Financial Sector Assessment Program-Banking Supervision and Regulation-Technical Note

This paper discusses the current status of banking supervision and regulation in Montenegro in the context of select Basel Core Principles. It provides a brief overview of the financial system structure, bank system performance, and the framework for financial oversight. Laws, regulations, and supervision have improved significantly since the 2006 Financial Sector Assessment Program to align more closely with Basel and EU requirements. The banking sector dominates the financial system and accounts for about 90 percent of financial system assets, equivalent to about 93 percent of GDP as of June 2015. There are currently 14 banks operating in Montenegro, up from 11 in 2013.


This paper discusses the current status of banking supervision and regulation in Montenegro in the context of select Basel Core Principles. It provides a brief overview of the financial system structure, bank system performance, and the framework for financial oversight. Laws, regulations, and supervision have improved significantly since the 2006 Financial Sector Assessment Program to align more closely with Basel and EU requirements. The banking sector dominates the financial system and accounts for about 90 percent of financial system assets, equivalent to about 93 percent of GDP as of June 2015. There are currently 14 banks operating in Montenegro, up from 11 in 2013.

Executive Summary

Laws, regulations, and supervision have improved significantly since the 2006 Financial Sector Assessment Program (FSAP) to align more closely with Basel and EU requirements. While the approach is conservative in some elements, several important areas for improvement are identified. While the legislation provides for consolidated supervision, it is not implemented in a meaningful way and is confined to reporting. Three new banks were licensed in the past year at a time when the banking market was depressed. A more conservative approach to the issuance of new licenses would seem to be warranted. Staff shortages have recently arisen in the Banking Supervision Department due to departures and increased work.

Most major banks in Montenegro are subsidiaries of international banks. It is essential that these banks be party to the resolution plans of the resolution authorities in the home-country jurisdictions.

Basel II implementation is conservative, requiring banks to maintain higher minimum capital ratios, and higher capital for operational risk and for country risk. Pillar 2 and supervisory review have been established well. Yet, there are a few gaps in the measurement of capital and risk-weighted assets (RWAs).

Weaknesses in the broader operating environment are diluting the effectiveness of banks’ credit risk management and the Central Bank of Montenegro’s (CBM) ability to supervise this risk. These weaknesses include the unavailability and reliability of borrowers’ audited financial statements, inability to independently verify or establish connectedness among counterparties—particularly for those who are not Montenegro residents, difficulty in quality evaluation and timely disposal of collateral, and third-party-initiated modifications to bank-borrower contracts that adversely impact credit discipline.

The prudential framework for identification and measurement of problem assets is conservative in some respects, but it has gaps. As a result, classification of loans in adverse categories can be delayed and their reclassification in better categories could be hastened, even if the quantitative/qualitative criteria may require otherwise, leading to incorrect presentation of the level and quality of nonperforming assets.

Prudential limits for banks’ related-party and large exposures are established, but their effective implementation needs improvement. The aggregate limit for all related-party exposures is too high at 200 percent of own funds. Norms for measuring exposures is at variance from Basel norms and diverts banks’ and supervisors’ attention away from the gross exposures that reflect the maximum exposure to loss. There are also significant gaps in the definitions of ‘related party’ and ‘related-party transactions,’ and banks are able to assume related-party exposures without their Boards’ prior approval.

Legislation provides for public disclosure of both quantitative and qualitative aspects, but disclosure by some banks is poor. The financial statements of several banks have been qualified by their external auditors, mainly because of under-provisioning. This could raise issues of confidence in those banks and the wider banking system.

Introduction and Background

1. This Technical Note discusses the current status of banking supervision and regulation in Montenegro in the context of select Basel Core Principles (BCP).1 This Note has been prepared as part of a Financial Sector Assessment Program (FSAP) update conducted jointly by the International Monetary Fund (IMF) and World Bank (WB) in September 2015. As agreed with the authorities, the FSAP team2 reviewed the CBM supervisory practices within the areas of 15 select BCPs that are relevant for the financial stability of Montenegro.3 The selection was based on the 11 CPs selected in a 2014 IMF Board Paper, together with 4 additional CPs that were regarded by the assessors as having relevance to the financial stability of Montenegro: Consolidated Supervision, Home/Host Relationships, Risk Management, and Transaction with Related Parties.4

2. The team’s main interactions were with the staff, officials, and management of the CBM’s Banking Supervision Department, but they also met with a number of commercial banks, the Montenegro Banking Association, and a firm of external auditors. In assessing the adequacy of the supervisory approach, the assessors reviewed all 29 CP self-assessments, as well as the full questionnaire as completed by the authorities. During the mission’s visit, the assessors sought to verify the claims made in these two documents (i.e., self-assessment and completed questionnaire) by, for example, reviewing inspection procedures, reviewing inspection reports, assessing the analysis of prudential reports (as well as the adequacy of the reports themselves). The procedures and analysis relating to bank license applications and their assessments were also reviewed. One bank application was reviewed from initial application to ultimate issue of license. The team would like to place on record their deep appreciation of the full cooperation and courtesy they received from the Montenegro authorities, both in the public and private sectors.

3. The 2006 FSAP revealed a number of weaknesses in bank supervision. Inadequate supervisory resources and protection; lack of clarity on information sharing and the definition of bank capital and past due loans; no appropriate fit-and-proper tests for senior managers of banks; inadequacies in consolidated prudential reports; and ambiguity regarding the CBM’s powers to place a bank under interim administration. Subsequently, the authorities have amended legislation to address most of these weaknesses (Law on the Central Bank of Montenegro in 2010 (LCBM) and Banking Law in 2010 and 2011) and adopted a comprehensive set of regulations on general risk management. Among these regulations is one on the Capital Adequacy of Banks (2010), which implemented Basel II.

4. The Technical Note is organized as follows. It first provides a brief overview of the financial system structure, bank system performance, and the framework for financial oversight. Thereafter, it discusses the main findings and recommendations with regard to the regulatory and supervisory frameworks with reference to the select BCPs.

Financial System and Supervisory Structures

5. The banking sector dominates the financial system and accounts for about 90 percent of financial system assets, equivalent to about 93 percent of GDP as of June 2015. There are currently 14 banks operating in Montenegro, up from 11 in 2013. The banking sector comprises six foreign bank subsidiaries holding 79 percent of the banking sector assets.5 The remaining eight banks are owned by legal and physical persons from Montenegro and abroad. Banks’ assets are concentrated in lending products (70 percent), with most of the lending concentrated in the trade sector and households (mostly mortgages), each representing about 38 percent of total loans. Loans to nonresidents represent 18 percent of the total. Liabilities are concentrated in deposits (three-quarters of the total), which are closely split between demand (46 percent) and time (53 percent) deposits. Foreign deposits represent about 6 percent of the total deposits. Charts on the financial system structure, asset-liability profile of the banking system and their income-expense profile are presented in Appendix I. The insurance sector, accounts for about 5 percent of financial system assets, and has grown steadily at an average annual rate of 3 percent in the past five years. The rest of the nonbanking financial system plays a minor role. There are five microeconomic financial institutions with total assets of about EUR 40 million; these institutions are not funded by deposits. No credit unions or credit guarantee business operations operate in Montenegro. There is a small and declining leasing market, which is unregulated.

6. Key financial indicators of the banking system are presented below. Nonperforming loans (NPLs) in the banking system remain a difficult legacy, reflecting the impact of the global financial crisis and subsequent economic slowdown as well as lax pre-crisis lending standards. The system-wide NPL ratio has been trending downward from a high of 18.4 percent in 2013 and stood at 16.4 percent at end-June 2015, albeit with significant variations among banks. Banks’ reported capitalization appears adequate overall, though with significant variation among banks. The aggregate tier I capital ratio is about 14 percent with the capital adequacy ratio (CAR) at close to 16 percent, compared to the regulatory minimum of 10 percent, albeit with wide differences among banks. Bank liquidity is ample. Profitability continues to be very weak with aggregate Return on Assets (ROA) of 0.5 percent and Return on Equity (ROE) of 3.4 percent in June 2015. Overall lending conditions remain tight and hamper banking sector profitability. Foreign exchange bank loan exposure is modest and not a source of concern. The banking system has limited domestic interconnectedness.

7. The CBM is the only banking supervisory authority in Montenegro. It is responsible for the authorization, ongoing supervision, and revocation of bank licenses. In addition to banks, the CBM has responsibility for the supervision of micro-credit financial institutions, credit unions, and credit guarantee business operations.

8. There are two other financial regulatory bodies in Montenegro—the Insurance Supervisory Agency and the Security Commission. The insurance industry is small; it is mainly engaged in non-life business and a great part of that relates to motor insurance. There are 11 insurance companies with total assets in the region of EUR 170 million as at end-2014.

Main Findings and Recommendations

A. Supervisory Framework

9. Seven vacancies out of a total staff complement of 45 remain unfilled. This is despite the fact that the level of supervisory work has increased significantly.

10. Several articles in the LCBM deal with the governance of the central bank. These include rules relating to the Board of Directors (council), appointment of governor and deputy governors, and stated reason for the removal of council members. These meet acceptable standards. The governor and the two vice-governors are obliged by law to appear before parliamentary committees, if requested, to account for their stewardship.

11. The CBM is funded from its general central bank activities, as well as from the issuing of licenses and annual fees received from supervised entities. The CBM adopts its budget independently, and these are not subject to approval by any other body. The CBM submits its final budget to the government and parliament for information purposes, as it does its annual financial report with the external auditor’s report.

12. Article 83 of the LCBM and article 106 of the Banking Law provide legal protection to the CBM staff and agents. The articles stipulate that directors, employees, and agents will not be held liable for damages incurred during the performance of duties in accordance with the relevant laws and regulations, unless it can be proved that the particular action has been performed deliberately or as an act of gross negligence. The articles also provide that the CBM shall cover expenses of bank staff who are in court proceedings concerning the performance of their duties. However, as indicated in Paragraph 20, certain other aspects of legislation relating to staff protection are deficient.

13. The CBM publishes an annual report relating to its prior year’s activities. It includes a review and assessment of the CBM’s policies followed during the year, and a description and explanation of its policies to be following during the following year. On average, the governor and his vice-governors appear four times a year before a parliamentary committee.

14. While legislation provides for clear operational independence for the CBM, recent legislative actions may infringe upon the supervisor’s authority. There was no evidence of any interference in the day-to-day running of its affairs. However, a recent law passed by parliament, “Law on the Conversion of Swiss Franc (CHF)-denominated loans into Euro-denominated Loans,” could compromise its ability to regulate banks as it sees fit (see paragraph 16 hereunder). The law provides for the conversion of Swiss Franc-denominated loans into euros converted at the exchange rate obtained on the date the loan was first granted.

15. In effect, the law applies to one bank only, as it was the only bank to offer Swiss franc denominated loans. It offered such loans between 2005 and 2007, mainly for residential purposes. The number of loans was in the region of 450, and their current value is in the region of EUR 30 million. The bank in question must absorb the exchange loss, which could be as high as EUR 9 million (this will be somewhat offset by higher interest charges (8.2 percent per annum) on the now euro-denominated loans). The bank has initiated constitutional proceedings against the law.

16. The CBM has been charged with the implementation of the conversion law and is required to introduce detailed regulations in this regard. The CBM did not initiate this legislation, nor does it agree with it. It is concerned about the implications of a law that seeks to alter retrospectively the terms of an agreement that is freely entered into by a bank and its customer, and which would result in potential losses to a bank.

17. The CBM seeks to ensure that the cost of supervision is covered in full by the industry, and, in practice, appears to be fully funded by the industry. The CBM’s supervision expenses are covered by the fees charged to the industry. The charge is based on assets (0.065 percent) and is recalculated monthly, based on the prudential reports submitted by the banks.

18. The governor is responsible for setting salary levels in the CBM. While they are higher than those pertaining to the public sector, generally they are lower, in some instances considerably lower, than those in the industry. Within the CBM, salaries in banking supervision are 30 percent higher than in other areas in the central bank, reflecting the marketability of bank regulatory skills. The governor can also exercise some flexibility in attracting specialist regulatory skills, but, by its own admission, the CBM has not developed a clear career path for such specialists. As alluded to in paragraph 9, the CBM is having difficulty in recruiting appropriate staff due to insufficient remuneration and, as highlighted in staff exit interviews conducted by the CBM, weaker benefits.

19. From interaction with the CBM, the commercial banks and other external agencies interviewed, the assessors formed the opinion that the supervisory staff was well trained, highly knowledgeable, and professional. In recent years, turnover has been negligible and, in fact, during the recession the CBM was able to recruit very experienced staff from within the industry. At the same time, it is understood that around the time of the banking crisis of 2008–2009, a number of senior supervisors left the CBM to take up better paid positions in commercial banks; one vice governor resigned at that time due to “imbalances between powers and responsibilities” as he indicated in his letter of resignation. Earlier in 2015, three persons left the Banking Supervision Department, partly in response to the establishment of three new banks in the past year. With the departure of these staff, coupled with the additional work created by the entry of these three new banks, seven vacancies currently exist in banking supervision.

20. The legislation relating to staff protection is deficient in a number of areas. While it covers any liability incurred by staff while carrying out their functions in good faith and in the absence of negligence, it is silent on coverage for any omissions made by staff while discharging their duties in good faith as is required by Essential Criteria 9 of Principle 2 of the BCPs. Also, Essential Criteria 9 refers to protection for the supervisor as well as its staff; however, the legislation is silent on coverage for the CBM.

21. Recommendations:

  • The decision to require the CBM to supervise the implementation of a law that seeks to retrospectively alter loan agreements freely entered into, with potential losses to one bank, could be seen as compromising its operational independence. It should not be used as a precedent for any further similar legislation.

  • The CBM should seek to fill current vacancies as a matter of urgency and to provide career paths for specialist staff.

  • Staff protection legislation should be extended to cover omissions made by staff while discharging their duties in good faith and to the supervisor itself.

B. New Bank Licensing

22. Three new banks were established in the past year and one more application is currently being considered. In relative terms, this is a significant increase from 11 banks to 14 banks. This is at a time when the demand for credit is low, bank liquidity is high, profitability is low, and existing banks are coping with high levels of NPLs. The CBM says that all the new banks met the necessary licensing criteria, as indeed would seem to be the case from the assessors’ review of one of the applications.

23. Each bank submitted detailed three-year business plans, which, on the face of it, appeared feasible. Nonetheless, in the current business climate, questions must arise about the future viability of the new (and, indeed, existing) banks. A more rigorous assessment by the CBM of business plans is warranted. The CBM should interrogate much more robustly the banking opportunities identified in each application, particularly when new applicants identify, in varying degrees, more or less similar opportunities. This is apart from the fact that existing banks would also be aware of these opportunities, but would continue to struggle in a flat market.

24. The CBM has recently rejected a license application. This was on the basis that the applicant would not provide audited accounts for a company involved in the ownership structure of the proposed bank. Up to 12 prospective applicants withdrew from the process at the early stages of discussions in recent years.

25. All directors and the chief executives of prospective banks must be approved in advance by the CBM. However, there is no requirement for other senior management posts to be approved by the central bank. This is left to the directors to decide upon. Increasingly, senior management positions, such as chief financial officer, chief risk officer, and internal auditor require the prior approval of the regulator. The CBM should consider assuming this role.

26. The application assessment by the central bank of one of the recently successful applicants was reviewed by the assessors. It followed all the procedures set out in law regarding the assessment of a license application. The applicant provided a detailed business plan which, prima facie, appeared feasible. However, business plans are, of their nature, very difficult to verify. It is for this reason that a recommendation is being made that, given the existing depressed state of banking in Montenegro, a more rigorous assessment of the business plan be undertaken for all future license applications.

27. Recommendations

  • The CBM should adopt a more rigorous approach to the assessment of bank license applications, particularly to their business plan.

  • In addition to approving the appointments of directors and chief executives, the CBM should consider approving other senior posts, such as chief financial officer, chief risk officer, and internal auditor.

Supervisory Approach and Practice

A. Supervisory Approach

28. The CBM appears to have an effective supervisory regime in terms of on-site and off-site oversight, subject to one caveat. Oversight is confined to the solo bank only. The absence of effective consolidated supervision relates to both downward supervision (e.g., a bank owning subsidiaries) and to wider group supervision that examines risks posed by affiliate companies. The former has relevance in the case of Atlas Bank, which, until recently, had a banking subsidiary in Moscow that was never inspected by the CBM, nor were its records included in the off-site prudential reports to the CBM.

29. Currently, five portfolio managers cover the banks and are responsible for both on-site and off-site supervision. They are supported by experts in specific risk areas; for example, credit risk, liquidity risk, operational risk, internal controls, and internal audit, etc. However, it was noted that the credit risk expert team did not have an expert on real estate evaluations, relying instead on the valuations provided by the banks.

30. Supervision is risk-based with systemically important banks, which the supervisors define as any bank with a 10 percent or more market share, and problematic banks receiving most attention. All banks are subject to annual inspection, a small number of which are full-scope but mostly targeted. However, while termed ‘targeted’ such inspections generally cover a wide range of risks and, where relevant, will include stress testing. Capital adequacy is inspected yearly, as is generally credit risk, given its importance in Montenegro. The inspection process is supported by a detailed on-site inspection manual, which seemed generally comprehensive. The manual is also supported by the assessment methodology set out in the “Decision on Basics of the Internal Control System in Banks.” It provides for the assessment of the internal controls system established in each bank through, in the first instance, assessing the documentation setting out the internal controls systems and, thereafter, their actual implementation. This would entail checking to ensure clear principles of delegation of duties and responsibilities, checking the reliability, timeliness, and completeness of financial and other information on the bank’s activities, and checking compliance with the law, regulations, and internal documentation of the bank.

31. The CBM has a systematic on-site and off-site supervisory process. The program for on-site inspections is drawn up annually at the latter end of the previous year. It takes into account the CBM’s knowledge of the bank, its ownership structure, the outcome of the previous on-site inspection, its CAMELS rating, and the macroeconomic environment, etc. There is also an extensive off-site inspection regime supported by an off-site manual. Prudential returns are received on a regular basis, ranging from daily (liquidity) to three monthly (balance sheet, income statement, etc.), and appear to be adequately analyzed.

32. The findings of both onsite and off-site inspections are fed into a CAMELS report. This report is updated quarterly. Each component of CAMELS is assessed with a rating from 1 (lowest risk) to 5 (highest risk) from which a composite rating is calculated.

33. Portfolio managers produce monthly and quarterly off-site reports for the banks in their portfolio. From these reports they monitor relevant bank performance indicators (past due loans, nonperforming loans (NPLs), restructured loans, profitability, liquidity, etc.) Indicators for individual banks are compared to the averages for the system as a whole and outliers are pursued. Also, significant trends and emerging risks are noted. These reports are submitted to the head of supervision, to the vice governor in charge of supervision, and, if considered necessary, to the governor and Board of Directors.

34. The CBM also prepares a quarterly report covering all banks. It provides details of market share of each bank, the asset structure for each bank and for the system as a whole, including details of bad debts and provisions, restructured loans, sectoral distribution of loans, etc. Similar information is provided for deposits, including their maturity structure. Details of ownership structures and capital ratios, including the components of capital, are also included.

35. The supervisor seeks to take the macroeconomic environment into account in its risk assessment of bank and banking groups. Toward this end, the Financial Stability Council (FSC) was established in accordance with the Financial Stability Council Law of 2010. Its function is to monitor, identify, prevent, and mitigate potential systemic risks in the financial system as a whole, in order to ensure the maintenance of the financial system stability and avoid episodes that may lead to widespread financial distress. It is chaired by the governor of the CBM; its other members are the Minister of Finance, the President of Insurance Agency, and the President of the Commission for Securities.

36. The CBM undertakes stress testing of banks. The latest stress test was carried out in 2014, using baseline and adverse scenarios. The inputs for the stress-testing exercises are based on the results of on-site and off-site examinations and the various macroeconomic scenarios. Also, the CBM requires banks to have forward-looking stress testing. It assesses such stress testing during on-site examinations. However, the methodology and the rigorousness of stress testing should be strengthened.

37. The on-site and off-site supervisory regimes are carried out to a satisfactory degree. To this end, the assessors reviewed a number of on-site inspection reports, examined some off-site prudential returns, and reviewed the processes and procedures involved in their analysis and evaluation. The analyses undertaken by the CBM in these various areas appeared relevant and to the point.

38. Recommendations

  • Where relevant, include group structures in the on-site and off-site supervisory regime.

  • Recruit real estate valuation experts in the context of on-site inspections.

B. Consolidated Supervision

39. There is no system of effective consolidated supervision. While the Banking Law and the “Decision on Methods for the Preparation of the Consolidated Financial Reports of the Banking Group” provide for consolidated supervision, it is not carried out in any practical way. Consolidated supervision is also hindered by the fact that the company law that regulates the business operations of companies does not have a definition of ‘holding company.’ Thus, the concept of a holding company, whose general activity is the holding of capital in other companies, is not recognized. However, the CBM has devised its own definition of financial holding company: “financial holding means a joint stock company or limited liability company which has participations in the capital or voting rights of banks or other parties offering financial services, if it controls at least one bank.”

40. Consolidated supervision is defined too narrowly, concentrating on the accounting aspect of consolidation. However, it does not concern itself to any great degree, with requiring the supervisor to understand and assess how group-wide risks are managed, and to take action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputational risk, may jeopardize the safety and soundness of the bank and the banking system.

41. The CBM does not undertake any meaningful analysis of group companies. There is no explicit law that enables the CBM to review the activities of parent companies, and of companies affiliated with parent to determine their impact on the safety and soundness of the bank. For companies owned by banks, this is addressed somewhat by the work of supervisory colleges. Where the parent is a nonbank, any review of related companies is hindered by the absence of group company structures with an ultimate holding company at the top, in the sense that it makes it more difficult to identify related parties.

42. Currently, consolidated supervision in the sense of a bank holding subsidiaries would apply in just one case that is a medium-sized domestic bank (Bank A). Until very recently, it had a banking subsidiary abroad and currently owns a 32 percent stake in a small Montenegro insurance company. This bank is part of a wider collection of companies that are engaged in banking, real estate, television, universities, pension funds, and insurance. The group is under the control of one individual, who owns 70 percent of the shares in the bank (as well as 20 percent of a small domestic bank (Bank B)). There are also cross-shareholdings between the two banks (each less than 10 percent). Another large domestic bank (Bank C) also has nearly a 5 percent stake in Bank A, and some of the owners of Bank C own about another 15 percent of Bank A. Given the structure of the group, it could be argued that it does not lend itself to effective supervision, which is an essential feature of consolidated supervision. Also, article 24 of the Banking Law, which sets out the circumstances whereby a license application can be refused, identifies “the ownership structure of a bank disables effective bank supervision” as one of those circumstances.

43. Neither the annual audited accounts nor the prudential reports submitted by Bank A to the CBM are consolidated. In the solo accounts that are prepared, the investments in the Russian bank subsidiary and Montenegro insurance company are listed as investments that are deducted from capital for the purposes of calculating the CAR. In consequence, several important ratios are not calculated on a consolidated basis, e.g., capital, large exposures related-party lending, and liquidity.

44. One of the exclusions permitted from the need to consolidate financial reports is, on the face of it, contrary to good practice. Article 134 of the Banking Law provides that an exclusion is allowed (subject to central bank agreement) where a foreign subsidiary of a Montenegro bank is located in a jurisdiction where there are legal impediments to the submission to the Montenegro parent of data and information necessary for the preparation of consolidated financial reports. An essential aspect of consolidated supervision is that there is no impediment to the free flow of information, and no subsidiary should be allowed establishment in a jurisdiction that prevents that free flow. The CBM contends that they do not allow a Montenegro bank to establish a foreign subsidiary in a country that prevents the free flow of information. According to the CBM, the exclusion is intended to cover a situation where legislation changes in a foreign jurisdiction, where a Montenegro bank is already established, creating impediments to the free flow of information. In these circumstances, the CBM would consider taking appropriate action, including ordering the bank to sell its shares in the subsidiary).

45. Taking all these issues into account, the absence of effective consolidated supervision could give rise to systemic risk in the banking sector.

46. Recommendations

  • The CBM should implement consolidated supervision in the sense that (a) it should look beyond the narrow accounting procedure and assess potential group-wide risk including reputational and contagion risk; and (b) calculate prudential ratios on a consolidated basis.

  • It should seek to have incorporated into national business law the concept of a holding company, whose general activity is the holding of capital in other companies.

  • Examine the interconnectedness of Banks A, B and C with a view to identifying common risks and how these risks might be mitigated. In particular, the CBM should examine potential large exposure risks and related-party lending across the three banks. It should also assess the reputational and contagion risks arising from banks’ associated companies.

  • Seek the deletion of article 134 of the Banking Law, i.e., allowing for the exclusion from consolidated reporting of a subsidiary in a jurisdiction where there are legal impediments to the submission of data and information to the parent bank, to ensure that this exclusion is not available while granting permission to a Montenegro bank to establish in such a jurisdiction.

C. Corrective and Sanctioning Powers of Supervisors

47. Letters from the CBM proposing corrective measures as well as on-site examination reports are sent to the banks’ Boards. The Boards are given eight days in which to respond. Examples of such letters were seen by the assessors. The CBM has also required banks to increase prudential ratios. This generally applies to the solvency ratio. Since 2010, there have been seven occasions where banks were required to introduce fresh capital or increase the solvency ratio.

48. Over the years, the CBM has applied quite a number of corrective measures. It appointed an interim administrator on two occasions, in 2001 and 2003. It appointed an authorized representative (a CBM employee) to attend meetings of a bank’s Board in 2009. It has ordered the replacement of a chief executive, ordered increases in capital, and restricted certain activities in a number of banks, etc. From an examination of a number of examination reports, the central bank acted quickly in finalizing the reports, in sending the report to the bank, and in following up on outstanding issues.

49. The CBM does not have the power to impose monetary fines for misdemeanors (e.g., submitting inaccurate reports). If it wishes to impose a monetary fine, it must go through the Court of Misdemeanors. It has done so on 10 occasions in recent times, and the fines range from EUR 3,000 to EUR 15,000. When a bank incurs a fine, its chief executive automatically incurs a fine, ranging from EUR 500 to EUR 1,000.

50. Also, by way of penalty, the CBM can (and does) require offending banks to make one-off payments to the Deposit Protection Fund (DPF). The payments range from 0.1 percent to 1.00 percent of the bank’s own funds. (The upper limit has recently been increased to 1.5 percent of own funds).

51. Recommendation

  • The CBM should seek powers to impose monetary fines in its own right. These should be at significantly higher levels than apply in the Court of Misdemeanors.

D. Home-Host Relationships

52. The CBM’s ability to share information with fellow supervisors is governed by Articles 9 and 31 of the CBML. The home-host relationship issue is significant in Montenegro in that 7 of its 14 banks have foreign parents, 6 of whom are banks and the seventh is an investment company. Four of these Montenegro banks are regarded by the Montenegro authorities as being systemically important (defined as having 10 percent or more of the share of the banking market). Of the seven foreign owners, two are from Austria and one each from France, Hungary, Serbia, Slovenia, and Turkey.

53. In all cases, the activities of the Montenegro subsidiaries represent only a very small portion of the business of their respective banking groups. They range from under 0.2 percent to just over 3 percent.

54. Currently, no Montenegro bank has a foreign operation. Until very recently, Atlas Bank had a subsidiary in Moscow, but its license was revoked by the Central Bank of Russia (CBR) in connection with anti-money laundering (AML) activities in May 2014. The revocation was challenged by the Montenegro parent bank and the license was restored. The subsidiary was recently sold to a bank registered in Austria at par value. Payment by the Austrian bank is by way of installments over an eight-year period. The CBM has signed a Memorandum of Understanding (MOU) with the CBR, but the latter failed to advise the CBM of its intention to revoke the license of the subsidiary. This is in spite of the fact that the MOU contains the usual provisions relating to the exchange of information in relation to significant developments. The CBR informed Atlas Bank in May 2014, who in turn informed the CBM.

55. The CBM is a member of three supervisory colleges. The leads of these are the Central Bank of Hungary (OPT Group), the Bank of Slovenia (NLB Group), and the National Bank of Serbia (Group Komercijalna Banka). It has observer status only in relation to the OPT Group. The CBM would wish to participate in the supervisory colleges for banks supervised by the Austrian supervisor, but, until recently, the Austrian supervisor did not consider Montenegro’s professional secrecy provisions to be equivalent to those set out in the relevant EU directive. However, the EU authorities wrote to the Montenegro authorities in April 2015, stating that Montenegro confidentiality rules did meet EU standards. Following an initiative by the European Banking Authority (EBA), Austria has now invited the CBM to be a member of respective colleges. The CBM does not participate in the Société Générale Group supervisory college, as Banque de France does not believe the Montenegro subsidiary to be of significance. The CBM does not have an MOU with Austria, but it does with France.

56. The supervisory colleges in which the CBM participates are conducted in accordance with guidance issued by the EBA. Accordingly, the CBM exchanges information on the setting up and operational organization of the college, the planning and coordination of supervisory activities (e.g., details on the planned supervisory measures (both on-site and off-site), joint risk assessment, and planning and coordination of supervisory activities in emergency situations. Thus, the CBM has shared such information with the colleges organized by Austria, Hungary, Serbia, and Slovenia (even though the CBM has not been a formal member of the Austria-led supervisory colleges).

57. Foreign supervisory authorities have access to their banks’ subsidiaries and branches in Montenegro for the purposes of conducting supervisory activities. The Bank of Slovenia, the National Bank of Serbia, and the Central Bank of Hungary have performed on-site inspections. The CBM has joined some of these supervisors on on-site inspections e.g., Slovenia and Serbia.

58. Joint assessments on risk-based capital adequacy, based on common templates, are also carried out. These comprise joint Internal Capital Adequacy Assessment Process (ICAAP) and Supervisory Review and Evaluation Process (SREP) exercises based on the EU Capital Requirements Directive.

59. The CBM has not developed any bank or group resolution plans with resolution authorities or supervisory authorities in the home-country jurisdictions. While this may not be a priority for the home country, given the relative insignificance of the Montenegro subsidiaries vis-à-vis the parent operations, it could be major significance to Montenegro in view of the systemic importance of these subsidiaries.

60. The CBM has signed MOUs with a number of other jurisdictions. These are Albania, Belarus, Croatia, and Macedonia. It has signed an MOU with the entities of Bosnia and Herzegovina (Republic of Srpska and the Federation of Bosnia and Herzegovina). It has also signed a multilateral agreement with supervisors in South Eastern Europe (Albania, Bulgaria, Cyprus, Greece, Macedonia, Romania, and Serbia). These MOUs allow for the exchange of information with the various counterparties. In advance of signing, the CBM assessed the regulations of the future signatories, with particular emphasis on the use and confidential protection of any exchanged information.

61. On the domestic front, the CBM’s Supervision Department has an MOU with the securities regulator, but not one with the insurance regulator. An MOU with the latter is expected to be signed shortly. While there seems to be communications between the three regulators in the context of the FSC, at the prudential level contact appears infrequent and ad-hoc, notwithstanding the fact that banks engage in securities business and one bank has a share in an insurance company.

62. Recommendations

  • The CMB should continue to pursue France to become a member of the Société Générale supervisory college. In particular, it should seek to be party to the resolution plans with the resolution authorities in all relevant countries, given the systemic importance of these banks to the Montenegro economy.

  • The Supervision Department should seek to engage with the insurance and security regulators on a more formal basis and to conclude the signing of an MOU with the insurance regulator as a matter of urgency.

Corporate Governance

63. The legislative basis for corporate governance in banks is detailed and reasonably comprehensive. From interaction with the commercial banks and from a review of inspection reports, the assessors formed the view that banks were aware of their corporate governance responsibilities and appeared to implement them. The meetings with the banks were attended by the CEOs, who, in all instances, were also directors. They displayed an understanding of the Board’s role in, for instance, determining the risk appetite, overseeing the implementation of the bank strategy, etc. There was also an awareness of the roles and reporting duties for statutorily-based functions, e.g., internal control, compliance. There appeared to be less certainty regarding other committees, such as risk management, where the requirements are optional under the legislation. Of note in a number of instances, was the increased involvement of the Board in its oversight role since the property price collapse. Increased meetings were being held and, in one instance, the level at which loan applications were referred to the Board for approval was reduced.

64. It is good practice for the supervisor to provide guidance to banks on expectations for sound corporate governance. This is recommended in Basel Core Principle 14, Essential Criterion 1. The recently published paper by the Basel Committee on Banking Supervision (BCBS)—Guidelines—Corporate Governance Principles for Banks, July 2015, would be a good starting point. It deals with inter alia, Board composition, duties, and responsibilities of directors and senior management, and the roles of the internal audit and compliance functions. It also touches upon the role of a risk (management) committee, which would be of relevance in view of the findings set out in the previous paragraph.

65. Directors are appointed for a period of four years, renewable, but there is no overall time limit on how long they can serve on the Board. It is good corporate governance practice to limit the overall time span for director appointments.

66. The CBM has ordered the replacement of an executive director. This was in 2010 and the removal went unchallenged by either the individual or bank in question.

67. All banks are required to have an internal audit function reporting to an audit committee as well as a compliance function. However, both functions are carried out on a solo bank basis only. It was noted in a review of inspection reports that weaknesses in internal controls and internal audit featured significantly in findings. This is partly due to a lack of internal audit expertise, including that in IT, resulting in the internal audit function not always recognizing internal control weaknesses.

68. There is no specific section in the on-site inspection manual devoted to corporate governance. However, it was noted from inspection reports that, as a matter of course, examiners undertake work in this area, e.g., examining Board minutes, evaluating risk-management practices, assessing the work of the internal audit and compliance functions, etc.

69. As of now, Montenegro has not implemented the Financial Stability Board’s standards for compensation. It is proposed to do so through a revision of the Banking Law expected to be completed by end-2016. Currently, the shareholders at general meetings fix the compensation for Board members. In turn, the Board sets the salaries for bank employees. Some banks have established remuneration committees. Excessive or imprudent bank remuneration practices do not appear to be an issue.

70. There are no specific regulations requiring banks to notify the supervisor as soon as they become aware of any material information that may negatively affect the fitness and propriety of a bank’s Board member or a member of senior management. However, the CBM states that, based on the information and data obtained during on-site inspections or other available information, it assesses whether directors and senior management continue to meet the eligibility conditions.

71. Regular contacts between the supervisor and senior management are maintained via the portfolios managers and the management of the Supervision Department. Such contacts are made when issues of significance arise and clarifications are required by the CBM in relation to issues of interest. During inspections, examiners work closely with management with a view to understanding how well or otherwise the bank is being run and assessing the caliber of management. Contact with Board members is undertaken as needed. By law, the Board is required to respond to inspection reports.

72. Recommendations

  • The CBM should consider providing guidance to banks on expectations for sound corporate governance.

  • The CBM should consider placing a limit on how long directors can remain on banks’ Boards. A maximum of two renewable periods (i.e., up to 12 years in all) is recommended.

  • The internal audit function in banks should be extended to total group activities and not confined solely to the bank.

  • The CBM should consider introducing a specific section in the on-site inspection manual devoted to corporate governance.

  • The CBM should consider introducing a specific rule requiring banks to notify the CBM as soon as they become aware of any material information that may negatively affect the fitness and propriety of a bank’s Board member or a member of senior management.

Capital Adequacy

73. Banks in Montenegro are required to maintain a minimum (absolute) capital of €5 million and a minimum CAR of 10 percent of RWAs for all but one bank, which has a minimum ratio of 12 percent. The CBM has implemented the simple approaches under Basel II since 2011. Banks are maintaining capital as per the standardized approach for credit risk, the basic indicator approach for operational risk, simple maturity approach for interest rate risk and commodities risk, and risk weight approach for forex risk. Banks in Montenegro do not have an active trading book and forex risk is their main risk under market risks (Table 1). Though banks are allowed to implement the standardized approach for operational risk with the CBM’s prior approval, none have opted for that. Banks have been allowed to use the external ratings assigned by S&P, Moody’s, and Fitch. The CBM has not undertaken independent due diligence on these rating agencies, but has indirectly relied on the EU supervisors’ due diligence. No bank is currently allowed to use the internal ratings based approaches (for credit risk), the internal models approach (for market risk), and the standardized approach or the advanced measurement approach (AMA) (for operational risk). Consequently, banks are not permitted to use internal assessments of risk as inputs to the calculation of regulatory capital.

Montenegro: Table 1.

Main Recommendations

article image
article image

I-Immediate” is within one year; “NT-near-term” is 1–3 years; “MT-medium-term” is 3–5 years.

74. The CBM has adopted a conservative approach to Basel II implementation by requiring higher minimum capital ratio, higher capital for operational risk and capital for country risk. Banks are required to maintain (a) minimum CAR of 10 percent, (b) capital for operational risk at 18.75 percent of average net income (before provisions and without taking into account extraordinary items) of the previous three years, and (c) capital for country risk where exposures to certain countries can attract an additional risk weight up to 300 percent (in addition to the risk weight for credit risk). Banks are also required to deduct investment in immovable property and fixed assets that are in excess of 25 percent of bank’s own funds. The CBM has also used its powers in the past to require banks to maintain a higher capital ratio (12 percent) taking into account their risk profile.

75. Banks have in place an Internal Capital Adequacy Assessment Process (ICAAP) and maintain capital to cover the nature and level of their materially important risks. Under the ICAAP, banks are required to adopt a forward-looking approach to capital adequacy. They are also required to take into account their strategic plans, macroeconomic factors, loan growth expectations, future sources and uses of funds, and dividend policy. While banks review and revise their internal capital adequacy assessments at least once a year, they are required to do it more frequently in the case of any significant changes in their risk profile. The CBM evaluates the ICAAP through the SREP every year during the on-site inspections. Banks generally maintain additional capital under Pillar 2 for interest rate risk in the banking book, country risk, liquidity risk, residual risk, concentration risk, strategic risk, reputation risk, and other risks on the basis of their internal methodologies, including at times an ad hoc additional capital of x percent of RWAs. The banks’ methodologies are vetted during the annual on-site inspections and, if required, the CBM requires banks to allocate a higher capital for the Pillar 2 risks.

76. The items of capital that have been allowed to be reckoned as Tier 1 and Tier 2 are largely meeting the criteria laid down in Basel II. The noted deviations are (a) hybrid debt allowed as tier 2 capital is not required to be discounted during the last five years of maturity (currently, no bank has raised capital through hybrid debt), (b) fixed asset revaluation reserve need not be discounted (by 55 percent as applicable for latent reserves), and (c) deferred tax assets and significant investment in the equity of restructured borrowing entities are not required to be deducted.

77. The risk weights assigned to the credit risk exposures are consistent with or more conservative than the Basel II levels in almost all cases. The exceptions are lower risk weights assigned to nonperforming assets (100 percent instead of 150 percent and 50 percent instead of 100 percent, depending on the level of provisions held by banks) and the use of national discretion to assign a 50 percent risk weight for exposures secured by commercial real estate (as against 100 percent or the risk weight determined by external rating). Basel II allows this discretion for commercial real estate only for jurisdictions with well-developed and long-established markets.

78. While the CBM has required a higher capital for operational risk than under the Basel framework, the low level of capital for operational risks may need a review for adequacy. Banks are using the BIA approach to calculate RWAs for operational risk. As set out in Table 1, the RWAs for operational risk is 1.40 percent of total RWAs. Low profitability of the banking system has attributed to low levels of RWAs for operational risk, when compared with an average of between 5 percent and 7 percent observed during the Basel Committee’s calibration exercises for Group 2 banks.). As a low RWA’s for operational risk may not be providing necessary incentives for banks to manage this risk, the CBM can review the adequacy of capital held for operational risks.

79. The CBM can initiate supervisory responses whenever a bank breaches the minimum requirements. However, in the recent past, they have chosen to invoke their supervisory powers to respond to declining capital levels in some banks, even before they breached the minimum requirement. The Banking Law explicitly provides that the CBM can impose interim administration in a bank if its own funds and/or solvency ratio are below a half of the prescribed level (article 120 of the Banking Law) and revoke the bank’s license if the solvency ratio is below one quarter of the prescribed level (article 129).

80. Recommendations:

  • The CBM should review the eligible items of capital and risk weights assigned to specified exposures, and bring these in alignment with Basel II.

  • While the observance of Pillar 2 and the SREP processes have been well established, the CBM can consider further improving the effectiveness of the Pillar 2 implementation in banks by developing additional supervisory guidance and benchmarks with reference to the methodologies for assessing Pillar 2 risks and assigning appropriate levels of additional capital. This can help in promoting consistency among banks’ Pillar 2 practices. To begin with, they can consider extending this to the systemic or internationally active banks.

Risk Management Process

81. The relevant provisions in law and regulations clearly set out the requirements and responsibilities of the banks’ Board of Directors and senior management. These also adequately empower the CBM to effectively supervise risk management in banks. The CBM has issued detailed regulations on all major risks (including, credit risk, market risk, operational risk, interest rate risk in the banking book, liquidity risk and country risk), though some of these might not be a material risk for the banks and the banking system.

82. Laws and regulations require the Board of Directors to establish and maintain, among others, a risk management system for the risks to which the bank is exposed. Laws and regulations specify that banks’ risk management systems shall include, at a minimum, the bank’s objectives and strategies; risk-management policies and procedures; well-defined powers and responsibilities for risk management; review and evaluation of exemptions from the established policies and procedures; ethical code of conduct for bank employees; approval processes and framework for introduction of new products and services in the bank’s operations; efficient and safe information technology system; periodical stress testing; contingency plans; robust internal audit framework; and effective internal control systems as appropriate for the size, complexity of operations, and the level of risk in each bank.

83. Banks’ Boards are required to adopt a risk-management strategy that spans a period of not less than three years, but are to be reviewed at least annually. A bank’s risk-management strategy should include, at a minimum, objectives that the bank wants to accomplish through the strategy; selection and composition of business activities, products, and services that will be dominant in the bank’s performance; expected risk-return relationships; and general criteria and methods that are relevant for the establishment of risk-management frameworks.

84. Banks’ risk management policies and procedures must be designed to accomplish their risk-management strategy. These should include, at a minimum, the risks to be covered, the risk identification methods to be adopted, limits and control procedures for individual exposures and aggregate exposure to individual risks in accordance with the size of a bank, complexity of products and services in its operations, and the level of assumed risk; the framework for reporting to the Board of Directors and senior management; the manner of connection of activities of individual risk management in bank with activities that are performed in dependent legal persons and other entities subject to supervision on consolidated basis and the manner for incorporation of these activities in the structure of risk management on consolidated basis. Banks are required to review the risk management policies at least annually.

85. During the on-site examinations, the CBM pays special attention to reviewing the risk-management strategies, processes, and procedures implemented by banks. These are assessed for their effectiveness, adequacy, and compliance with the requirements of laws and regulations. Supervisors review banks’ risk strategy, risk appetite, and the procedures and processes for identification, measurement, and monitoring and controlling the risks they assume and are exposed to. They also review banks’ documentation of the strategies, policies, and procedures, and their communication across the banks. Supervisory dialogue with banks is structured to also cover elements such as internal governance (including compliance and internal audit controls), the organization of the bank’s business, and how the bank allocates capital against risk.

86. During on-site examinations, supervisors focus especially on the adequacy and quality of reporting to the management and the Board on the material risks to which the bank is exposed. During on-site examination, supervisors determine whether the bank’s capital is sufficient to support its risk profile and/or to cover all risks to which the bank is exposed. The CBM may require the bank to increase the amount of own funds, ensure higher solvency ratio and/or other capital adequacy indicators than those prescribed. During the last five years, the CBM has required four banks to maintain higher capital or raise additional capital to match their risk profiles. During the last few years, banks have been having excessive liquidity, and this risk was not a matter of concern. Banks are not using models for measuring or monitoring risk for both regulatory and internal needs, but are relying on simple and conventional methodologies for these purposes.

87. While the framework and practices for risk management in banks are largely in alignment with the laws and regulations, there are a few areas where the CBM can seek and promote improvements in the governance framework for risk management. Some of the key areas for improvement are as below:

  • a) The CBM accords permission to the appointment of members of banks’ Boards on the basis of the fit-and-proper norms established for Board members. However, this does not adequately ensure that the Board members have sound collective knowledge and understanding of the major items of risks that the bank is exposed to.

  • b) No bank has established a risk management committee of the Board, but most have established a dedicated risk management unit/department. However, the head of risk management does not always have direct access to the Board or the audit committee of the Board. The risk management function is subject to oversight by the chief executive officer or executive director.

  • c) Appointment of chief risk officers (CRO) in banks is subject to the CBM’s prior approval, but their removal can happen without the CBM’s prior approval. However, the CBM is informed of the removal when the bank seeks the approval for the appointment of the new CRO.

  • d) While banks are required to identify and account for risks in new products approval processes, this is not explicitly required for internal pricing and performance measurement.

88. Banks are required to address all material risks that have not been directly addressed in laws or regulations, including reputational risk and strategic risk. Banks are required to establish appropriate risk management systems for these “other” risks and also to account for these in their ICAAPs. Guidance to banks allows them the option of choosing either a flat capital add-on (say 5 or 10 percent) or using own methodology for assessing capital needs for these risks.

89. Banks are required to undertake periodical stress testing for their material risks. These are to be undertaken at least once a year in the context of banks’ ICAAP. In addition, banks are required to undertake stress tests at least quarterly and report the results to the CBM. Stress testing outcomes are generally one of the inputs to banks’ assessment of their capital requirements for material risks that feeds into their ICAAPs, capital plans or strategies, and risk-management strategies. Banks’ stress testing assumptions and outcomes are reviewed by the CBM during annual inspections while reviewing risk management and while undertaking SREPs.

90. Banks are yet to develop recovery and resolution plans to address stress at the institutional level. Banks are required to undertake stress testing for their material risks and have appropriate contingency plans for managing stress situations. While these address stress in specific risk exposures, banks have not been required to develop recovery and/or resolution plans to address stress at an institutional level. The CBM has plans to comply with this by 2017, when Montenegro will establish these in alignment with those designed for EU jurisdictions, as appropriate for banks operating in Montenegro.

91. While banks are required to maintain capital for operational risk, banks and CBM can improve their information systems to support proactive management and supervision of operational risk. The CBM has yet to establish a comprehensive off-site supervisory framework for periodical monitoring or assessment of operational risk in banks. Introducing this may also require improvements to banks’ information systems to adequately support (a) compiling and analyzing operational risk data, (b) monitoring of operational risk, and (c) facilitating appropriate reporting to the banks’ Boards and senior management. The CBM should consider improving the database on operational risk events and losses in banks, which can eventually help in promoting better operational risk management in banks and also in the supervision of this risk.

92. Banks in Montenegro are reportedly having common points of exposure to operational risk, which can also pose potential vulnerability to the banking system. Banks have been procuring products and services or have outsourced some of their operations, including core banking solutions. These have been reportedly outsourced to a limited number of entities/service providers which can be perceived to be posing a concentration risk for the banking system. It is understood that the CBM is already aware of this concentration. As the banks will require some time to put in place alternate arrangements, the CBM should require banks to consider alternate options, including in-house options, and developing appropriate contingency plans at their level. At the same time, the CBM must also formulate its own contingency plans for addressing any potential stress events in this area.

93. The CBM has required all banks to establish appropriate systems for measuring interest rate risk in the banking book, but additional guidance can help. All banks seem to have relied on and adopted the methodology laid out by the CBM in its decision (on the “Minimum standard for managing interest rate risk in the banking book),” which is based on the modified duration approach for measuring the economic impact of a parallel 200 bps interest rate shock on the bank’s rate sensitive assets and liabilities. Some of the elements of the CBM methodology can be seen as an approximation of the effective exposure to interest rate risk and can be improved. The improvements can be in terms of (a) providing explicit guidance to banks for the plotting of each type of rate sensitive assets (RSA) and rate sensitive liabilities (RSL) (for example, currently, the decision is silent on the inclusion of cash, non-interest bearing demand deposits and placements, Nonperforming assets (NPAs), subordinate debts), (b) requiring banks to measure its risk exposure for each of its RSA and RSL relying on the respective maturities/reprising dates and yields, and (c) requiring banks to reckon the economic value impact of the standard shock on the bank’s equity (common equity Tier 1 (CET1) capital) and the income impact.

94. Banks do not have a material exposure to market risk. In the absence of active securities, foreign exchange, commodities, and interest rate markets, banks do not have an active trading book and, hence, they have very little or no exposure to market risks other than exposure to foreign exchange risk arising from their net open positions. The CBM requires banks, whose net aggregate positions (long or short, whichever is higher) are more than 2 percent of own funds, to maintain capital for market risk.

95. Recommendations:

  • Ensure an improved governance framework for risk management in banks, as detailed above.

  • Require improvements to banks’ information systems to monitor and report operational risk events and losses to develop the operational risk database, to promote better operational risk management in banks and in their supervision.

  • Require banks to develop appropriate contingency plans to address common points of exposure to operational risk arising from product procurement and outsourcing of services; the CBM is to formulate its own system-level contingency plans for addressing any potential stress events in this area.

A. Credit Risk Management

96. Credit risk is the largest risk for banks in Montenegro. Loans and receivables from banks and clients account for about 70 percent of total assets, investment in securities (largely government securities, and held to maturity) is about 11 percent, and cash/balances with the central bank is about 14 percent. Loans to residents are about 82 percent of total loans (43 percent to legal entities and 39 percent to individuals). In terms of capital adequacy requirements, as mentioned in Table 1, RWAs for credit risk account for almost 99 percent of total Pillar 1 capital requirements.

97. During on-site examinations, supervisors examine banks’ risk management strategy, policies and procedures to determine their adequacy in relation to the bank’s size and business plans, and their effective implementation. Supervisors have full access to all information and records in banks, and to all staff and senior management who are involved in assuming, managing, controlling and reporting on credit risk. Supervisors also assess banks’ risk management systems with reference to the requirements in laws and regulations and their actual implementation. Supervisors assess whether banks’ documents include loan granting criteria and delegation of powers for granting new loans and refinancing existing loans, whether the adopted policies and procedures include establishment of risk limits, assignment of responsibilities, procedures for recommending and approving decisions, methods for documenting and implementing decisions, and the framework for tracking and reviewing exceptions. In case of shortcomings, banks are required to comply with the supervisory recommendations and corrective measures, if any.

98. Weaknesses in the broader operating environment are diluting the effectiveness of banks’ credit risk management and the CBM’s ability to supervise this risk. These weaknesses include the non-availability and reliability of borrowers’ audited financial statements, inability to independently verify or establish connectedness among counterparties—particularly for those that are not of Montenegro—scope for excluding or discounting certain exposures while measuring credit risk, quality of valuation and the time to realize collateral, and third-party initiated modifications to bank-borrower contracts that adversely impact credit discipline. Some of these are elaborated below and in other parts of the Technical Note.

99. Non-availability of reliable sources of borrowers’ financial information is posing challenges to credit risk management. The Law on Accounting and Auditing requires that joint stock companies, large legal entities, and parent legal entities that, jointly with the subsidiary legal entities, meet any two of the criteria for large legal entities6 need to have their financial statements subjected to an independent external audit. Anecdotal evidence7 suggests that the legal entities that meet these criteria are about 10 percent of registered legal entities, and even among those that need to have their financial statements subjected to an external audit, about 75 percent to 80 percent of the financial statements are bearing a qualified audit opinion. This has serious implications for banks’ ability to make meaningful assessments of the financial status and, therefore, the creditworthiness of their debtors and potential debtors. Consequently, this will also impact banks’ ability to identify nonperforming assets (NPAs) on the basis of the counterparty’s ability to repay.

100. Banks and the CBM are not well supported by a robust credit infrastructure that can promote better credit risk management and supervision. While identifying entities connected to a counterparty (for identifying and managing large exposures and bank-related-party exposures or transactions) banks and the CBM verify the information on ownership structure of legal persons in the Central Registry of Business Entities (CRBE) of Montenegro and in the Central Depository Agency (CDA). The Central Registry of Business Entities contains data on ownership structure including also the names of nonresident owners, and functions and authorizations of the natural persons in such a legal person. The Central Depository Agency provides data on ten largest shareholders, the number of shares and the percentage of ownership in a legal person organized as a joint stock company, which includes also nonresident shareholders. In case of business transactions with nonresident legal persons, the banks require data on such a person from the registry of business entities from the country of the nonresident. The BCP team understands that the database in the CRBE is not amenable to a comprehensive search and, hence, reliance on that source does not assure identification of all connected legal entities. Further, the CRBE and the CDA contain data pertaining only to domestic entities and, hence, identification of foreign (nonresident) connections may not be complete. These features adversely affect banks’ (and the CBM’s) ability to undertake independent identification and verification of connected counterparties and related parties, thus affecting banks’ and the CBM’s ability to have a comprehensive and aggregate view and measure of large exposures and related-party exposures.

101. Banks invariably collateralize their credit risk exposures by obtaining a charge on real estate properties, including residential and commercial real estate. Anecdotal evidence indicates that recovery of dues by foreclosing collateral takes about five years, execution of decrees is a challenge, the cost of recovery is around 25 percent, and recovery rate in respect of bankruptcy proceedings is less than 50 percent.8 It is also understood that there is a soft issue in Montenegro where the residents evince low interest in buying foreclosed properties due to cultural factors. These collectively have an important bearing on the banks’ ability to efficiently foreclose and recover their dues, particularly in respect of loans secured by real estate.

102. Banks are invariably managing their risks on a solo basis and the CBM is undertaking regulation and supervision of banks on a solo-bank basis. This has implications for the effectiveness of the several prudential requirements placed on banks by the CBM and, in the overall context, for the effectiveness of regulation and supervision of the banking system. In particular, this has implications for the management and supervision of credit risks in banks, which is the most dominant risk for the banking system.

103. Banks are required to perform stress testing of their exposure to credit risk at least once a quarter. They are required to identify potential events or future changes in economic conditions that could have adverse effects on bank’s exposure to credit risk and assessment of bank’s capacity to sustain such changes. Banks are also required to prepare action plans to respond to unfavorable stress test results. Banks’ stress testing results are submitted to the CBM every quarter, and the design, assumptions, results, and responses are reviewed by the CBM during their annual on-site examinations.

104. Recommendations:

  • Take the initiative to promote improvements in the operating environment to facilitate more meaningful assessment and management of credit risk by banks and its supervision by the CBM.

  • Extend the prudential norms currently applicable to solo banks to the consolidated bank.

  • Review and revise (a) banks’ public disclosure requirements for their credit risk exposures to include explicitly large exposures, related-party exposures, and risk concentrations, and (b) the CBM’s public disclosures of banks’ large exposures, related-party exposures, and risk concentrations.

Problem Assets, Provisions, and Reserves

105. Banks have been struggling with asset quality issues for a while, and are able to make only slow progress. This has adversely affected the banks’ ability to record healthy growth and incomes. This is an outcome of a combination of events and situations, which are not entirely rooted in the banking system or in weaknesses in the regulatory and supervisory frameworks. Banks and the authorities have been trying to resolve asset quality issues in the banking system over the last few years, mostly through transfer of assets to special purpose vehicles (so-called factoring companies) or to parent banks, This helped to reduce the reported NPLs at the system level to 16.45 percent as at end June 2015 (from 21 percent in end-2010), although the NPLs at individual banks ranged from 5.45 percent to 34.97 percent. Also, the transfer has not removed the NPLs from the system as a whole, but only to the books of different entities.

106. The prudential framework for identification and measurement of problem assets is conservative in some respects, but it has significant gaps that result in incorrect presentation of the level and quality of nonperforming assets. This arises mainly because the prudential framework (a) allows banks to reclassify assets as performing or nonperforming on the basis of types of collateral held by them irrespective of the borrowers’ ability to repay, (b) lacks adequate clarity and consistency for restructuring or rescheduling loans and their prudential treatment, and (c) lacks adequate clarity on reclassification of nonperforming assets to lower risk categories. As a result, a loan can be treated as a performing loan for up to 180 days past due (DPD) or assigned a better asset classification status, even if the quantitative and qualitative criteria may otherwise require it to be classified as nonperforming, and some loans can be assigned a better grade than the lowest grade, even though they have been nonperforming for several years. Moreover, some of the permitted items of prime and adequate collateral may not be adequately high quality.

107. The CBM requires banks to assign their balance sheet and off-balance-sheet items to five asset classification categories (A to E), on the basis of qualitative and quantitative criteria, but also allows banks to assign a better asset classification grade for loans backed by specific types of collateral. The criteria for asset classification include debtor’s credit capacity, debtor’s regularity in meeting its obligations, collateral quality, and other relevant factors. The quantitative criterion in terms of DPD can be seen as a binding criterion, except where banks hold either “prime” or “adequate” collateral. Banks holding prime collateral can retain a loan in category A up to 180 DPD. Banks holding “adequate” collateral can assign one-level better asset classification category than that assigned to an unsecured NPA. This effectively allows banks to postpone recognition of deterioration in asset portfolio quality and also delays supervisory recognition of asset quality deterioration. While classifying assets under the five categories, banks are required to undertake individual evaluation for all exposures in excess of EUR 50,000, and are allowed to adopt a portfolio approach while classifying exposures less than that amount. Loans classified in categories C to E are treated as NPLs. The prudential asset classification norms for unsecured exposures; for exposures secured by prime collateral; and for those secured by adequate collateral is presented in Table 2.

Table 2.

Montenegro: Composition of Regulatory Capital and Risk-Weighted Assets

article image

108. Though not relevant for classification, some of the items reckoned as prime or adequate collateral for the purposes of asset classification might not truly reflect high quality with reference to ability to recover dues with minimum lapse of time, with negligible or no loss of value, and with negligible or no cost of recovery. These qualities of high quality collateral may not be fully present in the following (a) items of “prime” collateral: namely, debt securities, as well as guarantees, counter guarantees, other forms of sureties and other similar instruments of unfunded credit protection issued by the regional and self-government units, and public authorities and members of a banking group; 9 (b) items of “adequate” collateral: namely, pledge on movables, debt securities issued by un-rated legal entities, equity securities and convertible bonds, credit derivatives, life insurance policies, and mortgage or fiduciary of immovable properties, subject to their meeting specific additional criteria.10

109. The CBM requires banks to maintain the higher of regulatory and accounting provisions in a manner that does not interfere with banks’ compliance with accounting standards. Banks are required to set aside additional reserves (post tax appropriation) when the level of accounting provisions for impairment is lower than the regulatory provisions required for NPAs. Such additional reserves are not counted as capital while computing banks’ capital adequacy. When banks either do not hold adequate provisions (and additional reserves as above) for NPAs, the shortfall is deducted from capital by the supervisors while computing capital adequacy. While computing provisions for NPAs, banks are required to compute the provisioning with reference to the exposure (balance sheet plus off-balance-sheet exposures) without allowing any benefit for collateral (please see for the prudential provisioning requirements for NPAs).

110. Prudential regulations require banks to apply the lowest asset classification category assigned to a counterparty, to all other exposures to that counterparty, but allows exemptions, which can be material. Banks can assign a better asset classification status to the exposure or portion covered by “prime” or “adequate” collateral, if (a) the collateralized exposure has not received the lowest classification, (b) the bank can justify higher classification on the basis of recoverability, and (c) more than 90 percent of the exposure to the counterparty has been classified as category A or B. As a consequence, banks are also allowed to assign a single loan to different asset classification categories.

111. The regulatory framework for prudential treatment of restructuring or rescheduling amounts due from borrowers/other debtors is ambiguous and could be implemented differently. This allows room for incorrect measurement and assessment of asset quality and, consequently, on banks’ management of NPAs. The areas of ambiguity and inconsistency with good international practices that warrant improvements in the prudential framework for restructured/rescheduled loans (RRL) are:

  • Asset classification of RRL when it is restructured (can be retained in the same category or can be upgraded);

  • Asset classification of RRL when it is not to be treated as RRL as per regulations (that is ignoring the event of restructuring/rescheduling) such as when the loan is restructured for reasons beyond the borrowers’ control, and/or when interest reduction or interest capitalization is made for reasons other than due to the deterioration of borrower’s credit capacity (can be retained or can be upgraded);

  • Asset classification status of new dues under the revised terms (can be classified differently from the asset classification status of past dues);

  • Upgrading asset classification after three months’ timely repayment under the new terms (upgrade by one stage or more stages); and

  • Asset classification status of RRL that has been placed under “sustainable financial restructuring” and is restructured or rescheduled a second (or more) time. For example, when the bank modifies terms because a borrower experiences difficulty in meeting the revised terms, or the bank accommodates delays in meeting the revised repayment schedule.

112. The CBM has not issued any regulation or guidance for reclassifying a nonperforming exposure as a performing exposure. As a result, the situation is ambiguous, leaving scope for several interpretations and practices, including among supervisors. The BCP team understands that there could be loans that have been NPLs for several years but are graded above the lowest grade.

113. The current provisioning requirements are applied in a conservative manner, but the CBM should undertake a comprehensive review to assess the adequacy of the provisioning rates. The current provisioning rates were established in 2012. It is understood that the CBM is yet to assess the adequacy of the provisioning rates with reference to the losses that banks actually encounter while resolving NPAs. Evidence from the “Doing Business 2015 Report” suggests that the cost of recovery of collateral in Montenegro is about 25 percent and the rate of recovery in case of bankruptcies is less than 50 percent. The loss rates would be different for borrowers from different sectors or regions and would also differ on the basis of the credit risk mitigants used (for example, collateral or guarantor). This study can inform the CBM about the adequacy of the current provisioning rates for different asset categories. The CBM can also review the level of concentration the banks and the banking system is exposed to through the collateral route. Land and real estate are reportedly the primary sources of collateral for bank loans.

114. In addition to complying with laws and regulations for the establishment of strategies, policies, and processes for managing credit risk, banks were required to develop a comprehensive three-year strategy for dealing with NPLs. The banks also have to determine annual operating objectives related to reducing the level of NPLs. Banks were required to submit to the CBM: (a) an NPL resolution strategy that has been adopted; and (b) annual operating objectives by January 31 for the year for which operational objectives are determined. Supervisors undertake ongoing analyses of the NPA management strategy and progress thereunder and review progress when they undertake on-site examinations. They also undertake a detailed review of asset classification and provisioning by banks with reference to the regulatory requirements, and frequently require banks to reclassify or make additional provisions for NPAs.

115. Recommendations:

  • Clarify and improve the prudential norms for identification, classification, and reclassification of nonperforming assets, including norms for uniform classification and RRLs, among others, mainly by delinking asset classification from collateral.

  • Undertake a study of the adequacy of the provisioning rates for the various asset categories with reference to the actual recoveries/loss rates with reference to the borrowers’ operating sector, the nature and location of collateral, and the time taken to collect or recover.

A. Concentration Risk and Large Exposure Limits

116. The CBM has in place prudential requirements pertaining to name concentration, but not for other types of concentrations. (e.g., sectoral, geographic) The laws and regulations have established prudential limits on large exposures Table 3. Regulations require that banks should analyze, to the extent possible, the concentration of exposures to collateral providers, unfunded credit protection providers, and underlying assets with specific exposures (securitization, open investment funds) and report to the CBM on all significant findings.

Table 3.

Montenegro: Prudential Asset Classification and Provisioning Norms for NPAs 1/

article image

Articles pertain to the decision on minimum standards for credit risk management in banks.

117. The definition and guidance for identifying connected counterparties is clear in law and regulations. The definitions largely and explicitly cover the types of connectedness that can expose the banks to risks through large exposures. These include connectedness through control and economic dependence. The CBM does not have explicit power to exercise discretion in applying this definition on a case-by-case basis. However, supervisors are able to include recommendations to this effect in their inspection reports or post-inspection letters (advice) to banks.

118. Regulation and supervision take a less than comprehensive approach for measuring exposures and enforcing compliance with prudential requirements. The CBM regulations allow banks to exclude certain items of exposures while assessing and managing credit risks. Some of these seem to be arising from incorrect extension of capital adequacy norms to measurement of credit risk and concentration risk. The permitted exemptions apply across the Board, including for computing large exposures and assessing compliance with the prudential limits on large exposures and related-party exposures, and some for measurement and provisioning for NPAs. These collectively lead banks to underestimate their overall exposure to credit risk and also have implications for supervisory assessments of credit risk concentration and risk management in banks. Consequently, the CBM’s focus is on banks’ net (i.e., lower) exposures to credit risk instead of on the gross exposures.

119. The methodology for computing exposures (including large exposures) for prudential purposes allows banks to exempt, or deduct or discount exposures while measuring and reporting large exposures. This is at a variance from the Basel requirement11 and can have significant implication for accurate identification and aggregation of risk concentrations. Basel has reviewed and revised its approach to large exposures in April 2014, which allows banks to apply credit conversion factors to off-balance sheet exposures with a floor of 10 percent and to deduct certain items of collateral, but it does not allow the application of a risk-weight approach to measuring exposures. However, the current practice in Montenegro is still at a significant variance from the revised Basel approach as well (see Appendix I for details). The CBM also does not recognize exposures to central governments and public sector enterprises as large exposures, though required under Basel norms.

120. A review of banks’ level of gross large exposures reveals that some banks may be effectively breaching the prudential limits on exposures to a single counterparty or a group of connected counterparties. The available data in the CBM reveals that the average gross large exposure per counterparty is above the prudential limit of 25 percent of own funds in two banks (Table 4). This review was undertaken by CBM experts on the basis of the secondary data available to them and does not include exposures to central governments, regional governments, and public sector enterprises.

Table 4.

Montenegro: Prudential Limits for Large Exposures

article image

121. Regulations require banks to perform stress testing of the loan portfolio without specifying that banks should stress large exposures or risk concentrations. However, banks are required to identify potential events or future changes in economic conditions that could have adverse effect on their exposure to credit risk and assess their capacity to sustain such changes. The CBM supervisors independently perform stress testing of banks’ risk exposures every quarter, which include stress on large exposures and failure of largest borrowers. The CBM can improve the scope and effectiveness of stress testing in banks by explicitly requiring banks to perform stress tests on their risk concentrations, including, for example, by name, sector, geographic, and collateral concentrations.

122. Supervisors do review and discuss concentration risks with banks, particularly in the context of their ICAAPs. Ten of the 11 banks that were operating in December 2014 are maintaining additional capital for concentration risk under Pillar 2. Supervisors also review concentration risks on the liability side of bank balance sheets, namely concentration among depositors. Coverage of concentration risk under ICAAP and SREP is largely focused on name concentration and additional capital requirements tend to be determined by banks’ internal methodologies, which includes the Herfindahl-Hirschman Index (HHI).

123. Recommendations:

  • Revise the exposure measurement norms to be in compliance with the Basel norms in this regard and commence monitoring name-risk concentrations both on gross and net exposure bases.

  • Improve regulatory framework for identifying, measuring, monitoring, and managing direct and indirect risk concentrations, including sectoral exposures, geographic exposures, and exposure to residential and commercial real estate. This should also include explicit requirements for stress testing banks’ exposure to risk concentrations.

  • Enhance CBM monitoring and supervision of all types of risk concentrations.

  • Improve the scope and effectiveness of stress testing in banks by explicitly requiring banks to perform stress tests on their risk concentrations, including, for example, name, sector, geographical, and collateral concentrations.

B. Transactions with Related Parties

124. The definition and guidance for identifying bank-related parties is clear in law and regulations, but need to be broadened to fully align with Basel norm.12 The definition of bank-related parties does not include the major shareholders, Board members, senior management and key staff of the bank’s subsidiaries, affiliates and single points of entry, as well as their direct and related interests, and their close family members.” This omission can weaken the regulatory requirements on conflicts of interest with respect to the entities in the banking group. As in the case of large exposures, the CBM does not have explicit power to exercise discretion in applying this definition on a case-by-case basis. However, supervisors are reportedly able to include recommendations to this effect in their inspection reports or letters/advice to banks that follow inspections, with which banks have reportedly complied.

125. The definition and guidance for identifying transactions with bank-related parties are clear in law and regulations but can be made more comprehensive.13 Requirements regarding operations with parties related to a bank are prescribed in the Decision on Minimum Standards for Operations with Bank Related Parties, and Article 78 of the Banking Law. As per these requirements, when a bank provides or uses the services of its related parties, it shall not provide them with services under more favorable conditions than the conditions under which it provides such services to other parties, or it shall not use the services of bank-related parties under the conditions which are less favorable than the conditions under which other parties would provide such services to another bank. Banks are required to establish procedures to identify and record on a regular basis all bank-related parties and all operations, activities or transactions with bank-related parties. The definition of “transactions” in law and regulations does not explicitly mention service contracts, construction contracts, lease agreements, derivative transactions, borrowings and deposits with/from bank-related parties. This is another major weakness in the regulations, as banks will be exposed to conflicts of interest whenever they enter into these types of transactions with bank-related parties. CBM maintains that expressions such as operations, activities and transactions are used in the above requirements that imply to all transactions with bank-related parties, including those that are not explicitly mentioned, and that all transactions are checked and operations with bank-related parties are noted in the Examination Report.

126. The CBM has established clear prudential limits for exposures to related parties, and this varies according to the nature of the relationship and the nature of counterparty (individual or legal entity) (Table 5). While the individual limits fixed for each related party can be seen to be in alignment with the expectations and requirements in the BCPs, the prudential limit for aggregate related-party exposures at 200 percent of capital funds is at a wide divergence with BCPs. The CP (EC 5) requires that when limits are set on aggregate exposures to related parties, they are at least as strict as those for single counterparties or groups of connected counterparties. In this context, the prudential limit articulated in CP 19 (AC1) for exposures to a group of connected parties is 25 percent of a bank’s capital.

Table 5.

Montenegro: Banks’ Gross Exposures and Net Exposures Among Large Exposures

(December 2014)

article image

127. The deviation from BCPs becomes wider when this is viewed in the context of the exemptions, deductions, and discounts allowed by the CBM for measuring exposures (Appendix Table 1). While the aggregate gross and net exposures to related parties is already in excess of the prudential limits suggested under the BCPs in nine banks, the effective exposure to a single related party might also be in excess of the prudential limits established by the CBM in a few banks. A quick analysis by the CBM on the basis of the available data reveals the situation presented in Table 6.

Table 6.

Montenegro: Prudential Limits for Related-Party Exposures

article image

As percentage of capital funds, not more than).

128. Transactions with bank-related parties can be undertaken in effect without the Board’s prior approval in nine banks, despite the requirement in laws and regulations that all such transactions be undertaken only with their prior approval. The CBM regulations allow each bank’s Board to establish internal thresholds beyond which exposures to related parties can occur only with their prior approval. Article 2 of the Decision on minimum standards on operations with bank-related parties lays down that business transactions with the bank-related parties shall be performed only if approved by the Board of Directors. In the absence of any benchmark or basis for establishing such thresholds, bank Boards have established their own limits, which are subject to supervisory review and assessment during on-site inspections. A review of the internal limits by the BCP team indicated that the internal limits for lending to related parties permitted three banks to lend 10 percent of capital funds without seeking the Board’s prior approval; and from 5 percent to 10 percent in two banks (Table 7). Given that the prudential limit for exposure on a single legal entity that is a related party is 10 percent of capital funds, it would seem that almost all related-party exposures could be assumed by some banks without seeking prior Board approval. This is contrary to the expectation and requirement under CP 17 (EC6) and CP 20 (EC3)14 that transactions with related parties and write-off of related-party exposures exceeding specific amounts, or otherwise posing special risks, are subject to prior approval of the bank’s Board.

Table 7.

Montenegro: Distribution of Banks’ Aggregate Exposures to All Related Parties

article image

129. Given the gaps in the regulatory and supervisory frameworks for related-party exposures, CBM supervision should become more effective in this area. Supervisors assure that despite the exemptions in measuring exposures to bank-related parties, all transactions with related parties are in compliance with the legal and regulatory requirements regarding the terms on which these are undertaken, and that the parties interested in the transactions are not a party to the approval of the exposures or transactions. However, the requirements under article 2 of the “Decision on the minimum standards for operations with bank-related parties” does not prohibit interested parties from managing or monitoring the exposure or transaction with bank-related parties. Given the above gaps in the regulatory and supervisory frameworks, a newly established bank has assumed an exposure of about 300 percent of own funds on a single bank-related party without apparently breaching any prudential requirement.

130. Recommendations:

  • Undertake a comprehensive revision of the legal and regulatory frameworks to bring the various elements of assuming and managing bank-related-party exposures and entering into transactions with these parties in compliance with Basel requirements. Also, review and revise the prudential limits, reporting and disclosure requirements pertaining to bank-related-party exposures and transactions.

  • Clarify and, ideally, specify the maximum limit up to which a bank can lend or transact with a bank-related party without obtaining its Board’s prior approval.

C. Liquidity Risk

131. The CBM has not identified any bank in Montenegro as an internationally active bank. Data on banks’ foreign assets and liabilities indicate that some of them can be perceived as internationally active. Seven banks have foreign assets in excess of 20 percent and 12 banks have foreign liabilities in excess of 20 percent (Table 8).

Table 8.

Montenegro: Delegation of Powers for Related-Party Transactions

article image

132. The CBM’s prudential requirements for liquid assets indicator and the maturity mismatches are set at the aggregate level for all currencies. Data on banks’ assets and liabilities indicate that some banks are actively engaged in more than one currency. The second major currency in which banks’ assets and liabilities are denominated is the U.S. dollar (USD). As per Basel requirements, when more than 5 percent of a bank’s total assets or total liabilities are denominated in any currency, that is to be reckoned as a significant currency, and supervisors are expected to require banks to manage their liquidity risk in each of the significant currencies independently. In Montenegro, six banks have more than 5 percent of their assets and liabilities denominated in foreign currencies, and most of them have USD assets or liabilities (Table 9).

Table 9.

Montenegro: Foreign Assets and Liabilities (June 2015)

article image
Table 10.

Montenegro: Foreign Currency Assets and Liabilities (June 2015)

article image

133. The CBM’s monitoring of liquidity risk in banks on the basis of the maturity mismatch of assets/liabilities can be further improved. The CBM does not effectively monitor maturity mismatches on the basis of contractual maturities. The guidance to banks for plotting their assets and liabilities (including their off-balance sheet commitments) under the various time–bands is limited. This leaves abundant room to banks to adopt their respective methodologies and assumptions for plotting the various items of assets and liabilities under the maturity bands. The supervisors review the assumptions and the methodology that banks develop for plotting the assets/liabilities, but providing additional guidance to banks can achieve more consistent methodologies. While the maturity mismatch position in banks is positive, as per supervisory data, the data publicly disclosed by banks reveals a negative mismatch for the same time band(s), suggesting a need to review and revise the supervisory approach. Since Basel expects supervisors to monitor both contractual and behavioral maturity mismatches, the CBM should also strengthen its monitoring of both.

134. The CBM reviews the liquidity contingency plans (LCPs) prepared by banks for their adequacy and appropriateness. The LCPs received from banks that have parent banks usually include the parent support as a main element of the contingency plan. The LCPs from domestic banks usually indicate dependence on the reserves maintained with the CBM and borrowing from the CBM, cash balances/deposits with other banks (including in Nostro accounts), sale of investments in government securities and line of credit from foreign banks. This suggests that domestic banks’ strategies rely mainly on CBM reserves and lending. While these sources may meet the needs of a single bank under stress, these might not be adequate if the banking system were to be under stress. The CBM should undertake periodical assessment of the feasibility of the individual bank plans during times of market stress and stress across banks. This can also inform the CBM’s contingency plans for addressing liquidity stress across banks.

135. The CBM focus on funding risk in banks is yet to develop fully. Nonresident deposits are an important source of funding for some banks. On average, 19.6 percent of deposits in the banking system belong to nonresidents and the proportion of nonresident deposits has been relatively stable over the past five years. Most banks have the share of nonresident deposits just below 20 percent with only a few banks deviating from the norm. The banking system’s longer-term liquidity is less resilient to stress situations and vulnerabilities to elevated funding costs are high. Funding risk is sizable in an environment of increasing deposit competition and low profit margins. The CBM analyses can be made more comprehensive with the inclusion of, for example, the establishment of funding limits and funding concentration limits and their periodical monitoring, requiring banks to establish and maintain relationships with liability holders, diversification of their sources of funding, and review and assessment of the liquidity and marketability of the liquid assets at times of market stress.

136. Laws and regulations require banks to conduct periodical stress testing, using several types of stress scenarios, including assumption of changes in market and other factors which may have a material impact on bank’s operations. The stress tests are intended to assess the impact of these situations on the banks’ cash flows and liquidity. During on-site examinations, supervisors review the procedure for liquidity stress testing, the dynamics of stress testing, and the scenarios and assumptions applied by the bank. Supervisors also review the results of the stress testing and the options that the bank plans to use to raise liquidity during stress situations.

137. Recommendations:

  • Assess liquidity risks in banks with reference to each significant currency; strengthen monitoring of liquidity risks in banks as reflected by their maturity mismatches, both under contractual and expected maturities.

  • Undertake periodical assessment of the feasibility of liquidity contingency plans of individual banks, particularly during times of market stress or stress across banks. The findings of this review could also inform the CBM’s contingency plans for addressing liquidity stress across banks.

  • Develop and implement a more comprehensive assessment of funding risk in banks.

D. Public Disclosure and Transparency

138. While the requirements relating to disclosure and transparency reflect good practice, their implementation is inconsistent. In broad terms, the banks that are owned by parent banks tend to have extensive disclosure including in relation to individual risk and its management (and would in general comply with Pillar 3 requirements) whereas the disclosure of some of the other banks do not meet the requirements of the legislation. For instance, Article 13 of the Decision on Public Disclosure of Data and Information by Banks requires banks to disclose information on the method used for calculating the capital requirement for operation risk; some banks just refer to the presence of operational risk without reference to the method used for calculating its capital cover. Atlas Bank does not publish consolidated accounts (see next paragraph) and another bank’s accounts were not accompanied by an auditor’s statement.

139. Bank A, which until recently was a 100 percent owner of a foreign subsidiary and owns a 32 percent stake in an insurance company publishes solo bank accounts only, with no consolidated accounts. Its auditors have qualified its 2014 results on a number of counts—understatement of provisions of EUR 5.1 million; concerns about its investment of EUR 5.3 million and deposits of EUR 10.4 million with its foreign subsidiary and concerns also about a deposit of EUR 3.3 million deposited in a bank currently in liquidation in Bosnia and Herzegovina. By way of comparison, own funds recorded in the accounts amounted to EUR 29.3 million. The CAR at the same date (calculated on a solo basis, with the investment in the foreign subsidiary deducted from own funds) was 10.3 percent, that is, just marginally above the minimum requirement of 10 percent.

140. The auditors of Bank D (a medium-sized domestic bank) have also qualified its 2014 and previous years’ accounts. The 2014 qualification related to under-provisioning in the amount of EUR 1.2 million and concerns about the accounting treatment of loan-related fees. The auditors also made reference to the fact that Bank D was in breach of the central bank’s requirements on related-party lending. Also qualified is the auditor’s report for the 2014 annual accounts of Bank B for reasons relating to under-provisioning in respect of loans and an investment.

141. On a separate but related issue, the auditor of Bank D did not advise the CBM in advance that it intended to qualify the accounts. This is in breach of article 98 of the Banking Act, which requires the auditor to notify the CBM of material issues arising in the bank. The CBM was aware of the intention of Bank A’s auditor to qualify in the context of the bank’s intensive regulatory involvement with that bank.

142. The presence of a qualified auditor’s opinion in a number of banks could impact on public confidence in those banks and the banking system as a whole. The CBM says that, while aware of the qualified accounts, it makes its own calculation for regulatory capital, and that the auditors adopt a conservative approach to asset valuations. While the CBM meets the auditing profession from time to time to discuss general accounting issues, it does not seem to meet individual auditors very frequently in relation to individual bank accounts.

143. The “Decision on Public Disclosure of Data and Information by Banks” dates from 2011 and does not contain certain requirements, which have now become standard. For instance, the decision makes no reference to disclosure of related-party lending. While International Financial Reporting Standards/International Accounting Standards (IFRS/IAS) requirements do require such disclosure, for completeness it should also be included in the “Decision on Public Disclosure of Data and Information by Banks.”

144. Recommendations

  • The CBM should review banks ‘annual accounts more closely to ensure that their disclosure regime meets the necessary legal requirements.

  • The CBM should initiate a more intensive dialogue with individual audit firms, both on a bilateral basis and on a tripartite basis, involving the bank in question, to seek to address and resolve the problem of auditors’ qualified opinion. This would be in keeping with the intent of Principle 27 (Financial Reporting and External Audit), which proposes that the supervisor meet periodically with external audit firms to discuss issues of common interest relating to bank operations (Essential Criterion 8), and that the supervisor require the external auditor to report to the supervisor matters of material significance.

  • The CBM should update its “Decision on Public Disclosure of Data and Information by Banks” to include a greater range of disclosures, such as related-party lending.

Appendix I: Details of Exemptions, Deductions, and Discounts Allowed While Measuring Exposures

A. Regulation allows banks to exempt the following items of credit risk exposures for asset classification and consequently provisioning:15

  • other short-term, highly liquid instruments with original maturity up to three months or less, for which a low level of risk from change in value exists;

  • derivative instruments used as hedging instruments;

  • investment in immovable properties, properties, and plant and equipment;

  • financial assets included in the trading book;

  • guarantees received; and

  • collateral received.

B. Regulation allows banks to exempt or deduct fully, among others, the following items of credit risk exposures for the calculation of exposures to a single party or a group of connected parties:16

  • in the case of spot foreign exchange transactions, exposures incurred in the ordinary course of settlement during the two working days following payment;

  • in the case of spot transactions for the purchase or sale of securities, exposures incurred in the ordinary course of settlement during five working days following payment or delivery of the securities, whichever is the earlier;

  • exposures arising from delayed receipts of funds and other exposures arising from customer’s activity and maturing at the latest on the following business day, in case of providing payment services, including money transfer services, as well as clearing and settlement services in local or foreign currency, financial instruments clearing, correspondent banking, and custody services;

  • intra-day exposures to institutions providing payment services, including money transfer services, clearing and settlement services in local and foreign currency, and correspondent banking services;

  • exposures constituting claims on central governments, which, unsecured, would be assigned a zero risk weight according to the “Decision on capital adequacy of banks”;

  • exposures secured by unconditional guarantees of the central governments or public sector entities, where unsecured claims on the entity providing the guarantee would be assigned a zero risk weight according to the “Decision on capital adequacy of banks”;

  • exposures to regional governments or local self-governments, or guaranteed by them, where unsecured claims on those entities would be assigned a zero risk weight according to the “Decision on capital adequacy of banks”;

  • exposures secured by certificates of deposit, issued by the lending bank, its parent undertaking or its subsidiary and lodged with either of them;

  • exposures arising from undrawn credit facilities that are classified as low-risk off-balance sheet items under Article 13 of the Decision on capital adequacy of banks, provided that an agreement has been concluded, under which the facility may be drawn only if it has been ascertained that it will not cause exceeding of large exposure limit under Article 58, paragraph 1 of the Banking Law; and

  • covered bonds falling within the terms of Article 46 of the Decision on capital adequacy of banks.

C. Regulation allows banks to deduct 80 percent of, among others, the following items of credit risk exposures for the calculation of exposures to a single party or a group of connected parties:17

  • exposures guaranteed by regional governments or local self-governments, if unsecured claims to those entities would be assigned a 20 percent risk weight according to the Decision on capital adequacy of banks; and

  • exposures of the bank, including also equity participation or other types of investments, to its superior bank, subsidiaries of superior bank and its subsidiaries if they are subject to consolidated supervision in accordance with the applicable regulations in the European Union or equivalent supervisory standards on consolidated basis applied in a third country.

D. Regulation allows banks to deduct 50 percent of, among others, the following items of credit risk exposures for the calculation of exposures to a single party or a group of connected parties:18

  • exposures secured by mortgage or fiduciary on residential property which fall within 35 percent risk weight requirements under the Decision on capital adequacy of banks; and

  • exposures secured by mortgage or fiduciary on commercial property, which fall within 50 percent risk weight requirements under the Decision on capital adequacy of banks;


Basel Committee on Banking Supervision: Core principles for effective banking supervision, September 2012.


The Technical Note is prepared by Damodaran Krishnamurti (Lead Financial Sector Specialist, World Bank) and Michael Deasy (Consultant, IMF).


The selected principles include those dealing with risk management, credit risk, problem loans, provisioning, large exposures, related-party transactions, liquidity risk, capital adequacy, supervisory approach, consolidated supervision, disclosure and transparency in banks, and licensing criteria.


“A Macrofinancial Approach to Supervisory Standards Assessments,” IMF, August 18, 2014 (


The largest foreign investor-banks are OTP (Hungary), Erste Bank (Austria), NLB (Slovenia), and Société Générale (France). The remaining, smaller foreign banks do not belong to large international groups.


Legal entities meeting any two out of the three criteria shall be classified as the large legal entities: (i) having the average number of employees more than 250; (ii) having aggregate annual revenue of more than EUR 50,000,000; and (iii) having aggregate assets of more than EUR 43,000,000.


Obtained on the basis of interactions with a cross section of banks, auditing firms and legal firms and professionals in these fields.


Doing Business, 2015.


Prime collateral is defined in Article 29 of the Decision on minimum standards for credit risk management.


Adequate collateral is defined in Article 30 of the Decision on minimum standards for credit risk management.


Excerpts from the Basel Committee Paper – “Measuring and controlling large credit exposures” (1991): …. Since a large exposure measure is concerned with concentrations of risk, the measure of exposure needs to reflect the maximum possible loss from the failure of a single counterparty. The Committee has therefore concluded that to use the capital weights for measuring credit concentrations could significantly underestimate potential losses. It would, for example, mean ignoring credit commitments with an original maturity of under one year, whereas it is highly likely that a client in difficulties would draw down its credit lines. It would also mean relying on the value attributed to collateral or guarantees which, in extreme cases, often turn out to be illusory. It is therefore suggested that the measure of exposure should encompass the amount of credit risk arising from both actual claims (including participations, equities and bonds) and potential claims of all kinds (e.g., future claims which the bank is committed to provide), as well as contingent liabilities. Thus, the measure should include at par value credit substitutes such as guarantees, acceptances, letters of credit and bills; securitized assets and other transactions with recourse; and all other forms of contingent liabilities, notably credit commitments.”


The definitions largely and explicitly cover the types of related parties mentioned in footnote 73 of the BCPs.


The definitions largely and explicitly cover the types of related-party transactions mentioned in footnote 74 of the BCPs.


The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board.


Art. 14 of the Decision on the minimum standards for management of credit risk.


Art. 2 and 6, of the Decision on measurement of exposures.


Art. 6 of the Decision on measurement of exposures.


Art. 6 of the Decision on measurement of exposures.