A. Information and Methodology Used for Assessment

9. This assessment was against the standard issued by the Basel Committee on Banking Supervision (BCBS) in 2012. Since the past BCP assessment, which was conducted in 2011, the BCP standard has been revised. The revised Core Principles (CPs) strengthen the requirements for supervisors, the approaches to supervision, and the supervisors’ expectations of banks through a greater focus on effective risk-based supervision and the need for early intervention and timely supervisory actions. Furthermore, the 2012 revision placed increased emphasis on corporate governance and supervisors’ conducting sufficient reviews to determine compliance with regulatory requirements and thoroughly understanding the risk profile of banks and the banking system. This assessment was thus performed according to a significantly revised content and methodological basis, compared to the previous BCP assessment carried out in 2011 (Box 1).

10. The Romanian authorities opted to be assessed against both essential criteria (EC) and the additional criteria (AC) but graded on the basis of EC only. To assess compliance, the BCP Methodology uses a set of EC and AC for each principle. The EC set out minimum baseline requirements for sound supervisory practices. The AC are recommended as the best practices against which the authorities of some more complex financial systems may agree to be assessed and graded. Romanian authorities chose to be graded against only EC.

11. Grading is not an exact science and the CPs can be met in different ways. The assessment of compliance with each principle is made on a qualitative basis. Compliance with some criteria may be more critical for effectiveness of supervision, depending on the situation and circumstances in a given jurisdiction. Emphasis should be placed on the commentary that accompanies each Principle grading, rather than on the grading itself.

12. The assessment team held extensive meetings with NBR staff, the Ministry of Public Finance (MOPF), the industry, and other relevant counterparts who shared their views with the assessors. The team also reviewed the framework of laws, regulations, and supervisory guidelines. The NBR provided self-assessments of the CPs and comprehensive questionnaires filled out by the authorities. The NBR also facilitated access to supervisory documents and files, staff, and systems.

13. The assessment team appreciated the excellent cooperation, including extensive provision of internal guidelines/procedures, supervisory files, and reports. In particular, the team would like to thank the NBR staff who responded to the extensive and detailed request promptly and accurately during the assessment.

A. Sound and Sustainable Macroeconomic Policies

19. Romania made important progress in addressing economic imbalances and restoring growth after the global financial crisis. Partly in the context of successive EU and IMF-supported programs in the period to 2015, macroeconomic stability was restored. Growth more recently accelerated on the back of fiscal stimulus, and Romania’s real GDP growth surged to 6.9 percent in 2017. Low imported inflation and indirect tax cuts kept inflation subdued, but inflationary pressures have increased since mid-2017 on account of sharp wage increases and strong domestic demand, leading monetary policy to tighten after a long period of accommodation. With signs of overheating, there is a risk that the current policy trajectory increases macroeconomic volatility, and wears down buffers, adversely afecting market confidence.

20. Implementation of sound macroeconomic policies is essential for the stability of the Romanian financial system as a whole. Relatively weak cooperation, coordination and synchronization among policies (monetary, macroprudential and fiscal policies) may lead to cyclical imbalances and structural vulnerabilities. Such imbalances and vulnerabilities could lead to negative spill-overs on the financial and the general macro equilibrium, creating the potential for negative reaction to the occurrence of adverse standard business cycle or rare shocks.

B. Framework for Financial Stability Policy Formulation

21. The institutional framework for macroprudential policymaking has recently been strengthened and contains a clear mandate and well-defined objectives, but NBR’s role seems constrained. A new National Committee for Macroprudential Oversight (NCMO) was established in April 2017. By law, the NCMO is the national macroprudential authority with a clear legal mandate to set macroprudential policies with the objective to contribute to safeguarding financial stability by strengthening the resilience of the financial system and containing the build-up of systemic risk. The law was the result of a three-year long parliamentary process, mainly due to concerns about excessive powers of the NBR. As a result, the number of NBR representatives in the nine-member NCMO was reduced from the proposed five members to three, giving the NCMO the same number of representatives as the ASF, and the Government. It is chaired by the Governor of the NBR and the Secretariat resides within the NBR.

22. The institutional arrangement seems to guarantee adequate powers to ensure the NCMO’s ability to act, but its willingness to act remains to be more thoroughly tested. The NCMO has direct (hard) powers over a wide-range of macroprudential tools. It is empowered to recommend actions to be taken by other supervisory authorities or the Government, and to issue warnings, coupled with a ‘comply or explain’ mechanism. As of April 2018, it has only held five meetings and issued ten recommendations, including the required quarterly recommendations on the countercyclical capital buffer. The Technical Commissions on Systemic Risk and Financial Crisis Management, respectively, who should support the NCMO’s work, are still to become operational.

23. The communication process is performed in a transparent and relatively effective manner. The communication process includes the following: (i) an official press release is published on the website after the meeting of NCMO’s General Board, which includes a summary of the meeting; (ii) publication of a macroprudential policy strategy; (iii) publication of the recommendations and adopted decisions on the NCMO’s official website, where the motivation behind these is also detailed; (iv) the publication of the Annual Report, which will take place for the first time next year, by 30 June 2018; (v) publication of opinions; (vi) NCMO’s own website provides various information about macroprudential policies; (vii) the macroprudential measures can also be found within the Financial Stability Report of the NBR which is published on a semi-annual basis; and (viii) there will be future seminars and debates to promote the activities of the NCMO.

24. The macroprudential policy toolkit was recently expanded with the CRR/CRD IV framework becoming operational in Romania. In particular, the authorities have implemented or are phasing-in a number of capital buffers. The stressed Debt Service to Income (DSTI) limit is currently applied to consumer loans and maximum LTV ratios on mortgages have been undermined by the Prima Casa program.

C. A Well-Developed Public Infrastructure

25. The delay in implementing the new personal insolvency regime may be hampering access to credit. The new Personal Insolvency Law³ aims at providing over-indebted consumers with a second chance by allowing them to access a debt discharge, which is in line with the trend observed in Eastern European countries in recent years. Initially scheduled to enter into force in January 2016, implementation of the Law has been postponed several times due to administrative reasons, including the establishment of specialized regional administrative bodies and the lack of trained personnel and financial resources. The law was adopted without an impact assessment and its final effects on the financial sector remain to be seen. On June 9, 2017, the Government approved the methodological norms required to administer the procedure, although additional rules, regulations, and guidelines would need to be prepared for an efficient implementation.

26. Significant improvements have been made on the credit reporting system in the past decade. Credit information sharing is universally considered a key credit infrastructure component for its positive impact on the quality of lending (for example, by reducing information asymmetry) and overall financial sector stability (by providing data driven tools for both lenders and regulators). The project for establishing a Private Credit Bureau was initiated in 2004 with a large participation of local banks. The process of collecting and disseminating data was initially limited to negative information, but later expanded to include positive data following international best practices. After five years of operations, the Bureau started to provide additional services to banks, such as credit scoring.

27. Both the NBR and the ASF have taken important steps to strengthen the oversight of systemically important financial market infrastructures, and increased cooperation between the authorities is recommended. The NBR oversees the real time gross settlement payment system and SaFIR, the central securities depository for government securities and NBR securities, whereas the ASF supervises the clearing and settlement systems of the Bucharest Stock Exchange. The legal framework for financial market infrastructures has been strengthened through the adoption of EU legislation. The NBR also formally adopted the CPSS-IOSCO Principles for Financial Market Infrastructures and has assessed the systems under its purview against these principles. The NBR’s project to internalize the payment and settlement systems within the central bank is expected the strengthen the financial infrastructure.

28. Parliament passed several populist laws last year that would have allowed debtors to walk away from mortgages (‘datio in solutum’) and convert Swiss Franc denominated loans at historical exchange rates. Recent rulings by the constitutional court have limited the potential negative impact on the banking sector of these laws, but there is a concern that further legislative measures could be in the offing. The final effects of the personal insolvency law, providing over-indebted consumers with a second chance by allowing them to access a debt discharge, remain to be seen. Recently, Romania’s Government decided to cap deductions from nonperforming loan sales to 30 percent of their value, limiting tax deductibility of losses incurred by firms who sell NPLs at a discount relative to what they had provisioned for. As such, banks are discouraged to sell receivables and are encouraged to directly execute debtors.

D. Framework for Crisis Management, Recovery, and Resolution

29. Implementation of the Bank Recovery and Resolution Directive (BRRD) in Romania is recent and institutions are still adapting to the change. The transposition of the EU directive into the country’s primary legislation concluded in 2015 (Law 312/2015). Since then, the institutions in charge of the bank recovery and resolution framework (NBR, MOPF, ASF, and Bank Deposit Guarantee Fund (FGDB)) have made important strides towards adapting to their new responsibilities and toolkit. As the resolution authority, the NBR has been charged with all key responsibilities in the bank resolution area, while some components of the framework have been delegated to the deposit insurer (management of the bank resolution fund and financing of the resolution measures) and to the MOPF (granting extraordinary public financial support) as a key domestic counterpart in crisis prevention and resolution. Some of the operational elements of implementing the new framework have yet to settle, especially part of the contingent arrangements (e.g., a Memorandum of Understanding (MOU), framework agreements between the MOPF and FGDB). The operational readiness has not been tested and given a market structure where systemic banks are subsidiaries of major international banks (61 percent of assets in the banking sector fall under single resolution board’s (SRB’s) authority), part of the contingent arrangements require a tight cross-border coordination with the other relevant authorities within the resolution colleges. This international coordination work has started, at the level of the resolution colleges, where a continuous process of reviewing the group resolution plans takes place.

30. The responsibilities of the FGDB have been significantly enlarged in the area of bank resolution. The 2015 resolution framework empowered the FGDB as the administrator of the newly created bank resolution fund. The resolution fund’s target level is 1 percent of deposits covered and is currently at 60 percent of that objective, which should be attained latest by 2024. In addition, the FGDB has the mandate to serve as (i) a temporary administrator; (ii) special administrator of a credit institution under resolution; (iii) shareholder of a bridge institution; or (iv) shareholder of an asset management vehicle.⁴

E. Public Safety Net

31. The NBR has over the years strengthened its liquidity provision framework. The overarching criteria for liquidity provision are based on objectives of preservation of economic stability and the support to solvent but illiquid entities. However, the existing arrangement has not been tested in recent years under economic stress of systemic nature, and a formal operational framework for emergency liquidity assistance is still under construction. Authorities are using the legal framework of the European Central Bank (ECB) 2017 agreement in this area as the base for their formulation.

32. In December 2015, Romania adopted new legislation (Law 311/2015) which transposed EU Directive 2014/49 on deposit guarantee schemes. The deposit insurance fund has a high level of coverage (99.5 percent of accounts), and at 3.4 percent of the amount of eligible deposits has nearly reached its target. Contingent financing continues to remain work in progress. While the law allows the FGDB to count on the MOPF within specific time limits (five days), the specific arrangements for the financing to take place are yet to be finalized.

33. Romania undertook a crisis simulation exercise in 2013. While many of its lessons have been internalized by the BRRD transposition and other regulatory and supervisory enhancements since then, a new simulation exercise would be useful to test preparedness domestically and in coordination with regional counterparties. Ultimately, authorities should consider preparing a program of continuous tests and simulations that keep the crisis management framework up to speed.

F. Effective Market Discipline

34. Financial reporting, auditing and disclosure requirements in Romania are largely harmonized with those applicable across the European Union and in line with international standards. The Romanian banking system has been required to report financial information based on the International Financial Reporting Standards (IFRS) at a consolidated level since 2006 and at individual level since January 2012. Banks representing close to three quarters of banking assets are subsidiaries of EU banking groups, which are generally listed and subject to effective market discipline at group level. A 2017 law created a new public oversight body for external auditors in Romania. A 2016 analysis of the corporate governance framework conducted by the European Bank for Reconstruction and Development assessed corporate governance along five dimensions and rated the structure and functioning of the Board, internal control and stakeholders and Institutions as fair, transparency and disclosure as fair/moderately strong and the rights of shareholders as moderately strong. Areas where corporate governance was considered weak included board effectiveness (incl. lack of requirement for the Board to approve the company’s budget and set the risk profile/appetite, uncommon practice on board evaluation and limited numbers of their audit committee meetings), gender diversity at the Board, and the functioning and independence of the Audit Committee (incl. minority of independent members, lack of proper qualification of members, insufficient disclosure on number of meetings).

35. With respect to rules on corporate governance, according to the Romanian Banking Law⁵, each credit institution must have robust governance arrangements, which include a clear organizational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, adequate internal control mechanisms, including sound administration and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management. In this respect, the governance arrangements of a credit institution, the processes to identify, manage, monitor and report the risks, the internal control mechanisms as well as the remuneration policies and practices must be established by its Articles of Association and internal regulations, according to the Companies Law and in compliance with the provisions of national and European legal framework in banking area.

A. Responsibilities, Objectives, Powers, Independence, and Accountabilities (CPs 1–2)

36. The NBR has clear responsibilities as a supervisor, adequate resources and independence, even if the framework protecting the latter should be strengthened. Banking supervision in Romania falls exclusively within the responsibility of the central bank. As Romania is a member of the EU, banking supervision is also significantly harmonized and integrated across member states. Laws and regulations are regularly updated. The NBR, as a supervisory authority, possesses stable governance arrangements and effective operational independence. However, the MOPF could participate in NBR Board meetings and the reasons for the dismissal of a Board member do not have to be disclosed. The decision to approve sanctions/orders is the sole responsibility of the first deputy governor; there is no internal guidance or formal independent function available to assist the first deputy governor in determining adequate decisions. The NBR dedicates large resources to supervision, in terms of staff, equipment and other variable costs. The NBR adopted detailed arrangements to prevent and manage conflicts of interests at all levels. However, there is no post-employment or cooling-off framework covering situations where a staff or Board member intends to take (or takes) a position in a bank supervised by the NBR (or that it has directly supervised). Although the NBR board members and staff are adequately protected against lawsuits for actions taken and/or omissions made while discharging their duties in good faith, this protection does not apply to the institution.

B. Ownership, Licensing, and Structure (CPs 4–7)

37. The NBR implements a well-designed regime for licensing, transfer of significant ownership and major acquisitions. Only licensed credit institutions can provide banking services. NBR has exclusive competence for granting and withdrawing the license of banks incorporated in Romania and branches of banks located outside the EU. The NBR last licensed a bank in 2009. The licensing framework includes clear and detailed criteria. The ownership structure of locally incorporated banks and branches of EU banks is transparent. The NBR implements a rigorous definition of transfer of significant ownership, in line with the provisions of CRD IV, as well as requirements on the transparency of bank ownership. This largely, but may not fully, cover the transfer of beneficial ownership. The NBR has a detailed framework to review major acquisitions. As part of the consolidation of the Romanian banking system, The NBR reviewed and approved four requests for acquisitions in the past five years (all related to mergers between banks licensed in Romania). Romanian banks only have small activities outside Romania.

C. Ongoing Supervision (CPs 8–10, 12)

38. The supervisory approach of the NBR has changed towards a more risk based approach since the previous BCP assessment. As of January 1, 2016, the NBR Board approved the adoption of the EBA SREP Guidelines (EBA/GL/2014/13) into national supervisory practices. The Romanian regulatory framework has implemented the provisions of CRR, CRD IV and BRRD (resolvability assessment). The SREP is a core supervisory tool of banking supervision in Romania and deploys a good mix of onsite and offsite supervisory tools and techniques. The NBR has broad information collecting power by legislation; in particular, the Central Credit Register allows supervisors to access high-granularity data.

39. Nevertheless, the new EBA SREP methodology is still in the early stages of implementation. During SREP, there is no structured/independent review to ensure consistency and accuracy of scoring, findings, and measures of the supervisory report. Considering the recent adoption of the EBA SREP methodology in Romania, the quality assurance procedure is critical. Authorities should consider a way to ensure consistency and objectivity of SREP scores, findings, and supervisory measures. For instance, the authorities could establish an independent review process, develop on-site and off-site supervisory assessment handbooks, and improve the electronic platform to more effectively manage findings, measures, and follow-ups.

40. With regard to off-site supervision, a significant part of this off-site function includes the approval/rejection of requests concerning amendments in a bank’s situation.⁶ This responsibility of the offsite function could limit to a certain extent, the ability of the NBR to maintain a thorough and deeper analysis of the risks that banks and banking groups are facing. Regulatory cost and benefit exercises may be warranted in respect of optimum allocation of supervisory resources. Authorities could review the off-site activities regarding various approval processes for supervisors so they may focus more on qualitative risk analysis.

41. More risk-focused, banking industry-wide thematic analyses and examinations across systems, triggered by recent trends or events, appear to be limited. The Financial Stability Department (FSD) publishes financial stability reports on a half yearly basis and performs top-down stress testing, and shares the results with banking supervisors. However, the results of the FSD have limited applicability and are not directly communicated to individual banks for supervisory purposes. During 2016 and 2017, there were no thematic inspections carried out at the banking system level. The NBR is not differentiating the frequency of full-scope examinations based on the outcome of the risk profile analysis of banks; instead, the asset size and the overall SREP score of the previous year are the main factors in determining the scope and intensity of examinations. Authorities should consider a more risk-focused approach such as conducting thematic analysis and/or examinations across the banking system with a mix of off- and on-site activities for a specific type of risk.

42. Other improvements should be sought, including cooperation with other domestic supervisors, bottom-up stress tests, monitoring of intra-group exposures, and more frequent off-site monitoring on a consolidated basis. While the NBR and ASF share relevant data and supervisory findings, there are no regular meetings between the NBR and ASF, and there is no systematic process to prepare on-site examinations of banking groups, develop a joint view on risks in relation to a particular banking group, align supervisory approaches, and discuss potential concerns on the banking group or subsidiaries. In addition, the main quarterly monitoring tools of the NBR do not seem to have embedded a forward-looking view of a bank’s risk profile (e.g., no bottom up stress testing tools) and quarterly KRIs are monitored on a solo basis.⁷ The NBR should consider developing a bottom-up stress testing methodology as a complementary supervisory tool, and enhance the intra-group exposures monitoring and consolidated supervision, in coordination with the ASF where relevant.

D. Corrective and Sanctioning Powers (CP 11)

43. The NBR has sanctioning powers and tools in almost all respects, however, the sanctioning/order issuance process needs to be enhanced. Regarding the internal process for determining measures and sanctions, the NBR currently conducts insufficient analysis to ensure consistency, accuracy and justification of inspection outcomes and sanctions across the banking system. More specifically, there is no consistent internal independent review process to ascertain that the applied measures or corrective actions are adequate and consistent. Therefore, the NBR should consider establishing an independent review process and/or introducing relevant guidance in this regard. In addition, the NBR, as a competent authority of credit institutions, cannot impose any measures regarding the merger process or acquisition by a third party per Banking Law⁸.⁹

44. Post examination processes should be improved to guarantee more effective implementation of corrective actions. Regarding the supervisory follow-up, the time frame described in the internal rules of the NBR is not always adhered to. Assessors note that the issuance of supervisory reports and written orders is often delayed.¹⁰ Assessors were informed that formal wrap-up meetings after on-site inspections do not always take place. This practice would hinder banks from implementing supervisory measures in a prompt manner.

E. Cooperation and Cross-Border Banking Supervision (CPs 3, 13)

45. Cooperation among EU supervisors is intense, reflecting increasing integration of the EU banking market and the dominance of EU banking groups in Romania. Arrangements are in place to facilitate and ensure cooperation with relevant domestic and foreign authorities. Cooperation among domestic authorities is organized, but meetings with the ASF are too infrequent to allow for effective coordination. International cooperation is in place for EU banking groups, that control three quarters of banking assets in Romania, and where the NBR is the host supervisor. The NBR is a member of 15 EU colleges of supervisors, which allow for effective information sharing and unified supervisory actions. Close coordination is also in place for crisis management and resolution, at the domestic level with the resolution arm of the NBR and, for large banks active in Romania, within EU supervisory and resolution colleges. All Romanian banks prepared recovery plans starting in 2016; resolution plans were also prepared for almost all of these institutions (and their groups where applicable)

F. Corporate Governance, Risk Management, Internal Control and Audit (CPs 14, 15, 26)

46. An increased emphasis on the role of independent directors and direct and regular exchanges between the NBR and non-executive Board members are essential to ensure effective corporate governance. Corporate governance requirements were strengthened at the EU level and transposed in Romania starting in 2013, clearly laying out the responsibilities of the management body in ensuring banks operate in a safe and sound manner. The NBR conducts a thorough review process, including challenging interviews, before approving members of the management body, and during the on-site full-scope examinations. However, the NBR only requires subsidiaries to have an “adequate” number of independent members in the management body. Banks usually only have 1 or 2 independent member(s), which is insufficient to encourage challenging other executive and nonexecutive members and, where appropriate, lead specialized committees. Moreover, although the NBR places a lot of responsibilities on the management body, it does not yet meet on a regular basis with its nonexecutive and independent members (nor sends them letters detailing serious shortcomings or transmitting on-site reports).

47. Regulations set detailed and demanding requirements for control functions. Discussions with the NBR confirmed the importance placed on risk management, internal control and audit during on-site inspections. However, the NBR has not yet developed detailed internal methodologies to facilitate a comprehensive and consistent review of these issues. Reviews of practices at industry level in these areas could also usefully inform the supervisory process.

G. Capital Adequacy and Liquidity Risk (CPs 16, 24)

48. It is noteworthy that the Regulatory Consistency Assessment Program (RCAP) of the BCBS reviewed the EU-wide capital and liquidity framework and concluded that certain features deviated from Basel standards.¹¹ The RCAP concluded that the EU requirements follow the Basel standards set by the BCBS broadly, but with a number of divergences, where the EU is less conservative than the BCBS, which positively impacts ratios. In terms of the capital framework, the most significant divergences between the Basel III framework and the EU capital regulation do not seem to be material for Romanian banks. A deviation concerns the treatment of credit exposures for small and medium-sized enterprises (SMEs) under the Standardized Approach, where less stringent capital requirements do seem to be applied.

49. There is no dedicated team or unit within the NBR’s supervisory department (SD) responsible for evaluating, approving, reviewing and overseeing banks’ internal models. Two banks have been approved to use the advanced approach to calculate regulatory capital for credit risks and three banks for operational risks. Although the number of banks applying the advanced approach is small, the banks that apply it are large in Romania. The FSD has a quantitative assessment division that assists the SD whenever supervisors need to approve the advanced approach in a certain bank or validate internal models, but they are not involved in supervision and examination on an ongoing basis. There would be an increasing need to devote more supervisory attention to banks’ risk models used for their own risk management purposes and in regulatory capital calculations. NBR examiners should focus more on periodic validations and independent testing of different models, even when the banks are not generating inputs for the regulatory capital calculations.

H. Credit Risk, and Problem Assets (CPs 17–18)

50. Following the sharp deterioration in credit quality after the global financial crisis, the NBR led efforts to clean up banks’ balance sheet and ensure their soundness. The framework for credit risk management was significantly strengthened and close monitoring, including through annual examinations, is still conducted. Nonperforming exposures (NPE) increased rapidly and dramatically after 2007 and peaked at 22 percent in 2013 before declining to 6.4 percent in December 2017. The NBR was instrumental in promoting this rapid reduction through multiple initiatives designed to ensure the timely recognition and realistic provisioning of NPEs (e.g., interim June audits, independent collateral revaluations, full provisioning of high risk exposures, write-offs etc.). The NBR continues to closely monitor NPEs, thanks to detailed and regular reportings, and ensures proactive implementation of requirements on problem loans.

I. Related Parties Transactions, Concentration, and Country risks (CPs 19– 21)

51. The current regulation on the transactions with related parties (RP) has deficiencies against the CP. The current definition of affiliated parties is not as broad as the requirements in this CP. For example, the current definition fails to capture any person in a key position or a major individual shareholder of other group entities within a banking group, including the parent bank/company itself. In terms of RP identification, there is no explicit presumption power of the NBR in the regulation, although the NBR, in practice, may exercise discretion in applying the definition on a case by case basis. Moreover, there are no explicit provisions that require that the “write-off” of RP exposures exceeding specified amounts is subject to prior approval by the board. Information on RP transactions collected during off-site supervision is not sufficiently granular to capture the exact characteristics. Overall, RP regulation describes high level principles, but does not give clear guidance to banks. The NBR should review and amend the regulation on affiliated party transactions in a more prudent manner.

52. The NBR applies the EU-wide large exposure regime, and the banks’ concentration risk management is assessed in the context of SREP. However, there is no explicit requirement in the regulation that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board, even though the practices are examined during on-site inspections. The explicit inclusion in regulation may be important in Romania considering the high level of sovereign debt concentration in banking industry. Even if the exposures comply with the large exposure or RP limits, assessors noted several examples where certain exposures should be examined further in the context of concentration risk or RP transaction management.¹² The NBR should consider conducting a thematic review on concentration risks across banks (particularly focusing on banks where the large exposure limit is set at EUR 150 million or 100 percent of capital, and banks that have high concentration risks).¹³

53. The NBR regulation for country and transfer risk management is not sufficiently comprehensive. The NBR will check the country/transfer risk policies and processes implemented by banks if the country and transfer risks are significant for a bank or banking group. However, the regulation includes only high-level principles similar to the BCP text, and lacks sufficient substance. The NBR does not give any further/specific guidance to banks and supervisors through regulations, instructions, or the on-site handbook. It is difficult to ascertain what and how supervisors should examine during on-site inspections.¹⁴ There are no specific regulatory provisioning standards for country risk and transfer risk in Romania. Also, there are no specific regulatory requirements for banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis. It is therefore not clear how supervisors perform a banking group-wide country risk analysis across each entity to form a comprehensive view of country risk.

J. Market Risk, Interest Rate Risk in the Banking Book, and Operational Risk (CPs 22, 23, 25)

54. In the Romanian banking system, the level of market risk is low for most of the Romanian credit institutions that do not have complex instruments. As of June 2017, risk weighted assets (RWAs) for market risk were around three percent of total RWAs. None of the banks use the advanced approach for computing market risk capital charges. The CRR and EBA SREP guidelines are comprehensively stipulated and the NBR conducts on-site inspection on all credit institutions annually. However, there is no market risk specialist in the supervision department; one should be assigned to build up expertise in this area. In terms of interest rate risk in the banking book (IRRBB), the Basel Committee published a new guideline on standards for IRRBB in April 2016, but the NBR has not updated the IRRBB rules accordingly. Authorities mention that currently they are in the process of amending regulation regarding IRRBB.

55. With respect to operational risks, a guideline on cyber security and/or information communication technology (ICT) for banks has not been implemented yet. Regarding IT resources, the SD has one IT systems specialist but does not have a dedicated unit; this could be considered insufficient in times of increasing demand, since the SD does not use external IT experts. The authorities mentioned that they are planning to hire more IT risk experts and new EBA Guidelines on ICT Risk Assessment (2017) will be implemented starting January 2018.

K. Financial Reporting, Auditing and Disclosure (CPs 26–28)

56. Financial reporting, auditing and disclosure requirements are largely harmonized at the EU level. Banks are required to prepare financial statements in compliance with the IFRS and have them certified by an external auditor which complies with international audit standards. Banks’ external auditors belong to the network of the four biggest global auditing firms and a large French auditing firm (with the exception of the credit cooperative network). Rotation requirements are implemented since 2014, either for the firm or the signing partner. All banks adopted specific policies and most rotated the firm. Five small banks appointed their external auditor in 2001–08 and only rotated the signing partner. The NBR confirmed that the tenure of these signing partners did not exceed seven years. There is, however, no internal methodology defining criteria used by the NBR to assess the adequacy of banks’ policies on rotation (and set a maximum time limit to guide supervisory assessments). Financial and prudential disclosure requirements are detailed and largely unified at the EU level. The NBR confirmed that these fully apply to banks incorporated in Romania on annual basis. The NBR verifies individual disclosure requirements and published detailed and updated information on banking activities and risks. A review of disclosure practices across the entire industry could usefully be conducted.

L. Abuse of Financial Services (CP 29)

57. In recent years, the Anti Money Laundering and Combating the Financing of Terrorism (AML/CFT) supervision of the NBR was strengthened particularly to be in line with the changes imposed by the new European Directive. The new European regulatory framework Directive (EU) 2015/849 provides a number of requirements on risk-based supervision, and a newly enhanced AML/CFT law is to be submitted for the Parliament’s legislative procedure. The NBR is in the early stages of implementing a risk-based approach to AML/CFT supervision. The NBR has assessed the Money Laundering and Terrorism Financing (ML/TF) risks, ranked banks, and established a detailed methodology for a risk-based approach to its AML/CFT supervisory activities.

58. Nevertheless, several shortcomings remain. Under Romanian law, only correspondent banking relationships with banks outside the EU are subject to enhanced due diligence measures. Under the Financial Action Task Force (FATF) standard, however, enhanced due diligence should be implemented with respect to all correspondent banking relationships, and no exception is currently made for intra EU correspondent banking relationships. Simplified due diligence is imposed in specific circumstances without a sound assessment that would have established that these circumstances present low ML/TF risks.

A. Supervisory Powers, Responsibilities, and Functions

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.15 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.16
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision17 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	Banking supervision in Romania falls within the responsibility of the central bank, the National Bank of Romania (NBR), which is the only domestic prudential supervisor for banks in Romania (Article 3 of the NBR statutes18). As Romania is a member country of the European union (EU), important responsibilities regarding banking supervision are harmonized, coordinated or exercised at the EU or eurozone levels (see Institutional and market structure section and CP 5 on branches of EU banks and freedom to provide banking services for EU banks). The objectives of the NBR, in banking supervision, focus on ensuring financial stability, protecting the interests of depositors and ensuring a sound and viable banking sector (considering a primary objective of ensuring and maintaining price stability, as indicated in Article 2–1 of the NBR statute). Article 2–2–b of the NBR statute indicates that: “the main tasks of the National Bank of Romania shall be: […] to conduct the authorization, regulation and prudential supervision of credit institutions and to promote and oversee the smooth operation of the payment systems with a view to ensuring financial stability.” Article 164 of the banking law indicates that “for protecting the interests of depositors and ensuring a sound and viable banking sector, the National Bank of Romania shall carry on the prudential oversight of credit institutions.” The responsibilities of the NBR regarding licensing, regulation and supervision are consistently defined by its statute and the banking law. The banking law Article 4 indicates that: “the National Bank of Romania is the competent authority for the regulation, licensing, prudential supervision of credit institutions”.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	Both the banking law Article 164 and the NBR statute Article 2–2 give NBR the responsibility to promote the safety and soundness of banks and the banking system (considering the NBR primary objective of ensuring and maintaining price stability.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile19 and systemic importance.20
Description and findings re EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. Minimum prudential standards are primarily set at the Romanian and EU levels. The NBR statute Article 25 empowers NBR to: “(a) Issue regulations, take measures for their observance and apply legal sanctions in cases of infringement and (b) check and verify, based on off-site and on-site supervision.” The NBR regularly issues regulations in areas not covered by EU regulations. Some EU regulations are directly enforceable (e.g., 2013 Capital requirement regulation -CRR- and implementation of technical standards -ITS- regulations, e.g., on supervisory reporting), while others need to be transposed in Romanian laws and regulations (e.g., the CRD IV, which is transposed in the banking law-and guidelines issued by the European banking authority -EBA-). The CRR defines binding requirements in some areas (e.g., key aspects of the capital adequacy regime or large exposure regime); in such cases, national supervisor cannot set additional regulatory requirements. NBR is involved in the preparation of banking regulations at the EU level, including participation in several EBA working groups21, to ensure its views can be expressed and considered at an early stage. NBR has the power to increase prudential requirements for individual banks and banking groups based on their risk profile Article 226–3 and 226–4. The supervisory review and evaluation process (SREP) allows NBR to review on an annual basis the opportunity to impose additional capital requirements and, where applicable, define their amount (in the case of subsidiaries of EU banks, such additional capital requirements need to be imposed through a joint decision with the home supervisor, see CP 13). The National committee on macroprudential oversight (NCMO), chaired by NBR, is responsible for identifying systemic institutions and, where applicable, making recommendations on additional prudential requirements they should meet (see CP 3). NBR is then empowered to impose such additional prudential requirements.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	Banking laws, regulations and prudential standards are frequently updated, as needed and without apparent delays. Such amendments are largely driven by changes in the EU regulatory framework, which need to be transposed in Romania. The banking law was amended every year (except 2014) since it was passed in 2006; regulations are also frequently amended considering the specificities of the Romanian banking environment (particularly NBR Regulation 5/2013 which contains key prudential requirements). In Romania, all draft laws and regulations are subject to public consultations based on the provisions of Law No. 52/2003 on decisional transparency in public administration. For NBR draft regulations, after the completion of internal consultation within NBR, a draft regulation is published on the NBR website for public consultation; after the public consultation, a new draft regulation is prepared, approved and published in the Official Gazette (as required by Article 56 of the NBR Statute). There is a specific detailed consultation process at the EU level with public consultations organized by the EU Commission on all draft regulations and directives and by the EBA on its draft guidelines. NBR mentioned that banks and the banking industry are well-aware of this process and provide comments where appropriate.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	Both NBR statute Article 25 and the banking law empower NBR to have full access to relevant information and persons for supervisory purposes: NBR shall have all information gathering and investigatory powers that are necessary for the exercise of its functions Article 225–5 of the banking law; As part of investigations, NBR can require the submission of documents, examine books and records of the bank, its affiliate and, where applicable, its holding company, obtain written or oral explanations from any such person, and interview any other person who consents to be interviewed for collecting information relating to the investigation Article 225–8 of the banking law; During on-site examinations, banks shall allow NBR to “examine their reports, accounts and operations and to provide all the documents and information related to the activity performed, as they are requested,” Article 171. In practice, NBR did not report facing any constraint in accessing banks’ and banking groups’ Boards, management, staff and records. The banking law Article 176 defines cases where supervision shall be applied on a consolidated basis. The scope of Article 176 includes cases where the Romanian bank is a parent undertaking (as defined by the CRR) or the Romanian bank is the only or main bank controlled by an EU financial holding company. The scope of consolidated supervision includes both domestic and cross-border activities. NBR is responsible for the supervision of subsidiaries and branches of countries which do not belong to the European union (see Article 67 and following on branches of third countries and CP 5 on subsidiaries of third countries and subsidiaries and branches of EU banks).
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	When, in NBR judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: take (and/or require a bank to take) timely corrective action and impose a range of sanctions (see CP 11); and revoke the bank’s license. cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate (see CP 3).
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	NBR has the power to review the activities of parent companies and of companies affiliated with parent companies, as part of an application for a banking license is made (see CP 5 on the process followed by NBR) and on an ongoing basis. For supervision purposes, the banking law Article 225 mentions that NBR “shall have all information gathering and investigatory powers that are necessary for the exercise of its functions”, including the power to conduct all necessary investigations of any natural or legal person which are credit institutions, financial holding companies, mixed financial holding companies, mixed-activity holding companies as well as persons belonging to these four entities. NBR mentioned that on-site examination teams verified annually that banks collect adequate information to identifying and assess persons holding qualifying holdings. Regulation 6 also requires banks to keep necessary information to allow the identification of persons holding qualifying holdings and submit annually a statement of all shareholders (including identity, residence and nationality, percentage of participation in capital and voting rights) and, for shareholders holding directly, indirectly or in concert, qualifying holdings, updated financial information (including annual, individual and consolidated financial statements for legal entities and income statements for natural persons).
Assessment of Principle 1	Compliant
Comments	Banking supervision in Romania falls within the responsibility of the central bank, the National Bank of Romania (NBR). The primary objective of banking supervision is to promote safety and soundness (and no other objective of NBR conflicts with this objective). As Romania is a member of the European union (EU), important responsibilities regarding banking supervision are harmonized, coordinated or exercised at the EU or eurozone levels. As part of the passporting regime, EU banks can set-up branches or directly provide financial services in Romania while being supervised by their home authority. Laws and regulations are regularly updated (almost on an annual basis for the banking law), largely in response to new regulations and guidelines issued at the EU level. NBR has powers to take corrective actions and sanctions, when necessary.
Principle 2	Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Governance. NBR statute Article 33 indicates that its Board has responsibility for banking supervision and is made of nine members: four executives—the Governor who chairs the Board, a senior deputy governor and two deputy governors, and five nonexecutive directors. All Board members are appointed for a (renewable) five-year term by Parliament (on the recommendation of the competent standing committees of the two Chambers of Parliament). Board members were last appointed in October 2014 (except for a deputy governor who resigned in October 201622 and was replaced in April 2017 following parliamentary elections in December 2016). A majority (five) of Board members were appointed over eight years ago: The Governor was first appointed in 1990, the senior deputy Governor in 2004, and two members were already present on the Board in 2004 and one in 2009. A supervisory committee including NBR executive directors and senior management was set-up, as envisaged by NBR statute Article 32 and is at the core of the supervisory process. Regulation 99/2 governs its membership (10 members including the Governor as chair, first deputy Governor, two deputy Governors, directors for supervision, regulation and authorization, financial stability, legal, resolution and deputy director of banking supervision); defines its responsibilities (assess and monitor banking activity and risks, approve the on-site examination program and supervisory strategies, approve or reject individual requests from banks—with a few exceptions e.g., changes in the approval of middle management—approve sanctions based on the findings of on-site examinations and validate reports and note prepared for the Board—authorization, draft regulations, etc.; contemplates weekly meetings—or when requested by the Chair—during which decisions are made by consensus or vote and require that its conclusions are sent to the Board on a monthly basis. NBR confirmed that the supervisory committee held regular meetings (sometimes virtual). It met 24 times in 2016. Its activity included the following: (i) notification of the intention on acquiring a qualifying holding in the capital of a bank and/or on increasing such participations; (ii) approval of changes in Board members and/or executives, scope of activity, external auditors, operations on preferential terms set forth in the employee benefits and incentive packages, mergers, etc.; (iii) draft pieces of legislation concerning the activity of banks and nonbank financial institutions; (iv) implementation of EBA Guidelines in the national legal framework and/or in supervisory practices; and (v) monitoring of developments in terms of financial stability, identifying, monitoring and assessing systemic risks and those related to systemically-important credit institutions, specific analyses (monitoring the lending terms and conditions, overseeing the way in which the financial system contributes to the sustainable resumption of lending to the real economy, etc.). See CP 8 on supervisory approach. Independence. NBR statute mentions that (i) NBR is independent Article 1 and (ii) NBR or members of its decision-making bodies “shall not seek or take instructions from public authorities or from any other institution or authority” Article 3. The Statute further indicates that Board members cannot be deputies, senators, or politically affiliated and may not belong to the judicial authority or to the public administration Article 34 of the statute. The Minister of Public Finance (and its State secretary) may participate to NBR board, without voting right, Article 33 of NBR statute). The assessors were informed by the Ministry that it never participated to NBR Board meetings. However, if Article 33 was implemented, it could significantly hamper supervisory independence. In practice, NBR has been able to independently express its opinion when it deemed it justified23. The review of supervisory practices did not identify any case where the independence of the supervisor may have been compromised. Accountability. The banking law Article 224 requires that NBR discloses on a regular basis (i) the texts of laws, regulations, instructions and general guidance adopted in the field of prudential regulation; (ii) the manner of exercise of the options and discretions available in the EU regulations; (iii) general criteria and methodologies used in the review and evaluation of the governance arrangements, strategies, processes and mechanisms implemented by the credit institutions and in the assessment of the risks to which credit institutions are or might be exposed; and (iv) aggregate statistical data on key aspects of the implementation of the prudential framework, including the number and nature of supervisory measures taken and of administrative penalties imposed. NBR statute Article 35 requires that it annually submit to Parliament a report covering its activities during the previous year. The 2016 NBR report contains information on the governance of NBR (including activities performed by its supervisory committee), licensing and regulation (including changes in the prudential and accounting frameworks), implementation of supervision (including distribution of the industry by SREP ratings, implementation of on-site examination program, statistics on corrective measures and sanctions) and key activity and risk indicators for the banking system. Banking supervision is subject to the internal audit of NBR (see CP 8 and 9). At the EU level, several reporting and review requirements for national supervisors also significantly contribute to the accountability framework (e.g., EBA peer reviews on the implementation of guidance and the functioning of supervisory colleges, publication of comparable data across countries etc.).
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The head of the supervisory authority is the Governor of NBR. The first deputy Governor also plays a prominent role in banking supervision (see CP 8). Both are appointed by Parliament, based on recommendations from relevant standing committees (see EC 1); the processes and criteria followed by these standing committees are not known. The fit and proper criteria the standing committees of Parliament responsible for the appointment of Board members expect applicants to meet are unknown. The Governor was regularly reappointed since 1990 and the first deputy Governor since 2004. All Board members have a five-year term limit. The NBR statute indicates Article 33 that: “a member of the Board may be recalled from office by the Parliament, at the joint proposal submitted by the competent standing committees of the two Chambers of Parliament, if s/he no longer fulfills the conditions required for the performance of her/his duties or if s/he has been found guilty of serious misconduct” and specifies that “no member of the NBR’s Board can be replaced for other reasons or following” another procedure. Moreover, “appointment, retirement and recalling from office of any member of the NBR’s Board” must be published in the official gazette and can be appealed to the High Court of Cassation and Justice within 15 days following such publication. There is no explicit provision that the reason(s) for removal is publicly disclosed. There have not been cases where NBR Board members were removed from office (see EC 1 on the resignation of a deputy Governor in 2016).
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.24
Description and findings re EC3	Besides the general objectives and tasks stipulated by the NBR Statute, the NBR makes publicly available in its annual report, its specific objectives in the field of prudential supervision as well as the main actions taken in the past year (see CE 2 on accountability).
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	NBR adopted a regulation defining the responsibilities of the supervisory committee. Detailed responsibilities of senior management are also defined (including the responsibilities of the first deputy Governor and director of supervisor who approve and sign most supervisory measures -unless they fall within the responsibilities of the supervisory committee and the Board- and escalation processes within the departments). The decision to approve types of measure or sanction is the sole responsibility of the first deputy governor; there is no internal guidance available to assist the first deputy governor in determining adequate decisions. For example, after on-site supervisory activities, the inspection team will propose its corrective measures or sanctions for banks through written order to first deputy governor.25 The first deputy governor then approves the orders are they are sent to banks. At times, the inspection team, at its sole discretion, may seek guidance from legal department and discuss within the supervision department prior to submitting the order for approval (see CP 11 EC 4). Communication among key stakeholders are frequent and effective. Article 34 of the NBR statute defines the regime on “incompatibilities and conflicts of interests” (see CE 5). Specific rules are also applied at the EU level (e.g., EBA conflict of interest policy covering inter alia the director and deputy director of banking supervision which declarations of interests are publicly available).
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	Banks and other public stakeholders consistently confirmed the solid credibility of NBR supervisory staff and their professionalism. NBR statute requires that both Board members and staff preserve the confidentiality of information obtained through their work, including after they leave NBR Article 52. The statute also identifies specific cases were such confidentiality requirements are lifted (e.g., during judicial proceedings, when implementing international and cooperation agreements, and in some instances related to the liquidation of a bank). The NBR statute does not mention specific sanctions for failure to comply with such provisions; the code of ethics for supervisory staff (see below) mentions that: “any disclosure of confidential or classified information constitutes misconduct /offence and is sanctioned under applicable law”. Such cases would be reviewed by NBR, including within its overall human resource management framework (i.e., disciplinary actions) and/or reviewed and decided upon by the judiciary. No breach of confidentiality requirements was reported to the assessors by NBR. NBR statute also indicate that: “the employees exercising supervisory tasks are not allowed to take part either in expertise commissions or in any other control actions beyond the tasks and competences granted to them by law” (Article 25). Codes of ethics exist at the level of the Board, NBR and for supervisory staff. The code of ethics for staff with supervisory responsibilities was issued in 2005 and regularly updated (the latest version from October 2015 takes into account general principles implemented at the level of The European System of Central Banks (ESCB) and ECB). This detailed code defines the principles of integrity, independence, objectivity, confidentiality, professional competence which staff need to follow, general principles and prohibitions regarding conflicts of interests (e.g., no supervision of entities where the staff or its close relatives have a financial interest, no direct holdings of bonds or shares in a supervised entity, no gifts – with limited exceptions-, no external activities unless approved by management) and sets rules of conduct applicable to all staff). Board members and staff must submit declarations of interest which facilitates verification of compliance with the provisions of these different codes of ethics. There is no post-employment policy or cooling off period for Board, staff and management. A supervisory staff could thus leave NBR to immediately work for a bank it used to supervise, which could affect the integrity of the supervisory process. NBR indicated to the assessors that no such case occurred in a recent past.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	Supervision is financed out of NBR overall budget approved by its Board, and does not involve any transfer from the Ministry of finance or revenues collected from the industry. NBR profitability and reserves are large enough to ensure adequate funding of supervisory activities (NBR reported profits of 783 million RON (196 million USD) in 2015 and 125 million RON (31 million) in 2016; capital and reserves totaled 17.8 billion RON −4.5 billion USD- in 2016). The overall cost of supervision is not identified as such in a comprehensive manner, but is appropriately financed. NBR staff working on supervisory issues includes 131 staff in the supervision department (55 percent with off-site and 45 percent with on-site) and 42 staff in the regulation and licensing department at the end of 2016. Senior staff is very experienced (e.g., the director, deputy director and heads of division in the supervision department have all been working in this department for at least 14 years). Staffing levels are primarily assessed based on (i) the needs expressed by each division, reviewed by management and eventually approved by the Board of NBR and (ii) experiences in implementing the work program and new tasks. The current level is considered adequate by NBR to conduct its main responsibilities considering the number and complexity of institutions supervised. Staffing level has been roughly stable in recent years. Some positions are not yet filled, because they were recently approved (e.g., four new positions in the AML /CFT division), because no suitable candidate could be identified or positions only recently became vacant. As several staff retired in 2017, the number of vacant positions recently increased (17 in 2017, 8 in 2016, 8 in 2015, 13 in 2014, and 5 in 2013). NBR implements a rigorous process to hire supervisors. Job offers are publicly advertised and can attract up to a hundred applicant for a position. The hiring process involves a written examination tailored to the specific position, an interview and a psychometric examination. This process is led by the hiring department with the involvement of human resources. Most people are hired after five to six years of professional experience, following this process. Most staff working on banking supervision were hired for this purpose as it is uncommon for NBR staff with different expertise to later move to banking supervision (some internal mobility can take place between the regulation, supervision, resolution and financial stability departments). NBR is viewed as an attractive employer, as indicated for instance by the high level of applications when positions are advertised (although it can face challenges in finding candidates with rare and specific skills, e.g., quantitative or IT banking expertise). NBR compensation system was designed with the support of external consultants and aligned with best practices. A formal review conducted in 2014 concluded that NBR median salary was above the industry average. Salaries are considered higher up to the level of head of division (comparison at that level and above are difficult as positions are not directly comparable). The turnover is low, mostly linked to retirements (confirming inter alia that salary scales allow to retain qualified staff) and does not affect the ability of NBR to perform its tasks. Staff turnover reached a peak of 6.9 percent for the first nine months of 2017, primarily because of retirements (4.7 percent in 2016, 1.9 percent in 2015, 4 percent in 2014, and 0.4 percent in 2013). Resignations are exceptional and generally linked to staff moving to international institutions (e.g., ECB). NBR indicated that no staff working on supervisory issues left NBR to work in a commercial bank in recent years. Training, travel and IT budgets are appropriate to allow NBR to perform its supervisory work, including actively engaging in international cooperation (e.g., colleges of supervisors and EBA working groups). Overall budgets in these areas are approved annually by the Board; within overall envelopes approved by the Board for NBR adjustments can be made during the year where additional needs surface. NBR has the power and overall budget necessary to commission external experts (Article 203 of the banking law allows NBR to use such experts and, for financial auditors, Article 52 of the NBR statute specifically mentions this should comply with confidentiality requirements). However, NBR had not used external experts to perform supervisory activities in recent years (in some cases, it asked banks to hire external experts e.g., to conduct independent reviews of collateral valuation see CP 18).
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	The identification of skills required is conducted on an annual basis in the process of staff performance assessment which is performed by each head of division in the first quarter. General training needs, for all relevant staff, re also identified such as: liquidity requirements, SREP, IFRS 9, Recovery Plans etc. Moreover, the participation to the colleges of supervisors, committees, working groups and tasks force set up at the EBA level and joint on-site visits performed in the context of Review panel assessment also contribute to building skills.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	All banks are subject to annual full-scope on-site examinations and close on-going off-site supervision (see CP 8 and 9). As part of the supervisory review and examination program (SREP), conducted on an annual basis, the risk profile and systemic importance of individual banks and banking groups are assessed. These findings guide the allocation of supervisory resources.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	The NBR statute Article 25 mentions that: “the members of the NBR’s Board and the NBR’s employees charged with prudential supervision tasks shall not be subject to any civil or penal sanctions, as the case may be, if the Court finds that these persons fulfilled or failed to fulfill, in good faith and with due care, any action or fact related to the discharge, by law, of prudential supervision tasks. “The costs associated with the judicial proceedings instituted against [these] persons […] shall be borne by the NBR.” These provisions were effectively applied in cases when NBR and its staff were sued by banks, their shareholders, directors or senior management. There is however no legal provision protecting the NBR against lawsuits for actions taken and/or omissions made while discharging their duties in good faith.
Assessment of Principle 2	Materially Noncompliant
Comments	NBR, as a supervisory authority, possesses stable governance arrangements (including a Governor and first deputy Governor which were respectively appointed for the first time in 1990 and 2004) and effective operational independence, facilitated by adequate funding provided out of incomes it generates. It could publicly voice its concerns regarding parliamentary of government initiatives which may affect banking safety and soundness when it considered it necessary, and to consistently supervise all banks, irrespective of their ownership structure, including taking corrective actions when necessary. However, to strengthen arrangements to protect the independence of NBR, the Parliamentary subcommittees responsible for the appointment of NBR board members shall publish rigorous fit and proper criteria and the central bank statute shall be revised so that the Minister of Public Finance (and its State secretary) may not participate to NBR board meetings. It should also be required that the reason(s) for removal of a board member are disclosed. The NBR as an institution should, in addition to its board members and staff, also be protected against lawsuits for actions taken and/or omissions made while discharging its duties in good faith. With respect to internal governance of NBR, the decision to approve sanctions or orders is the sole responsibility of the first deputy governor; there is no internal guidance available to assist the first deputy governor in determining adequate decisions. NBR dedicates generous resources to supervision, in terms of staff, equipment and other variable costs. There is also appropriate flexibility in the allocation of these resources to allow NBR to respond to emerging priorities. The number of vacant positions increased significantly in 2017, largely due to retirements. Although this did not hamper effective supervision, NBR should fill these positions as soon as possible and, going forward, ensure recruitment processes can be completed ahead of planned retirements. NBR adopted detailed arrangements to prevent and manage conflicts of interests at all levels. These should be complemented by a post-employment or cooling-off policy to ensure effective rules govern situations where a staff or Board member intends to take a position in a bank supervised by NBR; effective monitoring and possible sanctions should be associated to this regime. While the assessors were informed that no NBR staff or Board member took a senior position in a bank supervised by NBR in recent years, such situations could happen and should be addressed.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.26
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	The banking law Article 218–1 and the statutes of the central bank Article 3 authorize NBR to exchange information with other domestic authorities responsible for the safety and soundness of the financial system, other financial institutions and financial stability (including deposit insurance, reorganization, resolution and liquidation). Cooperation is also explicitly contemplated with external auditors (see CP 29 for aspects related to cooperation related to anti-money laundering and combating terrorism, AML /CFT). Moreover, internal arrangements facilitate close cooperation within NBR between the supervisory function and other relevant functions (financial stability, resolution, etc.). On microprudential supervision The banking law requires NBR and the Financial supervision authority (ASF), which is the integrated authority responsible for the insurance, securities and pension sectors since 2013, to enter written cooperation arrangements Article 189 of the banking law). An MOU was last updated in 2007. Three banks are listed, including the largest domestic bank (13.2 percent of assets at end 2016). NBR mentioned that nonbanking activities (including some under NBR supervision such as leasing) remain relatively limited in size (<10 percent of consolidated assets), even if several banks have small insurance and securities subsidiaries. No bank is controlled by an insurance or securities firm. The banking law requires that “for the exercise of their supervisory tasks on an individual and/or on a consolidated basis [… NBR and the ASF] shall provide on request all relevant information and on their own initiative all essential information” (Article 190). The banking law further requires, where applicable, consultations prior to taking a “decision of importance” affecting a bank or a financial investment company Article 191–1) and sharing of any information “likely to simplify their task and to allow supervision of the activity and overall financial situation of the undertakings they supervise” where a bank (or a related holding company) controls one or more subsidiaries that are insurance companies or other undertakings provided investment services Article 202–1). A working procedure was issued in 2012 for the exchange of information among the Romanian financial supervisory authorities (NBR and ASF) with respect to the supervised entities within financial groups. It focuses on information relevant to financial soundness (including changes in the structure of the financial group, developments that may significantly affect other entities of the group in terms of capitalization, liquidity, profitability, asset quality etc., sanctions and exceptional measures taken by authorities, conclusions of controls). In addition to exchanges on macroprudential issues which take place in the context of the National Macrofinancial Overnight Committee on systemic risk and financial stability issues, exchanges between NBR and the ASF are primarily written and related to the authorization and modification of the situation of institutions supervised by the two authorities (and related persons who require approval by NBR or the ASF). On-site examinations processes are not coordinated, not have joint or coordinated inspections ever taken place. Technical meetings between NBR and ASF staff tasked with supervisory responsibilities are exceptional. However, there are no regular meetings between the NBR and ASF (i) to discuss the situation and risk profiles of individual institutions active in banking and another sector supervised by the ASF of issues of common interests (e.g., on governance -where a code for listed companies exist-, disclosure requirements or financial reporting) and (ii) coordinate (or agree on joint) supervisory actions, including on-site examination. Considering some banks are listed, many have financial groups and areas of common interest (including governance, financial reporting, disclosure etc.) exist, such regular meetings would be beneficial (both for NBR and the ASF) (See CP8). On financial stability An MOU was signed between NBR, the Ministry of Finance, and authorities later integrated into the ASF (Securities Commission, Insurance Supervisory Commission and Private Pension Scheme Supervisory Commission) in July 2007 creating the National Committee for Financial Stability to ensure the exchange of information between the authorities, and prevent, appraise and manage possible difficulties having a systemic impact. The Law 12/2017 (17 March 2017) on the macroprudential oversight of the national financial system created the National Committee for Macroprudential Oversight (NCMO) replacing the National Committee for Financial Stability. The NCMO is comprised of NBR (three board members), the ASF (three Board members) and the Government /Ministry of Finance (three Board members). It is an inter-institutional structure, without legal personality, responsible for coordinating the macroprudential oversight at national level by setting the macroprudential policy and the appropriate instruments for its implementation. It is mainly responsible Article 3 of Law 12/2017) for (i) identifying, collecting and analyzing information related to its objective; (ii) identifying, monitoring and assessing systemic risk and) identifying systemically important financial institutions and financial system structures; (iii) preparing a strategy on macroprudential policy; (iv) issuing recommendations and warnings in order to prevent or mitigate systemic risks (and monitor implementation); (v) setting and monitoring the intermediate objectives and instruments of macroprudential policy; (vi) issuing recommendations; and (vii) also be responsible for the coordination of financial crisis management. The NCMO is both (i) entitled to request all relevant data and information necessary for achieving its fundamental objective from NBR, ASF, other authorities and institutions, (if the appropriate arrangements are in place to ensure confidentiality) and (ii) required to provide the MOPF, NBR and the ASF with the relevant information necessary to fulfil their tasks. The NCMO issued five recommendations in 2017 (as of November), including setting up working groups on households’ indebtedness and firms’ financial soundness with NBR and the Ministry of Public Finance /National Agency for Fiscal Administration leading such working groups. It is unclear whether any initiative led by a member of the NCMO, as well as other relevant initiatives (i.e., from Parliament), which could have an impact on bank safety and soundness needs to be reviewed in the context of the NCMO (e.g., it was unclear whether the NCMO discussed the proposed reduction in the tax deductibility of provisions on nonperforming loans as they are sold to a third party). It would be advisable that where a public initiative that can affect bank soundness is led by a member of the NCMO, the opinion of the NBR be systematically sought. The Bank Resolution Law No. 312/2015 also has relevant provisions (Article 4, Article 6, Articles 469–472) regarding exchange of information, cooperation and coordination of authorities, for similar purposes. An MOU was also signed between the NBR and the Bank Deposit Guarantee Fund in April 2012 (and amended in 2016 and 2017).
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	The banking law Articles 215 and NBR statutes Article 3 authorize NBR to cooperate with relevant foreign supervisors, including EU and third country supervisors, the European Systemic Risk Board and the European Banking Authority (EBA). Article 222 also allows the NBR to share information “for the purposes of achieving their tasks “with central banks of the European System of Central Banks, institutional protection schemes, other public authorities responsible for overseeing payment systems, European Systemic Risk Board, the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA). The European Central Bank (ECB) /Single Supervision Mechanism (SSM), has been the home supervisor of banking groups which subsidiaries and branches have a combined market share of 72 percent of banking assets in Romania (end 2016) since 2014. NBR actively cooperates with the ECB /SSM, even if an MOU is still to be signed (a draft written coordination agreement on supervisory colleges was submitted by the ECB /SSM for comments in 2017). While this process is ongoing, it was agreed that the provisions of MOUs signed before 2014 with the previous home supervisors would be implemented (NBR signed such MOUs with supervisors including Austria, Cyprus, France, Germany, Greece, Hungary, Italy, Spain, Portugal, and the Netherlands). The provisions of multilateral cooperation and coordination agreements governing supervisory colleges of supervisors (based on the 2009 EBA template for a multilateral cooperation and coordination agreement on the supervision of group) also continue to be implemented until a new framework recognizing the responsibilities of the ECB /SSM is established. NBR is a member of 15 supervisory colleges covering the main EU banking groups active in Romania (see CP 13 on the role of such colleges in the supervisory process). EU regulation 1093 /2010 establishing the European banking authority (EBA) defines areas where information can or shall be shared between EU domestic supervisors (including Romania) and the EBA, mechanisms to implement this as well as the applicable confidentiality regime. NBR concluded cooperation agreements with competent authorities of third countries (Republic of Moldova -where Romanian banks have subsidiaries-, Turkey, Lebanon). According to NBR, the lack of MOU with Israel has not impeded collaboration where needed (in particular at the time of authorizing key persons). The subsidiary of an Israel bank (with a market share of 0.3 percent of assets at the end of 2016) is the only one from a country not belonging to the EU.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Articles 215, 217, and 218 of the banking law allow NBR to provide confidential information to domestic, EU and third country authorities as long as they are subject to “professional secrecy” requirements similar to those applicable to NBR (as defined in Article 214 of the banking law). In practice, cooperation almost exclusively takes place with domestic and EU counterparts. Confidentiality requirements in other EU member states are considered equivalent to the Romanian regime as the CRD IV imposes that each country introduce such requirements in its domestic legal order (Article 53 of CRD IV). MOU signed with EU competent authorities can also include specific requirements on confidentiality (e.g., the MOU with the Bank of Italy mentions that: “compliance with the obligation of professional secrecy by all employees who receive confidential information from the other Authority in the course of their activities is a necessary condition for a successful co-operation between the Authorities. The Authorities agree that any confidential information shared through these arrangements will be used only for lawful supervisory purposes. To the extent permitted by law, the Authorities will maintain the confidentiality of all information received through these arrangements and will not disclose any such information unless it is necessary for carrying out their supervisory responsibilities and after having obtained the prior consent of the other authority.”) For third-country supervisory authorities, as none of the authorities NBR cooperate with has been considered by the EBA as having an equivalent confidentiality regimes for participation in supervisory colleges, NBR performed its own assessment of equivalence of regime for cooperation and was satisfied its requirements were met (such cooperation takes place outside the framework of supervisory colleges). NBR did not report any case where the lack of adequate “professional secrecy” requirements prevented it from exchanging information with relevant authorities. The banking law also requires that information provided by NBR is used for supervisory purposes only in the case of third country authorities, Article 217 and bodies involved in the liquidation and bankruptcy of banks, contractual or institutional protection schemes (as defined in Article 113–7 of the CRR) and bodies overseeing financial auditors Article 219.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and can deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. If the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	The banking law Article 216 requires NBR to use confidential information received from other supervisors for bank-specific or system-wide supervisory purposes only. Article 216: “The National Bank of Romania may use the information received under Article 214 and Article 215 only in the performance of its supervisory tasks and only for the following purposes: (a) to check that the conditions governing the taking-up of the business of credit institutions are met and to facilitate monitoring, on an individual and/or consolidated basis, of the conduct of such business, especially with regard to the monitoring of liquidity, solvency, large exposures, and administrative and accounting procedures and internal control mechanisms; (b) to impose penalties; (c) in the appeal against a decision of the National Bank of Romania; and (d) in court proceedings initiated pursuant to Article 275 paragraph 2 or to the provisions laid down in other law applicable to credit institutions.” The supervisor does not disclose confidential information received to third parties without the permission of the EU supervisor providing the information. If the supervisor is legally compelled to disclose confidential information it has received from another EU supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Article 219–2: “where the information received by the National Bank of Romania originates in another Member State, it shall not be disclosed […] without the express agreement of the competent authorities which have disclosed it, and where appropriate, solely for the purposes for which those authorities gave their agreement.” There is no such explicit provision in the banking law or applicable regulations in the case of information received from authorities located outside the EU (i.e., no disclosure without the permission of the originating supervisor and, when disclosure is legally required, prompt information of the originating supervisor). NBR indicates that these aspects were covered in MOUs, as applicable.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Per Law 312/2015 on bank recovery and resolution, NBR is the resolution authority for banks. The resolution function at NBR is operationally independent, structurally separated from and subject to separate reporting/subordination lines from the banks’ supervisory function, as well as from the other central bank functions. The resolution and supervisory structures collaborate following the NBR internal procedure regarding the information, the frequency and way the information are transmitted between the Bank Resolution Department (resolution structure) and the Supervision Department (supervisory structure) in the context of recovery and resolution. Recovery According to the provisions of Law 312/2015 on bank recovery and resolution: Each bank (which is not part of a group subject to consolidated supervision) shall draw up and maintain a recovery plan providing for measures to be taken by the entity to restore its financial position following a significant deterioration of its financial situation (in cases of subsidiaries and significant branches of EU banking groups, NBR shall review the plan submitted by the consolidating supervisor); The supervisory structure provides the recovery plan to the resolution structure; The resolution function examines the recovery plan with a view to identifying any actions in the recovery plan which may adversely impact the resolvability of the credit institution and make recommendations to the supervisory structure about those matters; The supervisory structure shall transmit the group recovery plan to the resolution structure. Based on this legal framework, all banks prepared and sent to NBR (or through consolidating supervisors) their recovery plans at individual or at the group level. The recovery plans received were assessed by the staff from the off-site supervision (and during the on-site inspections). Recovery plans received by the competent authority from credit institution or from the consolidating supervisor (in case of banking groups for which National Bank of Romania acting as a host authority) are sent by Supervision Department to the Resolution Department to be assessed. The result of the assessment performed by the resolution authority is communicated to the Supervision Department. Resolution According to Law 312/2015 on bank recovery and resolution: NBR, as a resolution authority, shall draw up a resolution plan for each bank, Romanian legal entity (as an individual /group-level resolution authority for the banks under its remit or as a resolution authority at an individual level of a subsidiary, shall draw up, together with the group level resolution authority and the other resolution authorities of subsidiaries involved, group resolution plans); The resolution structure shall draw up the resolution plan after consulting the supervisory structure; The supervisory structure shall promptly communicate to the resolution structure any change that necessitates such a revision or update of the plans; The supervisory structure shall transmit available information relevant to the preparation of a resolution plan to the resolution structure. According to the Article 180(1) of the Law No. 312/2015 (transposing Article 32(1) of the BRRD), the NBR, as a resolution authority, shall take a resolution action in relation to a credit institution only if it considers that all of the following conditions are met: The NBR, as a competent authority, shall determine that the credit institution is failing or is likely to fail. For this purpose, the supervisory structure shall consult the resolution structure; Having regard to timing and other relevant circumstances, there is no reasonable prospect according to which failure could be prevented within a reasonable timeframe, by any alternative private sector measures, including measures by an institutional protection scheme, or supervisory action, including early intervention measures or the write-down or conversion of relevant capital instruments in accordance with Article 359 taken in respect of the credit institution concerned; A resolution action is necessary in the public interest pursuant to Article 182. For 2016, NBR, as a resolution authority, participated in drafting, or where applicable, drafted resolution plans for: Fourteen credit institutions that are subsidiaries of cross–border groups, subject to consolidated supervision, within the resolution colleges established by the SRB/other group level resolution authorities (63 percent of the banking assets at end 2016). Eight credit institutions that do not belong to cross–border groups, under the NBR’s remit (23 percent of banking assets at end 2016) More broadly, the supervisory structure shall notify the resolution structure without delay upon determining that a bank infringes or is likely in the near future to infringe key prudential requirements Article 150 of the recovery and resolution law. Moreover, the supervisory structure shall consult the resolution structure ahead of NBR determining that a bank is “is failing or likely to fail”, which shall trigger resolution (if all conditions referred to in Article 180–1 are fulfilled).
Assessment of Principle 3	Largely Compliant
Comments	Arrangements are in place to facilitate and ensure cooperation with relevant domestic and foreign authorities. There is intense cooperation among EU authorities to jointly supervise EU banking groups, which entities have a combined market share of 76 percent of banking assets in Romania (see CP 13). Cooperation among domestic authorities is organized, including with the ASF which regulates insurance and capital market activities and, for macroprudential matters, within the National committee for macroprudential oversight set up in 2017. However, there are no regular meetings between the NBR and ASF (i) to discuss the situation and risk profiles of individual institutions active in banking and another sector supervised by the ASF of issues of common interests (e.g., on governance -where a code for listed companies exist-, disclosure requirements or financial reporting) and (ii) coordinate (or agree on joint) supervisory actions, including on-site examination. Considering some banks are listed, many have financial groups and areas of common interest (including governance, financial reporting, disclosure etc.) exist, such regular meetings would be beneficial (both for NBR and the ASF). Following the adoption of law 312/2015 on bank recovery and resolution, detailed processes are implemented to ensure effective coordination between NBR supervisory and resolution functions to undertake recovery and resolution planning and actions. These arrangements have been effectively implemented in 2016 and 2017 as recovery and resolution plans were prepared. Explicit provisions could be added in the banking law regarding the treatment of information received from authorities located outside the EU (i.e., no disclosure without the permission of the originating supervisor and, when disclosure is legally required, prompt information of the originating supervisor). This would ensure strengthen existing practices where such issues are covered in MOUs.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	Article 7–1 of the banking law defines banking activity as the taking of deposits or other repayable funds from the public and granting of credits for its own account.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	Article 18–1 defines the activities which “credit institutions” can perform: Acceptance of deposits and other repayable funds; Lending including, inter alia: consumer credit, mortgage credit, factoring with or without recourse, financing of commercial transactions, including forfeiting; Financial leasing; Payment services; Issuing and administering other means of payment such as travelers’ checks and bankers’ drafts; Issuing guarantees and commitments; Trading for own account or for account of customers in money market instruments (incl. checks, bills, promissory notes, certificates of deposit), foreign currency, financial futures and options, instruments on foreign exchange and interest rate, transferable securities and other financial instruments; Participation in securities issues and other financial instruments by underwriting and selling them or by selling them and providing ancillary services; Advice on capital structure, business strategy and other related issues, advice and other services relating to mergers and purchase of undertakings as well as other advice services; Portfolio management and advice; Safekeeping and administration of financial instruments; Intermediation on the inter-bank market; Credit reference services related to provision of data; Safe custody services; Issuing of electronic money; Operations with precious metals, gems and objects thereof; Acquiring of participations in the capital of other entities; Any other activities or services in the financial field, abiding by the special laws regulating those activities, where appropriate.
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	Article 6 of the banking law prohibits “any person, other than an authorized credit institution […] from using the name “bank” or “credit co-operative organization”, “credit co-operative”, “central body of credit co-operatives”, “cooperative bank”, “cooperative central bank”, “mortgage bank/mortgage loan bank”, “savings bank for housing”, or derivatives or translations of these names, in connection with an activity, a product or a service.” It allows the following exceptions: “where this use is imposed or acknowledged by law or by an international agreement, or when, from the context in which the respective name is used, it follows undoubtedly the fact that no banking activity is being pursued.”
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.27
Description and findings re EC4	Article 5 of the banking law prohibits “any natural person, legal person or entity without legal personality which is not an authorized credit institution […] from carrying on the business of taking deposits or other repayable funds from the public, or the business of raising and/or managing amounts from the contributions of the members of an association with a view to saving and lending in a collective system to purchase goods and/or services by its members.” The following exceptions to the prohibition for unlicensed persons to take deposits are allowed: (i) EU member state or EU member state’s regional or local authorities; (ii) public international bodies of which one or more EU member States are members; and (iii) in cases expressly provided by the Romanian legislation or EU law provided that those activities are subject to regulations and controls relating to such cases, intended to protect depositors and investors.” NBR indicated that no institution fell in this category (iii) in Romania. The law on nonbank financial institutions (NBFI) also explicitly prohibits these from taking deposits. Small credit unions and a post office exist in Romania but are not allowed to take deposits (i.e., credit unions can only offer services to their members, contributions members make are used to fund loans to members, people lose their quality of member if they withdraw their contributions). According to NBR, there has not been any recent case of illegal provision of banking activities.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Article 417 of the banking laws requires that “the credit institutions which perform their activity in Romania […], including the branches of the credit institutions from other Member States and from third countries, shall be registered by the National Bank of Romania in the register of credit institutions which shall be available to all those interested.” NBR publishes on its website an updated list of all credit institutions incorporated in Romania (by category), authorized branches as well as other EU banks authorized to provide financial services in Romania.
Assessment of Principle 4	Compliant
Comments	Only licensed credit institutions are allowed to provide banking services.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)28 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	NBR has exclusive competence for granting and withdrawing the license of the following institutions: Banks incorporated in Romania. As of October 2017, 25 banks had a full license and two were housing banks; Branches of banks of countries located outside the European union Article 67–1 of the banking law). As of October 2017, no branch from a third country was licensed (and no such request was ongoing); Credit cooperatives. As of October 2017, there was one credit cooperative central body licensed (as a bank) and 41 individual credit cooperatives. Aggregated assets of the credit cooperative central body and 41 individual credit cooperatives represent 0.3 percent of banking assets. As part of the EU passporting regime, banking services, including deposit taking, may also be offered in Romania by banks licensed and supervised in another EU country, without the prior approval of NBR. Such services are either be offered through a branch established in Romania or directly by the head office located in another EU country. In both cases, NBR must receive a notification by the home supervisor: In the case of the establishment of a branch (Article 48 of the banking law), NBR has up to two months to communicate to the EU bank the list of nonprudential requirements applicable to the branch, including in the area of AML /CFT (i.e., “legal acts issued in the interest of general good, stipulating the particular conditions under which certain activities may be carried on”). NBR cannot impose specific prudential requirements to the branch, nor conduct supervision on aspects other than nonprudential areas; An EU bank can use the freedom to provide financial services across the EU as soon as NBR received the notification from its home supervisor (Article 49 of the banking law). NBR cannot impose specific prudential requirements or conduct supervision. This EU framework exists across the EU and is established on the premise that licensing, regulatory, supervisory and resolutions arrangements are harmonized and consistently applied across EU countries. As of October 2017, 10 branches of EU banks were registered by NBR (some of which were no more active as their head-office was resolved) and 308 institutions had notified NBR of their intention to provide financial services in Romania (without having a physical presence). Branches of EU banks represent 10 percent of assets in Romania, with the largest holding two thirds of these (see CP 13 on home-host arrangements in the EU and NBR participation to the college of supervisor of the bank with the largest branch). In the rest of this CP, references made to banks do not, unless otherwise indicated, include branches of EU banks or EU banks using the freedom to provide financial services in Romania.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	The banking law empowers NBR to set criteria for licensing banks Article 10–2; this regime is largely harmonized at the EU level (see CRD IV and EBA 2012 guidelines on the assessment of the suitability of members of the management body and key function holders). NBR issued in 2007 Regulation 11 on the authorization of credit institutions, Romanian legal entities, and branches in Romania of third-country credit institutions which defines its licensing requirements. The EBA published in July 2017 draft regulatory technical standards (RTS) on the information applicants and draft implementing technical standards (ITS) related to the templates to be used, which once issued by the EU Commission will replace relevant provisions of Regulation 11. NBR can reject an application if licensing criteria are not fulfilled or if the information provided is inadequate Article 38–1 of the banking law. It can also withdraw a license if a license was granted based on false information Article 39 of the banking law.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	The criteria for issuing licenses are defined by the banking law -as regularly updated- and regulation 11 -issued in 2007 and amended in 2009 and 2011-. They are consistent with key criteria applied for ongoing supervision. The last time a bank was licensed by NBR was in 2009 and no new license application was received recently. Should a new application be received, considering significant evolutions in supervisory expectations and practices since 2009, it would be important to closely involve staff from the supervision department in the review of the application to ensure it is in line with current supervisory practices.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.29 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Laws and regulations require NBR to ensure the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision: Article 15–2 of the banking Law: “Where close links exist between the credit institution, a Romanian legal entity, and other natural or legal persons, the National Bank of Romania shall grant authorization only if those links do not prevent the effective exercise of its supervisory functions. In this respect, it should also consider situations in which the laws, regulations or administrative measures of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the application of those laws, regulations or administrative measures preventing the effective exercise of its supervisory functions.” Article 18(19) of Regulation 11: “(1) Assessing the suitability of the significant shareholder also considers whether the bank will be able to comply with the prudential requirements […] and, in particular, whether the group of which he is part of, has a structure that allows the exercise of effective supervision […] (3) The assessment of issues related to exercise effective supervision envisages that National Bank of Romania should not be impeded to fulfill its supervisory tasks by the bank’s close links with other natural or legal persons or by laws, regulations or administrative measures in another state governing the natural or legal person which is closely linked to the bank, or by difficulties in implementing these laws, regulations or administrative measures. Article 18(20) of Regulation 11: “Both the bank and the group shall have a clear and transparent governance and management framework and a suitable organization, including effective internal control and independent control functions (risk management, compliance and internal audit). NBR mentioned that it paid attention to transparency and the lack of impediment to effective supervision when it reviewed several license applications in the 1990s and early 2000s. Banks licensed in Romania have transparent ownership structures and NBR did not face any impediment to effective supervision.
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	Identification of major shareholders including beneficial owners The banking law, transposing relevant provisions of the CRD IV, establishes information requirements which aim at allowing NBR to identify the bank’s major shareholders and others that may exert significant influence. Article 15–1 requires that: NBR is “informed on the identities of the shareholders or members, natural or legal persons, that are going to have, directly or indirectly, qualifying holdings in that credit institution, and on the amounts of those holdings”. The CRR defines a qualifying holding as “a direct or indirect holding in an undertaking which represents 10 percent or more of the capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking” “Where there are no qualifying holdings, the National Bank of Romania shall be informed on the identity of the 20 largest shareholders or members and on the amounts of their holdings.” The questionnaire in Annex 2 of Regulation 11 which any of the major shareholders (as defined by Article 15–1 of the banking law) need to fill includes a requirement to communicate the identity of all persons who are real beneficiaries of the legal entity and defines “real beneficiaries are individuals who finally own or control the stockholder, as well as persons on account of which the participation is acquired. It includes also persons exercising ultimately effective control over the stockholder, that is a legal person or a legal arrangement (such as a trust)”. This definition adequately places the emphasis on the natural person(s) who have ultimate ownership or control (and the banking law explicitly indicates that any license granted based on false information can be revoked by NBR). Suitability of major shareholders The banking law Article 15–1 indicates that NBR “shall only grant authorization if, taking into account the need to make sure the sound and prudent management of the credit institution, it is satisfied as to the suitability of those persons.” Regulation 11 provides additional details regarding the assessment of suitability. Transparency of the ownership structure Article. 1820 of Regulation 11 requires that: “both the bank and the group shall have a clear and transparent governance and management framework and a suitable organization” and Article 1819 defines a group as the group members, including parent undertakings and subsidiaries. More broadly, the transparency of the ownership structure would be reviewed by NBR as it assesses the suitability of the shareholders (including ultimate beneficial owners). Source of funds There are direct requirements regarding the sources of funds. Article 1824 requires that “the funds used for participation in the capital shall originate from legitimate sources and funding mechanism shall be transparent. In this regard, it will demonstrate at least that these funds are transferred through credit institutions or financial institutions subject to supervision by competent authorities of Member States or third countries considered to have equivalent systems to those in the European Union to fight against money laundering and terrorist financing.” Ability of shareholders to provide additional financial support Article. 1821 specifically addresses the ability of shareholders to provide additional financial support: NBR “will take into account whether the significant shareholder will be able to: (a) provide the bank with financial support which it may need for the proposed activity, (b) provide the bank with capital which it may need for the further development of the business, (c) implement any appropriate solution to adjust future needs of the bank’s own funds.”
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	The banking law Articles 11, 70, and 345 and NBR Regulation 5/2013 Article 249 set a minimum capital amount for different categories of banks: 37 million RON (9.25 million USD) for a bank licensed in Romania or a branch of a third country (unless it is only authorize to perform activities of mortgage bank or building societies); 25 million RON (6.125 million USD) for a mortgage bank or a building society (or a branch of a third country bank authorized only to doncut such activities) licensed in Romania; Equivalent in RON of 10 million EUR (9 million USD) for the entire network of credit cooperatives including at least the eqiivaent in RON of 5 million EUR (4.2 million USD) for the central body of credit cooperatives and 300,000 RON (75.000 USD) for each individual credit cooperative. Branches of EU banks are exempt from such requirements (he parent needs to meet such requirements in its home jurisdiction).
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.30 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	For banks incorporated in Romania, NBR needs to approve the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test) at authorization and on an ongoing basis. The banking law requires each of the members of the Board, members of senior management, “as well as the persons appointed to conduct the business regarding the management and control of risks, internal audit, judicial, conformity, treasury, lending activity, as well as any other activities which may expose the credit institution to significant risks” Article 108 shall be at any time of “good reputation, knowledge, skills and have sufficient experience to match the nature, size and complexity of the business of the credit institution and of the entrusted responsibilities and shall conduct the activity according to a sound and prudent banking practice”. The fit and proper criteria include: Skills and experience in relevant financial operations commensurate with the intended activities of the bank; No record of criminal activities or adverse regulatory judgments, in Romania and abroad, that make a person unfit to uphold important positions in a bank. Regulation 11 (Article 17) requires, in particular, NBR to review, at least over the last ten years: whether a person has been in conflict with a supervisory authority, sanctioned, denied approval or “have been in other situation which, given its relevant aspects, might have negative effects on the image of the bank”, if an institution where the person assumed Board or senior management responsibilities (or a significant shareholding) were sanctioned, denied or withdrawn an authorization or faced a material deterioration of its prudential situation, whether the person has been subject to criminal or administrative proceedings. Article 109 of the banking law gives broad power to NBR to appreciate whether these requirements are met (NBR has “the power to analyze to what extent the minimum requirements of this emergency ordinance and of the regulations issued for its application are observed, to assess all circumstances and information regarding the activity, reputation, moral integrity and background of each person mentioned under Article. 108 and to decide whether the respective person fulfils the requirements laid down both at the individual and joint level.”) The requirement for NBR to determine whether the bank’s board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks are covered in Article 108–4 of the banking law. The NBR also indicated these aspects were addressed during the reviews and interviews of individual Board members. The NBR last licensed a bank in 2009, but NBR implements a thorough review as it assesses the merits of new Board member or senior management as part of its ongoing supervision. (see CP 14 for the details regarding this process). For branches of third country, at least two persons shall be responsible for the management of the branch, shall be empowered to legally engage the credit institution in Romania, shall enjoy sufficiently good reputation and expertise to discharge the assigned duties and should be subject to a similar approval process as that described for locally incorporated banks Article 71 of the Banking Law. There was no branch of a third country (or ongoing application) at the time of the BCP assessment.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.31
Description and findings re EC8	The Banking Law Article 17 requires NBR: (i) to review the proposed strategic and operating plans of the bank (respectively referred to as the program of operations linked to intended objectives and the structural organization) and (ii) to ensure the operating structure is consistent with the type, size, and complexity of the envisaged activities. Article 17: “any authorization application of a credit institution shall be accompanied by a program of operations setting out at least the types of business envisaged and the structural organization of the credit institution. The program of operation should demonstrate the credit institution’s ability to achieve its intended objectives in a way consistent with the rules of a prudent and sound banking practice, by means of adjusting its management structure, procedures, internal mechanisms and capital structure to the type, size and complexity of the envisaged activities.” Regulation 11 Article 23 defines minimum information that the proposed plan of activity should cover. These includes: the formal framework for the administration of the bank activity, including the draft of the organization structure of the bank, the assignment of tasks for each department/responsibility center of the bank and the relations between them (information flows), the tasks of the branches and other secondary offices of the bank, the tasks of the specialized committees of the bank, the responsibilities of the administration and/or management bodies of the bank (Board of Directors, managers, the supervisory council and the directorate), of the persons charged with the management of bank departments, branches and other secondary offices and of other employees performing transactions in the name and account of the bank. Where appropriate, it will be presented also the position of the credit institution within the belonging group, in terms of management structures and lines; the outsourcing policies, the activities to be outsourced and the types of entities (inside or outside the group) to which the activities are outsourced in the first three years of activity The description of “know your customers” policies. Expectations and information requirements related to the detection and the prevention of criminal activities could usefully be described in more details.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	NBR reviews pro forma financial statements and projections of the proposed bank, including. Applicants have to provide a plan of activity Article 23 of Regulation 11 covers estimated financial statements for the first three years of activity, based on applicable IFRS requirements on a solo or consolidated basis, as applicable, and accompanied by a report from a financial auditor prepared according to international standards on auditing.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	EU banks Where an EU bank applies for a license to set-up a bank in Romania, the banking law Article 37 stipulates that NBR shall consult the competent EU home supervisor if the Romanian bank would be a subsidiary of the bank located in this other EU country (or of the parent of the latter) or would be controlled by the same persons. Where an EU bank intends to set-up a branch in Romania, the license is issued by the home supervisor and takes effect after NBR communicates the list of applicable nonprudential requirements to the branch (the notification initially issued by the home supervisor ensures it does not have objections). Banks from a third country Where a bank from a third country applies for a license to set-up a subsidiary in Romania, there is a clear, if indirect, requirement to assess whether the home supervisor practices consolidated supervision, indirect requirement to contact the home supervisor (see EC 7) and no requirements that it does not object to the proposed acquisition: The banking law indirectly requires NBR to assess whether consolidated supervision equivalent to that implemented in Romania is practiced in the third country, as it requires that it otherwise consider applying “other appropriate supervisory techniques in order to achieve the objectives of supervision on a consolidated basis of credit institutions” (Articles 206 and 207). Article 1813 of Regulation 11 indicates that : “the assessment of reputation requirements may be facilitated by cooperation with the competent supervisory authority from the third country whose regulations on reputation requirements are considered equivalent if: (a) the significant shareholder is a natural or legal person, already considered to have a good reputation as a significant shareholder of an entity regulated and supervised by a supervisory authority in a third country; (b) the significant shareholder is a natural person who provides the management and/or administration of an entity regulated and supervised by a supervisory authority in a third country; and (c) the significant shareholder is an entity regulated and supervised by a supervisory authority in a third country.” Where a bank from a third country applies for a license to set-up a branch, the banking law (Article 67–1) requires NBR to establish that the home supervisor “does not oppose the establishment of a branch in Romania”.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	The annual on-site full scope inspection (and SREP process) allow close monitoring of newly licensed banks. Concerning nonprudential topics where NBR is competent, on-site examinations of branches of EU banks are conducted (see CP 8 and 9).
Assessment of Principle 5	Compliant
Comments	NBR has exclusive competence for granting and withdrawing the license of banks incorporated in Romania, branches of banks located outside the EU, and credit cooperatives. NBR has the power to set licensing criteria, within the framework of the CRD IV and the banking law, and has done so by issuing and updating two regulations (6 and 11). These regulations cover inter alia the assessment of the ownership structure and governance of the bank and its wider group as well as its strategic, operating and financial plans. The licensing process is led by NBR licensing and regulation department. NBR last licensed a bank incorporated in Romania in 2009 and no new application was received recently. No branch of a third country is licensed in Romania, nor have any application been received for this purpose. Should a new application be received, and considering significant evolutions in supervisory expectations and practices since 2009, it would be important to closely involve staff from the supervision department (and, where applicable, from the resolution department) in the review of such application. A few aspects could be clarified or covered in more details in the regulatory framework regarding: (i) in the case of shareholders with banking interests in a third country, requirement for NBR to contact the home supervisor and ensure it does not have objection and (ii) expectations and information requirements related to the detection and the prevention of criminal activities could usefully be described in more details. Banking services, including deposit taking, may also be offered in Romania by banks licensed and supervised in another EU country, without the prior approval of NBR. Such services are either offered through a branch established in Romania or directly by the head office located in another EU country. In both cases, NBR must receive a notification by the home supervisor. Prudential responsibilities stay with the home supervisor based on the expectation that it will perform “equivalent” supervision. Five branches of EU banks were established during the past five years. A notification regime applies in such cases. Branches established since 2012 include a branch of Veneto Banca, a small Italian bank, in 2014; Veneto Banca which was liquidated in 2017. Its Romanian branch assets were taken over by a newly authorized branch of Intesa San Paolo, a large Italian banking group; this branch started its activities two months after Veneto Banca was liquidated. There was no bank run (Romanian depositors were covered by the Italian deposit insurance scheme which did not have to intervene) or disruption of activities in the Romanian branch. Activities in Romania were small in the Veneto Banca group an unrelated to the problems it faced. The ownership structure of locally incorporated banks and branches of EU banks is transparent: there are 19 subsidiaries of EU banks, 8 branches of EU bank, 1 subsidiary of an Israeli bank, and 9 locally-owned banks (including a large listed private bank, two state-owned banks; only two of locally-owned banks have natural persons who hold qualifying holdings and subject to close oversight by NBR).
Principle 6	Transfer of significant ownership. The supervisor32 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.
Description and findings re EC1	The banking law refers to the definition of qualifying holding included in the CRR (see CP 5 EC 5 for the detailed definition). A proposed acquisition is defined by the banking law Article 7 as: “the decision taken by a proposed acquirer to acquire, whether directly or indirectly, a qualifying holding in a credit institution, Romanian legal person, or to increase its qualifying holding so that the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 33 percent or 50 percent or so that the credit institution would become its subsidiary.” Regulation 11 Article 2 defines a significant shareholder as “a natural or legal person, or a group of natural and/or legal persons, acting in concert, who holds, whether directly or indirectly, qualifying holdings in a credit institution”
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	The banking law sets detailed requirements for acquisitions (Article 25): Any proposed acquirer shall notify NBR in advance when it intends to acquire 20 percent, 33 percent, or 50 percent of the capital or of the voting rights of a bank (as well as when the bank would become its subsidiary). When the notification cannot be made in advance, “for objective reasons”, the notification is required from the date of acquisition; NBR shall acknowledge in writing, within two days, receipt of the notification and indicate the expiration date for the assessment period, which shall not exceed 60 working days after all required documents are received; NBR may require additional information no later than the 50th business day of the assessment period and the proposed acquirer shall provide this information within 20 working days; The assessment period may be extended by 30 days if the proposed acquirer is situated outside the EU or is not subject to prudential supervision; and If NBR does not oppose the proposed acquisition within the assessment period in writing, it shall be deemed to be approved. The banking law Article 26 indicates that NBR shall assess the suitability of the proposed acquirer and the financial soundness of the proposed acquisition against all the following criteria: the reputation of the proposed acquirer, respectively its integrity and professional competence, the reputation, knowledge, skills and experience of any person who will direct the business of the bank, as a result of the proposed acquisition; the financial soundness of the proposed acquirer, in particular in relation to the type of business pursued and envisaged in the credit institution in which the acquisition is proposed, whether the bank institution will be able to comply with prudential requirements, including whether the group of which it will become a part has a structure that makes it possible to exercise effective supervision, effectively exchange of information among the competent authorities and determine the allocation of responsibilities among these authorities, whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, there has been committed an offence or an attempt of offence on money laundering or terrorist financing or that the proposed acquisition could increase the risk thereof. For disposals, the banking law requires Article 27) any natural or legal person who has decided to dispose or reduce a qualifying holding so that the proportion of the voting rights or of the capital held would fall below 20 percent, 30 percent or 50 percent or so that the credit institution would cease to be his subsidiary, to notify in writing NBR (Regulation 6, Article 1513 indicates that the notification shall be made in advance, without further details). Regulation 6, Article 1515 requires licensed banks to inform NBR immediately about any acquisition or disposal of their shares which exceeds or is below the levels for which there is an obligation to notify based on Article 25 and 27 of the banking law (see above). The banking law contains detailed provisions change in ownership or the exercise of voting rights over a particular threshold or change in controlling interest. However, there is no definition of beneficial ownership.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	NBR has the power to reject any proposal for a change in significant ownership or controlling interest, where it is not satisfied with the suitability of the proposed acquirer and the financial soundness of the proposed acquisition after completing the assessment specified in the banking law (see EC 1). Where a person completes an acquisition during the assessment period or despite the opposition of NBR or when a person disposes of a qualifying holding without notifying NBR, NBR shall (i) issue an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct and (ii) suspend the voting rights of the (responsible) shareholders Articles 229–2 and 2291 of the banking law). If NBR determines that the change in significant ownership was based on false information, it has the power to suspend related voting rights based on the broad provisions of Article 230–1 of the banking law: “Where the persons having qualifying holdings in a credit institution, Romanian legal person, do not longer comply with the requirements provided by the law and by regulations issued for its application regarding the quality of a credit institution’s shareholding, or if they exercise an influence that jeopardizes the credit institution’s prudent administration, the National Bank of Romania shall take appropriate measures to cease that situation. For this purpose, regardless of any other measures or penalties against the credit institution or persons performing administration and/or management duties, the National Bank of Romania may decide on the suspension of exercising the voting rights attached to the shares held by those shareholders or members”. The banking law empowers NBR to require that a change in significant ownership, which occurred without notification, during the assessment period or against the opposition of NBR, is reversed within three months or nullified: Article 232: “(1) The persons who acquired a qualifying holding despite the opposition of [NBR] must sell, within three months of the date when the opposition was communicated, their shares representing qualifying holdings acquired in such a way. After the expiry of this time limit, unless the shares are sold, [NBR] shall require the credit institution, Romanian legal person, to cancel the shares involved, to issue and sell new shares bearing the same number, and the amount of money collected from the sale shall be made available to the initial acquirer, after the cost related to the sale was deducted; (2) The Board of administration of the credit institution, or the Directorate, as the case may be, is responsible for the implementation of measures necessary for the cancellation of shares in accordance with the provisions of paragraph (1), and for the sale of the newly issued shares; (3) If, for want of buyers, the sale did not take place or was only partially accomplished in terms of the newly issued shares, the credit institution shall proceed to the reduction of its share capital by subtracting the amount representing the difference between the registered share capital and the share capital held by shareholders with voting rights. (4) The provisions of paragraph 1–3 are also applicable in case of persons who failed to notify the National Bank of Romania of the acquisition of a qualifying holding, pursuant to Article 25 paragraph 1, and do not comply, in the time limit set by the National Bank of Romania, with the requirement to provide the necessary information and documentation for the assessment provided by Article 26 paragraph 1. In this situation the National Bank of Romania could oppose to the acquisition according to the provisions of Article 26 paragraph (2).”
EC4	The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Regulation 6 (Article 1516) requires banks to submit annually to NBR Financial information related to shareholders which hold, directly or indirectly or in concert, qualifying holdings: For legal entities, annual, individual and, where appropriate, consolidated financial statements, For natural persons, income statement submitted to the tax authorities (or, where appropriate, solemn declaration showing the income source and amount as well as the nature of obligations assumed) A statement of all shareholders, including the following information: identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights. There is no specific requirement for banks to provide information regarding identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. NBR indicated such aspects were verified during the annual full-scope on-site examinations (in the absence of an on-site inspection manual or methodology, it is difficult to assess whether this is done on a systematic basis and how such verifications are conducted).
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	Where a change control has taken place without the necessary notification or approval from the supervisor, NBR can suspend the exercise the voting rights, require that the related shares are sold within three months and, should his not be done, require that the shares be nullified. (see EC 3)
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There are no specific laws or regulations stipulating that institutions must notify NBR as soon as they became aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Assessment of Principle 6	Largely Compliant
Comments	In the past five years, 33 requests for changes in significant ownership were received, largely related to the consolidation process in the banking industry. 31 such requests were approved and two denied (respectively in 2013 and 2014). Rejections were motivated (i) in one case, by insufficient integrity of the proposed shareholder as its chairman of the Board was investigated and sanctioned by the ASF and (ii) in another case, in insufficient transparency of the shareholders abroad as NBR did not receive appropriate information to assess their suitability. NBR implements a rigorous definition of transfer of significant ownership, in line with the provisions of the CRD IV (i.e., direct, indirect or control 20 percent, 33 percent, or 50 percent of the capital or voting rights of a bank or acquisition making the bank a subsidiary), as well as requirements on the transparency of bank ownership. It could usefully complement its regulatory requirements by introducing a definition of ultimate beneficial owner and require banks to provide information regarding the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. While banks keep close contacts with NBR and ted to inform it of any material development, it would be relevant to include a specific requirement that banks must notify NBR as soon as they became aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	In the past five years, there were only four significant acquisitions which involved the acquisition of a Romanian bank by another Romanian bank. The regime in Romania, as well as in other EU countries, is based on the notion of qualifying holding (see CP 5 EC 5 for the detailed definition). The banking law Article 2, transposing relevant provisions of the CRD IV, defines a proposed acquisition as: “the decision taken by a proposed acquirer to acquire, whether directly or indirectly, a qualifying holding in a credit institution, Romanian legal person, or to increase its qualifying holding so that the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 33 percent, or 50 percent or so that the credit institution would become its subsidiary”. Prior approval Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country, prior approval is required if, following the acquisition of a qualifying holding, the entity located in a third country would be included in the scope of prudential consolidation Article 146 of the banking law). Such undertakings which can be included in scope of prudential consolidation (Article 18 of the CRR) include both “institutions” (i.e., credit institutions and investment firms) and “financial institutions” (i.e., other institutions which principal activity is to acquire holdings or to pursue one or more of the following activities lending, financial leasing. payment services, issuing and administering other means of payment, guarantees and commitments, trading for own account or for account of customers in money market instruments, foreign exchange, financial futures and options, exchange and interest-rate instruments, transferable securities, participation in securities issues and the provision of services relating to such issues, advice to undertakings on capital structure and industrial strategy, money broking, portfolio management, advice, safekeeping and administration of securities and issuing electronic money). Notification The acquisition of any other qualifying holding by a Romanian bank needs to be notified to NBR within five business days (Article 147 of the banking law). In the case of the acquisition of qualifying holdings in EU credit institutions, NBR can share its views with the relevant EU supervisor prior to the acquisition. The regime applicable to the transfer of significant ownership defined by the CRD IV (which transposition in Romania is described in CP 6) applies: prior notification by the acquirer (the Romanian bank) to the EU supervisor responsible for the credit institution in which a qualifying holding is acquired (Article 22 of the CRD IV), detailed timeframe and criteria for the assessment (Articles 22 and 23) and consultation between the supervisors of the EU and Romanian credit institutions, i.e., NBR (Article 24). Limitations and prohibitions For other investments, the CRR (Article 89) limits individual participations to 15 percent of a bank’s own funds and the aggregate of such participations to 60 percent of a bank’s own funds (see EC 5). Moreover, the banking law (Article 144) prohibits Romanian credit institutions from acquiring qualifying holdings in entities covered by Article 89 of the CRR if they would then become their subsidiaries.
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	See CP 6 for a detailed description of the regime applicable to transfer of control of Romanian banks. Where a Romanian bank intends to establish a branch in another EU country (Article 81–1 of the banking law), it shall send a notification to NBR with details regarding the address and country of the proposed branch, a program of operations (including at least the types of business that are to be carried on and the structural organization of the branch) and the identity of the persons designated to ensure the management of the branch and information regarding their reputation and professional expertise). Within three months of receipt of the notification, NBR shall (i) either communicate the information received to the EU host supervisor and inform the credit institution accordingly; or (ii) oppose the establishment of the branch if it has “reasons to ascertain that the administrative structure or the financial situation of the credit institution is not adequate” (and convey the underlying rationale of its decision to the Romanian bank). Where a Romanian bank intends to establish a branch in a third country not belonging to the European union, Article 91 of the banking law mentions it shall submit a request for approval to NBR. NBR may reject the application if, on the basis of information held and documentation submitted, it ascertains that: (i) the bank does not have an adequate financial standing or the administrative capacity to carry on the envisaged activity through the branch; (ii) the existing legislative framework of the third country and/or the manner in which it is implemented impedes the exercise by NBR of its supervisory functions; or (iii) the bank posts an inappropriate development of the prudential indicators or does not comply with other prudential requirements.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.33 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	See EC 2 Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country which would then be included in its prudential consolidation, NBR shall conduct its review to ensure Article 146–2 that (i) the acquisition shall not expose the Romanian bank to undue risks or hinder effective supervision on a consolidated basis and (ii) the Romanian bank shall have adequate financial and organizational resources to handle the acquisition and management of the respective holdings. In such cases, the application for approval shall be accompanied by Article 14 of Regulation 6) a presentation of the legal and institutional framework in the third country, including at least information on supervisory authorities and financial sector supervisory system, legislation on professional secrecy in the financial sector, prevention of money laundering and terrorist financing, know your customer standards and any other relevant information regarding potential impediments in carrying out prudential supervision by NBR , such as restricting access to information or the possibility of carrying out on-site inspections.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4	Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country which would then be included in its prudential consolidation, Article 146–2 of the banking law requires that the bank have adequate financial and organizational resources to handle the acquisition and management administering of these holdings. For other acquisitions (i.e., in the EU), requirements that credit institutions have an organizational and risk management structure adequate to its size, complexity and business structure apply (see CP 15 EC 1).
EC5	The supervisor is aware of the risks that nonbanking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in nonbanking activities.
Description and findings re EC5	The EU CRR Article 89 limits individual participations in nonbanking entities to 15 percent of a bank’s own funds and the aggregate of such participations to 60 percent of a bank’s own funds. The banking law Article 144 prohibits Romanian banks from exercising control over such entities. The banking law Article 20–1 limits the direct provision of nonbanking services (nonfinancial mandate or commission operations, management of portfolio of movable and/or immovable assets, services to own clients related to banking operations) as the total amount of revenues from these activities may not exceed 10 percent of the bank’s net profit. From a macroprudential perspective, the identification of risks related to nonbanking or shadow banking activities would also fall within the mandate of the NCMO (see CP 3).
AC1	The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.34 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1	Major acquisitions or investments by other entities located in third countries Prior approval by NBR is required under Article 146 of the banking law for any qualifying holding the bank intends to hold in an undertaking from a third country, which would be included in its prudential consolidation following the acquisition. As qualifying holdings are broadly defined to include direct or indirect holdings, a major acquisition conducted by a subsidiary would also be covered. In such cases, NBR would review that these do not expose the bank to any undue risks or hinder effective supervision before giving its approval. Major acquisitions or investments by other entities located in the EU NBR shall be notified within five business days of the acquisition of any qualifying holding Article 147 of the banking law. See also CP12 EC5.
Assessment of Principle 7	Compliant
Comments	As part of the consolidation of the Romanian banking system in recent years, NBR reviewed and approved four requests for acquisitions in the past five years (all related to mergers between banks licensed in Romania). NBR has been actively involved in the review of the proposed acquisitions at different stages of the process. In a 2016 case where the acquired bank was large and had a deteriorated risk profile, NBR implemented a thorough review to ensure this would not expose the acquirer to undue risks. NBR was satisfied inter alia as a large portfolio of risky loans denominated in CHF was converted in local currency ahead of the acquisition, thorough due diligence was conducted by the acquirer and the acquisition price did not threaten the acquirer’s capital buffers. Romanian banks only have small activities outside Romania (i.e., no subsidiary and only one branch in another EU country and small financial subsidiaries in Moldova).
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become nonviable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The NBR introduced EBA Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) framework for determining and assessing the risk profile of banks and banking group from 2016. As of January 1, 2016, the NBR Board approved the implementation of EBA SREP Guidelines (EBA/GL/2014/13) into national supervisory practices. The objective of SREP of credit institutions is to promote a sound banking system, which is essential for ensuring the sustainable financing of the economy. The SREP process of a credit institution includes the following components: a. Categorization of institutions based on the institution’s size, structure and internal organization, and the nature, scope and complexity of its activities, and periodic review of this classification; b. Monitoring of key indicators; c. Business Model Analysis (Advanced Measurement Approach (AMA)); d. Assessment of internal governance and institution-wide controls; e. Assessment of risks to capital; f. Assessment of risks to liquidity and funding; g. Capital adequacy assessment; h. Liquidity adequacy assessment; i. Overall SREP assessment; and j. Supervisory measures (including early intervention measures, as appropriate). Regarding the first component of the SREP process, the categorization of institutions, this is performed based on the methodology described by an “internal procedure” issued by the SD and approved by the first deputy governor. Per above mentioned guidelines, the supervised entities are allocated into four major categories, depending on their qualification as other systemically important financial institutions (OSII), size, relative market share, and business model, as follows: Category 1 – OSII; Category 2 – large and medium institutions other than OSII with universal business model and a market share by assets more than 5 percent; Category 3 – small and medium credit institutions with universal business model and a market share by assets below or equal to 5 percent; and Category 4 – specialized credit institutions, respective savings bank for housing, which facilitates the peer comparisons between banks. This classification is used by the NBR as a basis for applying the principle of proportionality to the scope and intensity of the supervisory commitment and the dialogue with the credit institution. The SREP assessment is based on both quantitative and qualitative information, including the arrangements, strategies, processes and mechanisms implemented by each credit institution. The data concerning the breakdown at risk level of the total SREP capital requirements are centralized at the banking system level. This allows basic comparison between banks from the same peer group with regards to the capital allocation for the risks assessed in the Internal Capital Adequacy Assessment Process (ICAAP)/SREP. On a quarterly basis, the data from the supervisory reports are loaded into centralized reports, which serve as a source of information for the horizontal assessment relating to the SREP scores. The aggregate data of SREP elements by the score assigned are disclosed in the Assessment of banking risks section from the 2016 NBR’s annual report. The SREP assessment is performed on site annually for all 28 supervised banks or banking group by legislation Article 166 NBR Regulation No. 5/201335, and leads to an overall SREP score that is updated off site on an ongoing basis as significant developments occur. The NBR is not differentiating the frequency of full-scope examinations based on the outcome of risk profile analysis of banks. The asset size and the SREP score of previous year are the main factors in determining the examination periods and the number of examiners. The review of the arrangements, strategies, processes and mechanisms implemented by each credit institution, and its assessment are also performed by off-site personnel on an on-going basis. The off-site supervision also addresses the periodic assessment of the several key indicators concerning the credit risk, market risk, operational risk, IRRBB, liquidity risk, business model (based on the profitability indicators) and the changes within the internal governance of credit institutions. Regular monitoring of these key indicators is used to identify material changes in the risk profile of an institution and in the SREP assessment. The rating methodology consists of a scale from 1–4 (1 equaling to “no discernible risk” and 4 “high risk”) and one negative grade (F) for an institution that is failing or likely to fail (within the meaning of Article 32 of the BRRD). Concluding to the above mentioned, the SREP summary is issued annually, based on the outcome of the annual supervisory report (containing supervisory findings made over the course of the previous 12 months), properly reflecting along the most significant developments affecting the institution’s risk profile and viability, and changes in the financial conditions, as disclosed in the monitoring process (key indicators evolutions, on-site targeted visits, meetings with institution’s representatives etc.). This EC requires supervisors to assess the resolvability of banks and banking groups as an input into the ongoing risk assessment. In the EU framework, however, the assessment of resolvability is not the responsibility of competent authorities, but the responsibility of the resolution authority (see Article 10(2) and 15 of the BRRD). Thus, the Resolution Department (RD) within the NBR assesses banks’ resolvability, after consulting the SD, and the outcome and issues are communicated with the SD. The SD takes into account the resolvability assessment outcome in their supervision activities as needed. Although there is no clear methodology on how the resolvability assessment results are fed into supervisory activities, the NBR mentions that any issue of resolvability of banks are considered in the SREP assessment qualitatively. In terms of supervisory methodology in relation to the need to assess risks which banks or banking groups present to the safety and soundness of the banking system, there is a quarterly risk dashboard that provides bank-specific data, sector and peer group. In addition, the FSD analyze the safety and soundness of the banking system as well as publishes financial stability reports on a half yearly basis. The FSD shares the analysis results with SD, including the top-down stress testing results, which are fed into supervisory activities.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	The banking supervision is performed within the three inspection divisions in the Supervision Department, all of them having the same organization, on-site and off-site activities. For the SREP process, currently there is an internal procedure divided into two sections, one dedicated to on-site activities, and the other one to off-site activities. Each of them describe, in details, the specific operational flow of the process of verification and evaluation of the arrangements, strategies, processes and mechanisms implemented by the credit institutions. (See CP9 EC2) Additionally, in the supervisory practices NBR adopted the common procedures and methodologies promoted by the EBA Guidelines and of the other binding technical standards with relevance to the matter in question (such as: SREP Guidelines, RTS on colleges, RTS on Joint Decision, Guidelines on triggers for use of early intervention measures pursuant to Article 27(4) of Directive 2014/59/EU, etc.). In parallel with the internal procedure used to assess the viability and sustainability of credit institutions (the assessment of the business model), internal governance including internal control, the adequacy of risk to capital, the adequacy of risk to liquidity, systemic risk and ICAAP for those subjects which require competent authority to develop internal supervisory methodologies based on the guideline orientation, such as categorization of institution, articulation of own funds requirements, communication of the TSCR ratio/OCR ratio, methodologies for calculation of add-on capital requirements, NBR formalized the procedure concerning the methodology for determining additional own funds requirement Pillar II and the method of determining and expressing it in the capital evaluation process SREP. NBR has implemented a monitoring system based on quantitative risk indicators (Key risk indicators) which allows the identification of deterioration of the risk profile of each entity, the results of the monitoring system being used both for on-site and off-site supervisory activities. The Supervision Department has identified 26 KRIs which are used for scoring with thresholds for each rating (1–4) from the total of 34 KRIs. These scores are a starting point for the SREP scores and are automatically updated based on the availability of new reported data. KRI thresholds may also trigger an update of SREP elements outside the annual cycle. All indicators are split into groups (risk categories) which also allows to assign automated scores for SREP elements and risk categories (e.g., credit risk score), which serves a starting point for further analysis. Monthly and quarterly off-site analysis relies on data from ITS on supervisory reporting but also on additional reporting requirements (e.g., Financial Reporting (FINREP) solo monthly, classification of loans and investments monthly, NBR NPL loans by client monthly, asset sales monthly, liquidity reports weekly and monthly). For every bank there is a quarterly risk dashboard, providing bank-specific data, and sector and peer group details. During the SREP process, however, the forward-looking perspective is assessed based on a minimum two years projection of the business plan and the capitalization considering the base line scenario and the adverse (stressed) scenario in the capital adequacy assessment and the BMA. Top-down stress tests are performed by Financial Stability Department) at aggregate and individual level. The supervisory work in each bank is based on the result of the above-mentioned analysis and annual SREP assessment.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The supervisory activities in NBR include both assessing compliance with applicable regulatory framework (at national and European level) and the evaluation of the intrinsic exposure to risks and of the overall viability of the institution. Based on the provision of Article 166 of the banking law, the governance arrangements of a credit institution, the processes to identify, manage, monitor and report the risks, the internal control mechanisms as well as the remuneration policies and practices are established by the credit institution’s Articles of Association and internal regulations according to the legislation in force applicable to commercial companies and in compliance with the provisions of the mentioned emergency ordinance and the applicable regulations. Assessments are performed in cases where changes in banks’ internal regulations subject to specific notifications requirements (i.e., concerning the individuals lending activity) occur. The information is also used to update the credit institution template. The noncompliance cases are documented into the supervisory letters, written orders (usually following off-site assessment) and/or reports, communicated to the banks management and corrective measures are applied if necessary.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in nonbank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	The NBR requires credit institution to conduct stress tests, as part of the ICAAP, in order to identify those events or changes in the market conditions in which they operate and may adversely affect their future. Thus, for assessing the reliability of capital planning, credit institutions utilized the results of crisis simulations used to assess the viability of the capital plan in adverse circumstances. The NBR, as part of the SREP, reviews how the evolution of the macroeconomic environment is taken into consideration by the credit institutions in the strategic plans and in the capital planning, that the base line scenario and the stress test scenario must be designed based on the forecasted evolution of a minimum set of macroeconomic indicators, including interest rates, GDP, unemployment rate, real estate market evolution, consume and FX rates. These macroeconomic indicators are also used by the NBR in the top down stress tests performed for the banking system. The FSD performs the top-down stress tests for individual institutions and banking system using macroeconomic indicators and scenarios. The key variables include economic growth, interest rate projections, exchange rate developments, risk premium, and unemployment. The results are shared with the SD for reference, and serve as benchmarks during the SREP process. The cross-sectoral view of the nonbank financial institutions is ensured by the supervisory activities performed for these entities within the same supervisory body (in the NBFI and payment institutions division within the SD). While there is sharing among supervisors on relevant data and supervisory findings on a need basis, there is no systematic process or regular meetings with securities and insurance supervisors (ASF) before on-site examination on banking groups to discuss the risks in the banking group supervised, supervisory approaches, and potential concerns about the banking group or subsidiaries. Authorities mention that banks normally carry more than 90 percent of assets within the banking group, so such meetings can be considered not a core need. In addition, the authorities also mention that there is a high level national coordination framework among domestic supervisory authorities (see EC5).
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	The monitoring and assessment of risks, trends and concentrations within and across the banking system as a whole is carried out by the BSD and FSD. The mechanism of NBR to identify, monitor, and assess the build-up of risks, trends and concentrations within and across the banking system are: Semi-annual FSR—which is reported to the NBR senior management and to the FSDC on a half- yearly basis. The FSR presents detailed analyses of banking sector developments and soundness, including credit risk, asset quality, results of the macro-financial stress tests, liquidity risk analysis, and various other financial soundness indicators per different types of financial entities; Quarterly risk dashboard— provides bank-specific data, sector, and peer group on trends and developments of risk categories. The NBR incorporates these analyses into its assessment of banks under the SREP process. The NBR also communicates to banks any significant trends or emerging risks identified as part of its analyses during onsite examination and discussions under the SREP. Other than the above analysis, industry-wide thematic analyses triggered by detected trends or recent events, and analyses of sources of liquidity (such as domestic and foreign currency funding conditions and costs) seem to be limited within the SD. 36 The emerging risks at the bank level were addressed through measures imposed through written orders signed by the senior management of the NBR, following on and off-site supervisory reports. In some cases, emerging risks at the bank/system level were treated through letters of recommendation sent to the banks, meetings with the bank’s representatives and/or third parties (external auditors) or through ad hoc or enhanced reporting on special items (see CP 9 EC5). In addition, there is a national coordination regarding the monitoring and mitigation of risk accumulation at system level. The NBR communicates to other relevant authorities under the NCMO mechanism and by issuing half-yearly FSRs. The NCMO may issue warnings and recommendations (soft law), which are based on an “act or explain” mechanism and addressed to the NBR or the ASF, in their capacity as national authorities responsible for sectoral financial oversight.
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	The Romanian regulatory framework has implemented the provisions of the BRRD regarding resolvability assessments. When the NBR as resolution authority (RD), after consulting the SD, determines that there are substantive impediments to the resolvability of that institution, the RD, would notify in writing the SD as the national competent authority (NCA). Article 92 paragraph 2 of Law No. 312/2015. Furthermore, the RD should consult the SD when assessing whether the measures identified by credit institutions effectively address or remove the substantive impediments in question, and when establishing alternative measures that may achieve that objective. For the 2016 resolution planning process, the NBR, as resolution authority, either at the level of institutions not being part of a group or at the level of the Romanian subsidiaries in cross-border groups, participated in drafting or where applicable, drafted resolution plans for: Fourteen credit institutions that are subsidiaries of cross–border groups, subject to consolidated supervision, within the resolution colleges established by the SRB/other group level resolution authorities—they represent approx. 63 percent of the Romanian banking system’s total net assets as of December 2016. Eight credit institutions that do not belong to cross–border groups, under the NBR’s remit—they represent approximately 23 percent of the Romanian banking system’s total net assets as of December 2016. Also, all credit institutions prepared and sent their recovery plans (individual or group level) to NBR or through the consolidating supervisors. The recovery plans received by the SD were assessed by off-site function. Assessments during the on-site inspections were made with a view to identify any actions in the recovery plan that may adversely impact the viability of the credit institutions. The competent authority (SD) may dispose measures to credit institutions to reduce the risk profile of the institution, including liquidity risk, enable timely recapitalization measures, review the institution’s strategy and structure, make changes to the funding strategy so as to improve the resilience of the core business lines and critical functions and make changes to the governance structure of the institution. The recovery plans received by the NBR from credit institution or from the consolidating supervisor (in case of banking groups for which NBR acting as a host authority) are sent by SD to the RD in order to be assessed from the resolvability point of view. The result of the assessment performed by the RD is communicated to the SD. Having completed the first round of recovery and resolution plans last year, Romania is starting the second one which is expected to incorporate requirements, comments, and lessons learned during the initial effort. Regarding recovery plans, the NBR must aim at increasing the level of specificity of recovery measures, especially those that correspond to foreign bank’s subsidiaries whose plans are prepared at the parent level. In addition, the NBR’s resolution planning for foreign subsidiaries is based mainly on single point of entry considerations, and incorporating other resolution alternatives (e.g., multiple point of entry) will require a strategy for the development of loss-absorbing eligible instruments in the domestic capital market as well as ensuring separability and autonomy from group/parent undertaking from both a financial and operational point of view, so that Romanian subsidiaries would be able to operate their businesses on a stand-alone basis as going concern.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The Romanian regulatory framework has implemented the provisions of the BRRD. The legal basis for handling credit institutions in times of stress are set out in Article 166–2 of Banking Law and Article 180–1(a) and 181 of Law No. 312/2015 on the recovery and resolution of credit institutions and investment firms. In accordance with Article 4 paragraph (1) letters (d) and (e) of the Law No. 312/2015 on the recovery and resolution of credit institutions and investment firms, the NBR, both as a competent authority and as a resolution authority, has the following responsibilities: to adopt and publish relevant internal rules of relevance, including those relating to professional secrecy and the exchange of information between the structures responsible for the various functions exercised by law (letter d); to establish procedures for the structures and persons exercising, in the name of the NBR, the supervisory and the resolution functions, respectively, to cooperate closely in the preparation, planning and implementation of resolution decisions (letter (e). In this respect, the NBR issued and published on its intranet a formal procedure which contains the categories of the data and information which can be the object of the informational flow between the organizational structures fulfilling the supervisory function and, respectively the resolution function, the frequency and the mode of transmission, as well as the circumstances that intervenes with the requirement to provide information necessary for them to exercise their attributions regarding the recovery and the resolution of the credit institutions. The main objective of this formal procedure is to establish the nature of information to be exchanged and the frequency and way the information is transmitted between the RD and SD in the context of recovery and resolution and to support timely decisions regarding the recovery and resolution of distressed banks. The NBR will carry out resolution actions only when three cumulative conditions are satisfied: the institution is failing or is likely to fail; there are no alternative measures of the private sector/supervisory authority to prevent the failure of the institution within a reasonable timeframe; the resolution action is justified by reasons of public interest. With regards to the supervision of credit institutions belonging to the cross-border banking groups, the NBR works with the other supervisory authorities by means of supervisory colleges, which are structures that ensure optimum dissemination of information and the making of joint decisions on capital and liquidity adequacy and on credit institutions’ recovery plans. In this case, the responsibility for the planning and coordination of the supervisory activities (e.g., early intervention measures) lies with the consolidating supervisor within the college framework. Romanian credit institutions (which are not subsidiaries of European banking groups) are required to submit their recovery plans to the NBR for assessment. The assessment was performed and determined whether the plans were comprehensive and could feasibly restore an institution’s viability. On the basis of this assessment, if necessary, corrective actions are required to improve the quality of recovery planning. In this respect, Law No. 312/2015 stipulates in Article 24 and 25 the stages of the evaluation process and the types of related measures.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	The NBR is a regulator and supervisor of NBFIs. The NBFI supervision and inspection function lies within the supervision department. As a prudential supervisor of NBFIs, the NBR has powers to act if such bank-like activities outside regulatory perimeters would be noticed. These practices will properly be addressed through regulatory and supervisory actions. The NBR has not identified banks attempting to re-organize or restructure for purposes of regulatory arbitrage or avoidance, but the NBR has powers to address this attempt. Information on the bank-like activities and on any boundary issues that may be identified would be exchanged among the SD. In addition, the NCMO cooperation mechanism among domestic authorities (securities and insurance) could address the issue if happens.
Assessment of Principle 8	Largely Compliant
Comments	The supervisory approach of the NBR has undertaken changes toward a more risk based approach since the previous BCP assessment. As of January 1, 2016, the NBR Board approved the implementation of EBA SREP Guidelines (EBA/GL/2014/13) into national supervisory practices. The Romanian regulatory framework has implemented the provisions of the CRD IV and BRRD (resolvability assessment). The partnership, communication, and information sharing in relation to resolvability assessment and related actions with resolution authorities (the Resolution Department within the NBR) appears to be working. Nevertheless, the new EBA SREP methodology is still in the early stages of implementation. The SREP assessment is performed on site annually for all 28 supervised banks or banking group by legislation, and leads to assigning an overall SREP score, which is updated off site on an ongoing basis. The NBR is not differentiating the frequency of full-scope examinations based on the outcome of risk profile analysis of banks; instead, the asset size and the overall SREP score of previous year are the main factors in determining the scope and intensity of examination. However, when the SD establishes the examination program for the following year, there is limited substance to set out the proposed priorities for the year. (e.g., the SD could submit a memo to supervisory committee, the decision-making body, who should be informed of the priorities and specific risks of each banking group before the approval of next year’s examination program) For off-site supervisory activity, there is a quarterly risk dashboard, providing bank-specific data, and sector and peer group details. These monitoring tools do not seem to have embedded a forward-looking view of a banks risk profile (i.e., there are no early warning indicators or bottom up stress testing tools). The FSD publishes FSRs on a half yearly basis as well as performs top-down stress testing, the results of which are shared with banking supervisors for reference. However, more risk-focused, banking industry-wide thematic analyses triggered by detected trends or recent events, and examinations across systems seem to be limited. (During the 2016 and 2017 there were no thematic inspections carried out at the banking system level.) The Resolution Department (RD) within the NBR assesses banks’ resolvability and the outcome and issues are communicated with the SD. The SD takes into account the resolvability assessment outcome in their supervision activities as needed. However, there is no clear methodology on how the resolvability assessment results are fed into supervisory activities. While there is sharing among other supervisors on relevant data and supervisory findings on a need-to-know basis, there is no regular meeting/ systematic process with securities and insurance supervisors (ASF) before on-site examinations of banking groups to discuss a common view of risks in the particular banking group supervised, supervisory approaches, and potential concerns on the banking group or subsidiaries. The authorities should consider the following supervisory approach: Enhance off-site monitoring tools by incorporating more forward-looking views (e.g., bottom up stress testing tools). Enhance a yearly examination planning/approval process to clearly set out the proposed priorities of each bank or banking group for the following year. Establish a systematic framework that collects relevant information from NBFI (including securities or insurance supervisors) to facilitate on-site examination. Conduct thematic analysis and/or examination across banking system with a mix of off and on-site activities on a particular risk (e.g., cyber security risk).
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of on-site37 and off-site38 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment, and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1	In NBR, the supervision function is integrated into the Supervision Department (SD) and coordinated by one Board member, the First Deputy Governor. Banking supervision is performed within the three inspection divisions, all of them having the same organization, on-site and off-site activities. The SD has in place internal procedures to document the specific on and offsite activities and the related tools and workflows. The procedures are regularly revised and updated in order to accommodate any new changes required by the regulatory framework or as required by the changes in the internal organization (including adoption of new supervisory tools). In 2016, EBA SREP methodology was implemented. (See CP8) Within each Inspection Division of the SD, banks are allocated to off-site examiners and analysts called “line supervisors” covering each credit institution. There is a rotation of personnel within each inspection division or rotation of banks among the inspection divisions. On-site teams within the divisions are mixed and cover all banks allocated to the division. The internal supervisory procedures of each bank or banking group are issued by dedicated teams consisting of off-site and on-site examiners from the Banking Inspections Divisions and supported by the Banking System Assessment, Methodology and Supervision Procedures Division. Off-site supervision is designated to monitor the developments of the bank’s overall risk profile and its components through the analyses performed based on financial and prudential indicators, the approval/rejection of requests concerning amendments in bank’s situation (e.g.,: persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business), and to participate in activities arising from colleges of supervisors, both in normal times and in crisis situations. The responsibilities at the level of the off-site activity are shared according to the job description between the line supervisors, in charge mainly with the approval process, and the risk analysts which mainly focused on the qualitative risk analysis and the college of supervisors’ work On-site supervision represents an integral part of the supervisory approach in NBR which is designated to obtain an objective and comprehensive assessment of particular aspects of a credit institution and allow for the focused investigation of risks, risk controls, processes, systems and personnel. On-site activities include a verification of the functioning of the risk management framework in practice and an assurance on the correctness of the data transmitted by the credit institutions and used in off-site supervision. They are performed at the premises of the credit institution on the basis of the annual supervisory program approved by the Supervisory Committee. There are two types of on-site missions: full-scope inspections covering a comprehensive spectrum of risks and activities, which typically last two to five weeks depending on the bank’s size and targeted inspections focusing on a particular business activity or specific issues, e.g., AML/CFT. Usually, 3 to 10 people are appointed (larger teams for other systemically important institutions (OSIIs)) for each credit institution team (larger teams for OSIIs). The NBR does not differentiate between domestic from foreign-owned institutions when defining the frequency or setting the scope of on-site inspections. Also, according to the examination programs, all the credit institutions are subject to a full scope examination that covers all the areas provided by the EBA SREP guidelines. Although Article 167 paragraph 2 from Regulation No. 5/2013 states that annual inspections should be carried out for (a) credit institutions for which the results of the stress tests indicate significant risks to their ongoing financial soundness or indicate breaches of provisions of the banking law; (b) credit institutions that pose systemic risk to the financial system; and c) any other credit institution, if considered necessary by NBR, in practice, the annual examination programs approved by the senior management of the NBR included all the supervised credit institutions. The SD does not have a team dedicated to banks internal model analysis. The FSD has a quantitative assessment division, which assists the SD whenever supervisors need to approve advanced approach in certain banks or validation of internal models. Currently, two banks received approval from the NBR for using the advanced approach in credit risks and three banks for operational risks in Romania.
EC2	The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2	The planning and execution of on and offsite activities are described in the above mentioned internal procedures, which includes the roles and responsibilities for each involved party in the supervisory process. Permanent sharing of information between on site and offsite components occurs and supports the specific supervisory processes. The on-site examination program is annually approved at the level of Supervisory Committee of NBR. The supervisory examination program provides the on-site visits schedule for all credit institutions during the year, the allocated period of each visit and the objectives to be reviewed. All the credit institutions are subject to a full scope examination that covers all the areas provided by the EBA SREP guidelines. Although prioritization could be less of a critical issue in the Romanian context, there is no such process to set out the proposed priorities and inspection plans for the following year or thematic analysis/examination when the SD establishes the examination program for the following year. For example, the decision-making body should be informed of the priorities and specific risks of each banking group/ banking industry before approval of next year’s examination program when the SD submits a memo to the supervisory committee (See CP8). As part of the planning process, the team is set before the visits by the head of the inspection division and approved by the head of SD and the First Deputy Governor of the NBR. When necessary, in developing the College Supervisory Examination Program (SEP), the coordination with supervisory activities performed within supervisory colleges are considered (SREP submissions, JDs signing deadlines). Prior to on-site examinations, the off-site component of supervision a set of information (data and materials) under which it has established the preliminary risk profile. Such information includes reports, information requested by NBR from credit institution, documents resulting from information exchange with other supervisory authorities, the credit institution template, an internal document containing general information about the bank, ownership structure, credit institution reporting requirements, credit institution’s internal regulation subject to approval or validation, outsourced activities, information regarding off-site supervisory reports, data on the last on-site evaluation, other information regarding cooperation, information exchange, reports to ECB/EBA in the matter of supervision of the credit institution. It also includes a risk assessment template, which is a supervisory tool comprising information on the scores allocated to the significant risks (from Pillar I and Pillar II), general risk profile, ICAAP, stress-tests and updated according to the institution’s risk profile changes from the last on-site examination or other significant events occurred in the bank’s activity. Among these tasks, a significant part of this off-site function includes the approval/rejection of requests concerning amendments in bank’s situation (e.g., persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business). The NBR has identified a set of KRIs which are also used for scoring with thresholds for each rating (1–4). These scores are a starting point for the SREP scores and are updated based on the availability of new reported data. KRI thresholds may also trigger an update of SREP elements outside the annual cycle. The templates are updated monthly or quarterly and significant developments registered by each bank are reviewed. The NBR communicates quarterly to banks with their own KRIs template containing information on peer group KRIs. Off-site supervisors also receive all policies and procedures of banks and the information is used in risk assessment. In addition, the assessment of SREP elements is reviewed/updated outside of the planned on-site examination schedules using the information from ITS on supervisory reporting and additional reporting requirements (e.g., FINREP on individual basis monthly, classification of loans and investments monthly, NBR NPL loans by client monthly, asset sales monthly, liquidity reports weekly and monthly, and sources from external counterparts on 10 days basis). The results are presented through monthly/quarterly reports containing data on the capital, balance-sheet assets and liabilities structure, loans portfolio breakdown by type of customers (individuals/corporate), currencies, RAS/IFRS provisioning, depreciated claims, overdue loans, or risk indicators. Any potential risk drivers at credit institutions level identified following the assessment performed by the SD on the information received (from supervisory reporting, other institutions or customers complaints) may be subject to further analysis and checks, performed through unscheduled on-site missions. Unscheduled on-site inspections are usually carried out when during the regular off-site monitoring processes detect a significant deterioration of the prudential or financial position of a bank, or when there are suspicions regarding violations of the regulatory framework. Also, ad hoc on-site inspections were carried out when customer’s complaints (not involving customer’s protection legislation) were received or other parties highlighted operational or reputational risks on banks. The decision to perform such unscheduled on-site missions belongs to the SD management.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable39 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	The sources of information that can be used in the supervisory activities (which include the above mentioned types of information) are described in the internal procedures of the Supervision Department. (See EC2) The prudential reports and other internal data used in the MIS are analyzed and assessed especially during on site missions through sampling of data and reconciliations. Also, the NBR uses the information collected by credit public registers for on-site and off-site activity. Credit Risk Bureau and Payment Incident Bureau offer important support for the on-going supervisory process. Additionally, there are other IT applications developed by the SD staff and used in the off-site monitoring processes to keep track of the risk aspects derived from customer complaints or the changes in the network units of the credit institutions that are subject to notification to the NBR. The prudential reports and other internal data used in the MIS are analyzed and assessed especially during on site missions through sampling of data and reconciliations. When on-site, the inspection team collects, centralizes and processes the necessary data and materials provided by the off-site function, such as: reports, notifications according to the legislation in the field; information communicated to NBR by the credit institutions; information requested by the NBR from credit institutions; documents resulting from the exchange of information with domestic and international supervisory authorities, as appropriate; the credit institution template, as previously described; the risk assessment template, etc. According to Article 171 (2) of Banking Law, the NBR has the sufficient power to collect any information from CIs, in order to fulfill the supervisory competencies.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	The NBR carries out a monthly/ quarterly review of financial statements of banks through the off-site assessment and during the on-site inspection where inspectors analyze the most recent available balance sheet and P&L statements. Another important output is a comprehensive set of predefined KRIs focused on the asset quality, profitability, capital adequacy, and liquidity. The Excel sheets are available in time-series on monthly or quarterly basis, for the individual banks or for the banking system as a whole. (See CP8 EC2) With regard to the business model assessment, the off-site supervision covers the main changes in the bank’s business model strategic plan and financial ratios, based on the bank’s regular reports as well as the measures implemented by bank in order to address findings following business model analysis performed during on-site examination in the SREP. In terms of peer group analysis, the most important indicators are computed system/peer groups averages which are used for comparison. The KRI monitoring system consists of key financial and risk indicators addressing almost all risk categories covered by SREP: credit risk, operational risk, market risk, IRRBB, liquidity and funding risks, profitability, concentration risk, capital adequacy, etc. For the most important indicators (usually for each SREP element), thresholds (statistically determined, adjusted on professional judgement) are set, along with computed system averages and peer group averages. These indicators are monitored on a quarterly even monthly basis in some cases, for each institution irrespective of category. The evolution of the patterns, the breach of the thresholds, the distance from system and peer group average, should be analyzed and reviewed in accordance with the institution’s risk profile. Supervisory actions are to be taken when the assessment identifies significant/material changes in financial conditions and/or risk profile, thresholds breaches, anomalies in the behavior of indicators, etc. These actions could be, on case by case basis, the following: Dialogues/meetings with institution; Early intervention measures; On-site visits; Requests of relevant information/ explanations, more frequent reporting. The regular assessment performed based on the monitoring of KRIs could be used in order to review the assessment of the relevant SREP element and could change the scores assigned for that SREP element. The outcomes of the monitoring of KRIs is used as a source of information and preparation for the programmed on-site inspection (scope, samples, targets of examination, size and structure of inspection team and period allocated in order to carry out the visit etc.) Also, the data from the supervisory reports are loaded into centralized files every quarter, which serve as a source of information for the horizontal assessment with regard to the SREP scores. The centralizing of the data concerning the breakdown at risk level of the total SREP capital requirements (using the same SREP template as the one submitted for the colleges of supervisors) at the banking system level allows basic comparison between banks from the same peer group with regard the capital allocation for the risks assessed in the ICAAP/SREP. The NBR implemented EBA SREP methodology. In terms of the review, the on-site examinations mainly assess the outcome of stress tests undertaken by the bank, and the analysis of corporate governance, including risk management and internal control systems (See CP8 EC1). Particularly with the group structure, the legislation requires credit institutions on an annual basis, to submit to the NBR the financial information related to shareholders which hold, directly or indirectly or in concert, qualifying holdings or to communicate to the NBR through interbank communications network, a statement of all shareholders (identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights). Follow up for the identified deficiencies/vulnerabilities and the related measures is performed both at the on and offsite level. The findings are formalized and communicated to the bank’s management and remedial actions are imposed through written orders or supervisory letters of the senior management of the NBR.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The NBR discusses potential risks at the banks and remedial strategies on a continuous basis. Potential vulnerability identified following the off-site monitoring is communicated with the banks involved, mainly at the level of SD management through direct calls or ad-hoc meetings with the credit institutions top management. Emerging risks at the bank/system level are treated through letters of recommendation sent to the banks. The charts and the “traffic lights” within the KRIs templates, including industry average and supervisory benchmarks of each indicators are communicated with banks. More importantly, the SD may send written warning letters to all banks that may be affected by a certain vulnerability. For example, in cases where the level of prudential indicators is in the proximity to the regulatory limits, when counterfeit documents such as payment instruments, warranty letters were identified in the banking system, when the number of the managers decreased below the minimum regulatory in order to appoint new managers within the period of two months as prescribed by the regulation framework in force, etc. The NBR meets the bank’s representatives on an ad hoc basis and/or regular basis and, in some cases, requires enhanced reporting on special items (e.g., intra-group transactions, exposures to certain governments, legislative initiatives—payment in kind, Swiss franc conversion etc.). The supervisors meet external auditors of banks on a quarterly basis to discuss weaknesses in the banking system and/or specific banks and broad supervisory issues. Stress tests are performed regularly at the individual bank level in the ICAAP context and system-wide level by the FSD. During the SREP process, the output of the stress tests is used for imposing supervisory measures, including setting higher minimum capital adequacy ratios. The SD does not have dedicated tools for supervisory bottom up stress-tests nor for financial simulation. However, the stress test buffers set by the banks and included in the ICAAP results are assessed. The SD analyzes the outcome of the stress tests performed by the institutions as part of their capital planning and determines if they prudently evaluated the impact of the adverse scenarios on their available capital and on their Pillar 1 and Pillar 2 capital requirements, in order to establish whether the TSCR and OCR ratios can be met over the planning horizon (usually 2–3 years). If not, adequate and credible action plans are then established by the bank.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	Internal audit function’s quality and effectiveness is periodically assessed through on site missions and ad hoc meetings with the head of department or Audit Committee members. Given that the internal audit function is assessed annually in the on-site inspections, contact with the head of this function takes place regularly in order to assess the effectiveness and efficiency of the internal audit and to gather additional information on the risk exposures identified through internal audit missions, corresponding remedial actions and the quality of internal controls. Off-site analysis are performed in order to identify areas of potential risk based on the data submitted by banks to the NBR through the reports about the conditions on which internal controls was performed, with a distinct presentation of the aspects related to the internal audit function (i.e., deficiencies identified within the function of the internal control system and the measures taken to correct those; a description of the material changes within the function of the internal control system during the respective period; a description of the conditions for applying the control procedures inherent to new activities; performance of internal control within the secondary premises of the credit institution operating abroad). The banks’ internal audit reports deliver information regarding the audit engagements performed in the respective period along with the conclusions and recommendations of the internal audit and implementation suggested by the management body of the credit institutions. The internal audit reports are used as preliminary inputs into the supervisory assessment and the potential areas of risks are further investigated by the supervisory team. In Romania, the internal audit managers are subject to NBR’s prior approval by legislation (NBR Regulation No. 6/2008). Individuals in middle level management positions performing important activities in banks need approval by NBR and the internal audit activities are one of the key functions.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, nonexecutive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The NBR has regular meetings with the bank’s senior and middle management, and other representatives. Subjects such as strategies and business model are challenged and discussed with the bank’s senior management and board members. There are various forms of contact between the supervisors and the bank management, internal auditors and different bank committees. Meetings are held between the NBR`s senior management and the credit institution board’s members to discuss broad issues such as the strategic plans of the credit institution, the risks aroused in the banking system that can pose a threat, while other meetings are held in the course of on-site inspections and off-site surveillance. During the on-site missions, the contact with the members of senior management and of various committees of the bank is made when various SREP elements are examined, in order to get a better perspective on the risks to which the bank is exposed, the internal controls put in place, the projected or implemented changes in the business or risk strategies, the status for various action plans resulting from internal risk assessments, internal and external audit reports, supervisory reports etc. The meetings usually take place at the beginning of the on-site mission and throughout the supervisory mission whenever the need arises. In off-site supervision activity, these meetings are held as needed to clarify technical matters on different problems, monitor the correction of irregularities or share views on specific issues.
EC8	The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	All the findings of the supervisory work are formalized in writing through letters or reports and are discussed with the bank’s management. The NBR also has at all levels, regular/ ad-hoc meetings with the bank’s senior and middle management and other representatives to communicate the findings of its supervisory analyses. The off-site supervisory analyses are also communicated on at least a quarterly basis. When necessary, the findings of the external auditors are also discussed with the bank’s management. (See EC5 and 7) However, there is no systematic process of regular meeting with nonexecutive/ independent members after on-site examination to discuss findings and the remedial actions. Contact with such members rarely occur during on-site missions. (See CP 14)
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Follow up for the supervisory measures are performed as a part of the on-site and off-site activities, based on the documents provided by the banks and correlate with the deadlines imposed for the implementation. In Romania, sanctions are imposed on the responsible entities within the bank/senior management and/or bank’s board members in case of failure to adequately implement the prescribed measures on timely manner. A dedicated section to disclose the sanctions disposed by the supervisory authority to the credit institutions is available on the NBR’s website (http://www.bnro.ro/Sancțiuni-emise-de-BNR-12553.aspx). Assessors saw cases that the sanctions are imposed to all board members and senior managements when the failure of implementation of the supervisory measures occurs.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	Notifications or prior approval on certain activities are required by the regulatory framework in place and may happen in practice, covering a wide range of topics. Some of the changes that occur are subject to the NBR’s prior approval. The requirements are described in detail in the NBRs and other EU regulations in force. (e.g., NBR Regulation No. 6/2008 Article 3 and 4).
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	According to the banking legislation independent third parties (financial auditors, experts) can be used in the supervisory process, but the final prudential responsibilities remain with the supervisory authority (Article 170 of Banking Law). There have been no such cases to date. The external auditors’ main involvements concern the audit of the annual financial statements. Usually, the management letter is submitted by the credit institutions to the NBR or presented during the on-site missions. Instead, there are certain requests addressed by the SD directly to the credit institutions which need the certification of results from the external auditors. (i.e., NPLs identification, collaterals evaluation, stress—test exercise in order to estimate the expected impact over the exposures as of June 2017 following the IFRS 9 implementation). Also, the NBR has already started organizing meetings with financial auditors of credit institutions, where exchange of information of common interest takes place such as developments at the credit institutions level in external auditor’s portfolio concerning the main risk areas.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	A broad range of financial information and prudential reports is monitored and processed by a Banking System Assessment, Methodology and Supervision Procedures Division within the SD, the results of this activity being shared regularly with the department’s management and the onsite and offsite teams. The SD mainly uses three electronic systems for collecting primary indicators from the credit institutions, processing and dissemination of the results, and also, to warehouse the documents and databases, as follows: ABACUS – for the financial information and prudential reports of the credit institutions which have consolidation perimeter (FINREP at a consolidated level, COREP, Liquidity Coverage Ratio (LCR), Large Exposures, NSFR, AE, ALMM); SIRBNR – for the financial reports of the other Romanian credit institutions, legal entities, at individual level, and branches in Romania of Member State and third- country credit institutions and also, for other prudential reports (such as benchmark remuneration, high earner remuneration); RCI – for prudential reports (individual COREP) of the credit institutions and banks’ internal regulations, accounting balances and ad-hoc reports requested by NBR. These systems facilitate analysis of prudential information and aid the identification of areas requiring follow-up action.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third-party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	The adequacy and effectiveness of the supervisory process is periodically assessed by EBA and the internal audit function within the NBR. The effectiveness and adequacy is assessed mainly by EAB and more technical areas such as IT data securities or work flows based on internal procedures are audited by internal audit function once every 2–3 years. Recommendations for improvements are properly addressed and are subject to follow up by the aforementioned entities.
Assessment of Principle 9	Largely Compliant
Comments	The SREP methodology in Romania deploys a good mix of onsite and offsite supervisory tools and NBR has established a comprehensive range of supervisory tools and techniques to implement RBS approach. The NBR has broad information collecting power by legislation and the Central Credit Register allows supervisors to access high-granularity data. The SREP is a core supervisory tool of banking supervision in Romania. However, the process of ensuring consistency and accuracy of scoring, findings and supervisory measures across different banks is weak. Concluding the SREP assessment, the annual supervisory report (containing supervisory findings and measures) is issued annually. The draft is sent to banks within 60 working days with the review of head of inspection division. After further discussion with banks and receiving official response from banks, the final report is issued within two weeks with the signature of director of supervision. Meanwhile, the SREP summary report is reported to the fist deputy governor. During this process, there is no structured/independent review to ensure consistency and accuracy on scoring, findings, and measures of the supervisory report. Considering the recent adoption of the EBA SREP methodology in Romania, the quality assurance procedure is critical. Furthermore, given that SREP is first and foremost a methodology for assessing capital adequacy, other proactive supervisory approach may also need to be considered in company with SREP (See CP8). With regard to the off-site function, it is designated to monitor the developments of the bank’s overall risk profile and its components through the analyses performed based on financial and prudential indicators. However, a significant part of this off-site function also includes the approval/rejection of requests concerning amendments in bank’s situation (e.g., persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business). For example, the NBR has interviewed approximately 1,700 board members, executives, middle managers (key function holders) from 2009 to 2017. More than half of the interviewees were middle managers. This responsibility, despite positive benefits, could limit to a certain extent, the ability of the NBR to maintain a thorough and deeper analysis of the risks that banks, banking group and banking industry are facing. Regulatory cost and benefit exercises may be warranted in respect of optimum allocation of supervisory resources. The NBR also has regular/ ad-hoc meetings with the bank’s senior and middle management and other representatives to communicate the findings of its supervisory analyses. However, there is no systematic process of regular meeting with nonexecutive/ independent members after on-site examination to discuss findings and the remedial actions. Contact with such members occurs less often during on-site missions. Given that in many cases the board of directors comprises mostly nonexecutive members and NBR’s supervisory work heavily relies on the annual examination, it is critical to keep them informed of the main findings and possible remedial actions promptly after on-site visit. (See CP 14) The authorities should consider the following activities: Ensure consistency and objectivity in SREP score, findings and supervisory measures (e.g., establish the independent review unit, develop on-site and off-site supervisory assessment handbook, and improve an electronic platform to more effectively manage findings, measures, and follow-ups). Review the off-site activities regarding various approval process within SD for supervisors to better focus on its qualitative risk analysis. Intensify engagement with nonexecutive/independent board members as part of the on-site examination process (See CP 14).
Principle 10	Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns40 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power41 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	According to Article 153, 165, 59, and 171 (2) of Banking Law, the NBR is statutorily empowered to collect financial statements and other data and information from credit institutions (CIs), on both a solo and a consolidated basis, as required by the NBR. The EU harmonized supervisory reporting requirement establishes uniform requirements for supervisory reporting to competent authorities for the following areas: (a) own funds requirements (capital adequacy) and financial information; (b) losses stemming from lending collateralized by immovable property; (c) large exposures and other largest exposures (counterparty, sectoral, geographical); (d) leverage ratio; (e) liquidity coverage requirements and net stable funding requirements; (f) asset encumbrance; (g) additional liquidity monitoring metrics. NBR Regulation No. 5/2013 doesn’t provide derogations or exemptions from the applications, on an individual basis, of the prudential requirements specified by Regulation (EU) No. 575/2013, irrespective of consolidated supervision being applied or not. All banks are required to prepare and deliver common reporting (COREP) based on the harmonized European supervisory reporting framework, provided for in the CRD and EC regulations on reporting, that encompass a comprehensive range of information for the supervisor to perform a risk assessment. The reporting requirements are defined by EBA ITS on supervisory reporting, which were introduced in Q1 2014 and are being phased in over a number of years. Frequency varies between reporting from monthly (liquidity) to quarterly and semi-annual or annual for some individual templates. According to EBA ITS on supervisory reporting, COREP data must be reported on both a solo and consolidated basis by all banks, while FINREP is mandatory for banks at consolidated level only. Solo level reporting remains national discretion, but reporting templates in Romania (in case of solo FINREP) are consistent with those at consolidated level. COREP covers capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector and geography), asset quality, loan loss provisioning, related party transactions, and market risk, while FINREP covers, inter alia, on- and off-balance sheet assets and liabilities, and P&L42. The NBR also has power to require regular reporting outside the scope of the ITS on supervisory reporting and banks are compelled according to the Banking Law to transmit to the NBR any information required by the latter in order to perform its responsibilities established by law. The additional reporting requirements compliments the scope of the ITS on supervisory reporting.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	The Romanian banking system is required to report financial information based on the IFRS at consolidated level since January 2006 and at individual level since January 2012. FINREP reporting templates for supervisory purposes are based on the IFRS both at the solo and consolidated level. Reporting instructions for consolidated level are included in Commission Implementing Regulation (EU) No. 680/2014 that contains detailed instructions for the submission of supervisory reporting. Reporting instructions on a solo basis are included in the National Regulation (NBR Order No. 6/2014 regarding the FINREP individual financial statements, NBR Order No. 5/2014 regarding the financial information reporting of branches of CIs having their headquarters in other Member States).
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	According to Article 24 of CRR, the valuation of assets and off-balance sheet items shall be effected in accordance with the applicable accounting framework. The NBR introduced IFRS for all CIs in 2012, and the measurement of fair values and valuation rules are also determined on the grounds of IFRS requirements. Article 105 of CRR stipulates that a comprehensive range of requirements for prudent valuation and Article 34 requires that CIs shall apply the requirements of Article 105 to all assets measured at fair value when calculating the amount of their own funds and shall deduct from Common Equity Tier 1 capital the amount of any additional value adjustments necessary. NBR Regulation No. 5/2013 also requires that the management body be actively involved and ensure that adequate resources are allocated to address all the significant risks addressed in this Regulation and CRR as well as for the purpose of asset valuation, the use of external ratings and internal models relating to those risks, providing the legal basis for governance arrangements and control processes for the valuation. NBR order No. 6/2014 (methodological norms point 2) also requires that CIs prepare FINREP individual financial statements that give a true and fair view of the position and financial performance of credit institutions for the related period. Adherence to the IFRS valuation standards (mainly IAS 39, IFRS 13) and other regulations is assessed during on site missions. The assessment also includes the existence of an adequate independent validation of methodologies. In case of inappropriate practices, supervisory measures were imposed, including adjustments of the provisions level or of the capital.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	The information submitted to the NBR has the frequency and structure of the EU harmonized reporting framework from monthly to quarterly, and semi-annual or annual for some individual templates. In the EU reporting framework, the frequency of the submissions is set differently depending on the complexity of the information, the size (including different reporting templates) and the risk profile of banks (higher frequency for the banks with a higher risk profile). In Romanian context regarding prudential reports for supervisory purposes, the scope and periodicity are the same for all credit institutions, except the branches of credit institutions having their headquarters in other Member States; these are not subject to reporting prudential information to NBR under Regulation (EU) No. 680/2014. (See EC1). The NBR occasionally requires banks to submit additional information more frequently such as daily liquidity reporting, or more granular NPL data as deemed necessary.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	The harmonized European reporting framework covers the issues that this EC requires in Romania. Standardized regulatory returns under the Romanian and EU regulatory framework, COREP, FINREP at consolidated level define reporting dates and periods and reporting requirements for all credit institutions. In the case of solo FINREP, the reporting templates are consistent with those at consolidated level. After collection, the data is used for diverse analytical outputs such as risk indicators, trends, peers, stocks, and flows.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	The Banking Law provides the legal authority for NBR to require all the information needed to perform its activity. According to Article 169 Index 1 paragraph 2 and Article 226, the NBR is empowered to request additional or more frequent reporting. The national regulatory framework allows it to request from banks any information deemed necessary to perform the individual and consolidated supervision of banks and banking groups.
EC7	The supervisor has the power to access43 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	Supervisors have access to any kind of information that is considered useful for supervisory purposes. Also, there are no restrictions on the access to the bank’s Board, management, and staff. According to Article 171 (1), CIs are compelled to allow the NBR to examine their reports, Accounts, and operations and to provide all documents and information related to the activity performed, as requested. Article 171 (2) states that CIs shall transmit to the NBR any information required by the latter, to assess their compliance with the prudential requirements of the Banking Law and CRR and with the applicable regulations. The internal control mechanisms and administrative and accounting procedures of the CIs also shall permit, at any time, the verification of their compliance with such rules.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	EU harmonized reporting rules define reporting reference dates and the reporting and corrections shall also be submitted to the NCA without undue delay. In the off-site process of NBR, any report received from a Credit Institution (CI) has to be reviewed with regard to possible discrepancies. Inconsistencies have to be clarified with the credit institution. If the data provided is inconsistent, resubmission may be requested. The staff from the SD surveys the banks’ compliance with deadlines for each reporting date. Also, there is a cross check of the submission situation by each bank/type of reports/reporting date carried out by the Banking System Assessment, Methodology and Supervision Procedures Division. When a report is delayed, the submission is allowed only after the assessment and the approval process. When the credit institution fails or is late in submitting the reporting data the NBR contacts the bank and sets a deadline for the correction and resubmission of the report. During the evaluation process of data quality, the bank supervisor involved in this process informs management of any issues in the validation process depending on the importance of the problems occurred and the degree of difficulties. After the deadline, management involvement is expected when the credit institutions did not comply with the reporting deadline or the quality requirements. The supervisory authority can impose measures and sanctions when the reports received are not compliant with the reporting framework in place (Banking Law Article 228 Paragraph 1). The management of the bank is held responsible for the late or missing or inaccurate reports. In the off-site activity, when a supervisor has noticed mistakes within the credit institutions reports, as the credit institution didn’t meet several requirements of the legal framework applicable (ITS 680/2014 laying down implementing technical standards with regard to supervisory reporting of institutions as regards instructions, templates and definitions), a supervisory report is concluded in order to solve the deficiencies identified within a certain timeframe. Following the recommendation issued based on the conclusions from the said supervisory report, the credit institution has to resubmit the reports. Depending on the gravity of the findings, actions are taken by NBR and measures are disposed after the conclusion of the on-site mission and based on the findings filled in the supervisory reports. The NBR Regulation No. 5/2013, Article 11 stipulates that the management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of a credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. Also, the management body must ensure the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.44
Description and findings re EC9	Validation rules for COREP and FINREP reporting are applied on submission. Resubmissions are required for in cases of errors and noncompliance with the validation rules. Following receipt of the data, the NBR carries out a program of plausibility checks (comparison to previous periods and using available information), focusing on data sets that are of greatest importance, such as capital adequacy, liquidity, and FINREP returns. In particular, the staff from the SD observe the banks compliance with deadline for each reporting date. Also, there is a crosscheck of the submission situation by each bank/type of reports/reporting date carried out by the SD. During the reporting process, the fulfillment of the validation is checked online and a message is automatically generated by the system about the failed validation, message that is also received by the reporting entity. When a blocking validation fails, the credit institution report is not accepted by the system and the reporting entity takes measures to solve the issues. When a submission is successful, the supervisory staff also assesses the failed nonblocking validation rules, should it occur. If the result is satisfactory, the report is marked as validated (there is signoff function to be activated). If not, the credit institution will be contacted to solve the reporting issues. The supervisory staff in the SD verifies the correctness, reasonability or plausibility of the reasoning for the failed validation and contact the credit institution for additional explanation, as needed. Supervisory information is regularly tested through on site and off site analysis, including through sampling. When necessary, external auditors are requested to perform limited scope audits of the financial situations of some banks (without being commissioned and under a formal supervisory mandate) and the outcome of the assessment is submitted to the NBR.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,45 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	The NBR can assign external experts or auditors for supervisory tasks (Banking Law Article 170 (1)), but in practice there were no such cases. The regulations define the framework under which supervisory tasks can be delegated to financial auditors Banking Law Article 170 (2). However, there are no comprehensive guidelines/criteria for hiring third parties to conduct supervisory tasks in place of, or for assessing the quality of the work performed by those experts.
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	There is a provision (Banking Law Article 156) that the financial auditor of a credit institution shall inform the NBR while performing his duties, as soon as he encounters any fact or decision concerning the credit institution which is liable to: (a) constitute a material breach of the law and/or regulations or other documents issued for its application, which lays down the conditions for authorization or requirements related to the pursuit of activity; (b) affect the functioning of the credit institution; and (c) lead to the financial auditor’s refusal to express an opinion on the financial statements or to the expression of reservations. However, there is no explicit requirement in the law that external experts promptly bring to the NBR’s attention any identified material shortcomings during the course of any work undertaken by them for supervisory purposes. However, the use of external experts in this regard is very rare.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The reporting formats are developed by the EBA and are issued under a Regulation which is directly applicable to all credit institutions across European Union. The format and content of the reporting formats are periodically reviewed both at the initiative of the EBA and of the NCAs. The authorities mentioned that the information collected (except the one collected according to the common European reporting framework) is frequently reassessed in order to determine its relevance and comprehensiveness for the supervisory purposes. The emergence of new risks drivers has determined changes in the ad hoc reporting requested from the banks (litigations, payment in kind etc.). 46 However, there is no explicit assessment process in place to periodically review the prudential returns (except the one collected according to the common European reporting framework).
Assessment of Principle 10	Largely Compliant
Comments	The Banking Law provides the legal authority for NBR to require all the information needed to perform its activity. The Romanian banking system has been required to report financial information based on IFRS at consolidated level since 2006 and at individual level since 2012. The supervisory reporting/ validation rules and templates are mainly governed by a harmonized EU reporting framework. In case of solo FINREP, as required by the national legislation, the reporting templates are consistent with those at EU reporting requirements. The supervisory staff verifies the reports through off-site and on-site examination. Authorities indicated that there are ongoing projects in many banks related to the improvement of data warehouse. In order to further assure that the reported information is accurate, comprehensive and consistent, the banks should keep upgrading the system and implement a large variety of controls. The NBR also needs to keep providing feedback on data quality assessments to banks. There are no explicit guidelines/criteria for hiring third parties who conduct supervisory tasks to assess the quality of the work performed by those experts, or obligating them to report to the NBR promptly any material shortcomings identified. Although the NBR has not used external experts for supervisory tasks, the issuance of such guidelines could be contemplated if the use of third parties were to increase. Also, there is no explicit/regular evaluation process in place to periodically review the information collected to determine that it satisfies a supervisory need particularly in the case of additional prudential returns (except the ones collected according to the common European reporting framework). The authorities should consider the following activity: Develop rules and processes for hiring external experts, including the process of the quality control and avoiding conflicts of interests. Perform a periodic review of whether the prudential returns (required outside of European reporting framework) satisfy a supervisory need.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	In accordance with the internal procedures of SD, the team discusses the findings with banks at the end of the on-site examination. After completing the draft supervision report, the findings are sent to the bank and the bank sent observations and comments. Not all observations and comments from bank may be included in the final version of the report The proposals of the SD can be materialized into sanctions, measures, and recommendations through written orders sent to the management of the bank. Where significant corrective actions are identified, the authorities stipulate by written order that these measures/actions be presented to the board. However, the NBR order is not directly submitted by the NBR in a written document to the bank’s Board. The recommendations and corrective measures (through written orders) are monitored by the NBR. Moreover, the bank is required to prepare an appropriate action plan to address all the issues from the examination report (supervisory report) that were not included in the order after the completion of the supervisory report. The banks are obligated to inform the NBR in writing about the remedial status of the measures from the orders and action plans within specific timeframe. One of the objectives of the on-site examination during the next on-site examination is to assess if the measures have been implemented. During the ongoing off-site activities, written explanations and corrective measures are required to be sent to the bank if supervisors identify changes in the financial situation, prudential ratios of a bank or other difficulties or negative developments that can affect its activity. The NBR routinely monitors the efficiency and effectiveness of the measures put in place. If an off-site staff identifies issues during an ongoing supervision that indicates high risk exposure or activity by credit institutions due to noncompliance with the regulations in force, a supervision report will be prepared. With regard to the operational procedure of the SD, on the basis of the findings of the inspection team, the supervisory draft report should be finalized within a period of 60 working days after the on-site assessment ends. This draft is sent to the inspected credit institution for the “right to be heard” stage in which the bank can make observations. The final draft should be finalized within 10 working days of the discussions with the credit institution or after the team receives the additional documents submitted by the bank including clarification from the specialized departments of the central bank on how to interpret the legal provisions that are likely to be applied to findings from the inspection action. After the signed version of the report is received, a consolidated note will be drawn by the members of the inspection team within 15 working days; this note includes a summary of the findings and the proposal regarding the supervision measures, sanctioning measures, and recommendations. However, this time frame is not consistently followed by the SD.
EC2	The supervisor has available47 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The NBR has the tools necessary to require corrective actions of credit institutions or to impose sanctions. If a CI does not comply with the requirements per banking law, the regulations issued in their application, or in the event that the NBR has determined the CI will unlikely comply with the aforementioned provisions, then the NBR may require a CI to undertake the necessary steps to remedy the deficiencies. According to Article 226 from Banking Law, in the past two years the NBR imposed supervisory measures regarding the business management framework and the internal capital adequacy assessment process, as follows: Maintaining own funds at a level higher than the minimum capital requirements Reducing the risk inherent to activities, products and systems Implementing a specific provisioning policy or treatment of assets Submitting a plan for restoring compliance with supervisory requirements With respect to escalation policies in response to the accumulation of risk, the NBR underlines the provisions of the Banking Law stating that measures and sanctions shall be effective and proportionate with the acts and irregularities, taking in consideration the gravity and consequences, as well as the personal and circumstances of the committed deed, having a dissuasive effect. Therefore, should the credit institution not comply with the measures imposed by the NBR, the supervisory authority can take more restrictive actions in order to respond to the accumulation of risk, applying the provisions of Article 226 paragraph 3 from the Banking Law. These measures include but not limited to: Require the CI to hold own funds in excess of the requirements; Require the CI to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; Restrict or limit the business, operations or network of CIs, including by withdrawal of the approval granted on establishment of branches abroad, or to request the divestment of activities that pose excessive risks to the soundness of a credit institution; Require the CI to reduce of the risk inherent in its activities, products and systems; Require the CI to limit variable remuneration as a percentage of net revenues inconsistent with the maintenance of a sound capital base; Require the CI to use net profits to strengthen its own funds; Require the CI to replace the individuals appointed to conduct the branches of the CI; Limit qualifying holdings in financial or nonfinancial entities where the CI is bound to sell them; Require the CI to present a plan to restore compliance with supervisory requirements detailing the steps and actions to be taken, and set a deadline for their implementation; Limit or prohibit distribution by the CI of profit from distributable item to shareholders or to their members, and/or interest payments to the holders of Additional Tier 1 instruments, where the prohibition does not constitute an event of default of the credit institution; Impose additional or more frequent reporting requirements including reporting on capital and liquidity positions; Impose specific liquidity requirements including restrictions on maturity mismatches between assets and liabilities of CIs; Require additional disclosures to CIs etc. The administrative penalties that can be applied include the following Article 229 Paragraph 1: Written warning; A public warning indicating the natural person, the CI, the financial holding company or the mixed financial holding company responsible and the deed committed; Administrative pecuniary penalties of up to 10 percent of the total annual net turnover including the gross income; In the case of a natural person, administrative pecuniary penalties of up to EUR 5 000 000, to the corresponding value in the national currency on July 17, 2013; Withdrawal of the approval granted to the key persons referred to in Article 108 paragraph (1) of Banking Law; Administrative pecuniary penalties up to twice the amount of profit gained, where determinable. The sanctions that can be applied include the following Article 229 Paragraph 2: An order requiring the natural or legal person responsible to cease and desist from a repetition of the conduct in question; Temporary ban in exercising functions in a credit institution by persons referred to in Article 108 paragraph (1) or by persons appointed to head the branches of the credit institution, held responsible for committing the deeds. Withdrawal of the authorization granted to the credit institution, in accordance with the provisions of Article 39; Suspension of voting rights of the shareholders or of the responsible shareholders. In practice, the NBR actively imposes sanctions and measures to banks and relevant individuals and discloses them on its webpage (http://www.bnr.ro/Sanc%c8%9biuni-emise-de-BNR-12553.aspx).
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The powers of the NBR granted by Banking Law are available when the CI is in breach of the requirements and when the NBR has evidence that the bank is likely to breach the requirements within the next 12 months Article 226. Specifically, the NBR is able to dispose a CI to undertake the necessary steps to remedy the deficiencies in the following situations: The credit institution does not comply with the requirements laid down in Banking Law, in CRR, and the regulations issued in their application; The NBR has indications that it is likely that the CI will not comply with the above- mentioned provisions. Based on SREP methodology, the NBR also determines to what extent the management framework, strategies, processes and mechanisms implemented by a CI, the own funds held and its liquidity, ensures prudent management and adequate coverage of the risks in relation to the CI’s risk profile. The NPR has a wide range of options to address the bank’s breach of threshold requirements and to prevent it from reaching its threshold (See EC2). For example, NBR often requested that banks maintain own funds at a level higher than the minimum capital requirements, reduce the risk inherent to activities, and setting up specific requirements, etc.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	The NBR has a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above (See EC2 and EC3). Applicable in this case can be the provisions of Banking Law Article 226 by which the NBR shall require any CI that does not meet the requirements of Banking Law, of the regulations or other administrative provisions issued for the application thereof, or fails to comply with a recommendation of the NBR, to take the necessary actions at an early stage to address the situation. In this respect, the NBR may require the CI to comply with the reinforcement of the arrangements, processes, mechanisms, and strategies implemented in accordance with Article 24 and Article 148. In accordance with the Article 39 from Banking Law, the NBR may withdraw the authorization granted to a CI in case of breaching the prudential requirements stipulated in part III (capital requirements), IV (large exposures), and VI (liquidity) from CRR. Along with the withdrawal of the credit institution’s authorization, the NBR shall order the dissolution and windup of the credit institution as per Article 44 and Article 255 from Banking Law. Also, Law No. 312/2015 (Recovery and Resolution Law) contains provisions under the NBR, as a competent authority, has at its disposal a range of early intervention measures. Further, Article 149 paragraph 1 states that the NBR, as a competent authority, may require changes to the legal or operational structures of the credit institution. Per Article 153, the NBR may appoint one or more temporary administrators to the credit institution. Thus, the NBR has an appropriate range of supervisory tools available for use when a credit institution is not complying with laws, regulations or supervisory actions. Among the measures required by the EC4, the NBR, as a competent authority, does not have the explicit power to facilitate a takeover by or merger with a healthier institution per Banking Law. A competent authority cannot impose on CIs any measures regarding the merger process or acquisition by a third party per Banking Law. Purchase and assumption transactions are possible resolution instruments according to Law No. 312/2015. When determining the type of sanctions, administrative penalties and fines, the NBR shall take into account relevant circumstances on the commitment of the offence, inter alia, the gravity, and the duration of the breach Article 225 paragraph 4. Where written orders or decision to impose sanctions on banks or individuals are issued, the first deputy governor of the NBR has full responsibility in determining the types of measures and sanction to be taken. Upon completion of on or off-site supervisory activities, the inspection team shall consolidate its findings and propose supervisory measures and sanctions to the first deputy governor for approval. The inspection teams may at times consult the legal department for additional guidance and discuss within the supervision department, as needed—the decision to involve other departments and parties is made solely by the inspection team.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	In accordance with Article 225 from Banking Law, the NBR may adopt measures and impose sanctions aimed specifically at ending observed infringements or the causes of such infringements against a CI or persons effectively controlling the business of Cis that infringe laws, regulations or other administrative provisions issued for the application thereof concerning the supervision or pursuit of their activities. According to Article 229, the NBR may apply various types of sanctions/penalties through written warnings such as withdrawal of approval granted, financial penalties, cease and desist orders, etc. (see EC2). The enforcement of sanctions does not remove the material, civil or penal responsibility. The sanctioning powers are exercised and applied to banks, management, and/or the Board, or individuals.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	In accordance with Article 166 of Banking Law, the NBR assesses the risks to which the CI may be exposed and if it identifies risks related to the operations carried out with the parent company. In such cases, the NBR may dispose measures, provided by Article 226 paragraph 3 (e) in the Banking Law, to require the CI to reduce the risks associated with its operations, products and systems, to limit or prohibit the distribution by the CI of profit from distributable elements as defined in Article 4 paragraph (1) point 128 of CRR, to its shareholders or members, and/or the payment of interest to the holders of Tier 1 capital instruments should the prohibition not be a default for the credit institution. (See EC2) The provisions of Article 230 (1) state that where persons holding qualifying holdings in the CI no longer fulfill the requirements regarding the quality of the CI’s shareholding or exercise and considered an influence that may jeopardize the prudent management of the CI, the NBR, in addition to any other measures or sanctions that may be imposed on the CI or the persons exercising its management and management responsibilities, may suspend the voting rights attached to the shares held by the shareholders or members in question The NBR may dispose measures to restrict or limit the business, operations or network of CI by withdrawing the authorization issued for establishment of branches abroad or require the cessation of activities involving excessive risks to the credit institution’s soundness. When the actions taken by subsidiaries, parallel-owned banking structures and other related companies could impair the safety and soundness of the bank, the NBR can limit the qualifying holdings of the CI in financial or nonfinancial institutions where the credit institution is bound to sell them.
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	The NBR, as the competent authority, has responsibilities of cooperation with relevant authorities in case of resolution process according to Law No. 312/2015 regarding the recovery and resolution of CIs, which transpose the provisions of the BRRD. The NBR, as a resolution authority, shall take a resolution action in relation to a CI only if it considers that all of the following conditions are met: The NBR, as a competent authority, shall determine that the credit institution is failing or is likely to fail. For this purpose, the supervisory structure shall consult the resolution structure; Having regard to timing and other relevant circumstances, there is no reasonable prospect according to which failure could be prevented within a reasonable timeframe, by any alternative private sector measures, including measures by an institutional protection scheme, or supervisory action, including early intervention measures or the write-down or conversion of relevant capital instruments; A resolution action is necessary in the public interest. As for the liquidation process of CIs, the Deposits Guarantee Fund in the banking system has competencies according to Article 256 paragraph 2 from Banking Law.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	The Supervision Department internal procedure regarding the operational flow of the process of verification and evaluation of the management framework, strategies, processes, and mechanisms implemented by credit institutions establishes deadlines for the supervisory authority and for the banks (See EC1). However, these procedures are set by the “internal rules” of SD in NBR, not by laws or regulations.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of nonbank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	The provisions of Article 189 of the Banking Law stated that in order to establish and facilitate effective supervision at the national level of credit institutions, investment firms, and financial institutions, the NBR and the Financial Supervisory Authority (ASF) shall conclude written coordination and cooperation agreements. Considering the above, the NBR and the supervisory authorities of the financial market (ASF – Financial Supervisory Authority) signed an agreement in order to set up the rules for the cooperation between these authorities and to ensure an efficient supervision of the entities involved in banking, market and insurance activities. This agreement enables the exchange of information between the authorities and facilitates the performance of the supervisory actions on a need basis. However, there is no systematic or regular process that informs the supervisor of nonbank related financial entities of its actions. Assessors were told that the Romanian financial sector is dominated by banks and setting up the regular process is unnecessary, as a need-base cooperation is sufficient. Besides, all sanctions and written orders are disclosed on NBR webpage.
Assessment of Principle 11	Largely Compliant
Comments	The NBR has the tools necessary to require timely corrective actions of credit institutions and to impose sanctions. The NBR has an adequate range of supervisory, sanction measures, and administrative penalties available for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations, or supervisory actions. Corrective actions and sanctioning powers are exercised in a forceful manner and a broad range of measures and sanctions have been applied to banks, management, and/or the Board, or individuals. However, regarding the internal process of measures and sanctions, there appears to be an insufficient amount of mandatory review and analysis processes needed to ensure consistency or justification of inspection outcomes and supervisory/ sanction measures across the banking system. In sum, there is no consistent internal independent review process present to ascertain that the degree/type of measures or the corrective actions are adequate according to the law and regulations. In the case that banks do not agree with the measures/sanctions, the dispute shall be entered into the NBR board. Approximately 45 cases were submitted to the board within a five-year period with 18 cases being contested in court. Some of the issues were about clarification of findings. Thus, assessors are of the opinion that the corrective action and sanctioning regime in the NBR would benefit from adding an independent review process to assist the first deputy governor to make approvals in a more informed manner. This would also enhance the credibility of the supervisors as well as the consistency of corrective actions and sanctions. Among the measures required by the EC4, the NBR, as a competent authority, does not have the explicit power to facilitate a takeover by or merger with a healthier institution per Banking Law. A competent authority cannot impose on CIs any measures regarding the merger process or acquisition by a third party per Banking Law. Purchase and assumption transactions are possible resolution instruments according to Law No. 312/2015, All EU members may have this exception, but still considered a deficiency. With respect to supervisory follow-ups, the time frame described in the internal rules of the NBR is not always kept. Assessors note that the process of supervisory reports and written orders were sometimes delayed. The draft should be sent to banks within 60 working days according to NBR internal procedure, but many examination reports were issued to banks more than 6 months later (on average approximately 140 days in 2016), and the issuance of written orders too even longer. Assessors were told that sometimes wrap-up meetings after on-site inspection were not held in an official manner. This practice could hinder banks to implement supervisory measures in a prompt manner.48 In addition, there is no systematic or regular process informing the supervisor of nonbank related financial entities (including ASF), the NBR’s actions, and there is no process to coordinate its action with them. There is a need-base cooperation between them in this regard. The authorities should consider the following activity: Establish an independent review process in determining written orders and sanctions to guarantee consist approach and clearer justification; introduce internal guidance to ensure more objectivity, accuracy and consistency in exercising sanctioning power and corrective actions. Improve the post-examination process by formalizing a wrap-up meeting to convey findings that require immediate improvement or corrective actions. Intensify engagement and cooperation with the ASF in the process of imposing corrective actions and sanctions.
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.49
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including nonbanking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	Requirements for supervision on a consolidated basis are established in CRR and CRD IV. In order to prevent and reduce specific banking risks, the NBR shall carry on the prudential supervision of credit institutions (CIs) and their branches established in other Member States or in third countries, by setting rules and prudential banking indicators, by monitoring their observance and compliance with other requirements laid down by law, and by the applicable regulations on an individual basis, consolidated, or sub-consolidated basis, as deemed appropriate. As of June 2017, the scope of banking supervision covered 28 credit institutions and Romanian legal persons. These included 5 stand-alone domestic credit institutions, 1 foreign stand-alone non-EU subsidiary and 22 foreign EU subsidiaries. There are no financial conglomerates in Romania. Regarding the foreign EU subsidiaries (22), their parent banking groups in Europe are, at consolidated EU level, under the direct/indirect supervision of Single Supervisory Mechanism (SMM), Central Bank of Hungary, Polish Financial Supervision Authority, Bank of Israel, Cyprus Central bank, and the NBR. While the NBR is not serving as a consolidating supervisor, it may participate in colleges of supervisors. These colleges provide the necessary instruments for enhancing the supervision of entities within banking groups. CIs supervised on a consolidated basis by the NBR have to comply with prudential requirements based on their consolidated situation. CIs prove to their fulfilment of the prudential requirements to the NBR by means of prudential reports (COREP and FINREP according to Regulation (EU) No. 680/2014). Each CI has also to comply with prudential requirements on an individual basis, irrespective of being supervised on a consolidated basis by the NBR. The NBR conducts SREP assessments on a consolidated basis and the evaluation of activities for each member of the group and their activities within the group are examined during an annual on-site examination. The quantifiable and nonquantifiable (e.g., reputational risk) risks incurred by credit institutions as members of groups are monitored and controlled by the NBR for consolidated banking supervision. The NBR has the power to request any information from the bank subsidiaries and the parent company as deemed necessary for its consolidated supervision. However, there are currently no systematic procedures in place for the overall monitoring and assessment of contagion and reputation risks that may jeopardize the safety and soundness of the bank and the banking system. The authorities state that the contagion risk is taken into consideration by CIs and examined by the NBR. For example, according to Banking Law, a CI shall establish internal limits on intragroup liquidity risk to mitigate the risk of contagion under stress, including for each currency used by the CI.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure.
Description and findings re EC2	In Romania, parent credit institutions as Romanian legal entities must comply with the obligations provided by CRR and Directive 2013/36/EU (ICAAP) on the basis of their consolidated situation. Banking groups are subject to regulations on capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. Each credit institution, irrespective of being supervised on a consolidated basis by the NBR, has also to comply with prudential requirements on an individual basis. Prudential information is provided, on a consolidated basis, to the competent authorities according to Regulation (EU) No. 680/2014, which establishes ITS with regards to supervisory reporting of institutions according to CRR. The NBR carried out annual SREP assessments on a consolidated basis. While the NBR is not a consolidating supervisor it remains responsible for the supervision of credit institutions and may participate in colleges of supervisors. These colleges provide the necessary instrument for enhancing the supervision of entities within banking groups. Credit institutions demonstrate their fulfilment of the prudential requirements by means of prudential reports (COREP and FINREP according to Regulation (EU) No. 680/2014) sent to the designated competent authority As an off-site activity, the quarterly key risk indicators are mainly monitored on a solo basis rather than a consolidated basis. Authorities mentioned that Romanian banking sector is bank dominated and the consolidated figures are usually more prudent than a solo basis.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	Article 7 of NBR Regulation No. 5/2013 stipulates that within a group structure, the management body of a parent credit institution as a Romanian legal entity must ensure that within the group there is an adequate framework for the management of the activity and that it is appropriate to the structure, activity, and risks of the group and its entities. In order to fulfill its responsibilities within the management framework, the management body of a parent credit institution must: establish a structure for the management framework that contributes to the effective supervision of its subsidiaries which takes into account the nature, scale and complexity of the various risks to which the group and its subsidiaries are exposed; approve a policy regarding the management framework for the entire group and for its subsidiaries, including the commitment to meet all the requirements applicable to the management framework; ensure that there are sufficient resources for each subsidiary to meet both group-level standards and local management framework standards; have adequate means to monitor that each subsidiary complies with all applicable requirements on the management framework; ensure that reporting lines at the level of the group are clear and transparent, especially if the lines of activity do not overlap with the organization of the group from a legal point of view. Article 8 also stipulates the responsibility for the management body of a parent institution to: understand not only the organization of the group but also the purpose of the different entities and the links and the relations between them; ensure that the various entities in the group (including the credit institution itself) receive sufficient information to have a clear perception of the overall objectives and risks of the group; ensure that it is kept informed of the risks posed by the group structure. The NBR reviews whether the oversight of a bank’s foreign operations by management is adequate during the annual on-site examination. In case of cross border groups, the NBR is participating in 9 colleges of supervisors. Regarding the expertise needed in foreign operations, the NBR does not give specific guidance to Romanian banks on the soft and hard skills needed by bank officials who are posted overseas. The effectiveness of host country supervision does not seem to be assessed in the course of managing cross-border supervision arrangements on a regular basis since it has limited applicability in Romanian context. Authorities state that there is only one Romanian bank’s overseas subsidiary in Moldova and one branch in Italy so the need for regular assessments is not significant.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	In 2016, the NBR conducted onsite inspections of a Romanian bank subsidiary in Moldova, focusing on credit risks and other supervisory concerns. This was the first on-site visit of the NBR to a Romanian bank’s foreign offices; the NBR met the host supervisor during these visits. To date, the lone branch operating in Italy (0.3 percent of the respective banking group’s total assets) has yet to be visited. According to the banking law, the NBR may perform direct on-site inspections after having first informed the competent authorities of the host Member States, or may ask these competent authorities to perform this task on its behalf and participate in the inspection process, if necessary.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	In Romania, the majority of the credit institutions are subsidiaries of European banking groups. Consolidated supervision of the whole group is performed by ECB while the NBR is responsible with the supervision of the Romanian subsidiary at individual and sub-consolidated levels (the credit institution authorized as Romanian legal person and its affiliates included in the prudential consolidation perimeter). Considering this, the NBR does not reach the banking holding companies or affiliated companies directly, but the measures imposed on the credit institution authorized in Romania (with respect to the capital ratio necessary to be maintained above the minimum level, to make changes in the business model, in the management body composition, restrict some activities or business lines, the limitation or even the cessation of activities involving excessive risks to the credit institution’s soundness, to limit qualified holdings in financial or nonfinancial entities, where the credit institution is obliged to sell it) can affect the parent company and affiliates indirectly. According to Article 1516 of Regulation 6/2008, the credit institutions shall submit annually to the NBR and within six months of the previous financial year, the financial information related to shareholders who hold directly, indirectly, or in concert, qualifying shares. Within 30 days of the financial year end date, credit institutions shall annually disclose to the NBR through the interbank communications network, a statement of all shareholders including the following information: identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights. In cases where the parent companies are investment firms, the NBR cooperates with the Financial Supervision Authority responsible with their supervision at an individual level. The cooperation between the two supervisory authorities is regulated in the Government Emergency Ordinance (OUG) 99/2006, Articles 189–192), which stipulates the necessity of concluding written cooperation and coordination agreements. In terms of relevant supervisory actions, the NBR also is empowered to adopt various measures in this regard. For example, according to Article 294 of Banking Law, the NBR has the power to impose the sanctioning measure of a suspension of the exercise of the voting rights of the shareholder(s) responsible, in all cases stipulated in this Article. (See CP 11 EC2) The main activities of parent companies and of companies affiliated with the parent companies are mainly reviewed during on-site examination and the NBR takes actions as deemed necessary.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	When the NBR determines that arrangements, strategies, processes, and mechanisms implemented by a credit institution, and the own funds and liquidity held do not ensure sound management and coverage of risks, it may take the following measures: restrict or limit the business, operations or network of credit institutions, including by withdrawal of the approval granted on establishment of branches abroad, or to request the divestment of activities that pose excessive risks to the soundness of a credit institution; and require the credit institution the reduction of the risk inherent in its activities, products and systems. According to Article 85 of Banking Law, if the NBR is informed by the competent authority of the host Member State of the fact that a credit institution, that has a branch or directly provides services within the territory of the Member State concerned, does not comply with the legal provisions adopted in that Member State, the NBR shall within the shortest delay take the necessary measures to ensure that the offending credit institution puts an end to that irregular situation. The nature of these measures shall be communicated to the competent authority of the host Member State. Also, the NBR may reject the application for approval of the establishment of the branch if, on the basis of information held and documentation submitted by the credit institution (a Romanian legal entity) it ascertains that the existing legislative framework of the third country and/or the manner in which it is implemented impedes the exercise of supervisory functions by the NBR.
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.50
Description and findings re EC7	Credit institutions in Romania have to comply with the obligations provided by CRR and Directive 2013/36/EU (ICAAP) on an individual basis as well as on a consolidated basis (See EC2). In addition, credit institutions that are not subsidiaries, parent undertaking, or not included in prudential consolidation should comply with the obligations on an individual basis. The European regulation provides some derogations from the application of prudential requirements on an individual basis but these were not exercised in Romania.
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.
Description and findings re AC1	According to banking law Article 15 and Article 26, the NBR has the power to set and enforce fit and proper standards for owners and senior management of parent corporates. (see CP5 and CP6) For example, Article 26 stipulates that in order to ensure the sound and prudent management of the credit institution in which an acquisition is proposed and having regard to the likely influence of the proposed acquirer on the credit institution, the NBR assesses the suitability of the proposed acquirer and the financial soundness of the proposed acquisition against all of the following criteria: the reputation of the proposed acquirer, specifically its integrity and professional competence; the reputation, knowledge, skills and experience of any person who will direct the business of the credit institution, as a result of the proposed acquisition; the reputation and experience of any person performing management and/or running responsibilities of the credit institution, as a result of the proposed acquisition. In order to grant authorization to a CI, the NBR should be satisfied as to suitability of the persons where close links exist between the credit institution and other natural or legal persons; the financial soundness of the proposed acquirer, in relation to the type of business pursued and envisaged in the credit institution in which the acquisition is proposed. The authorities mention that the NBR shall monitor compliance with the conditions referred to shareholders on a continuous basis and take appropriate measures if the requirements on ensuring prudent and sound management are no longer met. However, the formal fit and proper reviews for owners and senior management of parent corporates are not conducted on a regular basis after acquisition or granting licenses
Assessment of Principle 12	Largely Compliant
Comments	In Romania, the majority of the credit institutions are subsidiaries of European banking groups. Consolidated supervision of the whole group is performed by ECB or respective authorities while the NBR is responsible for the supervision of the Romanian subsidiary at individual and sub-consolidated levels (the credit institution authorized as a Romanian legal person and its affiliates included in the prudential consolidation perimeter). While the NBR is not a consolidating supervisor, it is responsible supervision of credit institutions and may participate in colleges of supervisors. These colleges provide the necessary instrument for enhancing the supervision of entities within banking groups. The NBR conducts SREP assessments on a consolidated basis and the requirements for consolidated supervision are established in CRR and CRD IV. The intra-group activities are examined during an annual on-site examination. However, there seems to be limited systematic procedures in place for overall monitoring and assessment of contagion and reputation risks that may jeopardize the safety and soundness of the bank and the banking system. The authorities state that this is taken into consideration by CIs. For example, a CI shall establish internal limits on intragroup liquidity risk to mitigate the risk of contagion under stress, including for each currency used by the CI. However, assessors note that some credit institutions have exposures to a group entity of around 80–90 percent of capital at a point of time. Authorities mention that those are mainly deposits to headquarters so related risk is not significant. Nevertheless, it is not clear what the supervisors’ expectations and risk tolerance are in terms of intra-group risk management without clear supervisory guidelines. In addition, as one of the off-site activities of consolidated supervision, the quarterly key risk indicators are mainly monitored on a solo basis rather than both solo and consolidated basis. In terms of fit and proper standards on the owners and senior management of parent corporates, the NBR has the power to set and enforce the standards. However, the formal fit and proper reviews are conducted in the stage of acquisition or granting licenses, and not conducted on a regular basis.51 The authorities mention that the NBR shall monitor compliance with the conditions referred to shareholders on a continuous basis, although there is no formal regular fit and proper review after granting licenses. The authorities should consider following: Further enhance monitoring contagion and reputational risks within the banking group or establish guidelines on risk management of intra-group exposures and transactions, if needed; Conduct off-site monitoring on a consolidated basis more frequently; Conduct fit and proper reviews on a regular basis in case of corporate owner of banks.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, considering the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The banking law Article 1851 authorizes NBR to establish bank specific supervisory colleges as a home supervisor where needed. Locally owned banks do not have significant branches or subsidiaries abroad. No supervisory college has yet been set-up by NBR as a home supervisor.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group52 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	The legal and regulatory framework allows appropriate home-host cooperation. NBR is a member of 15 EU supervisory colleges, including all significant EU subsidiaries and a significant branch (with 7 percent of assets at end 2016). MOUs have all been signed with national supervisors of countries where the largest EU banks active in Romania are headquartered (see CP 3 EC 2). The ECB / SSM has been the home supervisor of the largest EU subsidiaries and branches (72 percent of assets in 2016) since 2014. NBR actively cooperates with the ECB /SSM, even if a draft written coordination agreement governing supervisory colleges is still to be signed (draft submitted by the ECB /SSM for comments in 2017). While this process is ongoing, the provisions of existing arrangements are implemented, with the participation of ECB /SSM as home supervisor. Detailed and mandatory templates for group and individual risk assessments are included in the EU Commission implementing Regulation 2016/99 of 16 October 2015 laying down implementing technical standards with regard to determining the operational functioning of the colleges of supervisors. NBR highlighted the intensity and quality of exchanges within supervisory challenges, which is confirmed by EBA analyses. The EBA report on the functioning of supervisory colleges in 2016 highlights the effective (and improving) functioning of these colleges, including intense college interactions, detailed group risk assessments (with progress needed on the business profile component in some cases), dialogue between the consolidating supervisor and the relevant competent authorities in a multilateral setting to discuss and agree upon the proposed capital and liquidity requirements, then reflected in joint decisions which were considered well-reasoned (even if in many college mandatory risk-by-risk decomposition of the capital requirement was not shared and discussed in the college setting and liquidity joint decisions were of a lower quality than the capital joint decisions, mainly because of their less granular reasoning, particularly for the subsidiaries).
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	Supervisory activities are coordinated in the context of colleges. The home and host supervisors agree on the annual SEP, as contemplated by CRD IV Articles 99 and 116. For this reason, each competent authority provides its scheduled annual supervisory activities (on-going and on-site) by filling the SEP. NBR, as a host authority, regularly participates and contributes to the planning of supervisory activities, discussions and information exchange. In recent years, NBR jointed the ECB as a home supervisor in on-site inspections carried out in three Romanian subsidiaries of the EU banks. Detailed exchanges of information on liquidity risks were also introduced at the time of the Greek crisis between members of the supervisory colleges of Greek banks to share daily updates on the liquidity situation of different group members, including Romanian subsidiaries.
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	NBR is only a host authority. Where NBR is part of a supervisory college, cooperation agreements in place and agreed practices of the colleges provide the basis for the exchange of information and the communication strategy to the bank (on a case-by-case basis).
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	A new framework for dealing with failing banks, the BRRD was agreed in 2014, and transposed in Romania and across the EU in 2015. It organized cross-border crisis preparedness, cooperation, management and ultimately resolution. For crisis management, written coordination arrangements are in place covering inter alia the means of communication, information to be exchanged and relevant persons to be contacted (these arrangements are reviewed on annual basis). For Romanian subsidiaries, NBR (resolution function) make their own assessment of critical functions. Both the supervisory and resolution functions of NBR are involved as a host in the preparation of cross-border recovery and resolution plans. The resolution function is taking the lead on the preparation of resolution plans (with inputs from the supervisor function), while the supervisory function takes the lead in the review of recovery plans prepared by banks, with inputs from the resolution function (see CP 3).
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	See EC 5 and CP 3 on respective responsibilities and cooperation between the supervisory and resolution functions of NBR. Resolution plans were prepared for almost all Romanian banks and, where appropriate, approved by joint decisions in resolution colleges (starting in 2016). Resolution plans for 15 out of 19 subsidiaries of cross-border groups subject to consolidated supervision have been elaborated and revised, where applicable, within the respective resolution colleges (i.e., 96.88 percent of the cross-border groups’ subsidiaries net assets as of June 2017).
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	Cross-border operations of EU banks are subject to similar prudential, inspection and regulatory reporting requirements similar to those of domestic banks, in application of EU regulatory and supervisory arrangements. Article 206–1 of the banking law mentions that: “where a credit institution, a Romanian legal person, having as parent undertaking a credit institution, an investment firm, a financial holding company or a mixed financial holding company, the head office of which is in a third country, is not subject to consolidated supervision performed by a competent authority of a Member State, the National Bank of Romania shall verify whether the credit institution is subject to consolidated supervision exercised by a third-country competent authority, which is equivalent to that governed by the principles laid down in this” banking law.
EC8	The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	There is an explicit provision in the law regarding the possibility for home supervisors of EU branches to perform on-site inspections at the head office of the branch in Romania Article 211–1. There is no such explicit provision for the on-site inspections by the home supervisors of subsidiaries of EU banking groups, However, this falls under broader cooperation arrangements (including MOU and WCCA) and has been regularly practiced (including as part of asset quality reviews conducted across the EU in 2014; in that case, NBR was informed and joined the mission as an observer or more recently with ECB teams inspecting three banks). There is no explicit provision authorizing home supervisors from third country to perform on-site inspections in subsidiaries in Romania Article 212 of the banking law only covers branches). NBR may allow it on a case by case basis. There is currently only one small subsidiary from a third country (Israel), where no inspection was conducted by the home supervisor.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	The banking Law sets out certain requirements that must be met to establish a bank which prohibits shell banks from operating within Romania. All credit institutions must be registered with and have a licence issued by the NBR, and the NBR must affirm that the management of the bank is meeting Romanian “fit and proper” standards. The NBR supervises the licensing process for all credit institutions, Romanian legal entity, and has the sole authority to grant and revoke banking licenses. (See CP5)
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	NBR is a member of colleges of supervisors of all significant EU subsidiaries and branches, which include detailed consultation mechanisms (and often require a joint decisions). For other subsidiaries and branches of EU banks, MOUs were signed covering relevant aspects. More broadly, Article 188–1 of the banking law requires NBR to “consult the other competent [i.e., EU] authorities responsible for the supervision on an individual and/or on a consolidated basis prior to taking a decision that is of importance for those competent authorities’ supervisory tasks.”
Assessment of Principle 13	Compliant
Comments	The NBR is primarily a host supervisor. It is a member of 15 EU colleges of supervisors, which allow effective exchanges of information (based on unified templates and shared methodologies) and unified supervisory actions (including joint decisions). Close coordination is also in place for crisis management and resolution, at the domestic level with the resolution arm of NBR and, for large banks active in Romania, within EU supervisory and resolution colleges. All Romanian banks prepared recovery plans starting in 2016; resolution plans were also prepared for almost all of these institutions (and their groups where applicable).

View Table

Principle 1	Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.15 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.16
Essential criteria
EC1	The responsibilities and objectives of each of the authorities involved in banking supervision17 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps.
Description and findings re EC1	Banking supervision in Romania falls within the responsibility of the central bank, the National Bank of Romania (NBR), which is the only domestic prudential supervisor for banks in Romania (Article 3 of the NBR statutes18). As Romania is a member country of the European union (EU), important responsibilities regarding banking supervision are harmonized, coordinated or exercised at the EU or eurozone levels (see Institutional and market structure section and CP 5 on branches of EU banks and freedom to provide banking services for EU banks). The objectives of the NBR, in banking supervision, focus on ensuring financial stability, protecting the interests of depositors and ensuring a sound and viable banking sector (considering a primary objective of ensuring and maintaining price stability, as indicated in Article 2–1 of the NBR statute). Article 2–2–b of the NBR statute indicates that: “the main tasks of the National Bank of Romania shall be: […] to conduct the authorization, regulation and prudential supervision of credit institutions and to promote and oversee the smooth operation of the payment systems with a view to ensuring financial stability.” Article 164 of the banking law indicates that “for protecting the interests of depositors and ensuring a sound and viable banking sector, the National Bank of Romania shall carry on the prudential oversight of credit institutions.” The responsibilities of the NBR regarding licensing, regulation and supervision are consistently defined by its statute and the banking law. The banking law Article 4 indicates that: “the National Bank of Romania is the competent authority for the regulation, licensing, prudential supervision of credit institutions”.
EC 2	The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it.
Description and findings re EC2	Both the banking law Article 164 and the NBR statute Article 2–2 give NBR the responsibility to promote the safety and soundness of banks and the banking system (considering the NBR primary objective of ensuring and maintaining price stability.
EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile19 and systemic importance.20
Description and findings re EC3	Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. Minimum prudential standards are primarily set at the Romanian and EU levels. The NBR statute Article 25 empowers NBR to: “(a) Issue regulations, take measures for their observance and apply legal sanctions in cases of infringement and (b) check and verify, based on off-site and on-site supervision.” The NBR regularly issues regulations in areas not covered by EU regulations. Some EU regulations are directly enforceable (e.g., 2013 Capital requirement regulation -CRR- and implementation of technical standards -ITS- regulations, e.g., on supervisory reporting), while others need to be transposed in Romanian laws and regulations (e.g., the CRD IV, which is transposed in the banking law-and guidelines issued by the European banking authority -EBA-). The CRR defines binding requirements in some areas (e.g., key aspects of the capital adequacy regime or large exposure regime); in such cases, national supervisor cannot set additional regulatory requirements. NBR is involved in the preparation of banking regulations at the EU level, including participation in several EBA working groups21, to ensure its views can be expressed and considered at an early stage. NBR has the power to increase prudential requirements for individual banks and banking groups based on their risk profile Article 226–3 and 226–4. The supervisory review and evaluation process (SREP) allows NBR to review on an annual basis the opportunity to impose additional capital requirements and, where applicable, define their amount (in the case of subsidiaries of EU banks, such additional capital requirements need to be imposed through a joint decision with the home supervisor, see CP 13). The National committee on macroprudential oversight (NCMO), chaired by NBR, is responsible for identifying systemic institutions and, where applicable, making recommendations on additional prudential requirements they should meet (see CP 3). NBR is then empowered to impose such additional prudential requirements.
EC4	Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate.
Description and findings re EC4	Banking laws, regulations and prudential standards are frequently updated, as needed and without apparent delays. Such amendments are largely driven by changes in the EU regulatory framework, which need to be transposed in Romania. The banking law was amended every year (except 2014) since it was passed in 2006; regulations are also frequently amended considering the specificities of the Romanian banking environment (particularly NBR Regulation 5/2013 which contains key prudential requirements). In Romania, all draft laws and regulations are subject to public consultations based on the provisions of Law No. 52/2003 on decisional transparency in public administration. For NBR draft regulations, after the completion of internal consultation within NBR, a draft regulation is published on the NBR website for public consultation; after the public consultation, a new draft regulation is prepared, approved and published in the Official Gazette (as required by Article 56 of the NBR Statute). There is a specific detailed consultation process at the EU level with public consultations organized by the EU Commission on all draft regulations and directives and by the EBA on its draft guidelines. NBR mentioned that banks and the banking industry are well-aware of this process and provide comments where appropriate.
EC5	The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) Supervise the activities of foreign banks incorporated in its jurisdiction.
Description and findings re EC5	Both NBR statute Article 25 and the banking law empower NBR to have full access to relevant information and persons for supervisory purposes: NBR shall have all information gathering and investigatory powers that are necessary for the exercise of its functions Article 225–5 of the banking law; As part of investigations, NBR can require the submission of documents, examine books and records of the bank, its affiliate and, where applicable, its holding company, obtain written or oral explanations from any such person, and interview any other person who consents to be interviewed for collecting information relating to the investigation Article 225–8 of the banking law; During on-site examinations, banks shall allow NBR to “examine their reports, accounts and operations and to provide all the documents and information related to the activity performed, as they are requested,” Article 171. In practice, NBR did not report facing any constraint in accessing banks’ and banking groups’ Boards, management, staff and records. The banking law Article 176 defines cases where supervision shall be applied on a consolidated basis. The scope of Article 176 includes cases where the Romanian bank is a parent undertaking (as defined by the CRR) or the Romanian bank is the only or main bank controlled by an EU financial holding company. The scope of consolidated supervision includes both domestic and cross-border activities. NBR is responsible for the supervision of subsidiaries and branches of countries which do not belong to the European union (see Article 67 and following on branches of third countries and CP 5 on subsidiaries of third countries and subsidiaries and branches of EU banks).
EC6	When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate.
Description and findings re EC6	When, in NBR judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: take (and/or require a bank to take) timely corrective action and impose a range of sanctions (see CP 11); and revoke the bank’s license. cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate (see CP 3).
EC7	The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group.
Description and findings re EC7	NBR has the power to review the activities of parent companies and of companies affiliated with parent companies, as part of an application for a banking license is made (see CP 5 on the process followed by NBR) and on an ongoing basis. For supervision purposes, the banking law Article 225 mentions that NBR “shall have all information gathering and investigatory powers that are necessary for the exercise of its functions”, including the power to conduct all necessary investigations of any natural or legal person which are credit institutions, financial holding companies, mixed financial holding companies, mixed-activity holding companies as well as persons belonging to these four entities. NBR mentioned that on-site examination teams verified annually that banks collect adequate information to identifying and assess persons holding qualifying holdings. Regulation 6 also requires banks to keep necessary information to allow the identification of persons holding qualifying holdings and submit annually a statement of all shareholders (including identity, residence and nationality, percentage of participation in capital and voting rights) and, for shareholders holding directly, indirectly or in concert, qualifying holdings, updated financial information (including annual, individual and consolidated financial statements for legal entities and income statements for natural persons).
Assessment of Principle 1	Compliant
Comments	Banking supervision in Romania falls within the responsibility of the central bank, the National Bank of Romania (NBR). The primary objective of banking supervision is to promote safety and soundness (and no other objective of NBR conflicts with this objective). As Romania is a member of the European union (EU), important responsibilities regarding banking supervision are harmonized, coordinated or exercised at the EU or eurozone levels. As part of the passporting regime, EU banks can set-up branches or directly provide financial services in Romania while being supervised by their home authority. Laws and regulations are regularly updated (almost on an annual basis for the banking law), largely in response to new regulations and guidelines issued at the EU level. NBR has powers to take corrective actions and sanctions, when necessary.
Principle 2	Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Essential criteria
EC1	The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision.
Description and findings re EC1	Governance. NBR statute Article 33 indicates that its Board has responsibility for banking supervision and is made of nine members: four executives—the Governor who chairs the Board, a senior deputy governor and two deputy governors, and five nonexecutive directors. All Board members are appointed for a (renewable) five-year term by Parliament (on the recommendation of the competent standing committees of the two Chambers of Parliament). Board members were last appointed in October 2014 (except for a deputy governor who resigned in October 201622 and was replaced in April 2017 following parliamentary elections in December 2016). A majority (five) of Board members were appointed over eight years ago: The Governor was first appointed in 1990, the senior deputy Governor in 2004, and two members were already present on the Board in 2004 and one in 2009. A supervisory committee including NBR executive directors and senior management was set-up, as envisaged by NBR statute Article 32 and is at the core of the supervisory process. Regulation 99/2 governs its membership (10 members including the Governor as chair, first deputy Governor, two deputy Governors, directors for supervision, regulation and authorization, financial stability, legal, resolution and deputy director of banking supervision); defines its responsibilities (assess and monitor banking activity and risks, approve the on-site examination program and supervisory strategies, approve or reject individual requests from banks—with a few exceptions e.g., changes in the approval of middle management—approve sanctions based on the findings of on-site examinations and validate reports and note prepared for the Board—authorization, draft regulations, etc.; contemplates weekly meetings—or when requested by the Chair—during which decisions are made by consensus or vote and require that its conclusions are sent to the Board on a monthly basis. NBR confirmed that the supervisory committee held regular meetings (sometimes virtual). It met 24 times in 2016. Its activity included the following: (i) notification of the intention on acquiring a qualifying holding in the capital of a bank and/or on increasing such participations; (ii) approval of changes in Board members and/or executives, scope of activity, external auditors, operations on preferential terms set forth in the employee benefits and incentive packages, mergers, etc.; (iii) draft pieces of legislation concerning the activity of banks and nonbank financial institutions; (iv) implementation of EBA Guidelines in the national legal framework and/or in supervisory practices; and (v) monitoring of developments in terms of financial stability, identifying, monitoring and assessing systemic risks and those related to systemically-important credit institutions, specific analyses (monitoring the lending terms and conditions, overseeing the way in which the financial system contributes to the sustainable resumption of lending to the real economy, etc.). See CP 8 on supervisory approach. Independence. NBR statute mentions that (i) NBR is independent Article 1 and (ii) NBR or members of its decision-making bodies “shall not seek or take instructions from public authorities or from any other institution or authority” Article 3. The Statute further indicates that Board members cannot be deputies, senators, or politically affiliated and may not belong to the judicial authority or to the public administration Article 34 of the statute. The Minister of Public Finance (and its State secretary) may participate to NBR board, without voting right, Article 33 of NBR statute). The assessors were informed by the Ministry that it never participated to NBR Board meetings. However, if Article 33 was implemented, it could significantly hamper supervisory independence. In practice, NBR has been able to independently express its opinion when it deemed it justified23. The review of supervisory practices did not identify any case where the independence of the supervisor may have been compromised. Accountability. The banking law Article 224 requires that NBR discloses on a regular basis (i) the texts of laws, regulations, instructions and general guidance adopted in the field of prudential regulation; (ii) the manner of exercise of the options and discretions available in the EU regulations; (iii) general criteria and methodologies used in the review and evaluation of the governance arrangements, strategies, processes and mechanisms implemented by the credit institutions and in the assessment of the risks to which credit institutions are or might be exposed; and (iv) aggregate statistical data on key aspects of the implementation of the prudential framework, including the number and nature of supervisory measures taken and of administrative penalties imposed. NBR statute Article 35 requires that it annually submit to Parliament a report covering its activities during the previous year. The 2016 NBR report contains information on the governance of NBR (including activities performed by its supervisory committee), licensing and regulation (including changes in the prudential and accounting frameworks), implementation of supervision (including distribution of the industry by SREP ratings, implementation of on-site examination program, statistics on corrective measures and sanctions) and key activity and risk indicators for the banking system. Banking supervision is subject to the internal audit of NBR (see CP 8 and 9). At the EU level, several reporting and review requirements for national supervisors also significantly contribute to the accountability framework (e.g., EBA peer reviews on the implementation of guidance and the functioning of supervisory colleges, publication of comparable data across countries etc.).
EC2	The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed.
Description and findings re EC2	The head of the supervisory authority is the Governor of NBR. The first deputy Governor also plays a prominent role in banking supervision (see CP 8). Both are appointed by Parliament, based on recommendations from relevant standing committees (see EC 1); the processes and criteria followed by these standing committees are not known. The fit and proper criteria the standing committees of Parliament responsible for the appointment of Board members expect applicants to meet are unknown. The Governor was regularly reappointed since 1990 and the first deputy Governor since 2004. All Board members have a five-year term limit. The NBR statute indicates Article 33 that: “a member of the Board may be recalled from office by the Parliament, at the joint proposal submitted by the competent standing committees of the two Chambers of Parliament, if s/he no longer fulfills the conditions required for the performance of her/his duties or if s/he has been found guilty of serious misconduct” and specifies that “no member of the NBR’s Board can be replaced for other reasons or following” another procedure. Moreover, “appointment, retirement and recalling from office of any member of the NBR’s Board” must be published in the official gazette and can be appealed to the High Court of Cassation and Justice within 15 days following such publication. There is no explicit provision that the reason(s) for removal is publicly disclosed. There have not been cases where NBR Board members were removed from office (see EC 1 on the resignation of a deputy Governor in 2016).
EC3	The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.24
Description and findings re EC3	Besides the general objectives and tasks stipulated by the NBR Statute, the NBR makes publicly available in its annual report, its specific objectives in the field of prudential supervision as well as the main actions taken in the past year (see CE 2 on accountability).
EC4	The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest.
Description and findings re EC4	NBR adopted a regulation defining the responsibilities of the supervisory committee. Detailed responsibilities of senior management are also defined (including the responsibilities of the first deputy Governor and director of supervisor who approve and sign most supervisory measures -unless they fall within the responsibilities of the supervisory committee and the Board- and escalation processes within the departments). The decision to approve types of measure or sanction is the sole responsibility of the first deputy governor; there is no internal guidance available to assist the first deputy governor in determining adequate decisions. For example, after on-site supervisory activities, the inspection team will propose its corrective measures or sanctions for banks through written order to first deputy governor.25 The first deputy governor then approves the orders are they are sent to banks. At times, the inspection team, at its sole discretion, may seek guidance from legal department and discuss within the supervision department prior to submitting the order for approval (see CP 11 EC 4). Communication among key stakeholders are frequent and effective. Article 34 of the NBR statute defines the regime on “incompatibilities and conflicts of interests” (see CE 5). Specific rules are also applied at the EU level (e.g., EBA conflict of interest policy covering inter alia the director and deputy director of banking supervision which declarations of interests are publicly available).
EC5	The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed.
Description and findings re EC5	Banks and other public stakeholders consistently confirmed the solid credibility of NBR supervisory staff and their professionalism. NBR statute requires that both Board members and staff preserve the confidentiality of information obtained through their work, including after they leave NBR Article 52. The statute also identifies specific cases were such confidentiality requirements are lifted (e.g., during judicial proceedings, when implementing international and cooperation agreements, and in some instances related to the liquidation of a bank). The NBR statute does not mention specific sanctions for failure to comply with such provisions; the code of ethics for supervisory staff (see below) mentions that: “any disclosure of confidential or classified information constitutes misconduct /offence and is sanctioned under applicable law”. Such cases would be reviewed by NBR, including within its overall human resource management framework (i.e., disciplinary actions) and/or reviewed and decided upon by the judiciary. No breach of confidentiality requirements was reported to the assessors by NBR. NBR statute also indicate that: “the employees exercising supervisory tasks are not allowed to take part either in expertise commissions or in any other control actions beyond the tasks and competences granted to them by law” (Article 25). Codes of ethics exist at the level of the Board, NBR and for supervisory staff. The code of ethics for staff with supervisory responsibilities was issued in 2005 and regularly updated (the latest version from October 2015 takes into account general principles implemented at the level of The European System of Central Banks (ESCB) and ECB). This detailed code defines the principles of integrity, independence, objectivity, confidentiality, professional competence which staff need to follow, general principles and prohibitions regarding conflicts of interests (e.g., no supervision of entities where the staff or its close relatives have a financial interest, no direct holdings of bonds or shares in a supervised entity, no gifts – with limited exceptions-, no external activities unless approved by management) and sets rules of conduct applicable to all staff). Board members and staff must submit declarations of interest which facilitates verification of compliance with the provisions of these different codes of ethics. There is no post-employment policy or cooling off period for Board, staff and management. A supervisory staff could thus leave NBR to immediately work for a bank it used to supervise, which could affect the integrity of the supervisory process. NBR indicated to the assessors that no such case occurred in a recent past.
EC6	The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges).
Description and findings re EC6	Supervision is financed out of NBR overall budget approved by its Board, and does not involve any transfer from the Ministry of finance or revenues collected from the industry. NBR profitability and reserves are large enough to ensure adequate funding of supervisory activities (NBR reported profits of 783 million RON (196 million USD) in 2015 and 125 million RON (31 million) in 2016; capital and reserves totaled 17.8 billion RON −4.5 billion USD- in 2016). The overall cost of supervision is not identified as such in a comprehensive manner, but is appropriately financed. NBR staff working on supervisory issues includes 131 staff in the supervision department (55 percent with off-site and 45 percent with on-site) and 42 staff in the regulation and licensing department at the end of 2016. Senior staff is very experienced (e.g., the director, deputy director and heads of division in the supervision department have all been working in this department for at least 14 years). Staffing levels are primarily assessed based on (i) the needs expressed by each division, reviewed by management and eventually approved by the Board of NBR and (ii) experiences in implementing the work program and new tasks. The current level is considered adequate by NBR to conduct its main responsibilities considering the number and complexity of institutions supervised. Staffing level has been roughly stable in recent years. Some positions are not yet filled, because they were recently approved (e.g., four new positions in the AML /CFT division), because no suitable candidate could be identified or positions only recently became vacant. As several staff retired in 2017, the number of vacant positions recently increased (17 in 2017, 8 in 2016, 8 in 2015, 13 in 2014, and 5 in 2013). NBR implements a rigorous process to hire supervisors. Job offers are publicly advertised and can attract up to a hundred applicant for a position. The hiring process involves a written examination tailored to the specific position, an interview and a psychometric examination. This process is led by the hiring department with the involvement of human resources. Most people are hired after five to six years of professional experience, following this process. Most staff working on banking supervision were hired for this purpose as it is uncommon for NBR staff with different expertise to later move to banking supervision (some internal mobility can take place between the regulation, supervision, resolution and financial stability departments). NBR is viewed as an attractive employer, as indicated for instance by the high level of applications when positions are advertised (although it can face challenges in finding candidates with rare and specific skills, e.g., quantitative or IT banking expertise). NBR compensation system was designed with the support of external consultants and aligned with best practices. A formal review conducted in 2014 concluded that NBR median salary was above the industry average. Salaries are considered higher up to the level of head of division (comparison at that level and above are difficult as positions are not directly comparable). The turnover is low, mostly linked to retirements (confirming inter alia that salary scales allow to retain qualified staff) and does not affect the ability of NBR to perform its tasks. Staff turnover reached a peak of 6.9 percent for the first nine months of 2017, primarily because of retirements (4.7 percent in 2016, 1.9 percent in 2015, 4 percent in 2014, and 0.4 percent in 2013). Resignations are exceptional and generally linked to staff moving to international institutions (e.g., ECB). NBR indicated that no staff working on supervisory issues left NBR to work in a commercial bank in recent years. Training, travel and IT budgets are appropriate to allow NBR to perform its supervisory work, including actively engaging in international cooperation (e.g., colleges of supervisors and EBA working groups). Overall budgets in these areas are approved annually by the Board; within overall envelopes approved by the Board for NBR adjustments can be made during the year where additional needs surface. NBR has the power and overall budget necessary to commission external experts (Article 203 of the banking law allows NBR to use such experts and, for financial auditors, Article 52 of the NBR statute specifically mentions this should comply with confidentiality requirements). However, NBR had not used external experts to perform supervisory activities in recent years (in some cases, it asked banks to hire external experts e.g., to conduct independent reviews of collateral valuation see CP 18).
EC7	As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified.
Description and findings re EC7	The identification of skills required is conducted on an annual basis in the process of staff performance assessment which is performed by each head of division in the first quarter. General training needs, for all relevant staff, re also identified such as: liquidity requirements, SREP, IFRS 9, Recovery Plans etc. Moreover, the participation to the colleges of supervisors, committees, working groups and tasks force set up at the EBA level and joint on-site visits performed in the context of Review panel assessment also contribute to building skills.
EC8	In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available.
Description and findings re EC8	All banks are subject to annual full-scope on-site examinations and close on-going off-site supervision (see CP 8 and 9). As part of the supervisory review and examination program (SREP), conducted on an annual basis, the risk profile and systemic importance of individual banks and banking groups are assessed. These findings guide the allocation of supervisory resources.
EC9	Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith.
Description and findings re EC9	The NBR statute Article 25 mentions that: “the members of the NBR’s Board and the NBR’s employees charged with prudential supervision tasks shall not be subject to any civil or penal sanctions, as the case may be, if the Court finds that these persons fulfilled or failed to fulfill, in good faith and with due care, any action or fact related to the discharge, by law, of prudential supervision tasks. “The costs associated with the judicial proceedings instituted against [these] persons […] shall be borne by the NBR.” These provisions were effectively applied in cases when NBR and its staff were sued by banks, their shareholders, directors or senior management. There is however no legal provision protecting the NBR against lawsuits for actions taken and/or omissions made while discharging their duties in good faith.
Assessment of Principle 2	Materially Noncompliant
Comments	NBR, as a supervisory authority, possesses stable governance arrangements (including a Governor and first deputy Governor which were respectively appointed for the first time in 1990 and 2004) and effective operational independence, facilitated by adequate funding provided out of incomes it generates. It could publicly voice its concerns regarding parliamentary of government initiatives which may affect banking safety and soundness when it considered it necessary, and to consistently supervise all banks, irrespective of their ownership structure, including taking corrective actions when necessary. However, to strengthen arrangements to protect the independence of NBR, the Parliamentary subcommittees responsible for the appointment of NBR board members shall publish rigorous fit and proper criteria and the central bank statute shall be revised so that the Minister of Public Finance (and its State secretary) may not participate to NBR board meetings. It should also be required that the reason(s) for removal of a board member are disclosed. The NBR as an institution should, in addition to its board members and staff, also be protected against lawsuits for actions taken and/or omissions made while discharging its duties in good faith. With respect to internal governance of NBR, the decision to approve sanctions or orders is the sole responsibility of the first deputy governor; there is no internal guidance available to assist the first deputy governor in determining adequate decisions. NBR dedicates generous resources to supervision, in terms of staff, equipment and other variable costs. There is also appropriate flexibility in the allocation of these resources to allow NBR to respond to emerging priorities. The number of vacant positions increased significantly in 2017, largely due to retirements. Although this did not hamper effective supervision, NBR should fill these positions as soon as possible and, going forward, ensure recruitment processes can be completed ahead of planned retirements. NBR adopted detailed arrangements to prevent and manage conflicts of interests at all levels. These should be complemented by a post-employment or cooling-off policy to ensure effective rules govern situations where a staff or Board member intends to take a position in a bank supervised by NBR; effective monitoring and possible sanctions should be associated to this regime. While the assessors were informed that no NBR staff or Board member took a senior position in a bank supervised by NBR in recent years, such situations could happen and should be addressed.
Principle 3	Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.26
Essential criteria
EC1	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC1	The banking law Article 218–1 and the statutes of the central bank Article 3 authorize NBR to exchange information with other domestic authorities responsible for the safety and soundness of the financial system, other financial institutions and financial stability (including deposit insurance, reorganization, resolution and liquidation). Cooperation is also explicitly contemplated with external auditors (see CP 29 for aspects related to cooperation related to anti-money laundering and combating terrorism, AML /CFT). Moreover, internal arrangements facilitate close cooperation within NBR between the supervisory function and other relevant functions (financial stability, resolution, etc.). On microprudential supervision The banking law requires NBR and the Financial supervision authority (ASF), which is the integrated authority responsible for the insurance, securities and pension sectors since 2013, to enter written cooperation arrangements Article 189 of the banking law). An MOU was last updated in 2007. Three banks are listed, including the largest domestic bank (13.2 percent of assets at end 2016). NBR mentioned that nonbanking activities (including some under NBR supervision such as leasing) remain relatively limited in size (<10 percent of consolidated assets), even if several banks have small insurance and securities subsidiaries. No bank is controlled by an insurance or securities firm. The banking law requires that “for the exercise of their supervisory tasks on an individual and/or on a consolidated basis [… NBR and the ASF] shall provide on request all relevant information and on their own initiative all essential information” (Article 190). The banking law further requires, where applicable, consultations prior to taking a “decision of importance” affecting a bank or a financial investment company Article 191–1) and sharing of any information “likely to simplify their task and to allow supervision of the activity and overall financial situation of the undertakings they supervise” where a bank (or a related holding company) controls one or more subsidiaries that are insurance companies or other undertakings provided investment services Article 202–1). A working procedure was issued in 2012 for the exchange of information among the Romanian financial supervisory authorities (NBR and ASF) with respect to the supervised entities within financial groups. It focuses on information relevant to financial soundness (including changes in the structure of the financial group, developments that may significantly affect other entities of the group in terms of capitalization, liquidity, profitability, asset quality etc., sanctions and exceptional measures taken by authorities, conclusions of controls). In addition to exchanges on macroprudential issues which take place in the context of the National Macrofinancial Overnight Committee on systemic risk and financial stability issues, exchanges between NBR and the ASF are primarily written and related to the authorization and modification of the situation of institutions supervised by the two authorities (and related persons who require approval by NBR or the ASF). On-site examinations processes are not coordinated, not have joint or coordinated inspections ever taken place. Technical meetings between NBR and ASF staff tasked with supervisory responsibilities are exceptional. However, there are no regular meetings between the NBR and ASF (i) to discuss the situation and risk profiles of individual institutions active in banking and another sector supervised by the ASF of issues of common interests (e.g., on governance -where a code for listed companies exist-, disclosure requirements or financial reporting) and (ii) coordinate (or agree on joint) supervisory actions, including on-site examination. Considering some banks are listed, many have financial groups and areas of common interest (including governance, financial reporting, disclosure etc.) exist, such regular meetings would be beneficial (both for NBR and the ASF) (See CP8). On financial stability An MOU was signed between NBR, the Ministry of Finance, and authorities later integrated into the ASF (Securities Commission, Insurance Supervisory Commission and Private Pension Scheme Supervisory Commission) in July 2007 creating the National Committee for Financial Stability to ensure the exchange of information between the authorities, and prevent, appraise and manage possible difficulties having a systemic impact. The Law 12/2017 (17 March 2017) on the macroprudential oversight of the national financial system created the National Committee for Macroprudential Oversight (NCMO) replacing the National Committee for Financial Stability. The NCMO is comprised of NBR (three board members), the ASF (three Board members) and the Government /Ministry of Finance (three Board members). It is an inter-institutional structure, without legal personality, responsible for coordinating the macroprudential oversight at national level by setting the macroprudential policy and the appropriate instruments for its implementation. It is mainly responsible Article 3 of Law 12/2017) for (i) identifying, collecting and analyzing information related to its objective; (ii) identifying, monitoring and assessing systemic risk and) identifying systemically important financial institutions and financial system structures; (iii) preparing a strategy on macroprudential policy; (iv) issuing recommendations and warnings in order to prevent or mitigate systemic risks (and monitor implementation); (v) setting and monitoring the intermediate objectives and instruments of macroprudential policy; (vi) issuing recommendations; and (vii) also be responsible for the coordination of financial crisis management. The NCMO is both (i) entitled to request all relevant data and information necessary for achieving its fundamental objective from NBR, ASF, other authorities and institutions, (if the appropriate arrangements are in place to ensure confidentiality) and (ii) required to provide the MOPF, NBR and the ASF with the relevant information necessary to fulfil their tasks. The NCMO issued five recommendations in 2017 (as of November), including setting up working groups on households’ indebtedness and firms’ financial soundness with NBR and the Ministry of Public Finance /National Agency for Fiscal Administration leading such working groups. It is unclear whether any initiative led by a member of the NCMO, as well as other relevant initiatives (i.e., from Parliament), which could have an impact on bank safety and soundness needs to be reviewed in the context of the NCMO (e.g., it was unclear whether the NCMO discussed the proposed reduction in the tax deductibility of provisions on nonperforming loans as they are sold to a third party). It would be advisable that where a public initiative that can affect bank soundness is led by a member of the NCMO, the opinion of the NBR be systematically sought. The Bank Resolution Law No. 312/2015 also has relevant provisions (Article 4, Article 6, Articles 469–472) regarding exchange of information, cooperation and coordination of authorities, for similar purposes. An MOU was also signed between the NBR and the Bank Deposit Guarantee Fund in April 2012 (and amended in 2016 and 2017).
EC2	Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary.
Description and findings re EC2	The banking law Articles 215 and NBR statutes Article 3 authorize NBR to cooperate with relevant foreign supervisors, including EU and third country supervisors, the European Systemic Risk Board and the European Banking Authority (EBA). Article 222 also allows the NBR to share information “for the purposes of achieving their tasks “with central banks of the European System of Central Banks, institutional protection schemes, other public authorities responsible for overseeing payment systems, European Systemic Risk Board, the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA). The European Central Bank (ECB) /Single Supervision Mechanism (SSM), has been the home supervisor of banking groups which subsidiaries and branches have a combined market share of 72 percent of banking assets in Romania (end 2016) since 2014. NBR actively cooperates with the ECB /SSM, even if an MOU is still to be signed (a draft written coordination agreement on supervisory colleges was submitted by the ECB /SSM for comments in 2017). While this process is ongoing, it was agreed that the provisions of MOUs signed before 2014 with the previous home supervisors would be implemented (NBR signed such MOUs with supervisors including Austria, Cyprus, France, Germany, Greece, Hungary, Italy, Spain, Portugal, and the Netherlands). The provisions of multilateral cooperation and coordination agreements governing supervisory colleges of supervisors (based on the 2009 EBA template for a multilateral cooperation and coordination agreement on the supervision of group) also continue to be implemented until a new framework recognizing the responsibilities of the ECB /SSM is established. NBR is a member of 15 supervisory colleges covering the main EU banking groups active in Romania (see CP 13 on the role of such colleges in the supervisory process). EU regulation 1093 /2010 establishing the European banking authority (EBA) defines areas where information can or shall be shared between EU domestic supervisors (including Romania) and the EBA, mechanisms to implement this as well as the applicable confidentiality regime. NBR concluded cooperation agreements with competent authorities of third countries (Republic of Moldova -where Romanian banks have subsidiaries-, Turkey, Lebanon). According to NBR, the lack of MOU with Israel has not impeded collaboration where needed (in particular at the time of authorizing key persons). The subsidiary of an Israel bank (with a market share of 0.3 percent of assets at the end of 2016) is the only one from a country not belonging to the EU.
EC3	The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party.
Description and findings re EC3	Articles 215, 217, and 218 of the banking law allow NBR to provide confidential information to domestic, EU and third country authorities as long as they are subject to “professional secrecy” requirements similar to those applicable to NBR (as defined in Article 214 of the banking law). In practice, cooperation almost exclusively takes place with domestic and EU counterparts. Confidentiality requirements in other EU member states are considered equivalent to the Romanian regime as the CRD IV imposes that each country introduce such requirements in its domestic legal order (Article 53 of CRD IV). MOU signed with EU competent authorities can also include specific requirements on confidentiality (e.g., the MOU with the Bank of Italy mentions that: “compliance with the obligation of professional secrecy by all employees who receive confidential information from the other Authority in the course of their activities is a necessary condition for a successful co-operation between the Authorities. The Authorities agree that any confidential information shared through these arrangements will be used only for lawful supervisory purposes. To the extent permitted by law, the Authorities will maintain the confidentiality of all information received through these arrangements and will not disclose any such information unless it is necessary for carrying out their supervisory responsibilities and after having obtained the prior consent of the other authority.”) For third-country supervisory authorities, as none of the authorities NBR cooperate with has been considered by the EBA as having an equivalent confidentiality regimes for participation in supervisory colleges, NBR performed its own assessment of equivalence of regime for cooperation and was satisfied its requirements were met (such cooperation takes place outside the framework of supervisory colleges). NBR did not report any case where the lack of adequate “professional secrecy” requirements prevented it from exchanging information with relevant authorities. The banking law also requires that information provided by NBR is used for supervisory purposes only in the case of third country authorities, Article 217 and bodies involved in the liquidation and bankruptcy of banks, contractual or institutional protection schemes (as defined in Article 113–7 of the CRR) and bodies overseeing financial auditors Article 219.
EC4	The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and can deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. If the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information.
Description and findings re EC4	The banking law Article 216 requires NBR to use confidential information received from other supervisors for bank-specific or system-wide supervisory purposes only. Article 216: “The National Bank of Romania may use the information received under Article 214 and Article 215 only in the performance of its supervisory tasks and only for the following purposes: (a) to check that the conditions governing the taking-up of the business of credit institutions are met and to facilitate monitoring, on an individual and/or consolidated basis, of the conduct of such business, especially with regard to the monitoring of liquidity, solvency, large exposures, and administrative and accounting procedures and internal control mechanisms; (b) to impose penalties; (c) in the appeal against a decision of the National Bank of Romania; and (d) in court proceedings initiated pursuant to Article 275 paragraph 2 or to the provisions laid down in other law applicable to credit institutions.” The supervisor does not disclose confidential information received to third parties without the permission of the EU supervisor providing the information. If the supervisor is legally compelled to disclose confidential information it has received from another EU supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Article 219–2: “where the information received by the National Bank of Romania originates in another Member State, it shall not be disclosed […] without the express agreement of the competent authorities which have disclosed it, and where appropriate, solely for the purposes for which those authorities gave their agreement.” There is no such explicit provision in the banking law or applicable regulations in the case of information received from authorities located outside the EU (i.e., no disclosure without the permission of the originating supervisor and, when disclosure is legally required, prompt information of the originating supervisor). NBR indicates that these aspects were covered in MOUs, as applicable.
EC5	Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions.
Description and findings re EC5	Per Law 312/2015 on bank recovery and resolution, NBR is the resolution authority for banks. The resolution function at NBR is operationally independent, structurally separated from and subject to separate reporting/subordination lines from the banks’ supervisory function, as well as from the other central bank functions. The resolution and supervisory structures collaborate following the NBR internal procedure regarding the information, the frequency and way the information are transmitted between the Bank Resolution Department (resolution structure) and the Supervision Department (supervisory structure) in the context of recovery and resolution. Recovery According to the provisions of Law 312/2015 on bank recovery and resolution: Each bank (which is not part of a group subject to consolidated supervision) shall draw up and maintain a recovery plan providing for measures to be taken by the entity to restore its financial position following a significant deterioration of its financial situation (in cases of subsidiaries and significant branches of EU banking groups, NBR shall review the plan submitted by the consolidating supervisor); The supervisory structure provides the recovery plan to the resolution structure; The resolution function examines the recovery plan with a view to identifying any actions in the recovery plan which may adversely impact the resolvability of the credit institution and make recommendations to the supervisory structure about those matters; The supervisory structure shall transmit the group recovery plan to the resolution structure. Based on this legal framework, all banks prepared and sent to NBR (or through consolidating supervisors) their recovery plans at individual or at the group level. The recovery plans received were assessed by the staff from the off-site supervision (and during the on-site inspections). Recovery plans received by the competent authority from credit institution or from the consolidating supervisor (in case of banking groups for which National Bank of Romania acting as a host authority) are sent by Supervision Department to the Resolution Department to be assessed. The result of the assessment performed by the resolution authority is communicated to the Supervision Department. Resolution According to Law 312/2015 on bank recovery and resolution: NBR, as a resolution authority, shall draw up a resolution plan for each bank, Romanian legal entity (as an individual /group-level resolution authority for the banks under its remit or as a resolution authority at an individual level of a subsidiary, shall draw up, together with the group level resolution authority and the other resolution authorities of subsidiaries involved, group resolution plans); The resolution structure shall draw up the resolution plan after consulting the supervisory structure; The supervisory structure shall promptly communicate to the resolution structure any change that necessitates such a revision or update of the plans; The supervisory structure shall transmit available information relevant to the preparation of a resolution plan to the resolution structure. According to the Article 180(1) of the Law No. 312/2015 (transposing Article 32(1) of the BRRD), the NBR, as a resolution authority, shall take a resolution action in relation to a credit institution only if it considers that all of the following conditions are met: The NBR, as a competent authority, shall determine that the credit institution is failing or is likely to fail. For this purpose, the supervisory structure shall consult the resolution structure; Having regard to timing and other relevant circumstances, there is no reasonable prospect according to which failure could be prevented within a reasonable timeframe, by any alternative private sector measures, including measures by an institutional protection scheme, or supervisory action, including early intervention measures or the write-down or conversion of relevant capital instruments in accordance with Article 359 taken in respect of the credit institution concerned; A resolution action is necessary in the public interest pursuant to Article 182. For 2016, NBR, as a resolution authority, participated in drafting, or where applicable, drafted resolution plans for: Fourteen credit institutions that are subsidiaries of cross–border groups, subject to consolidated supervision, within the resolution colleges established by the SRB/other group level resolution authorities (63 percent of the banking assets at end 2016). Eight credit institutions that do not belong to cross–border groups, under the NBR’s remit (23 percent of banking assets at end 2016) More broadly, the supervisory structure shall notify the resolution structure without delay upon determining that a bank infringes or is likely in the near future to infringe key prudential requirements Article 150 of the recovery and resolution law. Moreover, the supervisory structure shall consult the resolution structure ahead of NBR determining that a bank is “is failing or likely to fail”, which shall trigger resolution (if all conditions referred to in Article 180–1 are fulfilled).
Assessment of Principle 3	Largely Compliant
Comments	Arrangements are in place to facilitate and ensure cooperation with relevant domestic and foreign authorities. There is intense cooperation among EU authorities to jointly supervise EU banking groups, which entities have a combined market share of 76 percent of banking assets in Romania (see CP 13). Cooperation among domestic authorities is organized, including with the ASF which regulates insurance and capital market activities and, for macroprudential matters, within the National committee for macroprudential oversight set up in 2017. However, there are no regular meetings between the NBR and ASF (i) to discuss the situation and risk profiles of individual institutions active in banking and another sector supervised by the ASF of issues of common interests (e.g., on governance -where a code for listed companies exist-, disclosure requirements or financial reporting) and (ii) coordinate (or agree on joint) supervisory actions, including on-site examination. Considering some banks are listed, many have financial groups and areas of common interest (including governance, financial reporting, disclosure etc.) exist, such regular meetings would be beneficial (both for NBR and the ASF). Following the adoption of law 312/2015 on bank recovery and resolution, detailed processes are implemented to ensure effective coordination between NBR supervisory and resolution functions to undertake recovery and resolution planning and actions. These arrangements have been effectively implemented in 2016 and 2017 as recovery and resolution plans were prepared. Explicit provisions could be added in the banking law regarding the treatment of information received from authorities located outside the EU (i.e., no disclosure without the permission of the originating supervisor and, when disclosure is legally required, prompt information of the originating supervisor). This would ensure strengthen existing practices where such issues are covered in MOUs.
Principle 4	Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.
Essential criteria
EC1	The term “bank” is clearly defined in laws or regulations.
Description and findings re EC1	Article 7–1 of the banking law defines banking activity as the taking of deposits or other repayable funds from the public and granting of credits for its own account.
EC2	The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.
Description and findings re EC2	Article 18–1 defines the activities which “credit institutions” can perform: Acceptance of deposits and other repayable funds; Lending including, inter alia: consumer credit, mortgage credit, factoring with or without recourse, financing of commercial transactions, including forfeiting; Financial leasing; Payment services; Issuing and administering other means of payment such as travelers’ checks and bankers’ drafts; Issuing guarantees and commitments; Trading for own account or for account of customers in money market instruments (incl. checks, bills, promissory notes, certificates of deposit), foreign currency, financial futures and options, instruments on foreign exchange and interest rate, transferable securities and other financial instruments; Participation in securities issues and other financial instruments by underwriting and selling them or by selling them and providing ancillary services; Advice on capital structure, business strategy and other related issues, advice and other services relating to mergers and purchase of undertakings as well as other advice services; Portfolio management and advice; Safekeeping and administration of financial instruments; Intermediation on the inter-bank market; Credit reference services related to provision of data; Safe custody services; Issuing of electronic money; Operations with precious metals, gems and objects thereof; Acquiring of participations in the capital of other entities; Any other activities or services in the financial field, abiding by the special laws regulating those activities, where appropriate.
EC3	The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.
Description and findings re EC3	Article 6 of the banking law prohibits “any person, other than an authorized credit institution […] from using the name “bank” or “credit co-operative organization”, “credit co-operative”, “central body of credit co-operatives”, “cooperative bank”, “cooperative central bank”, “mortgage bank/mortgage loan bank”, “savings bank for housing”, or derivatives or translations of these names, in connection with an activity, a product or a service.” It allows the following exceptions: “where this use is imposed or acknowledged by law or by an international agreement, or when, from the context in which the respective name is used, it follows undoubtedly the fact that no banking activity is being pursued.”
EC4	The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks.27
Description and findings re EC4	Article 5 of the banking law prohibits “any natural person, legal person or entity without legal personality which is not an authorized credit institution […] from carrying on the business of taking deposits or other repayable funds from the public, or the business of raising and/or managing amounts from the contributions of the members of an association with a view to saving and lending in a collective system to purchase goods and/or services by its members.” The following exceptions to the prohibition for unlicensed persons to take deposits are allowed: (i) EU member state or EU member state’s regional or local authorities; (ii) public international bodies of which one or more EU member States are members; and (iii) in cases expressly provided by the Romanian legislation or EU law provided that those activities are subject to regulations and controls relating to such cases, intended to protect depositors and investors.” NBR indicated that no institution fell in this category (iii) in Romania. The law on nonbank financial institutions (NBFI) also explicitly prohibits these from taking deposits. Small credit unions and a post office exist in Romania but are not allowed to take deposits (i.e., credit unions can only offer services to their members, contributions members make are used to fund loans to members, people lose their quality of member if they withdraw their contributions). According to NBR, there has not been any recent case of illegal provision of banking activities.
EC5	The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public.
Description and findings re EC5	Article 417 of the banking laws requires that “the credit institutions which perform their activity in Romania […], including the branches of the credit institutions from other Member States and from third countries, shall be registered by the National Bank of Romania in the register of credit institutions which shall be available to all those interested.” NBR publishes on its website an updated list of all credit institutions incorporated in Romania (by category), authorized branches as well as other EU banks authorized to provide financial services in Romania.
Assessment of Principle 4	Compliant
Comments	Only licensed credit institutions are allowed to provide banking services.
Principle 5	Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)28 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained.
Essential criteria
EC1	The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.
Description and findings re EC1	NBR has exclusive competence for granting and withdrawing the license of the following institutions: Banks incorporated in Romania. As of October 2017, 25 banks had a full license and two were housing banks; Branches of banks of countries located outside the European union Article 67–1 of the banking law). As of October 2017, no branch from a third country was licensed (and no such request was ongoing); Credit cooperatives. As of October 2017, there was one credit cooperative central body licensed (as a bank) and 41 individual credit cooperatives. Aggregated assets of the credit cooperative central body and 41 individual credit cooperatives represent 0.3 percent of banking assets. As part of the EU passporting regime, banking services, including deposit taking, may also be offered in Romania by banks licensed and supervised in another EU country, without the prior approval of NBR. Such services are either be offered through a branch established in Romania or directly by the head office located in another EU country. In both cases, NBR must receive a notification by the home supervisor: In the case of the establishment of a branch (Article 48 of the banking law), NBR has up to two months to communicate to the EU bank the list of nonprudential requirements applicable to the branch, including in the area of AML /CFT (i.e., “legal acts issued in the interest of general good, stipulating the particular conditions under which certain activities may be carried on”). NBR cannot impose specific prudential requirements to the branch, nor conduct supervision on aspects other than nonprudential areas; An EU bank can use the freedom to provide financial services across the EU as soon as NBR received the notification from its home supervisor (Article 49 of the banking law). NBR cannot impose specific prudential requirements or conduct supervision. This EU framework exists across the EU and is established on the premise that licensing, regulatory, supervisory and resolutions arrangements are harmonized and consistently applied across EU countries. As of October 2017, 10 branches of EU banks were registered by NBR (some of which were no more active as their head-office was resolved) and 308 institutions had notified NBR of their intention to provide financial services in Romania (without having a physical presence). Branches of EU banks represent 10 percent of assets in Romania, with the largest holding two thirds of these (see CP 13 on home-host arrangements in the EU and NBR participation to the college of supervisor of the bank with the largest branch). In the rest of this CP, references made to banks do not, unless otherwise indicated, include branches of EU banks or EU banks using the freedom to provide financial services in Romania.
EC2	Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the license was based on false information, the license can be revoked.
Description and findings re EC2	The banking law empowers NBR to set criteria for licensing banks Article 10–2; this regime is largely harmonized at the EU level (see CRD IV and EBA 2012 guidelines on the assessment of the suitability of members of the management body and key function holders). NBR issued in 2007 Regulation 11 on the authorization of credit institutions, Romanian legal entities, and branches in Romania of third-country credit institutions which defines its licensing requirements. The EBA published in July 2017 draft regulatory technical standards (RTS) on the information applicants and draft implementing technical standards (ITS) related to the templates to be used, which once issued by the EU Commission will replace relevant provisions of Regulation 11. NBR can reject an application if licensing criteria are not fulfilled or if the information provided is inadequate Article 38–1 of the banking law. It can also withdraw a license if a license was granted based on false information Article 39 of the banking law.
EC3	The criteria for issuing licenses are consistent with those applied in ongoing supervision.
Description and findings re EC3	The criteria for issuing licenses are defined by the banking law -as regularly updated- and regulation 11 -issued in 2007 and amended in 2009 and 2011-. They are consistent with key criteria applied for ongoing supervision. The last time a bank was licensed by NBR was in 2009 and no new license application was received recently. Should a new application be received, considering significant evolutions in supervisory expectations and practices since 2009, it would be important to closely involve staff from the supervision department in the review of the application to ensure it is in line with current supervisory practices.
EC4	The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.29 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future.
Description and findings re EC4	Laws and regulations require NBR to ensure the proposed legal, managerial, operational and ownership structures of the bank and its wider group will not hinder effective supervision: Article 15–2 of the banking Law: “Where close links exist between the credit institution, a Romanian legal entity, and other natural or legal persons, the National Bank of Romania shall grant authorization only if those links do not prevent the effective exercise of its supervisory functions. In this respect, it should also consider situations in which the laws, regulations or administrative measures of a third country governing one or more natural or legal persons with which the credit institution has close links, or difficulties involved in the application of those laws, regulations or administrative measures preventing the effective exercise of its supervisory functions.” Article 18(19) of Regulation 11: “(1) Assessing the suitability of the significant shareholder also considers whether the bank will be able to comply with the prudential requirements […] and, in particular, whether the group of which he is part of, has a structure that allows the exercise of effective supervision […] (3) The assessment of issues related to exercise effective supervision envisages that National Bank of Romania should not be impeded to fulfill its supervisory tasks by the bank’s close links with other natural or legal persons or by laws, regulations or administrative measures in another state governing the natural or legal person which is closely linked to the bank, or by difficulties in implementing these laws, regulations or administrative measures. Article 18(20) of Regulation 11: “Both the bank and the group shall have a clear and transparent governance and management framework and a suitable organization, including effective internal control and independent control functions (risk management, compliance and internal audit). NBR mentioned that it paid attention to transparency and the lack of impediment to effective supervision when it reviewed several license applications in the 1990s and early 2000s. Banks licensed in Romania have transparent ownership structures and NBR did not face any impediment to effective supervision.
EC5	The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed.
Description and findings re EC5	Identification of major shareholders including beneficial owners The banking law, transposing relevant provisions of the CRD IV, establishes information requirements which aim at allowing NBR to identify the bank’s major shareholders and others that may exert significant influence. Article 15–1 requires that: NBR is “informed on the identities of the shareholders or members, natural or legal persons, that are going to have, directly or indirectly, qualifying holdings in that credit institution, and on the amounts of those holdings”. The CRR defines a qualifying holding as “a direct or indirect holding in an undertaking which represents 10 percent or more of the capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking” “Where there are no qualifying holdings, the National Bank of Romania shall be informed on the identity of the 20 largest shareholders or members and on the amounts of their holdings.” The questionnaire in Annex 2 of Regulation 11 which any of the major shareholders (as defined by Article 15–1 of the banking law) need to fill includes a requirement to communicate the identity of all persons who are real beneficiaries of the legal entity and defines “real beneficiaries are individuals who finally own or control the stockholder, as well as persons on account of which the participation is acquired. It includes also persons exercising ultimately effective control over the stockholder, that is a legal person or a legal arrangement (such as a trust)”. This definition adequately places the emphasis on the natural person(s) who have ultimate ownership or control (and the banking law explicitly indicates that any license granted based on false information can be revoked by NBR). Suitability of major shareholders The banking law Article 15–1 indicates that NBR “shall only grant authorization if, taking into account the need to make sure the sound and prudent management of the credit institution, it is satisfied as to the suitability of those persons.” Regulation 11 provides additional details regarding the assessment of suitability. Transparency of the ownership structure Article. 1820 of Regulation 11 requires that: “both the bank and the group shall have a clear and transparent governance and management framework and a suitable organization” and Article 1819 defines a group as the group members, including parent undertakings and subsidiaries. More broadly, the transparency of the ownership structure would be reviewed by NBR as it assesses the suitability of the shareholders (including ultimate beneficial owners). Source of funds There are direct requirements regarding the sources of funds. Article 1824 requires that “the funds used for participation in the capital shall originate from legitimate sources and funding mechanism shall be transparent. In this regard, it will demonstrate at least that these funds are transferred through credit institutions or financial institutions subject to supervision by competent authorities of Member States or third countries considered to have equivalent systems to those in the European Union to fight against money laundering and terrorist financing.” Ability of shareholders to provide additional financial support Article. 1821 specifically addresses the ability of shareholders to provide additional financial support: NBR “will take into account whether the significant shareholder will be able to: (a) provide the bank with financial support which it may need for the proposed activity, (b) provide the bank with capital which it may need for the further development of the business, (c) implement any appropriate solution to adjust future needs of the bank’s own funds.”
EC6	A minimum initial capital amount is stipulated for all banks.
Description and findings re EC6	The banking law Articles 11, 70, and 345 and NBR Regulation 5/2013 Article 249 set a minimum capital amount for different categories of banks: 37 million RON (9.25 million USD) for a bank licensed in Romania or a branch of a third country (unless it is only authorize to perform activities of mortgage bank or building societies); 25 million RON (6.125 million USD) for a mortgage bank or a building society (or a branch of a third country bank authorized only to doncut such activities) licensed in Romania; Equivalent in RON of 10 million EUR (9 million USD) for the entire network of credit cooperatives including at least the eqiivaent in RON of 5 million EUR (4.2 million USD) for the central body of credit cooperatives and 300,000 RON (75.000 USD) for each individual credit cooperative. Branches of EU banks are exempt from such requirements (he parent needs to meet such requirements in its home jurisdiction).
EC7	The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank.30 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.
Description and findings re EC7	For banks incorporated in Romania, NBR needs to approve the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test) at authorization and on an ongoing basis. The banking law requires each of the members of the Board, members of senior management, “as well as the persons appointed to conduct the business regarding the management and control of risks, internal audit, judicial, conformity, treasury, lending activity, as well as any other activities which may expose the credit institution to significant risks” Article 108 shall be at any time of “good reputation, knowledge, skills and have sufficient experience to match the nature, size and complexity of the business of the credit institution and of the entrusted responsibilities and shall conduct the activity according to a sound and prudent banking practice”. The fit and proper criteria include: Skills and experience in relevant financial operations commensurate with the intended activities of the bank; No record of criminal activities or adverse regulatory judgments, in Romania and abroad, that make a person unfit to uphold important positions in a bank. Regulation 11 (Article 17) requires, in particular, NBR to review, at least over the last ten years: whether a person has been in conflict with a supervisory authority, sanctioned, denied approval or “have been in other situation which, given its relevant aspects, might have negative effects on the image of the bank”, if an institution where the person assumed Board or senior management responsibilities (or a significant shareholding) were sanctioned, denied or withdrawn an authorization or faced a material deterioration of its prudential situation, whether the person has been subject to criminal or administrative proceedings. Article 109 of the banking law gives broad power to NBR to appreciate whether these requirements are met (NBR has “the power to analyze to what extent the minimum requirements of this emergency ordinance and of the regulations issued for its application are observed, to assess all circumstances and information regarding the activity, reputation, moral integrity and background of each person mentioned under Article. 108 and to decide whether the respective person fulfils the requirements laid down both at the individual and joint level.”) The requirement for NBR to determine whether the bank’s board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks are covered in Article 108–4 of the banking law. The NBR also indicated these aspects were addressed during the reviews and interviews of individual Board members. The NBR last licensed a bank in 2009, but NBR implements a thorough review as it assesses the merits of new Board member or senior management as part of its ongoing supervision. (see CP 14 for the details regarding this process). For branches of third country, at least two persons shall be responsible for the management of the branch, shall be empowered to legally engage the credit institution in Romania, shall enjoy sufficiently good reputation and expertise to discharge the assigned duties and should be subject to a similar approval process as that described for locally incorporated banks Article 71 of the Banking Law. There was no branch of a third country (or ongoing application) at the time of the BCP assessment.
EC8	The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.31
Description and findings re EC8	The Banking Law Article 17 requires NBR: (i) to review the proposed strategic and operating plans of the bank (respectively referred to as the program of operations linked to intended objectives and the structural organization) and (ii) to ensure the operating structure is consistent with the type, size, and complexity of the envisaged activities. Article 17: “any authorization application of a credit institution shall be accompanied by a program of operations setting out at least the types of business envisaged and the structural organization of the credit institution. The program of operation should demonstrate the credit institution’s ability to achieve its intended objectives in a way consistent with the rules of a prudent and sound banking practice, by means of adjusting its management structure, procedures, internal mechanisms and capital structure to the type, size and complexity of the envisaged activities.” Regulation 11 Article 23 defines minimum information that the proposed plan of activity should cover. These includes: the formal framework for the administration of the bank activity, including the draft of the organization structure of the bank, the assignment of tasks for each department/responsibility center of the bank and the relations between them (information flows), the tasks of the branches and other secondary offices of the bank, the tasks of the specialized committees of the bank, the responsibilities of the administration and/or management bodies of the bank (Board of Directors, managers, the supervisory council and the directorate), of the persons charged with the management of bank departments, branches and other secondary offices and of other employees performing transactions in the name and account of the bank. Where appropriate, it will be presented also the position of the credit institution within the belonging group, in terms of management structures and lines; the outsourcing policies, the activities to be outsourced and the types of entities (inside or outside the group) to which the activities are outsourced in the first three years of activity The description of “know your customers” policies. Expectations and information requirements related to the detection and the prevention of criminal activities could usefully be described in more details.
EC9	The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank.
Description and findings re EC9	NBR reviews pro forma financial statements and projections of the proposed bank, including. Applicants have to provide a plan of activity Article 23 of Regulation 11 covers estimated financial statements for the first three years of activity, based on applicable IFRS requirements on a solo or consolidated basis, as applicable, and accompanied by a report from a financial auditor prepared according to international standards on auditing.
EC10	In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision.
Description and findings re EC10	EU banks Where an EU bank applies for a license to set-up a bank in Romania, the banking law Article 37 stipulates that NBR shall consult the competent EU home supervisor if the Romanian bank would be a subsidiary of the bank located in this other EU country (or of the parent of the latter) or would be controlled by the same persons. Where an EU bank intends to set-up a branch in Romania, the license is issued by the home supervisor and takes effect after NBR communicates the list of applicable nonprudential requirements to the branch (the notification initially issued by the home supervisor ensures it does not have objections). Banks from a third country Where a bank from a third country applies for a license to set-up a subsidiary in Romania, there is a clear, if indirect, requirement to assess whether the home supervisor practices consolidated supervision, indirect requirement to contact the home supervisor (see EC 7) and no requirements that it does not object to the proposed acquisition: The banking law indirectly requires NBR to assess whether consolidated supervision equivalent to that implemented in Romania is practiced in the third country, as it requires that it otherwise consider applying “other appropriate supervisory techniques in order to achieve the objectives of supervision on a consolidated basis of credit institutions” (Articles 206 and 207). Article 1813 of Regulation 11 indicates that : “the assessment of reputation requirements may be facilitated by cooperation with the competent supervisory authority from the third country whose regulations on reputation requirements are considered equivalent if: (a) the significant shareholder is a natural or legal person, already considered to have a good reputation as a significant shareholder of an entity regulated and supervised by a supervisory authority in a third country; (b) the significant shareholder is a natural person who provides the management and/or administration of an entity regulated and supervised by a supervisory authority in a third country; and (c) the significant shareholder is an entity regulated and supervised by a supervisory authority in a third country.” Where a bank from a third country applies for a license to set-up a branch, the banking law (Article 67–1) requires NBR to establish that the home supervisor “does not oppose the establishment of a branch in Romania”.
EC11	The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.
Description and findings re EC11	The annual on-site full scope inspection (and SREP process) allow close monitoring of newly licensed banks. Concerning nonprudential topics where NBR is competent, on-site examinations of branches of EU banks are conducted (see CP 8 and 9).
Assessment of Principle 5	Compliant
Comments	NBR has exclusive competence for granting and withdrawing the license of banks incorporated in Romania, branches of banks located outside the EU, and credit cooperatives. NBR has the power to set licensing criteria, within the framework of the CRD IV and the banking law, and has done so by issuing and updating two regulations (6 and 11). These regulations cover inter alia the assessment of the ownership structure and governance of the bank and its wider group as well as its strategic, operating and financial plans. The licensing process is led by NBR licensing and regulation department. NBR last licensed a bank incorporated in Romania in 2009 and no new application was received recently. No branch of a third country is licensed in Romania, nor have any application been received for this purpose. Should a new application be received, and considering significant evolutions in supervisory expectations and practices since 2009, it would be important to closely involve staff from the supervision department (and, where applicable, from the resolution department) in the review of such application. A few aspects could be clarified or covered in more details in the regulatory framework regarding: (i) in the case of shareholders with banking interests in a third country, requirement for NBR to contact the home supervisor and ensure it does not have objection and (ii) expectations and information requirements related to the detection and the prevention of criminal activities could usefully be described in more details. Banking services, including deposit taking, may also be offered in Romania by banks licensed and supervised in another EU country, without the prior approval of NBR. Such services are either offered through a branch established in Romania or directly by the head office located in another EU country. In both cases, NBR must receive a notification by the home supervisor. Prudential responsibilities stay with the home supervisor based on the expectation that it will perform “equivalent” supervision. Five branches of EU banks were established during the past five years. A notification regime applies in such cases. Branches established since 2012 include a branch of Veneto Banca, a small Italian bank, in 2014; Veneto Banca which was liquidated in 2017. Its Romanian branch assets were taken over by a newly authorized branch of Intesa San Paolo, a large Italian banking group; this branch started its activities two months after Veneto Banca was liquidated. There was no bank run (Romanian depositors were covered by the Italian deposit insurance scheme which did not have to intervene) or disruption of activities in the Romanian branch. Activities in Romania were small in the Veneto Banca group an unrelated to the problems it faced. The ownership structure of locally incorporated banks and branches of EU banks is transparent: there are 19 subsidiaries of EU banks, 8 branches of EU bank, 1 subsidiary of an Israeli bank, and 9 locally-owned banks (including a large listed private bank, two state-owned banks; only two of locally-owned banks have natural persons who hold qualifying holdings and subject to close oversight by NBR).
Principle 6	Transfer of significant ownership. The supervisor32 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties.
Essential criteria
EC1	Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”.
Description and findings re EC1	The banking law refers to the definition of qualifying holding included in the CRR (see CP 5 EC 5 for the detailed definition). A proposed acquisition is defined by the banking law Article 7 as: “the decision taken by a proposed acquirer to acquire, whether directly or indirectly, a qualifying holding in a credit institution, Romanian legal person, or to increase its qualifying holding so that the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 33 percent or 50 percent or so that the credit institution would become its subsidiary.” Regulation 11 Article 2 defines a significant shareholder as “a natural or legal person, or a group of natural and/or legal persons, acting in concert, who holds, whether directly or indirectly, qualifying holdings in a credit institution”
EC2	There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest.
Description and findings re EC2	The banking law sets detailed requirements for acquisitions (Article 25): Any proposed acquirer shall notify NBR in advance when it intends to acquire 20 percent, 33 percent, or 50 percent of the capital or of the voting rights of a bank (as well as when the bank would become its subsidiary). When the notification cannot be made in advance, “for objective reasons”, the notification is required from the date of acquisition; NBR shall acknowledge in writing, within two days, receipt of the notification and indicate the expiration date for the assessment period, which shall not exceed 60 working days after all required documents are received; NBR may require additional information no later than the 50th business day of the assessment period and the proposed acquirer shall provide this information within 20 working days; The assessment period may be extended by 30 days if the proposed acquirer is situated outside the EU or is not subject to prudential supervision; and If NBR does not oppose the proposed acquisition within the assessment period in writing, it shall be deemed to be approved. The banking law Article 26 indicates that NBR shall assess the suitability of the proposed acquirer and the financial soundness of the proposed acquisition against all the following criteria: the reputation of the proposed acquirer, respectively its integrity and professional competence, the reputation, knowledge, skills and experience of any person who will direct the business of the bank, as a result of the proposed acquisition; the financial soundness of the proposed acquirer, in particular in relation to the type of business pursued and envisaged in the credit institution in which the acquisition is proposed, whether the bank institution will be able to comply with prudential requirements, including whether the group of which it will become a part has a structure that makes it possible to exercise effective supervision, effectively exchange of information among the competent authorities and determine the allocation of responsibilities among these authorities, whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, there has been committed an offence or an attempt of offence on money laundering or terrorist financing or that the proposed acquisition could increase the risk thereof. For disposals, the banking law requires Article 27) any natural or legal person who has decided to dispose or reduce a qualifying holding so that the proportion of the voting rights or of the capital held would fall below 20 percent, 30 percent or 50 percent or so that the credit institution would cease to be his subsidiary, to notify in writing NBR (Regulation 6, Article 1513 indicates that the notification shall be made in advance, without further details). Regulation 6, Article 1515 requires licensed banks to inform NBR immediately about any acquisition or disposal of their shares which exceeds or is below the levels for which there is an obligation to notify based on Article 25 and 27 of the banking law (see above). The banking law contains detailed provisions change in ownership or the exercise of voting rights over a particular threshold or change in controlling interest. However, there is no definition of beneficial ownership.
EC3	The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership.
Description and findings re EC3	NBR has the power to reject any proposal for a change in significant ownership or controlling interest, where it is not satisfied with the suitability of the proposed acquirer and the financial soundness of the proposed acquisition after completing the assessment specified in the banking law (see EC 1). Where a person completes an acquisition during the assessment period or despite the opposition of NBR or when a person disposes of a qualifying holding without notifying NBR, NBR shall (i) issue an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct and (ii) suspend the voting rights of the (responsible) shareholders Articles 229–2 and 2291 of the banking law). If NBR determines that the change in significant ownership was based on false information, it has the power to suspend related voting rights based on the broad provisions of Article 230–1 of the banking law: “Where the persons having qualifying holdings in a credit institution, Romanian legal person, do not longer comply with the requirements provided by the law and by regulations issued for its application regarding the quality of a credit institution’s shareholding, or if they exercise an influence that jeopardizes the credit institution’s prudent administration, the National Bank of Romania shall take appropriate measures to cease that situation. For this purpose, regardless of any other measures or penalties against the credit institution or persons performing administration and/or management duties, the National Bank of Romania may decide on the suspension of exercising the voting rights attached to the shares held by those shareholders or members”. The banking law empowers NBR to require that a change in significant ownership, which occurred without notification, during the assessment period or against the opposition of NBR, is reversed within three months or nullified: Article 232: “(1) The persons who acquired a qualifying holding despite the opposition of [NBR] must sell, within three months of the date when the opposition was communicated, their shares representing qualifying holdings acquired in such a way. After the expiry of this time limit, unless the shares are sold, [NBR] shall require the credit institution, Romanian legal person, to cancel the shares involved, to issue and sell new shares bearing the same number, and the amount of money collected from the sale shall be made available to the initial acquirer, after the cost related to the sale was deducted; (2) The Board of administration of the credit institution, or the Directorate, as the case may be, is responsible for the implementation of measures necessary for the cancellation of shares in accordance with the provisions of paragraph (1), and for the sale of the newly issued shares; (3) If, for want of buyers, the sale did not take place or was only partially accomplished in terms of the newly issued shares, the credit institution shall proceed to the reduction of its share capital by subtracting the amount representing the difference between the registered share capital and the share capital held by shareholders with voting rights. (4) The provisions of paragraph 1–3 are also applicable in case of persons who failed to notify the National Bank of Romania of the acquisition of a qualifying holding, pursuant to Article 25 paragraph 1, and do not comply, in the time limit set by the National Bank of Romania, with the requirement to provide the necessary information and documentation for the assessment provided by Article 26 paragraph 1. In this situation the National Bank of Romania could oppose to the acquisition according to the provisions of Article 26 paragraph (2).”
EC4	The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership.
Description and findings re EC4	Regulation 6 (Article 1516) requires banks to submit annually to NBR Financial information related to shareholders which hold, directly or indirectly or in concert, qualifying holdings: For legal entities, annual, individual and, where appropriate, consolidated financial statements, For natural persons, income statement submitted to the tax authorities (or, where appropriate, solemn declaration showing the income source and amount as well as the nature of obligations assumed) A statement of all shareholders, including the following information: identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights. There is no specific requirement for banks to provide information regarding identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. NBR indicated such aspects were verified during the annual full-scope on-site examinations (in the absence of an on-site inspection manual or methodology, it is difficult to assess whether this is done on a systematic basis and how such verifications are conducted).
EC5	The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor.
Description and findings re EC5	Where a change control has taken place without the necessary notification or approval from the supervisor, NBR can suspend the exercise the voting rights, require that the related shares are sold within three months and, should his not be done, require that the shares be nullified. (see EC 3)
EC6	Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Description and findings re EC6	There are no specific laws or regulations stipulating that institutions must notify NBR as soon as they became aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Assessment of Principle 6	Largely Compliant
Comments	In the past five years, 33 requests for changes in significant ownership were received, largely related to the consolidation process in the banking industry. 31 such requests were approved and two denied (respectively in 2013 and 2014). Rejections were motivated (i) in one case, by insufficient integrity of the proposed shareholder as its chairman of the Board was investigated and sanctioned by the ASF and (ii) in another case, in insufficient transparency of the shareholders abroad as NBR did not receive appropriate information to assess their suitability. NBR implements a rigorous definition of transfer of significant ownership, in line with the provisions of the CRD IV (i.e., direct, indirect or control 20 percent, 33 percent, or 50 percent of the capital or voting rights of a bank or acquisition making the bank a subsidiary), as well as requirements on the transparency of bank ownership. It could usefully complement its regulatory requirements by introducing a definition of ultimate beneficial owner and require banks to provide information regarding the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. While banks keep close contacts with NBR and ted to inform it of any material development, it would be relevant to include a specific requirement that banks must notify NBR as soon as they became aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest.
Principle 7	Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision.
Essential criteria
EC1	Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital.
Description and findings re EC1	In the past five years, there were only four significant acquisitions which involved the acquisition of a Romanian bank by another Romanian bank. The regime in Romania, as well as in other EU countries, is based on the notion of qualifying holding (see CP 5 EC 5 for the detailed definition). The banking law Article 2, transposing relevant provisions of the CRD IV, defines a proposed acquisition as: “the decision taken by a proposed acquirer to acquire, whether directly or indirectly, a qualifying holding in a credit institution, Romanian legal person, or to increase its qualifying holding so that the proportion of the voting rights or of the capital held would reach or exceed 20 percent, 33 percent, or 50 percent or so that the credit institution would become its subsidiary”. Prior approval Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country, prior approval is required if, following the acquisition of a qualifying holding, the entity located in a third country would be included in the scope of prudential consolidation Article 146 of the banking law). Such undertakings which can be included in scope of prudential consolidation (Article 18 of the CRR) include both “institutions” (i.e., credit institutions and investment firms) and “financial institutions” (i.e., other institutions which principal activity is to acquire holdings or to pursue one or more of the following activities lending, financial leasing. payment services, issuing and administering other means of payment, guarantees and commitments, trading for own account or for account of customers in money market instruments, foreign exchange, financial futures and options, exchange and interest-rate instruments, transferable securities, participation in securities issues and the provision of services relating to such issues, advice to undertakings on capital structure and industrial strategy, money broking, portfolio management, advice, safekeeping and administration of securities and issuing electronic money). Notification The acquisition of any other qualifying holding by a Romanian bank needs to be notified to NBR within five business days (Article 147 of the banking law). In the case of the acquisition of qualifying holdings in EU credit institutions, NBR can share its views with the relevant EU supervisor prior to the acquisition. The regime applicable to the transfer of significant ownership defined by the CRD IV (which transposition in Romania is described in CP 6) applies: prior notification by the acquirer (the Romanian bank) to the EU supervisor responsible for the credit institution in which a qualifying holding is acquired (Article 22 of the CRD IV), detailed timeframe and criteria for the assessment (Articles 22 and 23) and consultation between the supervisors of the EU and Romanian credit institutions, i.e., NBR (Article 24). Limitations and prohibitions For other investments, the CRR (Article 89) limits individual participations to 15 percent of a bank’s own funds and the aggregate of such participations to 60 percent of a bank’s own funds (see EC 5). Moreover, the banking law (Article 144) prohibits Romanian credit institutions from acquiring qualifying holdings in entities covered by Article 89 of the CRR if they would then become their subsidiaries.
EC2	Laws or regulations provide criteria by which to judge individual proposals
Description and findings re EC2	See CP 6 for a detailed description of the regime applicable to transfer of control of Romanian banks. Where a Romanian bank intends to establish a branch in another EU country (Article 81–1 of the banking law), it shall send a notification to NBR with details regarding the address and country of the proposed branch, a program of operations (including at least the types of business that are to be carried on and the structural organization of the branch) and the identity of the persons designated to ensure the management of the branch and information regarding their reputation and professional expertise). Within three months of receipt of the notification, NBR shall (i) either communicate the information received to the EU host supervisor and inform the credit institution accordingly; or (ii) oppose the establishment of the branch if it has “reasons to ascertain that the administrative structure or the financial situation of the credit institution is not adequate” (and convey the underlying rationale of its decision to the Romanian bank). Where a Romanian bank intends to establish a branch in a third country not belonging to the European union, Article 91 of the banking law mentions it shall submit a request for approval to NBR. NBR may reject the application if, on the basis of information held and documentation submitted, it ascertains that: (i) the bank does not have an adequate financial standing or the administrative capacity to carry on the envisaged activity through the branch; (ii) the existing legislative framework of the third country and/or the manner in which it is implemented impedes the exercise by NBR of its supervisory functions; or (iii) the bank posts an inappropriate development of the prudential indicators or does not comply with other prudential requirements.
EC3	Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.33 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis.
Description and findings re EC3	See EC 2 Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country which would then be included in its prudential consolidation, NBR shall conduct its review to ensure Article 146–2 that (i) the acquisition shall not expose the Romanian bank to undue risks or hinder effective supervision on a consolidated basis and (ii) the Romanian bank shall have adequate financial and organizational resources to handle the acquisition and management of the respective holdings. In such cases, the application for approval shall be accompanied by Article 14 of Regulation 6) a presentation of the legal and institutional framework in the third country, including at least information on supervisory authorities and financial sector supervisory system, legislation on professional secrecy in the financial sector, prevention of money laundering and terrorist financing, know your customer standards and any other relevant information regarding potential impediments in carrying out prudential supervision by NBR , such as restricting access to information or the possibility of carrying out on-site inspections.
EC4	The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment.
Description and findings re EC4	Where a Romanian bank intends to acquire a qualifying holding in an undertaking in a third country which would then be included in its prudential consolidation, Article 146–2 of the banking law requires that the bank have adequate financial and organizational resources to handle the acquisition and management administering of these holdings. For other acquisitions (i.e., in the EU), requirements that credit institutions have an organizational and risk management structure adequate to its size, complexity and business structure apply (see CP 15 EC 1).
EC5	The supervisor is aware of the risks that nonbanking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in nonbanking activities.
Description and findings re EC5	The EU CRR Article 89 limits individual participations in nonbanking entities to 15 percent of a bank’s own funds and the aggregate of such participations to 60 percent of a bank’s own funds. The banking law Article 144 prohibits Romanian banks from exercising control over such entities. The banking law Article 20–1 limits the direct provision of nonbanking services (nonfinancial mandate or commission operations, management of portfolio of movable and/or immovable assets, services to own clients related to banking operations) as the total amount of revenues from these activities may not exceed 10 percent of the bank’s net profit. From a macroprudential perspective, the identification of risks related to nonbanking or shadow banking activities would also fall within the mandate of the NCMO (see CP 3).
AC1	The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.34 Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments.
Description and findings re AC1	Major acquisitions or investments by other entities located in third countries Prior approval by NBR is required under Article 146 of the banking law for any qualifying holding the bank intends to hold in an undertaking from a third country, which would be included in its prudential consolidation following the acquisition. As qualifying holdings are broadly defined to include direct or indirect holdings, a major acquisition conducted by a subsidiary would also be covered. In such cases, NBR would review that these do not expose the bank to any undue risks or hinder effective supervision before giving its approval. Major acquisitions or investments by other entities located in the EU NBR shall be notified within five business days of the acquisition of any qualifying holding Article 147 of the banking law. See also CP12 EC5.
Assessment of Principle 7	Compliant
Comments	As part of the consolidation of the Romanian banking system in recent years, NBR reviewed and approved four requests for acquisitions in the past five years (all related to mergers between banks licensed in Romania). NBR has been actively involved in the review of the proposed acquisitions at different stages of the process. In a 2016 case where the acquired bank was large and had a deteriorated risk profile, NBR implemented a thorough review to ensure this would not expose the acquirer to undue risks. NBR was satisfied inter alia as a large portfolio of risky loans denominated in CHF was converted in local currency ahead of the acquisition, thorough due diligence was conducted by the acquirer and the acquisition price did not threaten the acquirer’s capital buffers. Romanian banks only have small activities outside Romania (i.e., no subsidiary and only one branch in another EU country and small financial subsidiaries in Moldova).
Principle 8	Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become nonviable.
Essential criteria
EC1	The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis.
Description and findings re EC1	The NBR introduced EBA Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP) framework for determining and assessing the risk profile of banks and banking group from 2016. As of January 1, 2016, the NBR Board approved the implementation of EBA SREP Guidelines (EBA/GL/2014/13) into national supervisory practices. The objective of SREP of credit institutions is to promote a sound banking system, which is essential for ensuring the sustainable financing of the economy. The SREP process of a credit institution includes the following components: a. Categorization of institutions based on the institution’s size, structure and internal organization, and the nature, scope and complexity of its activities, and periodic review of this classification; b. Monitoring of key indicators; c. Business Model Analysis (Advanced Measurement Approach (AMA)); d. Assessment of internal governance and institution-wide controls; e. Assessment of risks to capital; f. Assessment of risks to liquidity and funding; g. Capital adequacy assessment; h. Liquidity adequacy assessment; i. Overall SREP assessment; and j. Supervisory measures (including early intervention measures, as appropriate). Regarding the first component of the SREP process, the categorization of institutions, this is performed based on the methodology described by an “internal procedure” issued by the SD and approved by the first deputy governor. Per above mentioned guidelines, the supervised entities are allocated into four major categories, depending on their qualification as other systemically important financial institutions (OSII), size, relative market share, and business model, as follows: Category 1 – OSII; Category 2 – large and medium institutions other than OSII with universal business model and a market share by assets more than 5 percent; Category 3 – small and medium credit institutions with universal business model and a market share by assets below or equal to 5 percent; and Category 4 – specialized credit institutions, respective savings bank for housing, which facilitates the peer comparisons between banks. This classification is used by the NBR as a basis for applying the principle of proportionality to the scope and intensity of the supervisory commitment and the dialogue with the credit institution. The SREP assessment is based on both quantitative and qualitative information, including the arrangements, strategies, processes and mechanisms implemented by each credit institution. The data concerning the breakdown at risk level of the total SREP capital requirements are centralized at the banking system level. This allows basic comparison between banks from the same peer group with regards to the capital allocation for the risks assessed in the Internal Capital Adequacy Assessment Process (ICAAP)/SREP. On a quarterly basis, the data from the supervisory reports are loaded into centralized reports, which serve as a source of information for the horizontal assessment relating to the SREP scores. The aggregate data of SREP elements by the score assigned are disclosed in the Assessment of banking risks section from the 2016 NBR’s annual report. The SREP assessment is performed on site annually for all 28 supervised banks or banking group by legislation Article 166 NBR Regulation No. 5/201335, and leads to an overall SREP score that is updated off site on an ongoing basis as significant developments occur. The NBR is not differentiating the frequency of full-scope examinations based on the outcome of risk profile analysis of banks. The asset size and the SREP score of previous year are the main factors in determining the examination periods and the number of examiners. The review of the arrangements, strategies, processes and mechanisms implemented by each credit institution, and its assessment are also performed by off-site personnel on an on-going basis. The off-site supervision also addresses the periodic assessment of the several key indicators concerning the credit risk, market risk, operational risk, IRRBB, liquidity risk, business model (based on the profitability indicators) and the changes within the internal governance of credit institutions. Regular monitoring of these key indicators is used to identify material changes in the risk profile of an institution and in the SREP assessment. The rating methodology consists of a scale from 1–4 (1 equaling to “no discernible risk” and 4 “high risk”) and one negative grade (F) for an institution that is failing or likely to fail (within the meaning of Article 32 of the BRRD). Concluding to the above mentioned, the SREP summary is issued annually, based on the outcome of the annual supervisory report (containing supervisory findings made over the course of the previous 12 months), properly reflecting along the most significant developments affecting the institution’s risk profile and viability, and changes in the financial conditions, as disclosed in the monitoring process (key indicators evolutions, on-site targeted visits, meetings with institution’s representatives etc.). This EC requires supervisors to assess the resolvability of banks and banking groups as an input into the ongoing risk assessment. In the EU framework, however, the assessment of resolvability is not the responsibility of competent authorities, but the responsibility of the resolution authority (see Article 10(2) and 15 of the BRRD). Thus, the Resolution Department (RD) within the NBR assesses banks’ resolvability, after consulting the SD, and the outcome and issues are communicated with the SD. The SD takes into account the resolvability assessment outcome in their supervision activities as needed. Although there is no clear methodology on how the resolvability assessment results are fed into supervisory activities, the NBR mentions that any issue of resolvability of banks are considered in the SREP assessment qualitatively. In terms of supervisory methodology in relation to the need to assess risks which banks or banking groups present to the safety and soundness of the banking system, there is a quarterly risk dashboard that provides bank-specific data, sector and peer group. In addition, the FSD analyze the safety and soundness of the banking system as well as publishes financial stability reports on a half yearly basis. The FSD shares the analysis results with SD, including the top-down stress testing results, which are fed into supervisory activities.
EC2	The supervisor has processes to understand the risk profile of banks and banking groups and employs a well defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis.
Description and findings re EC2	The banking supervision is performed within the three inspection divisions in the Supervision Department, all of them having the same organization, on-site and off-site activities. For the SREP process, currently there is an internal procedure divided into two sections, one dedicated to on-site activities, and the other one to off-site activities. Each of them describe, in details, the specific operational flow of the process of verification and evaluation of the arrangements, strategies, processes and mechanisms implemented by the credit institutions. (See CP9 EC2) Additionally, in the supervisory practices NBR adopted the common procedures and methodologies promoted by the EBA Guidelines and of the other binding technical standards with relevance to the matter in question (such as: SREP Guidelines, RTS on colleges, RTS on Joint Decision, Guidelines on triggers for use of early intervention measures pursuant to Article 27(4) of Directive 2014/59/EU, etc.). In parallel with the internal procedure used to assess the viability and sustainability of credit institutions (the assessment of the business model), internal governance including internal control, the adequacy of risk to capital, the adequacy of risk to liquidity, systemic risk and ICAAP for those subjects which require competent authority to develop internal supervisory methodologies based on the guideline orientation, such as categorization of institution, articulation of own funds requirements, communication of the TSCR ratio/OCR ratio, methodologies for calculation of add-on capital requirements, NBR formalized the procedure concerning the methodology for determining additional own funds requirement Pillar II and the method of determining and expressing it in the capital evaluation process SREP. NBR has implemented a monitoring system based on quantitative risk indicators (Key risk indicators) which allows the identification of deterioration of the risk profile of each entity, the results of the monitoring system being used both for on-site and off-site supervisory activities. The Supervision Department has identified 26 KRIs which are used for scoring with thresholds for each rating (1–4) from the total of 34 KRIs. These scores are a starting point for the SREP scores and are automatically updated based on the availability of new reported data. KRI thresholds may also trigger an update of SREP elements outside the annual cycle. All indicators are split into groups (risk categories) which also allows to assign automated scores for SREP elements and risk categories (e.g., credit risk score), which serves a starting point for further analysis. Monthly and quarterly off-site analysis relies on data from ITS on supervisory reporting but also on additional reporting requirements (e.g., Financial Reporting (FINREP) solo monthly, classification of loans and investments monthly, NBR NPL loans by client monthly, asset sales monthly, liquidity reports weekly and monthly). For every bank there is a quarterly risk dashboard, providing bank-specific data, and sector and peer group details. During the SREP process, however, the forward-looking perspective is assessed based on a minimum two years projection of the business plan and the capitalization considering the base line scenario and the adverse (stressed) scenario in the capital adequacy assessment and the BMA. Top-down stress tests are performed by Financial Stability Department) at aggregate and individual level. The supervisory work in each bank is based on the result of the above-mentioned analysis and annual SREP assessment.
EC3	The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.
Description and findings re EC3	The supervisory activities in NBR include both assessing compliance with applicable regulatory framework (at national and European level) and the evaluation of the intrinsic exposure to risks and of the overall viability of the institution. Based on the provision of Article 166 of the banking law, the governance arrangements of a credit institution, the processes to identify, manage, monitor and report the risks, the internal control mechanisms as well as the remuneration policies and practices are established by the credit institution’s Articles of Association and internal regulations according to the legislation in force applicable to commercial companies and in compliance with the provisions of the mentioned emergency ordinance and the applicable regulations. Assessments are performed in cases where changes in banks’ internal regulations subject to specific notifications requirements (i.e., concerning the individuals lending activity) occur. The information is also used to update the credit institution template. The noncompliance cases are documented into the supervisory letters, written orders (usually following off-site assessment) and/or reports, communicated to the banks management and corrective measures are applied if necessary.
EC4	The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in nonbank financial institutions, through frequent contact with their regulators.
Description and findings re EC4	The NBR requires credit institution to conduct stress tests, as part of the ICAAP, in order to identify those events or changes in the market conditions in which they operate and may adversely affect their future. Thus, for assessing the reliability of capital planning, credit institutions utilized the results of crisis simulations used to assess the viability of the capital plan in adverse circumstances. The NBR, as part of the SREP, reviews how the evolution of the macroeconomic environment is taken into consideration by the credit institutions in the strategic plans and in the capital planning, that the base line scenario and the stress test scenario must be designed based on the forecasted evolution of a minimum set of macroeconomic indicators, including interest rates, GDP, unemployment rate, real estate market evolution, consume and FX rates. These macroeconomic indicators are also used by the NBR in the top down stress tests performed for the banking system. The FSD performs the top-down stress tests for individual institutions and banking system using macroeconomic indicators and scenarios. The key variables include economic growth, interest rate projections, exchange rate developments, risk premium, and unemployment. The results are shared with the SD for reference, and serve as benchmarks during the SREP process. The cross-sectoral view of the nonbank financial institutions is ensured by the supervisory activities performed for these entities within the same supervisory body (in the NBFI and payment institutions division within the SD). While there is sharing among supervisors on relevant data and supervisory findings on a need basis, there is no systematic process or regular meetings with securities and insurance supervisors (ASF) before on-site examination on banking groups to discuss the risks in the banking group supervised, supervisory approaches, and potential concerns about the banking group or subsidiaries. Authorities mention that banks normally carry more than 90 percent of assets within the banking group, so such meetings can be considered not a core need. In addition, the authorities also mention that there is a high level national coordination framework among domestic supervisory authorities (see EC5).
EC5	The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability.
Description and findings re EC5	The monitoring and assessment of risks, trends and concentrations within and across the banking system as a whole is carried out by the BSD and FSD. The mechanism of NBR to identify, monitor, and assess the build-up of risks, trends and concentrations within and across the banking system are: Semi-annual FSR—which is reported to the NBR senior management and to the FSDC on a half- yearly basis. The FSR presents detailed analyses of banking sector developments and soundness, including credit risk, asset quality, results of the macro-financial stress tests, liquidity risk analysis, and various other financial soundness indicators per different types of financial entities; Quarterly risk dashboard— provides bank-specific data, sector, and peer group on trends and developments of risk categories. The NBR incorporates these analyses into its assessment of banks under the SREP process. The NBR also communicates to banks any significant trends or emerging risks identified as part of its analyses during onsite examination and discussions under the SREP. Other than the above analysis, industry-wide thematic analyses triggered by detected trends or recent events, and analyses of sources of liquidity (such as domestic and foreign currency funding conditions and costs) seem to be limited within the SD. 36 The emerging risks at the bank level were addressed through measures imposed through written orders signed by the senior management of the NBR, following on and off-site supervisory reports. In some cases, emerging risks at the bank/system level were treated through letters of recommendation sent to the banks, meetings with the bank’s representatives and/or third parties (external auditors) or through ad hoc or enhanced reporting on special items (see CP 9 EC5). In addition, there is a national coordination regarding the monitoring and mitigation of risk accumulation at system level. The NBR communicates to other relevant authorities under the NCMO mechanism and by issuing half-yearly FSRs. The NCMO may issue warnings and recommendations (soft law), which are based on an “act or explain” mechanism and addressed to the NBR or the ASF, in their capacity as national authorities responsible for sectoral financial oversight.
EC6	Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business.
Description and findings re EC6	The Romanian regulatory framework has implemented the provisions of the BRRD regarding resolvability assessments. When the NBR as resolution authority (RD), after consulting the SD, determines that there are substantive impediments to the resolvability of that institution, the RD, would notify in writing the SD as the national competent authority (NCA). Article 92 paragraph 2 of Law No. 312/2015. Furthermore, the RD should consult the SD when assessing whether the measures identified by credit institutions effectively address or remove the substantive impediments in question, and when establishing alternative measures that may achieve that objective. For the 2016 resolution planning process, the NBR, as resolution authority, either at the level of institutions not being part of a group or at the level of the Romanian subsidiaries in cross-border groups, participated in drafting or where applicable, drafted resolution plans for: Fourteen credit institutions that are subsidiaries of cross–border groups, subject to consolidated supervision, within the resolution colleges established by the SRB/other group level resolution authorities—they represent approx. 63 percent of the Romanian banking system’s total net assets as of December 2016. Eight credit institutions that do not belong to cross–border groups, under the NBR’s remit—they represent approximately 23 percent of the Romanian banking system’s total net assets as of December 2016. Also, all credit institutions prepared and sent their recovery plans (individual or group level) to NBR or through the consolidating supervisors. The recovery plans received by the SD were assessed by off-site function. Assessments during the on-site inspections were made with a view to identify any actions in the recovery plan that may adversely impact the viability of the credit institutions. The competent authority (SD) may dispose measures to credit institutions to reduce the risk profile of the institution, including liquidity risk, enable timely recapitalization measures, review the institution’s strategy and structure, make changes to the funding strategy so as to improve the resilience of the core business lines and critical functions and make changes to the governance structure of the institution. The recovery plans received by the NBR from credit institution or from the consolidating supervisor (in case of banking groups for which NBR acting as a host authority) are sent by SD to the RD in order to be assessed from the resolvability point of view. The result of the assessment performed by the RD is communicated to the SD. Having completed the first round of recovery and resolution plans last year, Romania is starting the second one which is expected to incorporate requirements, comments, and lessons learned during the initial effort. Regarding recovery plans, the NBR must aim at increasing the level of specificity of recovery measures, especially those that correspond to foreign bank’s subsidiaries whose plans are prepared at the parent level. In addition, the NBR’s resolution planning for foreign subsidiaries is based mainly on single point of entry considerations, and incorporating other resolution alternatives (e.g., multiple point of entry) will require a strategy for the development of loss-absorbing eligible instruments in the domestic capital market as well as ensuring separability and autonomy from group/parent undertaking from both a financial and operational point of view, so that Romanian subsidiaries would be able to operate their businesses on a stand-alone basis as going concern.
EC7	The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner.
Description and findings re EC7	The Romanian regulatory framework has implemented the provisions of the BRRD. The legal basis for handling credit institutions in times of stress are set out in Article 166–2 of Banking Law and Article 180–1(a) and 181 of Law No. 312/2015 on the recovery and resolution of credit institutions and investment firms. In accordance with Article 4 paragraph (1) letters (d) and (e) of the Law No. 312/2015 on the recovery and resolution of credit institutions and investment firms, the NBR, both as a competent authority and as a resolution authority, has the following responsibilities: to adopt and publish relevant internal rules of relevance, including those relating to professional secrecy and the exchange of information between the structures responsible for the various functions exercised by law (letter d); to establish procedures for the structures and persons exercising, in the name of the NBR, the supervisory and the resolution functions, respectively, to cooperate closely in the preparation, planning and implementation of resolution decisions (letter (e). In this respect, the NBR issued and published on its intranet a formal procedure which contains the categories of the data and information which can be the object of the informational flow between the organizational structures fulfilling the supervisory function and, respectively the resolution function, the frequency and the mode of transmission, as well as the circumstances that intervenes with the requirement to provide information necessary for them to exercise their attributions regarding the recovery and the resolution of the credit institutions. The main objective of this formal procedure is to establish the nature of information to be exchanged and the frequency and way the information is transmitted between the RD and SD in the context of recovery and resolution and to support timely decisions regarding the recovery and resolution of distressed banks. The NBR will carry out resolution actions only when three cumulative conditions are satisfied: the institution is failing or is likely to fail; there are no alternative measures of the private sector/supervisory authority to prevent the failure of the institution within a reasonable timeframe; the resolution action is justified by reasons of public interest. With regards to the supervision of credit institutions belonging to the cross-border banking groups, the NBR works with the other supervisory authorities by means of supervisory colleges, which are structures that ensure optimum dissemination of information and the making of joint decisions on capital and liquidity adequacy and on credit institutions’ recovery plans. In this case, the responsibility for the planning and coordination of the supervisory activities (e.g., early intervention measures) lies with the consolidating supervisor within the college framework. Romanian credit institutions (which are not subsidiaries of European banking groups) are required to submit their recovery plans to the NBR for assessment. The assessment was performed and determined whether the plans were comprehensive and could feasibly restore an institution’s viability. On the basis of this assessment, if necessary, corrective actions are required to improve the quality of recovery planning. In this respect, Law No. 312/2015 stipulates in Article 24 and 25 the stages of the evaluation process and the types of related measures.
EC8	Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this.
Description and findings re EC8	The NBR is a regulator and supervisor of NBFIs. The NBFI supervision and inspection function lies within the supervision department. As a prudential supervisor of NBFIs, the NBR has powers to act if such bank-like activities outside regulatory perimeters would be noticed. These practices will properly be addressed through regulatory and supervisory actions. The NBR has not identified banks attempting to re-organize or restructure for purposes of regulatory arbitrage or avoidance, but the NBR has powers to address this attempt. Information on the bank-like activities and on any boundary issues that may be identified would be exchanged among the SD. In addition, the NCMO cooperation mechanism among domestic authorities (securities and insurance) could address the issue if happens.
Assessment of Principle 8	Largely Compliant
Comments	The supervisory approach of the NBR has undertaken changes toward a more risk based approach since the previous BCP assessment. As of January 1, 2016, the NBR Board approved the implementation of EBA SREP Guidelines (EBA/GL/2014/13) into national supervisory practices. The Romanian regulatory framework has implemented the provisions of the CRD IV and BRRD (resolvability assessment). The partnership, communication, and information sharing in relation to resolvability assessment and related actions with resolution authorities (the Resolution Department within the NBR) appears to be working. Nevertheless, the new EBA SREP methodology is still in the early stages of implementation. The SREP assessment is performed on site annually for all 28 supervised banks or banking group by legislation, and leads to assigning an overall SREP score, which is updated off site on an ongoing basis. The NBR is not differentiating the frequency of full-scope examinations based on the outcome of risk profile analysis of banks; instead, the asset size and the overall SREP score of previous year are the main factors in determining the scope and intensity of examination. However, when the SD establishes the examination program for the following year, there is limited substance to set out the proposed priorities for the year. (e.g., the SD could submit a memo to supervisory committee, the decision-making body, who should be informed of the priorities and specific risks of each banking group before the approval of next year’s examination program) For off-site supervisory activity, there is a quarterly risk dashboard, providing bank-specific data, and sector and peer group details. These monitoring tools do not seem to have embedded a forward-looking view of a banks risk profile (i.e., there are no early warning indicators or bottom up stress testing tools). The FSD publishes FSRs on a half yearly basis as well as performs top-down stress testing, the results of which are shared with banking supervisors for reference. However, more risk-focused, banking industry-wide thematic analyses triggered by detected trends or recent events, and examinations across systems seem to be limited. (During the 2016 and 2017 there were no thematic inspections carried out at the banking system level.) The Resolution Department (RD) within the NBR assesses banks’ resolvability and the outcome and issues are communicated with the SD. The SD takes into account the resolvability assessment outcome in their supervision activities as needed. However, there is no clear methodology on how the resolvability assessment results are fed into supervisory activities. While there is sharing among other supervisors on relevant data and supervisory findings on a need-to-know basis, there is no regular meeting/ systematic process with securities and insurance supervisors (ASF) before on-site examinations of banking groups to discuss a common view of risks in the particular banking group supervised, supervisory approaches, and potential concerns on the banking group or subsidiaries. The authorities should consider the following supervisory approach: Enhance off-site monitoring tools by incorporating more forward-looking views (e.g., bottom up stress testing tools). Enhance a yearly examination planning/approval process to clearly set out the proposed priorities of each bank or banking group for the following year. Establish a systematic framework that collects relevant information from NBFI (including securities or insurance supervisors) to facilitate on-site examination. Conduct thematic analysis and/or examination across banking system with a mix of off and on-site activities on a particular risk (e.g., cyber security risk).
Principle 9	Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks.
Essential criteria
EC1	The supervisor employs an appropriate mix of on-site37 and off-site38 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment, and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed.
Description and findings re EC1	In NBR, the supervision function is integrated into the Supervision Department (SD) and coordinated by one Board member, the First Deputy Governor. Banking supervision is performed within the three inspection divisions, all of them having the same organization, on-site and off-site activities. The SD has in place internal procedures to document the specific on and offsite activities and the related tools and workflows. The procedures are regularly revised and updated in order to accommodate any new changes required by the regulatory framework or as required by the changes in the internal organization (including adoption of new supervisory tools). In 2016, EBA SREP methodology was implemented. (See CP8) Within each Inspection Division of the SD, banks are allocated to off-site examiners and analysts called “line supervisors” covering each credit institution. There is a rotation of personnel within each inspection division or rotation of banks among the inspection divisions. On-site teams within the divisions are mixed and cover all banks allocated to the division. The internal supervisory procedures of each bank or banking group are issued by dedicated teams consisting of off-site and on-site examiners from the Banking Inspections Divisions and supported by the Banking System Assessment, Methodology and Supervision Procedures Division. Off-site supervision is designated to monitor the developments of the bank’s overall risk profile and its components through the analyses performed based on financial and prudential indicators, the approval/rejection of requests concerning amendments in bank’s situation (e.g.,: persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business), and to participate in activities arising from colleges of supervisors, both in normal times and in crisis situations. The responsibilities at the level of the off-site activity are shared according to the job description between the line supervisors, in charge mainly with the approval process, and the risk analysts which mainly focused on the qualitative risk analysis and the college of supervisors’ work On-site supervision represents an integral part of the supervisory approach in NBR which is designated to obtain an objective and comprehensive assessment of particular aspects of a credit institution and allow for the focused investigation of risks, risk controls, processes, systems and personnel. On-site activities include a verification of the functioning of the risk management framework in practice and an assurance on the correctness of the data transmitted by the credit institutions and used in off-site supervision. They are performed at the premises of the credit institution on the basis of the annual supervisory program approved by the Supervisory Committee. There are two types of on-site missions: full-scope inspections covering a comprehensive spectrum of risks and activities, which typically last two to five weeks depending on the bank’s size and targeted inspections focusing on a particular business activity or specific issues, e.g., AML/CFT. Usually, 3 to 10 people are appointed (larger teams for other systemically important institutions (OSIIs)) for each credit institution team (larger teams for OSIIs). The NBR does not differentiate between domestic from foreign-owned institutions when defining the frequency or setting the scope of on-site inspections. Also, according to the examination programs, all the credit institutions are subject to a full scope examination that covers all the areas provided by the EBA SREP guidelines. Although Article 167 paragraph 2 from Regulation No. 5/2013 states that annual inspections should be carried out for (a) credit institutions for which the results of the stress tests indicate significant risks to their ongoing financial soundness or indicate breaches of provisions of the banking law; (b) credit institutions that pose systemic risk to the financial system; and c) any other credit institution, if considered necessary by NBR, in practice, the annual examination programs approved by the senior management of the NBR included all the supervised credit institutions. The SD does not have a team dedicated to banks internal model analysis. The FSD has a quantitative assessment division, which assists the SD whenever supervisors need to approve advanced approach in certain banks or validation of internal models. Currently, two banks received approval from the NBR for using the advanced approach in credit risks and three banks for operational risks in Romania.
EC2	The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions.
Description and findings re EC2	The planning and execution of on and offsite activities are described in the above mentioned internal procedures, which includes the roles and responsibilities for each involved party in the supervisory process. Permanent sharing of information between on site and offsite components occurs and supports the specific supervisory processes. The on-site examination program is annually approved at the level of Supervisory Committee of NBR. The supervisory examination program provides the on-site visits schedule for all credit institutions during the year, the allocated period of each visit and the objectives to be reviewed. All the credit institutions are subject to a full scope examination that covers all the areas provided by the EBA SREP guidelines. Although prioritization could be less of a critical issue in the Romanian context, there is no such process to set out the proposed priorities and inspection plans for the following year or thematic analysis/examination when the SD establishes the examination program for the following year. For example, the decision-making body should be informed of the priorities and specific risks of each banking group/ banking industry before approval of next year’s examination program when the SD submits a memo to the supervisory committee (See CP8). As part of the planning process, the team is set before the visits by the head of the inspection division and approved by the head of SD and the First Deputy Governor of the NBR. When necessary, in developing the College Supervisory Examination Program (SEP), the coordination with supervisory activities performed within supervisory colleges are considered (SREP submissions, JDs signing deadlines). Prior to on-site examinations, the off-site component of supervision a set of information (data and materials) under which it has established the preliminary risk profile. Such information includes reports, information requested by NBR from credit institution, documents resulting from information exchange with other supervisory authorities, the credit institution template, an internal document containing general information about the bank, ownership structure, credit institution reporting requirements, credit institution’s internal regulation subject to approval or validation, outsourced activities, information regarding off-site supervisory reports, data on the last on-site evaluation, other information regarding cooperation, information exchange, reports to ECB/EBA in the matter of supervision of the credit institution. It also includes a risk assessment template, which is a supervisory tool comprising information on the scores allocated to the significant risks (from Pillar I and Pillar II), general risk profile, ICAAP, stress-tests and updated according to the institution’s risk profile changes from the last on-site examination or other significant events occurred in the bank’s activity. Among these tasks, a significant part of this off-site function includes the approval/rejection of requests concerning amendments in bank’s situation (e.g., persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business). The NBR has identified a set of KRIs which are also used for scoring with thresholds for each rating (1–4). These scores are a starting point for the SREP scores and are updated based on the availability of new reported data. KRI thresholds may also trigger an update of SREP elements outside the annual cycle. The templates are updated monthly or quarterly and significant developments registered by each bank are reviewed. The NBR communicates quarterly to banks with their own KRIs template containing information on peer group KRIs. Off-site supervisors also receive all policies and procedures of banks and the information is used in risk assessment. In addition, the assessment of SREP elements is reviewed/updated outside of the planned on-site examination schedules using the information from ITS on supervisory reporting and additional reporting requirements (e.g., FINREP on individual basis monthly, classification of loans and investments monthly, NBR NPL loans by client monthly, asset sales monthly, liquidity reports weekly and monthly, and sources from external counterparts on 10 days basis). The results are presented through monthly/quarterly reports containing data on the capital, balance-sheet assets and liabilities structure, loans portfolio breakdown by type of customers (individuals/corporate), currencies, RAS/IFRS provisioning, depreciated claims, overdue loans, or risk indicators. Any potential risk drivers at credit institutions level identified following the assessment performed by the SD on the information received (from supervisory reporting, other institutions or customers complaints) may be subject to further analysis and checks, performed through unscheduled on-site missions. Unscheduled on-site inspections are usually carried out when during the regular off-site monitoring processes detect a significant deterioration of the prudential or financial position of a bank, or when there are suspicions regarding violations of the regulatory framework. Also, ad hoc on-site inspections were carried out when customer’s complaints (not involving customer’s protection legislation) were received or other parties highlighted operational or reputational risks on banks. The decision to perform such unscheduled on-site missions belongs to the SD management.
EC3	The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable39 and obtains, as necessary, additional information on the banks and their related entities.
Description and findings re EC3	The sources of information that can be used in the supervisory activities (which include the above mentioned types of information) are described in the internal procedures of the Supervision Department. (See EC2) The prudential reports and other internal data used in the MIS are analyzed and assessed especially during on site missions through sampling of data and reconciliations. Also, the NBR uses the information collected by credit public registers for on-site and off-site activity. Credit Risk Bureau and Payment Incident Bureau offer important support for the on-going supervisory process. Additionally, there are other IT applications developed by the SD staff and used in the off-site monitoring processes to keep track of the risk aspects derived from customer complaints or the changes in the network units of the credit institutions that are subject to notification to the NBR. The prudential reports and other internal data used in the MIS are analyzed and assessed especially during on site missions through sampling of data and reconciliations. When on-site, the inspection team collects, centralizes and processes the necessary data and materials provided by the off-site function, such as: reports, notifications according to the legislation in the field; information communicated to NBR by the credit institutions; information requested by the NBR from credit institutions; documents resulting from the exchange of information with domestic and international supervisory authorities, as appropriate; the credit institution template, as previously described; the risk assessment template, etc. According to Article 171 (2) of Banking Law, the NBR has the sufficient power to collect any information from CIs, in order to fulfill the supervisory competencies.
EC4	The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC4	The NBR carries out a monthly/ quarterly review of financial statements of banks through the off-site assessment and during the on-site inspection where inspectors analyze the most recent available balance sheet and P&L statements. Another important output is a comprehensive set of predefined KRIs focused on the asset quality, profitability, capital adequacy, and liquidity. The Excel sheets are available in time-series on monthly or quarterly basis, for the individual banks or for the banking system as a whole. (See CP8 EC2) With regard to the business model assessment, the off-site supervision covers the main changes in the bank’s business model strategic plan and financial ratios, based on the bank’s regular reports as well as the measures implemented by bank in order to address findings following business model analysis performed during on-site examination in the SREP. In terms of peer group analysis, the most important indicators are computed system/peer groups averages which are used for comparison. The KRI monitoring system consists of key financial and risk indicators addressing almost all risk categories covered by SREP: credit risk, operational risk, market risk, IRRBB, liquidity and funding risks, profitability, concentration risk, capital adequacy, etc. For the most important indicators (usually for each SREP element), thresholds (statistically determined, adjusted on professional judgement) are set, along with computed system averages and peer group averages. These indicators are monitored on a quarterly even monthly basis in some cases, for each institution irrespective of category. The evolution of the patterns, the breach of the thresholds, the distance from system and peer group average, should be analyzed and reviewed in accordance with the institution’s risk profile. Supervisory actions are to be taken when the assessment identifies significant/material changes in financial conditions and/or risk profile, thresholds breaches, anomalies in the behavior of indicators, etc. These actions could be, on case by case basis, the following: Dialogues/meetings with institution; Early intervention measures; On-site visits; Requests of relevant information/ explanations, more frequent reporting. The regular assessment performed based on the monitoring of KRIs could be used in order to review the assessment of the relevant SREP element and could change the scores assigned for that SREP element. The outcomes of the monitoring of KRIs is used as a source of information and preparation for the programmed on-site inspection (scope, samples, targets of examination, size and structure of inspection team and period allocated in order to carry out the visit etc.) Also, the data from the supervisory reports are loaded into centralized files every quarter, which serve as a source of information for the horizontal assessment with regard to the SREP scores. The centralizing of the data concerning the breakdown at risk level of the total SREP capital requirements (using the same SREP template as the one submitted for the colleges of supervisors) at the banking system level allows basic comparison between banks from the same peer group with regard the capital allocation for the risks assessed in the ICAAP/SREP. The NBR implemented EBA SREP methodology. In terms of the review, the on-site examinations mainly assess the outcome of stress tests undertaken by the bank, and the analysis of corporate governance, including risk management and internal control systems (See CP8 EC1). Particularly with the group structure, the legislation requires credit institutions on an annual basis, to submit to the NBR the financial information related to shareholders which hold, directly or indirectly or in concert, qualifying holdings or to communicate to the NBR through interbank communications network, a statement of all shareholders (identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights). Follow up for the identified deficiencies/vulnerabilities and the related measures is performed both at the on and offsite level. The findings are formalized and communicated to the bank’s management and remedial actions are imposed through written orders or supervisory letters of the senior management of the NBR.
EC5	The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any.
Description and findings re EC5	The NBR discusses potential risks at the banks and remedial strategies on a continuous basis. Potential vulnerability identified following the off-site monitoring is communicated with the banks involved, mainly at the level of SD management through direct calls or ad-hoc meetings with the credit institutions top management. Emerging risks at the bank/system level are treated through letters of recommendation sent to the banks. The charts and the “traffic lights” within the KRIs templates, including industry average and supervisory benchmarks of each indicators are communicated with banks. More importantly, the SD may send written warning letters to all banks that may be affected by a certain vulnerability. For example, in cases where the level of prudential indicators is in the proximity to the regulatory limits, when counterfeit documents such as payment instruments, warranty letters were identified in the banking system, when the number of the managers decreased below the minimum regulatory in order to appoint new managers within the period of two months as prescribed by the regulation framework in force, etc. The NBR meets the bank’s representatives on an ad hoc basis and/or regular basis and, in some cases, requires enhanced reporting on special items (e.g., intra-group transactions, exposures to certain governments, legislative initiatives—payment in kind, Swiss franc conversion etc.). The supervisors meet external auditors of banks on a quarterly basis to discuss weaknesses in the banking system and/or specific banks and broad supervisory issues. Stress tests are performed regularly at the individual bank level in the ICAAP context and system-wide level by the FSD. During the SREP process, the output of the stress tests is used for imposing supervisory measures, including setting higher minimum capital adequacy ratios. The SD does not have dedicated tools for supervisory bottom up stress-tests nor for financial simulation. However, the stress test buffers set by the banks and included in the ICAAP results are assessed. The SD analyzes the outcome of the stress tests performed by the institutions as part of their capital planning and determines if they prudently evaluated the impact of the adverse scenarios on their available capital and on their Pillar 1 and Pillar 2 capital requirements, in order to establish whether the TSCR and OCR ratios can be met over the planning horizon (usually 2–3 years). If not, adequate and credible action plans are then established by the bank.
EC6	The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk.
Description and findings re EC6	Internal audit function’s quality and effectiveness is periodically assessed through on site missions and ad hoc meetings with the head of department or Audit Committee members. Given that the internal audit function is assessed annually in the on-site inspections, contact with the head of this function takes place regularly in order to assess the effectiveness and efficiency of the internal audit and to gather additional information on the risk exposures identified through internal audit missions, corresponding remedial actions and the quality of internal controls. Off-site analysis are performed in order to identify areas of potential risk based on the data submitted by banks to the NBR through the reports about the conditions on which internal controls was performed, with a distinct presentation of the aspects related to the internal audit function (i.e., deficiencies identified within the function of the internal control system and the measures taken to correct those; a description of the material changes within the function of the internal control system during the respective period; a description of the conditions for applying the control procedures inherent to new activities; performance of internal control within the secondary premises of the credit institution operating abroad). The banks’ internal audit reports deliver information regarding the audit engagements performed in the respective period along with the conclusions and recommendations of the internal audit and implementation suggested by the management body of the credit institutions. The internal audit reports are used as preliminary inputs into the supervisory assessment and the potential areas of risks are further investigated by the supervisory team. In Romania, the internal audit managers are subject to NBR’s prior approval by legislation (NBR Regulation No. 6/2008). Individuals in middle level management positions performing important activities in banks need approval by NBR and the internal audit activities are one of the key functions.
EC7	The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, nonexecutive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models.
Description and findings re EC7	The NBR has regular meetings with the bank’s senior and middle management, and other representatives. Subjects such as strategies and business model are challenged and discussed with the bank’s senior management and board members. There are various forms of contact between the supervisors and the bank management, internal auditors and different bank committees. Meetings are held between the NBR`s senior management and the credit institution board’s members to discuss broad issues such as the strategic plans of the credit institution, the risks aroused in the banking system that can pose a threat, while other meetings are held in the course of on-site inspections and off-site surveillance. During the on-site missions, the contact with the members of senior management and of various committees of the bank is made when various SREP elements are examined, in order to get a better perspective on the risks to which the bank is exposed, the internal controls put in place, the projected or implemented changes in the business or risk strategies, the status for various action plans resulting from internal risk assessments, internal and external audit reports, supervisory reports etc. The meetings usually take place at the beginning of the on-site mission and throughout the supervisory mission whenever the need arises. In off-site supervision activity, these meetings are held as needed to clarify technical matters on different problems, monitor the correction of irregularities or share views on specific issues.
EC8	The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary.
Description and findings re EC8	All the findings of the supervisory work are formalized in writing through letters or reports and are discussed with the bank’s management. The NBR also has at all levels, regular/ ad-hoc meetings with the bank’s senior and middle management and other representatives to communicate the findings of its supervisory analyses. The off-site supervisory analyses are also communicated on at least a quarterly basis. When necessary, the findings of the external auditors are also discussed with the bank’s management. (See EC5 and 7) However, there is no systematic process of regular meeting with nonexecutive/ independent members after on-site examination to discuss findings and the remedial actions. Contact with such members rarely occur during on-site missions. (See CP 14)
EC9	The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner.
Description and findings re EC9	Follow up for the supervisory measures are performed as a part of the on-site and off-site activities, based on the documents provided by the banks and correlate with the deadlines imposed for the implementation. In Romania, sanctions are imposed on the responsible entities within the bank/senior management and/or bank’s board members in case of failure to adequately implement the prescribed measures on timely manner. A dedicated section to disclose the sanctions disposed by the supervisory authority to the credit institutions is available on the NBR’s website (http://www.bnro.ro/Sancțiuni-emise-de-BNR-12553.aspx). Assessors saw cases that the sanctions are imposed to all board members and senior managements when the failure of implementation of the supervisory measures occurs.
EC10	The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements.
Description and findings re EC10	Notifications or prior approval on certain activities are required by the regulatory framework in place and may happen in practice, covering a wide range of topics. Some of the changes that occur are subject to the NBR’s prior approval. The requirements are described in detail in the NBRs and other EU regulations in force. (e.g., NBR Regulation No. 6/2008 Article 3 and 4).
EC11	The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties.
Description and findings re EC11	According to the banking legislation independent third parties (financial auditors, experts) can be used in the supervisory process, but the final prudential responsibilities remain with the supervisory authority (Article 170 of Banking Law). There have been no such cases to date. The external auditors’ main involvements concern the audit of the annual financial statements. Usually, the management letter is submitted by the credit institutions to the NBR or presented during the on-site missions. Instead, there are certain requests addressed by the SD directly to the credit institutions which need the certification of results from the external auditors. (i.e., NPLs identification, collaterals evaluation, stress—test exercise in order to estimate the expected impact over the exposures as of June 2017 following the IFRS 9 implementation). Also, the NBR has already started organizing meetings with financial auditors of credit institutions, where exchange of information of common interest takes place such as developments at the credit institutions level in external auditor’s portfolio concerning the main risk areas.
EC12	The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action.
Description and findings re EC12	A broad range of financial information and prudential reports is monitored and processed by a Banking System Assessment, Methodology and Supervision Procedures Division within the SD, the results of this activity being shared regularly with the department’s management and the onsite and offsite teams. The SD mainly uses three electronic systems for collecting primary indicators from the credit institutions, processing and dissemination of the results, and also, to warehouse the documents and databases, as follows: ABACUS – for the financial information and prudential reports of the credit institutions which have consolidation perimeter (FINREP at a consolidated level, COREP, Liquidity Coverage Ratio (LCR), Large Exposures, NSFR, AE, ALMM); SIRBNR – for the financial reports of the other Romanian credit institutions, legal entities, at individual level, and branches in Romania of Member State and third- country credit institutions and also, for other prudential reports (such as benchmark remuneration, high earner remuneration); RCI – for prudential reports (individual COREP) of the credit institutions and banks’ internal regulations, accounting balances and ad-hoc reports requested by NBR. These systems facilitate analysis of prudential information and aid the identification of areas requiring follow-up action.
Additional criteria
AC1	The supervisor has a framework for periodic independent review, for example by an internal audit function or third-party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate.
Description and findings re AC1	The adequacy and effectiveness of the supervisory process is periodically assessed by EBA and the internal audit function within the NBR. The effectiveness and adequacy is assessed mainly by EAB and more technical areas such as IT data securities or work flows based on internal procedures are audited by internal audit function once every 2–3 years. Recommendations for improvements are properly addressed and are subject to follow up by the aforementioned entities.
Assessment of Principle 9	Largely Compliant
Comments	The SREP methodology in Romania deploys a good mix of onsite and offsite supervisory tools and NBR has established a comprehensive range of supervisory tools and techniques to implement RBS approach. The NBR has broad information collecting power by legislation and the Central Credit Register allows supervisors to access high-granularity data. The SREP is a core supervisory tool of banking supervision in Romania. However, the process of ensuring consistency and accuracy of scoring, findings and supervisory measures across different banks is weak. Concluding the SREP assessment, the annual supervisory report (containing supervisory findings and measures) is issued annually. The draft is sent to banks within 60 working days with the review of head of inspection division. After further discussion with banks and receiving official response from banks, the final report is issued within two weeks with the signature of director of supervision. Meanwhile, the SREP summary report is reported to the fist deputy governor. During this process, there is no structured/independent review to ensure consistency and accuracy on scoring, findings, and measures of the supervisory report. Considering the recent adoption of the EBA SREP methodology in Romania, the quality assurance procedure is critical. Furthermore, given that SREP is first and foremost a methodology for assessing capital adequacy, other proactive supervisory approach may also need to be considered in company with SREP (See CP8). With regard to the off-site function, it is designated to monitor the developments of the bank’s overall risk profile and its components through the analyses performed based on financial and prudential indicators. However, a significant part of this off-site function also includes the approval/rejection of requests concerning amendments in bank’s situation (e.g., persons nominated to exercise administration and/or management responsibilities, key function holders, acquisition of qualifying holdings, financial auditors, completion of the core business). For example, the NBR has interviewed approximately 1,700 board members, executives, middle managers (key function holders) from 2009 to 2017. More than half of the interviewees were middle managers. This responsibility, despite positive benefits, could limit to a certain extent, the ability of the NBR to maintain a thorough and deeper analysis of the risks that banks, banking group and banking industry are facing. Regulatory cost and benefit exercises may be warranted in respect of optimum allocation of supervisory resources. The NBR also has regular/ ad-hoc meetings with the bank’s senior and middle management and other representatives to communicate the findings of its supervisory analyses. However, there is no systematic process of regular meeting with nonexecutive/ independent members after on-site examination to discuss findings and the remedial actions. Contact with such members occurs less often during on-site missions. Given that in many cases the board of directors comprises mostly nonexecutive members and NBR’s supervisory work heavily relies on the annual examination, it is critical to keep them informed of the main findings and possible remedial actions promptly after on-site visit. (See CP 14) The authorities should consider the following activities: Ensure consistency and objectivity in SREP score, findings and supervisory measures (e.g., establish the independent review unit, develop on-site and off-site supervisory assessment handbook, and improve an electronic platform to more effectively manage findings, measures, and follow-ups). Review the off-site activities regarding various approval process within SD for supervisors to better focus on its qualitative risk analysis. Intensify engagement with nonexecutive/independent board members as part of the on-site examination process (See CP 14).
Principle 10	Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns40 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts.
Essential criteria
EC1	The supervisor has the power41 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk.
Description and findings re EC1	According to Article 153, 165, 59, and 171 (2) of Banking Law, the NBR is statutorily empowered to collect financial statements and other data and information from credit institutions (CIs), on both a solo and a consolidated basis, as required by the NBR. The EU harmonized supervisory reporting requirement establishes uniform requirements for supervisory reporting to competent authorities for the following areas: (a) own funds requirements (capital adequacy) and financial information; (b) losses stemming from lending collateralized by immovable property; (c) large exposures and other largest exposures (counterparty, sectoral, geographical); (d) leverage ratio; (e) liquidity coverage requirements and net stable funding requirements; (f) asset encumbrance; (g) additional liquidity monitoring metrics. NBR Regulation No. 5/2013 doesn’t provide derogations or exemptions from the applications, on an individual basis, of the prudential requirements specified by Regulation (EU) No. 575/2013, irrespective of consolidated supervision being applied or not. All banks are required to prepare and deliver common reporting (COREP) based on the harmonized European supervisory reporting framework, provided for in the CRD and EC regulations on reporting, that encompass a comprehensive range of information for the supervisor to perform a risk assessment. The reporting requirements are defined by EBA ITS on supervisory reporting, which were introduced in Q1 2014 and are being phased in over a number of years. Frequency varies between reporting from monthly (liquidity) to quarterly and semi-annual or annual for some individual templates. According to EBA ITS on supervisory reporting, COREP data must be reported on both a solo and consolidated basis by all banks, while FINREP is mandatory for banks at consolidated level only. Solo level reporting remains national discretion, but reporting templates in Romania (in case of solo FINREP) are consistent with those at consolidated level. COREP covers capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector and geography), asset quality, loan loss provisioning, related party transactions, and market risk, while FINREP covers, inter alia, on- and off-balance sheet assets and liabilities, and P&L42. The NBR also has power to require regular reporting outside the scope of the ITS on supervisory reporting and banks are compelled according to the Banking Law to transmit to the NBR any information required by the latter in order to perform its responsibilities established by law. The additional reporting requirements compliments the scope of the ITS on supervisory reporting.
EC2	The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally.
Description and findings re EC2	The Romanian banking system is required to report financial information based on the IFRS at consolidated level since January 2006 and at individual level since January 2012. FINREP reporting templates for supervisory purposes are based on the IFRS both at the solo and consolidated level. Reporting instructions for consolidated level are included in Commission Implementing Regulation (EU) No. 680/2014 that contains detailed instructions for the submission of supervisory reporting. Reporting instructions on a solo basis are included in the National Regulation (NBR Order No. 6/2014 regarding the FINREP individual financial statements, NBR Order No. 5/2014 regarding the financial information reporting of branches of CIs having their headquarters in other Member States).
EC3	The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes.
Description and findings re EC3	According to Article 24 of CRR, the valuation of assets and off-balance sheet items shall be effected in accordance with the applicable accounting framework. The NBR introduced IFRS for all CIs in 2012, and the measurement of fair values and valuation rules are also determined on the grounds of IFRS requirements. Article 105 of CRR stipulates that a comprehensive range of requirements for prudent valuation and Article 34 requires that CIs shall apply the requirements of Article 105 to all assets measured at fair value when calculating the amount of their own funds and shall deduct from Common Equity Tier 1 capital the amount of any additional value adjustments necessary. NBR Regulation No. 5/2013 also requires that the management body be actively involved and ensure that adequate resources are allocated to address all the significant risks addressed in this Regulation and CRR as well as for the purpose of asset valuation, the use of external ratings and internal models relating to those risks, providing the legal basis for governance arrangements and control processes for the valuation. NBR order No. 6/2014 (methodological norms point 2) also requires that CIs prepare FINREP individual financial statements that give a true and fair view of the position and financial performance of credit institutions for the related period. Adherence to the IFRS valuation standards (mainly IAS 39, IFRS 13) and other regulations is assessed during on site missions. The assessment also includes the existence of an adequate independent validation of methodologies. In case of inappropriate practices, supervisory measures were imposed, including adjustments of the provisions level or of the capital.
EC4	The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank.
Description and findings re EC4	The information submitted to the NBR has the frequency and structure of the EU harmonized reporting framework from monthly to quarterly, and semi-annual or annual for some individual templates. In the EU reporting framework, the frequency of the submissions is set differently depending on the complexity of the information, the size (including different reporting templates) and the risk profile of banks (higher frequency for the banks with a higher risk profile). In Romanian context regarding prudential reports for supervisory purposes, the scope and periodicity are the same for all credit institutions, except the branches of credit institutions having their headquarters in other Member States; these are not subject to reporting prudential information to NBR under Regulation (EU) No. 680/2014. (See EC1). The NBR occasionally requires banks to submit additional information more frequently such as daily liquidity reporting, or more granular NPL data as deemed necessary.
EC5	In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data).
Description and findings re EC5	The harmonized European reporting framework covers the issues that this EC requires in Romania. Standardized regulatory returns under the Romanian and EU regulatory framework, COREP, FINREP at consolidated level define reporting dates and periods and reporting requirements for all credit institutions. In the case of solo FINREP, the reporting templates are consistent with those at consolidated level. After collection, the data is used for diverse analytical outputs such as risk indicators, trends, peers, stocks, and flows.
EC6	The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information.
Description and findings re EC6	The Banking Law provides the legal authority for NBR to require all the information needed to perform its activity. According to Article 169 Index 1 paragraph 2 and Article 226, the NBR is empowered to request additional or more frequent reporting. The national regulatory framework allows it to request from banks any information deemed necessary to perform the individual and consolidated supervision of banks and banking groups.
EC7	The supervisor has the power to access43 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required.
Description and findings re EC7	Supervisors have access to any kind of information that is considered useful for supervisory purposes. Also, there are no restrictions on the access to the bank’s Board, management, and staff. According to Article 171 (1), CIs are compelled to allow the NBR to examine their reports, Accounts, and operations and to provide all documents and information related to the activity performed, as requested. Article 171 (2) states that CIs shall transmit to the NBR any information required by the latter, to assess their compliance with the prudential requirements of the Banking Law and CRR and with the applicable regulations. The internal control mechanisms and administrative and accounting procedures of the CIs also shall permit, at any time, the verification of their compliance with such rules.
EC8	The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended.
Description and findings re EC8	EU harmonized reporting rules define reporting reference dates and the reporting and corrections shall also be submitted to the NCA without undue delay. In the off-site process of NBR, any report received from a Credit Institution (CI) has to be reviewed with regard to possible discrepancies. Inconsistencies have to be clarified with the credit institution. If the data provided is inconsistent, resubmission may be requested. The staff from the SD surveys the banks’ compliance with deadlines for each reporting date. Also, there is a cross check of the submission situation by each bank/type of reports/reporting date carried out by the Banking System Assessment, Methodology and Supervision Procedures Division. When a report is delayed, the submission is allowed only after the assessment and the approval process. When the credit institution fails or is late in submitting the reporting data the NBR contacts the bank and sets a deadline for the correction and resubmission of the report. During the evaluation process of data quality, the bank supervisor involved in this process informs management of any issues in the validation process depending on the importance of the problems occurred and the degree of difficulties. After the deadline, management involvement is expected when the credit institutions did not comply with the reporting deadline or the quality requirements. The supervisory authority can impose measures and sanctions when the reports received are not compliant with the reporting framework in place (Banking Law Article 228 Paragraph 1). The management of the bank is held responsible for the late or missing or inaccurate reports. In the off-site activity, when a supervisor has noticed mistakes within the credit institutions reports, as the credit institution didn’t meet several requirements of the legal framework applicable (ITS 680/2014 laying down implementing technical standards with regard to supervisory reporting of institutions as regards instructions, templates and definitions), a supervisory report is concluded in order to solve the deficiencies identified within a certain timeframe. Following the recommendation issued based on the conclusions from the said supervisory report, the credit institution has to resubmit the reports. Depending on the gravity of the findings, actions are taken by NBR and measures are disposed after the conclusion of the on-site mission and based on the findings filled in the supervisory reports. The NBR Regulation No. 5/2013, Article 11 stipulates that the management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of a credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. Also, the management body must ensure the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards.
EC9	The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts.44
Description and findings re EC9	Validation rules for COREP and FINREP reporting are applied on submission. Resubmissions are required for in cases of errors and noncompliance with the validation rules. Following receipt of the data, the NBR carries out a program of plausibility checks (comparison to previous periods and using available information), focusing on data sets that are of greatest importance, such as capital adequacy, liquidity, and FINREP returns. In particular, the staff from the SD observe the banks compliance with deadline for each reporting date. Also, there is a crosscheck of the submission situation by each bank/type of reports/reporting date carried out by the SD. During the reporting process, the fulfillment of the validation is checked online and a message is automatically generated by the system about the failed validation, message that is also received by the reporting entity. When a blocking validation fails, the credit institution report is not accepted by the system and the reporting entity takes measures to solve the issues. When a submission is successful, the supervisory staff also assesses the failed nonblocking validation rules, should it occur. If the result is satisfactory, the report is marked as validated (there is signoff function to be activated). If not, the credit institution will be contacted to solve the reporting issues. The supervisory staff in the SD verifies the correctness, reasonability or plausibility of the reasoning for the failed validation and contact the credit institution for additional explanation, as needed. Supervisory information is regularly tested through on site and off site analysis, including through sampling. When necessary, external auditors are requested to perform limited scope audits of the financial situations of some banks (without being commissioned and under a formal supervisory mandate) and the outcome of the assessment is submitted to the NBR.
EC10	The supervisor clearly defines and documents the roles and responsibilities of external experts,45 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations.
Description and findings re EC10	The NBR can assign external experts or auditors for supervisory tasks (Banking Law Article 170 (1)), but in practice there were no such cases. The regulations define the framework under which supervisory tasks can be delegated to financial auditors Banking Law Article 170 (2). However, there are no comprehensive guidelines/criteria for hiring third parties to conduct supervisory tasks in place of, or for assessing the quality of the work performed by those experts.
EC11	The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes.
Description and findings re EC11	There is a provision (Banking Law Article 156) that the financial auditor of a credit institution shall inform the NBR while performing his duties, as soon as he encounters any fact or decision concerning the credit institution which is liable to: (a) constitute a material breach of the law and/or regulations or other documents issued for its application, which lays down the conditions for authorization or requirements related to the pursuit of activity; (b) affect the functioning of the credit institution; and (c) lead to the financial auditor’s refusal to express an opinion on the financial statements or to the expression of reservations. However, there is no explicit requirement in the law that external experts promptly bring to the NBR’s attention any identified material shortcomings during the course of any work undertaken by them for supervisory purposes. However, the use of external experts in this regard is very rare.
EC12	The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need.
Description and findings re EC12	The reporting formats are developed by the EBA and are issued under a Regulation which is directly applicable to all credit institutions across European Union. The format and content of the reporting formats are periodically reviewed both at the initiative of the EBA and of the NCAs. The authorities mentioned that the information collected (except the one collected according to the common European reporting framework) is frequently reassessed in order to determine its relevance and comprehensiveness for the supervisory purposes. The emergence of new risks drivers has determined changes in the ad hoc reporting requested from the banks (litigations, payment in kind etc.). 46 However, there is no explicit assessment process in place to periodically review the prudential returns (except the one collected according to the common European reporting framework).
Assessment of Principle 10	Largely Compliant
Comments	The Banking Law provides the legal authority for NBR to require all the information needed to perform its activity. The Romanian banking system has been required to report financial information based on IFRS at consolidated level since 2006 and at individual level since 2012. The supervisory reporting/ validation rules and templates are mainly governed by a harmonized EU reporting framework. In case of solo FINREP, as required by the national legislation, the reporting templates are consistent with those at EU reporting requirements. The supervisory staff verifies the reports through off-site and on-site examination. Authorities indicated that there are ongoing projects in many banks related to the improvement of data warehouse. In order to further assure that the reported information is accurate, comprehensive and consistent, the banks should keep upgrading the system and implement a large variety of controls. The NBR also needs to keep providing feedback on data quality assessments to banks. There are no explicit guidelines/criteria for hiring third parties who conduct supervisory tasks to assess the quality of the work performed by those experts, or obligating them to report to the NBR promptly any material shortcomings identified. Although the NBR has not used external experts for supervisory tasks, the issuance of such guidelines could be contemplated if the use of third parties were to increase. Also, there is no explicit/regular evaluation process in place to periodically review the information collected to determine that it satisfies a supervisory need particularly in the case of additional prudential returns (except the ones collected according to the common European reporting framework). The authorities should consider the following activity: Develop rules and processes for hiring external experts, including the process of the quality control and avoiding conflicts of interests. Perform a periodic review of whether the prudential returns (required outside of European reporting framework) satisfy a supervisory need.
Principle 11	Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation.
Essential criteria
EC1	The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.
Description and findings re EC1	In accordance with the internal procedures of SD, the team discusses the findings with banks at the end of the on-site examination. After completing the draft supervision report, the findings are sent to the bank and the bank sent observations and comments. Not all observations and comments from bank may be included in the final version of the report The proposals of the SD can be materialized into sanctions, measures, and recommendations through written orders sent to the management of the bank. Where significant corrective actions are identified, the authorities stipulate by written order that these measures/actions be presented to the board. However, the NBR order is not directly submitted by the NBR in a written document to the bank’s Board. The recommendations and corrective measures (through written orders) are monitored by the NBR. Moreover, the bank is required to prepare an appropriate action plan to address all the issues from the examination report (supervisory report) that were not included in the order after the completion of the supervisory report. The banks are obligated to inform the NBR in writing about the remedial status of the measures from the orders and action plans within specific timeframe. One of the objectives of the on-site examination during the next on-site examination is to assess if the measures have been implemented. During the ongoing off-site activities, written explanations and corrective measures are required to be sent to the bank if supervisors identify changes in the financial situation, prudential ratios of a bank or other difficulties or negative developments that can affect its activity. The NBR routinely monitors the efficiency and effectiveness of the measures put in place. If an off-site staff identifies issues during an ongoing supervision that indicates high risk exposure or activity by credit institutions due to noncompliance with the regulations in force, a supervision report will be prepared. With regard to the operational procedure of the SD, on the basis of the findings of the inspection team, the supervisory draft report should be finalized within a period of 60 working days after the on-site assessment ends. This draft is sent to the inspected credit institution for the “right to be heard” stage in which the bank can make observations. The final draft should be finalized within 10 working days of the discussions with the credit institution or after the team receives the additional documents submitted by the bank including clarification from the specialized departments of the central bank on how to interpret the legal provisions that are likely to be applied to findings from the inspection action. After the signed version of the report is received, a consolidated note will be drawn by the members of the inspection team within 15 working days; this note includes a summary of the findings and the proposal regarding the supervision measures, sanctioning measures, and recommendations. However, this time frame is not consistently followed by the SD.
EC2	The supervisor has available47 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened.
Description and findings re EC2	The NBR has the tools necessary to require corrective actions of credit institutions or to impose sanctions. If a CI does not comply with the requirements per banking law, the regulations issued in their application, or in the event that the NBR has determined the CI will unlikely comply with the aforementioned provisions, then the NBR may require a CI to undertake the necessary steps to remedy the deficiencies. According to Article 226 from Banking Law, in the past two years the NBR imposed supervisory measures regarding the business management framework and the internal capital adequacy assessment process, as follows: Maintaining own funds at a level higher than the minimum capital requirements Reducing the risk inherent to activities, products and systems Implementing a specific provisioning policy or treatment of assets Submitting a plan for restoring compliance with supervisory requirements With respect to escalation policies in response to the accumulation of risk, the NBR underlines the provisions of the Banking Law stating that measures and sanctions shall be effective and proportionate with the acts and irregularities, taking in consideration the gravity and consequences, as well as the personal and circumstances of the committed deed, having a dissuasive effect. Therefore, should the credit institution not comply with the measures imposed by the NBR, the supervisory authority can take more restrictive actions in order to respond to the accumulation of risk, applying the provisions of Article 226 paragraph 3 from the Banking Law. These measures include but not limited to: Require the CI to hold own funds in excess of the requirements; Require the CI to apply a specific provisioning policy or treatment of assets in terms of own funds requirements; Restrict or limit the business, operations or network of CIs, including by withdrawal of the approval granted on establishment of branches abroad, or to request the divestment of activities that pose excessive risks to the soundness of a credit institution; Require the CI to reduce of the risk inherent in its activities, products and systems; Require the CI to limit variable remuneration as a percentage of net revenues inconsistent with the maintenance of a sound capital base; Require the CI to use net profits to strengthen its own funds; Require the CI to replace the individuals appointed to conduct the branches of the CI; Limit qualifying holdings in financial or nonfinancial entities where the CI is bound to sell them; Require the CI to present a plan to restore compliance with supervisory requirements detailing the steps and actions to be taken, and set a deadline for their implementation; Limit or prohibit distribution by the CI of profit from distributable item to shareholders or to their members, and/or interest payments to the holders of Additional Tier 1 instruments, where the prohibition does not constitute an event of default of the credit institution; Impose additional or more frequent reporting requirements including reporting on capital and liquidity positions; Impose specific liquidity requirements including restrictions on maturity mismatches between assets and liabilities of CIs; Require additional disclosures to CIs etc. The administrative penalties that can be applied include the following Article 229 Paragraph 1: Written warning; A public warning indicating the natural person, the CI, the financial holding company or the mixed financial holding company responsible and the deed committed; Administrative pecuniary penalties of up to 10 percent of the total annual net turnover including the gross income; In the case of a natural person, administrative pecuniary penalties of up to EUR 5 000 000, to the corresponding value in the national currency on July 17, 2013; Withdrawal of the approval granted to the key persons referred to in Article 108 paragraph (1) of Banking Law; Administrative pecuniary penalties up to twice the amount of profit gained, where determinable. The sanctions that can be applied include the following Article 229 Paragraph 2: An order requiring the natural or legal person responsible to cease and desist from a repetition of the conduct in question; Temporary ban in exercising functions in a credit institution by persons referred to in Article 108 paragraph (1) or by persons appointed to head the branches of the credit institution, held responsible for committing the deeds. Withdrawal of the authorization granted to the credit institution, in accordance with the provisions of Article 39; Suspension of voting rights of the shareholders or of the responsible shareholders. In practice, the NBR actively imposes sanctions and measures to banks and relevant individuals and discloses them on its webpage (http://www.bnr.ro/Sanc%c8%9biuni-emise-de-BNR-12553.aspx).
EC3	The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios.
Description and findings re EC3	The powers of the NBR granted by Banking Law are available when the CI is in breach of the requirements and when the NBR has evidence that the bank is likely to breach the requirements within the next 12 months Article 226. Specifically, the NBR is able to dispose a CI to undertake the necessary steps to remedy the deficiencies in the following situations: The credit institution does not comply with the requirements laid down in Banking Law, in CRR, and the regulations issued in their application; The NBR has indications that it is likely that the CI will not comply with the above- mentioned provisions. Based on SREP methodology, the NBR also determines to what extent the management framework, strategies, processes and mechanisms implemented by a CI, the own funds held and its liquidity, ensures prudent management and adequate coverage of the risks in relation to the CI’s risk profile. The NPR has a wide range of options to address the bank’s breach of threshold requirements and to prevent it from reaching its threshold (See EC2). For example, NBR often requested that banks maintain own funds at a level higher than the minimum capital requirements, reduce the risk inherent to activities, and setting up specific requirements, etc.
EC4	The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license.
Description and findings re EC4	The NBR has a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above (See EC2 and EC3). Applicable in this case can be the provisions of Banking Law Article 226 by which the NBR shall require any CI that does not meet the requirements of Banking Law, of the regulations or other administrative provisions issued for the application thereof, or fails to comply with a recommendation of the NBR, to take the necessary actions at an early stage to address the situation. In this respect, the NBR may require the CI to comply with the reinforcement of the arrangements, processes, mechanisms, and strategies implemented in accordance with Article 24 and Article 148. In accordance with the Article 39 from Banking Law, the NBR may withdraw the authorization granted to a CI in case of breaching the prudential requirements stipulated in part III (capital requirements), IV (large exposures), and VI (liquidity) from CRR. Along with the withdrawal of the credit institution’s authorization, the NBR shall order the dissolution and windup of the credit institution as per Article 44 and Article 255 from Banking Law. Also, Law No. 312/2015 (Recovery and Resolution Law) contains provisions under the NBR, as a competent authority, has at its disposal a range of early intervention measures. Further, Article 149 paragraph 1 states that the NBR, as a competent authority, may require changes to the legal or operational structures of the credit institution. Per Article 153, the NBR may appoint one or more temporary administrators to the credit institution. Thus, the NBR has an appropriate range of supervisory tools available for use when a credit institution is not complying with laws, regulations or supervisory actions. Among the measures required by the EC4, the NBR, as a competent authority, does not have the explicit power to facilitate a takeover by or merger with a healthier institution per Banking Law. A competent authority cannot impose on CIs any measures regarding the merger process or acquisition by a third party per Banking Law. Purchase and assumption transactions are possible resolution instruments according to Law No. 312/2015. When determining the type of sanctions, administrative penalties and fines, the NBR shall take into account relevant circumstances on the commitment of the offence, inter alia, the gravity, and the duration of the breach Article 225 paragraph 4. Where written orders or decision to impose sanctions on banks or individuals are issued, the first deputy governor of the NBR has full responsibility in determining the types of measures and sanction to be taken. Upon completion of on or off-site supervisory activities, the inspection team shall consolidate its findings and propose supervisory measures and sanctions to the first deputy governor for approval. The inspection teams may at times consult the legal department for additional guidance and discuss within the supervision department, as needed—the decision to involve other departments and parties is made solely by the inspection team.
EC5	The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein.
Description and findings re EC5	In accordance with Article 225 from Banking Law, the NBR may adopt measures and impose sanctions aimed specifically at ending observed infringements or the causes of such infringements against a CI or persons effectively controlling the business of Cis that infringe laws, regulations or other administrative provisions issued for the application thereof concerning the supervision or pursuit of their activities. According to Article 229, the NBR may apply various types of sanctions/penalties through written warnings such as withdrawal of approval granted, financial penalties, cease and desist orders, etc. (see EC2). The enforcement of sanctions does not remove the material, civil or penal responsibility. The sanctioning powers are exercised and applied to banks, management, and/or the Board, or individuals.
EC6	The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the bank or the banking system.
Description and findings re EC6	In accordance with Article 166 of Banking Law, the NBR assesses the risks to which the CI may be exposed and if it identifies risks related to the operations carried out with the parent company. In such cases, the NBR may dispose measures, provided by Article 226 paragraph 3 (e) in the Banking Law, to require the CI to reduce the risks associated with its operations, products and systems, to limit or prohibit the distribution by the CI of profit from distributable elements as defined in Article 4 paragraph (1) point 128 of CRR, to its shareholders or members, and/or the payment of interest to the holders of Tier 1 capital instruments should the prohibition not be a default for the credit institution. (See EC2) The provisions of Article 230 (1) state that where persons holding qualifying holdings in the CI no longer fulfill the requirements regarding the quality of the CI’s shareholding or exercise and considered an influence that may jeopardize the prudent management of the CI, the NBR, in addition to any other measures or sanctions that may be imposed on the CI or the persons exercising its management and management responsibilities, may suspend the voting rights attached to the shares held by the shareholders or members in question The NBR may dispose measures to restrict or limit the business, operations or network of CI by withdrawing the authorization issued for establishment of branches abroad or require the cessation of activities involving excessive risks to the credit institution’s soundness. When the actions taken by subsidiaries, parallel-owned banking structures and other related companies could impair the safety and soundness of the bank, the NBR can limit the qualifying holdings of the CI in financial or nonfinancial institutions where the credit institution is bound to sell them.
EC7	The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution).
Description and findings re EC7	The NBR, as the competent authority, has responsibilities of cooperation with relevant authorities in case of resolution process according to Law No. 312/2015 regarding the recovery and resolution of CIs, which transpose the provisions of the BRRD. The NBR, as a resolution authority, shall take a resolution action in relation to a CI only if it considers that all of the following conditions are met: The NBR, as a competent authority, shall determine that the credit institution is failing or is likely to fail. For this purpose, the supervisory structure shall consult the resolution structure; Having regard to timing and other relevant circumstances, there is no reasonable prospect according to which failure could be prevented within a reasonable timeframe, by any alternative private sector measures, including measures by an institutional protection scheme, or supervisory action, including early intervention measures or the write-down or conversion of relevant capital instruments; A resolution action is necessary in the public interest. As for the liquidation process of CIs, the Deposits Guarantee Fund in the banking system has competencies according to Article 256 paragraph 2 from Banking Law.
Additional criteria
AC1	Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions.
Description and findings re AC1	The Supervision Department internal procedure regarding the operational flow of the process of verification and evaluation of the management framework, strategies, processes, and mechanisms implemented by credit institutions establishes deadlines for the supervisory authority and for the banks (See EC1). However, these procedures are set by the “internal rules” of SD in NBR, not by laws or regulations.
AC2	When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of nonbank related financial entities of its actions and, where appropriate, coordinates its actions with them.
Description and findings re AC2	The provisions of Article 189 of the Banking Law stated that in order to establish and facilitate effective supervision at the national level of credit institutions, investment firms, and financial institutions, the NBR and the Financial Supervisory Authority (ASF) shall conclude written coordination and cooperation agreements. Considering the above, the NBR and the supervisory authorities of the financial market (ASF – Financial Supervisory Authority) signed an agreement in order to set up the rules for the cooperation between these authorities and to ensure an efficient supervision of the entities involved in banking, market and insurance activities. This agreement enables the exchange of information between the authorities and facilitates the performance of the supervisory actions on a need basis. However, there is no systematic or regular process that informs the supervisor of nonbank related financial entities of its actions. Assessors were told that the Romanian financial sector is dominated by banks and setting up the regular process is unnecessary, as a need-base cooperation is sufficient. Besides, all sanctions and written orders are disclosed on NBR webpage.
Assessment of Principle 11	Largely Compliant
Comments	The NBR has the tools necessary to require timely corrective actions of credit institutions and to impose sanctions. The NBR has an adequate range of supervisory, sanction measures, and administrative penalties available for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations, or supervisory actions. Corrective actions and sanctioning powers are exercised in a forceful manner and a broad range of measures and sanctions have been applied to banks, management, and/or the Board, or individuals. However, regarding the internal process of measures and sanctions, there appears to be an insufficient amount of mandatory review and analysis processes needed to ensure consistency or justification of inspection outcomes and supervisory/ sanction measures across the banking system. In sum, there is no consistent internal independent review process present to ascertain that the degree/type of measures or the corrective actions are adequate according to the law and regulations. In the case that banks do not agree with the measures/sanctions, the dispute shall be entered into the NBR board. Approximately 45 cases were submitted to the board within a five-year period with 18 cases being contested in court. Some of the issues were about clarification of findings. Thus, assessors are of the opinion that the corrective action and sanctioning regime in the NBR would benefit from adding an independent review process to assist the first deputy governor to make approvals in a more informed manner. This would also enhance the credibility of the supervisors as well as the consistency of corrective actions and sanctions. Among the measures required by the EC4, the NBR, as a competent authority, does not have the explicit power to facilitate a takeover by or merger with a healthier institution per Banking Law. A competent authority cannot impose on CIs any measures regarding the merger process or acquisition by a third party per Banking Law. Purchase and assumption transactions are possible resolution instruments according to Law No. 312/2015, All EU members may have this exception, but still considered a deficiency. With respect to supervisory follow-ups, the time frame described in the internal rules of the NBR is not always kept. Assessors note that the process of supervisory reports and written orders were sometimes delayed. The draft should be sent to banks within 60 working days according to NBR internal procedure, but many examination reports were issued to banks more than 6 months later (on average approximately 140 days in 2016), and the issuance of written orders too even longer. Assessors were told that sometimes wrap-up meetings after on-site inspection were not held in an official manner. This practice could hinder banks to implement supervisory measures in a prompt manner.48 In addition, there is no systematic or regular process informing the supervisor of nonbank related financial entities (including ASF), the NBR’s actions, and there is no process to coordinate its action with them. There is a need-base cooperation between them in this regard. The authorities should consider the following activity: Establish an independent review process in determining written orders and sanctions to guarantee consist approach and clearer justification; introduce internal guidance to ensure more objectivity, accuracy and consistency in exercising sanctioning power and corrective actions. Improve the post-examination process by formalizing a wrap-up meeting to convey findings that require immediate improvement or corrective actions. Intensify engagement and cooperation with the ASF in the process of imposing corrective actions and sanctions.
Principle 12	Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.49
Essential criteria
EC1	The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including nonbanking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system.
Description and findings re EC1	Requirements for supervision on a consolidated basis are established in CRR and CRD IV. In order to prevent and reduce specific banking risks, the NBR shall carry on the prudential supervision of credit institutions (CIs) and their branches established in other Member States or in third countries, by setting rules and prudential banking indicators, by monitoring their observance and compliance with other requirements laid down by law, and by the applicable regulations on an individual basis, consolidated, or sub-consolidated basis, as deemed appropriate. As of June 2017, the scope of banking supervision covered 28 credit institutions and Romanian legal persons. These included 5 stand-alone domestic credit institutions, 1 foreign stand-alone non-EU subsidiary and 22 foreign EU subsidiaries. There are no financial conglomerates in Romania. Regarding the foreign EU subsidiaries (22), their parent banking groups in Europe are, at consolidated EU level, under the direct/indirect supervision of Single Supervisory Mechanism (SMM), Central Bank of Hungary, Polish Financial Supervision Authority, Bank of Israel, Cyprus Central bank, and the NBR. While the NBR is not serving as a consolidating supervisor, it may participate in colleges of supervisors. These colleges provide the necessary instruments for enhancing the supervision of entities within banking groups. CIs supervised on a consolidated basis by the NBR have to comply with prudential requirements based on their consolidated situation. CIs prove to their fulfilment of the prudential requirements to the NBR by means of prudential reports (COREP and FINREP according to Regulation (EU) No. 680/2014). Each CI has also to comply with prudential requirements on an individual basis, irrespective of being supervised on a consolidated basis by the NBR. The NBR conducts SREP assessments on a consolidated basis and the evaluation of activities for each member of the group and their activities within the group are examined during an annual on-site examination. The quantifiable and nonquantifiable (e.g., reputational risk) risks incurred by credit institutions as members of groups are monitored and controlled by the NBR for consolidated banking supervision. The NBR has the power to request any information from the bank subsidiaries and the parent company as deemed necessary for its consolidated supervision. However, there are currently no systematic procedures in place for the overall monitoring and assessment of contagion and reputation risks that may jeopardize the safety and soundness of the bank and the banking system. The authorities state that the contagion risk is taken into consideration by CIs and examined by the NBR. For example, according to Banking Law, a CI shall establish internal limits on intragroup liquidity risk to mitigate the risk of contagion under stress, including for each currency used by the CI.
EC2	The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure.
Description and findings re EC2	In Romania, parent credit institutions as Romanian legal entities must comply with the obligations provided by CRR and Directive 2013/36/EU (ICAAP) on the basis of their consolidated situation. Banking groups are subject to regulations on capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. Each credit institution, irrespective of being supervised on a consolidated basis by the NBR, has also to comply with prudential requirements on an individual basis. Prudential information is provided, on a consolidated basis, to the competent authorities according to Regulation (EU) No. 680/2014, which establishes ITS with regards to supervisory reporting of institutions according to CRR. The NBR carried out annual SREP assessments on a consolidated basis. While the NBR is not a consolidating supervisor it remains responsible for the supervision of credit institutions and may participate in colleges of supervisors. These colleges provide the necessary instrument for enhancing the supervision of entities within banking groups. Credit institutions demonstrate their fulfilment of the prudential requirements by means of prudential reports (COREP and FINREP according to Regulation (EU) No. 680/2014) sent to the designated competent authority As an off-site activity, the quarterly key risk indicators are mainly monitored on a solo basis rather than a consolidated basis. Authorities mentioned that Romanian banking sector is bank dominated and the consolidated figures are usually more prudent than a solo basis.
EC3	The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations.
Description and findings re EC3	Article 7 of NBR Regulation No. 5/2013 stipulates that within a group structure, the management body of a parent credit institution as a Romanian legal entity must ensure that within the group there is an adequate framework for the management of the activity and that it is appropriate to the structure, activity, and risks of the group and its entities. In order to fulfill its responsibilities within the management framework, the management body of a parent credit institution must: establish a structure for the management framework that contributes to the effective supervision of its subsidiaries which takes into account the nature, scale and complexity of the various risks to which the group and its subsidiaries are exposed; approve a policy regarding the management framework for the entire group and for its subsidiaries, including the commitment to meet all the requirements applicable to the management framework; ensure that there are sufficient resources for each subsidiary to meet both group-level standards and local management framework standards; have adequate means to monitor that each subsidiary complies with all applicable requirements on the management framework; ensure that reporting lines at the level of the group are clear and transparent, especially if the lines of activity do not overlap with the organization of the group from a legal point of view. Article 8 also stipulates the responsibility for the management body of a parent institution to: understand not only the organization of the group but also the purpose of the different entities and the links and the relations between them; ensure that the various entities in the group (including the credit institution itself) receive sufficient information to have a clear perception of the overall objectives and risks of the group; ensure that it is kept informed of the risks posed by the group structure. The NBR reviews whether the oversight of a bank’s foreign operations by management is adequate during the annual on-site examination. In case of cross border groups, the NBR is participating in 9 colleges of supervisors. Regarding the expertise needed in foreign operations, the NBR does not give specific guidance to Romanian banks on the soft and hard skills needed by bank officials who are posted overseas. The effectiveness of host country supervision does not seem to be assessed in the course of managing cross-border supervision arrangements on a regular basis since it has limited applicability in Romanian context. Authorities state that there is only one Romanian bank’s overseas subsidiary in Moldova and one branch in Italy so the need for regular assessments is not significant.
EC4	The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate.
Description and findings re EC4	In 2016, the NBR conducted onsite inspections of a Romanian bank subsidiary in Moldova, focusing on credit risks and other supervisory concerns. This was the first on-site visit of the NBR to a Romanian bank’s foreign offices; the NBR met the host supervisor during these visits. To date, the lone branch operating in Italy (0.3 percent of the respective banking group’s total assets) has yet to be visited. According to the banking law, the NBR may perform direct on-site inspections after having first informed the competent authorities of the host Member States, or may ask these competent authorities to perform this task on its behalf and participate in the inspection process, if necessary.
EC5	The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.
Description and findings re EC5	In Romania, the majority of the credit institutions are subsidiaries of European banking groups. Consolidated supervision of the whole group is performed by ECB while the NBR is responsible with the supervision of the Romanian subsidiary at individual and sub-consolidated levels (the credit institution authorized as Romanian legal person and its affiliates included in the prudential consolidation perimeter). Considering this, the NBR does not reach the banking holding companies or affiliated companies directly, but the measures imposed on the credit institution authorized in Romania (with respect to the capital ratio necessary to be maintained above the minimum level, to make changes in the business model, in the management body composition, restrict some activities or business lines, the limitation or even the cessation of activities involving excessive risks to the credit institution’s soundness, to limit qualified holdings in financial or nonfinancial entities, where the credit institution is obliged to sell it) can affect the parent company and affiliates indirectly. According to Article 1516 of Regulation 6/2008, the credit institutions shall submit annually to the NBR and within six months of the previous financial year, the financial information related to shareholders who hold directly, indirectly, or in concert, qualifying shares. Within 30 days of the financial year end date, credit institutions shall annually disclose to the NBR through the interbank communications network, a statement of all shareholders including the following information: identity, residence and citizenship for individuals, nationality and address, for legal entities, the number and value of shares held, the percentage of participation in the share capital and of the voting rights. In cases where the parent companies are investment firms, the NBR cooperates with the Financial Supervision Authority responsible with their supervision at an individual level. The cooperation between the two supervisory authorities is regulated in the Government Emergency Ordinance (OUG) 99/2006, Articles 189–192), which stipulates the necessity of concluding written cooperation and coordination agreements. In terms of relevant supervisory actions, the NBR also is empowered to adopt various measures in this regard. For example, according to Article 294 of Banking Law, the NBR has the power to impose the sanctioning measure of a suspension of the exercise of the voting rights of the shareholder(s) responsible, in all cases stipulated in this Article. (See CP 11 EC2) The main activities of parent companies and of companies affiliated with the parent companies are mainly reviewed during on-site examination and the NBR takes actions as deemed necessary.
EC6	The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered.
Description and findings re EC6	When the NBR determines that arrangements, strategies, processes, and mechanisms implemented by a credit institution, and the own funds and liquidity held do not ensure sound management and coverage of risks, it may take the following measures: restrict or limit the business, operations or network of credit institutions, including by withdrawal of the approval granted on establishment of branches abroad, or to request the divestment of activities that pose excessive risks to the soundness of a credit institution; and require the credit institution the reduction of the risk inherent in its activities, products and systems. According to Article 85 of Banking Law, if the NBR is informed by the competent authority of the host Member State of the fact that a credit institution, that has a branch or directly provides services within the territory of the Member State concerned, does not comply with the legal provisions adopted in that Member State, the NBR shall within the shortest delay take the necessary measures to ensure that the offending credit institution puts an end to that irregular situation. The nature of these measures shall be communicated to the competent authority of the host Member State. Also, the NBR may reject the application for approval of the establishment of the branch if, on the basis of information held and documentation submitted by the credit institution (a Romanian legal entity) it ascertains that the existing legislative framework of the third country and/or the manner in which it is implemented impedes the exercise of supervisory functions by the NBR.
EC7	In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a standalone basis and understands its relationship with other members of the group.50
Description and findings re EC7	Credit institutions in Romania have to comply with the obligations provided by CRR and Directive 2013/36/EU (ICAAP) on an individual basis as well as on a consolidated basis (See EC2). In addition, credit institutions that are not subsidiaries, parent undertaking, or not included in prudential consolidation should comply with the obligations on an individual basis. The European regulation provides some derogations from the application of prudential requirements on an individual basis but these were not exercised in Romania.
Additional criteria
AC1	For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies.
Description and findings re AC1	According to banking law Article 15 and Article 26, the NBR has the power to set and enforce fit and proper standards for owners and senior management of parent corporates. (see CP5 and CP6) For example, Article 26 stipulates that in order to ensure the sound and prudent management of the credit institution in which an acquisition is proposed and having regard to the likely influence of the proposed acquirer on the credit institution, the NBR assesses the suitability of the proposed acquirer and the financial soundness of the proposed acquisition against all of the following criteria: the reputation of the proposed acquirer, specifically its integrity and professional competence; the reputation, knowledge, skills and experience of any person who will direct the business of the credit institution, as a result of the proposed acquisition; the reputation and experience of any person performing management and/or running responsibilities of the credit institution, as a result of the proposed acquisition. In order to grant authorization to a CI, the NBR should be satisfied as to suitability of the persons where close links exist between the credit institution and other natural or legal persons; the financial soundness of the proposed acquirer, in relation to the type of business pursued and envisaged in the credit institution in which the acquisition is proposed. The authorities mention that the NBR shall monitor compliance with the conditions referred to shareholders on a continuous basis and take appropriate measures if the requirements on ensuring prudent and sound management are no longer met. However, the formal fit and proper reviews for owners and senior management of parent corporates are not conducted on a regular basis after acquisition or granting licenses
Assessment of Principle 12	Largely Compliant
Comments	In Romania, the majority of the credit institutions are subsidiaries of European banking groups. Consolidated supervision of the whole group is performed by ECB or respective authorities while the NBR is responsible for the supervision of the Romanian subsidiary at individual and sub-consolidated levels (the credit institution authorized as a Romanian legal person and its affiliates included in the prudential consolidation perimeter). While the NBR is not a consolidating supervisor, it is responsible supervision of credit institutions and may participate in colleges of supervisors. These colleges provide the necessary instrument for enhancing the supervision of entities within banking groups. The NBR conducts SREP assessments on a consolidated basis and the requirements for consolidated supervision are established in CRR and CRD IV. The intra-group activities are examined during an annual on-site examination. However, there seems to be limited systematic procedures in place for overall monitoring and assessment of contagion and reputation risks that may jeopardize the safety and soundness of the bank and the banking system. The authorities state that this is taken into consideration by CIs. For example, a CI shall establish internal limits on intragroup liquidity risk to mitigate the risk of contagion under stress, including for each currency used by the CI. However, assessors note that some credit institutions have exposures to a group entity of around 80–90 percent of capital at a point of time. Authorities mention that those are mainly deposits to headquarters so related risk is not significant. Nevertheless, it is not clear what the supervisors’ expectations and risk tolerance are in terms of intra-group risk management without clear supervisory guidelines. In addition, as one of the off-site activities of consolidated supervision, the quarterly key risk indicators are mainly monitored on a solo basis rather than both solo and consolidated basis. In terms of fit and proper standards on the owners and senior management of parent corporates, the NBR has the power to set and enforce the standards. However, the formal fit and proper reviews are conducted in the stage of acquisition or granting licenses, and not conducted on a regular basis.51 The authorities mention that the NBR shall monitor compliance with the conditions referred to shareholders on a continuous basis, although there is no formal regular fit and proper review after granting licenses. The authorities should consider following: Further enhance monitoring contagion and reputational risks within the banking group or establish guidelines on risk management of intra-group exposures and transactions, if needed; Conduct off-site monitoring on a consolidated basis more frequently; Conduct fit and proper reviews on a regular basis in case of corporate owner of banks.
Principle 13	Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks.
Essential criteria
EC1	The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, considering the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.
Description and findings re EC1	The banking law Article 1851 authorizes NBR to establish bank specific supervisory colleges as a home supervisor where needed. Locally owned banks do not have significant branches or subsidiaries abroad. No supervisory college has yet been set-up by NBR as a home supervisor.
EC2	Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group52 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information.
Description and findings re EC2	The legal and regulatory framework allows appropriate home-host cooperation. NBR is a member of 15 EU supervisory colleges, including all significant EU subsidiaries and a significant branch (with 7 percent of assets at end 2016). MOUs have all been signed with national supervisors of countries where the largest EU banks active in Romania are headquartered (see CP 3 EC 2). The ECB / SSM has been the home supervisor of the largest EU subsidiaries and branches (72 percent of assets in 2016) since 2014. NBR actively cooperates with the ECB /SSM, even if a draft written coordination agreement governing supervisory colleges is still to be signed (draft submitted by the ECB /SSM for comments in 2017). While this process is ongoing, the provisions of existing arrangements are implemented, with the participation of ECB /SSM as home supervisor. Detailed and mandatory templates for group and individual risk assessments are included in the EU Commission implementing Regulation 2016/99 of 16 October 2015 laying down implementing technical standards with regard to determining the operational functioning of the colleges of supervisors. NBR highlighted the intensity and quality of exchanges within supervisory challenges, which is confirmed by EBA analyses. The EBA report on the functioning of supervisory colleges in 2016 highlights the effective (and improving) functioning of these colleges, including intense college interactions, detailed group risk assessments (with progress needed on the business profile component in some cases), dialogue between the consolidating supervisor and the relevant competent authorities in a multilateral setting to discuss and agree upon the proposed capital and liquidity requirements, then reflected in joint decisions which were considered well-reasoned (even if in many college mandatory risk-by-risk decomposition of the capital requirement was not shared and discussed in the college setting and liquidity joint decisions were of a lower quality than the capital joint decisions, mainly because of their less granular reasoning, particularly for the subsidiaries).
EC3	Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.
Description and findings re EC3	Supervisory activities are coordinated in the context of colleges. The home and host supervisors agree on the annual SEP, as contemplated by CRD IV Articles 99 and 116. For this reason, each competent authority provides its scheduled annual supervisory activities (on-going and on-site) by filling the SEP. NBR, as a host authority, regularly participates and contributes to the planning of supervisory activities, discussions and information exchange. In recent years, NBR jointed the ECB as a home supervisor in on-site inspections carried out in three Romanian subsidiaries of the EU banks. Detailed exchanges of information on liquidity risks were also introduced at the time of the Greek crisis between members of the supervisory colleges of Greek banks to share daily updates on the liquidity situation of different group members, including Romanian subsidiaries.
EC4	The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues.
Description and findings re EC4	NBR is only a host authority. Where NBR is part of a supervisory college, cooperation agreements in place and agreed practices of the colleges provide the basis for the exchange of information and the communication strategy to the bank (on a case-by-case basis).
EC5	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality.
Description and findings re EC5	A new framework for dealing with failing banks, the BRRD was agreed in 2014, and transposed in Romania and across the EU in 2015. It organized cross-border crisis preparedness, cooperation, management and ultimately resolution. For crisis management, written coordination arrangements are in place covering inter alia the means of communication, information to be exchanged and relevant persons to be contacted (these arrangements are reviewed on annual basis). For Romanian subsidiaries, NBR (resolution function) make their own assessment of critical functions. Both the supervisory and resolution functions of NBR are involved as a host in the preparation of cross-border recovery and resolution plans. The resolution function is taking the lead on the preparation of resolution plans (with inputs from the supervisor function), while the supervisory function takes the lead in the review of recovery plans prepared by banks, with inputs from the resolution function (see CP 3).
EC6	Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures.
Description and findings re EC6	See EC 5 and CP 3 on respective responsibilities and cooperation between the supervisory and resolution functions of NBR. Resolution plans were prepared for almost all Romanian banks and, where appropriate, approved by joint decisions in resolution colleges (starting in 2016). Resolution plans for 15 out of 19 subsidiaries of cross-border groups subject to consolidated supervision have been elaborated and revised, where applicable, within the respective resolution colleges (i.e., 96.88 percent of the cross-border groups’ subsidiaries net assets as of June 2017).
EC7	The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks.
Description and findings re EC7	Cross-border operations of EU banks are subject to similar prudential, inspection and regulatory reporting requirements similar to those of domestic banks, in application of EU regulatory and supervisory arrangements. Article 206–1 of the banking law mentions that: “where a credit institution, a Romanian legal person, having as parent undertaking a credit institution, an investment firm, a financial holding company or a mixed financial holding company, the head office of which is in a third country, is not subject to consolidated supervision performed by a competent authority of a Member State, the National Bank of Romania shall verify whether the credit institution is subject to consolidated supervision exercised by a third-country competent authority, which is equivalent to that governed by the principles laid down in this” banking law.
EC8	The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.
Description and findings re EC8	There is an explicit provision in the law regarding the possibility for home supervisors of EU branches to perform on-site inspections at the head office of the branch in Romania Article 211–1. There is no such explicit provision for the on-site inspections by the home supervisors of subsidiaries of EU banking groups, However, this falls under broader cooperation arrangements (including MOU and WCCA) and has been regularly practiced (including as part of asset quality reviews conducted across the EU in 2014; in that case, NBR was informed and joined the mission as an observer or more recently with ECB teams inspecting three banks). There is no explicit provision authorizing home supervisors from third country to perform on-site inspections in subsidiaries in Romania Article 212 of the banking law only covers branches). NBR may allow it on a case by case basis. There is currently only one small subsidiary from a third country (Israel), where no inspection was conducted by the home supervisor.
EC9	The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks.
Description and findings re EC9	The banking Law sets out certain requirements that must be met to establish a bank which prohibits shell banks from operating within Romania. All credit institutions must be registered with and have a licence issued by the NBR, and the NBR must affirm that the management of the bank is meeting Romanian “fit and proper” standards. The NBR supervises the licensing process for all credit institutions, Romanian legal entity, and has the sole authority to grant and revoke banking licenses. (See CP5)
EC10	A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action.
Description and findings re EC10	NBR is a member of colleges of supervisors of all significant EU subsidiaries and branches, which include detailed consultation mechanisms (and often require a joint decisions). For other subsidiaries and branches of EU banks, MOUs were signed covering relevant aspects. More broadly, Article 188–1 of the banking law requires NBR to “consult the other competent [i.e., EU] authorities responsible for the supervision on an individual and/or on a consolidated basis prior to taking a decision that is of importance for those competent authorities’ supervisory tasks.”
Assessment of Principle 13	Compliant
Comments	The NBR is primarily a host supervisor. It is a member of 15 EU colleges of supervisors, which allow effective exchanges of information (based on unified templates and shared methodologies) and unified supervisory actions (including joint decisions). Close coordination is also in place for crisis management and resolution, at the domestic level with the resolution arm of NBR and, for large banks active in Romania, within EU supervisory and resolution colleges. All Romanian banks prepared recovery plans starting in 2016; resolution plans were also prepared for almost all of these institutions (and their groups where applicable).