protection of consumers, and reduction of financial crime. The seven principles of good regulation identified in FSMA Section 2 (3), which FSA is required to take into consideration, include minimizing adverse effects of regulation on competition; encouraging competition among firms regulated by FSA; using its resources economically; taking account of the responsibilities of those who manage the affairs of authorized persons; following the principle that a burden or restriction imposed on a regulated firm should be proportionate to the benefits expected; being attentive to facilitating innovation in connection with regulated activities; and observing the international character of financial services and markets and the desirability of maintaining the competitive position of the U.K. The FSMA gives the FSA rulemaking powers that may be used to introduce new rules or change existing rules. Rules and Guidance are set out in the FSA Handbook, and primarily cover prudential matters. Banks are required to meet “threshold conditions” (TC), set out in FSMA Schedule 6, and elaborated on in the Threshold Conditions chapter of the FSA Handbook (COND). Banks are also required to comply with rules made by the FSA. In general, the FSA has the sole responsibility for supervising banks in the United Kingdom. Branches of EEA banks are also supervised by their home country supervisors. The FSA has broad powers under the FSMA to take action against banks that do not comply with legal and regulatory requirements. The FSA has formal powers to take action to deal with problem banks, but where appropriate may pursue informal action to resolve problem bank issues. The FSMA is a comprehensive update of previous banking laws. Prior to the enactment of the FSMA, banking laws had been amended periodically to enhance supervisory standards, increase supervisory powers, and reflect the requirements of EU directives. The FSMA requires transparency of the FSA in a number of ways. FSMA Schedule 1, paragraph 10 requires the FSA to report (on the discharge of its functions) to the Treasury at least annually, and Treasury is required to provide a copy of this report to Parliament. In addition, FSMA Schedule 1, paragraph 11 requires the FSA to hold an annual public meeting to discuss the contents of the report. Schedule 1, paragraph 12 of the FSMA charges the FSA’s non-executive committee with reviewing the FSA’s internal financial controls, and reports on these matters to the Treasury. In addition, the Treasury has the authority to make formal inquiries relating to the FSA’s use of resources in discharging its functions, and where there has been a serious failure in the regulatory system. Information on the FSA’s regulatory objectives is published in its plan and budget, and other publications. The FSMA, section 8, also requires the FSA to consult on the extent to which its general policies and practices are consistent with its general duties. The FSA does not publish regular information on the financial strength and performance of the banking industry; however, industry information is available from other sources. Historically, the Bank of England collected regulatory returns for the banks and published statistical information on the banking industry. Under the FSMA, the regulatory returns are collected by the Bank under the FSA’s authority; however, the Bank continues to publish the aggregate information on the industry. The Bank of England’s semi-annual Financial Stability Review contains prudential information on the banking industry, including information on aggregate profitability, capital, and liquidity. In addition, the Bank publishes Monetary and Financial Statistics on a monthly and quarterly basis. These statistics provide some information on the lending sector, and national accounts level information on capital and profitability. In addition, the British Bankers Association publishes an annual report that aggregates publicly available financial information from the large banks to provide an industry wide view. The FSA does have two projects (discussion papers on harnessing market forces, and on the regulatory reporting environment) underway to explore, among other things, whether they should provide any additional industry information to the public.
Assessment	Compliant
Comments	The FSMA clearly defines the FSA’s role as bank supervisor, sets out regulatory objectives and principles, and provides broad rulemaking powers. Systems are in place to ensure the FSA’s activities are carried out in a transparent manner. Information on the financial strength and performance of the banking industry is publicly available, but is published by the Bank of England and the British Bankers’ Association.
Principle 1(2)	Each such agency should possess operational independence and adequate resources.
Description	The FSA is an independent non-governmental body, established as a company limited by guarantee. The FSA is accountable to Treasury Ministers and, through them, to Parliament. A Board appointed by HM Treasury governs the FSA. In addition to the Executive Chairman, there are currently three Managing Directors and eleven non-executive members, of whom one, the Deputy Governor (Financial Stability) of the Bank of England, is an ex officio director. One of the non-executive members is Deputy Chairman and ‘lead’ non-executive. The Board sets the FSA’s overall policy, but is not involved in the day-to-day operations. The FSA’s funding is provided by the industry, and regulated firms pay annual fees directly to the FSA. The FSMA (Schedule 1, paragraph 17) gives the FSA the authority to require the payment of fees. The FSA is required to consult on its proposed fees, and has issued a series of consultation papers (CPs) that explain how the fees are calculated. CP111 addresses the post-N2 fee assessment process. FSMA requires the FSA to carry out its regulatory responsibilities in a way that uses its resources in an economic and efficient manner. To this end the FSA has developed four resources strategies -for People, Space, Cash and Information. A monthly Resources Report is published within the FSA, monitoring progress against key measures in each of the resource categories. This report includes tracking of things like staff turnover. Salaries paid by the FSA take into account pay levels within the financial services industry and the FSA is able to recruit expert assistance where needed. The FSA spent approximately £2.8million on training in 2001/2, with an average of 6.2 days per person spent on formal training activities over the same period. The FSA uses secondments from the industry and professional firms to add skills and experience not readily available in the marketplace. The FSA also provides outward secondment opportunities to staff as part of its Graduate Development Program. HM Treasury appoints the FSA Board, including the chairman, and also has the authority to remove the chairman or other board members. The FSMA does not set out a term for the chairman. In addition, the FSMA does not set out reasons for removal of the chairman, nor does it require that the reasons for removal be made public.
Assessment	Compliant
Comments	The FSA’s Board reports to HM Treasury, and ultimately the Parliament. While the day-to-day operations of the FSA are removed from HM Treasury, there is concern within the industry that political pressures, particularly related to the consumer focused objectives, may cause the FSA to become (a) more prescriptive or rule based, and (b) more consumerist. The prominence of consumer protection among the FSA’s regulatory objectives may cause tensions within its risk-based approach to supervision. The strong and transparent accountability regime surrounding all aspects of FSA operations provides the safeguard that the fiscal regime of assessments on regulated firms would not compromise its independence or autonomy. The FSA has the authority to increase assessments to fund increasing supervision needs, but has made a conscious effort to hold its expenditures relatively stable over the last few years. Detailed on-site supervision work is provided either internally by line supervisors supported by the risk review division, or externally using “skilled persons” reviews. The skilled persons reviews are directed by the FSA, but paid for by the firm directly, and represent an additional cost of supervision to the industry over the FSA’s assessments. FSA pursues a consistent theme of proportionality, considering the cost of supervision (including the use of skilled persons reports) against the risks to the FSA’s objectives. The FSA and its staff are credible and professional. Staff at the director and manager level is experienced, many coming from the Bank of England at the time the FSA was created. Bank and industry sources stated that the FSA’s level of supervision and focus was reasonable, and the FSA is focused on key risks in the industry. The sources also noted that turnover and depth of staff have been issues for the FSA. One area that bears monitoring is the adequacy of staffing levels in the supervision and risk review divisions. The FSA’s internal specialist teams are quite small considering they are a cross-sector resource. The FSA’s new risk assessment process is in the early stages of being rolled out. The level of requests for risk review assistance in relation to their available resources is not yet known, and is something that should be closely monitored to ensure that resources are sufficient to carry out risk mitigation programs. In addition, industry sources expressed some concern over the turnover rate in supervisory staff, and the level of firm specific knowledge that is lost due to turnover. However, the FSAP team was informed by the FSA that staff turnover rates have decreased recently. Turnover figures for the FSA divisions undertaking banking supervision (i.e., the Deposit Takers Division, the Major Financial Groups Division and the Investment Firms Division) have ranged from 3.5 percent to 9.7 percent in the twelve months to June 2002. The FSMA does not specify a minimum term for the head of the FSA, does not require that any removal be based on specified reasons, and does not require that the reasons for the removal be made public. HM Treasury is responsible for the processes surrounding the appointment and removal of the head of the FSA. Although the high-level safeguards in this area are thus limited, appointments are made on principles of good corporate governance known as the Nolan Principles, while senior officials’ contracts have specific terms, and an official removed could pursue a judicial review in certain circumstances. De facto, an important safeguard in the U.K. context is the close public scrutiny over the activities of public officials provided by an independent media, as well as parliamentary scrutiny. In these circumstances, it is unlikely that a senior official could be removed from office without the government having to publicly disclose and defend the reasons behind its decision.
Principle 1(3)	A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision.
Description	The FSMA sets out the legal framework for authorization, ongoing supervision, and enforcement. The legal framework includes secondary legislation under FSMA, and the rules made by the FSA using its rulemaking powers under section 138 of the FSMA. The FSA Handbook contains manuals on Authorization, Supervision, and Enforcement. The FSA promulgates rules with which the banks must comply. The FSA also produces guidance. The rules and guidance mainly cover prudential matters. Under FSMA section 148 the FSA also has the power to alter or revoke rules, and to modify or waive rules in certain cases. The FSA has authority to require banks to provide information under FSMA section 165. Banks are required to submit a variety of regular reports to the FSA covering their financial condition (SUP chapter 16).
Assessment	Compliant
Comments	The FSMA provides a suitable framework for the authorization and ongoing supervision of banking establishments, and clearly identifies the FSA as the body responsible for authorization and supervision of firms. The FSA produces rules and guidance on authorization and supervision. In addition, the FSA has broad powers to require banks to provide information. Rules and guidance are prepared in consultation with the industry.
Principle 1(4)	A suitable legal framework for banking supervision is also necessary, including powers to address compliance with laws, as well as safety and soundness concerns.
Description	The FSMA (Schedule 1 paragraph 6) requires the FSA to maintain a process designed to allow it to determine whether a bank is complying with requirements under the FSMA (including FSA rules). The FSA has broad authority to determine whether a bank is in compliance with regulatory requirements. The FSA has the authority under FSMA section 165 to obtain any information or documents from banks. The FSA may also obtain information through the use of an authorized person under section 166. The FSA may also appoint investigators into a bank’s affairs under FSMA sections 167 through 176. The FSA’s authority and the processes for obtaining information are set out in the Enforcement manual (ENF) section of the FSA Handbook. The FSMA gives the FSA broad powers to take action against banks that do not comply with the requirements of the FSMA, or its secondary legislation or rules. The FSA may withdraw a bank’s authorization, limit a bank’s ability to take deposits, or require a bank to cease certain activities. The FSA can take remedial action with immediate affect under FSMA Section 45, using a supervisory notice. These notices are subject to referral by an independent FSM Tribunal. Procedures relating to the Tribunal are found in Part IX of the FSMA. The FSMA Part XIV provides the FSA with the power to fine or publicly censure a bank that fails to comply with a requirement imposed by the FSA or the FSMA. This is accomplished through the issuance of a decision notice. These actions are also referable to the Tribunal, generally within 28 days of the date of the notice. The FSA may not take the action specified in these notices until after the referral period has ended, or if the matter is referred, until after the Tribunal disposed of the appeal.
Assessment	Compliant
Comments	The FSA has broad powers to supervise banks, including requiring the banks to provide information. If the FSA determines that the bank is in non-compliance with the FSMA or its rules, it has a range of supervisory and enforcement options available. The options include prompt remedial action (restricting activities, revoking authorization) where other supervisory measures are not sufficient.
Principle 1(5)	A suitable legal framework for banking supervision is also necessary, including legal protection for supervisors.
Description	The FSMA Schedule 1 paragraph 19 provides that neither the FSA or “any person who is, or is acting as, a member, officer or member of staff of the FSA” is to be liable in damages for anything done or omitted in the discharge, or purported discharge of the FSA’s functions. This protection extends to persons appointed to investigate complaints under Schedule 1 paragraph 7. An exception to the protection exists if the act or omission is in bad faith. In addition, the FSMA protection does not prevent an award of damages under Section 6(1) of the Human Rights Act of 1998. However, under the complaints scheme (FSMA Schedule 1 paragraphs 7 and 8), the appointed investigator must have the power to recommend, if he thinks it appropriate, that the FSA makes a compensatory payment to the complainant, remedies the matter complained of, or both. The FSA has the power to require the payment of fees, to cover the costs of defending its actions. The FSA covers the legal costs of defending its staff in legal actions against them in relation to their work as FSA employees.
Assessment	Compliant
Comments	The FSMA provides protection from liability to the FSA and its staff for any actions taken in good faith in the performance of their duties. However, the FSA may be required to pay compensation to complainants under the FSMA mandated compensation scheme, or awards for damages related to actions found to be unlawful under the Human Rights Act.
Principle 1(6)	Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place.
Description	The FSA has an MOU with the Bank of England and HM Treasury, which covers among other things, the exchange of information. The MOU is published. FSMA Part XXIII places restrictions on the disclosure of information, there are exceptions that permit the FSA to disclose information to other regulators (U.K. and overseas) subject to compliance with EU directives. FSMA Section 354 requires the FSA to cooperate with persons who have functions similar to the FSA, and also to cooperate in relation to the prevention or detection of financial crime. Cooperation may include sharing of information that the FSA is not prevented from disclosing. The FSA has formal arrangements for information exchange in place with a number of domestic, EEA, and overseas supervisors. Information is exchanged on an ongoing basis. Confidential information disclosed by the FSA continues to be subject to the FSMA restrictions on disclosure. The FSA must satisfy itself that where confidential information is disclosed to an overseas supervisor the information will be subject to equivalent restrictions as those that apply to confidential information restrictions in the Banking Consolidation Directive. The FSA may refuse requests for confidential information except in limited cases such as court orders in criminal cases, Parliamentary inquiries, and to an extent, personal data subject to data protection legislation.
Assessment	Compliant
Comments	The FSMA provides a suitable framework for sharing of information with domestic and foreign supervisory agencies, and provides for safeguarding of confidential information. The FSMA also provides the FSA with the right to refuse requests for confidential information, with limited exceptions.
Principle 2.	Permissible Activities The permissible activities of institutions that are licensed and subject to supervision as banks must be clearly defined, and the use of the word “bank” in names should be controlled as far as possible.
Description	The FSMA does not expressly define the term “bank” or include it as a separate category of authorized person; however, Schedule 2 does identify deposit taking as a regulated activity. The Regulated Activities Order also sets out activities which are regulated activities for the purposes of the FSMA, and accepting deposits is one such activity. For purposes of determining which parts of the FSA Handbook apply to particular categories of firms, the FSA defines a bank as: a. A firm with Part IV permission which includes accepting deposits, and (i) which is a credit institution; or (ii) whose Part IV permission includes the requirement that it complies with IPRU (Bank); But which is not a building society, a friendly society, or a credit union. b. An EEA bank. The FSMA Section 19 provides that no person may carry on a regulated activity in the U.K. or purport to do so unless he is an authorized person or an exempt person. FSMA Section 24 provides that a person who is not an authorized person is guilty of an offense if he describes himself as an authorized person or holds himself out in a manner that is reasonably likely to be understood as indicating that he is an authorized person.
Assessment	Compliant
Comments	While “bank” isn’t expressly defined, regulated activities are defined and included deposit taking. The FSMA mandates that all persons carrying out regulated activities are properly authorized. Any person using the term bank or banking in their name would be presumed to be carrying out regulated activities and must be authorized.
Principle 3.	Licensing Criteria The licensing authority must have the right to set criteria and reject applications for establishments that do not meet the standards set. The licensing process, at a minimum, should consist of an assessment of the banking organization’s ownership structure, directors and senior management, its operating plan and internal controls, and its projected financial condition, including its capital base; where the proposed owner or parent organization is a foreign bank, the prior consent of its home country supervisor should be obtained.
Description	When granting or varying Part IV permissions, FSMA section 41(2) provides that the FSA must be satisfied that the applicant satisfies and will continue to satisfy the threshold conditions set out in the FSMA (Schedule 6) in relation to all regulated activities for which they will have permission. There are five threshold conditions: 1. Legal status. Deposit-takers must be bodies corporate or partnerships. 2. Location of offices. If the bank is a body corporate constituted under the laws of any part of the U.K., then it must have its head office and, if it has one, its registered office in the U.K. A body incorporated in one part of the U.K. may have its head office in any other part. If the bank has its head office in the U.K. but is not a body corporate, it must carry on business in the U.K. 3. Close links. This threshold condition applies when the applicant has close links with another person of such a kind as to prevent the FSA from effectively supervising the applicant. The FSMA Schedule 6 paragraph 3 provides a definition of close links. If there are close links with another person, then two tests must be satisfied. First, the links must not be likely to prevent effective supervision of the applicant by the FSA. Second, if the person to whom the applicant is linked is situated outside the EEA, then the laws, regulations, and administrative provisions that apply must not prevent effective supervision of the applicant by the FSA. 4. Adequate resources. This test is not only concerned with absolute levels of capital, but also non-financial resources and means of managing resources. Resources may include capital, provisioning, availability of liquid assets, human resources, and risk management systems. When considering adequacy of resources, the FSA will also review whether the firm is ready, willing, and organized to comply with the high level systems and controls requirements set out in the SYSC chapter of the FSA Handbook. 5. Suitability. The applicant has the burden of satisfying the fit and proper test. Section 59 of the FSMA gives the FSA the power to specify “controlled functions” within a firm that must be performed by individuals who have been assessed as fit and proper by the FSA. The FSMA also gives the FSA the power to establish how firms should apply for approval (section 60), factors to be determined (section 61), and to issue statements of principles and a code of practice which will apply to all individuals performing functions under section 59. The FSA has exercised these powers, and sets out its approach in the FIT chapter of the FSA Handbook. Additional information relating to the five threshold conditions, including assessment criteria, is set out in the Conditions (COND) chapter of the FSA Handbook. The Threshold Conditions are used to assess license applications, and are also considered as a part of the FSA’s ongoing supervision. The FSA has the power to reject an application for authorization if the applicant fails to satisfy one or more of the threshold conditions, or if the applicant provides inadequate information. Under FSMA sections 42 and 43, the FSA has the power to impose limitations or requirements on a bank’s permission, or grant permission to carry on a narrower range of activities than the applicant requested. FSMA section 45 gives the FSA the authority to vary or cancel a permission if the authorized person is failing, or is likely to fail, to satisfy the threshold conditions. The FSA Handbook chapter GN, Rule 3.3.13 requires a bank to maintain capital commensurate with the nature and scale of its business, and the risks inherent in that business. If the bank is a member of a group, those capital resources must also be commensurate with the risks inherent in the activities of the other members of the group, insofar as they impact the bank. Guidance on how banks should comply with this rule are set out in IPRU (Banks) chapter CO, with detailed guidance in a variety of other chapters. Rule 3.3.9 requires a U.K. bank and an overseas bank have capital of not less than Euro 5 million at the time it obtains its Part IV permission to accept deposits. When the FSA evaluates proposed directors and senior management, it uses the fit and proper criteria set out in the FIT chapter of the FSA Handbook. Criteria assessed as part of the fit and proper assessment include honesty, integrity and reputation (FIT 2.1); competence and capability (FIT 2.2); and the financial soundness of a person (FIT 2.3). Applicants are required to submit a variety of information, including a strategic and operating plan, a business plan, details of the applicant’s management and organizational structure, operating procedures, systems and controls, and any outsourcing arrangements. This information is assessed to determine whether the system of corporate governance is proportionate to the bank’s business, whether the bank will be managed in a competent and prudent manner, and whether appropriate systems and controls are in place. The assessment of knowledge of all types of financial activities the bank intends to pursue is carried out as part of the approval process for individuals. Cumulatively, senior management would be expected to have the experience and skills to cover all of the bank’s proposed activities. The business plan should set out the regulated and unregulated activities of the applicant along with the related risks. The business plan should include a financial budget and projections to demonstrate the applicant is able to comply with the relevant financial resource requirements. The status of the shareholders and their ability to support the business is also considered as part of this process. The FSA would obtain letters of comfort from major shareholders in some cases. Knowingly or recklessly providing false or misleading information to the FSA is an offense under FSMA section 398. The FSA is the licensing and supervisory authority for banks (but see Principle 25, i.e., branches of EEA banks). FSMA section 354 requires the FSA to cooperate in the sharing of information with other authorities in the U.K. and overseas who have functions similar to the FSA. The FSA seeks the view of the home country supervisors in assessing the application of an overseas bank wishing to establish a branch or subsidiary.
Assessment	Compliant
Comments	The FSA has the authority to set criteria for the licensing of banks, and may reject applications if they fail to meet threshold criteria or provide sufficient information. The FSA requires sufficient information to make a determination on the ownership and management structure, and the adequacy of the bank’s proposed capital, business plan, and system of controls. The FSA also has a process in place to assess the fitness and propriety of management and officers filling the key “controlled function” roles within a firm.
Principle 4.	Ownership Banking supervisors must have the authority to review and reject any proposals to transfer significant ownership or controlling interests in existing banks to other parties.
Description	The FSMA Part XII addresses control over authorized persons. Section 178 requires a person proposing to take control (or increase the degree of control) over an authorized person, including a U.K. bank, to provide the FSA with prior notification. Detailed definitions of control are set out in sections 179 and 180 of the FSMA, but 10 percent is the general threshold for control. The voting power or holdings of the controller’s associates, as defined in FSMA section 422, are also considered. The FSA may require the person giving notification to provide additional information under FSMA section 182. The FSA may object to a proposal unless it is satisfied that the acquirer is a fit and proper person to have control over the authorized person, and the interests of the consumer would not be threatened. The FSA may give unconditional approval under FSMA section 184, or may approve subject to conditions under FSMA section 185. Where shares are acquired in contravention of the FSA’s objection, or a condition imposed, the FSA may direct that the shares be subject to restriction as defined in FSMA section 189. The FSA may also apply to the court to order the sale of any shares acquired in contravention of the FSA’s objection or condition imposed. FSA rules and guidance related to controllers and close links (including required approvals or notifications, thresholds, and timeframes) are contained in Chapter SUP section 11 of the FSA Handbook. Section 11.4.10 requires banks to take reasonable steps to keep itself informed of the identity of controllers, although identification of beneficial owners is not specifically addressed. Banks must notify the FSA of its controllers and close links annually. The reports are discussed in the SUP chapter of the FSA Handbook, sections 16.4 (controllers) and 16.5 (close links).
Assessment	Compliant
Comments	FSA has full power to review and reject any proposals to transfer significant ownership or controlling interests in existing banks to other parties. Procedures for exercising this authority are spelled out in the Handbook and are carried out in practice.
Principle 5.	Investment Criteria Banking supervisors must have the authority to establish criteria for reviewing major acquisitions or investments by a bank and ensuring that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Description	The FSA’s Handbook Chapter SUP Section 15 includes a provision requiring a bank give the FSA notice of any proposed restructuring, reorganization, or business expansion which could have a significant impact on the firm’s risk profile or resources. Chapter SUP, Section 11 of the FSA Handbook addresses notification and approval requirements related to close links and changes of control in a firm. In addition, Principle 11 of the Principles for Businesses requires firms to disclose to the FSA anything relating to the firm of which the FSA could reasonably expect to be notified. The FSA’s IPRU (Bank), section LE, addresses large exposures, including investments. U.K. banks are required to notify the FSA of any investment exceeding 10 percent of its capital, and pre-notify the FSA of any investment exceeding 25 percent of capital. The FSA’s policy on large exposures does not apply to U.K. branches of overseas banks; however, U.K. branches incorporated outside the EEA have large exposure reporting requirements. The FSA is required to assess a bank’s acquisitions/investments according to whether the bank would continue to meet the Threshold Conditions, and whether the interests of consumers of regulated activities provided by the bank would be threatened by the acquisition/investment. The FSA has the power to prohibit a bank from undertaking a major acquisition or investment in cases where the bank would no longer meet the threshold conditions, or FSA rules. The FSA Handbook distinguishes between situations where notifications are required prior to the acquisition or investment, as opposed to after the fact notification. The prior notification threshold is defined in relation to the bank’s capital.
Assessment	Compliant
Comments	The FSA has rules and guidance in place regarding the notification, and in some cases prior approval, requirements of major acquisitions or investments. The approval and reporting requirements allow FSA to exercise effective supervisory oversight over corporate structures to insure that risks arising from affiliations are properly identified and controlled and that unsupervisable structures do not arise.
Principle 6.	Capital Adequacy Banking supervisors must set minimum capital adequacy requirements for banks that reflect the risks that the bank undertakes, and must define the components of capital, bearing in mind its ability to absorb losses. For internationally active banks, these requirements must not be less than those established in the Basel Capital Accord.
Description	The FSMA 2000 and the FSA’s regulations require banks to maintain both an absolute minimum amount of capital and an adequate level of capital. Threshold Condition 4 requires all banks to maintain adequate resources, both financial and non-financial. The minimum amount of capital is set at Euro 5 million (or sterling equivalent) and on an on-going basis a minimum capital ratio of 8 percent has to be maintained. The components of regulatory capital and the methodology for calculating the capital ratio have been set out in detail in IPRU Banks. The U.K. capital requirements for banks are based on the relevant EU directives, which are fully in line with the Basel Capital Accord. All U.K. incorporated banks are required to maintain capital in accordance with the Basel standards, not just those banks that are internationally active. There is a general rule requiring banks to maintain capital resources which are commensurate with the nature and scale of their business and risks inherent in that business (IPRU Ch. GN 3.3.13R). If the bank is part of a group, the capital resources must also be commensurate with the risks inherent in the activities of other members of the group in as far as these risks affect the bank. In addition to the general capital adequacy rules, for each U.K. incorporated bank an individual required capital ratio is set which in almost all cases is higher (and never lower) than the Basel minimum requirement of 8 percent. Individual bank capital ratios are determined by the overall risk profile of each institution. If the FSA determines that a bank’s business or control risks have increased, it may raise the bank’s individual required capital ratio. The individual capital ratios are applied both on a solo and on a consolidated basis. The individual ratios are reviewed periodically within a timeframe that is consistent with a bank’s supervisory cycle. Banks are required to report their solo capital ratio on a quarterly basis and their consolidated ratio on a semi-annual basis. The components of capital and the risk-weighted assets also have to be reported. Capital requirements have to be met continuously, not just on reporting dates. Banks must therefore be able to calculate their capital ratio regularly. Any breaches of individual required capital ratios must be immediately notified to the FSA. This would lead to the agreement of a clear plan and timetable to achieve swift compliance with the required ratio, either through a capital injection or a balance sheet restructuring. The FSA has a wide range of enforcement powers available if any bank fails to comply with the Threshold Conditions or the FSA’s Rules (including the capital adequacy requirements), such as variation or cancellation of permitted activities and withdrawal of the license (see Principle 1.4).
Assessment	Compliant
Comments	The FSA’s minimum capital requirements for banks are fully in line with the 1988 Basel Capital Accord and its subsequent amendments. The individual capital requirements anticipate the supervisory review process that is expected to be incorporated in the new Capital Accord that is currently being prepared. The FSA is committed to fully implementing the new Capital Accord at the earliest opportunity.
Principle 7.	Credit Policies An essential part of any supervisory system is the independent evaluation of a bank’s policies, practices, and procedures related to the granting of loans and making of investments and the ongoing management of the loan and investment portfolios.
Description	According to the Threshold Condition on Suitability, regulated firms (including banks) are expected to have identified fully, and considered, the various risks they will encounter in conducting their business and installed appropriate control systems to manage them prudently at all times. IPRU Banks Chapter AR (on accounting and other records and internal control systems) states that this can only be done if a bank has adequate accounting and other records of its business and adequate systems of control of its business and records. It is the responsibility of a bank’s directors and management to take reasonable care to establish and maintain such systems and controls as are appropriate to the nature, scale and complexity of its business. There is also a general requirement for a bank’s directors and management to take responsibility for deciding what management information is required and who are to be the recipients (IPRU Banks Chapter AR Section 3.2.3). A bank is expected to have management information accurately covering its risk exposures (ibid. Section 3.3.5). No specific rules or guidance exist for banks’ loan and investment policies, practices and procedures since these are considered to be the responsibility of management. However, the FSA expects a bank to have set prudent credit granting and investment criteria, policies and procedures, which reflect its range and type of assets. These criteria, policies and procedures must have been approved and implemented by bank management and board of directors and should be periodically reviewed. All relevant staff members are expected to receive adequate training in the bank’s internal control policies and procedures. Each bank is expected to have appropriate credit assessment procedures in place with which to identify, measure, monitor and control the credit risk. A bank’s internal records should reflect details of the analysis undertaken. A bank’s records should include details of counterparty exposure limits that have been approved by management and the bank should be able to measure actual exposures against these limits (IPRU Banks Chapter AR Section 3.2.2). Also, each bank is required to have a policy on large exposures (see Principle 9). This policy should outline the approval process for major credits, the circumstances in which limits may be exceeded and who is authorized to approve such excesses (e.g., a bank’s board or credit committee). The FSA will verify whether a bank has followed prudent credit granting criteria, policies and procedures through desk-based analysis of prudential returns. One of the methods employed, particularly for the purpose of assessing the adequacy of management information systems, is peer group review. If the desk-based analysis indicates a need for further scrutiny, various supervisory tools may be applied, if necessary in an escalating fashion, for example visits by the supervisory team to the bank, followed by specialist credit evaluation visits, and ultimately so-called skilled persons (i.e., outside auditors) investigations. Also, ad hoc meetings with senior management may be held to assess their understanding and implementation of the criteria, policies and procedures. The supervisory team will give consideration to the size, maturity, currency, marketability and sources of repayment, the geographic dispersion of assets, whether credit decisions have been taken on an arm’s-length basis and whether adequate checks are made of the total indebtedness of the entities to which the bank extends credit. No routine reviews of credit files are conducted. The FSA expects a bank to give the supervisory team full access to all information relevant to the credit and investment portfolios. However, in the event it does not prove possible to gain access to the requested information on a voluntary basis, the FSA will use its statutory powers. The FSA frequently requests receipt of banks’ own management information to help it verify adherence to the credit policies set.
Assessment	Compliant
Comments	Although no specific rules have been set, the FSA requires a bank to have credit-granting procedures that identify, monitor and control credit risk. The bank’s policies should reflect the range and type of its assets. Periodic evaluation of a bank’s credit-granting criteria is undertaken by means of a mix of desk-based analysis, on-site visits, ad hoc meetings with management and skilled persons reports.
Principle 8.	Loan Evaluation and Loan-Loss Provisioning Banking supervisors must be satisfied that banks establish and adhere to adequate policies, practices, and procedures for evaluating the quality of assets and the adequacy of loan-loss provisions and reserves.
Description	Banks are required to maintain such systems and controls as are appropriate to their business (SYSC 3.1.1R). These should include monitoring asset quality and the adequacy and value of collateral on a net realizable basis (SYSC 3.2.11 and IPRU Chapter PN). In addition, banks must maintain adequate provisions for any depreciation in the value of their assets (IPRU Chapter GN 3.3.17R). Banks are required to set out their policy on making provisions in a written statement, which should include details of their loan classification arrangement and should be reviewed annually (IPRU Banks Chapters GN 3.4.5R and PN 3). The FSA does not prescribe a particular format for the policy statement as it does not consider one format to be appropriate for the diverse range of banks authorized in the U.K. However, the FSA expects the provisioning policy statement to cover issues such as who is responsible for drawing up and monitoring the policy, what areas of the bank’s business are covered, what types of management information is generated, how is implementation of the policy checked, how are non-performing exposures identified, etcetera. A copy of the provisioning policy statement has to be supplied to the FSA. Provisioning policies should cover both on and off balance sheet positions. Provisioning and loan classification policies are not rule or formula based but must be appropriate to the bank’s business. Provisioning decisions are taken by management or the board based on a true and fair view of the quality of the assets. However, banks normally follow the accounting guidelines that have been issued by the British Bankers Association and any deviations have to be explained. These guidelines require the making of provisions once assets are identified as impaired. Loans are impaired when there is reason to believe that not all amounts (both principal and interest) will be collected in accordance with the contractual terms of the loan. The external auditor has to approve the provisioning decisions made by management in the context of his review of the financial statements. However, banks’ provisioning policy statements should include criteria for loans to be classified as non-performing. This would normally be when payments were a minimum number of days in arrears (usually 90 days), but a bank could make specific provisions earlier if this is considered appropriate. Provisioning decisions with regard to individual assets have to be based on an impairment that has actually been identified, in other words, no general provisions are to be included. In assessing the adequacy of a bank’s provisions, the FSA looks at its provisioning policies, and the methods and systems for calculating provisions in accordance with those policies. The FSA seeks to ensure through risk mitigation programs and other work that procedures and resources for monitoring and dealing with problem loans are adequate. The FSA does not as a standard practice require periodic reporting of classified and non-performing loans. However, where the FSA has concerns over a bank’s asset quality, it can seek regular reports on watch list loans. The level of provisioning is normally reported either on a quarterly or a semi-annual basis, but the frequency can be increased, and the required contents of reports expanded, if necessary. When there are doubts about a bank’s credit controls or the adequacy of provisions, the FSA will have these assessed by its own credit specialists or by an external skilled person. A plan of action would be tailored to the outcome of such reviews. If the FSA continued to have doubts on a bank’s provisioning practices, it may use its enforcement powers.
Assessment	Compliant
Comments	Banks are required to supply the FSA with policy statements outlining their approach to asset classification and provisioning arrangements. External auditors routinely review the adequacy of banks’ provisions as part of the audit process. The FSA does not have a formal requirement that loans be classified when payments are contractually a minimum number of days in arrears (as called for in Additional Criteria 1, of the Core Principles Methodology) as the classification and provisioning system is not rule but principle-based. In practice, loans tend to be classified after 90 days of arrears. This system works well and actual provisioning levels in U.K. banks appear to be adequate. The FSA should consider introducing a requirement for periodic reporting on credit quality based on each bank’s own asset classification policy and internal credit ratings. This would strengthen off-site monitoring by allowing early identification of asset quality trends.
Principle 9.	Large Exposure Limits Banking supervisors must be satisfied that banks have management information systems that enable management to identify concentrations within the portfolio, and supervisors must set prudential limits to restrict bank exposures to single borrowers or groups of related borrowers.
Description	Each bank must set out its policy on large exposures in a written statement (IPRU Chapter GN Section 3.4.1R). The policy should outline the circumstances in which limits (e.g., types of counterparty, individual counterparties and connected exposures) may be exceeded and who is authorized to approve such excesses (e.g., a bank’s board or credit committee). The policy statement must be approved by the bank’s board and must be agreed with and copied to the FSA. The bank must review the policy statement and if necessary update it at least once a year. Any significant departures from the stated policy, e.g., new types of lending or breaches of existing limits, should not be incorporated without prior discussion with the FSA. A bank must have adequate systems and controls to enable it to monitor and control its large exposures in conformity with its large exposures policy statement and to calculate its large exposures accurately and promptly (IPRU Chapter GN Section 3.3.19R). The supervisor will verify the existence of such systems and controls. This will be done by periodic supervisory visits to the bank, ad hoc meetings with senior management and the board, skilled person reports and any thematic work that the FSA may seek to carry out in this area. Maximum limits for exposures to individual and group borrowers are set by the EU Large Exposures Directive (now included in the Consolidated Banking Directive), which has been fully implemented in FSA guidance. The chapter on large exposures in IPRU provides a comprehensive definition of ‘exposures’, which includes both on and off balance sheet items, and guidance covering the 10 percent and 25 percent limits and the calculation of a bank’s large exposure capital base. The limits, as well as the notification and reporting requirements, have to be met both on a solo and on a consolidated basis, as appropriate. A ‘closely related group’ is defined to exist either where two or more individual counterparties constitute a single risk because one of them has directly or indirectly, control over the other(s), or where individual counterparties are connected in such a way that the financial soundness of any of them may affect the financial soundness of the other(s) or the same factors may affect the financial soundness of both or all of them. Where there is doubt as to whether a number of individual persons constitute a group of closely related counterparties banks should discuss the circumstances with the FSA to determine how the exposure(s) should be reported (IPRU Chapter LE Section 5). A U.K. bank must notify the FSA if it proposes to enter into a transaction which would result in it having an exposure which exceeds 25 percent of its capital (IPRU Chapter GN Section 3.3.21R). In conformity with the EU Capital Adequacy Directive, excesses of the 25 percent limit may be allowed in certain limited cases, relating mostly to trading book positions. In such cases, an incremental capital requirement may be applied. In addition, the FSA may allow a breach of the 25 percent limit at the solo level as long as the limit is met at the consolidated level. All breaches of large exposure limits must be notified to the FSA immediately (IPRU Chapter LE Section 3). The FSA receives details of the twenty largest bank and non-bank exposures and any exposures of 10 percent or more of a bank’s regulatory capital base via a large exposures report submitted quarterly by U.K.-incorporated banks (SUP 16.7.8R). Branches of non-EEA incorporated banks submit half-yearly reports of their twenty largest bank and non-bank exposures (SUP 16.7.12R). These reports should be completed on an unconsolidated or solo-consolidated basis and on a consolidated basis. Concentrations of risk should be covered in a bank’s large exposure policy statement and significant concentrations of risk, both sectoral and geographic, would be considered during the FSA’s regular risk assessments. The FSA also frequently requests receipt of banks’ own management information to help verify adherence to the large exposure policy statement and limits.
Assessment	Compliant
Comments	Clear and precise regulations exist with respect to large exposures, reflecting the relevant EU Directive. The FSA’s requirement for banks to submit a written policy statement on large exposures is an appropriate means of stimulating prudent behavior in banks with respect to risk concentrations. Large exposure policies are monitored and enforced by the FSA using its normal supervisory tools.
Principle 10.	Connected Lending In order to prevent abuses arising from connected lending, banking supervisors must have in place requirements that banks lend to related companies and individuals on an arm’s-length basis, that such extensions of credit are effectively monitored, and that other appropriate steps are taken to control or mitigate the risks.
Description	Banks’ policies on connected lending should be included in their large exposures policy statements (IPRU Banks Chapter LE Section 8.1). Connected exposures are defined to include intra-group lending, lending to directors, senior managers, controllers (i.e., major shareholders) and their associates (including close family members), and lending to non-group companies with which the bank’s directors or controllers are associated (ibid. Section 5.3). The FSA retains discretion to determine whether a particular counterparty should be deemed to be connected to a bank where doubt exists. The FSA normally expects connected exposures to remain an insignificant proportion of a bank’s assets. Clear and objective credit assessment processes have to be used when banks consider proposals for connected lending. Exposures to connected parties may be entered into only for the clear commercial advantage of the bank and should be negotiated and agreed on an arm’s length basis. Factors a bank has to take into account when determining whether a loan is being made on an arm’s length basis include the extent to which shareholders can influence the bank’s operations (e.g., through voting rights), the management role of shareholders (e.g., whether they are also directors of the bank) and whether the loan would be subject to the bank’s usual monitoring and recovery procedures if repayment difficulties emerged (ibid. Section 5.3.7). Aggregated connected lending should be a maximum of 25 percent of a bank’s capital base. The FSA is prepared to consider requests from banks for higher limit levels than this in certain, very limited, circumstances. An example of this might be where the bank performs a group treasury function and it is reasonable to allow a limit higher than 25 percent of capital for exposures of under one year maturity. The requirements for connected lending concessions are set out in IPRU Banks (Chapter LE 9.2.2-9.2.5). With the exception of such agreed concessions within limited parameters, aggregate regulatory limits on banks’ connected exposures are as strict as those for single borrowers and groups of related borrowers. The FSA may deduct exposures to companies or persons connected to a bank from the bank’s capital base if they are of the nature of a capital investment or are made on concessionary terms (IPRU Chapter LE 5.3). Aggregated connected lending is reported to the FSA on a quarterly basis via a large exposures report. One of the checks supervisors make when examining these data is to ensure that they remain within the agreed limits. Since the FSA requires banks to report connected exposures, it requires banks to have systems in place to identify all connected exposures. The mission team was informed that the FSA also requires banks to provide a detailed breakdown of their exposures to connected counterparties. As with credit policies generally, verification of compliance with the requirements relating to connected lending may be undertaken during the course of supervisory or specialist credit visits or by commissioning skilled persons reports.
Assessment	Compliant
Comments	The FSA’s supervisory approach towards connected lending by banks offers sufficient safeguards that such lending will be undertaken only on an arm’s length basis. The requirements for approval of proposed exposures to companies or persons connected with the bank by the bank’s board of directors and for banks to have procedures in place to prevent persons benefiting from the loan taking part in the loan assessment process or in the loan decision(Essential Criteria 3 and 4 of the BCP Methodology) are covered by the general requirement for banks to take special care to ensure that a proper, objective credit assessment is undertaken for connected lending and by the more specific guidance on credit risk management and corporate governance given in the FSA’s Handbook. Also, the FSA requires the risk management function of a bank to be independent and therefore parties benefiting from a lending decision should not be part of the risk assessment process.
Principle 11.	Country Risk Banking supervisors must be satisfied that banks have adequate policies and procedures for identifying, monitoring, and controlling country risk and transfer risk in their international lending and investment activities, and for maintaining appropriate reserves against such risks.
Description	A bank’s approach to sovereign lending and to country exposure limits should be included in its large exposure policy statement (IPRU Banks Chapter LE Section 8.1). Although there is no specific requirement in this regard, the FSA expects the policy statement to include details of limits on a country-by-country basis. Exposures to overseas countries which exceed 25 percent of a bank’s capital base are not covered by the pre-notification requirements for large exposures. However, where a proposed transaction will result in an exposure which represents a significant departure from a bank’s large exposure policy statement, the FSA does expect the proposed transaction to be notified in advance and discussed with it. If the FSA is dissatisfied with a bank’s country risk policy, it may instruct the bank to reduce its exposures or to increase its capital. The FSA’s guidance for banks’ provisioning policy statements does not contain references to provisioning for country exposures. Provisioning for country risks is covered by the general requirement for banks to maintain adequate provisions. While the FSA does not set specific provisioning requirements it does expect banks to make appropriate levels of provisions after discussions with their external auditors. If the FSA thought that a bank had inadequate provisions it would seek to hold discussions with the bank and its external auditors in order to ensure that provisioning levels are reasonable. A bank’s adherence to its country risk and provisioning policies will be checked by the FSA by desk-based reviews, during on-site inspection visits or, where appropriate, by means of a skilled persons report. The FSA will obtain information on country, sectoral and regional exposures from banks’ internal monitoring systems and will discuss them with banks’ management in the context of their large exposures policies (IPRU Banks Chapter LE Section 9.2.7.21). By doing so, the FSA is able to assess whether banks have information systems, risk management systems and internal controls that enable them to comply with their country risk policy as set out in their large exposure policy statements. The FSA also has access to country exposure statistical data collected from banks by the Bank of England, including individual banks’ returns. These returns identify cross border claims by country and sector. Bank of England data relating to country risk and transfer risk are collected quarterly and must be submitted to the Bank of England within two months of the reporting date.
Assessment	Compliant
Comments	While the FSA does not provide specific guidance with regard to country risk exposures and provisioning, it does require and verify that banks devote adequate attention to these issues. The FSA has abandoned the previous policy of setting individual country risk exposure limits because it was not possible to define such exposures generically. Also, the FSA prefers to focus on control risks instead of regulating banks’ business risk policies. The approach now taken by the FSA on country risk is in line with international risk management practices.
Principle 12.	Market Risks Banking supervisors must be satisfied that banks have in place systems that accurately measure, monitor, and adequately control market risks; supervisors should have powers to impose specific limits and/or a specific capital charge on market risk exposure, if warranted.
Description	Banks are required (IPRU Chapter GN rule 3.4.7) to have a written Trading book policy statement that covers the way in which a bank identifies, values and measures market risks in the trading book, including interest rate risk. Each bank is expected to be able to identify, measure, monitor and control its exposures to foreign exchange and other market risks across all products (IPRU Banks Chapter AR Section 3.2). Each bank is also expected to be able to collect information that can be summarized in such a way as to enable actual exposures to be readily, accurately and regularly measured against the exposure limits authorized by management. Where relevant, these limits should relate to the level of trading positions (both intra-day and overnight) in securities, foreign exchange, futures, options, forward rate agreements and swaps. Periodic reviews are conducted to verify the adequacy of a bank’s internal control systems. The FSA has imposed specific capital charges for market risks (IPRU Chapter CO Section 3). In accordance with the 1996 amendment to the Basel Capital Accord and the EU Capital Adequacy Directive, U.K. incorporated banks are set capital charges for foreign exchange and commodities position risk in the banking and trading books combined. Separate capital requirements are set for equity and interest rate position risk, as well as counterparty, underwriting and settlement risk, in the trading book. To ensure that the calculation of capital charges for market risks is valid firms need good management systems to collate accurate data. The supervisor will determine compliance with these requirements through desk based analysis of returns, information gained from on-site visits or on-going discussions with senior management. Also, in addition to standard regulatory reporting, banks are often requested to provide ad hoc reporting of their own management information (including analyses conducted). Because of its tailor-made nature this information usually offers greater insight into the market risk being run by the bank. On-site visits to banks by supervisory staff and/or a specialist team are used to ascertain the extent of senior management’s understanding of the market risk as reflected in the risk management information. For banks with significant market risk exposure, the FSA will meet a range of staff, including senior management, staff from the front office, financial control, risk management, operations, systems development, information technology and audit areas, to assess the quality of market risk management and controls. The adequacy of a bank’s system of controls is tested by periodic reviews conducted either by FSA in-house specialists or skilled persons. The FSA has established a Traded Risk Review Team within the Risk Review Department. This team focuses on banks’ trading and markets activities and its management. It has specialists with the necessary expertise to undertake, among other activities, on-site visits to review treasury systems and controls. On-site visits by the Traded Risk Team typically last between one and three days. The purposes of on-site visits include the evaluation of whether a bank’s internal market risk measurement and pricing models can be recognized for the purposes of calculating market risk capital requirements. Once a model is recognized, the team will conduct quarterly update visits during which the control environment in which the model is operated is discussed along with model outcomes, backtesting and other relevant data. The provision of this data is shortly to be automated to enhance the FSA’s ability to track trends and make comparisons. A bank that uses an internal model to calculate supervisory capital should have in place a rigorous and comprehensive program of stress testing. As set out in IPRU (Chapter TV Section 9), the FSA attaches great importance to the stress testing of the various risks facing a bank in its overall activity. As part of the model recognition process, the FSA will examine a bank’s stress testing program, including the procedures in place to assess and respond to its results. The FSA will not normally prescribe scenarios for a bank to use in stress testing, although it may do so in the event of particular market circumstances.
Assessment	Compliant
Comments	The FSA uses specific capital requirements for separate categories of market risks. Compliance with these requirements is determined through desk-based analysis and on-site visits. The adequacy of the bank’s system of controls surrounding market operations is tested by periodic reviews conducted either by FSA in-house specialists or skilled persons. In view of the number of banks, the Traded Risk Review Team appears to be thinly staffed. This applies even though only the relatively limited number of 10 to 12 banks (most of them foreign-owned) engage in the trading of highly complex financial products, while a similar number of banks is allowed to use value-at-risk models for calculating supervisory capital adequacy requirements.
Principle 13.	Other Risks Banking supervisors must be satisfied that banks have in place a comprehensive risk management process (including appropriate board and senior management oversight) to identify, measure, monitor, and control all other material risks and, where appropriate, to hold capital against these risks.
Description	Banks are required to maintain systems and controls that are appropriate to their business (IPRU SYSC 3.1.1R). According to the Threshold Condition on Suitability, regulated firms (including banks) are expected to have identified fully, and considered, the various risks they will encounter in conducting their business and installed appropriate control systems to manage them prudently at all times. It is considered to be the responsibility of a bank’s directors and management to take reasonable care to establish and maintain such systems and controls as are appropriate to the nature, scale and complexity of its business. The FSA has provided banks with guidance on adequate controls and records (IPRU Banks Chapter AR Section 3). Among other things, the guidance states that banks should design and operate a system of internal controls that provides reasonable assurance that all the bank’s revenues accrue to its benefit, all expenditure is properly authorized and disbursed, all assets are adequately safeguarded, all liabilities are recorded, and statutory and supervisory requirements are met. Management information should be prepared to show the bank’s state of affairs and its exposure to each type of risk, compared to the relevant limits set by management. The FSA expects banks’ high level controls to include the setting of strategy and plans and the establishment and review of the organizational structure and the system for delegation (including segregation of duties). In addition, management should approve the bank’s risk policies, review its high level management information and maintain the framework for monitoring and detailed periodic review of risk management and control systems. The implementation of action points following such a review should be monitored by management. Internal control systems should provide reasonable assurance that management is able to monitor on a timely basis the adequacy of a bank’s capital, liquidity, profitability and the quality of its assets. They should enable management to monitor and control the bank’s risk and to make appropriate provisions for bad and doubtful debts. The FSA expects banks to have an internal audit function (but in some cases it may be outsourced) and an audit committee. Banks are required to provide the FSA with a statement of liquidity policy (IPRU Chapter LM Section 3) that should set out their approach to liquidity management, including a description of arrangements for management on a day-to-day basis, and should explain how much liquidity risk will be assumed. The liquidity standards that banks should maintain must be appropriate to the nature and scale of their business. A bank should have in place systems which enable it to monitor its liquidity profile on a frequent and timely basis. A bank with significant currency business should include in its policy statement the policy for monitoring and controlling its liquidity positions in individual currencies. The policy statement should also consider the management of liquidity in both normal and abnormal circumstances. The FSA monitors banks’ liquidity using either a mismatch approach or a stock approach. For the majority of banks, the FSA has set mismatch guidelines that take into consideration the volatility, diversity and source of deposits, any concentrations of deposits, the degree of reliance on marketable assets and the degree of diversification, the availability and reliability of undrawn standby lines, and the impact of other factors such as off balance sheet obligations (IPRU Chapter LM Section 8.1). For the minority of banks that have a large retail deposit base in the form of current accounts, the FSA has set a sterling stock liquidity regime that requires a bank to hold a stock of liquid sterling assets that can easily be sold to replace funding that has been withdrawn. A more limited range of assets is treated as liquid under the stock approach than under the mismatch approach to reflect the fact that significant sales of certain assets by a large bank might unsettle the market. For U.K. branches of foreign banks, the mismatch approach is normally applied, with the additional requirement that the available liquidity actually has to be present in the U.K. However, if the FSA is satisfied that a branch is fully integrated with its head office for liquidity management purpose and that it can rely on the home country supervisory regime, it may permit the branch to have its liquidity managed on a global basis by its head office. Banks on the stock liquidity regime have to report their liquidity position to the FSA on a monthly basis, while banks on the mismatch regime have to report on a quarterly basis. In case a bank is experiencing liquidity problems, it may be required to report more frequently, if necessary on a daily basis. The stock liquidity report has to be prepared on a consolidated basis. While the FSA does not normally collect liquidity data in individual currencies it may require a bank to report on this basis if it has significant operations in illiquid currency markets. Supplementary to regulatory reporting, the FSA monitors liquidity risk through on-site visits, during which discussions may be held with a bank’s ALM committee. Such visits also provide the opportunity to determine management’s ability to understand and address technical issues such as those relating to multiple currency liquidity management. No specific guidance is given with respect to banks’ interest rate risk outside the trading book. The mission was informed that the FSA does not see a need for such guidance since many banks have a large proportion of floating rate assets in their banking book, reducing the potential for interest rate risk. However, the FSA has made it known to banks that it will use the Basel Committee’s Principles for the Management of Interest Rate Risk to asses the adequacy of a bank’s interest rate risk management. The FSA conducts stress tests on interest rate positions in the banking book, particularly for the larger banks. In addition, interest rate risk in the banking book is among the issues that are explicitly considered by the FSA when setting a bank’s individual capital ratio requirement (as are operational risks). In practice, individual supervisors’ analysis of interest rate risk in the banking book, which is typically based on discussions with the bank and management information, rarely results in a material increase in a bank’s individual capital ratio. With regard to operational risk, each bank is expected to have a control environment that minimizes loss from fraud, safeguards the assets, controls the liabilities and provides reasonable reassurance that the business is conducted in adherence to established policies (IPRU Chapter AR Section 3.3). Some specific guidance is given on controls in an IT environment (ibid. Section 3.3.6), while relatively detailed guidance is given on outsourcing (IPRU Chapter OS). Furthermore, each bank is expected to have appropriate arrangements to ensure business continuity in the event of an unforeseen interruption (SYSC 3.2.19). Through on-site visits, the FSA may check the effectiveness of allocated responsibilities, lines of reporting, the delegation of authority and other operational risk controls. As noted above, operational risk is one of the factors considered by the FSA when setting banks’ individual capital ratio requirement. The FSA does not currently require a specific operational risk policy statement (in contrast to large exposures, liquidity, provisioning and, where applicable, the trading book). The FSA encourages best practice in corporate governance. This includes banks making comprehensive disclosure in their annual published accounts. The FSA has also successfully exercised pressure on individual banks to inform their customers of significant issues by means of a letter.
Assessment	Compliant
Comments	Each bank is required to maintain systems and controls that are appropriate to the risks in conducting its business. The FSA has issued guidance relating to liquidity risk, interest rate risk and key aspects of operational risk, and it applies specific capital requirements to foreign exchange risk. The FSA verifies the extent to which a bank’s risk management system addresses the key banking risks during on-site visits. The FSA’s approach to monitoring liquidity under the mismatch or stock regimes appears somewhat dated in that it is not aligned to banks’ own approaches to measuring and managing liquidity, at least for the more sophisticated banks. The FSA has recently begun considering the development of a new approach which would give banks a choice between a standardized measurement technique and the use of liquidity modeling techniques for liabilities with a behavioral maturity and contingent claims. Such an approach would be designed to create incentives for banks to further develop their own liquidity measuring and management techniques. Although the actual implementation of this new approach still appears to be some years off, the mission believes it could constitute a significant step forward.
Principle 14.	Internal Control and Audit Banking supervisors must determine that banks have in place internal controls that are adequate for the nature and scale of their business. These should include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding its assets; and appropriate independent internal or external audit and compliance functions to test adherence to these controls, as well as applicable laws and regulations.
Description	The Companies Act 1985 prescribes the duties of directors who manage a company and are responsible for protecting the interests of members (shareholders) and employees. The Act applies to all companies, including banks. Any bank listed on the London Stock Exchange is subject to a Listing Rule and Combined Code which reflect the recommendations of the Committee on Corporate Governance (‘the Hampel Committee’). There is a requirement to produce a statement of directors’ responsibilities. The Combined Code is not prescriptive about the contents of the statement but there is an expectation that it will cover the responsibility of the directors for keeping proper accounting records, for safeguarding the assets of the company and for taking reasonable steps for the prevention and detection of fraud and other irregularities. In addition, the Combined Code (provision D.2.1) states that ‘the directors should, at least annually, conduct a review of the effectiveness of the group’s system of internal control and should report to the shareholders that they have done so. The review should cover all controls including financial, operational and compliance controls and risk management.’ Specific internal control requirements for banks, together with adequate record keeping requirements, are outlined in SYSC and IPRU Banks (Chapter AR). SYSC requires a bank to allocate appropriately to one or more individuals the functions of dealing with the apportionment of significant responsibilities and of overseeing the establishment and maintenance of systems and controls. Banks must take reasonable care to establish and maintain such systems of controls as are appropriate to the nature and scale of their business (SYSC, 3.1.1R). Banks are also required to have documented high level controls defining responsibilities of management and identifying lines of reporting and outlining the implementation of the requirements with respect to segregation of duties, accounting records and measures to safeguard assets (SYSC 3.2 and IPRU Chapter AR Section 3.3.5). The FSA also requires that banks have procedures to ensure that personnel have capabilities commensurate with their responsibilities and that they have implemented effective segregation of duties (IPRU Chapter AR Section 3.3.5). Furthermore, it is a requirement of IPRU (Chapter AR Sections 3.3.9 and 3.3.10) that banks have an internal audit function. However, the primary responsibility for preventing internal fraud lies with senior management. The internal audit function should have clear responsibilities and its objectivity and independence should be supported by appropriate reporting lines. In most cases this would be dual reporting lines from the head of internal audit to the chief executive officer, or equivalent, and access to the audit committee (IPRU Chapter AR Sections 3.3.9 and SYSC 3.2.16G). The internal audit function should have unrestricted access to all of a bank’s activities, records, property and personnel. A bank may outsource its internal audit function but normally not to its external auditors or skilled persons, unless certain conditions aimed at safeguarding the independence of internal audit are met. Any proposals to outsource the internal audit function should be notified to the FSA (IPRU Chapter OS Section 4.7). External auditors test a bank’s accounting procedures during their audit of the financial statements. They report significant deficiencies they have found in a letter to the bank’s management. External auditors are allowed to notify the FSA of any information they have found and which appears to be relevant to the FSA’s supervisory objectives (FSMA section 342). However, if the auditors consider any deficiency they have found to be material, they normally expect the bank’s management to forward the management letter to the FSA. Failure to do so would be interpreted as a lack of integrity on the part of the bank’s management. This would be reported to the FSA by the external auditors themselves. To carry out the role of directors and senior management, individuals have to be vetted and approved by the FSA. To gain approval they have to be considered fit and proper (FSMA Schedule 6, paragraph 5) which consists of being honest, competent to carry out their function and financially sound. The applicant has the burden of satisfying the FSA that he is a fit and proper person having regard to all circumstances. The FSA takes into account the distribution of expertise within the board when considering individual applicants. Once approved these individuals must maintain their fitness and propriety. If any of the senior management is deemed to be no longer fit and proper, the FSA has the power to initiate proceedings for the individual to be removed. The FSA follows both the Cadbury and Hampel guidance on Audit Committees and the inclusion of non-executive directors (IPRU Chapter AR Section 3.3.10). In accordance with the FSA’s internal Guidance for firm specific risk assessment and risk mitigation (Appendix 3, Corporate Governance, version 5, November 2001), there should be an appropriate proportion of nonexecutive directors to executive board members. The FSA checks through meetings during on-site visits and reviews of relevant documentation (e.g., board minutes and audit committee minutes) that a bank’s non-executive directors (a) have the necessary skills and background, (b) participate fully in committee meetings and (c) exercise independent judgment. Non-executive directors have to be vetted and approved by the FSA. The FSA has wide powers to require banks to provide information (FSMA Section 165) and the power to require the provision of a report on the firm by a skilled person (FSMA Section 166). If deemed necessary, the FSA can request copies of internal audit reports and minutes of audit committee meetings. The quality of the internal audit function may be assessed during on-site visits. The FSA also meets, at least annually, with the chairman of a bank’s audit committee. The effectiveness of front, middle and back office functions may be reviewed either through regular on-site supervisory visits, specialist visits or via the use of skilled persons.
Assessment	Compliant
Comments	The duties of directors are prescribed by company law and banks are expected to adhere to the accepted standards of corporate governance. The FSA requires banks to take reasonable care to put in place controls that are appropriate to the nature and scale of their business. This includes high level management controls (covering management responsibilities, reporting lines, segregation of duties and measures to safeguard assets). The FSA expects banks to have an appropriately resourced internal audit function which reports to an audit committee chaired by an independent director.
Principle 15.	Money Laundering Banking supervisors must determine that banks have adequate policies, practices, and procedures in place, including strict “know-your-customer” rules, that promote high ethical and professional standards in the financial sector and prevent the bank being used, intentionally or unintentionally, by criminal elements.
Description	Essential criteria As a statutory objective FSMA requires the FSA to reduce the potential for regulated businesses, including banks, to be used for a purpose connected with financial crime. Under FSMA financial crime is defined as money laundering, fraud or dishonesty, and criminal market misconduct. FSMA provides the FSA with a range of powers to make rules on firm’s systems and controls relating to money laundering, to supervise firms’ compliance with those requirements and to prosecute firms for systems and controls failures in this area. FSA’s Money Laundering Rules and regulatory requirements are set out in the Money Laundering Sourcebook in the Handbook. The requirements for effective systems and controls to protect against money laundering are elaborated in ML 7.2. ML 3 details customer identification requirements. ML 4 specifies the requirements with respect of suspicious transactions reporting. ML 7.3 specifies record keeping requirements on customer identification and individual transactions and the record keeping period. Awareness and training are required under ML 6 and the appointment of a senior officer as Money Laundering Reporting Officer (MLRO), including the requirement that the MLRO be an approved person by FSA, is provided for in ML 7. Both the FSA’s Rules and the Money Laundering Regulations 1993 (“the “Regulations”) require banks to verify the identity of customers as soon as is reasonably practicable after contact is first made, in order to carry out any regulated financial activities for them. The obligation to verify identity extends to business undertaken on behalf of another person. To assist a bank in meeting these statutory and regulatory obligations, industry guidance has been prepared in the form of the Joint Money Laundering Steering Group’s (JMLSG) Guidance Notes. The guidance notes provide extensive information on how and when to identify customers. The guidance notes are not mandatory but the FSA will take them into consideration in evaluating whether a bank has proper customer identification procedures. Neither the FSA’s Rules nor the Regulations explicitly require banks to have formal procedures in place to recognize suspicious transactions. However, the practices recommended in the JMLSG Guidance Notes cover many of the elements that might be incorporated in formal procedures. The Guidance Notes set out that appropriate ‘know your customer’ procedures, combined with adequate staff training, are the key to recognizing transactions or patterns of activity that are inconsistent with a customer’s known legitimate business, or with the normal business for that type of account. Accordingly, many banks routinely monitor cash deposits/withdrawals, and wire transfers over a certain monetary threshold (typically a few thousand pounds) and some major banks have developed or purchased sophisticated anti-fraud and money laundering monitoring systems. FSA Rules and Regulations require all bank staff to report (to the MLRO) any information that gives rise to knowledge or suspicion of money laundering. Further, the bank is required to take reasonable steps to insure that staff who handle or have responsibility for transactions that may involve money laundering report promptly. Reporting the suspicion or knowledge to the MLRO discharges the individual’s statutory and regulatory responsibilities. The MLRO, as an Approved Person, has the designated responsibility to receive internal reports of suspicious activities, to report suspicious activities to NCIS, to insure adequate awareness and training, to monitor day-to-day compliance with anti-money laundering policies and to prepare an annual report to management. The purpose of the annual report is to highlight any compliance problems, which it is the responsibility of the bank’s senior management to remedy. FSA supervisors can request a copy of the report to assist in assessing the bank’s level of compliance with its statutory and regulatory obligations. A bank is not specifically required to report to FSA suspicions of money laundering; the obligation is to report to NCIS. But banks do have a regulatory obligation to notify the FSA of significant incidences of fraud. In determining whether a fraud incident is significant, the firm must consider (i) size of loss in relation either to the bank itself or to customers; (ii) risk of reputational loss; and (iii) whether the incident reflects weaknesses in the bank’s internal controls. The FSA operates a risk-based approach to verifying that banks have the necessary controls to comply with anti-money laundering rules and regulations. The approach is designed to allocate resources in the most efficient manner to ensure that supervisory attention is directed at those areas that pose the greatest threat to the FSA’s regulatory objectives, with deterrence of financial crime being one of those objectives. To assess the vulnerability of a bank to money laundering, FSA identifies key risk criteria drawn from money laundering typologies. These criteria are scored against the business profile of individual banks. Taking into account the robustness of a bank’s control regime, FSA makes an evaluation of the extent to which the business of the bank exposes it to money laundering risk and the probability that risk will materialize. A further judgment is made about the impact if such risks do materialize and the threat this would pose to FSA’s ability to meet its statutory objectives. For banks, size is a major factor in scaling the risks to FSA’s objectives. Based on this analysis FSA arrives at a judgment about the supervisory tools and resources to be devoted to the supervision of money laundering and the intensity and focus of oversight on individual firms. In a July 2001 report, “The Money Laundering Theme,” FSA announced that it had identified six “clusters” of activities which were particularly vulnerable to money laundering and on which regulatory attention would focus. Two of these clusters concerned banks. Theme supervision provides FSA with a tool for horizontal review of practices across banks without regard to the risk profile of the bank in other business areas. Thematic work includes on-site testing of anti-money laundering procedures. Theme reviews, however, are also targeted based on risk assessments. To assist line supervisors assess the level of a bank’s compliance with the FSA’s Rules and Regulations the FSA has: a Money Laundering Review Team (supervisors with expertise in the area of money laundering); the power to appoint “skilled persons” to investigate money laundering compliance issues; an Intelligence and Records Department, which liaises with national and international law enforcement agencies; and the Financial Crime Policy Unit, which provides guidance on the Rules Line supervision includes periodic meetings with senior management responsible for fraud prevention to discuss current issues that may be of concern. MLRO reports may be copied to the FSA and followed-up as necessary. They will also be used in horizontal reviews. FSA has a broad range of tools to compel banks to comply with its rules. These include powers to impose financial penalties, public censure, and to vary and even cancel permissions. FSA is also a criminal prosecuting authority under the Regulations. FSA cannot disclose confidential information (as defined under relevant legislation) unless a gateway exists. The FSA may disclose information to its international equivalents, i.e., bodies with equivalent functions, to assist them in carrying out those functions. In the case of information covered by the EU single market directives, disclosure can only be made under a co-operation agreement and where equivalent confidentiality restrictions apply under the laws applying to the other regulator. Banks are required to comply with the FSA’s Principles for Businesses, which are a general statement of fundamental obligations under the regulatory system. Breaching a Principle makes a bank liable to disciplinary sanctions. Principle 1 states that ‘a firm must conduct its business with integrity and Principle 2 states that it “must conduct its business with due skill, care and diligence.” There is no specific FSA requirement that these Principles be communicated to all members of a bank’s staff. Additional Criteria U.K. laws and regulations embody international sound practices and are largely compliant with the FATF recommendations. FSA Rules require relevant staff to receive training at least every 24 months. Validation follows supervisory practices outlined above. FSA Regulations require an FSA supervisor to report knowledge or suspicion of money laundering in the same way as a member of staff employed by a bank. Criminal law gateways allow for the sharing of information for the purpose of criminal proceedings and criminal investigation in the U.K. or elsewhere. The FSA has in-house specialist expertise in financial crime matters, as outlined above.
Assessment	Largely compliant
Comments	FSA has strong powers and a comprehensive program for supervising the U.K. anti-money laundering practices and procedures of banks. The regime has been reinforced and energized within the last two years, notably by the implementation of FSMA with the additional responsibility and powers it provides to FSA in the area of financial crime. The regime will be further reinforced with passage of the Proceeds of Crime Act which is expected to be approved by Parliament in 2002. Increased FSA authority has been paralleled by intensified supervisory effort in the area of money laundering. The intensification of FSA supervision was confirmed in numerous contacts across the banking industry. Essential Criteria 3 requires that “banks have formal procedures to recognize potentially suspicious transactions.” Although FSA does not make such procedures a formal requirement of its AML/CFT rules and regulations, other elements of the supervisory regime effectively require banks to have structured procedures and practices that address the requirement to recognize potentially suspicious transactions. The JMLSG Guidance Notes cover many of the elements that might be incorporated in formal procedures, including “know your customer” guidance. For example, JMLSG Note 5.9 outlines tests to apply for determining whether suspicion of money laundering arises. These include: is the size of the transaction consistent with the normal activity of the customer? is the transaction rational in the context of the customer’s business or personal activities? etc. Guidance Notes 5.62-5.64 identify issues to be considered with respect to wire transfers. AML training requirements established in the Handbook require bank staff to be familiar with the Guidance Notes. Although the Guidance Notes are advisory, not mandatory, FSA takes them into account in determining compliance with its rules and regulations. In addition, the FSA Handbook requires all staff to report (to the MLRO) any information that gives rise to knowledge or suspicion of money laundering. Under the Regulations and under the Handbook FSA has authority to impose sanctions if firms fail to report suspicious transactions. While the substance of Essential Criteria 3 is satisfied, the FSAP team believes bank’s internal governance would be strengthened by a requirement for a formal policy on recognition of potentially suspicious transactions. Essential Criteria 11 calls for the supervisor to determine that banks have a policy statement on ethics and professional behavior that is clearly communicated to all staff. Although FSA does not explicitly require banks to have such a policy statement, the substance of Criteria 11 is achieved in other ways. Requirements for ethical and professional behavior animate FSA’s approach to financial supervision. For example, such behavior is required under FSA’s Principles for Business. Principle 1, Integrity, states that a firm must conduct its business with integrity. Principle 6, Customer’s interest, states that a firm must pay due regard to the interests of its customers and treat them fairly. The FSA’s Statements of Principle for Approved Persons require bank’s Approved Persons to act with integrity and due skill, care and diligence in carrying out controlled functions. Furthermore, under Regulation 5(1)(a) of the 1993 Money Laundering Regulations FSA may find a firm to be in breach of the Regulations if a business relationship is formed, or a one-off transaction takes place, without the required ethical and professional procedures being applied to that particular relationship. The FSA risk based approach to supervision allows for considerable selectivity in the firms and risks that attract close supervision, with high risk/high impact firms being the primary focus of attention. The FSAP team considered the possibility that the selectivity of this approach posed a hazard that anti-money laundering compliance in smaller, low impact firms might not be sufficiently disciplined by the supervisory process. The FSAP team satisfied itself that, at least with respect to banks, this is not the case. In the last year one-third of the small number of banks classified as low impact have been subject to theme visits for compliance with anti-money laundering requirements and all are expected to be visited over a three-year cycle. Also, in practice, money laundering theme reviews of banks cover the full scope of money laundering risks and are not limited to the two risk clusters identified in “The Money Laundering Theme” report.
Principle 16.	On-Site and Off-Site Supervision An effective banking supervisory system should consist of some form of both on-site and off-site supervision.
Description	The FSA utilizes a combination of on-site examinations and desk-based analysis to acquire a thorough understanding of banks’ safety and soundness. The regular supervisory staff is supported by risk review teams with specialized expertise in areas such as corporate governance, risk management, internal audit, IT, anti-money laundering controls and quantitative modeling techniques. To assist in the supervision of financial firms the FSA has the power to appoint so-called skilled persons (section 166 of the FSMA). In the case of banks, these are usually auditors from the big five accountancy firms. The number of skilled persons reports commissioned has been greatly reduced as they are no longer used to perform routine validation of supervisory returns. The skilled persons’ reports are discussed generically with the accountancy firms to ensure consistency of standards and the FSA forms its own judgment on the materiality of the issues raised in the reports. Through these mechanisms the FSA is able to examine any aspect of a bank’s operations, including compliance with legal requirements and prudential regulations. In addition, the FSA carries out sector-wide statistical analysis of prudential returns, financial statements, share price movements, credit ratings and other quantitative information to monitor industry trends and to identify outliers. The FSA has developed a risk-focused assessment model, covering all regulated entities in the financial industry. The model is designed to identify the key risks that institutions pose to the FSA’s statutory objectives, which in turn determine the degree of attention that the FSA devotes to individual institutions. This risk assessment is based on a view of the impact and the probability of a problem occurring at a particular institution. For prudential issues in banks, the impact is seen as being determined mostly by the size of the bank, while the judgment on probability depends on the FSA’s view of the business and control risks at a particular bank. Banks are rated either as high impact, medium high impact, medium low impact, or low impact. The risk based approach, in combination with the FSMA’s philosophy that it is neither possible nor desirable to remove all risk of failure from the financial system, has led the FSA to concentrate its supervisory activities with regard to banks on the larger institutions. In addition to the industry-wide risk assessment model, the FSA uses a firm-specific model to assess risks in individual institutions. This assessment is based on a detailed breakdown of business and control risks in individual banks. For a large bank, up to about 35 different business lines may be distinguished. Inputs into the firm-specific risk assessment model may include information from on-site work, interviews with management, prudential returns, firms’ annual AML report, external auditors’ management letters, special information requests and publicly available information. Findings of a bank’s internal auditors may be taken into account if the FSA is satisfied that the audit work has been independently and competently performed. The FSA encourages internal auditors to devote attention to issues of interest to the supervisor in their work. On-site and off-site work are thus integrated through the firm-specific risk assessment model. The firm-specific risk assessment process will take three to six months to complete and, for large banks, is carried out on a one and a half to two year cycle. The process results in a risk mitigation program that details the supervisory work with regard to the institution over the period until the next risk assessment cycle as well as actions to be undertaken by the institution itself. The supervisory work planned in this manner leaves room to undertake event-driven work as the need arises. On-site supervision is most active in high impact firms, including regular visits by the dedicated supervisory team, focused reviews by experts drawn from the FSA’s risk review department, as well as frequent contacts with high and middle level managers. Low impact banks, on the other hand, are largely supervised through off-site baseline monitoring supplemented occasionally by on-site visits in the context of the FSA’s thematic work, to deal with issues that have arisen from the off-site monitoring, or on the occasion of events such as the bank entering into new activities or the appointment of a new director. On-site visits at low impact banks will be held at least once every three years, but on average they are held more often in practice. Under the new regime, low impact banks no longer have a dedicated relationship manager within the supervisory authority. As of June 2002, 44 banks had been graded by the FSA as low impact (excluding 7 EEA branches and 9 banks which are part of a wider group). Sixteen of these were branches of overseas banks and the other 28 included small retail banks as well as some banks specializing in wholesale operations. Six low impact banks were subject to intensive supervision because risks had crystallized. Total deposit liabilities of the low impact banks amounted to 0.03 percent of total deposit liabilities of all U.K. banks. On-site visits are designed to provide a focused review of well specified topics. They typically require around three days extending up to one week in some cases. The scope of visits and the intended outcomes are detailed in the risk mitigation program generated by the firm-specific risk assessment. On-site visits by a bank’s dedicated supervisory team consist of extensive discussions with various managers supplemented by some file reviews. Topics addressed may cut across the full range of supervisory interests, including all significant business and control risks as well as compliance issues. The dedicated teams are guided by methodological aide-mémoires outlining specific points for attention in particular risk areas. For international firms, the FSA has a regular program of on-site visits to the overseas parents of the branches and subsidiaries of foreign firms operating in the U.K. and to the affiliates of U.K. banks operating overseas. The FSA has recently begun development of so-called thematic regulation, which is aimed at analyzing industry or sector wide issues by focusing on a sample of institutions. This has been assisted by the establishment of Risk Management Units throughout the FSA, including one devoted to banking issues, which have responsibility for monitoring industry-wide risk. The sample of institutions usually includes some low impact firms. Themes that have been covered so far in the banking sector include credit risk, systems and controls, anti-money laundering measures as well as other topics. The thematic work helps inform the FSA’s views on particular risk areas and may lead to follow-up work at individual institutions. The outcome of the thematic work may be rule changes, guidance letters to bank directors, seminars or speeches to draw banks’ attention to particular issues. The thematic work may also lead to enforcement action against a firm that was included in the sample. Such action would be publicized to set an example for other banks. If significant issues have been uncovered, the FSA may decide to extend the thematic work to banks outside the initial sample. The effectiveness of on-site and off-site functions is reviewed by a panel of senior and independent supervisors as part of the FSA’s formal risk assessment process. The panel focuses on the risk mitigation programs for individual banks, particularly the ones assessed as high impact or medium high impact, assessing the priorities set for supervisory work and giving advice on the proposed deployment of supervisory tools. In case of disagreement with a bank’s relationship manager, a decision is taken at a higher level within the FSA. This work is supplemented by an internal Quality Assurance Department, which is in the Chairman’s Office, that focuses on supervisory processes generically. The FSMA (Part XXIII) sets out restrictions that apply to the disclosure of supervisory information which is confidential under the Act. However, the FSMA and secondary legislation do allow the FSA to provide confidential information to other regulators, on condition that the information continues to be subject to restrictions on disclosure equivalent to those in the FSMA. In case another regulator requests the FSA to provide it with confidential information, the FSA will satisfy itself that this condition is met. The FSA is able to refuse requests for confidential information except in limited cases relating to court orders in criminal proceedings or Parliamentary enquiries.
Assessment	Largely compliant
Comments	The FSA’s supervisory process for banks consists of a combination of on-site visits, desk-based analysis and formal firm-specific risk assessment. Information from a variety of sources feeds into the process, including skilled persons’ and internal and external auditors’ reports. In addition, the FSA has begun developing thematic regulation. The FSA’s risk based supervisory approach implies that it focuses its resources on those firms that pose the highest potential risks to its objectives. Thus, banks that are considered to have a high potential impact on the objectives receive extensive supervisory attention. They are assigned a dedicated supervisory team, consisting of up to seven staff members, that will maintain frequent management contact and conduct on-site visits. The dedicated teams may request focused investigations into specific risk areas by specialized risk review teams or skilled persons. Banks graded as medium high or medium low impact will have a less intensive supervisory relationship with the FSA than the high impact banks but will nevertheless receive regular on-site visits. For some banks, however, in particular those that are considered to pose a low potential risk to the FSA’s objectives, the risk-based approach implies that they will not have a close and continuous interaction with the FSA. No on-site examinations will normally be held at these banks to verify adherence to legal and prudential requirements, and management contact will be relatively infrequent. Unless specific risks have crystallized, reliance is placed primarily on off-site monitoring of prudential returns and external auditors reports, occasionally supplemented by work conducted in the context of thematic regulation or event-driven work. In terms of protecting consumers and safeguarding market confidence, and obviously also simply because of size, it is clearly justified to concentrate scarce supervisory resources on the larger banks. However, as Essential Criterion 1, requiring an in-depth understanding of individual banks’ operations, does not distinguish between large and small banks, it applies to smaller banks’ operations as well. Undue reliance on off-site monitoring makes it difficult to achieve this level of understanding, particularly with respect to control arrangements and compliance requirements in, for example, the area of anti-money laundering. The FSA recognizes this and is considering refining its risk assessment methodology to take more explicit account of all four of its statutory objectives, including the one on combating financial crime. In fact, in the period from January 2000 to July 2002, it has already conducted anti-money laundering visits to 14 of the 44 low impact banks. To the extent that risk based supervision will continue to entail less reliance on direct oversight of lower impact banks and more reliance on baseline monitoring, consideration should be given to more frequent reporting of audited returns and more regular disclosures by all banks, along the lines recommended in the comments on Principle 19 below. Audited returns would to some extent provide indirect confirmation of the integrity of the bank’s internal systems and controls in view of the auditors’ duty to report to the supervisor any material shortcomings revealed in the audit. They would also provide stronger underpinning for offsite monitoring. Some concern was expressed by industry sources that the turnover rate of supervisory staff in the dedicated teams was too high to enable the FSA to build up thorough firm-specific knowledge. However, it is the mission’s view that this is a relatively minor issue of a transitory nature as it appears to be related to the changeover to the new supervisory regime (see also Principle 1(2)). The number of staff in the risk review teams (46 budgeted as of May 2002) appears to be somewhat small considering that they are not exclusively devoted to the banking sector but are also contributing to the supervision of the other sectors regulated by the FSA. Skilled persons reports may be commissioned to augment specialist supervisory capacity. However, skilled persons investigations are expensive relative to the FSA’s own on-site work and the FSA strives to keep the costs of supervision proportionate with the risks to its objectives. The FSA should take care to ensure that sufficient supervisory attention is devoted to specific risk areas that require highly specialized expertise, such as credit risk classification systems, market risk management and IT security.
Principle 17.	Bank Management Contact Banking supervisors must have regular contact with bank management and a thorough understanding of the institution’s operations.
Description	The intensity of the FSA’s supervisory relationship with individual banks is influenced by the assessment of the bank’s risk management procedures and practice and by the FSA’s assessment of the risks that banks pose to its statutory objectives. The FSA considers that well-managed banks whose own risk management is sophisticated and effective will require less supervisory attention than banks conducting similar business but with controls of lesser quality. Banks deemed to be high impact will have a close supervisory relationship with the FSA. Thus, for large banks, there will be frequent other contacts with directors and senior management, as well as bank specific on-site visits and thematic visits involving contacts with middle management and various other bank employees. Banks considered to be low-impact will receive occasional thematic visits on cross-industry issues, together with less frequent meetings with directors and senior management to discuss bank specific issues. The FSA nevertheless feels that it has a good understanding of smaller banks’ operations, in part because these are usually relatively straightforward. The FSA has a full range of supervisory tools available to achieve a thorough understanding of banks’ operations. In addition to meetings with management and other representatives of a bank, this includes on-site visits, desk based reviews, liaison with other regulators and analysis of periodic returns and notifications. The FSA has access to internal auditors’ reports and external auditors’ management letters. Furthermore, the FSA may commission so-called skilled persons to conduct investigations of special topics at institutions under its supervision. Banks and other supervised firms are required to provide the FSA with a wide range of information. Principle 11 of the FSA’s Principles for Business require firms to deal with their regulator in an open and cooperative way, and to disclose to the FSA anything of which the FSA could reasonably expect to receive notice. This includes any significant failures in the bank’s systems and controls, any action which would result in a significant change in its capital adequacy, and any proposed change in the bank’s operations which could have a significant impact on its risk profile. These requirements imply that banks have to notify the FSA of any significant new activities, which they would have to do in any case if a variation of the bank’s permission would be required. SUP Section 15.3 requires specifically that the FSA must be notified immediately if a firm becomes aware that any of the following has occurred or may occur in the foreseeable future: The firm’s failing to satisfy one or more of the threshold conditions Any matter which could have a significant adverse impact on the firm’s reputation Any matter in respect of the firm that could result in serious financial consequences to the financial system or to other firms Any offences and breaches of the FSMA or rules established under the FSMA. The quality of a bank’s management is considered on application for regulated status and thereafter during the normal supervisory process. Banks have to meet the threshold conditions for authorization on an on-going basis and key individuals within the bank have to be vetted and approved to carry out their particular functions. An individual that does not meet the FSA’s fit and proper standards can be disapproved for carrying out particular functions or banned from employment in the regulated financial sector altogether.
Assessment	Compliant
Comments	The FSA has frequent contacts, both through face-to-face meetings and other means, with various levels of management at the larger banks. Any issue relevant to a bank’s operations may be covered in the course of these contacts. Meetings with managers of small banks, however, appear to be rare. This is a reflection of the FSA’s risk based approach to supervision which implies that scarce supervisory resources should be allocated primarily to those areas where the potential risks to the FSA’s objectives are highest, i.e., to the larger banks (in the context of banking supervision). For low impact banks, the FSA relies mostly on desk based review of prudential returns, written material such as external auditors’ management letters and other quantitative and qualitative material, except for occasional visits to some of these banks in the course of thematic reviews. Management contact with these banks takes place once every three years at a minimum but in practice usually more often, especially after risks have crystallized (see also Principle 16). The FSA expects to be notified if a low impact bank were to experience safety or soundness problems or to enter risky new business. It would be useful to identify criteria that would require low impact banks (as well as other banks) to notify the FSA of emerging problems at an earlier stage. The mission welcomes the FSA’s intention to establish clearer guidelines for offsite monitoring triggers that would prompt it to initiate contact with low impact firms. Such triggers are also useful for medium-low impact firms, and, in general, would be useful for all firms.
Principle 18.	Off-Site Supervision Banking supervisors must have a means of collecting, reviewing, and analyzing prudential reports and statistical returns from banks on a solo and consolidated basis.
Description	Banks are required to submit a variety of statistical and prudential returns either directly to the FSA or via the Bank of England. Requirements for banks to report regularly to FSA are laid out in Chapter 16 of the Supervision (SUP) chapter of the Handbook. The requirements relate to a firm’s financial condition and to its compliance with other rules and requirements which apply to the firm. Under Principle 11 banks are required to deal with their regulators in an open and cooperative way, and to tell the FSA appropriately anything of which the FSA would reasonably expect notice. The required compliance reports include an annual report on controllers (SUP 16.4.), an annual close links report (SUP 16.5), an annual report listing all overseas regulators for each legal entity of a firm’s group and an annual organogram showing the authorized entities in the firm’s group (SUP 16.6.5). Beyond this SUP 16.7.7 identifies eleven separate reports that banks are required to submit with varying frequency over the course of the year. Standardized forms address capital adequacy, large exposures and liquidity. The standardized BSD3 Capital Adequacy Return filed semi-annually provides detailed information on both a solo and consolidated basis for both on-balance sheet and off-balance sheet assets and liabilities, divided between the banking book and the traded book, profits and losses, counterparty exposure on derivative contracts, repos and similar transactions, large exposures, provisions against bad and doubtful debts and investments, deposit sources and market risk in the trading book. The return provides supporting details for on and off balance sheet activities and provides a step-by-step calculation of capital adequacy on both a solo and consolidated basis. IPRU (Chapter CS) sets out the basis on which consolidation will be required and the consolidation techniques that are to be applied for U.K. incorporated banks and banking groups with U.K. non-bank parents only. For banks subject to the liquidity mismatch requirements, quarterly reporting is required using Form LR. For firms subject to the stock liquidity regime, monthly reports are required, using Form SL R1. The Liquidity Management (LM) chapter of the Handbook provides detailed guidance on the information to be provided in the liquidity reports. U.K. banking groups are required to report quarterly on large exposures, on both a solo and a consolidated basis, using Form LE 2. The Large Exposures (LE) chapter of the Handbook provided detailed guidance on the information to be provided in the large exposure reports. U.K. branches of non-EEA banks are required to report on profits, large exposures, balance sheet, off-balance sheet items, and bad and doubtful debt provisions using the half-yearly Form B7. They are also required to provide liquidity information quarterly, using Form LR. To insure the consistency and reliability of prudential returns, FSA policies regarding valuation of assets and liabilities are spelled out in considerable detail in the Valuation (VA) chapter of the Handbook. FSA has strong powers to enforce compliance with reporting requirements. Knowingly or recklessly giving information which is false or misleading in a material particular may be a criminal offence under sections 398 and 400 of FSMA. The handbook (SUP 15.6.1R and SUP 15.6.3R) requires an authorized person to take reasonable steps to ensure the accuracy and completeness of returns and to notify FSA immediately if material or inaccurate information has been provided. Failure to do so may result in fines or other disciplinary sanctions (ENF 13.5). FSMA (Section 165) gives the FSA statutory powers to require the provision of information.
Assessment	Largely compliant
Comments	FSA has a well structured system of prudential reporting requirements for banking groups that covers both financial and compliance information. For U.K. banking groups standardized reports are required on capital adequacy, large exposures and liquidity. Reports are required to be on both a solo and a consolidated basis, where appropriate. U.K. branches of overseas banks are required to provide liquidity and large exposure reports. The scope of reporting and the policies with respect to valuation of assets and liabilities are spelled out in detail in the handbook. Essential Criteria 4 of Principle 18, dealing with information required to be submitted for statistical and prudential reporting, states: “Inclusion of data on loan classification and provisioning is also required.” FSA does not routinely collect standardized data on classified or non-performing loans. As a matter of policy, FSA has not established regulatory loan classification or loan delinquency systems, preferring instead to emphasize that proper loan classification and asset valuation are responsibilities of bank management based on the circumstances of the individual institutions. While an entirely legitimate supervisory strategy, the FSAP team believes the absence of reporting on classified loans and non-performing loans handicaps the ability of FSA to verify the credit risk environment of banks, particularly on an offsite basis. This is a particularly important gap given the importance of baseline monitoring in the risk based supervisory regime, (See comments on Principle 19 below.) Peer group analysis would be strengthened if standardized information were available on classified and non-performing assets. Forthcoming adoption of Basel II and IAS 39 will require changes in firm practices with respect to provisioning and loan classification so now would be opportune time to close this gap in FSA’s reporting regime. IAS 39 will require a more rigorous approach to recognition of impaired assets and loan loss provisioning and Basel II will emphasize more rigorous internal loan classification systems.
Principle 19.	Validation of Supervisory Information Banking supervisors must have a means of independent validation of supervisory information either through on-site examinations or use of external auditors.
Description	Section 165 of the FSMA gives the FSA the authority to obtain information from banks. These powers extend to providing the FSA with access to a bank’s directors, senior management, and key personnel. The FSA uses on-site visits to most banks as part of its formal risk assessment process; however, a small number of small banks considered to be “low impact” do not receive a formal risk assessment. The low impact banks are reviewed primarily using desktop baseline monitoring, with on-site visits being event driven. The risk assessment visits for the high, medium-high, and medium-low impact banks take the form of on-site high-level reviews by the supervisory team. Results of the risk assessment are used to develop a risk mitigation program (RMP) which establishes to supervisory objectives for the bank for the forthcoming period, including identifying areas for further on-site review. Such on-site reviews may be conducted by frontline supervision, by the FSA’s internal risk review teams, or by engaging skilled persons, e.g., external auditors, to validate supervisory information provided by banks. The FSA Handbook (SUP 3) provides rules and guidance on the role auditors play in the FSA’s monitoring of a bank’s compliance with its rules and standards. This chapter addresses the auditors’ qualifications, independence, reporting, and the duty to notify the FSA of any significant matters raised by the auditor. The FSA rules place the duty on the bank to ensure the auditor is qualified and independent; however they prohibit a bank from appointing an auditor the FSA has disqualified. The FSA rules establish specific areas to be covered in the auditor’s report, and require a copy of all reports be provided to the FSA. In addition, SUP 3.8.2R requires the auditor to co-operate with the FSA. While the rules in SUP 3 do not provide for FSA’s monitoring of the quality of the auditor’s work, there are provisions in SUP 5 relating to skilled persons reports that provide for monitoring of work related to skilled persons reports. The FSA meets periodically with the bank’s external auditors, on a bilateral basis. In addition to periodic meetings, external auditors have a statutory duty to inform the FSA of any concerns arising during the course of their work. Section 166 of the FSMA gives the FSA the authority to require the bank to obtain a skilled persons report. The FSMA section 166(4) requires that the skilled person must be nominated or approved by the FSA, and that the skilled person must appear to the FSA to have the skills necessary to make a report on the matter concerned. Additional rules and guidance relating to the use of skilled persons is found in the FSA Handbook (SUP 5). The large international accountancy firms produce the vast majority of skilled persons reports. The FSA will direct the scope of the review using a commissioning letter, and the nature of work to be completed may be discussed by the FSA in advance. The rules pertaining to reporting and notification in SUP 3 also apply to skilled person’s reports. The FSA may hold bilateral meetings with individual partners within these firms to provide feedback from the supervisory teams on the scope and quality of their work. Trilateral meetings are held to discuss the findings of skilled person’s reports. The FSA has a formal, structured process in place for skilled persons reports (SUP 5). The process includes preliminary discussions about scope, the engagement/scoping letter to the skilled person, and the objectives to be accomplished by the review. Procedures for internal risk review visits carried out by FSA’s Risk Review Division are less formalized. These procedures typically involve a detailed scoping paper prepared by frontline supervisors. The firm is typically asked to provide supporting information which is analyzed prior to the visit. The visit itself builds on the information supplied and involves interviews with management and staff as well as an examination of files. For certain areas (money laundering, credit) aide-mémoires have been prepared that guide the procedures performed in the review. Supervisory returns are reviewed by supervisors for consistency and plausibility. An initial check is required within 2 days of receipt and a more detailed check is required to be completed within ten days of receipt. These reviews consist of trend analysis and plausibility checks involving comparisons with previous returns and checks against audited accounts for capital adequacy and large exposures capital base. These reviews are supplemented by peer group analysis. Validation checks completed by one supervisor must be checked and signed off by another supervisor. Follow-up with the bank will take place to reconcile outlier data and inconsistencies. Banks are subject to fines for late returns. The FSA does not require that the auditors examine certain key supervisory returns, such as capital adequacy, at least annually nor do FSA examiners routinely validate the returns to bank records. FSA has a variety of powers to ensure the validity of supervisory returns, including authority under 5165 of FSMA to request additional information from the bank at any time, the authority under 5166 to require skilled persons report to verify the accuracy of information provided, and the ability to request supplementary information from the bank’s auditors under the provisions of SUP 3.8.2R which covers an Auditor’s duty to cooperate with FSA. The FSA does have the means to independently validate supervisory returns, through supervisory visits, risk review division visits, or skilled person’s reports. Supervisory visits (during the risk assessment process) are used to review the bank’s process for completing the reports, and do not include validating key returns. The use of the internal risk review or skilled persons report tools depends on whether an issue was raised during the supervisory visit, the impact rating of the firm and the availability of these resources. FSA has identified validation of supervisory returns as a topic for theme supervision over the next year. There is no requirement that the FSA meets with the management or board each year. The FSA may hold meetings with a bank’s board, or hold separate meetings with non-executive directors, when it is deemed appropriate. The FSA determines the level of supervision based on its assessment of the risk a bank poses to the FSA’s regulatory objectives, and this assessment will drive whether a meeting with a bank’s board is required.
Assessment	Largely Compliant
Comments	The FSA has the means to independently validate supervisory information, through supervisory visits, risk review division visits, or by commissioning skilled person’s reports. However, costs and resource constraints limit the use that is made of skilled persons reports or on-site risk review visits to validate supervisory information. The FSAP team was told that, partly because of their expense, FSA has discontinued the routine use of skilled persons reports to validate regulatory returns, but they may be used on an exceptional basis. Going forward, use of skilled persons reports will focus on situations where remedial work is needed quickly or the FSA does not have the resources and/or expertise to conduct the review internally. The Major Financial Groups Division (MFGD) estimated that 70-120 skilled persons reports would be ordered per year across the 52 largest bank, securities and insurance groups firms that are supervised by the division. The Deposit Takers Division (DTD) estimated that they would order about 15-20 skilled persons reports, across about 200 banks. Internal risk review is a scarce resource, with an approved head count of 46 (including administrative support) to support work across all of FSA. MFGD supervisors indicated that risk review currently is unable to fill all requests for their services, so requests are prioritized, and some reviews may be negotiated or deferred. Essential criteria 5 provides that the supervisor should require that certain key supervisory returns, such as capital adequacy, be examined at least annually by the auditors and a report submitted to the supervisor. The FSA has no explicit requirement that supervisory returns be validated in the manner called for by criteria 5, although elements of this criteria are met through the requirement for an annual audit of the statutory accounts and FSA’s ability to consult with and request information from auditors. Recommendation. The FSA relies on the supervisory returns as a key part of its risk based approach to supervision and particularly for its baseline-monitoring program., so it is very important that the FSA is able to place reliance on the accuracy of that information. In addition, greater disclosure of such information would add to market discipline. Given the resource constraints on the ability of FSA itself to comprehensively validate supervisory returns, the FSAP team recommends that FSA should consider going beyond the literal requirements of Essential Criteria 5 and consider requiring all banking groups to provide annual audits of key supervisory returns. It would be useful if validation of supervision were made a regular topic for theme supervision. In addition it would be desirable for all U.K. banks be required to publish audited financial reports on an annual basis, coupled with a continuous disclosure requirement – currently these requirements apply only to listed companies. There does not appear to be a compelling reason to limit market disciplines that arise from financial disclosures to only banks (public issuers) that are listed.
Principle 20.	Consolidated Supervision An essential element of banking supervision is the ability of the supervisors to supervise the banking group on a consolidated basis.
Description	The FSA approach to consolidated supervision is set out in IPRU (CS Chapter) which is the principle vehicle for implementing the EU Banking Consolidation Directive (date) and the EU Post-BCCI Directive (date) The FSA’s consolidation policy addresses three main areas of concern arising from group membership: losses in another group entity that could lead to financial pressure on the bank because of financial or reputational linkages; capital that is subject to double-gearing or leveraging: that is, a solo assessment of a firm overestimates the quantity of capital which is available to support the bank’s risks, because of the way the capital has been raised or accounted for within the group; and business that is booked in an unauthorized group entity to avoid regulatory requirements. The FSA views its consolidated supervision as a complement to individual firm requirements rather than as a substitute. The objective is to enhance the overall effectiveness of the prudential supervision of the bank by ensuring that risks related to the bank’s membership of a group are taken into account in the supervision of the bank. Consolidated supervision does not, however, constitute supervision of undertakings within the group which are not authorized. The FSA is required to undertake supervision on a consolidated basis by EU legislation, in particular the Banking Consolidation Directive. The FSA’s consolidated supervision framework consists of two main elements: A qualitative assessment of the group as a whole. This is made in relation to the group’s significant business units and their potential material bearing on the bank. It focuses on the group’s business, controls, organization and management. A quantitative, consolidated assessment of relevant financial companies within the group that establishes prudential requirements, for instance with respect to capital adequacy and large exposures. The FSA approach identifies where group risk arises, sets systems and controls requirements for managing that risk, and establishes a methodology for the calculation of consolidated capital (Principle 18). The scope of the FSA’s consolidated supervision includes all parents and subsidiaries of the bank, any of their parents or subsidiaries; or any undertaking in which those parents or subsidiaries or the bank have a participation. In addition, the FSA may require a bank to include within its group consolidation an undertaking that is not a member of group as defined but which has links to the group that would make its omission from the scope of the consolidation assessment misleading. (CS 3.1.3) requires that the bank have adequate controls to produce any data required to supervise on a consolidated basis. (CS 3.3.19) requires adequate controls to identify and monitor large exposures. Consolidated returns are required twice annually and large exposures must be reported quarterly. (CS 3.3.7) requires a detailed organization chart and identification of subsidiaries supervised by others. Section 166 exams may be required to cover internal control systems used to generate consolidated accounts. Consolidation usually applies to financial subsidiaries. For purpose of consolidated supervision, insurance and insurance broking are not defined as financial activities and are therefore not normally consolidated (CS 4.3). For activities undertaken within the U.K. coordination among functional regulators of a group takes place within FSA. A variety of arrangements are in place with home and host supervisors overseas to allow exchanges of information on the financial condition and adequacy of risk management and controls of overseas undertakings. Where FSA is unable to satisfy itself that the overseas parent of a branch or subsidiary in the U.K. is subject to adequate home country consolidated supervision FSA may require solo consolidation at the U.K. level. Fit and proper tests may be applied to senior management of parent companies under the FSA’s authorized persons regime. Consolidated supervision encompasses the activities of U.K. banks in offshore centers through several mechanisms. Exposures in offshore centers are included in the quantitative requirements for consolidation and the capital adequacy ratio and the controls on large exposures. Where FSA is concerned about such exposures it may impose additional capital requirements, require deconsolidation of the capital and assets in the offshore jurisdiction, and restrict transactions with the jurisdiction. U.K. financial institutions are required to be able to provide FSA all the information it requires to carry out effective consolidated supervision wherever their business is conducted, including in jurisdictions with strict secrecy provisions. Under the qualitative element of its consolidated supervision, FSA requires that banks have the ability to measure, monitor, manage and control the risks in all their significant business lines, wherever that business is conducted. This will apply to business lines such as private banking, asset management, insurance, and capital markets operations, all of which can have links to offshore centers. FSA anti-money laundering policies include an expectation that the practices of overseas affiliates of U.K. banks will conform to the higher of U.K. or local standards. Compliance with this policy is one of the duties the bank’s MLRO, an individual who must be authorized by FSA. In evaluating the risks in business lines, FSA places a strong emphasis on the quality of counterpart financial supervision in the jurisdictions where the business is conducted. This is also a key consideration in granting permission for U.K. banks to establish or operate in those jurisdictions or in granting FSA authorizations to firms from those jurisdictions. For FSA an important factor in evaluating the practices of other supervisors is their willingness to share information. In this regard FSA takes into account the FATF NCCT classifications as well as its own experience. FSA has an active involvement with numerous offshore centers, particularly in the U.K. overseas territories and dependencies. This includes participation in regional organizations and regular liaison with offshore supervisors.
Assessment	Compliant
Comments	FSA has comprehensive arrangements to be able to supervise U.K. banking groups on a consolidated basis, both quantitatively and qualitatively, regardless of where their business is carried out. Capital requirements set out clearly the procedures to be followed in consolidating group accounts to insure that the U.K. banking activities of a group are adequately capitalized, both on a solo and a consolidated basis. Large exposure limits are governed by clear policies with limits enforced on both a solo and a consolidated basis. Management systems and controls are required so that risks arising from the bank’s dealing with other parts of the group are properly identified, measured, monitored and controlled. A variety of arrangements are in place for coordinating and cooperating with other regulators, both at home and overseas, who have responsibility for other legal entities within the group.
Principle 21.	Accounting Standards Banking supervisors must be satisfied that each bank maintains adequate records drawn up in accordance with consistent accounting policies and practices that enable the supervisor to obtain a true and fair view of the financial condition of the bank and the profitability of its business, and that the bank publishes on a regular basis financial statements that fairly reflect its condition.
Description	The threshold conditions require that banks must have adequate resources, including high level systems and controls. SYSC 3.1.1R and 3.2.20R require that a bank’s directors and management ensure that the bank maintains adequate records (including accounting records) that are appropriate to the scale, nature and complexity of its business. IPRU (Banks) Chapter AR provides further guidance on adequate accounting (and other) records and internal control systems. The FSA does not publish a comprehensive list of the accounting and other records which a bank should maintain; however, banks are required to capture and record accurately and on a timely basis every transaction and commitment which the bank enters into and record details as appropriate for each transaction and commitment (IPRU Chapter AR 3.2.2). These provisions apply for all U.K. banks and branches of non-EEA banks. [For U.K. incorporated banks further accounting record requirements are set out in the Companies Act 1985.] The FSA has powers to enforce the records requirements, and may fine banks for late and inaccurate supervisory returns. The FSA has the authority under FSMA Section 166 to commission a skilled persons report to verify bank records in particular areas. In addition, the FSA’s internal risk review division may be used for verification of a bank’s records. These tools would be employed as part of a risk mitigation program if the supervisors identified a concern during their risk assessment process. Regulatory reporting forms are accompanied by detailed guidance notes that include information on accounting treatment. Banks are required to use generally accepted accounting principles when valuing assets. FSA reports should be prepared using book value of assets and liabilities, and the banking and trading books should be valued on an accrual basis, unless a different practice has been agreed in writing with the FSA. CAD banks should value trading books on a mark-to-market basis, and banking books on an accrual basis. IPRU (Banks), Chapter GN 3.3.17R requires all U.K. banks and non-EEA overseas branches to maintain adequate provisions for depreciation or diminution in the value of assets (including loan loss provisions), for liabilities which will or may fail to be met by the bank and for losses which it may incur. IPRU (Banks), Chapters VA and PN discuss the valuation and provisioning policies that banks should adopt. The Companies Act 1985 requires all U.K. banks to prepare accounts that give a true and fair view of the results and financial position of the bank and/or group. The accounts are subject to public filing requirements. Detailed provisions on the form and content of the accounts of banks and banking groups are contained in Schedule 9 to the Act. There is a general presumption that compliance with U.K. Financial Reporting Standards (FRS) and Statements of Standard Accounting Practice (SSAP) is necessary in order for the accounts to give a true and fair view. Banks accounts must state whether they have been prepared in accordance with these standards, and give details of any departure from the standards and the reasons. Banks are also expected to comply with the five industry-specific Statements of Recommended accounting Practice (SORP), and are required to state in their accounts whether they have complied, and if not, explain why they have not complied with them. All U.K.-incorporated banks must appoint an external auditor (SUP 3.3.2R) and the bank’s published accounts must bear an opinion by the external auditor as to the completeness and accuracy of the financial statements (SUP 16.7.8R). Auditors are required under the rules of their professional bodies to comply with Statements of Auditing Standards issued by the U.K. Auditing Practices Board. If the bank failed to comply with the relevant accounting standards, the external auditor would qualify the opinion. The FSA has periodic contact with external auditors to discuss annual accounts and skilled persons reviews. Auditors have a legal duty to report to the FSA breaches or possible breaches of laws or rules, and other matters that they reasonably believe are, or may be, significant. The FSMA Section 342 and the SUP 3.8.10R require that the external auditors inform the FSA if they have any material concerns as a result of their work. Sections 342 and 343 of the FSMA also provide protections for auditors that report in good faith matters that are, or are likely to be, of material significance to the FSA. Guidance regarding an auditor’s duty to report is provided in SUP 3.8. The FSMA gives the FSA the authority to disqualify auditors if they have failed to comply with a duty imposed on them under the FSMA. Banks are prohibited from using disqualified auditor under SUP 3.4.5R. If the FSA had concerns over the abilities of a bank’s external auditors, it may request management to change the audit firm. Under Section 166 of the FSMA, the FSA may appoint a skilled person to do onsite work on its behalf. The skilled person process includes a determination by the FSA that the skilled person has appropriate expertise to carry out the review. In practice, the large international firms perform the majority of banks’ external audits and skilled persons reports. SUP Chapter 3 provides rules and guidance governing the FSA’s relationship with external auditors, and SUP Chapter 5 addresses skilled persons reports. The FSA has a procedure in place for skilled persons reports to establish the scope of the engagement and the objectives to be accomplished by the review (SUP 5). The FSA does not have specific guidelines addressing the scope and conduct of internal audits. However, the FSA does look at the audit universe, and may guide the scope of an internal audit when it meets supervisory needs. The FSA would expect that internal audit would have a risk based approach to its audit Chapter 349 of the FSMA imposes confidentiality requirements on the FSA. Refer to CP 1(6) for further details on confidentiality. The FSA supports Basel and EU proposals to promote public disclosure by banks as a means of strengthening market discipline as a complement to other regulatory efforts.
Assessment	Compliant
Comments	A comprehensive accounting and reporting structure is in place to provide for financial statements on a regular basis. A bank’s annual accounts are required by the Companies Act to be prepared in a way that gives a true and fair view of the results and financial position of the bank and follow the detailed provisions of the Act on form and content of the accounts. The accounts are also expected to comply with other accounting standards such as FRS and SORP, and are subject to public filing requirements. Banks are also required to file regulatory reports with the FSA. These reports have detailed guidance notes to assist in preparation. The FSA requires banks to use generally accepted accounting principles when valuing assets.
Principle 22.	Remedial Measures Banking supervisors must have at their disposal adequate supervisory measures to bring about timely corrective action when banks fail to meet prudential requirements (such as minimum capital adequacy ratios), when there are regulatory violations, or where depositors are threatened in any other way. In extreme circumstances, this should include the ability to revoke the banking license or recommend its revocation.
Description	The FSA has a broad range of supervisory measures available address such problems as failure to meet the FSMA threshold conditions and non-compliance with the FSA’s rules. The range of possible actions available is broad, as the FSA is able to use its powers under FSMA Section 43 to place requirements or restrictions in a bank’s permission. The power can be used to require a bank to take specified action or to require it to refrain from taking specified action. The FSA may also vary or cancel a bank’s permission under Section 45, and also has the authority to take disciplinary measures against a bank or individual, including fines (Section 206) and public censure (Section 205). The FSMA Section 53(3) provides that FSA may take Section 45 actions that have immediate effect if the FSA reasonably determines that immediate effect is necessary. The FSA may require that any actions or requirements imposed under its Section 45 powers be taken within a specified time period. Injunctive relief is also available to the FSA under Section 380, and restitution orders are available under Section 382. These remedies are commonly used against unauthorized firms where the other disciplinary powers are not available. The FSMA Section 61 requires the FSA to exercise control over individuals performing “controlled functions” by requiring that they be approved by the FSA. Controlled functions are functions involving key responsibility and are typically director and senior management level positions. A list of controlled functions is in the SUP chapter of the FSA Handbook (Section 10, Approved Persons). In order to be an “approved person”, the FSA must be satisfied that the person is fit and proper to perform those functions. If the FSA no longer considers a person fit and proper, they may withdraw their approval under FSMA section 63. The FSA may also take action against an approved person if it appears to the FSA that the person is guilty of misconduct under FSMA Section 66. The FSA also has the power to prohibit a person from performing functions in relation to a regulated activity if the FSA finds the person is not fit and proper. If a prohibition order is made, the FSA is required to follow the procedures in FSMA section 347 regarding publication of information about the prohibited person. The FSA’s Regulatory Decisions Committee (RDC, a committee of practitioners and public interest members appointed by the Board, but independent of the FSA’s executive staff) may take major regulatory decisions. The RDC exercises regulatory powers on behalf of, and is answerable to, the FSA’s Board. The FSM Tribunal, an independent body, will consider major regulatory decisions made by the FSA if the firm or individual concerned decides to refer the matter on. The FSMA contains no express requirement that the FSA take action within any particular time frame, with the exception of representations or referrals to the FSM Tribunal. Nor is there guidance or formal voluntary commitment by the FSA to any timeframe. If the FSA does not take action in a timely manner, firms or individuals may raise this in proceedings against them under the general jurisdiction of the courts and Tribunal, and the ordinary principles of fairness that must apply in such proceedings. In addition, the FSA must comply with Article 6 of the European Declaration of Human Rights that requires there to be a right to an independent determination of civil rights and liabilities within a reasonable time frame. For these reasons, and as a matter of general good regulatory practice, the FSA does ensure that remedial actions are in practice taken in a timely manner. Once the FSA has initiated formal supervisory or disciplinary action by service of a notice, a statutory a time frame applies to the completion of the process for making representations or referring the matter to the Tribunal. There are however no constraints on the initiation of action. FSMA Part XXVI requires compliance with formal written notice procedures when the FSA exercises any of the formal disciplinary or supervisory powers.
Assessment	Compliant
Comments	The FSMA provides the FSA with broad powers to take remedial and enforcement actions, and also provides for sanctions against individuals and firms. Adequate protections, in the form of referral to the Tribunal, are in place to protect against abusive enforcement or disciplinary actions. The new enforcement powers granted under the FSMA are very recent, and have only been used in a handful of actions to date, so it is difficult to make a proper assessment of the effectiveness of the FSA’s use of its powers.
Principle 23.	Globally Consolidated Supervision Banking supervisors must practice global consolidated supervision over their internationally active banking organizations, adequately monitoring and applying appropriate prudential norms to all aspects of the business conducted by these banking organizations worldwide, primarily at their foreign branches, joint ventures, and subsidiaries.
Description	Authority to supervise the overseas activities of U.K. incorporated banks is provided for in Threshold Condition 3: (Close Links), based on Paragraph 3, schedule 6 of FSMA. The close links provisions implement and expand on the requirements of the EU Post BCCI Directive. For U.K. based banking groups, FSA carries out global consolidated supervision covering all aspects of supervision, specifically including non-U.K. group companies. Foreign branches of U.K. banks, not being separate legal entities, are considered to be an integral part of the U.K. bank itself, and are supervised on that basis. Quantitative consolidation (see Principle 18) is applied to the global undertakings of U.K.-based banking groups. Under FSA’s risk based approach to supervision the supervisory effort concentrates on significant business units. These may be identifiable on a geographical, legal or business basis. Consistent with the qualitative element of FSA’s general approach to consolidated supervision, supervisory effort is directed at ensuring that banks have information systems and controls adequate to manage risks in all business units, wherever they are located. Heads of significant business units will be seen during the risk assessment stage or during the following supervisory period. In conducting reviews of high level controls at the center, the FSA considers the quality of the control system both centrally and locally. Supervisors periodically visit major overseas operations to supplement reviews made at the center. If circumstances require the FSA will impose limitations on the activities of overseas operations of U.K. banks through liaison with home country senior management. The FSA may impose limitations on the activities of overseas operations in order to ensure that the close links/supervisability of group structures requirement in the Threshold Conditions is met in particular cases. In addition to regular contact with senior management based in the U.K. responsible for the international operations of internationally active groups, FSA is also in periodic contact with the locally based management responsible for significant business units overseas. Direct supervision of significant international operations is supplemented by close co-operation and liaison with the banking supervisors of the host country. If necessary, plans for remedial action are discussed and agreed with the host supervisor. If, as part of the risk assessment process, the FSA determines that an overseas operation of a U.K. banking group is presenting significant unmitigated risks the FSA would initiate discussions with the bank’s senior management. These discussions could ultimately require the closure of a bank’s overseas operation. FSA has the power to conduct on-site examinations of overseas branches and subsidiaries of U.K. banking groups. The FSA conducts periodic on-site examinations of a sample of the more significant overseas offices of U.K. banks, usually in conjunction with the host country supervisor. Following FSA’s risk based approach to supervision, oversight of the foreign operations of U.K. banks focuses on significant activities with higher risk profiles and those that are subject to weaker host country supervision. FSA routinely undertakes assessments of the extent of supervision undertaken by other supervisors relevant to the U.K. In particular, it forms its own judgment as to their compliance with the Basel Core Principles.
Assessment	Compliant
Comments	FSA supervises internationally active U.K. banking organizations on a globally consolidated basis, both quantitatively and qualitatively. The international dimension places particular emphasis on ensuring that banks have information systems and controls to manage risks in all business units, wherever they are located. FSA insures that overseas activities are structured in a way that can be properly supervised and, where it is not satisfied, imposes restrictions or limits activities. Overseas visits and cooperation with foreign supervisors are important aspects of FSA’s supervision on a globally consolidated basis.
Principle 24.	Host Country Supervision A key component of consolidated supervision is establishing contact and information exchange with the various other supervisors involved, primarily host country supervisory authorities.
Description	The FSA has established an extensive network of formal and informal contacts with overseas banking supervisors to provide for the exchange of information necessary for effective global consolidated supervision. These contacts are both multilateral and bilateral. At the level of international organizations, FSA is an active participant in supervisory groups such the Basel committee and EU groupings such as the Banking Advisory Committee and the Groupe de Contact. Bilateral memoranda of understandings with numerous countries provide for information exchanges and on-site examinations of branches and subsidiaries of U.K. banks. FSA maintains a very active dialogue with supervisors in offshore centers particularly those that are in overseas territories and crown dependencies. Information exchanges are both formal and informal and range across the full spectrum of supervisory information, from written documentation in support of authorizations to oral sharing of supervisory judgments about individuals and institutions. In line with its risk based approach to supervision FSA, in consultation with local supervisors, regularly visits the major overseas offices of U.K. banking groups and on such visits frequently conducts joint examinations with the host country supervisors. The readiness of an overseas supervisor to provide information is a consideration for the FSA in determining the extent to which it can take into account the work of the overseas supervisory in its supervision of the overseas subsidiaries of U.K. banks. Threshold Condition 3 (Close Links) would be breached if the regulations or administrative provisions of a territory, which is not an EEA state, would prevent the FSA’s effective supervision of a bank or affiliate. COND 2.3.3G also notes that the FSA considers branches when assessing whether a firm meets Threshold Condition 3. Restrictions on information flows also impact on Principle for Business (PRIN) which provides that a firm must deal with its regulators in an open and cooperative way and must disclose to the FSA appropriately anything relating to the firm of which the FSA would reasonably expect notice. This principle is enforced in Rule 2.1.1 in SUP. COND 2.3.3G also indicates that restrictions on information flow could stop a firm complying with the rules in SUP on information gathering. In discussions with host country supervisors FSA will focus on the local banking group and the group as a whole.
Assessment	Compliant
Comments	FSA has a very broad network of contacts and arrangements with foreign supervisors whereby it exchanges supervisory information necessary to carry out globally consolidated supervision. This includes participation in numerous international and bilateral supervisory groups, as well as formal and informal bilateral contacts with other supervisors responsible for affiliates of banking organizations in the U.K. Where practical, the FSA will consult with an overseas supervisor providing information before taking action in relation to a bank that it supervises (and more widely where any action could have consequences for its supervision of other banks or financial companies). The FSA must consult a firm’s EEA home state regulator before taking actions in certain specified cases. The FSA discloses information to host country supervisors in a wide variety of circumstances whether or not at the specific request of the host supervisor.
Principle 25.	Supervision Over Foreign Banks’ Establishments Banking supervisors must require the local operations of foreign banks to be conducted with the same high standards as are required of domestic institutions and must have powers to share information needed by the home country supervisors of those banks for the purpose of carrying out consolidated supervision.
Description	All banks, whether U.K. incorporated or branches of foreign banks, are required to satisfy and continue to satisfy the Threshold Conditions set out in FSMA. The Principles for Business likewise are applicable to all banks whether U.K. incorporated or branches of foreign banks. FSA’s risk based approach to supervision does not differentiate between foreign and domestic banks. Foreign banks are subject to the same risk assessment and risk mitigation process as domestic banks. Reporting requirements are similar for all banks, although there are differences in the prudential returns relating to capital and large exposures. These differences apply mainly to branches of foreign banks and the differences are spelled out in SUP 16 of the Handbook. Prudential supervision of branches of EEA banks operating in the U.K. under the EU passport arrangements are primarily the responsibility of the home country supervisor and, hence, prudential returns to FSA are limited. For branches of non-EEA banks the FSA relies on the home country supervisor for capital adequacy and large exposures. Although FSA has responsibility for supervising the liquidity of foreign branches on a case-by-case bases it may agree to defer to the home country supervisor for the oversight of branch liquidity. In both its licensing and ongoing supervision of branches and subsidiaries of foreign banks, FSA takes into account the extent to which home country supervisors carry out effective global consolidated supervision. Before authorizing deposit taking activities of a foreign branch of a non-EEA bank the FSA confirms both that the bank is subject to consolidated supervision and that the home country supervisor approves the proposal. Similar procedures do not apply to approval of branches of EEA banks operating under EU passport arrangements. If, on a continuing basis, FSA is unable to rely on the home country supervisor, it is FSA policy that branches of non-EEA banks close or the branch should subsidiarise. This policy has been enforced in individual cases. For U.K. subsidiaries of overseas banks the FSA seeks confirmation that the home country supervisor practices effective consolidated supervision. If FSA is not satisfied on this point then it will require that the corporate governance and risk management policies of the subsidiary be sufficiently robust to provide adequate ring-fencing from the parent bank. This policy has been enforced in individual cases. FSMA provides authority for the FSA to share supervisory information with foreign supervisors subject to confidentiality safeguards. All home country supervisors are permitted to conduct on-site visits and examinations of U.K. branches and subsidiaries and FSA encourages this practice. FSA informs home country supervisors of risk assessments and supervisory actions that it is taking in relation to the operations of banks from their countries. Urgent remedial actions are promptly communicated. FSA systematically informs itself of business strategies and risk and control regimes of parent banking groups in order to provide the context necessary for supervision of branches and subsidiaries of foreign banks operating in the U.K. This done through contacts with the banking group supplemented by information provided by the home country supervisor.
Assessment	Compliant
Comments	The U.K. operations of foreign banks are subject to the same high level standards and principles the FSA applies to U.K. banking organizations and FSA applies the same risk based supervisory tools to both foreign and domestic banks. Reporting requirements are similar for all banks, taking into account differences applicable to branches of foreign banks and the special legal arrangements for EEA branches established under the EU passport regime. FSA licensing and ongoing supervision of U.K. branches and subsidiaries of foreign banks takes into account the reliance FSA believes it can place on home country consolidated supervision. FSA has wide authority to share supervisory information with home country supervisors and, as a matter of policy, FSA encourages home country supervisors to carry out on-site visits of the U.K. operations of their banks.

View Table

Table 1.

Detailed Assessment of Compliance of the Basel Core Principles

Principle 1.	Objectives, Autonomy, Powers, and Resources An effective system of banking supervision will have clear responsibilities and objectives for each agency involved in the supervision of banks. Each such agency should possess operational independence and adequate resources. A suitable legal framework for banking supervision is also necessary, including provisions relating to the authorization of banking establishments and their ongoing supervision; powers to address compliance with laws, as well as safety and soundness concerns; and legal protection for supervisors. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place.
Principle 1(1)	An effective system of banking supervision will have clear responsibilities and objectives for each agency involved in the supervision of banks.
Description	Responsibilities and objectives of the FSA as supervisor and regulator are set out in the FSMA. The FSA’s general functions are set out in the FSMA Section 2 (4), and consist of rulemaking, preparing and issuing codes, providing guidance, and determining the general policy and principles by which the FSA will perform its functions. In carrying out the general functions, the FSA is required to act in a way that is compatible with the regulatory objectives and have regard for the principles of good regulation. The four regulatory objectives, identified in the FSMA Section 2 (6), are market confidence, public awareness, protection of consumers, and reduction of financial crime. The seven principles of good regulation identified in FSMA Section 2 (3), which FSA is required to take into consideration, include minimizing adverse effects of regulation on competition; encouraging competition among firms regulated by FSA; using its resources economically; taking account of the responsibilities of those who manage the affairs of authorized persons; following the principle that a burden or restriction imposed on a regulated firm should be proportionate to the benefits expected; being attentive to facilitating innovation in connection with regulated activities; and observing the international character of financial services and markets and the desirability of maintaining the competitive position of the U.K. The FSMA gives the FSA rulemaking powers that may be used to introduce new rules or change existing rules. Rules and Guidance are set out in the FSA Handbook, and primarily cover prudential matters. Banks are required to meet “threshold conditions” (TC), set out in FSMA Schedule 6, and elaborated on in the Threshold Conditions chapter of the FSA Handbook (COND). Banks are also required to comply with rules made by the FSA. In general, the FSA has the sole responsibility for supervising banks in the United Kingdom. Branches of EEA banks are also supervised by their home country supervisors. The FSA has broad powers under the FSMA to take action against banks that do not comply with legal and regulatory requirements. The FSA has formal powers to take action to deal with problem banks, but where appropriate may pursue informal action to resolve problem bank issues. The FSMA is a comprehensive update of previous banking laws. Prior to the enactment of the FSMA, banking laws had been amended periodically to enhance supervisory standards, increase supervisory powers, and reflect the requirements of EU directives. The FSMA requires transparency of the FSA in a number of ways. FSMA Schedule 1, paragraph 10 requires the FSA to report (on the discharge of its functions) to the Treasury at least annually, and Treasury is required to provide a copy of this report to Parliament. In addition, FSMA Schedule 1, paragraph 11 requires the FSA to hold an annual public meeting to discuss the contents of the report. Schedule 1, paragraph 12 of the FSMA charges the FSA’s non-executive committee with reviewing the FSA’s internal financial controls, and reports on these matters to the Treasury. In addition, the Treasury has the authority to make formal inquiries relating to the FSA’s use of resources in discharging its functions, and where there has been a serious failure in the regulatory system. Information on the FSA’s regulatory objectives is published in its plan and budget, and other publications. The FSMA, section 8, also requires the FSA to consult on the extent to which its general policies and practices are consistent with its general duties. The FSA does not publish regular information on the financial strength and performance of the banking industry; however, industry information is available from other sources. Historically, the Bank of England collected regulatory returns for the banks and published statistical information on the banking industry. Under the FSMA, the regulatory returns are collected by the Bank under the FSA’s authority; however, the Bank continues to publish the aggregate information on the industry. The Bank of England’s semi-annual Financial Stability Review contains prudential information on the banking industry, including information on aggregate profitability, capital, and liquidity. In addition, the Bank publishes Monetary and Financial Statistics on a monthly and quarterly basis. These statistics provide some information on the lending sector, and national accounts level information on capital and profitability. In addition, the British Bankers Association publishes an annual report that aggregates publicly available financial information from the large banks to provide an industry wide view. The FSA does have two projects (discussion papers on harnessing market forces, and on the regulatory reporting environment) underway to explore, among other things, whether they should provide any additional industry information to the public.
Assessment	Compliant
Comments	The FSMA clearly defines the FSA’s role as bank supervisor, sets out regulatory objectives and principles, and provides broad rulemaking powers. Systems are in place to ensure the FSA’s activities are carried out in a transparent manner. Information on the financial strength and performance of the banking industry is publicly available, but is published by the Bank of England and the British Bankers’ Association.
Principle 1(2)	Each such agency should possess operational independence and adequate resources.
Description	The FSA is an independent non-governmental body, established as a company limited by guarantee. The FSA is accountable to Treasury Ministers and, through them, to Parliament. A Board appointed by HM Treasury governs the FSA. In addition to the Executive Chairman, there are currently three Managing Directors and eleven non-executive members, of whom one, the Deputy Governor (Financial Stability) of the Bank of England, is an ex officio director. One of the non-executive members is Deputy Chairman and ‘lead’ non-executive. The Board sets the FSA’s overall policy, but is not involved in the day-to-day operations. The FSA’s funding is provided by the industry, and regulated firms pay annual fees directly to the FSA. The FSMA (Schedule 1, paragraph 17) gives the FSA the authority to require the payment of fees. The FSA is required to consult on its proposed fees, and has issued a series of consultation papers (CPs) that explain how the fees are calculated. CP111 addresses the post-N2 fee assessment process. FSMA requires the FSA to carry out its regulatory responsibilities in a way that uses its resources in an economic and efficient manner. To this end the FSA has developed four resources strategies -for People, Space, Cash and Information. A monthly Resources Report is published within the FSA, monitoring progress against key measures in each of the resource categories. This report includes tracking of things like staff turnover. Salaries paid by the FSA take into account pay levels within the financial services industry and the FSA is able to recruit expert assistance where needed. The FSA spent approximately £2.8million on training in 2001/2, with an average of 6.2 days per person spent on formal training activities over the same period. The FSA uses secondments from the industry and professional firms to add skills and experience not readily available in the marketplace. The FSA also provides outward secondment opportunities to staff as part of its Graduate Development Program. HM Treasury appoints the FSA Board, including the chairman, and also has the authority to remove the chairman or other board members. The FSMA does not set out a term for the chairman. In addition, the FSMA does not set out reasons for removal of the chairman, nor does it require that the reasons for removal be made public.
Assessment	Compliant
Comments	The FSA’s Board reports to HM Treasury, and ultimately the Parliament. While the day-to-day operations of the FSA are removed from HM Treasury, there is concern within the industry that political pressures, particularly related to the consumer focused objectives, may cause the FSA to become (a) more prescriptive or rule based, and (b) more consumerist. The prominence of consumer protection among the FSA’s regulatory objectives may cause tensions within its risk-based approach to supervision. The strong and transparent accountability regime surrounding all aspects of FSA operations provides the safeguard that the fiscal regime of assessments on regulated firms would not compromise its independence or autonomy. The FSA has the authority to increase assessments to fund increasing supervision needs, but has made a conscious effort to hold its expenditures relatively stable over the last few years. Detailed on-site supervision work is provided either internally by line supervisors supported by the risk review division, or externally using “skilled persons” reviews. The skilled persons reviews are directed by the FSA, but paid for by the firm directly, and represent an additional cost of supervision to the industry over the FSA’s assessments. FSA pursues a consistent theme of proportionality, considering the cost of supervision (including the use of skilled persons reports) against the risks to the FSA’s objectives. The FSA and its staff are credible and professional. Staff at the director and manager level is experienced, many coming from the Bank of England at the time the FSA was created. Bank and industry sources stated that the FSA’s level of supervision and focus was reasonable, and the FSA is focused on key risks in the industry. The sources also noted that turnover and depth of staff have been issues for the FSA. One area that bears monitoring is the adequacy of staffing levels in the supervision and risk review divisions. The FSA’s internal specialist teams are quite small considering they are a cross-sector resource. The FSA’s new risk assessment process is in the early stages of being rolled out. The level of requests for risk review assistance in relation to their available resources is not yet known, and is something that should be closely monitored to ensure that resources are sufficient to carry out risk mitigation programs. In addition, industry sources expressed some concern over the turnover rate in supervisory staff, and the level of firm specific knowledge that is lost due to turnover. However, the FSAP team was informed by the FSA that staff turnover rates have decreased recently. Turnover figures for the FSA divisions undertaking banking supervision (i.e., the Deposit Takers Division, the Major Financial Groups Division and the Investment Firms Division) have ranged from 3.5 percent to 9.7 percent in the twelve months to June 2002. The FSMA does not specify a minimum term for the head of the FSA, does not require that any removal be based on specified reasons, and does not require that the reasons for the removal be made public. HM Treasury is responsible for the processes surrounding the appointment and removal of the head of the FSA. Although the high-level safeguards in this area are thus limited, appointments are made on principles of good corporate governance known as the Nolan Principles, while senior officials’ contracts have specific terms, and an official removed could pursue a judicial review in certain circumstances. De facto, an important safeguard in the U.K. context is the close public scrutiny over the activities of public officials provided by an independent media, as well as parliamentary scrutiny. In these circumstances, it is unlikely that a senior official could be removed from office without the government having to publicly disclose and defend the reasons behind its decision.
Principle 1(3)	A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision.
Description	The FSMA sets out the legal framework for authorization, ongoing supervision, and enforcement. The legal framework includes secondary legislation under FSMA, and the rules made by the FSA using its rulemaking powers under section 138 of the FSMA. The FSA Handbook contains manuals on Authorization, Supervision, and Enforcement. The FSA promulgates rules with which the banks must comply. The FSA also produces guidance. The rules and guidance mainly cover prudential matters. Under FSMA section 148 the FSA also has the power to alter or revoke rules, and to modify or waive rules in certain cases. The FSA has authority to require banks to provide information under FSMA section 165. Banks are required to submit a variety of regular reports to the FSA covering their financial condition (SUP chapter 16).
Assessment	Compliant
Comments	The FSMA provides a suitable framework for the authorization and ongoing supervision of banking establishments, and clearly identifies the FSA as the body responsible for authorization and supervision of firms. The FSA produces rules and guidance on authorization and supervision. In addition, the FSA has broad powers to require banks to provide information. Rules and guidance are prepared in consultation with the industry.
Principle 1(4)	A suitable legal framework for banking supervision is also necessary, including powers to address compliance with laws, as well as safety and soundness concerns.
Description	The FSMA (Schedule 1 paragraph 6) requires the FSA to maintain a process designed to allow it to determine whether a bank is complying with requirements under the FSMA (including FSA rules). The FSA has broad authority to determine whether a bank is in compliance with regulatory requirements. The FSA has the authority under FSMA section 165 to obtain any information or documents from banks. The FSA may also obtain information through the use of an authorized person under section 166. The FSA may also appoint investigators into a bank’s affairs under FSMA sections 167 through 176. The FSA’s authority and the processes for obtaining information are set out in the Enforcement manual (ENF) section of the FSA Handbook. The FSMA gives the FSA broad powers to take action against banks that do not comply with the requirements of the FSMA, or its secondary legislation or rules. The FSA may withdraw a bank’s authorization, limit a bank’s ability to take deposits, or require a bank to cease certain activities. The FSA can take remedial action with immediate affect under FSMA Section 45, using a supervisory notice. These notices are subject to referral by an independent FSM Tribunal. Procedures relating to the Tribunal are found in Part IX of the FSMA. The FSMA Part XIV provides the FSA with the power to fine or publicly censure a bank that fails to comply with a requirement imposed by the FSA or the FSMA. This is accomplished through the issuance of a decision notice. These actions are also referable to the Tribunal, generally within 28 days of the date of the notice. The FSA may not take the action specified in these notices until after the referral period has ended, or if the matter is referred, until after the Tribunal disposed of the appeal.
Assessment	Compliant
Comments	The FSA has broad powers to supervise banks, including requiring the banks to provide information. If the FSA determines that the bank is in non-compliance with the FSMA or its rules, it has a range of supervisory and enforcement options available. The options include prompt remedial action (restricting activities, revoking authorization) where other supervisory measures are not sufficient.
Principle 1(5)	A suitable legal framework for banking supervision is also necessary, including legal protection for supervisors.
Description	The FSMA Schedule 1 paragraph 19 provides that neither the FSA or “any person who is, or is acting as, a member, officer or member of staff of the FSA” is to be liable in damages for anything done or omitted in the discharge, or purported discharge of the FSA’s functions. This protection extends to persons appointed to investigate complaints under Schedule 1 paragraph 7. An exception to the protection exists if the act or omission is in bad faith. In addition, the FSMA protection does not prevent an award of damages under Section 6(1) of the Human Rights Act of 1998. However, under the complaints scheme (FSMA Schedule 1 paragraphs 7 and 8), the appointed investigator must have the power to recommend, if he thinks it appropriate, that the FSA makes a compensatory payment to the complainant, remedies the matter complained of, or both. The FSA has the power to require the payment of fees, to cover the costs of defending its actions. The FSA covers the legal costs of defending its staff in legal actions against them in relation to their work as FSA employees.
Assessment	Compliant
Comments	The FSMA provides protection from liability to the FSA and its staff for any actions taken in good faith in the performance of their duties. However, the FSA may be required to pay compensation to complainants under the FSMA mandated compensation scheme, or awards for damages related to actions found to be unlawful under the Human Rights Act.
Principle 1(6)	Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place.
Description	The FSA has an MOU with the Bank of England and HM Treasury, which covers among other things, the exchange of information. The MOU is published. FSMA Part XXIII places restrictions on the disclosure of information, there are exceptions that permit the FSA to disclose information to other regulators (U.K. and overseas) subject to compliance with EU directives. FSMA Section 354 requires the FSA to cooperate with persons who have functions similar to the FSA, and also to cooperate in relation to the prevention or detection of financial crime. Cooperation may include sharing of information that the FSA is not prevented from disclosing. The FSA has formal arrangements for information exchange in place with a number of domestic, EEA, and overseas supervisors. Information is exchanged on an ongoing basis. Confidential information disclosed by the FSA continues to be subject to the FSMA restrictions on disclosure. The FSA must satisfy itself that where confidential information is disclosed to an overseas supervisor the information will be subject to equivalent restrictions as those that apply to confidential information restrictions in the Banking Consolidation Directive. The FSA may refuse requests for confidential information except in limited cases such as court orders in criminal cases, Parliamentary inquiries, and to an extent, personal data subject to data protection legislation.
Assessment	Compliant
Comments	The FSMA provides a suitable framework for sharing of information with domestic and foreign supervisory agencies, and provides for safeguarding of confidential information. The FSMA also provides the FSA with the right to refuse requests for confidential information, with limited exceptions.
Principle 2.	Permissible Activities The permissible activities of institutions that are licensed and subject to supervision as banks must be clearly defined, and the use of the word “bank” in names should be controlled as far as possible.
Description	The FSMA does not expressly define the term “bank” or include it as a separate category of authorized person; however, Schedule 2 does identify deposit taking as a regulated activity. The Regulated Activities Order also sets out activities which are regulated activities for the purposes of the FSMA, and accepting deposits is one such activity. For purposes of determining which parts of the FSA Handbook apply to particular categories of firms, the FSA defines a bank as: a. A firm with Part IV permission which includes accepting deposits, and (i) which is a credit institution; or (ii) whose Part IV permission includes the requirement that it complies with IPRU (Bank); But which is not a building society, a friendly society, or a credit union. b. An EEA bank. The FSMA Section 19 provides that no person may carry on a regulated activity in the U.K. or purport to do so unless he is an authorized person or an exempt person. FSMA Section 24 provides that a person who is not an authorized person is guilty of an offense if he describes himself as an authorized person or holds himself out in a manner that is reasonably likely to be understood as indicating that he is an authorized person.
Assessment	Compliant
Comments	While “bank” isn’t expressly defined, regulated activities are defined and included deposit taking. The FSMA mandates that all persons carrying out regulated activities are properly authorized. Any person using the term bank or banking in their name would be presumed to be carrying out regulated activities and must be authorized.
Principle 3.	Licensing Criteria The licensing authority must have the right to set criteria and reject applications for establishments that do not meet the standards set. The licensing process, at a minimum, should consist of an assessment of the banking organization’s ownership structure, directors and senior management, its operating plan and internal controls, and its projected financial condition, including its capital base; where the proposed owner or parent organization is a foreign bank, the prior consent of its home country supervisor should be obtained.
Description	When granting or varying Part IV permissions, FSMA section 41(2) provides that the FSA must be satisfied that the applicant satisfies and will continue to satisfy the threshold conditions set out in the FSMA (Schedule 6) in relation to all regulated activities for which they will have permission. There are five threshold conditions: 1. Legal status. Deposit-takers must be bodies corporate or partnerships. 2. Location of offices. If the bank is a body corporate constituted under the laws of any part of the U.K., then it must have its head office and, if it has one, its registered office in the U.K. A body incorporated in one part of the U.K. may have its head office in any other part. If the bank has its head office in the U.K. but is not a body corporate, it must carry on business in the U.K. 3. Close links. This threshold condition applies when the applicant has close links with another person of such a kind as to prevent the FSA from effectively supervising the applicant. The FSMA Schedule 6 paragraph 3 provides a definition of close links. If there are close links with another person, then two tests must be satisfied. First, the links must not be likely to prevent effective supervision of the applicant by the FSA. Second, if the person to whom the applicant is linked is situated outside the EEA, then the laws, regulations, and administrative provisions that apply must not prevent effective supervision of the applicant by the FSA. 4. Adequate resources. This test is not only concerned with absolute levels of capital, but also non-financial resources and means of managing resources. Resources may include capital, provisioning, availability of liquid assets, human resources, and risk management systems. When considering adequacy of resources, the FSA will also review whether the firm is ready, willing, and organized to comply with the high level systems and controls requirements set out in the SYSC chapter of the FSA Handbook. 5. Suitability. The applicant has the burden of satisfying the fit and proper test. Section 59 of the FSMA gives the FSA the power to specify “controlled functions” within a firm that must be performed by individuals who have been assessed as fit and proper by the FSA. The FSMA also gives the FSA the power to establish how firms should apply for approval (section 60), factors to be determined (section 61), and to issue statements of principles and a code of practice which will apply to all individuals performing functions under section 59. The FSA has exercised these powers, and sets out its approach in the FIT chapter of the FSA Handbook. Additional information relating to the five threshold conditions, including assessment criteria, is set out in the Conditions (COND) chapter of the FSA Handbook. The Threshold Conditions are used to assess license applications, and are also considered as a part of the FSA’s ongoing supervision. The FSA has the power to reject an application for authorization if the applicant fails to satisfy one or more of the threshold conditions, or if the applicant provides inadequate information. Under FSMA sections 42 and 43, the FSA has the power to impose limitations or requirements on a bank’s permission, or grant permission to carry on a narrower range of activities than the applicant requested. FSMA section 45 gives the FSA the authority to vary or cancel a permission if the authorized person is failing, or is likely to fail, to satisfy the threshold conditions. The FSA Handbook chapter GN, Rule 3.3.13 requires a bank to maintain capital commensurate with the nature and scale of its business, and the risks inherent in that business. If the bank is a member of a group, those capital resources must also be commensurate with the risks inherent in the activities of the other members of the group, insofar as they impact the bank. Guidance on how banks should comply with this rule are set out in IPRU (Banks) chapter CO, with detailed guidance in a variety of other chapters. Rule 3.3.9 requires a U.K. bank and an overseas bank have capital of not less than Euro 5 million at the time it obtains its Part IV permission to accept deposits. When the FSA evaluates proposed directors and senior management, it uses the fit and proper criteria set out in the FIT chapter of the FSA Handbook. Criteria assessed as part of the fit and proper assessment include honesty, integrity and reputation (FIT 2.1); competence and capability (FIT 2.2); and the financial soundness of a person (FIT 2.3). Applicants are required to submit a variety of information, including a strategic and operating plan, a business plan, details of the applicant’s management and organizational structure, operating procedures, systems and controls, and any outsourcing arrangements. This information is assessed to determine whether the system of corporate governance is proportionate to the bank’s business, whether the bank will be managed in a competent and prudent manner, and whether appropriate systems and controls are in place. The assessment of knowledge of all types of financial activities the bank intends to pursue is carried out as part of the approval process for individuals. Cumulatively, senior management would be expected to have the experience and skills to cover all of the bank’s proposed activities. The business plan should set out the regulated and unregulated activities of the applicant along with the related risks. The business plan should include a financial budget and projections to demonstrate the applicant is able to comply with the relevant financial resource requirements. The status of the shareholders and their ability to support the business is also considered as part of this process. The FSA would obtain letters of comfort from major shareholders in some cases. Knowingly or recklessly providing false or misleading information to the FSA is an offense under FSMA section 398. The FSA is the licensing and supervisory authority for banks (but see Principle 25, i.e., branches of EEA banks). FSMA section 354 requires the FSA to cooperate in the sharing of information with other authorities in the U.K. and overseas who have functions similar to the FSA. The FSA seeks the view of the home country supervisors in assessing the application of an overseas bank wishing to establish a branch or subsidiary.
Assessment	Compliant
Comments	The FSA has the authority to set criteria for the licensing of banks, and may reject applications if they fail to meet threshold criteria or provide sufficient information. The FSA requires sufficient information to make a determination on the ownership and management structure, and the adequacy of the bank’s proposed capital, business plan, and system of controls. The FSA also has a process in place to assess the fitness and propriety of management and officers filling the key “controlled function” roles within a firm.
Principle 4.	Ownership Banking supervisors must have the authority to review and reject any proposals to transfer significant ownership or controlling interests in existing banks to other parties.
Description	The FSMA Part XII addresses control over authorized persons. Section 178 requires a person proposing to take control (or increase the degree of control) over an authorized person, including a U.K. bank, to provide the FSA with prior notification. Detailed definitions of control are set out in sections 179 and 180 of the FSMA, but 10 percent is the general threshold for control. The voting power or holdings of the controller’s associates, as defined in FSMA section 422, are also considered. The FSA may require the person giving notification to provide additional information under FSMA section 182. The FSA may object to a proposal unless it is satisfied that the acquirer is a fit and proper person to have control over the authorized person, and the interests of the consumer would not be threatened. The FSA may give unconditional approval under FSMA section 184, or may approve subject to conditions under FSMA section 185. Where shares are acquired in contravention of the FSA’s objection, or a condition imposed, the FSA may direct that the shares be subject to restriction as defined in FSMA section 189. The FSA may also apply to the court to order the sale of any shares acquired in contravention of the FSA’s objection or condition imposed. FSA rules and guidance related to controllers and close links (including required approvals or notifications, thresholds, and timeframes) are contained in Chapter SUP section 11 of the FSA Handbook. Section 11.4.10 requires banks to take reasonable steps to keep itself informed of the identity of controllers, although identification of beneficial owners is not specifically addressed. Banks must notify the FSA of its controllers and close links annually. The reports are discussed in the SUP chapter of the FSA Handbook, sections 16.4 (controllers) and 16.5 (close links).
Assessment	Compliant
Comments	FSA has full power to review and reject any proposals to transfer significant ownership or controlling interests in existing banks to other parties. Procedures for exercising this authority are spelled out in the Handbook and are carried out in practice.
Principle 5.	Investment Criteria Banking supervisors must have the authority to establish criteria for reviewing major acquisitions or investments by a bank and ensuring that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Description	The FSA’s Handbook Chapter SUP Section 15 includes a provision requiring a bank give the FSA notice of any proposed restructuring, reorganization, or business expansion which could have a significant impact on the firm’s risk profile or resources. Chapter SUP, Section 11 of the FSA Handbook addresses notification and approval requirements related to close links and changes of control in a firm. In addition, Principle 11 of the Principles for Businesses requires firms to disclose to the FSA anything relating to the firm of which the FSA could reasonably expect to be notified. The FSA’s IPRU (Bank), section LE, addresses large exposures, including investments. U.K. banks are required to notify the FSA of any investment exceeding 10 percent of its capital, and pre-notify the FSA of any investment exceeding 25 percent of capital. The FSA’s policy on large exposures does not apply to U.K. branches of overseas banks; however, U.K. branches incorporated outside the EEA have large exposure reporting requirements. The FSA is required to assess a bank’s acquisitions/investments according to whether the bank would continue to meet the Threshold Conditions, and whether the interests of consumers of regulated activities provided by the bank would be threatened by the acquisition/investment. The FSA has the power to prohibit a bank from undertaking a major acquisition or investment in cases where the bank would no longer meet the threshold conditions, or FSA rules. The FSA Handbook distinguishes between situations where notifications are required prior to the acquisition or investment, as opposed to after the fact notification. The prior notification threshold is defined in relation to the bank’s capital.
Assessment	Compliant
Comments	The FSA has rules and guidance in place regarding the notification, and in some cases prior approval, requirements of major acquisitions or investments. The approval and reporting requirements allow FSA to exercise effective supervisory oversight over corporate structures to insure that risks arising from affiliations are properly identified and controlled and that unsupervisable structures do not arise.
Principle 6.	Capital Adequacy Banking supervisors must set minimum capital adequacy requirements for banks that reflect the risks that the bank undertakes, and must define the components of capital, bearing in mind its ability to absorb losses. For internationally active banks, these requirements must not be less than those established in the Basel Capital Accord.
Description	The FSMA 2000 and the FSA’s regulations require banks to maintain both an absolute minimum amount of capital and an adequate level of capital. Threshold Condition 4 requires all banks to maintain adequate resources, both financial and non-financial. The minimum amount of capital is set at Euro 5 million (or sterling equivalent) and on an on-going basis a minimum capital ratio of 8 percent has to be maintained. The components of regulatory capital and the methodology for calculating the capital ratio have been set out in detail in IPRU Banks. The U.K. capital requirements for banks are based on the relevant EU directives, which are fully in line with the Basel Capital Accord. All U.K. incorporated banks are required to maintain capital in accordance with the Basel standards, not just those banks that are internationally active. There is a general rule requiring banks to maintain capital resources which are commensurate with the nature and scale of their business and risks inherent in that business (IPRU Ch. GN 3.3.13R). If the bank is part of a group, the capital resources must also be commensurate with the risks inherent in the activities of other members of the group in as far as these risks affect the bank. In addition to the general capital adequacy rules, for each U.K. incorporated bank an individual required capital ratio is set which in almost all cases is higher (and never lower) than the Basel minimum requirement of 8 percent. Individual bank capital ratios are determined by the overall risk profile of each institution. If the FSA determines that a bank’s business or control risks have increased, it may raise the bank’s individual required capital ratio. The individual capital ratios are applied both on a solo and on a consolidated basis. The individual ratios are reviewed periodically within a timeframe that is consistent with a bank’s supervisory cycle. Banks are required to report their solo capital ratio on a quarterly basis and their consolidated ratio on a semi-annual basis. The components of capital and the risk-weighted assets also have to be reported. Capital requirements have to be met continuously, not just on reporting dates. Banks must therefore be able to calculate their capital ratio regularly. Any breaches of individual required capital ratios must be immediately notified to the FSA. This would lead to the agreement of a clear plan and timetable to achieve swift compliance with the required ratio, either through a capital injection or a balance sheet restructuring. The FSA has a wide range of enforcement powers available if any bank fails to comply with the Threshold Conditions or the FSA’s Rules (including the capital adequacy requirements), such as variation or cancellation of permitted activities and withdrawal of the license (see Principle 1.4).
Assessment	Compliant
Comments	The FSA’s minimum capital requirements for banks are fully in line with the 1988 Basel Capital Accord and its subsequent amendments. The individual capital requirements anticipate the supervisory review process that is expected to be incorporated in the new Capital Accord that is currently being prepared. The FSA is committed to fully implementing the new Capital Accord at the earliest opportunity.
Principle 7.	Credit Policies An essential part of any supervisory system is the independent evaluation of a bank’s policies, practices, and procedures related to the granting of loans and making of investments and the ongoing management of the loan and investment portfolios.
Description	According to the Threshold Condition on Suitability, regulated firms (including banks) are expected to have identified fully, and considered, the various risks they will encounter in conducting their business and installed appropriate control systems to manage them prudently at all times. IPRU Banks Chapter AR (on accounting and other records and internal control systems) states that this can only be done if a bank has adequate accounting and other records of its business and adequate systems of control of its business and records. It is the responsibility of a bank’s directors and management to take reasonable care to establish and maintain such systems and controls as are appropriate to the nature, scale and complexity of its business. There is also a general requirement for a bank’s directors and management to take responsibility for deciding what management information is required and who are to be the recipients (IPRU Banks Chapter AR Section 3.2.3). A bank is expected to have management information accurately covering its risk exposures (ibid. Section 3.3.5). No specific rules or guidance exist for banks’ loan and investment policies, practices and procedures since these are considered to be the responsibility of management. However, the FSA expects a bank to have set prudent credit granting and investment criteria, policies and procedures, which reflect its range and type of assets. These criteria, policies and procedures must have been approved and implemented by bank management and board of directors and should be periodically reviewed. All relevant staff members are expected to receive adequate training in the bank’s internal control policies and procedures. Each bank is expected to have appropriate credit assessment procedures in place with which to identify, measure, monitor and control the credit risk. A bank’s internal records should reflect details of the analysis undertaken. A bank’s records should include details of counterparty exposure limits that have been approved by management and the bank should be able to measure actual exposures against these limits (IPRU Banks Chapter AR Section 3.2.2). Also, each bank is required to have a policy on large exposures (see Principle 9). This policy should outline the approval process for major credits, the circumstances in which limits may be exceeded and who is authorized to approve such excesses (e.g., a bank’s board or credit committee). The FSA will verify whether a bank has followed prudent credit granting criteria, policies and procedures through desk-based analysis of prudential returns. One of the methods employed, particularly for the purpose of assessing the adequacy of management information systems, is peer group review. If the desk-based analysis indicates a need for further scrutiny, various supervisory tools may be applied, if necessary in an escalating fashion, for example visits by the supervisory team to the bank, followed by specialist credit evaluation visits, and ultimately so-called skilled persons (i.e., outside auditors) investigations. Also, ad hoc meetings with senior management may be held to assess their understanding and implementation of the criteria, policies and procedures. The supervisory team will give consideration to the size, maturity, currency, marketability and sources of repayment, the geographic dispersion of assets, whether credit decisions have been taken on an arm’s-length basis and whether adequate checks are made of the total indebtedness of the entities to which the bank extends credit. No routine reviews of credit files are conducted. The FSA expects a bank to give the supervisory team full access to all information relevant to the credit and investment portfolios. However, in the event it does not prove possible to gain access to the requested information on a voluntary basis, the FSA will use its statutory powers. The FSA frequently requests receipt of banks’ own management information to help it verify adherence to the credit policies set.
Assessment	Compliant
Comments	Although no specific rules have been set, the FSA requires a bank to have credit-granting procedures that identify, monitor and control credit risk. The bank’s policies should reflect the range and type of its assets. Periodic evaluation of a bank’s credit-granting criteria is undertaken by means of a mix of desk-based analysis, on-site visits, ad hoc meetings with management and skilled persons reports.
Principle 8.	Loan Evaluation and Loan-Loss Provisioning Banking supervisors must be satisfied that banks establish and adhere to adequate policies, practices, and procedures for evaluating the quality of assets and the adequacy of loan-loss provisions and reserves.
Description	Banks are required to maintain such systems and controls as are appropriate to their business (SYSC 3.1.1R). These should include monitoring asset quality and the adequacy and value of collateral on a net realizable basis (SYSC 3.2.11 and IPRU Chapter PN). In addition, banks must maintain adequate provisions for any depreciation in the value of their assets (IPRU Chapter GN 3.3.17R). Banks are required to set out their policy on making provisions in a written statement, which should include details of their loan classification arrangement and should be reviewed annually (IPRU Banks Chapters GN 3.4.5R and PN 3). The FSA does not prescribe a particular format for the policy statement as it does not consider one format to be appropriate for the diverse range of banks authorized in the U.K. However, the FSA expects the provisioning policy statement to cover issues such as who is responsible for drawing up and monitoring the policy, what areas of the bank’s business are covered, what types of management information is generated, how is implementation of the policy checked, how are non-performing exposures identified, etcetera. A copy of the provisioning policy statement has to be supplied to the FSA. Provisioning policies should cover both on and off balance sheet positions. Provisioning and loan classification policies are not rule or formula based but must be appropriate to the bank’s business. Provisioning decisions are taken by management or the board based on a true and fair view of the quality of the assets. However, banks normally follow the accounting guidelines that have been issued by the British Bankers Association and any deviations have to be explained. These guidelines require the making of provisions once assets are identified as impaired. Loans are impaired when there is reason to believe that not all amounts (both principal and interest) will be collected in accordance with the contractual terms of the loan. The external auditor has to approve the provisioning decisions made by management in the context of his review of the financial statements. However, banks’ provisioning policy statements should include criteria for loans to be classified as non-performing. This would normally be when payments were a minimum number of days in arrears (usually 90 days), but a bank could make specific provisions earlier if this is considered appropriate. Provisioning decisions with regard to individual assets have to be based on an impairment that has actually been identified, in other words, no general provisions are to be included. In assessing the adequacy of a bank’s provisions, the FSA looks at its provisioning policies, and the methods and systems for calculating provisions in accordance with those policies. The FSA seeks to ensure through risk mitigation programs and other work that procedures and resources for monitoring and dealing with problem loans are adequate. The FSA does not as a standard practice require periodic reporting of classified and non-performing loans. However, where the FSA has concerns over a bank’s asset quality, it can seek regular reports on watch list loans. The level of provisioning is normally reported either on a quarterly or a semi-annual basis, but the frequency can be increased, and the required contents of reports expanded, if necessary. When there are doubts about a bank’s credit controls or the adequacy of provisions, the FSA will have these assessed by its own credit specialists or by an external skilled person. A plan of action would be tailored to the outcome of such reviews. If the FSA continued to have doubts on a bank’s provisioning practices, it may use its enforcement powers.
Assessment	Compliant
Comments	Banks are required to supply the FSA with policy statements outlining their approach to asset classification and provisioning arrangements. External auditors routinely review the adequacy of banks’ provisions as part of the audit process. The FSA does not have a formal requirement that loans be classified when payments are contractually a minimum number of days in arrears (as called for in Additional Criteria 1, of the Core Principles Methodology) as the classification and provisioning system is not rule but principle-based. In practice, loans tend to be classified after 90 days of arrears. This system works well and actual provisioning levels in U.K. banks appear to be adequate. The FSA should consider introducing a requirement for periodic reporting on credit quality based on each bank’s own asset classification policy and internal credit ratings. This would strengthen off-site monitoring by allowing early identification of asset quality trends.
Principle 9.	Large Exposure Limits Banking supervisors must be satisfied that banks have management information systems that enable management to identify concentrations within the portfolio, and supervisors must set prudential limits to restrict bank exposures to single borrowers or groups of related borrowers.
Description	Each bank must set out its policy on large exposures in a written statement (IPRU Chapter GN Section 3.4.1R). The policy should outline the circumstances in which limits (e.g., types of counterparty, individual counterparties and connected exposures) may be exceeded and who is authorized to approve such excesses (e.g., a bank’s board or credit committee). The policy statement must be approved by the bank’s board and must be agreed with and copied to the FSA. The bank must review the policy statement and if necessary update it at least once a year. Any significant departures from the stated policy, e.g., new types of lending or breaches of existing limits, should not be incorporated without prior discussion with the FSA. A bank must have adequate systems and controls to enable it to monitor and control its large exposures in conformity with its large exposures policy statement and to calculate its large exposures accurately and promptly (IPRU Chapter GN Section 3.3.19R). The supervisor will verify the existence of such systems and controls. This will be done by periodic supervisory visits to the bank, ad hoc meetings with senior management and the board, skilled person reports and any thematic work that the FSA may seek to carry out in this area. Maximum limits for exposures to individual and group borrowers are set by the EU Large Exposures Directive (now included in the Consolidated Banking Directive), which has been fully implemented in FSA guidance. The chapter on large exposures in IPRU provides a comprehensive definition of ‘exposures’, which includes both on and off balance sheet items, and guidance covering the 10 percent and 25 percent limits and the calculation of a bank’s large exposure capital base. The limits, as well as the notification and reporting requirements, have to be met both on a solo and on a consolidated basis, as appropriate. A ‘closely related group’ is defined to exist either where two or more individual counterparties constitute a single risk because one of them has directly or indirectly, control over the other(s), or where individual counterparties are connected in such a way that the financial soundness of any of them may affect the financial soundness of the other(s) or the same factors may affect the financial soundness of both or all of them. Where there is doubt as to whether a number of individual persons constitute a group of closely related counterparties banks should discuss the circumstances with the FSA to determine how the exposure(s) should be reported (IPRU Chapter LE Section 5). A U.K. bank must notify the FSA if it proposes to enter into a transaction which would result in it having an exposure which exceeds 25 percent of its capital (IPRU Chapter GN Section 3.3.21R). In conformity with the EU Capital Adequacy Directive, excesses of the 25 percent limit may be allowed in certain limited cases, relating mostly to trading book positions. In such cases, an incremental capital requirement may be applied. In addition, the FSA may allow a breach of the 25 percent limit at the solo level as long as the limit is met at the consolidated level. All breaches of large exposure limits must be notified to the FSA immediately (IPRU Chapter LE Section 3). The FSA receives details of the twenty largest bank and non-bank exposures and any exposures of 10 percent or more of a bank’s regulatory capital base via a large exposures report submitted quarterly by U.K.-incorporated banks (SUP 16.7.8R). Branches of non-EEA incorporated banks submit half-yearly reports of their twenty largest bank and non-bank exposures (SUP 16.7.12R). These reports should be completed on an unconsolidated or solo-consolidated basis and on a consolidated basis. Concentrations of risk should be covered in a bank’s large exposure policy statement and significant concentrations of risk, both sectoral and geographic, would be considered during the FSA’s regular risk assessments. The FSA also frequently requests receipt of banks’ own management information to help verify adherence to the large exposure policy statement and limits.
Assessment	Compliant
Comments	Clear and precise regulations exist with respect to large exposures, reflecting the relevant EU Directive. The FSA’s requirement for banks to submit a written policy statement on large exposures is an appropriate means of stimulating prudent behavior in banks with respect to risk concentrations. Large exposure policies are monitored and enforced by the FSA using its normal supervisory tools.
Principle 10.	Connected Lending In order to prevent abuses arising from connected lending, banking supervisors must have in place requirements that banks lend to related companies and individuals on an arm’s-length basis, that such extensions of credit are effectively monitored, and that other appropriate steps are taken to control or mitigate the risks.
Description	Banks’ policies on connected lending should be included in their large exposures policy statements (IPRU Banks Chapter LE Section 8.1). Connected exposures are defined to include intra-group lending, lending to directors, senior managers, controllers (i.e., major shareholders) and their associates (including close family members), and lending to non-group companies with which the bank’s directors or controllers are associated (ibid. Section 5.3). The FSA retains discretion to determine whether a particular counterparty should be deemed to be connected to a bank where doubt exists. The FSA normally expects connected exposures to remain an insignificant proportion of a bank’s assets. Clear and objective credit assessment processes have to be used when banks consider proposals for connected lending. Exposures to connected parties may be entered into only for the clear commercial advantage of the bank and should be negotiated and agreed on an arm’s length basis. Factors a bank has to take into account when determining whether a loan is being made on an arm’s length basis include the extent to which shareholders can influence the bank’s operations (e.g., through voting rights), the management role of shareholders (e.g., whether they are also directors of the bank) and whether the loan would be subject to the bank’s usual monitoring and recovery procedures if repayment difficulties emerged (ibid. Section 5.3.7). Aggregated connected lending should be a maximum of 25 percent of a bank’s capital base. The FSA is prepared to consider requests from banks for higher limit levels than this in certain, very limited, circumstances. An example of this might be where the bank performs a group treasury function and it is reasonable to allow a limit higher than 25 percent of capital for exposures of under one year maturity. The requirements for connected lending concessions are set out in IPRU Banks (Chapter LE 9.2.2-9.2.5). With the exception of such agreed concessions within limited parameters, aggregate regulatory limits on banks’ connected exposures are as strict as those for single borrowers and groups of related borrowers. The FSA may deduct exposures to companies or persons connected to a bank from the bank’s capital base if they are of the nature of a capital investment or are made on concessionary terms (IPRU Chapter LE 5.3). Aggregated connected lending is reported to the FSA on a quarterly basis via a large exposures report. One of the checks supervisors make when examining these data is to ensure that they remain within the agreed limits. Since the FSA requires banks to report connected exposures, it requires banks to have systems in place to identify all connected exposures. The mission team was informed that the FSA also requires banks to provide a detailed breakdown of their exposures to connected counterparties. As with credit policies generally, verification of compliance with the requirements relating to connected lending may be undertaken during the course of supervisory or specialist credit visits or by commissioning skilled persons reports.
Assessment	Compliant
Comments	The FSA’s supervisory approach towards connected lending by banks offers sufficient safeguards that such lending will be undertaken only on an arm’s length basis. The requirements for approval of proposed exposures to companies or persons connected with the bank by the bank’s board of directors and for banks to have procedures in place to prevent persons benefiting from the loan taking part in the loan assessment process or in the loan decision(Essential Criteria 3 and 4 of the BCP Methodology) are covered by the general requirement for banks to take special care to ensure that a proper, objective credit assessment is undertaken for connected lending and by the more specific guidance on credit risk management and corporate governance given in the FSA’s Handbook. Also, the FSA requires the risk management function of a bank to be independent and therefore parties benefiting from a lending decision should not be part of the risk assessment process.
Principle 11.	Country Risk Banking supervisors must be satisfied that banks have adequate policies and procedures for identifying, monitoring, and controlling country risk and transfer risk in their international lending and investment activities, and for maintaining appropriate reserves against such risks.
Description	A bank’s approach to sovereign lending and to country exposure limits should be included in its large exposure policy statement (IPRU Banks Chapter LE Section 8.1). Although there is no specific requirement in this regard, the FSA expects the policy statement to include details of limits on a country-by-country basis. Exposures to overseas countries which exceed 25 percent of a bank’s capital base are not covered by the pre-notification requirements for large exposures. However, where a proposed transaction will result in an exposure which represents a significant departure from a bank’s large exposure policy statement, the FSA does expect the proposed transaction to be notified in advance and discussed with it. If the FSA is dissatisfied with a bank’s country risk policy, it may instruct the bank to reduce its exposures or to increase its capital. The FSA’s guidance for banks’ provisioning policy statements does not contain references to provisioning for country exposures. Provisioning for country risks is covered by the general requirement for banks to maintain adequate provisions. While the FSA does not set specific provisioning requirements it does expect banks to make appropriate levels of provisions after discussions with their external auditors. If the FSA thought that a bank had inadequate provisions it would seek to hold discussions with the bank and its external auditors in order to ensure that provisioning levels are reasonable. A bank’s adherence to its country risk and provisioning policies will be checked by the FSA by desk-based reviews, during on-site inspection visits or, where appropriate, by means of a skilled persons report. The FSA will obtain information on country, sectoral and regional exposures from banks’ internal monitoring systems and will discuss them with banks’ management in the context of their large exposures policies (IPRU Banks Chapter LE Section 9.2.7.21). By doing so, the FSA is able to assess whether banks have information systems, risk management systems and internal controls that enable them to comply with their country risk policy as set out in their large exposure policy statements. The FSA also has access to country exposure statistical data collected from banks by the Bank of England, including individual banks’ returns. These returns identify cross border claims by country and sector. Bank of England data relating to country risk and transfer risk are collected quarterly and must be submitted to the Bank of England within two months of the reporting date.
Assessment	Compliant
Comments	While the FSA does not provide specific guidance with regard to country risk exposures and provisioning, it does require and verify that banks devote adequate attention to these issues. The FSA has abandoned the previous policy of setting individual country risk exposure limits because it was not possible to define such exposures generically. Also, the FSA prefers to focus on control risks instead of regulating banks’ business risk policies. The approach now taken by the FSA on country risk is in line with international risk management practices.
Principle 12.	Market Risks Banking supervisors must be satisfied that banks have in place systems that accurately measure, monitor, and adequately control market risks; supervisors should have powers to impose specific limits and/or a specific capital charge on market risk exposure, if warranted.
Description	Banks are required (IPRU Chapter GN rule 3.4.7) to have a written Trading book policy statement that covers the way in which a bank identifies, values and measures market risks in the trading book, including interest rate risk. Each bank is expected to be able to identify, measure, monitor and control its exposures to foreign exchange and other market risks across all products (IPRU Banks Chapter AR Section 3.2). Each bank is also expected to be able to collect information that can be summarized in such a way as to enable actual exposures to be readily, accurately and regularly measured against the exposure limits authorized by management. Where relevant, these limits should relate to the level of trading positions (both intra-day and overnight) in securities, foreign exchange, futures, options, forward rate agreements and swaps. Periodic reviews are conducted to verify the adequacy of a bank’s internal control systems. The FSA has imposed specific capital charges for market risks (IPRU Chapter CO Section 3). In accordance with the 1996 amendment to the Basel Capital Accord and the EU Capital Adequacy Directive, U.K. incorporated banks are set capital charges for foreign exchange and commodities position risk in the banking and trading books combined. Separate capital requirements are set for equity and interest rate position risk, as well as counterparty, underwriting and settlement risk, in the trading book. To ensure that the calculation of capital charges for market risks is valid firms need good management systems to collate accurate data. The supervisor will determine compliance with these requirements through desk based analysis of returns, information gained from on-site visits or on-going discussions with senior management. Also, in addition to standard regulatory reporting, banks are often requested to provide ad hoc reporting of their own management information (including analyses conducted). Because of its tailor-made nature this information usually offers greater insight into the market risk being run by the bank. On-site visits to banks by supervisory staff and/or a specialist team are used to ascertain the extent of senior management’s understanding of the market risk as reflected in the risk management information. For banks with significant market risk exposure, the FSA will meet a range of staff, including senior management, staff from the front office, financial control, risk management, operations, systems development, information technology and audit areas, to assess the quality of market risk management and controls. The adequacy of a bank’s system of controls is tested by periodic reviews conducted either by FSA in-house specialists or skilled persons. The FSA has established a Traded Risk Review Team within the Risk Review Department. This team focuses on banks’ trading and markets activities and its management. It has specialists with the necessary expertise to undertake, among other activities, on-site visits to review treasury systems and controls. On-site visits by the Traded Risk Team typically last between one and three days. The purposes of on-site visits include the evaluation of whether a bank’s internal market risk measurement and pricing models can be recognized for the purposes of calculating market risk capital requirements. Once a model is recognized, the team will conduct quarterly update visits during which the control environment in which the model is operated is discussed along with model outcomes, backtesting and other relevant data. The provision of this data is shortly to be automated to enhance the FSA’s ability to track trends and make comparisons. A bank that uses an internal model to calculate supervisory capital should have in place a rigorous and comprehensive program of stress testing. As set out in IPRU (Chapter TV Section 9), the FSA attaches great importance to the stress testing of the various risks facing a bank in its overall activity. As part of the model recognition process, the FSA will examine a bank’s stress testing program, including the procedures in place to assess and respond to its results. The FSA will not normally prescribe scenarios for a bank to use in stress testing, although it may do so in the event of particular market circumstances.
Assessment	Compliant
Comments	The FSA uses specific capital requirements for separate categories of market risks. Compliance with these requirements is determined through desk-based analysis and on-site visits. The adequacy of the bank’s system of controls surrounding market operations is tested by periodic reviews conducted either by FSA in-house specialists or skilled persons. In view of the number of banks, the Traded Risk Review Team appears to be thinly staffed. This applies even though only the relatively limited number of 10 to 12 banks (most of them foreign-owned) engage in the trading of highly complex financial products, while a similar number of banks is allowed to use value-at-risk models for calculating supervisory capital adequacy requirements.
Principle 13.	Other Risks Banking supervisors must be satisfied that banks have in place a comprehensive risk management process (including appropriate board and senior management oversight) to identify, measure, monitor, and control all other material risks and, where appropriate, to hold capital against these risks.
Description	Banks are required to maintain systems and controls that are appropriate to their business (IPRU SYSC 3.1.1R). According to the Threshold Condition on Suitability, regulated firms (including banks) are expected to have identified fully, and considered, the various risks they will encounter in conducting their business and installed appropriate control systems to manage them prudently at all times. It is considered to be the responsibility of a bank’s directors and management to take reasonable care to establish and maintain such systems and controls as are appropriate to the nature, scale and complexity of its business. The FSA has provided banks with guidance on adequate controls and records (IPRU Banks Chapter AR Section 3). Among other things, the guidance states that banks should design and operate a system of internal controls that provides reasonable assurance that all the bank’s revenues accrue to its benefit, all expenditure is properly authorized and disbursed, all assets are adequately safeguarded, all liabilities are recorded, and statutory and supervisory requirements are met. Management information should be prepared to show the bank’s state of affairs and its exposure to each type of risk, compared to the relevant limits set by management. The FSA expects banks’ high level controls to include the setting of strategy and plans and the establishment and review of the organizational structure and the system for delegation (including segregation of duties). In addition, management should approve the bank’s risk policies, review its high level management information and maintain the framework for monitoring and detailed periodic review of risk management and control systems. The implementation of action points following such a review should be monitored by management. Internal control systems should provide reasonable assurance that management is able to monitor on a timely basis the adequacy of a bank’s capital, liquidity, profitability and the quality of its assets. They should enable management to monitor and control the bank’s risk and to make appropriate provisions for bad and doubtful debts. The FSA expects banks to have an internal audit function (but in some cases it may be outsourced) and an audit committee. Banks are required to provide the FSA with a statement of liquidity policy (IPRU Chapter LM Section 3) that should set out their approach to liquidity management, including a description of arrangements for management on a day-to-day basis, and should explain how much liquidity risk will be assumed. The liquidity standards that banks should maintain must be appropriate to the nature and scale of their business. A bank should have in place systems which enable it to monitor its liquidity profile on a frequent and timely basis. A bank with significant currency business should include in its policy statement the policy for monitoring and controlling its liquidity positions in individual currencies. The policy statement should also consider the management of liquidity in both normal and abnormal circumstances. The FSA monitors banks’ liquidity using either a mismatch approach or a stock approach. For the majority of banks, the FSA has set mismatch guidelines that take into consideration the volatility, diversity and source of deposits, any concentrations of deposits, the degree of reliance on marketable assets and the degree of diversification, the availability and reliability of undrawn standby lines, and the impact of other factors such as off balance sheet obligations (IPRU Chapter LM Section 8.1). For the minority of banks that have a large retail deposit base in the form of current accounts, the FSA has set a sterling stock liquidity regime that requires a bank to hold a stock of liquid sterling assets that can easily be sold to replace funding that has been withdrawn. A more limited range of assets is treated as liquid under the stock approach than under the mismatch approach to reflect the fact that significant sales of certain assets by a large bank might unsettle the market. For U.K. branches of foreign banks, the mismatch approach is normally applied, with the additional requirement that the available liquidity actually has to be present in the U.K. However, if the FSA is satisfied that a branch is fully integrated with its head office for liquidity management purpose and that it can rely on the home country supervisory regime, it may permit the branch to have its liquidity managed on a global basis by its head office. Banks on the stock liquidity regime have to report their liquidity position to the FSA on a monthly basis, while banks on the mismatch regime have to report on a quarterly basis. In case a bank is experiencing liquidity problems, it may be required to report more frequently, if necessary on a daily basis. The stock liquidity report has to be prepared on a consolidated basis. While the FSA does not normally collect liquidity data in individual currencies it may require a bank to report on this basis if it has significant operations in illiquid currency markets. Supplementary to regulatory reporting, the FSA monitors liquidity risk through on-site visits, during which discussions may be held with a bank’s ALM committee. Such visits also provide the opportunity to determine management’s ability to understand and address technical issues such as those relating to multiple currency liquidity management. No specific guidance is given with respect to banks’ interest rate risk outside the trading book. The mission was informed that the FSA does not see a need for such guidance since many banks have a large proportion of floating rate assets in their banking book, reducing the potential for interest rate risk. However, the FSA has made it known to banks that it will use the Basel Committee’s Principles for the Management of Interest Rate Risk to asses the adequacy of a bank’s interest rate risk management. The FSA conducts stress tests on interest rate positions in the banking book, particularly for the larger banks. In addition, interest rate risk in the banking book is among the issues that are explicitly considered by the FSA when setting a bank’s individual capital ratio requirement (as are operational risks). In practice, individual supervisors’ analysis of interest rate risk in the banking book, which is typically based on discussions with the bank and management information, rarely results in a material increase in a bank’s individual capital ratio. With regard to operational risk, each bank is expected to have a control environment that minimizes loss from fraud, safeguards the assets, controls the liabilities and provides reasonable reassurance that the business is conducted in adherence to established policies (IPRU Chapter AR Section 3.3). Some specific guidance is given on controls in an IT environment (ibid. Section 3.3.6), while relatively detailed guidance is given on outsourcing (IPRU Chapter OS). Furthermore, each bank is expected to have appropriate arrangements to ensure business continuity in the event of an unforeseen interruption (SYSC 3.2.19). Through on-site visits, the FSA may check the effectiveness of allocated responsibilities, lines of reporting, the delegation of authority and other operational risk controls. As noted above, operational risk is one of the factors considered by the FSA when setting banks’ individual capital ratio requirement. The FSA does not currently require a specific operational risk policy statement (in contrast to large exposures, liquidity, provisioning and, where applicable, the trading book). The FSA encourages best practice in corporate governance. This includes banks making comprehensive disclosure in their annual published accounts. The FSA has also successfully exercised pressure on individual banks to inform their customers of significant issues by means of a letter.
Assessment	Compliant
Comments	Each bank is required to maintain systems and controls that are appropriate to the risks in conducting its business. The FSA has issued guidance relating to liquidity risk, interest rate risk and key aspects of operational risk, and it applies specific capital requirements to foreign exchange risk. The FSA verifies the extent to which a bank’s risk management system addresses the key banking risks during on-site visits. The FSA’s approach to monitoring liquidity under the mismatch or stock regimes appears somewhat dated in that it is not aligned to banks’ own approaches to measuring and managing liquidity, at least for the more sophisticated banks. The FSA has recently begun considering the development of a new approach which would give banks a choice between a standardized measurement technique and the use of liquidity modeling techniques for liabilities with a behavioral maturity and contingent claims. Such an approach would be designed to create incentives for banks to further develop their own liquidity measuring and management techniques. Although the actual implementation of this new approach still appears to be some years off, the mission believes it could constitute a significant step forward.
Principle 14.	Internal Control and Audit Banking supervisors must determine that banks have in place internal controls that are adequate for the nature and scale of their business. These should include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding its assets; and appropriate independent internal or external audit and compliance functions to test adherence to these controls, as well as applicable laws and regulations.
Description	The Companies Act 1985 prescribes the duties of directors who manage a company and are responsible for protecting the interests of members (shareholders) and employees. The Act applies to all companies, including banks. Any bank listed on the London Stock Exchange is subject to a Listing Rule and Combined Code which reflect the recommendations of the Committee on Corporate Governance (‘the Hampel Committee’). There is a requirement to produce a statement of directors’ responsibilities. The Combined Code is not prescriptive about the contents of the statement but there is an expectation that it will cover the responsibility of the directors for keeping proper accounting records, for safeguarding the assets of the company and for taking reasonable steps for the prevention and detection of fraud and other irregularities. In addition, the Combined Code (provision D.2.1) states that ‘the directors should, at least annually, conduct a review of the effectiveness of the group’s system of internal control and should report to the shareholders that they have done so. The review should cover all controls including financial, operational and compliance controls and risk management.’ Specific internal control requirements for banks, together with adequate record keeping requirements, are outlined in SYSC and IPRU Banks (Chapter AR). SYSC requires a bank to allocate appropriately to one or more individuals the functions of dealing with the apportionment of significant responsibilities and of overseeing the establishment and maintenance of systems and controls. Banks must take reasonable care to establish and maintain such systems of controls as are appropriate to the nature and scale of their business (SYSC, 3.1.1R). Banks are also required to have documented high level controls defining responsibilities of management and identifying lines of reporting and outlining the implementation of the requirements with respect to segregation of duties, accounting records and measures to safeguard assets (SYSC 3.2 and IPRU Chapter AR Section 3.3.5). The FSA also requires that banks have procedures to ensure that personnel have capabilities commensurate with their responsibilities and that they have implemented effective segregation of duties (IPRU Chapter AR Section 3.3.5). Furthermore, it is a requirement of IPRU (Chapter AR Sections 3.3.9 and 3.3.10) that banks have an internal audit function. However, the primary responsibility for preventing internal fraud lies with senior management. The internal audit function should have clear responsibilities and its objectivity and independence should be supported by appropriate reporting lines. In most cases this would be dual reporting lines from the head of internal audit to the chief executive officer, or equivalent, and access to the audit committee (IPRU Chapter AR Sections 3.3.9 and SYSC 3.2.16G). The internal audit function should have unrestricted access to all of a bank’s activities, records, property and personnel. A bank may outsource its internal audit function but normally not to its external auditors or skilled persons, unless certain conditions aimed at safeguarding the independence of internal audit are met. Any proposals to outsource the internal audit function should be notified to the FSA (IPRU Chapter OS Section 4.7). External auditors test a bank’s accounting procedures during their audit of the financial statements. They report significant deficiencies they have found in a letter to the bank’s management. External auditors are allowed to notify the FSA of any information they have found and which appears to be relevant to the FSA’s supervisory objectives (FSMA section 342). However, if the auditors consider any deficiency they have found to be material, they normally expect the bank’s management to forward the management letter to the FSA. Failure to do so would be interpreted as a lack of integrity on the part of the bank’s management. This would be reported to the FSA by the external auditors themselves. To carry out the role of directors and senior management, individuals have to be vetted and approved by the FSA. To gain approval they have to be considered fit and proper (FSMA Schedule 6, paragraph 5) which consists of being honest, competent to carry out their function and financially sound. The applicant has the burden of satisfying the FSA that he is a fit and proper person having regard to all circumstances. The FSA takes into account the distribution of expertise within the board when considering individual applicants. Once approved these individuals must maintain their fitness and propriety. If any of the senior management is deemed to be no longer fit and proper, the FSA has the power to initiate proceedings for the individual to be removed. The FSA follows both the Cadbury and Hampel guidance on Audit Committees and the inclusion of non-executive directors (IPRU Chapter AR Section 3.3.10). In accordance with the FSA’s internal Guidance for firm specific risk assessment and risk mitigation (Appendix 3, Corporate Governance, version 5, November 2001), there should be an appropriate proportion of nonexecutive directors to executive board members. The FSA checks through meetings during on-site visits and reviews of relevant documentation (e.g., board minutes and audit committee minutes) that a bank’s non-executive directors (a) have the necessary skills and background, (b) participate fully in committee meetings and (c) exercise independent judgment. Non-executive directors have to be vetted and approved by the FSA. The FSA has wide powers to require banks to provide information (FSMA Section 165) and the power to require the provision of a report on the firm by a skilled person (FSMA Section 166). If deemed necessary, the FSA can request copies of internal audit reports and minutes of audit committee meetings. The quality of the internal audit function may be assessed during on-site visits. The FSA also meets, at least annually, with the chairman of a bank’s audit committee. The effectiveness of front, middle and back office functions may be reviewed either through regular on-site supervisory visits, specialist visits or via the use of skilled persons.
Assessment	Compliant
Comments	The duties of directors are prescribed by company law and banks are expected to adhere to the accepted standards of corporate governance. The FSA requires banks to take reasonable care to put in place controls that are appropriate to the nature and scale of their business. This includes high level management controls (covering management responsibilities, reporting lines, segregation of duties and measures to safeguard assets). The FSA expects banks to have an appropriately resourced internal audit function which reports to an audit committee chaired by an independent director.
Principle 15.	Money Laundering Banking supervisors must determine that banks have adequate policies, practices, and procedures in place, including strict “know-your-customer” rules, that promote high ethical and professional standards in the financial sector and prevent the bank being used, intentionally or unintentionally, by criminal elements.
Description	Essential criteria As a statutory objective FSMA requires the FSA to reduce the potential for regulated businesses, including banks, to be used for a purpose connected with financial crime. Under FSMA financial crime is defined as money laundering, fraud or dishonesty, and criminal market misconduct. FSMA provides the FSA with a range of powers to make rules on firm’s systems and controls relating to money laundering, to supervise firms’ compliance with those requirements and to prosecute firms for systems and controls failures in this area. FSA’s Money Laundering Rules and regulatory requirements are set out in the Money Laundering Sourcebook in the Handbook. The requirements for effective systems and controls to protect against money laundering are elaborated in ML 7.2. ML 3 details customer identification requirements. ML 4 specifies the requirements with respect of suspicious transactions reporting. ML 7.3 specifies record keeping requirements on customer identification and individual transactions and the record keeping period. Awareness and training are required under ML 6 and the appointment of a senior officer as Money Laundering Reporting Officer (MLRO), including the requirement that the MLRO be an approved person by FSA, is provided for in ML 7. Both the FSA’s Rules and the Money Laundering Regulations 1993 (“the “Regulations”) require banks to verify the identity of customers as soon as is reasonably practicable after contact is first made, in order to carry out any regulated financial activities for them. The obligation to verify identity extends to business undertaken on behalf of another person. To assist a bank in meeting these statutory and regulatory obligations, industry guidance has been prepared in the form of the Joint Money Laundering Steering Group’s (JMLSG) Guidance Notes. The guidance notes provide extensive information on how and when to identify customers. The guidance notes are not mandatory but the FSA will take them into consideration in evaluating whether a bank has proper customer identification procedures. Neither the FSA’s Rules nor the Regulations explicitly require banks to have formal procedures in place to recognize suspicious transactions. However, the practices recommended in the JMLSG Guidance Notes cover many of the elements that might be incorporated in formal procedures. The Guidance Notes set out that appropriate ‘know your customer’ procedures, combined with adequate staff training, are the key to recognizing transactions or patterns of activity that are inconsistent with a customer’s known legitimate business, or with the normal business for that type of account. Accordingly, many banks routinely monitor cash deposits/withdrawals, and wire transfers over a certain monetary threshold (typically a few thousand pounds) and some major banks have developed or purchased sophisticated anti-fraud and money laundering monitoring systems. FSA Rules and Regulations require all bank staff to report (to the MLRO) any information that gives rise to knowledge or suspicion of money laundering. Further, the bank is required to take reasonable steps to insure that staff who handle or have responsibility for transactions that may involve money laundering report promptly. Reporting the suspicion or knowledge to the MLRO discharges the individual’s statutory and regulatory responsibilities. The MLRO, as an Approved Person, has the designated responsibility to receive internal reports of suspicious activities, to report suspicious activities to NCIS, to insure adequate awareness and training, to monitor day-to-day compliance with anti-money laundering policies and to prepare an annual report to management. The purpose of the annual report is to highlight any compliance problems, which it is the responsibility of the bank’s senior management to remedy. FSA supervisors can request a copy of the report to assist in assessing the bank’s level of compliance with its statutory and regulatory obligations. A bank is not specifically required to report to FSA suspicions of money laundering; the obligation is to report to NCIS. But banks do have a regulatory obligation to notify the FSA of significant incidences of fraud. In determining whether a fraud incident is significant, the firm must consider (i) size of loss in relation either to the bank itself or to customers; (ii) risk of reputational loss; and (iii) whether the incident reflects weaknesses in the bank’s internal controls. The FSA operates a risk-based approach to verifying that banks have the necessary controls to comply with anti-money laundering rules and regulations. The approach is designed to allocate resources in the most efficient manner to ensure that supervisory attention is directed at those areas that pose the greatest threat to the FSA’s regulatory objectives, with deterrence of financial crime being one of those objectives. To assess the vulnerability of a bank to money laundering, FSA identifies key risk criteria drawn from money laundering typologies. These criteria are scored against the business profile of individual banks. Taking into account the robustness of a bank’s control regime, FSA makes an evaluation of the extent to which the business of the bank exposes it to money laundering risk and the probability that risk will materialize. A further judgment is made about the impact if such risks do materialize and the threat this would pose to FSA’s ability to meet its statutory objectives. For banks, size is a major factor in scaling the risks to FSA’s objectives. Based on this analysis FSA arrives at a judgment about the supervisory tools and resources to be devoted to the supervision of money laundering and the intensity and focus of oversight on individual firms. In a July 2001 report, “The Money Laundering Theme,” FSA announced that it had identified six “clusters” of activities which were particularly vulnerable to money laundering and on which regulatory attention would focus. Two of these clusters concerned banks. Theme supervision provides FSA with a tool for horizontal review of practices across banks without regard to the risk profile of the bank in other business areas. Thematic work includes on-site testing of anti-money laundering procedures. Theme reviews, however, are also targeted based on risk assessments. To assist line supervisors assess the level of a bank’s compliance with the FSA’s Rules and Regulations the FSA has: a Money Laundering Review Team (supervisors with expertise in the area of money laundering); the power to appoint “skilled persons” to investigate money laundering compliance issues; an Intelligence and Records Department, which liaises with national and international law enforcement agencies; and the Financial Crime Policy Unit, which provides guidance on the Rules Line supervision includes periodic meetings with senior management responsible for fraud prevention to discuss current issues that may be of concern. MLRO reports may be copied to the FSA and followed-up as necessary. They will also be used in horizontal reviews. FSA has a broad range of tools to compel banks to comply with its rules. These include powers to impose financial penalties, public censure, and to vary and even cancel permissions. FSA is also a criminal prosecuting authority under the Regulations. FSA cannot disclose confidential information (as defined under relevant legislation) unless a gateway exists. The FSA may disclose information to its international equivalents, i.e., bodies with equivalent functions, to assist them in carrying out those functions. In the case of information covered by the EU single market directives, disclosure can only be made under a co-operation agreement and where equivalent confidentiality restrictions apply under the laws applying to the other regulator. Banks are required to comply with the FSA’s Principles for Businesses, which are a general statement of fundamental obligations under the regulatory system. Breaching a Principle makes a bank liable to disciplinary sanctions. Principle 1 states that ‘a firm must conduct its business with integrity and Principle 2 states that it “must conduct its business with due skill, care and diligence.” There is no specific FSA requirement that these Principles be communicated to all members of a bank’s staff. Additional Criteria U.K. laws and regulations embody international sound practices and are largely compliant with the FATF recommendations. FSA Rules require relevant staff to receive training at least every 24 months. Validation follows supervisory practices outlined above. FSA Regulations require an FSA supervisor to report knowledge or suspicion of money laundering in the same way as a member of staff employed by a bank. Criminal law gateways allow for the sharing of information for the purpose of criminal proceedings and criminal investigation in the U.K. or elsewhere. The FSA has in-house specialist expertise in financial crime matters, as outlined above.
Assessment	Largely compliant
Comments	FSA has strong powers and a comprehensive program for supervising the U.K. anti-money laundering practices and procedures of banks. The regime has been reinforced and energized within the last two years, notably by the implementation of FSMA with the additional responsibility and powers it provides to FSA in the area of financial crime. The regime will be further reinforced with passage of the Proceeds of Crime Act which is expected to be approved by Parliament in 2002. Increased FSA authority has been paralleled by intensified supervisory effort in the area of money laundering. The intensification of FSA supervision was confirmed in numerous contacts across the banking industry. Essential Criteria 3 requires that “banks have formal procedures to recognize potentially suspicious transactions.” Although FSA does not make such procedures a formal requirement of its AML/CFT rules and regulations, other elements of the supervisory regime effectively require banks to have structured procedures and practices that address the requirement to recognize potentially suspicious transactions. The JMLSG Guidance Notes cover many of the elements that might be incorporated in formal procedures, including “know your customer” guidance. For example, JMLSG Note 5.9 outlines tests to apply for determining whether suspicion of money laundering arises. These include: is the size of the transaction consistent with the normal activity of the customer? is the transaction rational in the context of the customer’s business or personal activities? etc. Guidance Notes 5.62-5.64 identify issues to be considered with respect to wire transfers. AML training requirements established in the Handbook require bank staff to be familiar with the Guidance Notes. Although the Guidance Notes are advisory, not mandatory, FSA takes them into account in determining compliance with its rules and regulations. In addition, the FSA Handbook requires all staff to report (to the MLRO) any information that gives rise to knowledge or suspicion of money laundering. Under the Regulations and under the Handbook FSA has authority to impose sanctions if firms fail to report suspicious transactions. While the substance of Essential Criteria 3 is satisfied, the FSAP team believes bank’s internal governance would be strengthened by a requirement for a formal policy on recognition of potentially suspicious transactions. Essential Criteria 11 calls for the supervisor to determine that banks have a policy statement on ethics and professional behavior that is clearly communicated to all staff. Although FSA does not explicitly require banks to have such a policy statement, the substance of Criteria 11 is achieved in other ways. Requirements for ethical and professional behavior animate FSA’s approach to financial supervision. For example, such behavior is required under FSA’s Principles for Business. Principle 1, Integrity, states that a firm must conduct its business with integrity. Principle 6, Customer’s interest, states that a firm must pay due regard to the interests of its customers and treat them fairly. The FSA’s Statements of Principle for Approved Persons require bank’s Approved Persons to act with integrity and due skill, care and diligence in carrying out controlled functions. Furthermore, under Regulation 5(1)(a) of the 1993 Money Laundering Regulations FSA may find a firm to be in breach of the Regulations if a business relationship is formed, or a one-off transaction takes place, without the required ethical and professional procedures being applied to that particular relationship. The FSA risk based approach to supervision allows for considerable selectivity in the firms and risks that attract close supervision, with high risk/high impact firms being the primary focus of attention. The FSAP team considered the possibility that the selectivity of this approach posed a hazard that anti-money laundering compliance in smaller, low impact firms might not be sufficiently disciplined by the supervisory process. The FSAP team satisfied itself that, at least with respect to banks, this is not the case. In the last year one-third of the small number of banks classified as low impact have been subject to theme visits for compliance with anti-money laundering requirements and all are expected to be visited over a three-year cycle. Also, in practice, money laundering theme reviews of banks cover the full scope of money laundering risks and are not limited to the two risk clusters identified in “The Money Laundering Theme” report.
Principle 16.	On-Site and Off-Site Supervision An effective banking supervisory system should consist of some form of both on-site and off-site supervision.
Description	The FSA utilizes a combination of on-site examinations and desk-based analysis to acquire a thorough understanding of banks’ safety and soundness. The regular supervisory staff is supported by risk review teams with specialized expertise in areas such as corporate governance, risk management, internal audit, IT, anti-money laundering controls and quantitative modeling techniques. To assist in the supervision of financial firms the FSA has the power to appoint so-called skilled persons (section 166 of the FSMA). In the case of banks, these are usually auditors from the big five accountancy firms. The number of skilled persons reports commissioned has been greatly reduced as they are no longer used to perform routine validation of supervisory returns. The skilled persons’ reports are discussed generically with the accountancy firms to ensure consistency of standards and the FSA forms its own judgment on the materiality of the issues raised in the reports. Through these mechanisms the FSA is able to examine any aspect of a bank’s operations, including compliance with legal requirements and prudential regulations. In addition, the FSA carries out sector-wide statistical analysis of prudential returns, financial statements, share price movements, credit ratings and other quantitative information to monitor industry trends and to identify outliers. The FSA has developed a risk-focused assessment model, covering all regulated entities in the financial industry. The model is designed to identify the key risks that institutions pose to the FSA’s statutory objectives, which in turn determine the degree of attention that the FSA devotes to individual institutions. This risk assessment is based on a view of the impact and the probability of a problem occurring at a particular institution. For prudential issues in banks, the impact is seen as being determined mostly by the size of the bank, while the judgment on probability depends on the FSA’s view of the business and control risks at a particular bank. Banks are rated either as high impact, medium high impact, medium low impact, or low impact. The risk based approach, in combination with the FSMA’s philosophy that it is neither possible nor desirable to remove all risk of failure from the financial system, has led the FSA to concentrate its supervisory activities with regard to banks on the larger institutions. In addition to the industry-wide risk assessment model, the FSA uses a firm-specific model to assess risks in individual institutions. This assessment is based on a detailed breakdown of business and control risks in individual banks. For a large bank, up to about 35 different business lines may be distinguished. Inputs into the firm-specific risk assessment model may include information from on-site work, interviews with management, prudential returns, firms’ annual AML report, external auditors’ management letters, special information requests and publicly available information. Findings of a bank’s internal auditors may be taken into account if the FSA is satisfied that the audit work has been independently and competently performed. The FSA encourages internal auditors to devote attention to issues of interest to the supervisor in their work. On-site and off-site work are thus integrated through the firm-specific risk assessment model. The firm-specific risk assessment process will take three to six months to complete and, for large banks, is carried out on a one and a half to two year cycle. The process results in a risk mitigation program that details the supervisory work with regard to the institution over the period until the next risk assessment cycle as well as actions to be undertaken by the institution itself. The supervisory work planned in this manner leaves room to undertake event-driven work as the need arises. On-site supervision is most active in high impact firms, including regular visits by the dedicated supervisory team, focused reviews by experts drawn from the FSA’s risk review department, as well as frequent contacts with high and middle level managers. Low impact banks, on the other hand, are largely supervised through off-site baseline monitoring supplemented occasionally by on-site visits in the context of the FSA’s thematic work, to deal with issues that have arisen from the off-site monitoring, or on the occasion of events such as the bank entering into new activities or the appointment of a new director. On-site visits at low impact banks will be held at least once every three years, but on average they are held more often in practice. Under the new regime, low impact banks no longer have a dedicated relationship manager within the supervisory authority. As of June 2002, 44 banks had been graded by the FSA as low impact (excluding 7 EEA branches and 9 banks which are part of a wider group). Sixteen of these were branches of overseas banks and the other 28 included small retail banks as well as some banks specializing in wholesale operations. Six low impact banks were subject to intensive supervision because risks had crystallized. Total deposit liabilities of the low impact banks amounted to 0.03 percent of total deposit liabilities of all U.K. banks. On-site visits are designed to provide a focused review of well specified topics. They typically require around three days extending up to one week in some cases. The scope of visits and the intended outcomes are detailed in the risk mitigation program generated by the firm-specific risk assessment. On-site visits by a bank’s dedicated supervisory team consist of extensive discussions with various managers supplemented by some file reviews. Topics addressed may cut across the full range of supervisory interests, including all significant business and control risks as well as compliance issues. The dedicated teams are guided by methodological aide-mémoires outlining specific points for attention in particular risk areas. For international firms, the FSA has a regular program of on-site visits to the overseas parents of the branches and subsidiaries of foreign firms operating in the U.K. and to the affiliates of U.K. banks operating overseas. The FSA has recently begun development of so-called thematic regulation, which is aimed at analyzing industry or sector wide issues by focusing on a sample of institutions. This has been assisted by the establishment of Risk Management Units throughout the FSA, including one devoted to banking issues, which have responsibility for monitoring industry-wide risk. The sample of institutions usually includes some low impact firms. Themes that have been covered so far in the banking sector include credit risk, systems and controls, anti-money laundering measures as well as other topics. The thematic work helps inform the FSA’s views on particular risk areas and may lead to follow-up work at individual institutions. The outcome of the thematic work may be rule changes, guidance letters to bank directors, seminars or speeches to draw banks’ attention to particular issues. The thematic work may also lead to enforcement action against a firm that was included in the sample. Such action would be publicized to set an example for other banks. If significant issues have been uncovered, the FSA may decide to extend the thematic work to banks outside the initial sample. The effectiveness of on-site and off-site functions is reviewed by a panel of senior and independent supervisors as part of the FSA’s formal risk assessment process. The panel focuses on the risk mitigation programs for individual banks, particularly the ones assessed as high impact or medium high impact, assessing the priorities set for supervisory work and giving advice on the proposed deployment of supervisory tools. In case of disagreement with a bank’s relationship manager, a decision is taken at a higher level within the FSA. This work is supplemented by an internal Quality Assurance Department, which is in the Chairman’s Office, that focuses on supervisory processes generically. The FSMA (Part XXIII) sets out restrictions that apply to the disclosure of supervisory information which is confidential under the Act. However, the FSMA and secondary legislation do allow the FSA to provide confidential information to other regulators, on condition that the information continues to be subject to restrictions on disclosure equivalent to those in the FSMA. In case another regulator requests the FSA to provide it with confidential information, the FSA will satisfy itself that this condition is met. The FSA is able to refuse requests for confidential information except in limited cases relating to court orders in criminal proceedings or Parliamentary enquiries.
Assessment	Largely compliant
Comments	The FSA’s supervisory process for banks consists of a combination of on-site visits, desk-based analysis and formal firm-specific risk assessment. Information from a variety of sources feeds into the process, including skilled persons’ and internal and external auditors’ reports. In addition, the FSA has begun developing thematic regulation. The FSA’s risk based supervisory approach implies that it focuses its resources on those firms that pose the highest potential risks to its objectives. Thus, banks that are considered to have a high potential impact on the objectives receive extensive supervisory attention. They are assigned a dedicated supervisory team, consisting of up to seven staff members, that will maintain frequent management contact and conduct on-site visits. The dedicated teams may request focused investigations into specific risk areas by specialized risk review teams or skilled persons. Banks graded as medium high or medium low impact will have a less intensive supervisory relationship with the FSA than the high impact banks but will nevertheless receive regular on-site visits. For some banks, however, in particular those that are considered to pose a low potential risk to the FSA’s objectives, the risk-based approach implies that they will not have a close and continuous interaction with the FSA. No on-site examinations will normally be held at these banks to verify adherence to legal and prudential requirements, and management contact will be relatively infrequent. Unless specific risks have crystallized, reliance is placed primarily on off-site monitoring of prudential returns and external auditors reports, occasionally supplemented by work conducted in the context of thematic regulation or event-driven work. In terms of protecting consumers and safeguarding market confidence, and obviously also simply because of size, it is clearly justified to concentrate scarce supervisory resources on the larger banks. However, as Essential Criterion 1, requiring an in-depth understanding of individual banks’ operations, does not distinguish between large and small banks, it applies to smaller banks’ operations as well. Undue reliance on off-site monitoring makes it difficult to achieve this level of understanding, particularly with respect to control arrangements and compliance requirements in, for example, the area of anti-money laundering. The FSA recognizes this and is considering refining its risk assessment methodology to take more explicit account of all four of its statutory objectives, including the one on combating financial crime. In fact, in the period from January 2000 to July 2002, it has already conducted anti-money laundering visits to 14 of the 44 low impact banks. To the extent that risk based supervision will continue to entail less reliance on direct oversight of lower impact banks and more reliance on baseline monitoring, consideration should be given to more frequent reporting of audited returns and more regular disclosures by all banks, along the lines recommended in the comments on Principle 19 below. Audited returns would to some extent provide indirect confirmation of the integrity of the bank’s internal systems and controls in view of the auditors’ duty to report to the supervisor any material shortcomings revealed in the audit. They would also provide stronger underpinning for offsite monitoring. Some concern was expressed by industry sources that the turnover rate of supervisory staff in the dedicated teams was too high to enable the FSA to build up thorough firm-specific knowledge. However, it is the mission’s view that this is a relatively minor issue of a transitory nature as it appears to be related to the changeover to the new supervisory regime (see also Principle 1(2)). The number of staff in the risk review teams (46 budgeted as of May 2002) appears to be somewhat small considering that they are not exclusively devoted to the banking sector but are also contributing to the supervision of the other sectors regulated by the FSA. Skilled persons reports may be commissioned to augment specialist supervisory capacity. However, skilled persons investigations are expensive relative to the FSA’s own on-site work and the FSA strives to keep the costs of supervision proportionate with the risks to its objectives. The FSA should take care to ensure that sufficient supervisory attention is devoted to specific risk areas that require highly specialized expertise, such as credit risk classification systems, market risk management and IT security.
Principle 17.	Bank Management Contact Banking supervisors must have regular contact with bank management and a thorough understanding of the institution’s operations.
Description	The intensity of the FSA’s supervisory relationship with individual banks is influenced by the assessment of the bank’s risk management procedures and practice and by the FSA’s assessment of the risks that banks pose to its statutory objectives. The FSA considers that well-managed banks whose own risk management is sophisticated and effective will require less supervisory attention than banks conducting similar business but with controls of lesser quality. Banks deemed to be high impact will have a close supervisory relationship with the FSA. Thus, for large banks, there will be frequent other contacts with directors and senior management, as well as bank specific on-site visits and thematic visits involving contacts with middle management and various other bank employees. Banks considered to be low-impact will receive occasional thematic visits on cross-industry issues, together with less frequent meetings with directors and senior management to discuss bank specific issues. The FSA nevertheless feels that it has a good understanding of smaller banks’ operations, in part because these are usually relatively straightforward. The FSA has a full range of supervisory tools available to achieve a thorough understanding of banks’ operations. In addition to meetings with management and other representatives of a bank, this includes on-site visits, desk based reviews, liaison with other regulators and analysis of periodic returns and notifications. The FSA has access to internal auditors’ reports and external auditors’ management letters. Furthermore, the FSA may commission so-called skilled persons to conduct investigations of special topics at institutions under its supervision. Banks and other supervised firms are required to provide the FSA with a wide range of information. Principle 11 of the FSA’s Principles for Business require firms to deal with their regulator in an open and cooperative way, and to disclose to the FSA anything of which the FSA could reasonably expect to receive notice. This includes any significant failures in the bank’s systems and controls, any action which would result in a significant change in its capital adequacy, and any proposed change in the bank’s operations which could have a significant impact on its risk profile. These requirements imply that banks have to notify the FSA of any significant new activities, which they would have to do in any case if a variation of the bank’s permission would be required. SUP Section 15.3 requires specifically that the FSA must be notified immediately if a firm becomes aware that any of the following has occurred or may occur in the foreseeable future: The firm’s failing to satisfy one or more of the threshold conditions Any matter which could have a significant adverse impact on the firm’s reputation Any matter in respect of the firm that could result in serious financial consequences to the financial system or to other firms Any offences and breaches of the FSMA or rules established under the FSMA. The quality of a bank’s management is considered on application for regulated status and thereafter during the normal supervisory process. Banks have to meet the threshold conditions for authorization on an on-going basis and key individuals within the bank have to be vetted and approved to carry out their particular functions. An individual that does not meet the FSA’s fit and proper standards can be disapproved for carrying out particular functions or banned from employment in the regulated financial sector altogether.
Assessment	Compliant
Comments	The FSA has frequent contacts, both through face-to-face meetings and other means, with various levels of management at the larger banks. Any issue relevant to a bank’s operations may be covered in the course of these contacts. Meetings with managers of small banks, however, appear to be rare. This is a reflection of the FSA’s risk based approach to supervision which implies that scarce supervisory resources should be allocated primarily to those areas where the potential risks to the FSA’s objectives are highest, i.e., to the larger banks (in the context of banking supervision). For low impact banks, the FSA relies mostly on desk based review of prudential returns, written material such as external auditors’ management letters and other quantitative and qualitative material, except for occasional visits to some of these banks in the course of thematic reviews. Management contact with these banks takes place once every three years at a minimum but in practice usually more often, especially after risks have crystallized (see also Principle 16). The FSA expects to be notified if a low impact bank were to experience safety or soundness problems or to enter risky new business. It would be useful to identify criteria that would require low impact banks (as well as other banks) to notify the FSA of emerging problems at an earlier stage. The mission welcomes the FSA’s intention to establish clearer guidelines for offsite monitoring triggers that would prompt it to initiate contact with low impact firms. Such triggers are also useful for medium-low impact firms, and, in general, would be useful for all firms.
Principle 18.	Off-Site Supervision Banking supervisors must have a means of collecting, reviewing, and analyzing prudential reports and statistical returns from banks on a solo and consolidated basis.
Description	Banks are required to submit a variety of statistical and prudential returns either directly to the FSA or via the Bank of England. Requirements for banks to report regularly to FSA are laid out in Chapter 16 of the Supervision (SUP) chapter of the Handbook. The requirements relate to a firm’s financial condition and to its compliance with other rules and requirements which apply to the firm. Under Principle 11 banks are required to deal with their regulators in an open and cooperative way, and to tell the FSA appropriately anything of which the FSA would reasonably expect notice. The required compliance reports include an annual report on controllers (SUP 16.4.), an annual close links report (SUP 16.5), an annual report listing all overseas regulators for each legal entity of a firm’s group and an annual organogram showing the authorized entities in the firm’s group (SUP 16.6.5). Beyond this SUP 16.7.7 identifies eleven separate reports that banks are required to submit with varying frequency over the course of the year. Standardized forms address capital adequacy, large exposures and liquidity. The standardized BSD3 Capital Adequacy Return filed semi-annually provides detailed information on both a solo and consolidated basis for both on-balance sheet and off-balance sheet assets and liabilities, divided between the banking book and the traded book, profits and losses, counterparty exposure on derivative contracts, repos and similar transactions, large exposures, provisions against bad and doubtful debts and investments, deposit sources and market risk in the trading book. The return provides supporting details for on and off balance sheet activities and provides a step-by-step calculation of capital adequacy on both a solo and consolidated basis. IPRU (Chapter CS) sets out the basis on which consolidation will be required and the consolidation techniques that are to be applied for U.K. incorporated banks and banking groups with U.K. non-bank parents only. For banks subject to the liquidity mismatch requirements, quarterly reporting is required using Form LR. For firms subject to the stock liquidity regime, monthly reports are required, using Form SL R1. The Liquidity Management (LM) chapter of the Handbook provides detailed guidance on the information to be provided in the liquidity reports. U.K. banking groups are required to report quarterly on large exposures, on both a solo and a consolidated basis, using Form LE 2. The Large Exposures (LE) chapter of the Handbook provided detailed guidance on the information to be provided in the large exposure reports. U.K. branches of non-EEA banks are required to report on profits, large exposures, balance sheet, off-balance sheet items, and bad and doubtful debt provisions using the half-yearly Form B7. They are also required to provide liquidity information quarterly, using Form LR. To insure the consistency and reliability of prudential returns, FSA policies regarding valuation of assets and liabilities are spelled out in considerable detail in the Valuation (VA) chapter of the Handbook. FSA has strong powers to enforce compliance with reporting requirements. Knowingly or recklessly giving information which is false or misleading in a material particular may be a criminal offence under sections 398 and 400 of FSMA. The handbook (SUP 15.6.1R and SUP 15.6.3R) requires an authorized person to take reasonable steps to ensure the accuracy and completeness of returns and to notify FSA immediately if material or inaccurate information has been provided. Failure to do so may result in fines or other disciplinary sanctions (ENF 13.5). FSMA (Section 165) gives the FSA statutory powers to require the provision of information.
Assessment	Largely compliant
Comments	FSA has a well structured system of prudential reporting requirements for banking groups that covers both financial and compliance information. For U.K. banking groups standardized reports are required on capital adequacy, large exposures and liquidity. Reports are required to be on both a solo and a consolidated basis, where appropriate. U.K. branches of overseas banks are required to provide liquidity and large exposure reports. The scope of reporting and the policies with respect to valuation of assets and liabilities are spelled out in detail in the handbook. Essential Criteria 4 of Principle 18, dealing with information required to be submitted for statistical and prudential reporting, states: “Inclusion of data on loan classification and provisioning is also required.” FSA does not routinely collect standardized data on classified or non-performing loans. As a matter of policy, FSA has not established regulatory loan classification or loan delinquency systems, preferring instead to emphasize that proper loan classification and asset valuation are responsibilities of bank management based on the circumstances of the individual institutions. While an entirely legitimate supervisory strategy, the FSAP team believes the absence of reporting on classified loans and non-performing loans handicaps the ability of FSA to verify the credit risk environment of banks, particularly on an offsite basis. This is a particularly important gap given the importance of baseline monitoring in the risk based supervisory regime, (See comments on Principle 19 below.) Peer group analysis would be strengthened if standardized information were available on classified and non-performing assets. Forthcoming adoption of Basel II and IAS 39 will require changes in firm practices with respect to provisioning and loan classification so now would be opportune time to close this gap in FSA’s reporting regime. IAS 39 will require a more rigorous approach to recognition of impaired assets and loan loss provisioning and Basel II will emphasize more rigorous internal loan classification systems.
Principle 19.	Validation of Supervisory Information Banking supervisors must have a means of independent validation of supervisory information either through on-site examinations or use of external auditors.
Description	Section 165 of the FSMA gives the FSA the authority to obtain information from banks. These powers extend to providing the FSA with access to a bank’s directors, senior management, and key personnel. The FSA uses on-site visits to most banks as part of its formal risk assessment process; however, a small number of small banks considered to be “low impact” do not receive a formal risk assessment. The low impact banks are reviewed primarily using desktop baseline monitoring, with on-site visits being event driven. The risk assessment visits for the high, medium-high, and medium-low impact banks take the form of on-site high-level reviews by the supervisory team. Results of the risk assessment are used to develop a risk mitigation program (RMP) which establishes to supervisory objectives for the bank for the forthcoming period, including identifying areas for further on-site review. Such on-site reviews may be conducted by frontline supervision, by the FSA’s internal risk review teams, or by engaging skilled persons, e.g., external auditors, to validate supervisory information provided by banks. The FSA Handbook (SUP 3) provides rules and guidance on the role auditors play in the FSA’s monitoring of a bank’s compliance with its rules and standards. This chapter addresses the auditors’ qualifications, independence, reporting, and the duty to notify the FSA of any significant matters raised by the auditor. The FSA rules place the duty on the bank to ensure the auditor is qualified and independent; however they prohibit a bank from appointing an auditor the FSA has disqualified. The FSA rules establish specific areas to be covered in the auditor’s report, and require a copy of all reports be provided to the FSA. In addition, SUP 3.8.2R requires the auditor to co-operate with the FSA. While the rules in SUP 3 do not provide for FSA’s monitoring of the quality of the auditor’s work, there are provisions in SUP 5 relating to skilled persons reports that provide for monitoring of work related to skilled persons reports. The FSA meets periodically with the bank’s external auditors, on a bilateral basis. In addition to periodic meetings, external auditors have a statutory duty to inform the FSA of any concerns arising during the course of their work. Section 166 of the FSMA gives the FSA the authority to require the bank to obtain a skilled persons report. The FSMA section 166(4) requires that the skilled person must be nominated or approved by the FSA, and that the skilled person must appear to the FSA to have the skills necessary to make a report on the matter concerned. Additional rules and guidance relating to the use of skilled persons is found in the FSA Handbook (SUP 5). The large international accountancy firms produce the vast majority of skilled persons reports. The FSA will direct the scope of the review using a commissioning letter, and the nature of work to be completed may be discussed by the FSA in advance. The rules pertaining to reporting and notification in SUP 3 also apply to skilled person’s reports. The FSA may hold bilateral meetings with individual partners within these firms to provide feedback from the supervisory teams on the scope and quality of their work. Trilateral meetings are held to discuss the findings of skilled person’s reports. The FSA has a formal, structured process in place for skilled persons reports (SUP 5). The process includes preliminary discussions about scope, the engagement/scoping letter to the skilled person, and the objectives to be accomplished by the review. Procedures for internal risk review visits carried out by FSA’s Risk Review Division are less formalized. These procedures typically involve a detailed scoping paper prepared by frontline supervisors. The firm is typically asked to provide supporting information which is analyzed prior to the visit. The visit itself builds on the information supplied and involves interviews with management and staff as well as an examination of files. For certain areas (money laundering, credit) aide-mémoires have been prepared that guide the procedures performed in the review. Supervisory returns are reviewed by supervisors for consistency and plausibility. An initial check is required within 2 days of receipt and a more detailed check is required to be completed within ten days of receipt. These reviews consist of trend analysis and plausibility checks involving comparisons with previous returns and checks against audited accounts for capital adequacy and large exposures capital base. These reviews are supplemented by peer group analysis. Validation checks completed by one supervisor must be checked and signed off by another supervisor. Follow-up with the bank will take place to reconcile outlier data and inconsistencies. Banks are subject to fines for late returns. The FSA does not require that the auditors examine certain key supervisory returns, such as capital adequacy, at least annually nor do FSA examiners routinely validate the returns to bank records. FSA has a variety of powers to ensure the validity of supervisory returns, including authority under 5165 of FSMA to request additional information from the bank at any time, the authority under 5166 to require skilled persons report to verify the accuracy of information provided, and the ability to request supplementary information from the bank’s auditors under the provisions of SUP 3.8.2R which covers an Auditor’s duty to cooperate with FSA. The FSA does have the means to independently validate supervisory returns, through supervisory visits, risk review division visits, or skilled person’s reports. Supervisory visits (during the risk assessment process) are used to review the bank’s process for completing the reports, and do not include validating key returns. The use of the internal risk review or skilled persons report tools depends on whether an issue was raised during the supervisory visit, the impact rating of the firm and the availability of these resources. FSA has identified validation of supervisory returns as a topic for theme supervision over the next year. There is no requirement that the FSA meets with the management or board each year. The FSA may hold meetings with a bank’s board, or hold separate meetings with non-executive directors, when it is deemed appropriate. The FSA determines the level of supervision based on its assessment of the risk a bank poses to the FSA’s regulatory objectives, and this assessment will drive whether a meeting with a bank’s board is required.
Assessment	Largely Compliant
Comments	The FSA has the means to independently validate supervisory information, through supervisory visits, risk review division visits, or by commissioning skilled person’s reports. However, costs and resource constraints limit the use that is made of skilled persons reports or on-site risk review visits to validate supervisory information. The FSAP team was told that, partly because of their expense, FSA has discontinued the routine use of skilled persons reports to validate regulatory returns, but they may be used on an exceptional basis. Going forward, use of skilled persons reports will focus on situations where remedial work is needed quickly or the FSA does not have the resources and/or expertise to conduct the review internally. The Major Financial Groups Division (MFGD) estimated that 70-120 skilled persons reports would be ordered per year across the 52 largest bank, securities and insurance groups firms that are supervised by the division. The Deposit Takers Division (DTD) estimated that they would order about 15-20 skilled persons reports, across about 200 banks. Internal risk review is a scarce resource, with an approved head count of 46 (including administrative support) to support work across all of FSA. MFGD supervisors indicated that risk review currently is unable to fill all requests for their services, so requests are prioritized, and some reviews may be negotiated or deferred. Essential criteria 5 provides that the supervisor should require that certain key supervisory returns, such as capital adequacy, be examined at least annually by the auditors and a report submitted to the supervisor. The FSA has no explicit requirement that supervisory returns be validated in the manner called for by criteria 5, although elements of this criteria are met through the requirement for an annual audit of the statutory accounts and FSA’s ability to consult with and request information from auditors. Recommendation. The FSA relies on the supervisory returns as a key part of its risk based approach to supervision and particularly for its baseline-monitoring program., so it is very important that the FSA is able to place reliance on the accuracy of that information. In addition, greater disclosure of such information would add to market discipline. Given the resource constraints on the ability of FSA itself to comprehensively validate supervisory returns, the FSAP team recommends that FSA should consider going beyond the literal requirements of Essential Criteria 5 and consider requiring all banking groups to provide annual audits of key supervisory returns. It would be useful if validation of supervision were made a regular topic for theme supervision. In addition it would be desirable for all U.K. banks be required to publish audited financial reports on an annual basis, coupled with a continuous disclosure requirement – currently these requirements apply only to listed companies. There does not appear to be a compelling reason to limit market disciplines that arise from financial disclosures to only banks (public issuers) that are listed.
Principle 20.	Consolidated Supervision An essential element of banking supervision is the ability of the supervisors to supervise the banking group on a consolidated basis.
Description	The FSA approach to consolidated supervision is set out in IPRU (CS Chapter) which is the principle vehicle for implementing the EU Banking Consolidation Directive (date) and the EU Post-BCCI Directive (date) The FSA’s consolidation policy addresses three main areas of concern arising from group membership: losses in another group entity that could lead to financial pressure on the bank because of financial or reputational linkages; capital that is subject to double-gearing or leveraging: that is, a solo assessment of a firm overestimates the quantity of capital which is available to support the bank’s risks, because of the way the capital has been raised or accounted for within the group; and business that is booked in an unauthorized group entity to avoid regulatory requirements. The FSA views its consolidated supervision as a complement to individual firm requirements rather than as a substitute. The objective is to enhance the overall effectiveness of the prudential supervision of the bank by ensuring that risks related to the bank’s membership of a group are taken into account in the supervision of the bank. Consolidated supervision does not, however, constitute supervision of undertakings within the group which are not authorized. The FSA is required to undertake supervision on a consolidated basis by EU legislation, in particular the Banking Consolidation Directive. The FSA’s consolidated supervision framework consists of two main elements: A qualitative assessment of the group as a whole. This is made in relation to the group’s significant business units and their potential material bearing on the bank. It focuses on the group’s business, controls, organization and management. A quantitative, consolidated assessment of relevant financial companies within the group that establishes prudential requirements, for instance with respect to capital adequacy and large exposures. The FSA approach identifies where group risk arises, sets systems and controls requirements for managing that risk, and establishes a methodology for the calculation of consolidated capital (Principle 18). The scope of the FSA’s consolidated supervision includes all parents and subsidiaries of the bank, any of their parents or subsidiaries; or any undertaking in which those parents or subsidiaries or the bank have a participation. In addition, the FSA may require a bank to include within its group consolidation an undertaking that is not a member of group as defined but which has links to the group that would make its omission from the scope of the consolidation assessment misleading. (CS 3.1.3) requires that the bank have adequate controls to produce any data required to supervise on a consolidated basis. (CS 3.3.19) requires adequate controls to identify and monitor large exposures. Consolidated returns are required twice annually and large exposures must be reported quarterly. (CS 3.3.7) requires a detailed organization chart and identification of subsidiaries supervised by others. Section 166 exams may be required to cover internal control systems used to generate consolidated accounts. Consolidation usually applies to financial subsidiaries. For purpose of consolidated supervision, insurance and insurance broking are not defined as financial activities and are therefore not normally consolidated (CS 4.3). For activities undertaken within the U.K. coordination among functional regulators of a group takes place within FSA. A variety of arrangements are in place with home and host supervisors overseas to allow exchanges of information on the financial condition and adequacy of risk management and controls of overseas undertakings. Where FSA is unable to satisfy itself that the overseas parent of a branch or subsidiary in the U.K. is subject to adequate home country consolidated supervision FSA may require solo consolidation at the U.K. level. Fit and proper tests may be applied to senior management of parent companies under the FSA’s authorized persons regime. Consolidated supervision encompasses the activities of U.K. banks in offshore centers through several mechanisms. Exposures in offshore centers are included in the quantitative requirements for consolidation and the capital adequacy ratio and the controls on large exposures. Where FSA is concerned about such exposures it may impose additional capital requirements, require deconsolidation of the capital and assets in the offshore jurisdiction, and restrict transactions with the jurisdiction. U.K. financial institutions are required to be able to provide FSA all the information it requires to carry out effective consolidated supervision wherever their business is conducted, including in jurisdictions with strict secrecy provisions. Under the qualitative element of its consolidated supervision, FSA requires that banks have the ability to measure, monitor, manage and control the risks in all their significant business lines, wherever that business is conducted. This will apply to business lines such as private banking, asset management, insurance, and capital markets operations, all of which can have links to offshore centers. FSA anti-money laundering policies include an expectation that the practices of overseas affiliates of U.K. banks will conform to the higher of U.K. or local standards. Compliance with this policy is one of the duties the bank’s MLRO, an individual who must be authorized by FSA. In evaluating the risks in business lines, FSA places a strong emphasis on the quality of counterpart financial supervision in the jurisdictions where the business is conducted. This is also a key consideration in granting permission for U.K. banks to establish or operate in those jurisdictions or in granting FSA authorizations to firms from those jurisdictions. For FSA an important factor in evaluating the practices of other supervisors is their willingness to share information. In this regard FSA takes into account the FATF NCCT classifications as well as its own experience. FSA has an active involvement with numerous offshore centers, particularly in the U.K. overseas territories and dependencies. This includes participation in regional organizations and regular liaison with offshore supervisors.
Assessment	Compliant
Comments	FSA has comprehensive arrangements to be able to supervise U.K. banking groups on a consolidated basis, both quantitatively and qualitatively, regardless of where their business is carried out. Capital requirements set out clearly the procedures to be followed in consolidating group accounts to insure that the U.K. banking activities of a group are adequately capitalized, both on a solo and a consolidated basis. Large exposure limits are governed by clear policies with limits enforced on both a solo and a consolidated basis. Management systems and controls are required so that risks arising from the bank’s dealing with other parts of the group are properly identified, measured, monitored and controlled. A variety of arrangements are in place for coordinating and cooperating with other regulators, both at home and overseas, who have responsibility for other legal entities within the group.
Principle 21.	Accounting Standards Banking supervisors must be satisfied that each bank maintains adequate records drawn up in accordance with consistent accounting policies and practices that enable the supervisor to obtain a true and fair view of the financial condition of the bank and the profitability of its business, and that the bank publishes on a regular basis financial statements that fairly reflect its condition.
Description	The threshold conditions require that banks must have adequate resources, including high level systems and controls. SYSC 3.1.1R and 3.2.20R require that a bank’s directors and management ensure that the bank maintains adequate records (including accounting records) that are appropriate to the scale, nature and complexity of its business. IPRU (Banks) Chapter AR provides further guidance on adequate accounting (and other) records and internal control systems. The FSA does not publish a comprehensive list of the accounting and other records which a bank should maintain; however, banks are required to capture and record accurately and on a timely basis every transaction and commitment which the bank enters into and record details as appropriate for each transaction and commitment (IPRU Chapter AR 3.2.2). These provisions apply for all U.K. banks and branches of non-EEA banks. [For U.K. incorporated banks further accounting record requirements are set out in the Companies Act 1985.] The FSA has powers to enforce the records requirements, and may fine banks for late and inaccurate supervisory returns. The FSA has the authority under FSMA Section 166 to commission a skilled persons report to verify bank records in particular areas. In addition, the FSA’s internal risk review division may be used for verification of a bank’s records. These tools would be employed as part of a risk mitigation program if the supervisors identified a concern during their risk assessment process. Regulatory reporting forms are accompanied by detailed guidance notes that include information on accounting treatment. Banks are required to use generally accepted accounting principles when valuing assets. FSA reports should be prepared using book value of assets and liabilities, and the banking and trading books should be valued on an accrual basis, unless a different practice has been agreed in writing with the FSA. CAD banks should value trading books on a mark-to-market basis, and banking books on an accrual basis. IPRU (Banks), Chapter GN 3.3.17R requires all U.K. banks and non-EEA overseas branches to maintain adequate provisions for depreciation or diminution in the value of assets (including loan loss provisions), for liabilities which will or may fail to be met by the bank and for losses which it may incur. IPRU (Banks), Chapters VA and PN discuss the valuation and provisioning policies that banks should adopt. The Companies Act 1985 requires all U.K. banks to prepare accounts that give a true and fair view of the results and financial position of the bank and/or group. The accounts are subject to public filing requirements. Detailed provisions on the form and content of the accounts of banks and banking groups are contained in Schedule 9 to the Act. There is a general presumption that compliance with U.K. Financial Reporting Standards (FRS) and Statements of Standard Accounting Practice (SSAP) is necessary in order for the accounts to give a true and fair view. Banks accounts must state whether they have been prepared in accordance with these standards, and give details of any departure from the standards and the reasons. Banks are also expected to comply with the five industry-specific Statements of Recommended accounting Practice (SORP), and are required to state in their accounts whether they have complied, and if not, explain why they have not complied with them. All U.K.-incorporated banks must appoint an external auditor (SUP 3.3.2R) and the bank’s published accounts must bear an opinion by the external auditor as to the completeness and accuracy of the financial statements (SUP 16.7.8R). Auditors are required under the rules of their professional bodies to comply with Statements of Auditing Standards issued by the U.K. Auditing Practices Board. If the bank failed to comply with the relevant accounting standards, the external auditor would qualify the opinion. The FSA has periodic contact with external auditors to discuss annual accounts and skilled persons reviews. Auditors have a legal duty to report to the FSA breaches or possible breaches of laws or rules, and other matters that they reasonably believe are, or may be, significant. The FSMA Section 342 and the SUP 3.8.10R require that the external auditors inform the FSA if they have any material concerns as a result of their work. Sections 342 and 343 of the FSMA also provide protections for auditors that report in good faith matters that are, or are likely to be, of material significance to the FSA. Guidance regarding an auditor’s duty to report is provided in SUP 3.8. The FSMA gives the FSA the authority to disqualify auditors if they have failed to comply with a duty imposed on them under the FSMA. Banks are prohibited from using disqualified auditor under SUP 3.4.5R. If the FSA had concerns over the abilities of a bank’s external auditors, it may request management to change the audit firm. Under Section 166 of the FSMA, the FSA may appoint a skilled person to do onsite work on its behalf. The skilled person process includes a determination by the FSA that the skilled person has appropriate expertise to carry out the review. In practice, the large international firms perform the majority of banks’ external audits and skilled persons reports. SUP Chapter 3 provides rules and guidance governing the FSA’s relationship with external auditors, and SUP Chapter 5 addresses skilled persons reports. The FSA has a procedure in place for skilled persons reports to establish the scope of the engagement and the objectives to be accomplished by the review (SUP 5). The FSA does not have specific guidelines addressing the scope and conduct of internal audits. However, the FSA does look at the audit universe, and may guide the scope of an internal audit when it meets supervisory needs. The FSA would expect that internal audit would have a risk based approach to its audit Chapter 349 of the FSMA imposes confidentiality requirements on the FSA. Refer to CP 1(6) for further details on confidentiality. The FSA supports Basel and EU proposals to promote public disclosure by banks as a means of strengthening market discipline as a complement to other regulatory efforts.
Assessment	Compliant
Comments	A comprehensive accounting and reporting structure is in place to provide for financial statements on a regular basis. A bank’s annual accounts are required by the Companies Act to be prepared in a way that gives a true and fair view of the results and financial position of the bank and follow the detailed provisions of the Act on form and content of the accounts. The accounts are also expected to comply with other accounting standards such as FRS and SORP, and are subject to public filing requirements. Banks are also required to file regulatory reports with the FSA. These reports have detailed guidance notes to assist in preparation. The FSA requires banks to use generally accepted accounting principles when valuing assets.
Principle 22.	Remedial Measures Banking supervisors must have at their disposal adequate supervisory measures to bring about timely corrective action when banks fail to meet prudential requirements (such as minimum capital adequacy ratios), when there are regulatory violations, or where depositors are threatened in any other way. In extreme circumstances, this should include the ability to revoke the banking license or recommend its revocation.
Description	The FSA has a broad range of supervisory measures available address such problems as failure to meet the FSMA threshold conditions and non-compliance with the FSA’s rules. The range of possible actions available is broad, as the FSA is able to use its powers under FSMA Section 43 to place requirements or restrictions in a bank’s permission. The power can be used to require a bank to take specified action or to require it to refrain from taking specified action. The FSA may also vary or cancel a bank’s permission under Section 45, and also has the authority to take disciplinary measures against a bank or individual, including fines (Section 206) and public censure (Section 205). The FSMA Section 53(3) provides that FSA may take Section 45 actions that have immediate effect if the FSA reasonably determines that immediate effect is necessary. The FSA may require that any actions or requirements imposed under its Section 45 powers be taken within a specified time period. Injunctive relief is also available to the FSA under Section 380, and restitution orders are available under Section 382. These remedies are commonly used against unauthorized firms where the other disciplinary powers are not available. The FSMA Section 61 requires the FSA to exercise control over individuals performing “controlled functions” by requiring that they be approved by the FSA. Controlled functions are functions involving key responsibility and are typically director and senior management level positions. A list of controlled functions is in the SUP chapter of the FSA Handbook (Section 10, Approved Persons). In order to be an “approved person”, the FSA must be satisfied that the person is fit and proper to perform those functions. If the FSA no longer considers a person fit and proper, they may withdraw their approval under FSMA section 63. The FSA may also take action against an approved person if it appears to the FSA that the person is guilty of misconduct under FSMA Section 66. The FSA also has the power to prohibit a person from performing functions in relation to a regulated activity if the FSA finds the person is not fit and proper. If a prohibition order is made, the FSA is required to follow the procedures in FSMA section 347 regarding publication of information about the prohibited person. The FSA’s Regulatory Decisions Committee (RDC, a committee of practitioners and public interest members appointed by the Board, but independent of the FSA’s executive staff) may take major regulatory decisions. The RDC exercises regulatory powers on behalf of, and is answerable to, the FSA’s Board. The FSM Tribunal, an independent body, will consider major regulatory decisions made by the FSA if the firm or individual concerned decides to refer the matter on. The FSMA contains no express requirement that the FSA take action within any particular time frame, with the exception of representations or referrals to the FSM Tribunal. Nor is there guidance or formal voluntary commitment by the FSA to any timeframe. If the FSA does not take action in a timely manner, firms or individuals may raise this in proceedings against them under the general jurisdiction of the courts and Tribunal, and the ordinary principles of fairness that must apply in such proceedings. In addition, the FSA must comply with Article 6 of the European Declaration of Human Rights that requires there to be a right to an independent determination of civil rights and liabilities within a reasonable time frame. For these reasons, and as a matter of general good regulatory practice, the FSA does ensure that remedial actions are in practice taken in a timely manner. Once the FSA has initiated formal supervisory or disciplinary action by service of a notice, a statutory a time frame applies to the completion of the process for making representations or referring the matter to the Tribunal. There are however no constraints on the initiation of action. FSMA Part XXVI requires compliance with formal written notice procedures when the FSA exercises any of the formal disciplinary or supervisory powers.
Assessment	Compliant
Comments	The FSMA provides the FSA with broad powers to take remedial and enforcement actions, and also provides for sanctions against individuals and firms. Adequate protections, in the form of referral to the Tribunal, are in place to protect against abusive enforcement or disciplinary actions. The new enforcement powers granted under the FSMA are very recent, and have only been used in a handful of actions to date, so it is difficult to make a proper assessment of the effectiveness of the FSA’s use of its powers.
Principle 23.	Globally Consolidated Supervision Banking supervisors must practice global consolidated supervision over their internationally active banking organizations, adequately monitoring and applying appropriate prudential norms to all aspects of the business conducted by these banking organizations worldwide, primarily at their foreign branches, joint ventures, and subsidiaries.
Description	Authority to supervise the overseas activities of U.K. incorporated banks is provided for in Threshold Condition 3: (Close Links), based on Paragraph 3, schedule 6 of FSMA. The close links provisions implement and expand on the requirements of the EU Post BCCI Directive. For U.K. based banking groups, FSA carries out global consolidated supervision covering all aspects of supervision, specifically including non-U.K. group companies. Foreign branches of U.K. banks, not being separate legal entities, are considered to be an integral part of the U.K. bank itself, and are supervised on that basis. Quantitative consolidation (see Principle 18) is applied to the global undertakings of U.K.-based banking groups. Under FSA’s risk based approach to supervision the supervisory effort concentrates on significant business units. These may be identifiable on a geographical, legal or business basis. Consistent with the qualitative element of FSA’s general approach to consolidated supervision, supervisory effort is directed at ensuring that banks have information systems and controls adequate to manage risks in all business units, wherever they are located. Heads of significant business units will be seen during the risk assessment stage or during the following supervisory period. In conducting reviews of high level controls at the center, the FSA considers the quality of the control system both centrally and locally. Supervisors periodically visit major overseas operations to supplement reviews made at the center. If circumstances require the FSA will impose limitations on the activities of overseas operations of U.K. banks through liaison with home country senior management. The FSA may impose limitations on the activities of overseas operations in order to ensure that the close links/supervisability of group structures requirement in the Threshold Conditions is met in particular cases. In addition to regular contact with senior management based in the U.K. responsible for the international operations of internationally active groups, FSA is also in periodic contact with the locally based management responsible for significant business units overseas. Direct supervision of significant international operations is supplemented by close co-operation and liaison with the banking supervisors of the host country. If necessary, plans for remedial action are discussed and agreed with the host supervisor. If, as part of the risk assessment process, the FSA determines that an overseas operation of a U.K. banking group is presenting significant unmitigated risks the FSA would initiate discussions with the bank’s senior management. These discussions could ultimately require the closure of a bank’s overseas operation. FSA has the power to conduct on-site examinations of overseas branches and subsidiaries of U.K. banking groups. The FSA conducts periodic on-site examinations of a sample of the more significant overseas offices of U.K. banks, usually in conjunction with the host country supervisor. Following FSA’s risk based approach to supervision, oversight of the foreign operations of U.K. banks focuses on significant activities with higher risk profiles and those that are subject to weaker host country supervision. FSA routinely undertakes assessments of the extent of supervision undertaken by other supervisors relevant to the U.K. In particular, it forms its own judgment as to their compliance with the Basel Core Principles.
Assessment	Compliant
Comments	FSA supervises internationally active U.K. banking organizations on a globally consolidated basis, both quantitatively and qualitatively. The international dimension places particular emphasis on ensuring that banks have information systems and controls to manage risks in all business units, wherever they are located. FSA insures that overseas activities are structured in a way that can be properly supervised and, where it is not satisfied, imposes restrictions or limits activities. Overseas visits and cooperation with foreign supervisors are important aspects of FSA’s supervision on a globally consolidated basis.
Principle 24.	Host Country Supervision A key component of consolidated supervision is establishing contact and information exchange with the various other supervisors involved, primarily host country supervisory authorities.
Description	The FSA has established an extensive network of formal and informal contacts with overseas banking supervisors to provide for the exchange of information necessary for effective global consolidated supervision. These contacts are both multilateral and bilateral. At the level of international organizations, FSA is an active participant in supervisory groups such the Basel committee and EU groupings such as the Banking Advisory Committee and the Groupe de Contact. Bilateral memoranda of understandings with numerous countries provide for information exchanges and on-site examinations of branches and subsidiaries of U.K. banks. FSA maintains a very active dialogue with supervisors in offshore centers particularly those that are in overseas territories and crown dependencies. Information exchanges are both formal and informal and range across the full spectrum of supervisory information, from written documentation in support of authorizations to oral sharing of supervisory judgments about individuals and institutions. In line with its risk based approach to supervision FSA, in consultation with local supervisors, regularly visits the major overseas offices of U.K. banking groups and on such visits frequently conducts joint examinations with the host country supervisors. The readiness of an overseas supervisor to provide information is a consideration for the FSA in determining the extent to which it can take into account the work of the overseas supervisory in its supervision of the overseas subsidiaries of U.K. banks. Threshold Condition 3 (Close Links) would be breached if the regulations or administrative provisions of a territory, which is not an EEA state, would prevent the FSA’s effective supervision of a bank or affiliate. COND 2.3.3G also notes that the FSA considers branches when assessing whether a firm meets Threshold Condition 3. Restrictions on information flows also impact on Principle for Business (PRIN) which provides that a firm must deal with its regulators in an open and cooperative way and must disclose to the FSA appropriately anything relating to the firm of which the FSA would reasonably expect notice. This principle is enforced in Rule 2.1.1 in SUP. COND 2.3.3G also indicates that restrictions on information flow could stop a firm complying with the rules in SUP on information gathering. In discussions with host country supervisors FSA will focus on the local banking group and the group as a whole.
Assessment	Compliant
Comments	FSA has a very broad network of contacts and arrangements with foreign supervisors whereby it exchanges supervisory information necessary to carry out globally consolidated supervision. This includes participation in numerous international and bilateral supervisory groups, as well as formal and informal bilateral contacts with other supervisors responsible for affiliates of banking organizations in the U.K. Where practical, the FSA will consult with an overseas supervisor providing information before taking action in relation to a bank that it supervises (and more widely where any action could have consequences for its supervision of other banks or financial companies). The FSA must consult a firm’s EEA home state regulator before taking actions in certain specified cases. The FSA discloses information to host country supervisors in a wide variety of circumstances whether or not at the specific request of the host supervisor.
Principle 25.	Supervision Over Foreign Banks’ Establishments Banking supervisors must require the local operations of foreign banks to be conducted with the same high standards as are required of domestic institutions and must have powers to share information needed by the home country supervisors of those banks for the purpose of carrying out consolidated supervision.
Description	All banks, whether U.K. incorporated or branches of foreign banks, are required to satisfy and continue to satisfy the Threshold Conditions set out in FSMA. The Principles for Business likewise are applicable to all banks whether U.K. incorporated or branches of foreign banks. FSA’s risk based approach to supervision does not differentiate between foreign and domestic banks. Foreign banks are subject to the same risk assessment and risk mitigation process as domestic banks. Reporting requirements are similar for all banks, although there are differences in the prudential returns relating to capital and large exposures. These differences apply mainly to branches of foreign banks and the differences are spelled out in SUP 16 of the Handbook. Prudential supervision of branches of EEA banks operating in the U.K. under the EU passport arrangements are primarily the responsibility of the home country supervisor and, hence, prudential returns to FSA are limited. For branches of non-EEA banks the FSA relies on the home country supervisor for capital adequacy and large exposures. Although FSA has responsibility for supervising the liquidity of foreign branches on a case-by-case bases it may agree to defer to the home country supervisor for the oversight of branch liquidity. In both its licensing and ongoing supervision of branches and subsidiaries of foreign banks, FSA takes into account the extent to which home country supervisors carry out effective global consolidated supervision. Before authorizing deposit taking activities of a foreign branch of a non-EEA bank the FSA confirms both that the bank is subject to consolidated supervision and that the home country supervisor approves the proposal. Similar procedures do not apply to approval of branches of EEA banks operating under EU passport arrangements. If, on a continuing basis, FSA is unable to rely on the home country supervisor, it is FSA policy that branches of non-EEA banks close or the branch should subsidiarise. This policy has been enforced in individual cases. For U.K. subsidiaries of overseas banks the FSA seeks confirmation that the home country supervisor practices effective consolidated supervision. If FSA is not satisfied on this point then it will require that the corporate governance and risk management policies of the subsidiary be sufficiently robust to provide adequate ring-fencing from the parent bank. This policy has been enforced in individual cases. FSMA provides authority for the FSA to share supervisory information with foreign supervisors subject to confidentiality safeguards. All home country supervisors are permitted to conduct on-site visits and examinations of U.K. branches and subsidiaries and FSA encourages this practice. FSA informs home country supervisors of risk assessments and supervisory actions that it is taking in relation to the operations of banks from their countries. Urgent remedial actions are promptly communicated. FSA systematically informs itself of business strategies and risk and control regimes of parent banking groups in order to provide the context necessary for supervision of branches and subsidiaries of foreign banks operating in the U.K. This done through contacts with the banking group supplemented by information provided by the home country supervisor.
Assessment	Compliant
Comments	The U.K. operations of foreign banks are subject to the same high level standards and principles the FSA applies to U.K. banking organizations and FSA applies the same risk based supervisory tools to both foreign and domestic banks. Reporting requirements are similar for all banks, taking into account differences applicable to branches of foreign banks and the special legal arrangements for EEA branches established under the EU passport regime. FSA licensing and ongoing supervision of U.K. branches and subsidiaries of foreign banks takes into account the reliance FSA believes it can place on home country consolidated supervision. FSA has wide authority to share supervisory information with home country supervisors and, as a matter of policy, FSA encourages home country supervisors to carry out on-site visits of the U.K. operations of their banks.

Table 2.

Summary Compliance of the Basel Core Principles

^1/C: Compliant.

^2/LC: Largely compliant.

^3/MNC: Materially non-compliant.

^4/NC: Non-compliant.

^5/NA: Not applicable.

Table 2.

Summary Compliance of the Basel Core Principles

Core Principle	C1/	LC2/	MNC3/	NC4/	NA5/
1. Objectives, Autonomy, Powers, and Resources	C
1.1 Objectives	C
1.2 Independence	C
1.3 Legal framework	C
1.4 Enforcement powers	C
1.5 Legal protection	C
1.6 Information sharing	C
2. Permissible Activities	C
3. Licensing Criteria	C
4. Ownership	C
5. Investment Criteria	C
6. Capital Adequacy	C
7. Credit Policies	C
8. Loan Evaluation and Loan-Loss Provisioning	C
9. Large Exposure Limits	C
10. Connected Lending	C
11. Country Risk	C
12. Market Risks	C
13. Other Risks	C
14. Internal Control and Audit	C
15. Money Laundering		LC
16. On-Site and Off-Site Supervision		LC
17. Bank Management Contact	C
18. Off-Site Supervision		LC
19. Validation of Supervisory Information		LC
20. Consolidated Supervision	C
21. Accounting Standards	C
22. Remedial Measures	C
23. Globally Consolidated Supervision	C
24. Host Country Supervision	C
25. Supervision Over Foreign Banks’ Establishments	C

^1/C: Compliant.

^2/LC: Largely compliant.

^3/MNC: Materially non-compliant.

^4/NC: Non-compliant.

^5/NA: Not applicable.

View Table

Table 2.

Summary Compliance of the Basel Core Principles

Core Principle	C1/	LC2/	MNC3/	NC4/	NA5/
1. Objectives, Autonomy, Powers, and Resources	C
1.1 Objectives	C
1.2 Independence	C
1.3 Legal framework	C
1.4 Enforcement powers	C
1.5 Legal protection	C
1.6 Information sharing	C
2. Permissible Activities	C
3. Licensing Criteria	C
4. Ownership	C
5. Investment Criteria	C
6. Capital Adequacy	C
7. Credit Policies	C
8. Loan Evaluation and Loan-Loss Provisioning	C
9. Large Exposure Limits	C
10. Connected Lending	C
11. Country Risk	C
12. Market Risks	C
13. Other Risks	C
14. Internal Control and Audit	C
15. Money Laundering		LC
16. On-Site and Off-Site Supervision		LC
17. Bank Management Contact	C
18. Off-Site Supervision		LC
19. Validation of Supervisory Information		LC
20. Consolidated Supervision	C
21. Accounting Standards	C
22. Remedial Measures	C
23. Globally Consolidated Supervision	C
24. Host Country Supervision	C
25. Supervision Over Foreign Banks’ Establishments	C

^1/C: Compliant.

^2/LC: Largely compliant.

^3/MNC: Materially non-compliant.

^4/NC: Non-compliant.

^5/NA: Not applicable.

E. Recommended Action Plan and Authorities’ Response to the Assessment

Recommended action plan

14. Table 3 sets out the actions recommended by the mission with respect to Bank supervision. Note that the recommendations related to principles 15, 16, 18, and 19 are to improve compliance with the Core Principles, while the other recommendations are more technical ones for Principles already complied with. The mission considers the latter desirable measures for further refining bank supervision given, in particular, the role of London as a major international financial center.

Table 3.

Recommended Action Plan with Respect to the Basel Core Principles

Table 3.

Recommended Action Plan with Respect to the Basel Core Principles

Reference Principle	Recommended Action
CP 8 Loan evaluation and provisioning	Introduce periodic reports on asset quality.
CP 12 Market risks	Consider expanding the supervisory staff responsible for testing banks’ market risks controls.
CP 13 Other risks	Develop a new approach to liquidity monitoring that will be more aligned to banks’ own techniques for liquidity management.
CP 15 Money laundering	FSA to monitor annually a sample of anti-money laundering reports from banks that have not been subject to on-site review.
CP 16 On-Site and Off-Site Supervision	See recommended actions under CPs 17, 18 and 19
CP 17 Bank management contact	Identify criteria for banks to notify the FSA of emerging problems at an early stage. Establish off-site monitoring triggers for the FSA to contact banks with emerging problems.
CP 18 Off-site supervision	Introduce regular reporting requirement for data on classified and non-performing loans.
CP 19 Validation of supervisory information	Introduce a requirement for key supervisory returns to be examined at least annually by external auditors. Extend listed banks’ disclosure requirements to non-listed banks.

View Table

Table 3.

Recommended Action Plan with Respect to the Basel Core Principles

Reference Principle	Recommended Action
CP 8 Loan evaluation and provisioning	Introduce periodic reports on asset quality.
CP 12 Market risks	Consider expanding the supervisory staff responsible for testing banks’ market risks controls.
CP 13 Other risks	Develop a new approach to liquidity monitoring that will be more aligned to banks’ own techniques for liquidity management.
CP 15 Money laundering	FSA to monitor annually a sample of anti-money laundering reports from banks that have not been subject to on-site review.
CP 16 On-Site and Off-Site Supervision	See recommended actions under CPs 17, 18 and 19
CP 17 Bank management contact	Identify criteria for banks to notify the FSA of emerging problems at an early stage. Establish off-site monitoring triggers for the FSA to contact banks with emerging problems.
CP 18 Off-site supervision	Introduce regular reporting requirement for data on classified and non-performing loans.
CP 19 Validation of supervisory information	Introduce a requirement for key supervisory returns to be examined at least annually by external auditors. Extend listed banks’ disclosure requirements to non-listed banks.

A. General

16. This is an assessment of the observance of the core principles of the International Association of Insurance Supervisors (IAIS) in the United Kingdom (U.K.). Insurance is supervised in the United Kingdom by the Financial Services Authority, an independent nongovernmental incorporated body limited by guarantee and operating under powers granted by the Financial Services and Markets Act 2000. The assessment was conducted by Carl Hiralal, Senior Director, Office of the Superintendent of Financial Institutions Canada, Conglomerates Group, and Rodney Lester, Lead Specialist and head of the Insurance and Contractual Savings practice in the Financial Sector Development Department of the World Bank. Frank Engels, U.K. desk officer for the IMF provided early commentary on the assessment and participated in the feedback sessions.

B. Information and Methodology Used for Assessment

17. This assessment has been based on the Insurance Core Principles Methodology (ICP) of the IAIS dated October 2000, as modified by the joint IMF/World Bank assessment template.

18. Given the highly developed nature of the U.K. insurance market, the current lack of stability in certain segments of the market and the large exposure to international financial activities, this assessment has been carried out on the basis of both the essential and supplementary criteria underpinning each Core Principle. In addition the assessors relied on the override provisions in the Methodology,¹ and applied standards appropriate to a leading industrial country.² The United Kingdom is the first insurance market of global significance to be assessed and provided special challenges. In particular it would have been possible to provide observed ratings on most of the CPs if just the law and FSA model (especially once rolled out) had been considered. The assessors view has been that this would not have added value given the current transition stage in the evolution in FSA, particularly with regard to supervision,³ and would not have done justice to the importance of the U.K. insurance sector, both domestically and internationally. Thus the assessment is based on the FSA as it was at the date of the assessment when supervisory practices were still being developed and resourced. In addition it needs to be explicitly stated that demanding benchmarks were applied and this will need to be acknowledged in any comparison with other industrial countries.

19. Major sources of information used for the assessment included the answers to the questionnaire submitted by the IMF prior to the mission, a comprehensive self assessment carried out by the Insurance Firms Division, information available from the FSA web site including numerous consultation papers, comprehensive CD-ROM databases provided by FSA, presentation material provided by FSA officers, statistical information provided by the Association of British Insurers (ABI) and S&P Thesys, and background information available from various professional firms and international industry intelligence services. In addition extensive interviews were conducted with numerous officers in FSA and the various governmental and regulatory bodies concerned with private pensions, senior management of ABI and the National Association of Pension Funds (NAPF), members of relevant boards of the Institute of Actuaries, senior chartered accountants and rating agency personnel, and a wide range of senior management from the insurance sector, including Lloyds. All concerned gave willingly of their time and were cooperative, and this added significantly to the effectiveness of the insurance assessment team.

C. Institutional and Macroprudential Setting—Overview

20. The British insurance industry is venerable and large. With net premium income in 2000 of £174 billion or approximately 10 percent of the world market, it is the third largest after the U.S. and Japan (although considerably smaller than either). See following table for premiums data. It includes the most important cross-border non-life insurance markets in Lloyds and the London Market, which together account for 65 percent of approximately US$20 billion of annual global cross border general insurance premium flows (Source-Sigma No. 6, 2001), and is a significant source of life insurance products for people resident in other EU countries. Insurance penetration⁴ at 15.8 percent is the highest in the world, South Africa excepted. This penetration is driven largely by a strong imperative to save for retirement in the U.K. given a relatively low (and declining) social security replacement ratio.

21. The insurance industry also makes a significant contribution to the economy. It employs in excess of 220,000 people directly and another 115,000 indirectly, accounting for 1.5 percent of total U.K. employment. It is an important contributor to the balance of payments, with overseas earnings in 2000 approaching £7 billion (£8.7 billion in 1999), of which the major element is insurance ‘exports’ (off shore insurance accepted or intermediated by a U.K.-based insurer or broker). U.K. insurers are also active in foreign markets; however this represents a relatively minor and reducing component of foreign earnings. Net assets of overseas operations have fallen for three years in a row with the main declines occurring in the U.S. and Europe, and only the few leading players continue to have global ambitions.

Table 4.

Gross Direct U.K. Sourced Premium Revenues

(in £ billions)

Source: ABI.

Table 4.

Gross Direct U.K. Sourced Premium Revenues

(in £ billions)

	Life – Ordinary	Life - Industrial	Non life
1990	32.8	1.4	18.3
2000	118.0	0.7	28.7

Source: ABI.

View Table

Table 4.

Gross Direct U.K. Sourced Premium Revenues

(in £ billions)

	Life – Ordinary	Life - Industrial	Non life
1990	32.8	1.4	18.3
2000	118.0	0.7	28.7

Source: ABI.

22. The U.K.-based insurers are, with self-administered pension funds, the most important repositories of individual financial sector wealth. Of total FY 2000 financial assets of households and related non-profits of £3 trillion, more than 50 percent is represented by insurance policyholder related liabilities (Source National Statistics, Financial Statistics, Table 12.1N). Total investment assets under management at the end of 1999 amounted to slightly over £1 trillion and the life and pensions sectors were easily the major providers of finance to government and private borrowers. When examined over time the long term insurance sector has also been the most consistent source of new investment funds in the economy, although given the stresses the industry is now experiencing (see below), this is not guaranteed to be the case in the future. While a figure for ‘other’ company securities on issue is not readily available, life insurers appear to account for a major part of the Sterling commercial paper on issue.

23. U.K. insurance companies and pension funds are under considerable stress given that their income has been eroded by market risk. While balance sheet concerns remain, the insurance sector is not likely to pose a systemic threat to the financial system. Owing to their investment profile, U.K. insurers, most notably life insurers and pension funds, have been specifically affected by the fall in stock prices and exceptionally low bond yields. Coupled with long-term non-life claims, substantial losses related to September 11, and in some cases mounting liabilities based on guaranteed annuities or defined-benefit schemes, the sector constitutes a potential source of market risk, as insurers hold around a fifth of total U.K.-quoted equities and could resort to asset sales to safeguard profitability and regulatory capital. Growing balance sheet concerns in the insurance industry have been reflected in increased supervisory activity, including suspensions and modifications to the FSA’s resilience tests and enhanced monitoring of the financial modeling of insurers.

Table 5.

Insurance Sector Asset Allocation, end-1999

Source: ABI ^1/

^1/ABI is one good source of summary information on insurance industry developments but this is oriented to turnover and assets rather than detailed financial analysis. S&P Thesys is one good source of financial analysis. The U.K. regulatory returns tend to be liability oriented and insurers have traditionally been given considerable leeway in terms of submission time, although this has recently been tightened. Although most regulatory returns are still filed in paper form, firms now have the option to file electronically. Returns for individual companies are publicly available from Companies House.

Table 5.

Insurance Sector Asset Allocation, end-1999

	Cash & Equities	Gilts	U.K. Corporate Securities	Foreign Corporate Securities	Foreign Gilts	U.K. Loans	Unit Trusts	Other	Property	Total
Long Term (£bill)	50.1	123.6	467.3	81.3	21.8	9.3	83.7	28.5	51.0	916.6
%	5.5	13.5	51.1	8.9	2.3	1.0	9.1	3.1	5.5	100
General (£bill)	6.0	13.9	18.8	10.3	14.0	1.4	1.3	22.9	1.7	90.3
%	6.6	15.4	20.9	11.4	15.6	1.5	1.4	25.3	1.9	100

Source: ABI ^1/

^1/ABI is one good source of summary information on insurance industry developments but this is oriented to turnover and assets rather than detailed financial analysis. S&P Thesys is one good source of financial analysis. The U.K. regulatory returns tend to be liability oriented and insurers have traditionally been given considerable leeway in terms of submission time, although this has recently been tightened. Although most regulatory returns are still filed in paper form, firms now have the option to file electronically. Returns for individual companies are publicly available from Companies House.

View Table

Table 5.

Insurance Sector Asset Allocation, end-1999

	Cash & Equities	Gilts	U.K. Corporate Securities	Foreign Corporate Securities	Foreign Gilts	U.K. Loans	Unit Trusts	Other	Property	Total
Long Term (£bill)	50.1	123.6	467.3	81.3	21.8	9.3	83.7	28.5	51.0	916.6
%	5.5	13.5	51.1	8.9	2.3	1.0	9.1	3.1	5.5	100
General (£bill)	6.0	13.9	18.8	10.3	14.0	1.4	1.3	22.9	1.7	90.3
%	6.6	15.4	20.9	11.4	15.6	1.5	1.4	25.3	1.9	100

Source: ABI ^1/

^1/ABI is one good source of summary information on insurance industry developments but this is oriented to turnover and assets rather than detailed financial analysis. S&P Thesys is one good source of financial analysis. The U.K. regulatory returns tend to be liability oriented and insurers have traditionally been given considerable leeway in terms of submission time, although this has recently been tightened. Although most regulatory returns are still filed in paper form, firms now have the option to file electronically. Returns for individual companies are publicly available from Companies House.

Table 6.

Holdings of U.K. Securities 1998

(% of outstanding value)

Source: ONS

Table 6.

Holdings of U.K. Securities 1998

(% of outstanding value)

	Life Insurers	Non Life Insurers	Pension Funds
U.K. Gilts	43.0	5.5	30.6
U.K. company shares	20.3	0.9	22.3

Source: ONS

View Table

Table 6.

Holdings of U.K. Securities 1998

(% of outstanding value)

	Life Insurers	Non Life Insurers	Pension Funds
U.K. Gilts	43.0	5.5	30.6
U.K. company shares	20.3	0.9	22.3

Source: ONS

D. General Preconditions for Effective Insurance Supervision

24. The United Kingdom has a well developed judicial system with a reputation for probity and professionalism. Civil commercial matters are normally heard in one of the divisions of the High Court, with appeal processes available through the Court of Appeal and, if accepted, the House of Lords. The senior EU Court is the European Court of Justice and it has similar professional standing to the English upper courts. The legal system is based on case law and domestic and EU legislation. As the United Kingdom has no written constitution, Parliament is the supreme domestic law making body, however as a general principle EU law overrides domestic law under the Treaty of Rome. EU directives agreed by the Council of Ministers and the European Parliament must usually be implemented into national law by member states. International Insurance Law can in many ways be said to be based on U.K. case law given the jurisdiction’s long history of insurance actions and settlements. Many insurance contracts around the world continue to be subject to English law and from a regulatory point of view the legal and judicial precondition could hardly be better satisfied.

25. The professions important to the financial sector are also well developed in the U.K. and are subject to full liability for breach of duty. There are in excess of 65,000 practicing chartered accountants in the U.K. many of which are insurance specialists. In addition there are approximately 3,000 actuaries active in the United Kingdom, all of which are expected to maintain minimum levels of continuing professional training. Both professions have world class qualification and accreditation requirements and are seen as best practice resources by educators and professionals in many other countries. Again it is hard to imagine a better level of satisfaction of a precondition for effective regulation and supervision.

26. One idiosyncratic feature of the U.K. environment is that there is no insurance accounting standard. Instead there is a Statement of Reporting Principles (SORP), largely worked out by the insurance sector on a modified regulatory reporting basis, but informed by general company reporting requirements, and with no objection from the Accounting Standards Board (which in the U.K. has the right to issue standards on its own authority, although under the guidance of the Financial Reporting Council). As a general rule the ASB has taken a limited interest in the financial sector allegedly because of the major scope for disagreement over reporting principles: the assessors were advised that the imposition of IAS in the EU in 2005 will to a large extent supplant the ASB role and that the U.K. will then be in a position to enforce an appropriate modern approach, which is still evolving. The IASB is still engaged in resolving the contentious issue of the valuation of liabilities arising from insurance contracts. In the interim there is ongoing scope for there to be up to three different sets of accounts struck within the United Kingdom for a long-term insurer (regulatory, modified regulatory, and assessed value).

27. The auditing profession is also well established. External auditors need to be members of recognized supervisory organizations and remain eligible to be a member under the rules of that organization (leading to a practicing certificate). Recognized organizations have to ensure that all their members are ‘fit and proper’ and that audit processes are carried out in a professional manner and with integrity. The role of the external auditor is increasingly taking on a prevention and detection role and the FSA’s regulatory model seeks to build on this. The main coordinating body for the six U.K. accounting bodies, the CCAB, is a recognized supervisory body. The assessment team was not able to determine the level of performance of the internal audit function within the insurance sector; however, anecdotal evidence pointed to considerable variation in levels of competence and awareness of the risk based approach. A number of large insurers now employ distinct full time compliance teams with high level reporting lines.

28. A relatively unique aspect of the FSA model is its rejection of the twin peaks model where market conduct and prudential supervision fall under different regulators and/or supervisors. Thus many officers in FSA have a joint responsibility to consider the financial strength of an institution at the same time as they are ensuring that its customers are being treated fairly. This integrated role can potentially place substantial demands on FSA supervisors if other parts of government also make decisions which affect this trade off.

29. The regulatory environment is in a process of rapid transition with the consolidation of at least nine former regulators into an independent FSA. While the reasons for this are well known and well founded there is a need to ensure that the circumstances which have made the U.K., and London in particular, the insurance center of the world, are not fundamentally altered. Prior to the formation of FSA the key formal insurance regulators was DTI and subsequently HMT, in both cases advised by the Government Actuary’s Department (GAD). These were seen to have a light regulatory touch (although the informal rules were well understood by the market) and in practice the role of rating agencies formed a third, market based form of regulation, providing an additional effective influence on governance in the general insurance segment.⁵ This has been supplemented by the central role of the appointed actuary in the long term sector. Overriding all of this has been the growing governance roles of directors and managers, supported by the internal and external audit functions.

30. The U.K. authorities are in the process of strengthening their approach to insurance regulation along the lines of their risk-based approach to supervision. The creation of the FSA as a single regulator revealed significant differences between the supervision of insurance and other financial sectors regarding similar types of risk. The so-called Tiner project has been initiated to implement and take forward a risked-based approach to insurance supervision where regulatory attention focuses on firms and activities likely to pose the greatest risk to the achievement of the regulator’s statutory objectives. This has already been reflected in the inclusion of major life and non-life offices in the Major Financial Groups Division (MFGD) of the FSA which conducts integrated regulation and supervision of the most important market participants. The Tiner project also aims at improving the prudential and conduct of business regimes for insurers, notably an increased focus on the firms’ strategies, quality of management and systems and controls; an improved disclosure and financial reporting regime; and a more proactive prudential regime with less reliance on desk-based analysis of financial returns.

31. The U.K. easily satisfies the preconditions for a full assessment.

E. Principle-by-Principle Assessment

32. As to the main findings of the mission regarding insurance supervision, the key issue is that FSA’s interim regime presently lacks a sufficient degree of experienced on site examination capacity. In addition greater precision in defining what is required of management and boards is desirable as many smaller institutions in particular will not be familiar with modern risk management concepts. Thus, while the assessors agree that the FSA’s objective of placing more governance and internal control responsibilities on insurance firms’ boards and management is highly desirable, they strongly feel that more independent assessment of the effectiveness of firms’ systems and controls is warranted.

33. At present there is no guarantee that a sufficiently comprehensive review of the appropriateness of firms’ risk management systems, asset allocation limits, internal controls, capital and reserves, and reinsurance programs will take place in light of the nature and amount of business underwritten: this is particularly the case where bank based large groups containing significant insurers are involved, or bank supervisors have been given very large insurance based groups to supervise and assimilate. This skills requirement will become even more evident when the envisaged risk-based approach to supervision (together with fair value accounting) is introduced, as this will inevitably require the ability to review complex simulations using model offices. As a consequence, the FSA should take steps to ensure that the risk review team, on which the large group supervisors draw, formally contains (either as establishment or through a solid line matrix) specialist insurance expertise in areas such as reinsurance, actuarial modeling and long-tail non-life claims, in addition to generalist insurance people. Some of these skills are scarce (for example non life actuarial skills) and long term consulting or staff exchange programs may be appropriate.

34. In terms of the current interim supervisory model, the present desk-based analysis of returns does not appear to adequately capture the risks of underlying exposures, again largely because of the availability and disposition of the requisite skills. Consequently, the assessors are of the view that the IAIS CPs 5, 6, 7, and 12 are broadly rather than fully observed. The mission also confirms the authorities’ self-assessment that CP 13, as formulated, is materially non-observed, given the limited reliance on onsite inspections under the current practice, while the core principles call for detailed onsite reviews of books, records, accounts and other documents. By contrast the assessors feel that the standards achieved in the U.K. under the governance and market conduct CPs constitute very good examples of international best practice.

35. It is the assessors’ understanding that the FSA is currently in the process of rolling out new risked-based modalities for prudential supervision (and related market conduct supervision in the case of with profits contracts) of insurance markets and building the available insurance skills base. These actions are based on the findings of the Tiner report and will operate within the overarching risk based philosophy and methodology which has been developed in the last three years. This program is expected to remedy most of the noted shortcomings on the prudential side. As a consequence, the recommendations which appear below are intended to work within this new framework, while emphasizing the unique (and in many cases highly indeterminate) nature of many insurance balance sheet risks.

Table 7.

Detailed Assessment of Observance of the IAIS Insurance Core Principles

Table 7.

Detailed Assessment of Observance of the IAIS Insurance Core Principles

Principle 1.	Organization of an Insurance Supervisor The insurance supervisor of a jurisdiction must be organized so that it is able to accomplish its primary task, i.e., to maintain efficient, fair, safe, and stable insurance markets for the benefit and protection of policyholders. It should, at any time, be able to carry out this task efficiently in accordance with the Insurance Core Principles. In particular, the insurance supervisor should: -be operationally independent and accountable in the exercise of its functions and powers; -have adequate powers, legal protection, and financial resources to perform its functions and exercise its powers; -adopt a clear, transparent, and consistent regulatory and supervisory process; -clearly define the responsibility for decision-making; and -hire, train, and maintain sufficient staff with high professional standards who follow the appropriate standards of confidentiality.
Description	The responsibilities and objectives of the Financial Services Authority (FSA) as the regulator and supervisor of insurers are set out in the Financial Services and Markets Act 2000 (FSMA). In discharging its general functions, the FSA is required to act in a way that is compatible with the regulatory objectives. The regulatory objectives are: (a) maintaining confidence in the financial system; (b) promoting public understanding of the financial system; (c) securing the appropriate degree of protection for consumers; and (d) reducing the extent to which it is possible for an authorized business to be used for a purpose connected with financial crime. The FSA functions as a public authority by virtue of statutory powers granted by the FSMA, but is operationally independent having been established as a private company limited by guarantee. It is responsible for its own budget and is financed by direct levies on the industry. The FSA has the ability to hire and maintain staff with the appropriate skills and is responsible for its own staff remuneration policy. It is also required to have regard to the principles of good regulation specified in the FSMA, such as the need to use its resources in the most efficient and economic way. The FSA’s Handbook of rules and guidance (“the Handbook”) is publicly available: changes in the rules are subject to consultation. A decision-making manual forms part of the Handbook. The FSA makes and maintains effective arrangements with consulting practitioners and consumers on the extent to which its general policies and practices are consistent with its general duties. It also maintains separate practitioner and consumer panels. The FSMA grants the FSA wide powers to take action against insurance firms which do not comply with the requirements set out in the Act, secondary legislation under the FSMA and the rules set out in the Handbook. Under the powers of intervention of the FSMA, actuarial or general investigations into insurers may be ordered. These may be undertaken by third parties with the required skills. The FSA is able to recruit expert assistance when needed. The FSA Code of Conduct sets out clear rules on dealing with insurance companies and conflicts of interest. When staff are appointed to the FSA, they are required to provide details to an Ethics Officer of all significant relationships that may be relevant to their work. Changes in this information must be notified. Similarly, direct holdings of shares in regulated firms need to be notified to the Ethics Officer and the information updated. Staff cannot themselves hold or deal in shares and related investments of the institutions they supervise. Nor can they accept gifts other than of a token kind, or excessive hospitality. The FSMA provides that the FSA and any person who is, or is acting as, a member officer or member of staff of the FSA, is not to be liable for damages regarding anything done or omitted in the discharge, or purported discharge, of the FSA’s functions. However, this protection does not apply if the act or omission is shown to have been in bad faith, or unlawful.
Assessment	Observed
Comments	Officially, the FSA became an integrated regulator on December 1, 2001. Consistent with the powers granted under the FSMA, the FSA is organized and operates in a manner that ensures that it is able to comply with its regulatory mandate. The essential elements of this core principle have been met but the competitive pressures faced by insurers are increasing. The resulting supervisory challenges the FSA faces in the insurance sector will no doubt require increased emphasis on resource needs and staff training and development. The FSA should consider strengthening its core insurance expertise to include individuals with significant experience in reinsurance, actuarial science and long tail, non life claims. The addition of these individuals would likely be organized in a matrix structure. The availability of their technical skills to all supervisors, particularly those working within MFGD, should be actively promoted within the FSA. The inclusion of the larger insurance firms within MFGD promotes consistent, consolidated supervision. However, since some of these insurance firms are supervised by staff whose background is in banking, the FSA runs the risk—at least transitionally—that these supervisors may not always recognize when staff, with the insurance expertise described above, may be required. The fundamental importance of the insurance risk liabilities for balance sheet and profit/loss accounting purposes (both statutory and published) underlines the seriousness of this point. Since the initial assessment was undertaken, further insurance experience has been gained in the MFGD teams, and the overall availability of insurance skills and expertise within the FSA has been enhanced.
Principle 2.	Licensing Companies wishing to underwrite insurance in the domestic insurance market should be licensed. Where the insurance supervisor has authority to grant a license, the insurance supervisor: -in granting a license, should assess the suitability of owners, directors, and/or senior management, and the soundness of the business plan, which could include proforma financial statements, a capital plan, and projected solvency margins; and -in permitting access to the domestic market, may choose to rely on the work carried out by an insurance supervisor in another jurisdiction if the prudential rules of the two jurisdictions are broadly equivalent.
Description	The effecting and carrying out of contracts of insurance as a principal is a regulated activity in the U.K. and requires authorization. The FSA must ensure that applicants satisfy and will continue to satisfy the “threshold conditions” set out in the FSMA in relation to all of the regulated activities for which they will have permission. There are five general Threshold conditions, covering legal status, location of offices, close links, adequate resources and suitability. The threshold conditions represent a framework against which an applicant can be thoroughly assessed on all relevant criteria. In that framework, an assessment is made of appropriate financial resources and projected solvency, adequate systems and controls, integrity and competence of senior management, directors and controllers, and the applicant’s regulatory history. As part of the assessment of whether an applicant satisfies and will continue to satisfy the threshold conditions, the FSA considers whether the applicant is ready, willing and organized to comply with the regulatory requirements to which it will be subject if it is granted permission. Permission to carry on regulated activities may be accompanied by specific requirements placed on the insurer. Insurers appropriately authorized in another EEA Member State may operate in the U.K. through a branch or on a cross-border services basis under a passport arrangement, based on the common standards of supervision established under the EU Insurance Directives.
Assessment	Observed
Comments	The FSA has well developed policies and procedures in place to ensure that any insurer wishing to operate in the U.K. meets the stated regulatory requirements.
Principle 3.	Changes in Control The insurance supervisor should review changes in the control of companies that are licensed in the jurisdiction. The insurance supervisor should establish clear requirements to be met when a change in control occurs. These may be the same as, or similar to, the requirements which apply in granting a license. In particular, the insurance supervisor should: -require the purchaser or the licensed insurance company to provide notification of the change in control and/or seek approval of the proposed change; and -establish criteria to assess the appropriateness of the change, which could include the assessment of the suitability of the new owners as well as any new directors and senior managers, and the soundness of any new business plan.
Description	Under existing legislation, a person proposing to take control of or vary its existing control over an insurance firm must notify the FSA. The insurance firms are also required to notify the FSA of any changes in control. The FSA has the power to object to changes in control. The specific documents that the insurers have to submit depend on the licensing requirements of the jurisdiction and are consistent with the documentation required for new license applications. When a change in control occurs, the suitability of the new owners, directors and senior managers, and the soundness of any new business plan are checked. Where changes to business strategy are proposed these too will be assessed. The normal process would involve the consideration of the proposed business strategy against the existing business strategy and the assessment of the likely benefits/drawbacks. In the case of life insurers the actuarial advice provided by the FSA’s actuarial department would be a critical consideration. In deciding whether the approval requirements are met, the FSA must ensure that the insurance firm satisfies and will continue to satisfy the Threshold conditions which are the same standards that apply to those who seek to obtain permission to carry on insurance business for the first time.
Assessment	Observed
Comments	The FSA has well-developed systems and procedures in place to address issues relating to changes in control.
Principle 4.	Corporate Governance It is desirable that standards be established in the jurisdictions which deal with corporate governance. Where the insurance supervisor has responsibility for setting requirements for corporate governance, the insurance supervisor should set requirements with respect to: -the roles and responsibilities of the board of directors; -reliance on other supervisors for companies licensed in another jurisdiction; and -the distinction between the standards to be met by companies incorporated in his jurisdiction and branch operations of companies incorporated in another jurisdiction.
Description	In respect of firms regulated by the FSA, there is a range of rules relevant to corporate governance. These rules are elaborated in Principles (eleven in total) which are fundamental obligations placed on firms, and derive from the FSA’s general rule-making power in the FSMA. However, they do not apply where the matter in question falls under the firm’s Home State regulator under EC Directives. A firm is also required to satisfy, and continue to satisfy threshold conditions in order to be given and to retain its permissions under the Act. The FSA must ensure that a firm satisfies and will continue to satisfy the Threshold conditions in relation to each regulated activity for which it has, or will have, permission. In addition to conditions governing the legal form of insurance companies, the threshold conditions require that the resources of the person concerned must, in the opinion of the FSA, be adequate in relation to the regulated activities that he/she seeks to carry on, or carries on. In reaching its opinion, the FSA may take into account the person’s membership of a group and the effect which that membership may have. If it appears that an authorized person is failing, or likely to fail, to satisfy the Threshold conditions, the FSA may take action to vary or revoke the firm’s permissions. The threshold conditions are complemented by high level systems and control requirements, which include the encouragement of firms’ directors and senior managers to take appropriate practical responsibility for their firms’ arrangements on matters that impinge on the FSA’s functions under the FSMA. The FSA is not primarily concerned with risks that threaten only the owners of a financial business except, in so far as those risks may have an impact on the FSA’s mandate. The FSA, however, does recognize the need to balance the unique interests of shareholders and consumers alike. In addition to the high level systems and controls noted above, the FSA has in place an Approved Persons’ Regime, which requires certain individuals within all financial services companies, including the directors and many senior managers, to remain fit and proper (FIT) and to comply with certain standards of behavior set out in Statements of Principle for Approved Persons and a Code of Practice (APER). The tone and layout of APER is similar to the Principles for Businesses and it describes seven Principles that govern the performance of the director’s or senior manager’s role. These include personal elements like due skill, care and integrity as well as the organization and control of the areas of business under the individual’s direct control.
Assessment	Observed
Comments	The FSA, which has considerable rule-making power under the FSMA, has in place a comprehensive set of rules and guidelines for use by its supervised firms and its own staff and these are consistent with the requirements of this core principle. Nevertheless, two recommendations are presented below. The FSA should consider making it mandatory for a Financial Condition Report (FCR) to be signed off by the Board and subsequently made available to the FSA. The Board should take responsibility for the analysis of the FCR and ensure that the level of resilience/scenario testing is appropriate to the complexity and size of the organization. The FSA may wish to work closely with the appropriate professional bodies and develop guidance for use by supervised firms when preparing the FCR. At the conclusion of every review of high impact firms, senior officials from the FSA should meet formally with the audit committees to review and present the management letter points. At these meetings, it is good practice to request an in camera meeting with only the non-executive members of the audit committee.
Principle 5.	Internal Controls The insurance supervisor should be able to: - review the internal controls that the board of directors and management approve and apply, and request strengthening of the controls where necessary; and - require the board of directors to provide suitable prudential oversight, such as setting standards for underwriting risks and setting qualitative and quantitative standards for investment and liquidity management.
Description	The FSA’s eleven Principles for Businesses apply to some aspects of internal control. These principles cover a wide array of topics and are fundamental obligations placed on firms, deriving from the FSA’s general rule-making power in the FSMA. In addition, threshold conditions represent the minimum conditions which a firm is required to satisfy, and continue to satisfy, in order to be given and to retain their permissions under the Act. The FSA must ensure that a firm satisfies and will continue to satisfy, the Threshold conditions in relation to each regulated activity for which it has, or will have, permission. Assessment of a firm’s internal controls is through a combination of off-site and on-site monitoring; however, the emphasis is on off-site monitoring. This assessment process determines whether the firm has taken reasonable steps to identify all risks of regulatory concern that it may encounter in conducting its business, and has installed appropriate systems and controls and appointed appropriate human resources to manage them prudently at all times. Firms are required to notify the FSA of any proposed restructuring, reorganization or business expansion which could have a significant impact on the firm’s risk profile, and any significant failure in the firm’s systems or controls, including those reported to the firm by the firm’s external auditor.
Assessment	Broadly Observed
Comments	Based on current practices, this core principle is rated Broadly Observed; however, when the new risk-based methodology is implemented in the insurance sector, the requirements of this principle will be met. Essential Criteria # 1 is the primary reason for the assigned rating. The completeness, appropriateness and effectiveness of a firm’s internal controls and systems are fundamental to its on-going viability and competitive position in the industry. The FSA’s requirements on systems and controls provide good guidance for the industry and, when implemented effectively, should foster a strong internal control discipline by senior management and the Board. However, the effectiveness of these controls and systems need to be independently reviewed and tested from time to time. Currently, only limited independent, on-site reviews are carried out. Again, the level of review needs to be enhanced, in order to ensure that systems and controls are effective. One way to accomplish this is to consider more effective use of external checks and balances. This could include the use of auditors, skilled persons and supervisors. Operational risk, in particular, is most effectively assessed in the field, and working in the field also affords a unique opportunity for supervisors to develop a better understanding of the firm’s operations. The FSA is strongly encouraged to devote more attention to this aspect of supervision in the future. The increasing pressures on insurance firms require management to pay more attention to risk management practices. In the current environment, most firms, particularly those in MFGD, are strengthening their risk management practices; however, where this is not true, the FSA should consider encouraging those firms to do so. Possible actions that could be taken by such firms include the establishment of a risk management function and a risk committee of the Board. Management letters issued by the FSA to a firm are important pieces of correspondence that usually deal with prudential issues which are also of interest to a firm’s auditors. Many firms routinely provide copies of management letters to their auditors, but this is not done consistently. The FSA may wish to standardize its procedures for management letters by including a requirement that firms provide a copy to their auditors on a timely basis.
Principle 6.	Assets Standards should be established with respect to the assets of companies licensed to operate in the jurisdiction. Where insurance supervisors have the authority to establish the standards, these should apply at least to an amount of assets equal to the total of the technical provisions, and should address: -diversification by type; -any limits, or restrictions, on the amount that may be held in financial instruments, property, and receivables; -the basis for valuing assets which are included in the financial reports; -the safekeeping of assets; -appropriate matching of assets and liabilities; and -liquidity.
Description	The FSA’s Principles for Business include that a firm must maintain adequate financial resources. Rules also provide comprehensive guidance for firms to follow when dealing with important issues such as asset diversification, matching of liabilities in any particular currency by assets in that currency, provisions relating to the location of assets, adequate spread, the separation of the assets and liabilities, method of valuing assets, and the extent to which an asset may be taken into account for prudential purposes. The FSA requires firms to have in place suitable control and management information systems to enable the company to implement an appropriate investment strategy. The investment strategy should be reflected in clear terms of reference by the company to its investment managers, who must be qualified and competent to carry out their assigned task and whose remuneration package should be consistent with that strategy. The work of the investment managers should be monitored sufficiently closely to ensure that the company’s strategy is being followed. Also, a life insurance company must at all times identify the assets held by it which it considers to be the most suitable to cover its obligations; and make prudent provision for the effect on the amount of its excess assets of adverse variations between the value of the assets identified and the value of the assets which it may be obliged to deliver to meet its obligations. Life insurers must apply resilience tests for which guidance is laid down by the FSA. The Integrated Prudential Sourcebook that the FSA intends to bring in will introduce similar controls for non-life insurers. In the case of life insurers, the appointed actuary plays a significant role in ensuring that the insurer has made proper provision in respect of its liabilities, and in monitoring the risks the firm runs where these are material to the firm’s ability to meet its liabilities to policyholders. Each year, as part of the annual returns, Directors are expected to certify that the company’s systems and controls comply with the FSA’s requirements. The ‘reasonableness’ of the Directors’ certification of compliance is subject to external audit opinion. These reports are reviewed by the FSA, and supervisors may also seek to verify directly with the firm that adequate controls exist.
Assessment	Broadly Observed
Comments	Based on current practices, this core principle is rated as Broadly Observed; however, the implementation of the proposed risk-based methodology will result in this principle rated as Observed. Essential Criteria 4, 5 and 7 are the primary reasons for the assigned rating. As described above, the FSA has strong standards and rules governing the assets held by a firm to cover its liabilities. These rules cover the essential elements of asset management, such as the establishment of investment policy, valuation, safe keeping, matching of assets and liabilities and the existence of adequate internal controls. Tightly controlling risks (market, credit, liquidity operational and legal) associated with investment activities is of particular significance in an insurance firm as they could affect the determination and on—going sufficiency of the technical provisions. The review of a firm’s risk management policies and systems, internal controls and internal audit programs usually requires specialized expertise and is best assessed in the field. More balance between desk review and independent testing on site is required in order to meet the requirements of this core principle which are demanding. The new risk-based methodology, which is currently being developed, will meet this objective but, at present, it is not being achieved in a consistent manner.
Principle 7.	Liabilities Insurance supervisors should establish standards with respect to the liabilities of companies licensed to operate in their jurisdiction. In developing the standards, the insurance supervisor should consider: - what is to be included as a liability of the company, for example, claims incurred but not paid, claims incurred but not reported, amounts owed to others, amounts owed that are in dispute, premiums received in advance, as well as the provision for policy liabilities or technical provisions that may be set by an actuary; - the standards for establishing policy liabilities or technical provisions; and - the amount of credit allowed to reduce liabilities for amounts recoverable under reinsurance arrangements with a given reinsurer, making provision for the ultimate collectability.
Description	The FSA’s power to prescribe standards for establishing technical provisions and other liabilities derives from its rule making powers under the FSMA. Insurers must maintain such accounting and other records as are necessary for identifying the liabilities attributable to each kind of business it carries on. The Interim Prudential Sourcebook for Insurers covers the identification and application of assets and liabilities relating to long-term business. Long-term liabilities must be determined on the basis of actuarial principles, having regard to the reasonable expectations of policyholders and relevant actuarial guidance, and make proper provision for all liabilities using prudent assumptions that include appropriate margins for adverse deviation of the relevant factors. In the case of non-life insurance, the responsibility for establishing prudent technical provisions and provisions for other liabilities rests first and foremost on the management of the insurance company and its advisers. The U.K. legislation does not generally lay down precise rules on how non-life liabilities are to be calculated. The accounting profession has developed statements of recommended practice, and independent auditors must certify that the reserves have been established in accordance with regulatory requirements and professional standards. The core requirement is that the reserves should be sufficient to meet liabilities in all reasonably foreseeable circumstances. The various sorts of technical reserves that a non-life insurance company should establish are defined in the Companies Act 1985. Discounting of outstanding long tail claims is allowed within a clearly defined framework. The annual return provided by insurers, including information on technical provisions and an abstract of the appointed actuary’s valuation report, are examined by the FSA. Where there are concerns that the technical provisions have not been appropriately calculated, the supervisory authority can use its powers of intervention to require an actuarial or general investigation. The FSA may assess the adequacy of the technical provisions through on or off-site monitoring or a combination of the two. It also has the power to require reports by skilled persons into the adequacy of the technical provisions granted by the FSMA. Regarding reinsurance use, insurers may take credit for reinsurance recoveries up to the amounts reasonably expected to be recovered. However, in the solvency margin calculation, insurers are only allowed to take credit for reinsurance recoverables up to a maximum of 50 percent.
Assessment	Broadly Observed
Comments	This core principle is rated as Observed for the life firms and Broadly Observed for the non-life firms. While the FSA’s supervisors are likely to identify problems related to long-tail, non-life claims, the scarcity of qualified non life personnel makes it difficult to perform the required follow up. The U.K. is assessed as not being fully compliant with Essential Criteria # 3. The nature of the non-life liabilities makes it increasingly important to establish rules and guidance for use by supervised firms. Long-tail non-life liabilities should be subject to a rigorous overview by the appropriate mix of professional bodies at the insurer level. Input from this multi-discipline professional team should be considered in the development of the Financial Condition Report. The determination of policy liabilities in life firms is a highly specialized task and involves the use of considerable judgment by the appointed actuary. Judgment is required even though the appointed actuary is required to calculate the policy reserves within the guidelines set out by the professional body. Judgment is particularly critical for some products as results are highly sensitive to certain assumptions and slight variations can result in material differences in reserve balances. For these reasons the assessors believe it would be good practice to require the implementation of a peer review process and the FSA may want to work with the Institute of Actuaries or other relevant professional bodies to implement such a review. Depending on the company-specific situation, a multi-discipline team may be required to do the review.
Principle 8.	Capital Adequacy and Solvency The requirements regarding the capital to be maintained by companies which are licensed, or seeking a license, in the jurisdiction should be clearly defined and should address the minimum levels of capital or the levels of deposits that should be maintained. Capital adequacy requirements should reflect the size, complexity, and business risks of the company in the jurisdiction.
Description	FSA rules require both life and non-life insurers to maintain a margin of solvency. The basic obligations reflect the EU solvency and minimum capital requirements. Whilst larger companies are clearly required to have larger solvency margins in absolute terms under these provisions, different levels of complexity or business risks are not currently reflected in specific EU or U.K. solvency requirements - except to a very limited extent in the fixed minimum capital requirements. The FSA nevertheless seeks to ensure, and has the powers to require and enforce, that individual companies maintain solvency margins appropriate to the nature of their business, which in many cases are several multiples of the EU requirements. The powers under the FSMA may be used to set an individual requirement for an insurer necessitating that they maintain a particular level of financial resources. The financial returns made to the FSA, provide the necessary information to allow the supervisor to monitor assets, liabilities and compliance with the solvency margin requirements. The FSA reviews and analyses the returns, and investigates any problems identified with the firms concerned. The FSA may also examine these areas through on-site inspections. The directors of an insurance company have to certify in respect of the annual return to the FSA that the company has maintained the required margin of solvency throughout the financial year in question. The auditor, in the report they are obliged to produce, is required to provide their opinion whether it was reasonable for the directors to have made the statement. Given the international nature of the U.K. insurance market, the ability to share prudential information with other regulators is of critical importance. The Financial Services and Markets Act 2000 (Disclosure of Confidential Information) Regulations 2001, contains gateways permitting the exchange of supervisory information with other insurance supervisory authorities.
Assessment	Observed
Comments	In May 2002 the FSA issued consultation paper 136 “Individual Capital Adequacy Standards” which will result in a comprehensive review of the capital requirements for all firms, including the informal rules currently used by non-life firms. For non-life firms, the capital requirement is a combination of formal and informal requirements. The formal requirements are set out in the EU Directives. There are adjustments for reinsurance, based on actual recoveries and subject to a maximum reduction of 50 percent. The informal requirement is determined based on “rules of thumb” which have emerged such as 200 percent of minimum requirements for less risky lines of business while for more risky lines, the norm is about 300 percent to 400 percent of minimum requirements. More formalized risk-based capital rules are clearly required and this is recognized by the FSA.
Principle 9.	Derivatives and ‘Off-Balance Sheet’ Items The insurance supervisor should be able to set requirements with respect to the use of financial instruments that may not form a part of the financial report of a company licensed in the jurisdiction. In setting these requirements, the insurance supervisor should address: -restrictions in the use of derivatives and other off-balance sheet items; -disclosure requirements for derivatives and other off-balance sheet items; and -the establishment of adequate internal controls and monitoring of derivative positions.
Description	FSA rules set out the principles governing the use of derivatives by insurers, and these are supplemented by guidance dealing with systems and controls over investments with particular reference to the use of derivatives. The U.K. approach seeks to ensure that derivatives are not used in a way that is speculative or which might have the effect of weakening the company materially. Guidance issued by FSA covers the standards to be achieved by companies’ systems and controls. This includes the requirement for insurers to have in place written guidelines on the use of derivatives which must be approved by the Board, and must be consistent with the company’s agreed investment strategy. The following must be addressed in the guidelines: objectives and policies for use of derivatives, types of instrument, the establishment of prudent limits, exposures and volumes, competence and qualifications of staff, and the segregation of functions. Directors are required to ensure derivatives use is monitored and in line with the objectives and policy contained in the guideline. Directors must also ensure that risk management and control systems are capable of analyzing and monitoring the risk of all transactions undertaken by the organization individually and in aggregate. Each year, as part of the annual returns, Directors are expected to certify that the company’s systems and controls comply with the FSA’s requirements. The ‘reasonableness’ of the Directors’ certification of compliance is subject to external audit opinion. The annual returns provide the basis for off-site monitoring of the adequacy of the internal controls over derivatives. The controls may also be checked on-site, and in this respect the FSA expects to make increasing use of its market risk review team. Every insurer must attach to the annual return covering their balance sheet, profit and loss account and revenue account a statement comprising a brief description of any investment guidelines followed by the insurer for the use of derivative contracts and of other matters concerning the use of derivatives.
Assessment	Observed
Comments	FSA rules set out the principles governing the use of derivatives by insurers, and these are supplemented by guidance dealing with systems and controls over investments with particular reference to the use of derivatives. The U.K. approach seeks to ensure that derivatives are not used in a way that is speculative or which might have the effect of weakening the company materially.
Principle 10.	Reinsurance Insurance companies use reinsurance as a means of risk containment. The insurance supervisor must be able to review reinsurance arrangements, to assess the degree of reliance placed on these arrangements and to determine the appropriateness of such reliance. Insurance companies would be expected to assess the financial positions of their reinsurers in determining an appropriate level of exposure to them. The insurance supervisor should set requirements with respect to reinsurance contracts or reinsurance companies addressing: - the amount of the credit taken for reinsurance ceded. The amount of credit taken should reflect an assessment of the ultimate collectability of the reinsurance recoverable and may take into account the supervisory control over the reinsurer; and - the amount of reliance placed on the insurance supervisor of the reinsurance business of a company which is incorporated in another jurisdiction.
Description	FSA’s rules require insurers to report to the supervisory authority on their reinsurance arrangements. This information is analyzed with respect to the appropriateness of the programme and the security provided. Non-life insurers have to provide statements covering their major reinsurers, both treaty and facultative. These statements include information on any connections the insurer might have with the reinsurer; the amount of reinsurance payments payable; and the amount of anticipated recoveries to the extent that these have been taken into account by the company in determining the reinsurers’ share of the technical provisions in respect of claims outstanding. In addition, companies have to provide a detailed statement of the business ceded. Reinsurers are subject to direct regulation in the United Kingdom, in addition to the supervision applied through the review of the reinsurance cessions of direct insurers. Primary insurers that accept reinsurance risks are supervised in respect of the whole of their business. The supervision of reinsurers is carried out in broadly the same manner as the supervision of direct insurers, though with specific attention being paid to the potential for aggregation of risk within reinsurers which might, for example, make them particularly vulnerable to a specific event or chain of events. The full range of supervisory controls apply, including reporting requirements; on and off-site monitoring; the ability to intervene; authorization by class of business; fit and proper requirements; and systems and controls requirements. As noted earlier, insurers may take the credit for reinsurance recoveries up to the amounts reasonably expected to be recovered. However, in the solvency margin calculation, insurers are only allowed to take credit for reinsurance recoverables up to a maximum of 50 percent of claims. The FSA has powers to share confidential information with other supervisors in appropriate circumstances.
Assessment	Observed
Comments	Reinsurance usually requires specialized knowledge in order to conduct any meaningful review. Reinsurance contracts tend to be company-specific and the determination of whether there is a true transfer of risk, or lack thereof, can be elusive. The Board, however, is ultimately responsible for ensuring that the proper level of reserve credit is taken by the firm. The FSA has used reinsurance specialists in the past to assist with its supervisory work but only on an ad-hoc basis. The complexity of reinsurance arrangements – particularly financial reinsurance – makes it difficult for even skilled supervisors to assess the adequacy of the reinsurance program of insurance companies relative to their level of capital and the risk profile of the underwriting book. Moreover as a considerable share of reinsurance arrangements tends to be ceded offshore, it becomes increasingly difficult for U.K. regulators to assess the recoverability of claims held by domestic insurers on their reinsurers. For this reason, the assessors strongly support the rapid introduction of an EU reinsurance directive and international standards. A further challenge with respect to reinsurance is the limitation of the current data base system to capture meaningful data on reinsurance use within the insurance industry. This is a challenge for all regulators world-wide and does serve to make supervisors’ job very difficult. The FSA may wish to consider implementing a thematic review of reinsurance operations across the firms for purposes of ensuring that, all firms and the industry in general, have put in place appropriate controls and systems to deal with this important risk.
Principle 11.	Market Conduct Insurance supervisors should ensure that insurers and intermediaries exercise the necessary knowledge, skills, and integrity in dealing with their customers. Insurers and intermediaries should: -at all times act honestly and in a straightforward manner; -act with due skill, care, and diligence in conducting their business activities; -conduct their business and organize their affairs with prudence; -pay due regard to the information needs of their customers and treat them fairly; -seek from their customers information which might reasonably be expected before giving advice or concluding a contract; -avoid conflicts of interest; -deal with their regulators in an open and cooperative way; -support a system of complaints handling, where applicable; and -organize and control their affairs effectively.
Description	The FSA is responsible for the supervision of the sale and marketing of life insurance with an investment element. Since the majority of life insurance sold within the U.K. has an investment element, the FSA effectively regulates the sale and marketing of all life insurance. The supervision of the sale and marketing of non-life insurance is in a period of transition. The Government recently announced that the sale of non-life insurance will in future be regulated by the FSA. This will require considerable preparatory work by the FSA before the transfer from the existing - non-statutory – regulatory regime can be effected in 2004. In the meantime the General Insurance Standards Council (GISC) will continue in its role as an independent, non-statutory organization to regulate the sales, advisory and service standards of its members (insurers and intermediaries - including brokers, agents, and anyone acting for them). Those insurers and intermediaries that are not members of the GISC will continue to be subject to the provisions contained in the Association of British Insurers’ Code of Practice (ABI Code).6 There is a continuing and enforceable requirement throughout the lifetime of all financial services firms authorized by the FSA, that all approved persons are fit and proper to hold their office. Persons requiring approval are those who exercise controlled functions within the firm. Controlled functions as defined in the Handbook include governing functions, such as director or chief executive; required functions, such as compliance oversight; and significant management functions such as financial resources or insurance underwriting. Certain customer functions, such as the investment adviser function, are also controlled functions. The FSA’s Supervision Manual notes that on-site inspection is one of the tools that may be used to monitor whether a firm, once authorized, remains in compliance with regulatory requirements. The FSA also has rules in place relating to the internal handling of complaints, including the procedures which a firm must put in place; the time limits within which a firm must deal with a complaint; the records of a complaint which a firm must make and retain, and the requirements on a firm to report information about complaints to the FSA. Complaints that cannot be resolved between insurers and private customers can be referred to the Financial Services Ombudsman.
Assessment	Observed
Comments	The FSA requires supervised firms to have well-developed systems and controls in place to deal with issues relating to market conduct. The FSA follows up in an appropriate manner to ensure that firms are distributing their products appropriately and that customers are treated fairly.
Principle 12.	Financial Reporting It is important that insurance supervisors get the information they need to properly form an opinion on the financial strength of the operations of each insurance company in their jurisdiction. The information needed to carry out this review and analysis is obtained from the financial and statistical reports that are filed on a regular basis, supported by information obtained through special information requests, on-site inspections, and communication with actuaries and external auditors. A process should be established for: -setting the scope and frequency of reports requested and received from all companies licensed in the jurisdiction, including financial reports, statistical reports, actuarial reports, and other information; -setting the accounting requirements for the preparation of financial reports in the jurisdiction; -ensuring that external audits of insurance companies operating in the jurisdiction are acceptable; and -setting the standards for the establishment of technical provisions or policy and other liabilities to be included in the financial reports in the jurisdiction. In so doing, a distinction may be made: -between the standards that apply to reports and calculations prepared for disclosure to policyholders and investors, and those prepared for the insurance supervisor; and -between the financial reports and calculations prepared for companies incorporated in the jurisdiction, and branch operations of companies incorporated in another jurisdiction.
Description	The FSA’s rule-making powers under the FSMA enables the Authority to prescribe rules for financial reporting. Insurers are required to produce an annual return for the FSA in addition to their statutory accounts for shareholders or members. The outline contents of returns laid down in the rules are: profit and loss account, revenue account and balance sheet, together with notes, statements and reports and directors’ certificates annexed thereto; an abstract of the annual investigation of the appointed actuary; and an auditor’s report. The accounts and balance sheets of every insurer must be audited by a person qualified in accordance with rules set out in the FSA’s Handbook. Assets generally have to be valued at either net asset value or current market value, although there are some specific rules as to the valuation of individual assets, such as real estate. For both long-term and general insurance business the amount of the liabilities must be determined in accordance with generally accepted accounting concepts, bases, policies and other generally accepted methods appropriate to insurers. Long-term liabilities must be determined on the basis of actuarial principles having regard to the reasonable expectations of policyholders and relevant actuarial guidance and include proper provision for all liabilities using prudent assumptions that include appropriate margins for adverse deviation of the relevant factors. Companies carrying on life assurance business are required to conduct a periodic actuarial investigation by the appointed actuary. The appointed actuary must certify, amongst other things, that proper records have been kept, that proper provisions have been made, and that assets and liabilities have been assessed in accordance with the prescribed rules. Non-EEA insurers operating in the U.K. through a branch, are required to maintain both a U.K. and global solvency margin and report accordingly. The provisions of the EU Insurance Groups Directive, requiring amongst other things a parent undertaking a solvency margin calculation, have also been reflected in reporting requirements. Reporting of material connected-party transactions is required. The annual returns of insurers are entered into FSA’s database and various ratios generated, which might indicate if the insurer is running into financial difficulties or if its performance is deteriorating. The ratio analysis helps determine the priority for a more detailed desk analysis of the returns. Problems identified as a result of this analysis, and/or as a result of other information available to the supervisor, are discussed with the insurer’s management and appropriate action taken. The FSA has powers to require companies to report more frequently, or to accelerate reports. The annual return is available to the public, but the more frequent reports are usually confidential between the insurer and the FSA.
Assessment	Broadly Observed
Comments	This core principle is rated as Broadly Observed based on current practices, which need enhancing to cope with the rapidly changing risk profile in the industry; however, the proposed implementation of the risk-based methodology for insurance firms will move the rating to Observed. The risk level of the insurance industry is increasing due to pressure points from several fronts including on-going underwriting losses (non-life); reduced returns on investment activities coupled with high expense pressures; and the uncertainty of long-tail liabilities. Currently, firms are required to file regulatory returns annually and may still use a paper medium. Given the rapidity with which an insurance firm’s risk profile can change, a move towards quarterly reporting, at least for the higher priority firms, would significantly enhance a supervisor’s ability to closely monitor his or her assigned firm(s). Firms that fall under the purview of MFGD, particularly listed firms, should be encouraged to file their MIS reports prior to public release. To accommodate this increased information flow, FSA may need to review its financial reporting data base and systems capability. Furthermore, it is necessary to carry out a review of the nature of the existing data being received as some data may no longer be relevant. Consequently, changes to the regulatory returns may be required. Public disclosure of relevant information on a timely basis is one element of the three-pillar approach proposed by the Basel Committee for banking supervision, but is equally applicable to insurance firms. There is an increasing need for all firms to disclose more relevant information in their published financial reports. For example, there is need for firms to include more information on risk management practices, risk exposures and sources of gains and losses. In this connection, the FSA has an important role to play in encouraging firms to adopt more appropriate disclosure practices.
Principle 13.	On-Site Inspection The insurance supervisor should be able to: -carry out on-site inspections to review the business and affairs of the company, including the inspection of books, records, accounts, and other documents. This may be limited to the operation of the company in the jurisdiction or, subject to the agreement of the respective supervisors, include other jurisdictions in which the company operates; and -request and receive any information from companies licensed in its jurisdiction, whether this information be specific to a company or be requested of all companies.
Description	The FSA’s approach to supervision involves a risk assessment of firms, based on the extent to which they pose risks to the FSA’s regulatory objectives. The risk assessment process applies to all firms, although the detail required may vary from firm to firm, and is subject to continuing review. In the case of firms in which risks have been identified which could have a material bearing on the FSA meeting its regulatory objectives, the FSA will also outline a programme intended to address these risks. The FSA’s use of on-site inspection for prudential purposes in relation to insurers is considered against the background of other reporting requirements and controls. The FSA places considerable reliance on the validity of the information provided in the annual returns, and in particular sees no need routinely to duplicate the work of the auditor and appointed actuary. Onsite inspections have not been a regular feature of supervisory activities to date, particularly with respect to non-life insurance firms. Nevertheless, the figures provided are carefully analyzed off-site. In the case of life insurers especially, specialist actuarial analysis is undertaken. If it seems to the FSA that an auditor or actuary has not performed their role appropriately, the FSA has the authority to disqualify that auditor or actuary. The FSA also has the ability to request further information, as the need arises, for assessment off-site, or to require reports by skilled persons. The policy with regard to on-site inspections of insurance companies is currently evolving. The FSA has announced in its Plan and Budget its intention that risk specialists and supervisors will, in future, spend more time on-site at insurance firms – with a greater proportion of that time spent at higher impact firms, in line with the Authority’s risk-based approach to supervision. On-site inspection will address suspected areas of deficiency within an individual company or specific risk/risk management factors. It is not intended to inspect smaller, low risk insurers that represent a small minority of insurance business written in the U.K. on a routine basis. Smaller insurers may, however, be inspected as part of the FSA’s examination of particular supervisory themes. The purpose of these inspections will not be routinely to analyze all insurance companies on a rotational basis, or – when an on-site inspection is initiated - all of an individual company’s activities. The FSA’s risk based approach to supervision requires the Authority’s on-site inspections, as its other activities, to be appropriately targeted. The FSA does, however, have the authority to conduct a full on-site inspection covering the elements set out in the criterion. A full-scale on-site inspection would be undertaken if the risk assessment suggested that it would be the right thing to do. In respect of life insurers conducting investment business, appointed representatives and independent financial advisers, the FSA carries out on-site inspections to determine compliance with conduct of business rules. These inspections regularly focus on the sufficiency and adequacy of the information sought from, and given to, customers. It is also the FSA’s intention to use the information on complaints and enquiries provided by the Financial Services Ombudsman to identify potential problem areas for follow-up with regulated firms.
Assessment	Materially Non-Observed
Comments	While the FSA has full authority to carry out on-site supervision of supervised firms, on-site reviews are not routine. The FSA does conduct an on-site review when a firm comes under stress, or when prudential concerns arise. The review is tailor-made to fit company-specific circumstances. The FSA is currently undertaking a major review of its approach to insurance regulation, led by John Tiner (Managing Director, Consumer, Investment & Insurance Directorate). The review is not primarily about the legal powers that apply in this area, but concerns various practical aspects of supervision and the way in which the FSA exercises its powers. It is expected that the results will place greater emphasis on on-site inspection in assessing risk exposures. In order to comply with this CP, the FSA will also need to increase the resources and skill set of supervisors who are responsible for supervising the insurance industry. Core insurance expertise should be strengthened by including individuals with experience in reinsurance, risk management, actuarial science and long-tail, non-life claims. It is expected that the results of the Tiner project will address these issues.
Principle 14.	Sanctions Insurance supervisors must have the power to take remedial action where problems involving licensed companies are identified. The insurance supervisor must have a range of actions available in order to apply appropriate sanctions to problems encountered. The legislation should set out the powers available to the insurance supervisor and may include: -the power to restrict the business activities of a company, for example, by withholding approval for new activities or acquisitions; -the power to direct a company to stop practices that are unsafe or unsound, or to take action to remedy an unsafe or unsound business practice; and -the option to invoke other sanctions on a company or its business operation in the jurisdiction, for example, by revoking the license of a company or imposing remedial measures where a company violates the insurance laws of the jurisdiction.
Description	The FSA has powers under the FSMA to take remedial action against and/or impose penalties on insurers. depending on the severity of the situation. Examples of measures that the FSA can impose include fines, public censure, imposition of requirements or limitations on permission to carry on a regulated activity, and—in extreme cases—cancellation of a permission. Approval for new activities can also be withheld where appropriate. The Regulatory Decisions Committee, which is an FSA committee outside the FSA’s management structure, normally takes major regulatory decisions. The FSA can, where necessary, ensure that these actions have immediate effect. It also has criminal prosecution powers in certain circumstances (e.g., breaches of the money laundering regulations). Additionally, the FSA can withdraw an individual’s approval to perform controlled functions, if it considers that the person in respect of whom approval was given is not a fit and proper person to perform the function to which the approval relates.
Assessment	Observed
Comments	The FSA has powers under the FSMA to require firms to take remedial action when threats to the solvency of the institutions are noted. Although there are well developed processes within the FSA for dealing with firms when prudential concerns are noted, firms which are placed on a watch list are not formally notified when such action is taken.
Principle 15.	Cross-Border Business Operations Insurance companies are becoming increasingly international in scope, establishing branches and subsidiaries outside their home jurisdiction, and sometimes conducting cross-border business on a services basis only. The insurance supervisor should ensure that: -no foreign insurance establishment escapes supervision; -all insurance establishments of international insurance groups and international insurers are subject to effective supervision; -the creation of a cross-border insurance establishment is subject to consultation between host and home supervisors; and -foreign insurers providing insurance cover on a cross-border services basis are subject to effective supervision.
Description	The FSMA includes a general prohibition on carrying on regulated activities in the U.K. without authorization or specific exemption. An EEA insurer subject to prudential supervision in its home state may operate in the U.K. via a branch or on a cross-border services basis, subject to a notification procedure. With this exception, the FSA has sole responsibility for authorizing and supervising foreign insurers wishing to carry on insurance business in the United Kingdom, including U.K. subsidiaries of foreign companies, joint ventures with one or more foreign parents, and branches of companies with a head office outside the EEA (subject to the possibility of limited lead supervision by one Member State of branches situated in more than one EEA state, which is provided for by the EC Directives). The FSA has a duty to take such steps as it considers appropriate to co-operate with other regulators. In considering an application for authorization, the FSA may discuss the application with other regulators as appropriate. In the case of branches, where an applicant has its principal place of business in a country or territory outside the EEA, the FSA will, in assessing an application for Part IV permission, have regard to the applicant as a whole and not just the proposed U.K. branch. As part of the process the FSA may, if reasonable in the circumstances, take into consideration information supplied by the relevant overseas regulator in that country or territory. The promotion of contracts of life insurance in the U.K. by non-EEA companies not authorized in the U.K. is not normally permitted where the rights under the contract constitute an investment. The exception is where the company is established in a designated territory affording adequate protection to policyholders and potential policyholders against the risk that the company may be unable to meet its liabilities. The promotion of non-life contracts on a cross-border basis is permitted, subject to disclosure requirements that apply other than in respect of large risks and reinsurance.
Assessment	Observed
Comments	The FSA has well-developed systems and controls in place to ensure that no firms escapes supervision. In carrying out this responsibility, it seeks to co-operate with other regulators as necessary.
Principle 16.	Coordination and Cooperation Increasingly, insurance supervisors liaise with each other to ensure that each is aware of the other’s concerns with respect to an insurance company that operates in more than one jurisdiction, either directly or through a separate corporate entity. In order to share relevant information with other insurance supervisors, adequate and effective communication should be developed and maintained. In developing or implementing a regulatory framework, consideration should be given to whether the insurance supervisor: -is able to enter into an agreement or understanding with any other supervisor both in other jurisdictions and in other sectors of the industry (i.e., insurance, banking, or securities) to share information or otherwise work together; -is permitted to share information, or otherwise work together, with an insurance supervisor in another jurisdiction. This may be limited to insurance supervisors who have agreed, and are legally able, to treat the information as confidential; -should be informed of findings of investigations where power to investigate fraud, money laundering, and other such activities rests with a body other than the insurance supervisor; and -is permitted to set out the types of information and the basis on which information obtained by the insurance supervisor may be shared.
Description	The FSA’s legislation permits the disclosure of information for the purpose of enabling or assisting an authority in a country or territory outside the U.K. to exercise functions corresponding to those of the FSA under the FSMA, in effect to other supervisors of insurance, banking and investment business, subject to equivalent professional secrecy/confidentiality requirements being in place. Procedures relating to the collaboration of the insurance supervisory authorities in the EEA, in particular in the application of the EC Directives on life assurance and non-life insurance, are contained in a specific Protocol agreed between the authorities. This includes provisions on the exchange of information. A further Protocol covers collaboration and information exchange in respect to the supervision of insurance groups. The FSA has to date had little experience of regular liaison and co-operation with insurance supervisory authorities outside the EEA. The contacts that have taken place have in most cases been in response to particular problems that have arisen. This situation is expected to change with the emergence of insurance groups and conglomerates. The enhancement of information exchange is being actively pursued. There are agreed guidelines in place between the FSA and key criminal investigators and prosecutors in the U.K. (Serious Fraud Office, Department of Trade and Industry, Criminal Prosecution Service, Policy and their Scottish/Northern Irish counterparts). These guidelines provide that the parties should alert each other to cases of mutual interest and that they should communicate with each other when initiating investigations and proceedings. In addition, the guidelines provide that it is best practice for agencies to notify each other on the outcome of investigations or proceedings.
Assessment	Observed
Comments	The FSA maintains close relations with overseas financial supervisors. The Authority is able to exchange information with the competent authorities in other EEA Member States relatively freely, and may conclude co-operation agreements providing for the exchange of information with competent authorities of other countries if the information disclosed is subject to equivalent guarantees of professional secrecy.
Principle 17.	Confidentiality All insurance supervisors should be subject to professional secrecy constraints in respect of information obtained in the course of their activities, including during the conduct of on-site inspections. The insurance supervisor is required to hold confidential any information received from other insurance supervisors, except where constrained by law or in situations where the insurance supervisor who provided the information provides authorization for its release. Jurisdictions whose confidentiality requirements continue to constrain or prevent the sharing of information for supervisory purposes with insurance supervisors in other jurisdictions, and jurisdictions where information received from another insurance supervisor cannot be kept confidential, are urged to