Abstract
The Central Bank of Brazil (BCB) has shown a determined commitment to enhancing its standards and practices of banking supervision. Changes in the thinking and practices of the BCB’s supervision are not limited to responses to the demands of the international regulatory reform agenda. Overall, the BCB has been guided by the principle of integration, both in terms of the expectations that it places on its own internal operations but on the standards it expects the financial institutions to meet in governing their own risks and activities. One example is the BCB’s innovative and challenging work in the field of contagion analysis at the systemic level which is a perspective it also seeks to embed in its analysis of contagion risk in its prudential work at firm level. Boosting staff levels in conduct supervision, introducing a form of twin peaks, contagion risk analysis, and the prudential conglomerate approach also exemplify welcome developments.
SUMMARY AND KEY FINDINGS
1. The Central Bank of Brazil (BCB) has shown a determined commitment to enhancing its standards and practices of banking supervision. Changes in the thinking and practices of the BCB’s supervision are not limited to responses to the demands of the international regulatory reform agenda. Overall, the BCB has been guided by the principle of integration, both in terms of the expectations that it places on its own internal operations but on the standards it expects the financial institutions to meet in governing their own risks and activities. One example is the BCB’s innovative and challenging work in the field of contagion analysis at the systemic level which is a perspective it also seeks to embed in its analysis of contagion risk in its prudential work at firm level. Boosting staff levels in conduct supervision, introducing a form of twin peaks, contagion risk analysis, and the prudential conglomerate approach also exemplify welcome developments.
2. The Central Bank of Brazil (BCB) has achieved a high degree of compliance with the Basel Core Principles for Effective Banking Supervision (BCPs). The revision to the BCP methodology raised the standards expected of supervisory authorities, and as a result it is not always straightforward to recognize when a supervisory authority has continued to evolve its approach and improve its standards as in the case in Brazil. Integrating the perspective of conduct supervision into the overall view of the institution, placing corporate governance assessment at the center of the supervisory process, and developing the prudential conglomerate approach are some of the significant changes that can be expected to enhance supervision. It is also important to acknowledge that some of the changes required by the revised methodology, such as assessment of recovery and resolution, in many jurisdictions, depends on major legislative reforms which can slow progress in meeting the revised core principles, despite the strong efforts of the supervisory authorities, and this is the case in Brazil.
3. There are, however, gaps in the overall approach, some of which persist from past assessments, notably lack of formal independence of the supervisor. Independence of the BCB appears to be operationally in place but has no protection under the law. Specifically, the staff of the BCB lack the appropriate legal protection that should be a requirement for anybody of professional staff that is expected to be assertive and effective when using the BCB’s own legal powers. Other significant governance and accountability features are also missing. The BCB’s status is vulnerable to being undermined if its Governor can be dismissed for any reason and without the cause being stated. It is possible to discern that the supervisory practices of the BCB, while assiduous, can be cautious and sometimes the period of time to reach a final conclusion to supervisory action can be too lengthy. Even though it is important to take into account the fact that, at the time of the mission, the BCB was awaiting the passage of legislation that should improve the flexibility and speed of execution of its supervisory actions, it is just as important to ensure legal protection so that the BCB can move forward assertively in all its supervisory processes and decisions.
4. Following the last FSAP, the BCB dis-applied the solo supervision of banks, while maintaining its view of the prudential conglomerate. The concept of prudential conglomerate, as set out in regulation (Resolution 4280), is valuable and there is no suggestion that the BCB should dispense with it. However, the ability to include any relevant entity in the prudential conglomerate should not be at the expense of the oversight of the individual banking institutions as solo entities within the prudential consolidation. In particular, the work on resolution and recovery underpins the importance of understanding the legal structure of a group and whether and to what extent the banking institutions meet the minimum prudential requirements. The BCB should re-instate prudential requirements and monitoring at the individual banking institution level as well at the conglomerate level.
5. While the use of data by the BCB is a clear strength it is essential to ensure that the onus is upon the banks to manage, monitor and report their own risks. Therefore, although the prudential framework is well embedded in the Brazilian banking system, the extensive use of data by the BCB that it gathers from its own sources but not from the banks, can lead to the possibility that the banks may be inattentive to some of their own risks. This is particularly so because there are some gaps in the supervisory data received by the BCB at solo level and in respect of some prudential aspects as indicated below.
6. The regulatory and the supervisory frameworks come together collectively to promote a risk management culture and framework in the banks operating in Brazil. The frameworks are required to be compliant with the key elements of risk management (identify, measure, monitor and manage) and also are required to be comprehensive in scope to cover all material risks, in proportion to their materiality, and the risk profile and systemic relevance of the institutions. This is achieved in some degree with the adoption of the tiered, or “segment” approach. The regulations are comprehensive and explicitly establish detailed expectations for credit, market, operational and liquidity risk management frameworks and the related governance frameworks. While the work on recovery and resolution plan is progressing for the large banks, the stress testing and contingency planning requirements help in assessing the resilience and preparedness in the other banks.
7. The prudential framework is well embedded in the Brazilian banking system. The BCB has been requiring and enforcing the key prudential requirements such as the capital adequacy, liquidity, large exposures at the level of the prudential conglomerate. Overall, these are in line with the international standards, but some elements of these requirements can be seen to be more conservative than those set in the relevant standards. Going forward, some of the areas where the prudential framework can be improved include a nuanced approach to concentration risk going beyond counterparty risk concentration, strengthening of the norms for related party transactions and guiding the implementation of country and transfer risk management in the supervised institutions.
8. The BCB has been constantly improving the scope and focus of supervision and adopting improved methodologies and approaches to supervision, with explicit emphasis on the large institutions. This is evident in the adoption of the segment approach and the linking of the supervisory cycle to the segment to which the supervised institution belongs. For the large and internationally active institutions (S1), the supervisory cycle is one year and for the smaller banks (S3 and S4) it can be a three-year cycle, unless specific issues are identified. Due to corporate law, in Brazil, unlisted banks are not required to establish a board of directors (non-executive), need not establish an audit committee when they are small, and shareholders can constitute the senior management. In the light of the possible governance structures in the small banks and their implications for risk governance in these institutions, allocation of supervisory resources to the small banks may need some nuancing.
INTRODUCTION1 AND METHODOLOGY
9. This assessment of the current state of the implementation of the Basel Core Principles for Effective Banking Supervision (BCP) in Brazil has been completed as part of the 2017 FSAP update. The FSAP update was undertaken by the International Monetary Fund (IMF) and World Bank (WB) and the BCP assessment mission took place from October 30th to November 21st, 2017.
10. It should be noted that the ratings assigned during this assessment are not directly comparable to previous assessments. The current assessment of the BCB was against the BCP methodology issued by the Basel Committee on Banking Supervision (BCBS) in September 2012. The authorities have opted to be assessed and graded on the essential and additional criteria. The last BCP assessment in Brazil was prepared in the course of the 2012 Financial Sector Assessment Program (FSAP). The BCP methodology has been revised since the last assessment took place and the revisions have led to some substantive changes.
11. In the 2012 revision of the CPs, the BCBS sought to reflect the lessons from the global financial crisis and to raise the bar for sound supervision reflecting emerging supervisory best practices. New principles have been added to the methodology along with new essential criteria (EC) for each principle that provide more detail. Altogether, the revised CPs now contain 247 separate essential and also additional criteria against which a supervisory agency may now be assessed. In particular, the revised BCPs strengthen the requirements for supervisors, the approaches to supervision and supervisors’ expectations of banks. While the BCP set out the powers that supervisors should have to address safety and soundness concerns, there is a heightened focus on the actual use of the powers, in a forward-looking approach through early intervention.
12. The assessment team reviewed the framework of laws, rules, and guidance and held extensive meetings with authorities and market participants. The assessment team met officials of BCB, and additional meetings were held with the Ministry of Finance (MoF), auditing firms, and banking sector participants. The authorities provided a comprehensive self-assessment of the CPs, as well as detailed responses to additional questionnaires, and facilitated access to staff and to supervisory documents and files on a confidential basis.
13. The team appreciated the very high quality of cooperation received from the authorities. The team extends its warm thanks to staff of the authorities, who provided excellent cooperation, including provision of documentation and technical support.
14. The standards were evaluated in the context of the sophistication and complexity of the financial system of Brazil. The CPs must be capable of application to a wide range of jurisdictions whose banking sectors will inevitably include a broad spectrum of banks. To accommodate this breadth of application, a proportionate approach is adopted within the CP, both in terms of the expectations on supervisors for the discharge of their own functions and in terms of the standards that supervisors impose on banks. An assessment of a country against the CPs must, therefore, recognize that its supervisory practices should be commensurate with the complexity, interconnectedness, size, and risk profile and cross-border operation of the banks being supervised. In other words, the assessment must consider the context in which the supervisory practices are applied. The concept of proportionality underpins all assessment criteria. For these reasons, an assessment of one jurisdiction will not be directly comparable to that of another.
15. An assessment of compliance with the BCPs is not, and is not intended to be, an exact science. Reaching conclusions required judgments by the assessment team. Banking systems differ from one country to another, as do their domestic circumstances. Furthermore, banking activities are undergoing rapid change after the crisis, prompting the evolution of thinking on, and practices for, supervision. Nevertheless, by adhering to a common, agreed methodology, the assessment should provide the Brazilian authorities with an internationally consistent measure of the quality of their banking supervision in relation to the revised CPs, which are internationally acknowledged as minimum standards.
INSTITUTIONAL AND MARKET STRUCTURE-OVERVIEW
16. The Brazilian national financial system (SFN) was established and operates under the provisions of the Banking Law (Law 4,595, of 1964), which created the National Monetary Council (Conselho Monetário Nacional—CMN) and the Central Bank of Brazil (BCB). The CMN is the highest decision-making body of the SFN and is responsible for formulating monetary and credit policy, aiming at price stability and social and economic development. Its current structure is composed of: i) the Minister of Finance, as Chair of the Council; ii) the Minister of Planning, Development and Management; and iii) the Governor of the BCB. The BCB acts as the permanent executive secretariat of the CMN. Policy proposals—most of which come from the BCB—are debated by a technical advisory body—Technical Commission on Currency and Credit (Comoc)—that also includes the President of the CVM. The BCB is responsible for complying with and enforcing the decisions of the CMN. The CMN Resolutions set the framework in general terms, while the BCB Circulars calibrate requirements or define methodological details. The CMN does not have supervisory powers.
17. The Brazilian financial sector regulatory structure is comprised of four sectoral regulators: CVM (securities), BCB (prudential & financial institution supervision), SUSEP (insurance) and PREVIC (pension). All four regulators function under the CMN. The BCB is the single prudential supervisory authority of the banking system. The Securities and Exchange Commission of Brazil (CVM) has the responsibility of monitoring the activities and services of the securities market, as well as the disclosure of information related to the market. The CVM and the BCB share regulatory authority over financial intermediaries, both regulators having licensing authority. The CVM is responsible for business conduct and market regulation of intermediaries and the other secondary markets, equity, derivatives and non-governmental debt. Meanwhile the BCB is responsible for prudential surveillance, principally capital adequacy, and oversight of the currency and government debt markets. Its laws and regulations apply equally to financial institutions, i.e. both banks and capital market intermediaries.
18. The banking sector in Brazil is concentrated and interconnected. The six largest banks account for almost 70 percent of the financial system and nearly 94 percent of GDP. Expanding the sample, to the largest 13 banks, accounts for 88 percent of the financial system and 119 percent of GDP. The six largest banks are subject to Brazil’s adoption of the Basel regulatory standards and account for nearly 96 percent of international activity.2
19. Despite economic challenges in recent years, the financial indicators in the banking sector remain healthy. System-wide capitalization was at 11.5 percent CET1 and 16.1 percent total capital, at end 2016, compared with minimum regulatory requirements of 4.5 and 11 percent respectively. Asset quality has been eroded with both households and corporates showing signs of deterioration, as the percentage of problem assets in total loans to non-financial corporates doubled in two years to 8 percent. In households, the problem assets reached their highest level since 2013, though may have peaked. Profitability has been affected and ROE for the banking sector at end March 2017 was 13.3 percent, compared with 22.8 at the time of the last FSAP.
Table 1.
Source: Unicad / Capef
Brazil: Number of Banks in Brazil by Ownership
Table 1.
Source: Unicad / Capef
Brazil: Number of Banks in Brazil by Ownership
| Banks | 2012 | 2013 | 2014 | 2015 | 2016 | |
|---|---|---|---|---|---|---|
| Dec | Dec | Dec | Dec | Dec | ||
| Public | 9 | 9 | 10 | 10 | 10 | |
| Private | 151 | 146 | 143 | 144 | 145 | |
| National | 70 | 67 | 63 | 72 | 63 | |
| with Foreign Participation | 16 | 15 | 16 | 6 | 17 | |
| under Foreign Control | 59 | 58 | 58 | 60 | 59 | |
| Foreign Full Branches | 6 | 6 | 6 | 6 | 6 | |
| Total | 160 | 155 | 153 | 154 | 155 | |
Table 1.
Source: Unicad / Capef
Brazil: Number of Banks in Brazil by Ownership
| Banks | 2012 | 2013 | 2014 | 2015 | 2016 | |
|---|---|---|---|---|---|---|
| Dec | Dec | Dec | Dec | Dec | ||
| Public | 9 | 9 | 10 | 10 | 10 | |
| Private | 151 | 146 | 143 | 144 | 145 | |
| National | 70 | 67 | 63 | 72 | 63 | |
| with Foreign Participation | 16 | 15 | 16 | 6 | 17 | |
| under Foreign Control | 59 | 58 | 58 | 60 | 59 | |
| Foreign Full Branches | 6 | 6 | 6 | 6 | 6 | |
| Total | 160 | 155 | 153 | 154 | 155 | |
PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION
Sound and Sustainable Macroeconomic Policies and Financial Sector Policies
20. Since the last FSAP, Brazil has experienced a long and deep recession, with recovery now underway. The recession has been marked by low levels of confidence and large declines in investment and private consumption. From the beginning of 2015 through 2017, real output contracted by nearly 8 percent on a cumulative basis, around 3 million formal jobs were lost, and the unemployment rate almost doubled. The recession, triggered by large macroeconomic imbalances and a loss of confidence, was exacerbated by declining terms of trade, tight financing conditions, and a political crisis. The new government has pursued a reform agenda and has had some success, for example passing a law to cap growth in federal noninterest spending in real terms. Structural problems remain a threat to fiscal sustainability, however, and the government’s ability to deliver on social security reform, a crucial step toward securing fiscal sustainability, is uncertain. National elections are scheduled for 2018.
Well-Established Financial Stability Policy System
21. The CMN is responsible for formulating the overarching monetary and credit policy.3 Together with the BCB, the CMN takes a central role in shaping macroprudential policies, working with Ministry of Finance (MF) and the other financial regulators. These agencies are the Securities and Exchange Commission of Brazil (CVM) for the securities market participants, the Superintendence of Private Insurance (Susep) for insurance companies, and the National Superintendence of Complementary Pension (Previc) for pension funds.
22. The BCB has the ability to design and implement tools to address vulnerabilities in financial stability areas, either directly or indirectly by supporting CMN policymaking. When it is done indirectly through the CMN, CMN Resolutions set the framework in general terms while BCB Circulars calibrate requirements or define methodological details. The other agencies and the MoF are also responsible for policy decisions supporting financial stability. In addition, there are bodies similar to the CMN for insurance and pensions, the National Council for Private Insurance (CNSP) and the National Council for Complementary Pensions (CNPC).
23. A high level consultative forum has been created for the coordination of supervisory policies among the financial regulatory agencies. This is the Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension Markets (COREMEC). COREMEC is composed of the four financial regulatory authorities (BCB, CVM, Susep, and Previc) who share a rotating presidency. COREMEC provides a space for the coordination of multi-agency supervisory and regulatory actions and information-sharing, though members’ recommendations and advice are not binding on each other.
24. The BCB, CVM, Susep and Previc, as financial supervisors, are responsible for macro-prudential surveillance. However, the BCB takes a leadership position because of its capacity of receiving, processing and analyzing a significant amount of data and the bank-centric nature of Brazil’s financial system and is widely perceived to have a financial stability mandate.
Brazil: Relationship Between Financial System Authorities in Brazil
Citation: IMF Staff Country Reports 2018, 340; 10.5089/9781484387504.002.A001
A Well-Developed Public Infrastructure
Business Law System
25. The Brazilian legal system is based on the civil law tradition. The Federal Supreme Court is the highest court in Brazil and is responsible for safeguarding the Constitution, as well as functioning as a court of review. The Superior Court of Justice (STJ) is the highest court of law for federal law matters.
26. Reforming measures adopted in recent years to enhance the efficiency of the dispute resolution system include the Code of Civil Procedure of 2016. The Code sought to modernize and make the system more flexible. One aim, in introducing the Code was to amend the right to bring a case to court on a repeated basis. The Brazilian National Council of Justice reported that there were approximately 74 million suits awaiting judgment in Brazil at the end of 2015. Under the new Code, higher court decisions will be binding on lower courts, including decisions in respect of repetitive cases or repetitive appeals.
Internationally-Accepted Accounting Standards and Independent External Auditing
27. The Federal Accounting Council (CFC) approves the Brazilian Accounting Norms (NBC), based on the International Standards on Auditing (ISA) issued by International Auditing and Assurance Standards Board (IAASB) as of end 2010. The BCB is the body that enforces audit standards when an external auditor is auditing a banking group. Also, the BCB is responsible for issuing the accounting norms for the banking sector, pursuant to the Banking Law and Law 11941 of 2009. Consolidated statements based on IFRS are required for publicly listed financial institutions and from to those entities subject to the requirement to establish an Audit Committee. The CMN has promoted an approximation with the international accounting standard in relation to individual financial and regulatory financial statements. Furthermore, the BCB has announced its commitment to revising the accounting of financial instruments with a view to enhancing convergence with IFRS 9.
28. Financial institutions are required to obtain an external auditor’s opinion on the financial statements (Resolution 3,198). Only audit firms registered with the CVM may audit financial statements of listed companies and financial institutions. CVM requires all members of the audit firms to be accountants (Instruction 308). The CVM conducts periodic audits on the work of external auditors of listed or foreign entities and no irregularities were identified in 2016. External Auditors are subject to regulations issued by the CMN and the BCB, as well as by those issued by CVM, CFC and Ibracon, when these are not in conflict with CMN or BCB rules (Resolution 3,198). Resolutions issued by the CFC establish the professional rules for the work of external auditors.
Regulation, Supervision and Rules for Other Financial Markets and Players
29. The BCB’s oversight role is very wide. In addition to banking, the BCB also oversees financial market infrastructure, and is responsible for the licensing, supervising, and monitoring of these institutions in what pertains systemic soundness. Other financial regulators in Brazil are Susep which regulates and supervises the insurance and re-insurance companies, private pension, and capitalization plans, Previc which oversees pension funds and the CVM which is responsible for regulating and supervising participants in the securities and derivatives markets—including the investment fund industry—and both exchange-traded and over-the-counter (OTC) markets.
Table 3.
Brazil: The Structure of the National Financial System (SFN)
Table 3.
Brazil: The Structure of the National Financial System (SFN)
| Regulatory Bodies | Supervisory Authorities | Market Participants | |||
|---|---|---|---|---|---|
| National Monetary Council (CMN) | Central Bank of Brazil (BCB) | Financial institutions taking demand deposits | Other financial institutions Currency exchange banks | Other financial intermediaries and administrators of third-party assets | |
| Securities and Exchange Commission (CVM) | Commodities and futures exchanges | Stock exchanges | |||
| National Council of Private Insurance (CNSP) | Superintendence of Private Insurance (Susep) | Reinsurance companies | Insurance companies | Capitalization companies | Open pension funds |
| National Council for Complementary Social Security (CNPC) | National Superintendence of Complementary Pensions (Previc) | Closed pension funds | |||
Table 3.
Brazil: The Structure of the National Financial System (SFN)
| Regulatory Bodies | Supervisory Authorities | Market Participants | |||
|---|---|---|---|---|---|
| National Monetary Council (CMN) | Central Bank of Brazil (BCB) | Financial institutions taking demand deposits | Other financial institutions Currency exchange banks | Other financial intermediaries and administrators of third-party assets | |
| Securities and Exchange Commission (CVM) | Commodities and futures exchanges | Stock exchanges | |||
| National Council of Private Insurance (CNSP) | Superintendence of Private Insurance (Susep) | Reinsurance companies | Insurance companies | Capitalization companies | Open pension funds |
| National Council for Complementary Social Security (CNPC) | National Superintendence of Complementary Pensions (Previc) | Closed pension funds | |||
Safe, Effective and Stringently-Regulated Payment and Settlement Systems
30. The Brazilian authorities responsible for regulation, supervision and oversight of FMIs are the National Monetary Council (CMN), Central Bank of Brazil (BCB) and the Brazilian Securities Commission (CVM). CMN is responsible for regulation of payment systems (PSs), central counterparties (CCPs) and, securities settlement systems (SSSs). Under the CMN general regulation, BCB issues specific regulation, authorizes the functioning of, supervises and oversees PSs, SSSs and CCPs (clearing and settlement activities), which is shared with CVM in the case of SSSs. The BCB and CVM are responsible for the regulation, authorization, supervision and oversight of central securities depositories (CSDs), and trade repositories (TRs).
Efficient credit reporting sector
31. There are three main credit bureaux in Brazil. These are SPC, Serasa Experian and Boa Vista - SCPC. All three bureaus maintain databases both on positive and negative credit information and are supervised by the Consumer Protection Agencies. Regulations dating from 2011 and later years, set out scope of information to be held. FIs and other institutions licensed to operate by the BCB provide data to the bureaux in accordance with the guidelines approved by the CMN.
32. A new credit scoring company (GIC) is being launched by five of the largest Brazilian banks (Bradesco, Itaú-Unibanco, Banco do Brasil, Santander and Caixa Econômica Federal). The GIC received conditional approval from competition agency in June 2016, and should be operational in around 2020. The GIC will work in parallel with the Positive Credit Bureau, sharing information with the credit bureaus or selling credit information. Furthermore, the GIC will act as a registry of compliant and non-compliant borrowers and provide fraud protection services.
33. Another source of borrower data is the BCB’s Credit Information System (SCR). FIs can access information on the SCR on potential borrowers’ credit history and the size of their aggregated financial responsibilities. The reporting threshold to the SCR was lowered to R$200 (approximately USD 50) in 2016.
Publicly accessible information on economic, financial and social statistics
34. The two main bodies releasing data on economic and social statistics are the BCB and Brazilian Institute of Geography and Statistics (IBGE). Financial data and statistics are available through the BCB and also presented in the semi-annual Financial Stability Report. The Brazilian Institute of Geography and Statistics is governed by the Ministry of Planning, Budget and Management within the Federal Government and is responsible for the production and analysis of a wide range of data, including statistical, geographic, and environmental. It also publishes several economic and social indicators/statistics, in selected themes like national accounts, income, prices, education, labor, health, population and social mobility. Some key surveys conducted by the IBGE, including the National Household Sample Survey which generates data on the labor force and income; the National Census (every ten years); and the Quarterly National Accounts which presents the current values and the quarterly volume indexes (1995=100) for the Gross Domestic Product. Since 2012, the IBGE has improved some of those databases, including in relation to national accounts, the labor market data.
Framework for crisis management, recovery and resolution
35. The BCB, is the sole resolution authority for non-state owned banks and has the power to trigger resolution and apply resolution powers. State-owned (federal) banks are not subject to resolution. The resolution power is based on the “temporary special administration regime”, “intervention” and “extrajudicial liquidation” prescribed in: Law 6,024, Decree-Law 2,321 and Law 9,447. The BCB’s responsibility as resolution authority is under the Central Bank’s strategic objectives, related to the pursuit of a solid and efficient financial system.
36. Emergency liquidity assistance can be provided to financial institutions at the BCB’s discretion, with maturities up to 359 days. Such provision is subject to the Fiscal Responsibility Law (Complementary Law 101, Article 28, paragraph 2). However, when longer maturities of liquidity support are necessary, the BCB must liaise with the Ministry of Finance and the Government in order to set and approve specific legal provisions.
37. Based on signed cooperation agreements, BCB can share information with other national and foreign authorities. The BCB, is a home resolution authority of a resolution entity of a G-SIB—Santander in a Multiple Point of Entry approach. The BCB has been part of a Cross-border Cooperation Agreement (CoAg) in relation to the Santander Group since 2013 with authorities from EU, Spain and the United Kingdom.
38. At the time of the assessment, a draft Bank Resolution Bill, prepared by BCB to align the Brazilian Resolution Framework to the FSB Key Attributes of Effective Resolution Regimes, was under consideration. The draft bill proposed a new resolution framework, to make existing tools, such as reorganization, good-bank/bad-bank policy, and liquidation, more effective. Additionally, the bill proposed new measures such as the creation of bridge banks.
Public Safety Net
39. Deposit insurance in Brazil is provided by the Credit Guarantee Fund (FGC) and by the Cooperative Guarantee Fund (FGCoop). Regulated by the CMN and BCB, these are private non-profit entities established to manage protection mechanisms for investors and depositors of financial institutions (multiple, commercial, development and investment banks, saving bank, finance companies, mortgage companies and savings and loan associations in the case of the FGC; and credit unions and cooperative banks in the case of the FGCoop). Recent regulation amended the FGC’s statute including, among other aspects, restricting the insurance coverage in cases of institutional investors (Resolution 4,469). Similar regulation is being evaluated for the FGCoop, in order to allow the fund to act as a paybox and to offer liquidity assistance to associates.
40. Deposits and deposit-like instruments are covered by the FGC and the FGCoop up to R$250,000 per investor. Pay-out funds come from the contributions of associated institutions, credit rights subrogated by the FGC/FGCoop from associated institutions under resolution regime, as well as from the results of the services rendered by the FGC/FGCoop and the proceeds from investments made by them. Currently, the monthly ordinary contribution of associated institutions is set at 0.0125 percent of the balance of the guaranteed accounts. The FGC not only performs the role of pay box in an intervention or extrajudicial liquidation, but can provide financial support (e.g. loans, portfolio purchases, additional limit of insurance for certain affiliates’ operations) in order to support financial stability. The FGC can carry out these operations to promote the transfer of control, split, merger or other corporate reorganization as needed.
Effective Market Discipline
41. Banks are subject to information disclosure standards in relation to accounting and prudential information. Listed banks, and those required to establish an Audit Committee must publish accounting statements in accordance with IFRS annually.
42. Cosif, the accounting standards set by the BCB and applied to supervised institutions, requires that a complete set of financial statements be prepared, audited and disclosed semi-annually on a solo basis. The disclosure of information on risk management, capital requirements and regulatory capital on both quantitative and qualitative basis is set out in Circular 3,678. This information must be disclosed on a consolidated basis for institutions belonging to the same prudential conglomerate, in a form commensurate with the scope and complexity of operations and of systems and processes employed in risk management. Additionally, banks that are incorporated as a joint stock company or subject to the constitution of an audit committee must make a range of disclosures on a semi-annual basis, including the following: individual balance sheet of the institution or the prudential conglomerate’s balance sheet, if applicable; individual balance sheet of the institution or the prudential conglomerate’s balance sheet, in comparison with the published financial statements; list the institutions that comprise the scope of consolidation of the balance sheet, as well as the published consolidated balance sheet; disclose the values of total assets, net worth and area of activities of any of the institutions where individual disclosures have been made. Further requirements include the quarterly disclosure of information related to the calculation of the LCR (Resolution 4,401); quarterly and semi-annually disclosure of information related to the calculation of the leverage ratio (Circular 3,748); and four-monthly and annual disclosure of information pertaining to the assessment of global systemic importance (IAISG) on a (Circular BCB 3,751).
DETAILED ASSESSMENT
A. Supervisory Powers, Responsibilities and Functions
| Principle 1 | Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.4 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.5 | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The responsibilities and objectives of each of the authorities involved in banking supervision6 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. | ||||||||||||||||||||
| Description and findings re EC1 | The regulatory structure of the national financial system (SFN) is established by Law 4595 (the “Banking Law”). This law (Article 1) defines the SFN as comprising The National Monetary Council (CMN), the BCB, the Banco do Brasil S.A., the National Bank of Economic Development; and all other public and private financial institutions. The Banking Law further sets out the responsibilities of the Central Bank of Brazil (BCB). Specifically, the Banking Law provides the BCB with the exclusive authority to license banks (Art 10, Section X), conduct inspections (Art 10, Section IX) and to carry out corrective and remedial actions (Chapter V - penalties including recovery powers). No other authority in Brazil is granted supervisory powers in respect of the financial system, but the powers and execution of tasks by the BCB are subject to scrutiny by and report to the CMN, which has the wider responsibility for the soundness of the SFN. Additionally, laws 6,024 and 9,447 and Decree-Law 2,321 grant the BCB resolution powers, including intervention, liquidation or temporary special administration regime. The BCB holds the authority to regulate and supervise the banking system with respect to anti-money laundering and combating terrorism financing (AML/CFT) under Law 9,613. The BCB is responsible for the supervision of: commercial banks, universal banks (‘bancos multiplos”), exchange banks, development banks, investment banks, the Federal Savings Bank and credit/finance investment societies. All these institutions accept insured deposits but only commercial and multiple banks may accept demand deposits and grant commercial loans. Other financial institutions supervised by the BCB include: brokers and brokerage firms, credit cooperatives, leasing companies and micro credit companies. |
||||||||||||||||||||
| EC 2 | The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. | ||||||||||||||||||||
| Description and findings re EC2 | As noted above, according to the Banking Law, the BCB is the banking system supervisor and acts in accordance with the rules issued by the CMN. The Banking Law establishes multiple tasks for the BCB under Chapter III. The exclusive responsibilities of the BCB are set out, for example, in Articles 10 and 11 in the form of a list of tasks. While the role of the BCB is clear, in terms of tasks, the Banking Law does not include an explicit objective for the BCB for supervising banks and being responsible for the safety and soundness of the banking system. However, Resolution 4019, establishes that the BCB’s powers of corrective action are triggered in order to protect the safety and stability of the national financial system (Article 1). It may be noted, however, that according to Article 3 of the Banking Law, the responsibility for safeguarding the liquidity and solvency of financial institutions rests with the CMN itself and not the BCB. It is the CMN that issues the Resolutions (regulations) that govern liquidity and solvency. The BCB has authority to issue regulations (the BCB circulars) or guidelines as deemed necessary to ensure the safety and soundness of the banks under its jurisdiction. The BCB circulars set out the more detailed conditions required to operationalize the requirements in the Resolutions. Furthermore, as a member of the CMN, the BCB has the right to propose regulations and thus has the ability to initiate necessary revisions to the regulatory framework. In addition to its contribution to financial stability, and as is common for central banks with supervisory functions, the BCB plays a monetary policy role. Hence, Members of the BCB’s board convene periodically as two different, but complementary, committees: the Financial Stability Committee (COMEF) defines strategies and guidelines to preserve financial stability and mitigate systemic risk; and the Monetary Policy Committee (Copom), which sets the target for the policy interest rate, under an inflation targeting framework. |
||||||||||||||||||||
| EC3 | Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance. | ||||||||||||||||||||
| Description and findings re EC3 | The Banking Law grants powers to the CMN and the BCB the authority to define prudential standards to banks and other financial institutions through the issuance of regulations on a timely basis to address prudential concerns. In order to establish minimum prudential standards, regulations address, for example:
Please see EC6 for recent developments in the refinements of powers for the BCB. |
||||||||||||||||||||
| EC4 | Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. | ||||||||||||||||||||
| Description and findings re EC4 | The Banking Law is broad and allows for the issuance of regulations, including those necessary to implement international standards, without the need for legislative action. As noted above, prudential regulations are issued in the form of Resolutions (by the CMN) and circulars (by the BCB). CMN Resolutions take precedence over the BCB Circulars, so the latter must be consistent with the former. The BCB can propose the issuance of a resolution by the CMN and can also propose changes to federal laws to the Executive Branch. The BCB participates in the analysis of amendments to federal laws under discussion in the Congress. When applicable the BCB launches public consultations on new regulations. The banks and firms with whom the assessors met confirmed that the BCB is scrupulous in engaging in consultative processes before introducing new requirements. |
||||||||||||||||||||
| EC5 |
The supervisor has the power to:
|
||||||||||||||||||||
| Description and findings re EC5 | The Banking Law grants the BCB’s supervision unrestricted access to bank records, bookkeeping, documents and frequent contact with bank management. Specifically, Resolution 2723 (see in particular articles 9 and 10) provides the BCB with access to information, data, documents and verifications necessary for assessing the assets and liabilities, and the risks assumed by domestic or foreign subsidiaries of the bank. The Banking Law and the regulations apply equally to both domestic banks and foreign-owned banks incorporated in Brazil. The officers responsible for specific issues, including operational risk, market risk, liquidity risk, credit risk, risk management, foreign exchange, swaps, etc, must be available to the BCB provide any necessary clarifications. The BCB confirmed that the prevailing legislation did not formally grant the supervisor the right of access to the institutions’ premises, in the case of resolution or liquidation the BCB had the immediate right of entry, accompanied by the police. If the BCB were denied access under other (i.e. non-liquidation or resolution) circumstances, it would proceed via use of powers to punish the institution for denial of information. |
||||||||||||||||||||
| EC6 |
When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to:
|
||||||||||||||||||||
| Description and findings re EC6 | The BCB has a range of corrective actions, powers and sanctions that are set out in Resolution 4,019, derived from the Banking Law and other laws. As noted under EC3, the BCB’s powers include:
The intent for the new Ordinary Law, was to allow for harsher penalties and more expedited procedures. For example, revocation will be possible as a result of a grave infraction rather than only because the same infraction had been committed in the previous three years. The BCB will also be able institute immediate revocation if an institution is a danger to itself or to the market. Please see CP11 EC1 for more detail. In terms of cooperation and collaboration to ensure orderly resolution, Complementary Law 105, creates a general framework for information exchange and cooperation with foreign and domestic authorities who are relevant for resolution. This law will be supplemented by a Bill prepared by the BCB in order to align the Brazilian Resolution Framework with the 2014 FSB Key Attributes of Effective Resolution Regimes. The Bill is intended to enhance the framework for cooperation established under Complementary Law 105. For example, the bill contains more specific provisions dealing with cooperation and exchange of information with foreign resolution authorities in connection with the resolution of multinational firms. |
||||||||||||||||||||
| EC7 | The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group. | ||||||||||||||||||||
| Description and findings re EC7 | The BCB’s supervisory scope is widely drawn. Article 11 of the Banking Law establishes the BCB’s responsibility to exercise supervision over companies which are, directly or indirectly, involved or participate in the capital or financial markets. Hence, parent companies, subsidiaries or affiliates are subject to the oversight—though not the supervisory powers—of the BCB. | ||||||||||||||||||||
| Assessment of Principle 1 | Compliant | ||||||||||||||||||||
| Comments | The Banking law clearly establishes the BCB as the supervisory responsibility with a suite of tasks and powers. Further, the BCB’s corrective powers are triggered (Resolution 4019) with the aim of ensuring the solidity, stability and regular operation of the National Financial System. More generally, Brazil has a well-developed regulatory framework. All laws and regulations are published in the Federal Official Gazette of Brazil. Updated Federal legislation is accessible to the public through a variety of means, among which the site of the Presidency of the Republic of Brazil: www.planalto.gov.br. Regulations edited by the CMN and the BCB are accessible to the public through the BCB site: www.bcb.gov.br. While the BCB does not have the power to issue regulations independently, it sits on the body (the CMN) that issues the regulations and has the right of initiative for any new regulation in its sphere of responsibility. |
||||||||||||||||||||
| Principle 2 | Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. | ||||||||||||||||||||
| Description and findings re EC1 | Independence The Banking Law (Law 4595) establishes the National Monetary Council (CMN) as the main regulatory authority on financial issues and the Central Bank of Brazil (BCB) as the financial supervision authority, also with some regulatory power. Nevertheless, the Banking Law itself (Article 8) denotes the BCB as “a semi-autonomous federal agency.” Pursuant to Article 4 (items XXV and XXVII), the CMN decides upon the administrative structure, staff, and benefits of the BCB as well as approving the BCB’s internal bylaws, accounts, budget and accounting systems. Governance Governance provisions for the BCB are set out in law, notably the Banking Law (Arts 14 and 15). The Banking Law (Art 14) establishes that the BCB’s Board of Directors will have five members, including by the Governor. The members of the Board of the BCB are appointed by the President of the Republic and approved by the Senate. The Banking Law (Art 15) specifies decision making and frequency of Board meetings. Accountability The accountability of the BCB is to the CMN as set out in the Banking Law (Art 9) which requires the BCB to comply with and ensure compliance with the provisions attributed to it by current legislation and the norms issued by the CMN. The Central Bank’s Governor has government ministerial status and thus is accountable directly to the President. The BCB acts as executive secretariat to the CMN, and publishes the CMN’s decisions on financial issues in the form of resolutions. Supervisory discretion to act Decisions made by the board of the Central Bank of Brazil falling within the scope of its regulatory powers are published in the form of circulars, and as noted in CP1, typically iterate the detailed operational requirements that complement resolutions of the CMN. The BCB can also issue circular letters if there is a need to clarify some aspect of a resolution or a circular. Such information, contained in a circular letter, is complementary to the regulatory text and is also enforceable. Decisions on financial issues published in the form of resolutions or circulars are enforceable. Noncompliance with rules established in resolutions and circulars may therefore result in supervisory actions by the BCB. The BCB’s power to take supervisory action or decisions on banks under its supervision derives from three laws: the Banking Law, Law 6,024 and Resolution 4019. The BCB may thus undertake enforcement or corrective action, apply penalties and intervene and resolve weak banks independently, without recourse to formal or informal consultation or approval by the CMN or other authority. Although a Presidential Decree/Decision is required before a foreign owned subsidiary or branch can enter the Brazilian market, the procedure, which is seen largely as a formality, is not initiated unless the BCB has first scrutinised the application and concluded it is willing to grant its supervisory approval for a new authorisation. Hence, the prudential veto is in place. |
||||||||||||||||||||
| EC2 | The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. | ||||||||||||||||||||
| Description and findings re EC2 | The Federal Constitution of Brazil of 1988 (Article 52), determines that the members of the BCB’s Board of Governors be appointed by the President of the Republic and ratified by vote of the Senate following a public hearing. There is no established mandate or fixed-term for these positions. The tenure of the most recent Governors has ranged from three to eight years. The Governor and Deputy Governors of the BCB may be summarily dismissed at any time by the President of the Republic, (Decree 91,961, Art 1). The reasons for dismissal are not specified in law and nor is there a legal requirement for the grounds of dismissal to be made public. In addition, there are legal provisions for mandatory dismissal, applicable to any civil servant, pursuant to Law 8,112. Also, as is the case with any other civil servant, the BCB’s Governor and other Board members are subject to administrative processes for misconduct in accordance with Law 8,112 and Law 8,429. Grounds for dismissal include, for example, criminal or corrupt activities, violation of professional secrecy, and inappropriate behaviour. |
||||||||||||||||||||
| EC3 | The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives. | ||||||||||||||||||||
| Description and findings re EC3 | The BCB publishes the objectives and processes of supervision in the Supervisory Manual, available on its website, in both Portuguese and in English. The BCB also publishes its Financial Statements in the Federal Official Gazette of Brazil and on its website. The Financial Stability Report (FSR), which contains an overview of the SFN and its risks, is released biannually. The Deputy Governor for Supervision presents to the press at the release of each FSR. This presentation includes live broadcasting through the BCB’s channel on YouTube. The FSR communicates the views of the BCB’s Board on the main risks regarding the National Financial System. The BCB’s finances, budget and operations are subject to oversight by the Congress with the assistance of the Federal Audit Court. The Governor appears before the Committee of Budget twice a year and meets the Committee of Economic Affairs on a quarterly basis. These meetings are in open session and are broadcast on television. |
||||||||||||||||||||
| EC4 | The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. | ||||||||||||||||||||
| Description and findings re EC4 | The BCB has operational rulebooks which set out the internal governance and communication processes. The internal Management Operational Manuals explicitly define practices and processes to reach institutional decisions. While some decisions are reserved for the Board and Governor, such as revocation or major intervention, there are delegated powers to ensure that decisions can be taken and action pursued at lower levels of the hierarchy. For example, the Deputy Governor for Supervision may apply all sanctions and preventative measures; a head of department, acting on delegated powers from the Deputy Governor, can propose certain sanctions such as requiring an increase of capital, up to a certain level; a head of division is normally responsible for signing written requirements to banks to remedy deficiencies, but can escalate problems to the deputy head of the department to issue an attendance order to summon the controller of an institution to the BCB in order to resolve an issue. The BCB has a department of supervisory methodology which is responsible for designing decision making processes. At the time of the assessment these procedures and processes were under revision due to the expected legal changes arising from the ordinary law (13,506) that replaced Provisional Measure 784/17 which had lapsed (please see CP1 and CP11). As noted in EC2, the Governor and Board Members are appointed by the President and ratified by the Senate. A reputation for integrity and possession of technical competence are required in order to be eligible for these posts, and all members of the governing body are subject to the laws addressing conflict of interests as noted in EC5. |
||||||||||||||||||||
| EC5 | The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. | ||||||||||||||||||||
| Description and findings re EC5 | Professionalism In terms of appointment and recruitment, the law requires that certain standards are observed. Decree 91,961 provides that the Governor and Deputy Governors of the BCB shall be individuals of unblemished reputation and with a strong reputation and skill in economic and financial matters. The remainder of the BCB’s professional staff are hired via public examinations at entry level positions (Art 6, Law 9,650). The BCB is permitted to tailor its examination to focus on expertise needed. Integrity With regard to the professionalism of duty and integrity of the supervisor, Law 8,112, which establishes the legal regime for civil servants, provides (Art 121) that public servants are subject to civil, criminal and administrative proceedings in case of unlawful performance of their duties. Conflicts of interest are addressed by Law 9,650 (Art 17), which forbids staff members to provide services to companies supervised by the BCB or to receive any commercial advantages not available to other customers. The law (Art 17) further establishes responsibilities on the professional secrecy of information. BCB’s officials and staff members with access to privileged information are also subject to Law 12,813 (Art 6 (2)) which establishes clear definitions of conflict of interest, and requires a cooling off period of 6 months, unless an exemption is granted by the Public Ethics Committee or by the Office of the Comptroller General of the Union. Article 13 of this law indicates that sanctions can be applied, under Law 8,112, in the event of conflict of interest or of impropriety. Additionally, Board members and staff are subject to Law 8730 which addresses individuals in public service and positions of trust and requires an annual declaration of interests. In the BCB this declaration is made to the HR and Ethics Committee. Additionally, the BCB officials are subject to the Federal Government’s “Code of Conduct of the High Federal Administration.” The code establishes, among other rules of conduct applicable to senior public administration, the prohibition of accepting gifts of more than R$100.00, the obligation to clarify the existence of any conflict of interest and the use of insider information to their advantage. The BCB has taken several additional steps to promote professional conduct and ethical behavior. The Code of Conduct of Public Servants of the Central Bank of Brazil was published in 2009, and is available on the BCB’s website. The Ethics Committee of the BCB promotes the adoption and enforcement of both the Civil Service Code of Professional Ethics and the Code of Conduct of the CBC. The BCB also has an Ombudsman (Ouvidoria), which is responsible for dealing with any complaints related to the actions of the Central Bank and its staff members. While the Ombudsman has no direct powers, other than to ask for information, it is able to open procedures which are forwarded to the BCB unit of Internal Affairs to investigate. |
||||||||||||||||||||
| EC6 |
The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes:
(a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (eg supervisory colleges). |
||||||||||||||||||||
| Description and findings re EC6 | The BCB’s budget is composed of two elements, one of which addresses the BCB’s operations as the Monetary Authority and must be approved by the CMN. Supervisory activities, are met from the organisational budget, which under the Fiscal Responsibility Law forms part of the General Federal Government Budget (OGU). Additionally, the BCB has access to the resources of Reserve for Institutional Development of BCB (REDI-BC) which is the source of funding for the BCB’s key strategic projects, for long-term professional development of the BCB staff and technical and physical infrastructure, such as IT investments. The BCB considers that it has an adequate budget allocation to support an appropriate complement of staff, of requisite skills, as well as for training and development, IT systems, and other resources necessary for supervisory activities. Nonetheless, over the course of the assessment, the assessors became aware of some meetings and events that had been restricted due to budget constraint. All BCB staff recruitment, including mid-career specialists, is at entry level through public examinations. It is important to note that the BCB has the flexibility to tailor the examination to the expertise needed in order to recruit the range of skills that it needs. Equally, despite the entry level condition for hiring, the BCB has the power to ensure that skilled and experienced staff are allocated positions commensurate with their seniority (Law 9,650, Chapter III). The BCB staff with whom the assessors met valued the entry exam as an effective tool to identify the right skill set in prospective staff. Moreover, the entry exam process was seen as a protection of the BCB’s neutrality and independence as it was a way to avoid political appointees being imposed on the technical ranks of the institution. The BCB may, in addition, if needed, hire external consulting services, in order to perform a specific task or function if the relevant expertise is not possessed by BCB staff. Salary scales are governed by Law 9,650. Staff retention is high, with very few exits from officer ranks, apart from retirement or international service. BCB staff, with whom the assessors discussed the issue, highlighted the benefits of access to further education (e.g. higher degrees), security of tenure, and generous pension benefits as reasons that the BCB attracts quality staff and has high rates of retention. Among the staff with whom the assessors discussed these issues, were high calibre officers, with extensive experience in high profile industry and professional positions. Examples of support for staff development include the sponsorship of the Post-Graduate Programs; in-house training in banking regulation and supervision; and attendance in training events abroad (such as with the Association of Supervisors of Banks of the Americas (ASBA), the Financial Stability Institute (FSI), the IMF, WB, or other bodies). The BCB acknowledges increasing budget restrictions in the recent years, reflecting the domestic recession. Budgetary restrictions are expected to continue for the next few years due to the recent law imposing a limit on government expenses. |
||||||||||||||||||||
| EC7 | As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified. | ||||||||||||||||||||
| Description and findings re EC7 | There is an annual process to identify and take action in respect of skills gaps, coordinated by the Strategic Management, Integration and Support for Supervision Department (DEGEF). A stock-take of skills needed in the Supervisory department, which includes a prioritisation of the most needed skills in the coming year, is cross referenced with skills of existing staff (on a self-reporting basis) through the Training Management System. The system can thus prioritize the most essential skills, but also identify the priority needs of individual staff. The Central Bank’s Corporate University (UniBC) is responsible for offering, executing and evaluating the educational initiatives of the BCB as a whole. Domestic and foreign training is available and a number of staff with whom the assessors spoke indicated that the opportunity for further training and development at the BCB had been an important factor in seeking a career at the central bank. |
||||||||||||||||||||
| EC8 | In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available. | ||||||||||||||||||||
| Description and findings re EC8 | The BCB utilizes a risk-based supervisory approach (using a 1-4 rating system, subdivided into 10 grades overall), where the supervisory cycle is designed to take account of the bank’s risk and impact to the financial system, based on asset size thresholds and supervisory rating criteria. Supervisory plans are developed and resources assigned reflecting the risk profile of the bank and tailored to the geographic scope and degree of specialization, sophistication, risk, size, and complexity of the activities and organization of banks. In general, those entities presenting the greatest risk receive the most intense, frequent, and comprehensive scrutiny. Please see CP8 for more details. The BCB seeks to staff each supervisory program with personnel of appropriate training and experience. All of the supervisory programs consider the best approaches available to mitigate risks. |
||||||||||||||||||||
| EC9 | Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. | ||||||||||||||||||||
| Description and findings re EC9 | While not providing immunity from lawsuit or litigation, Brazilian law provides a degree of legal protection to managers and its employees. Thus, the BCB’s Governor, its Deputy Governors and certain other staff (current and former) have the right to representation by the BCB’s General Counsel (PGBC), pursuant to Law 9,028. This legal assistance extends to those assigned to the administration of special regimes under Law 6,024, and Decree-Law 2,321. This assistance may include representation before the Federal Public Prosecutor, if the officials are charged with criminal acts carried out in the course of their constitutional, legal or regulatory duties, or when acting in the public interest. Additionally, the PGBC may file a habeas corpus and a writ of mandamus in defence of current and former officials in respect of such charges. It may be noted that the Governor of the BCB has the status of a Minister of State, and his actions can only be challenged in the Superior Court of Justice (STJ) or in the Supreme Court (STF), and not in lower level Federal courts. BCB staff, however, do not enjoy the automatic services of the PGBC, or of protection against costs of lawsuit for actions taken when discharging their duties in good faith. Instead, staff are subject to a review and approval process. BCB staff can only obtain legal assistance following a review of the request by the PGBC and submission to the Board of Governors. If approval is granted, the PGBC conducts the defence and absorbs all costs of representation. The procedure for seeking legal assistance is set out in BCB Directive 088. Nevertheless, the BCB was concerned that the existing legal framework may afford insufficient protection to its staff. Hence, in the context of the Bill on bank resolution, provisions have been put forward that would provide enhanced legal protection for BCB officials and staff. According to these provisions, no central bank official or staff member shall be held liable for any act or omission related to the performance of his legal duties, provided that such acts or omissions do not arise from wilful misconduct or fraud. At the time of the assessment mission the Bill had not yet been passed. |
||||||||||||||||||||
| Assessment of Principle 2 | Materially Non-Compliant | ||||||||||||||||||||
| Comments | The legal framework does not grant the BCB a full, de jure independence from the government to conduct its activities, and there are important deficiencies in relation to the assessment of this principle. These deficiencies, unless and until amended, are potential conduits through which the de facto independence of the BCB could be impaired or compromised, irrespective of previous track record. The legal protection for staff of the BCB is lacking. The BCP methodology highlights the vulnerability that supervisory staff can be exposed to if such protection is weak or missing and it is therefore welcome that legislative initiatives to put this protection in place were in progress at the time of the mission. Brazil also falls behind good practice in that there is no fixed mandate for the term of the Governor, or for Board members. Also, the Governor can be dismissed from his/her position at the will of the President and there are no formal reasons for which dismissal can be made and no requirement for there to be a public disclosure of the reasons for dismissal. Although it is clear that in past years there has been great stability in terms of position holders of the Governor, and there is no evidence that the BCB has been unsuccessful in launching necessary regulatory initiatives, this track record cannot provide a protection against potential future volatility. Ancillary points that should fall within the BCB’s own discretion include budget and personnel decisions, to confirm that it is an independent institution fulfilling an important role on behalf of the state. |
||||||||||||||||||||
| Principle 3 | Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.7 | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. | ||||||||||||||||||||
| Description and findings re EC1 | To date, the BCB has made use of Complementary Law 105 to establish formal agreements with the following Brazilian authorities:
An annual meeting schedule has been established between the supervisory areas of the BCB, SUSEP and, more recently, PREVIC, in order to support the assessment of the risk and controls of banking conglomerates. Information exchange typically covers such issues as of internal controls, corporate governance, solvency, and quality of the assets. Additionally, the Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension Markets (COREMEC) was established through Decree 5,685, in order to promote the coordination and the improvement of the operations of federal public administration entities that regulate and supervise activities related to investments and savings. COREMEC meetings take place quarterly and the information exchange typically includes: (i) financial stability issues; (ii) risk-based supervision; (iii) rationalization and standardization of information requested by supervisory bodies; (iv) anti-money laundering issues; and (v) financial education and financial inclusion strategy. |
||||||||||||||||||||
| EC2 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary. | ||||||||||||||||||||
| Description and findings re EC2 | Complementary Law 105, (Article 2, § 4°, subsection II) provides the basis for cooperation agreements with foreign supervisory authorities in respect of:
The BCB maintains arrangements with foreign (home and host) supervisors and seeks to meet, as far as possible, requests from foreign supervisors even when no formal MoU is in place, providing that the requirements of Complementary Law 105 are met. Where information is governed by the law on secrecy, an MoU is required before information exchange can take place. However, information in relation to prudential supervision is not covered by the secrecy law and the BCB endeavors to maintain open communication and exchange information even prior to an MoU being signed. At the time of the assessment, the BCB had 25 Memoranda of Understanding (MoUs) with 29 foreign supervisory authorities, from 23 countries and the European Central Bank (ECB). The BCB has signed MoUs with the supervisory authorities of the following countries: South Africa, Germany, Argentina, Bahamas, Cayman Islands, China, Chile, Colombia, South Korea, Spain, United States of America (OCC, FDIC, FED and Department of Financial Services), India, Indonesia, Italy, Luxembourg, Mexico, Panama, Portugal, Paraguay, Peru, the United Kingdom, Switzerland and Uruguay. During the assessment, a further MoU was signed with the Austrian authorities. The BCB confirmed that there is a regular/frequent exchange of information with most of the countries with which the BCB has an agreement. The assessors were able to see some examples. The BCB noted that it receives dozens of information requests every year through the MoU arrangements. Furthermore, the BCB Supervision Manual (MSU 4.30.40) provides that the main conclusions of the Risks and Controls Assessment System (SRC), including the supervisory rating, are to be shared with the home supervisor of foreign financial institutions operating in Brazil at the end of the supervisory cycle. Although the MoUs confirm that joint inspections may take place, and clarify arrangements for the notification of inspections in the jurisdiction of the home/host authority, none have been carried out in recent years. The BCB hosts supervisory colleges for Itaú-Unibanco and Banco do Brasil and participates in colleges for Citibank, JP Morgan Chase, Credit Suisse, Deutsche Bank, UBS, GMAC, and Rabobank. The BCB also participates in the core colleges and Crises Management Group - Santander with Banco de España, having signed a specific MoU -CoAg with that authority establishing policies for information sharing related to resolution strategies. Please see also CP13. |
||||||||||||||||||||
| EC3 | The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. | ||||||||||||||||||||
| Description and findings re EC3 | In exchanging information and signing MOUs, the BCB ensures that the protection of the information meets the privacy standards of Brazil in accordance with Complementary Law 105. The agreements and MoUs signed by the BCB state that the information provided must be used only for supervisory purposes and its confidentiality must be preserved to the extent legally possible. Even when the BCB exchanges information with foreign supervisory authorities with whom there is no MoU in place it is made clear to the foreign authority that the information provided is to be used for supervisory purposes only. |
||||||||||||||||||||
| EC4 | The supervisor receiving confidential information from other supervisors uses the confidential information for bank specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information. | ||||||||||||||||||||
| Description and findings re EC4 | The BCB confirmed that its use of confidential information received from other supervisors is only ever for supervisory purposes and that it routinely confirms that the confidentiality of the information it shares with other authorities will be protected, other than in cases of court order or legislative mandate. The BCB itself only has to provide information shielded by bank secrecy Laws in cases of submission of specific requests from Congress /Justice (prescribed by Complementary Law 105). Any request not covered by Complementary Law 105 is denied. However, such requests are uncommon and there have been no cases in recent years. |
||||||||||||||||||||
| EC5 | Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. | ||||||||||||||||||||
| Description and findings re EC5 | The BCB is the single supervisory and resolution authority, which facilitates a prompt and effective exchange of information for supervision and for the resolution area to develop resolution plans. As of January 2017, a governance architecture has been created through the establishment of a Resolution Committee (COPAR) constituted by the heads of the departments involved in resolution and crisis management (departments under the Deputy Governor for supervision and the Deputy Governor for resolution). The objective is to support the coordination and communication between supervision and resolution areas to deal with resolution planning, resolvability assessment and resolution actions. COPAR is working on methodologies to be used in time of crisis and should thus assist in avoiding conflicts of interest when dealing with a crisis scenario (e.g. assessment of the “fail or likely to fail” condition) as the supervisory and resolution departments report to different Deputy Governors. The review of the banks’ Recovery Plans is part of the supervisory work process and this review should be carried out as described in the guidance available on the BCB’s intranet. Supervision may, at its discretion, determine the total or partial execution of the recovery plan, in order to maintain the soundness, stability and regular operation of the SFN. Once the recovery plan is triggered, it is the supervisor’s responsibility to share the necessary information with the home or host supervisors. The decision for resolution, though, is a decision of the BCB board, which is made following a proposal by the DG for the resolution department. One purpose of the COPAR, is to ensure that there has been an extensive consideration of the technical issues prior to a recommendation being made to the BCB Board. As mentioned in CP 13 (EC 5), the BCB has required all D-SIBs to submit recovery plans. Information gathered from the recovery plans is planned to be used to enhance resolution planning. The first versions of resolution plans are already in place but will be enhanced and finalized at the end of the phase-in period for the recovery plans which is due in July 2018. Firms with whom the assessors met, confirmed that they had been submitting their recovery plans to the BCB according to the timetable. The BCB participates in the FSB Cross-Border Crisis Management Group (CBCM) and FSB Resolution Steering Group (ReSG). It should be noted, in addition, that the Bank Resolution Bill prepared by the BCB in order to align the Brazilian Resolution Framework with the FSB’s 2014 Key Attributes of Effective Resolution Regimes, and currently under reviewed by the Ministry of Finance, was also designed to enhance the framework under Complementary Law 105. For example, the proposed bill contains more specific provisions dealing with cooperation and exchange of information with foreign resolution authorities. |
||||||||||||||||||||
| Assessment of Principle 3 | Compliant | ||||||||||||||||||||
| Comments | The BCB has clear powers to exchange information with relevant authorities both domestically and abroad. Relevant MoUs are in place or are in the process of being agreed, in order to adapt to new elements of recovery and resolution, and the BCB places an emphasis on proactive and timely information sharing and of assistance when requested. | ||||||||||||||||||||
| Principle 4 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The term “bank” is clearly defined in laws or regulations. | ||||||||||||||||||||
| Description and findings re EC1 | Unlike some other jurisdictions, the term “bank” is not specifically defined in laws or regulations. Instead, banks are recognized as a subset of the financial institutions that are authorized and licensed by the BCB. The Banking Law (Article 17) defines financial institutions as “public or private legal entities, whose main or secondary activity is the collection, intermediation or investment of their own or third-party funds, in national or foreign currency, as well as the custody of third party property.” Hence, the BCB licenses and supervises a range of financial institutions (19 types), which includes banks but not all of the financial institutions are banks. Other non-banking financial institutions are licensed and supervised by the BCB and may provide a specified set of financial services. Each of the 19 subsets of financial institutions is subject to its own set of resolutions which define its nature. Please see EC2 below. |
||||||||||||||||||||
| EC2 | The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations. | ||||||||||||||||||||
| Description and findings re EC2 | The activities permitted for the different sectors of banking institutions are set out in regulations. Commercial Banks are licensed by the BCB to provide a wider set of regulated financial services. Investment banks, development banks, universal (“multiple”) banks, credit cooperatives and exchange banks are covered, respectively, in Resolutions 2624; 394; 2099; 2788; and 3426. | ||||||||||||||||||||
| EC3 | The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled. | ||||||||||||||||||||
| Description and findings re EC3 | According to Article 34 of Law 8,934, the names of Brazilian companies must conform to the principle of truthfulness and to be new (“The business name shall obey the principles of veracity and novelty”), in order to be registered with the Trade Boards—these are state controlled institutions. This requirement mitigates risks of the use of the word “bank” and its variations by non-licensed institutions. There is no outright general prohibition on the use of the word of “bank” or of any of its derivatives except in certain specific circumstances. For example, Credit cooperatives are not permitted to use the term bank, based on Article 5 of Law 5764 (“Cooperatives are prohibited from using the term “Bank”) | ||||||||||||||||||||
| EC 4 | The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks. | ||||||||||||||||||||
| Description and findings re EC4 | Only institutions licensed and supervised by the BCB may engage in deposit taking. Commercial and universal (“multiple”) banks, and credit cooperatives, are the only institutions permitted to receive demand deposits. To accept a deposit of any type an authorization is needed. Additionally, Law 7492, (Article 16) stipulates a sentence of 1 to 4 years and a fine to those that operate a financial institution without due authorization, or with authorization granted based on false statements. Some payments institutions are permitted to receive deposits from the public, solely in order to convert those funds into electronic money through a pre-paid payment account, which is restricted for payment transactions. Those resources are not considered “deposits” (as bank deposits), since they cannot be used to finance the operations of the payments institutions (or of a FI that provides payment services). Nevertheless, these payment institutions are licensed and supervised by the BCB, and customers’ accounts are segregated for their protection. |
||||||||||||||||||||
| EC5 | The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. | ||||||||||||||||||||
| Description and findings re EC5 | The BCB’s website contains a registry of all financial institutions and publishes standard basic information of all banks licensed under its jurisdiction (address, directors, branch network, conglomerate data, list of licensed activities, tariffs, etc.): http://www4.bcb.gov.br/?IF. The BCB’s website, identifies institutions by sector (i.e. bank, etc) at: http://www.bcb.gov.br/pt-br/#!/n/SUPERVISAOSFN. Registry information of other institutions licensed by the BCB is available at http://www.bcb.gov.br/?RELINST. The information includes the trade name of the financial institution, its registration number in Brazil (CNPJ), area of operation and address. |
||||||||||||||||||||
| Assessment of Principle 4 | Compliant | ||||||||||||||||||||
| Comments | Information on the identity and permitted activities of all entities operating under a banking authorization is clearly available on the BCB website. If a member of the public wishes to cross check the identity of an institution that is holding itself out as a bank, it is straightforward to consult the list of entities and confirm the legitimacy of the institution. Equally the activities permitted to any financial institution is accessible on the BCB website. Furthermore, no institution in Brazil may accept deposits, of any form, without an authorization from the BCB. There is no direct prohibition on use of the word “bank,” except in some particular cases (such as credit cooperatives), but as the trade boards are responsible for registering corporate entities and this process governs the “truthfulness” or veracity of the name, then only fraudulent operators would be able to use the designation “bank.” However, while the system has an important safeguard in that it is straightforward to check if an institution is legitimate and supervised by the BCB, no authority actively monitors whether there are institutions presenting themselves as banks without the necessary authorizations. |
||||||||||||||||||||
| Principle 5 | Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)8 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate. | ||||||||||||||||||||
| Description and findings re EC1 | The Banking Law, (Article 10, subsection X), establishes that the BCB has exclusive competence in authorizing financial institutions, for example, to: a) Operate in the country; b) Establish or transfer their headquarters or offices, including those located abroad; c) be transformed, (i.e. change its authorised status) merged or incorporated or taken over; and d) Transfer their equity control. The Constitution of 1988 prevents the establishment, in Brazil, both of new branches of foreign financial institutions as well as any increase in equity participation in domestic financial institutions by foreign individuals or legal entities. Nevertheless, certain exceptions are permitted in relation to authorizations resulting from international agreements, reciprocity, or of national interest. The national interest, though, must be confirmed by a presidential decree, and therefore the BCB must submit foreign banks’ license applications for presidential approval. The BCB is not required to forward an application by a foreign bank that it finds to be deficient or unsuitable. As can be seen from the licensing process below (EC2), the BCB does not grant an authorisation until having carried out an inspection on the operations of the institution. |
||||||||||||||||||||
| EC2 | Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the licence was based on false information, the license can be revoked. | ||||||||||||||||||||
| Description and findings re EC2 | Information requirements for licensing are set out in Resolution 4122. The BCB can amend the authorization criteria, if needed, through proposals made through the CMN. The BCB is not obliged to approve an application for an authorization that is made to it. The resolution clearly grants the BCB the ability to reject a deficient proposal (see, for example, Articles 5, 7 and 8). In particular, issues that may affect the reputation of the proposed controllers, will result in the suspension of the application—though time may be granted to rectify the irregularity. Also, any discovery of false or misleading information, at any stage of the process—even if the license has been awarded—leads to automatic revocation. Licensing is a 6-stage process, set out in the Regulation Annex I to Resolution 4122, which progresses through more onerous and detailed requirements at each stage. In summary, the stages are as follows: a) Submission of initial documentation, including:
b) Technical interview. The technical interview is with the members of the institution’s control group (i.e. individual or group of individuals bound by an agreement, controlling at least 50 percent of the entity - i.e. listed) and may be waived depending on the sufficiency of the information in the initial submission to explain the project; whether the future controlling shareholders have demonstrated the necessary business and market knowledge; or if the license application is submitted by an institution already licensed by the BCB (Article 5 of Regulation Annex I of Resolution 4122); c) If the application proposal is approved, the applicant must comply with the following, more detailed, conditions within 60 days:
d) Should the requirements in section (c), be met to the BCB’s satisfaction, the applicant has a further 180 days— to meet the conditions below. This period may be extended for a further 90 days at the discretion of the BCB (Article 7 of Annex I of Resolution 4122):
e) Inspection conducted by the BCB, within 90 days of receipt of the request, (Article 8 of Regulation Annex I of Resolution 4122); failure to satisfy the BCB’s inspection results in the opportunity to make rectification, but a second failure to pass BCB inspection results in rejection of the application. f) If BCB inspection is satisfactory, the institution has 90 days to present documentation proving that various measures have been adopted, relating to the legal establishment of the entity and election of officers of the entity and also including proof of the evidence of the source of funds (Article 9 of Regulation Annex I of Resolution 4122). Once the BCB verifies the submissions made under (“f”), the license is issued. If, at any time, during the licensing process, the BCB, establishes that false claims have been made, the BCB may reject the application. However, depending on the specific circumstances the BCB may grant time for justifications to be submitted. The assessors were able to see very thorough documentation covering the full sequence of examples. |
||||||||||||||||||||
| EC3 | The criteria for issuing licences are consistent with those applied in ongoing supervision. | ||||||||||||||||||||
| Description and findings re EC3 | The criteria for the issuance of a banking license are consistent with the criteria established in the continuous supervisory process. The licensing process, much like the supervisory process, assesses the ownership structure and governance (including the fit and proper assessments of the control group, board members and senior management), internal controls, risk management and projected financial condition (including the capital base). All persons who are proposed as members of the “control bodies” (Supervisory and Executive Boards and Fiscal council) are assessed against fit and proper standards on an ongoing basis. | ||||||||||||||||||||
| EC4 | The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis. The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. | ||||||||||||||||||||
| Description and findings re EC4 | As detailed in EC2, the licensing process as set out under Resolution 4122 requires considerable information on the corporate ownership as well as on the individuals who will direct and execute the bank’s strategy. Further, and Circular 518 establishes information requirements on the capital structure and control structure for the proposed institution. Given that Circular 518, (for all institutions on an annual basis, as well as for new applications) requires the information on the capital structure be broken down until the final controlling interest of the participating companies is identified, the BCB has access to information to assess whether effective supervision could be impeded. The license is not granted unless the BCB concludes, among other criteria, that the institution’s legal structure, chain of control or organizational arrangements do not constitute obstacles. |
||||||||||||||||||||
| EC5 | The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. | ||||||||||||||||||||
| Description and findings re EC5 | Identification Again, as noted in EC2, Resolution 4122 requires the identification of members of the control group of the institution, with their respective stockholdings and identification of natural persons and legal entities that are in the wider, mixed activity (not purely prudential) group of the institution. Resolution 4122 is supplemented by Circular 3649 which requires, among the documentation for submission, the complete organisational chart of the economic group. The information must identify all companies with their respective registration number in the National Register of Legal Entities (CNPJ) or, if foreign, with the name of the country where the headquarters is located, and the percentage of total and voting capital held or a statement that the institution does not belong to an economic conglomerate (mixed activity group). Direct shareholding control of banks is restricted to: natural persons; financial institutions and other financial system members licensed by the BCB; and other legal entities whose exclusive business purpose is to invest in the equity of financial institutions and other institutions licensed by the BCB. If the ownership structure is not clearly defined, the BCB requires the agreement of the shareholders so that the BCB may scrutinize the controlling group’s structure. In other words, if there is a small group of shareholders who collectively hold a majority of shares, the BCB requires there to be a formal agreement between the shareholders and this group is considered to be the control group (e.g. Article 6, Resolution 4122, and Annex 1, Article 6, Paragraph 1, Section II of Resolution 4122). Suitability Under Resolution 4122 the members of the controlling group are required to be knowledgeable about the business and market sector. If a member of the controlling group is a new entrant to the National Financial System (SFN), further verification might take place, including criminal checks through Interpol if the member is not a Brazilian national; and checks with any relevant foreign supervisory authority (with respect to individuals or corporate controllers). Moreover, the BCB requires the prospective controlling group to authorize the BCB to consult any public or private system of registration or other information containing their data. The BCB also investigates and verifies qualified participation holders or of participants who hold, directly or indirectly, 15 percent or more of the shares of the capital of the institution. Financial support The BCB examines whether controlling interest holders have financial capacity compatible with the size, nature and purpose of the proposed bank, considering the initial and future capital necessities as indicated by the business plan and the viability study. The analyses are based on tax returns (for individuals), and financial statements and audited accounts (legal entities). The BCB includes an analysis of the net worth of controlling interest holders and consistency with records held the Credit Information System (SCR). If information contains discrepancies and/or information suggests any involvement in suspicious transactions by the controlling interest holders or a qualified stakeholder, the BCB will request additional information, including the previous three years’ tax records from the Federal Revenue of Brazil. Source of funds The holders of controlling interests and qualified participations holders must provide evidence of the source of funds through income tax returns, the previous financial year’s balance sheet and three years’ auditor reports as well as other relevant information such as bank statements, invoices, deeds, purchase and sale contracts, etc. |
||||||||||||||||||||
| EC6 | A minimum initial capital amount is stipulated for all banks. | ||||||||||||||||||||
| Description and findings re EC6 | According to Resolution 2,099 and Resolution 2,607 the following minimum limits of paid-in capital and net stockholders’ equity must always be met: I - R$ 17,500,000.00: for commercial banks and universal banks (“multiple banks”) with commercial portfolio; II - R$ 12,500,000.00: for investment banks, development banks, and corresponding portfolios of universal banks and savings banks; III - R$ 7,000,000.00: for credit, financing and investment societies, real estate credit society, leasing society and corresponding portfolios of universal banks. Should an institution wish to undertake foreign exchange operations, the minimum capital level is increased by R$ 6,500,000.00. Furthermore, there are additional capital requirements for the installation of branches beyond the threshold previously established by the BCB. |
||||||||||||||||||||
| EC7 | The licensing authority, at authorisation, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank. The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks. | ||||||||||||||||||||
| Description and findings re EC7 | In the terms of the Banking Law, the BCB has to establish “(...) conditions for the occupation and exercise of any position in the management of private financial institutions, as well as the occupation of any Office in advisory, supervisory or similar bodies, according to norms issued by the National Monetary Council.” Resolution 4122 establishes that the exercise of positions in statutory bodies of financial institutions are restricted to those whose appointment has been ratified by the BCB to meet the following conditions: (i) have unblemished reputation; (ii) be resident in Brazil, in the case of directors and managing partners; (iii) not be under restriction by special laws, or having been convicted for any bankruptcy crime, tax evasion, prevarication, corruption, graft, embezzlement, crime against the public economy or the SFN, or of any crime that restricts, even temporarily, access to public offices; (iv) not be held as unfit, or suspended for the performance of duties as member of the statutory audit committee, member of the board of directors, member of the executive board or managing partner in the institutions mentioned in Article 1 or in private pension entities, insurance companies, capitalization companies, publicly held companies or entities subject to supervision by Comissão de Valores Mobiliarios, the Brazilian securities and exchange commission; (v) not be subject to, and nor must any company of which he or she is a controlling interest holder or administrator, any contested securities, judicial collection, issuance of checks without funds, default of obligations or similar circumstances; (vi) not have been declared bankrupt or insolvent, (vii) not have been either a controlling interest holder or administrator, over the 2 (two) years preceding the election or appointment, of a firm or company object of declaration of insolvency, liquidation, intervention, bankruptcy or judicial reorganization. Where nominees for managerial positions have not been previously ratified, the applicant must publish a declaration of purpose to obtain the ratification. In these cases, the following inquiries are made, which are comparable to checks made in EC4/5 above:
The BCB can revoke a ratification at its discretion at any time if irregularities are uncovered or if false declarations or documents have been presented. Please also see EC5. |
||||||||||||||||||||
| EC8 | The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank. | ||||||||||||||||||||
| Description and findings re EC8 | As described in EC2 Resolution 4122 sets out extensive documentation requirements relating to strategy and operation in relation to a licensing application. Furthermore, Circular 3649 provides instructions for the review of the strategy and the operating plans of a prospective bank. The business plan must, at a minimum, describe:
As indicated in EC2, the BCB conducts an inspection, during the licensing process, in order to assess the consistency between the organizational structure implemented and that set out in the business plan. |
||||||||||||||||||||
| EC9 | The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank. | ||||||||||||||||||||
| Description and findings re EC9 | The proposal must include information to support the financial capacity of controlling shareholders to support the bank. The approval depends on the evaluation of the financial capacity of the owner, the origin of the invested funds and estimates of the initial and future capital needs as indicated by the business plan and viability study. Pro forma financial statements are provided and, based on projected growth and capital needs, a determination is made of the controlling interest holders ability to support future growth. Please see EC2 for further details. |
||||||||||||||||||||
| EC10 | In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision. | ||||||||||||||||||||
| Description and findings re EC10 | Whenever the participation of foreign capital in the SFN involves the establishment of foreign bank subsidiaries in Brazil, Circular 3317, (Article 3) stipulates that the BCB may request information from the respective supervisory authority (home supervisor) regarding the bank’s legal status, as well as the intended investment. It is typical for the BCB to make such a request. The consultation is usually done under an MoU between the foreign supervisory authority and the BCB. The absence of an MoU does not prevent a consultation from being made. In making this consultation, the BCB aims to assess the extent to which the foreign supervisory authority:
|
||||||||||||||||||||
| EC11 | The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met. | ||||||||||||||||||||
| Description and findings re EC11 | Resolution 4122 states that, for the first five years of operation, new institutions must report its performance set against the strategic objectives stated in their business plan. This information must be presented in the financial statements. If the BCB finds the operations to be inadequate in relation to the strategic objectives, the institution must present justification which the BCB will also evaluate and which may lead to the BCB establishing a timetable to meet additional conditions. As set out in Resolution 4122 (Annex I, Article 21), the BCB may revoke the bank’s authorisation at any time, for any of the following reasons: I - failure to meet regulations in carrying out essential operations; II - lack of operating activity; III - failure to occupy the address notified to the BCB; IV - delay of over four months in submitting legally required financial statements to the BCB without adequate justification; V - failure to follow the business plan. |
||||||||||||||||||||
| Assessment of Principle 5 | Compliant | ||||||||||||||||||||
| Comments | The licensing model followed by the BCB is comprehensive, ranging from identification of ultimate beneficial control, to refusal to issue an authorization until and operational inspection has taken place and the BCB also specifies a period of time during which it monitors whether the new institution is executing (or capable of executing) its business plan and achieving its stated objectives. In the last X years, the BCB has received five applications for banking authorizations, of which only one was approved. One was denied outright, and the other three applications withdrew during the course of the process. The BCB does not favor an approach whereby informal decision or advice is given to an applicant, preferring to ensure that all applications are subjected to the same due process, in order to signal parity of treatment for all applicants. |
||||||||||||||||||||
| Principle 6 | Transfer of significant ownership. The supervisor9 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”. | ||||||||||||||||||||
| Description and findings re EC1 | The corporate law (Law 6404, Article 116) defines controlling shareholder as the individual, legal entity, group of people joined by voting agreement or group of legal entities under common control (control group), which:
Additionally, Resolution 4122, (Article 6) defines qualified ownership as the direct or indirect participation, by individuals or legal entities, equivalent to 15 percent or more of the shares or representative quotas of the total capital of a financial institution. A “control group” is defined under Resolution 4122 (Article 6) as individuals or groups who are bound by a voting agreement or common control and hold shareholding rights equivalent to the majority (50 percent) of the voting capital of a public company or at least 75 percent of the shareholding capital of a limited liability company. Additionally, Article 6 permits the BCB to use additional criteria (“other elements”) to identify the control group if the stated definition is insufficient. Participation is calculated on the basis of both direct and indirect investments. |
||||||||||||||||||||
| EC2 | There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. | ||||||||||||||||||||
| Description and findings re EC2 | Resolution 4122 (see preamble and purpose, and more specifically, Regulatory Annex II) establishes the requirements and procedures not only for authorisation but for changes of control and corporate reorganisation, among other matters. Hence, BCB authorization is required for the transfer of corporate control and any change, direct or indirect, in the control group, that might imply change in the effective control of institutional business. Chapter II of the Regulatory Annex to Resolution 4122 sets out requirements for change of control and also reorganisation (Chapter I relates to new authorisation as discussed in CP5). The approval process is not triggered (Article 13 of the regulatory annex) where there is no change in the ultimate beneficial controller (“final controller”) of the institution. Authorisation is needed for a proposed participation equal to or greater than 15 percent in a financial institution (Article 16 of Chapter II of the Regulatory Annex). There is a notification requirement to the BCB in respect of changes of voting or nonvoting capital above 5 percent (essentially creating a 5 percent threshold for notification); any change in control; and/or any change in foreign capital ownership (Circular 624, amending item 2 of Circular 518). The notification in Circular 624 is triggered when the change is direct or indirect. The Licensing Department (DEORF) is responsible for analysis and approval of any change in control through the application of a fit and proper test, using a broad definition of control in these instances. The requirements for a transfer or change in the control group are essentially the same as those applied in the licensing of a financial institution and are set out in Resolution 4122, Annex II. |
||||||||||||||||||||
| EC3 | The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership. | ||||||||||||||||||||
| Description and findings re EC3 | The 1964 Banking Law, (Article 10, Section X), establishes that the BCB has exclusive responsibility, not only for initial authorisation, but for approving changes of control. The article establishes that only the BCB can authorize financial institutions to, “transform, merge, incorporated, or taken over. The same article further confirms that, “(... ) based on the rules established by the National Monetary Council, the Central Bank of Brazil will analyse the requests formulated and will decide to grant or to deny the requested authorization (...).” Operations that result in transfer of control and/or corporate reorganization are subject to the same requirements as the licensing of new banking institutions that are iterated in in Resolution 4122 (presentation of business plan, economic and financial capability studies, origin of funds, access to information about the controllers and qualified participants, among others). However, Resolution 4122 allows the BCB to waive some of these requirements at its discretion. For example, typically, a business plan is only requested if major strategic changes to the institution are planned. A transfer of control is only finalised after the approval of the BCB has been issued. Should the authorisation for change of control have been based on false information, the BCB, may review the decision, take into consideration public interest and the circumstances of each case, and require the situation (transaction) to be regularised. (Resolution 4122, Article 8) |
||||||||||||||||||||
| EC4 | The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. | ||||||||||||||||||||
| Description and findings re EC4 | According to Circular 3649 transactions that involve the transfer of control—directly or indirectly—or newly qualified shareholders must be reported to the BCB within 15 days. | ||||||||||||||||||||
| EC5 | The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor. | ||||||||||||||||||||
| Description and findings re EC5 | Changes of control that fail to comply with regulation can lead to a number of punitive measures, such as: a) the immediate reversal of the transaction; b) ruling of ineligibility of the relevant administrators for management positions in financial institutions; and c) revocation of the entity’s operating license (Banking Law, article 10, clause IX). | ||||||||||||||||||||
| EC6 | Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. | ||||||||||||||||||||
| Description and findings re EC6 | According to Resolution 4567 (Article 1) financial institutions and other institutions authorized to operate by BCB must report any information that may affect the reputation of their:
The information expected to be provided under the resolution includes police investigations, criminal proceedings or judicial or administrative proceedings related to the National Financial System, within 10 working days from the institution having access to the information. |
||||||||||||||||||||
| Assessment of principle 6 | Compliant | ||||||||||||||||||||
| Comments | The powers of the BCB are very similar in respect of both initial authorisation and change of control. Similarly, the BCB’s practices are also careful and attention is paid to determination of ultimate control of a banking entity or group. While the Brazilian market has not yet developed markedly complex group structures in which banks are embedded, there are foreign owned banks with greater levels of complexity. The authorities stressed, and it was consistent with the documents the assessors could review, that the BCB placed great importance on the clarity of group structures and being able to understand how group relationships might change in the event of change of control. It was also clear in the documentation that the BCB is ready to deny changes of control if it is in anyway unsatisfied with the proposals or information it has received. | ||||||||||||||||||||
| Principle 7 | Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 |
Laws or regulations clearly define:
|
||||||||||||||||||||
| Description and findings re EC1 | The Banking Law and Resolutions 2723 and 4062 set requirements and provide guidance with respect to acquisitions and investments that require BCB notification and approval. There is no minimum threshold that triggers a requirement for prior approval as any capital investment, other than investment firm activity, is subject to approval. Article 30 of the Banking Law states that: “private credit institutions, with the exception of investment institutions, may participate in the capital of any company only with prior authorization from the BCB.” Given that the lack of an approval threshold leads to the potential for an excessive level of filings with the BCB, the BCB has proposed an amendment to Article 30 of the Banking Law, to introduce a de minimis level up to which no authorization would be required. The BCB indicated that regulations lower than the Banking Law were not permitted to amend the approval threshold and nor could can ordinary law be used to amend the Banking Law as the Banking Law has the status of a Complimentary Law and there is a high threshold that must be passed to pass amendments. The BCB also indicated that amending the approval threshold is not seen as a priority in the overall legislative agenda. The one exception to this threshold is in relation to investment (trading) activity and is governed by Resolution 4062 which confirms the basic principle of prior authorization but then indicates the exemption. It states (Article 1) “[.] The direct or indirect investment in the capital of any domestic or foreign companies by financial institutions and other similar licensed entities is dependent on prior authorization by the BCB. Exceptions are granted for shareholding operations typical of investment portfolios held by investment and development banks, development agencies or universal banks with an investment or development portfolio [.]”. Moreover, it states “[.] Authorization for investment shall be granted only in cases where the invested company’s activities complement or support the investing entity’s [.]”. The terms for prior authorization by the BCB when a domestic financial institution seeks to establish a direct or indirect ownership interest, abroad are set out in Resolution 2723. The resolution also governs the establishment of branches abroad. Resolution 2723 (Article 8, paragraph 1) establishes that prior BCB authorization is required for cases of participation, increased percentage of participation and any case in which the preparation of financial statements is required. The resolution also confirms that the BCB can only grant authorization when it has been given all relevant information, data and documents in order to evaluate and ensure that consolidated global supervision will not be impeded. This rule applies to all investments abroad, including in the so called “tax havens”. A domestic financial institution seeking an investment or establishment abroad must comply with the following conditions:
Since 2012 the BCB has examined 602 applications filed by financial institutions seeking approval for investments in the capital of other companies, as required by Resolution 2723. Investments in domestic financial institutions follow the guidelines established in Resolution 4122, (please see CP 6 - Transfer of Significant Ownership). Mutual participation (i.e. cross shareholding) between financial institutions is prohibited pursuant to Article 7 of Resolution 2723. |
||||||||||||||||||||
| EC2 | Laws or regulations provide criteria by which to judge individual proposals. | ||||||||||||||||||||
| Description and findings re EC2 | Please see EC1. | ||||||||||||||||||||
| EC3 | Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. The supervisor can prohibit banks from making major acquisitions/ investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. | ||||||||||||||||||||
| Description and findings re EC3 | As established by Resolution 2723 (Article 9), any investment subject to consolidation, irrespective of the company’s area of business, requires that the financial institution grant full and unrestricted access to the BCB, to all information and documents that are necessary for the correct assessment of the risk that the investment represents for the financial institution. As also established by Resolution 2723 financial institutions must prepare their financial statements in a consolidated manner, including in the scope of consolidation domestic and foreign companies in which they have, one or more of the following:
It is worth noting that, when preparing the consolidated financial statements, the scope of consolidation must include the financial institutions and similar companies licensed by the BCB which are bound by effective operational control, defined as being under common management or by operating in the market under the same brand or commercial name. This clause applies even when there is no shareholding participation. Consolidated statements may encompass mutual funds, in which banks face substantial risk exposure. Resolution 2723 states that the BCB may only grant authorization where it has full information required to evaluate the cross-border investments, in order to ensure a global consolidated supervision. Such regulation applies to all cross-border entities. Banks that establish foreign branches or have control of foreign financial institutions should submit the reports and queries addressed to their branches or subsidiaries by the host supervision authority to the BCB. The BCB considers access of information and exchange of information with the host supervisory authority as part of the overall approval process. The applicant must present a declaration committing itself to provide the BCB, complete and unrestrictedly, with all information, data, documents and verifications needed to evaluate operations and the risks assumed by affiliated institutions. |
||||||||||||||||||||
| EC4 | The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment. | ||||||||||||||||||||
| Description and findings re EC4 | For investments resulting in the acquisition of controlling interest in domestic financial institutions, the BCB performs the type of analysis required for changes in control as described in CP 6 - Transfer of Significant Ownership. In all other cases of investments by financial institutions, the BCB requests, at least, “[.] the description of the invested company’s activities and business purpose, the expected synergies stemming from the investment and its alignment with the participating entity’s business strategy [.]”, according to Resolution 4062. | ||||||||||||||||||||
| Once again, it is worth noting that authorization for investment may be granted only where the activities of the investment target complement or support the activities of the investing entity. | |||||||||||||||||||||
| EC5 | The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities. | ||||||||||||||||||||
| Description and findings re EC5 | As discussed in EC1 above, the BCB has the power to prevent the investment in non-banking activities by a bank as the Banking Law requires prior approval of acquisitions. On a continuing basis, the BCB, through Circular 2981, requires banks to detail their direct or indirect investment in: all foreign companies, domestic companies that are subject to consolidation, companies where the bank investment exceeds 10 percent of the company’s shares and where the book value of the investment exceeds 10 percent of the net worth of the participant. The BCB includes these investments in the supervision of the bank and the regulations provide the BCB with the authority to require information needed for its supervisory purposes. The BCB’s SRC (see CP8) aims to routinely perform a comprehensive assessment of the risks each supervised institution is subject to. This assessment considers the risks related to its most relevant activities and familiarizes the supervisor with the entity’s general risk structure and encompasses all material risk areas. In financial conglomerates with relevant pension fund and insurance activities, those risks are assessed within the existing methodological limits, and when necessary, information is sought with the respective supervisory bodies. In addition, according to Resolution 4019, the BCB is able to take preventive actions regarding any financial institution in order to mitigate systemic risks. In this sense, BCB can restrict or put any bank investments on hold, or even require asset disposal. |
||||||||||||||||||||
| AC1 | The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments. | ||||||||||||||||||||
| Description and findings re AC1 | The terms of Resolution 4062 (which itself amends Resolution 2723) require the BCB’s pre-authorisation for any acquisition by a financial institution (including the bank) whether the investment is direct or indirect. Acquisitions by the controlling shareholders of the financial institution do not require the BCB authorization. While the BCB does not have the legal powers to review and approve acquisitions made by related entities outside the BCB’s supervisory perimeter, the risks related to such acquisitions are considered in the context of ongoing supervisory process. Specifically, the exposure of a financial institution to risks relative to activities performed by related entities outside the BCB’s supervisory perimeter is assessed in the context of the supervisory analysis of contagion risk within the overall SRC process (please see CP8 for more details). The non-financial objectives of a financial institution and its management are assessed as strategy risk. The supervisory work also aims to gather information regarding the financial conglomerate’s management quality, including all industries and the companies that are part of the conglomerate, including the non-financial industries. “Management Special Verification - Corporate Governance” includes, among its procedures, an analysis of the quality and effectiveness of the performance monitoring process relative to the planned goals and strategies, including non-financial objectives. The existence of procedures to identify and track operational risk of non-financial companies that are part of the consolidated group is assessed in “Management Special Verification - Operational Risk”. (Please see EC4 of CP 9 - Supervisory Techniques). “Special Verification - Other Assets and Non-Financial Liabilities” deals with the assessment of the quality of management of non-financial assets and liabilities, with emphasis on internal controls and the procedures used for bookkeeping. It is worth noting that, according to Resolution 4122, acquisitions of 15 percent or more of the capital of any financial institution is subject to subsequent authorization by the BCB, which takes into account possible relevant interference on the management and strategic decisions taken by invested company. In addition, as earlier mentioned (please see EC 5), the BCB has the option to use prudential measures regarding any financial institution in order to mitigate systemic risks, according to Resolution 4,019 (see Article 3 for list of measures). These powers provide the BCB with a range of options, including asset disposal, to remedy concerns arising in this scenario. |
||||||||||||||||||||
| Assessment of Principle 7 | Compliant | ||||||||||||||||||||
| Comments | The BCB operates under a at tight legal regime which requires it to authorize all acquisitions, significant or otherwise, whether direct or indirect. Based on documents the assessors were able to review, the BCB carries out its assessments and approvals on a conscientious and rigorous basis, and the ongoing supervisory process is alert to the range of risks that can be triggered by major acquisitions, such as reputational, strategic or contagion. Notwithstanding the BCB’s ability to ensure an efficient process when scrutinizing acquisitions and discriminating in terms of the significance of the acquisition, the BCB would benefit from a de minimis threshold being inscribed in the Banking Law, albeit with continuing discretionary powers to examine an acquisition if deemed necessary Over the past five years, the BCB has had to assess 563 acquisitions, of which approximately only 20 percent related to financial institutions. |
||||||||||||||||||||
| Principle 8 | Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 |
The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis. |
||||||||||||||||||||
| Description and findings re EC1 | The BCB has undertaken a major refreshing of its supervisory approach since the last BCP assessment. This approach is set out in the Risks and Controls Assessment System—the SRC—a methodology that is applied on a consolidated basis and whose application is supported by guidelines (supervisory manuals), parameters and structured processes to support the risk analysis of the financial institutions (FIs). The SRC includes two main assessment modules: Risks and Controls Assessment (ARC), and Economic-Financial Assessment (ANEF). These assessments are designed to be independent but interrelated, and are updated throughout the supervisory cycle through a combination of on-site and off-site procedures and using both quantitative and qualitative information. The ARC component considers 10 types of risk: Credit; Market; Liquidity; Contagion, Reputation; Strategy, Operational, Information Technology, Anti Money Laundering and Relationship with Customers and Users of the Banking System. ANEF combines quantitative and qualitative analysis to assess Solvency (including liabilities, quality of assets and capital adequacy), Liquidity and Profitability. The SRC methodology is applied to the significant business activities of the institution. The significant business line activities of the FI are identified based on parameters such as relevancy to the assets, contribution to income, off balance sheet activities, potential impact on the capital, etc. The business activities, therefore may, or may not (at the supervisor’s discretion) map to the individual entities within the prudential conglomerate. The BCB supervisors noted that although the more complex banks had a tendency towards matrix management, the supervisor might have reasons to identify a specific legal entity as one of the significant business lines in the risk matrix. Some of the risk components are considered for each of the significant business activities (some risks will not be relevant for some business activities) and the “corporate” risks (Reputation; Strategy, Operational, Information Technology, Anti Money Laundering and Relationship with Customers) are considered on a consolidated basis. The Risks and Controls Assessment in the SRC evaluates the level of inherent risks of the Fl’s business lines as well as the residual risks once the quality of mitigating controls, including the corporate governance of the FI, has been taken into account. The result of this evaluation is summarized in the risk and control matrix of the FI, which shows the scores assigned to each risk and control. The results of the ANEF are combined with the conclusions of the risks and controls assessment. The final score of the Risks and Controls Assessment module, is based on a weighting of the relative importance of each business or activity to the FI. Scores have recently been made more granular to allow for greater distinction when comparing peer groups of banks. The activities of the FI as well as the scores assigned to the associated risks and controls are thus shown in a risk matrix of the FI (which is held in the SisAPS database). The supervisor uses the matrix to identify fragilities or areas of special concern, that warrant special monitoring, specific and in-depth reviews, or where the FI will have to define actions plans to address or mitigate risks. The assessments’ findings, scores, as well the weight of each significant business or activity and its associated types of risks can be adjusted at any point during the cycle responding to the results of any actions taken during the continuous evaluation process. All outputs and conclusions from the assessments under the SRC, as well as monitoring of follow up procedures, are input into the SisAPS (Supervision Process Automation System). There is an extensive and detailed supervisory manual available to the staff to guide them in how to analyze the information and identify suitable scores. This guidance, which is ultimately made public, was in the course of revision at the time of the assessment. Credit, Market and Operational Risk modules were published in the second half of 2017, the modules on corporate governance and IT risks were targeted for publication by end 2017 and the modules on Liquidity Risk, Reputational Risk, Contagion Risk and AML/CFT were due by end 2018. All of the elements of the SRC (both ARC and ANEF) must be kept updated and examined throughout the supervisory cycle. The scores are aggregated in an overall score that expresses the Fl’s risk profile. (See EC2 for explanation of cycle and planning). It should also be noted that two of the risks—AML/CFT and client relations—are not examined by the prudential supervision department (DESUP), but by the conduct supervision department (DECON) and thus the integrated assessment of an institution depends on the coordination between the onsite prudential supervisors (DESUP), and the offsite monitoring department which handles, processes, analyses and flags data (DESIG). |
||||||||||||||||||||
| EC2 | The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis. | ||||||||||||||||||||
| Description and findings re EC2 | As noted in EC1, the supervisor must evaluate elements of Risks and Controls as well as the Economic-Financial Assessment during the supervisory cycle for the FI. The duration of the supervisory cycle, as well as planning and prioritisation of supervisory actions, depends on the supervisory priority or rating, ranging from one year for the FIs classified as SIFIs (systemic important financial institutions), and High or Medium-High priority to a three-year cycle for the low priority FIs. The priority given to the FIs is set using a combination of systemic importance and risk profile. Quantitative data are used to determine the systemic importance of the FIs, while the SRC process delivers the risk profile. The priority/ratings matrix is updated a minimum once a year to identify changes in the classification of priorities. Although the BCB introduced a formal segmentation of the banks in 2017 (Resolution 4553), distributing the banking sector into 5 segments, of which segment 1 (S1) is the highest and reserved for the domestically systemic banks (DSIBs), the supervisory cycle is not an automatic reflection of the segment in which a bank is placed, except for the S1 banks who are always on the shortest cycle (1 year) and to whom the highest supervisory standards are imposed. If a smaller bank, of S3 or S4 had elevated risks or vulnerabilities in its profile, it would also be put on a shorter supervisory cycle. Overall, the planning and the prioritization of supervisory activities is based on a variety of factors: inputs and guidance from the Deputy Governor for Supervision and the Heads of Departments; Priority Matrix; macroeconomic scenarios; results of previous work in the institutions, SRC process; ongoing monitoring; and information from other areas of the BCB, international supervision bodies, government entities, and external auditors. At the end of the supervisory cycle, the supervisor presents the conclusions on the risk profile and viability of the FI to the SRC Committee—COREC. All the analyses, data and evaluations from the supervisory cycle are factored into the presentation to the COREC which undertakes a challenge process and ultimately decides upon the rating for the FI as well as specific supervisory actions proposed for the next supervisory cycle. Although the COREC receives a presentation and documentation prepared specifically for the ratings assessment, all the members of COREC have full access to the supervisory database and can examine this information independently if they wish to do so. When the COREC makes its decision, it is at this point that the Fl’s rating becomes a formal view of the Supervision Department of the BCB. Nevertheless, it is important to note that the supervisor responsible for the FI can amend individual component scores or the rating of the FI at any point during the cycle, responding to information that is received and evaluated. The Supervisor can review the scope defined for each FI at any time during the cycle if there are any changes in its strategy, risk profile or economic-financial situation. If necessary, the supervisor can call a meeting of the COREC. This allows, for example, for an FI that had been on a three-year cycle, to be brought onto a shorter supervisory cycle in order to address emerging risks and stresses. The SRC methodology is based on the principle of proportionality in defining both the scope of evaluation and the intensity of the supervisory actions. Hence, in terms of planning the supervisory actions, the Supervisor must include a schedule of meetings with senior management, in order to get an understanding of strategies, plans and expectation over the coming and future years, but the frequency of such meetings will vary. For one of the major systemic banks, an excess of 60 meetings per year may be required. The lower priority banks are allocated 40 working days per year for the completion of supervisory tasks and there is a stronger reliance on quantitative analysis for such banks than there is for the more systemic or higher risk banks. In terms of monitoring progress, the supervisory activities over the course of the cycle, established at the Annual Supervision Program (PAS), are monitored through the SIGAS system and the more senior the management level, the greater the degree of aggregation of data is available so that overall progress of activity in the department can be monitored. The SIGAS system also includes detailed information—as relevant—for why activities have been delayed and what relevant action or monitoring is being conducted instead. In terms of executing the activities of the supervisory cycle, CP9 provides more information, but the on-site procedures are an integral part of the SRC process and the Supervisor can carry out targeted inspections to assess specific risks as well as for verification of regulatory compliance by FIs. On site procedures seek to combine periodic reviews of areas identified as relevant to the FI through the normal process of monitoring as well as issues for follow up from previous assessment. Continuous monitoring (offsite), under SRC, uses information from a range of different sources such as:
In terms of forward looking analysis, the BCB’s off-site supervisory department conducts stress tests. Both macroeconomic stress tests and sensitivity analyses are used. The macroeconomic stress test measures effects in credit and market exposures and the resulting impact on capital needs for each bank. The sensitivity analysis, on the other hand, stresses one variable (delinquency rate, exchange rate, interest rate, house prices) and calculates the capital needs. In the wake of the financial crisis, the BCB wished to improve stress tests as a risk management tool by the FIs and the BCB itself. Improvements the BCB has worked on since the last FSAP include:
At the end of 2015, the Financial System Monitoring Department (DESIG) initiated a project to enhance the use of stress tests, integrating the tools into both macro and micro prudential approaches. The project includes the following:
The top down stress testing model includes the development of macroeconomic scenarios (baseline and adverse) with different indicators such as output, domestic interest rate, exchange rate, inflation, unemployment, country risk premium and foreign interest rate. Besides the indicators there are two stages in the stress testing model: (i) a macro econometric model (a VAR (vector autoregressive) model), that estimates stressed relevant macroeconomic variables (FX, GDP, CPI, IR (US and BR)), and (ii) a dynamic panel model estimating delinquency and credit portfolios (NPLs) bank-by-bank based on the predictions obtained from the VAR model and the parameters established by the BCB. The two-stage model is designed in order to analyze a bank’s portfolio sensitivity / quality to the economic cycle. The overall objective is that, taken together, TEBU, TEMTD and the internal capital adequacy assessment process (ICAAP) stress tests should be capable of providing a comprehensive insight into of the solvency of large banks in Brazil and, consequently, of the stability of the financial system. The smaller banks are not required to perform the full ICAAP approach and a simpler ICAAP approach is applied in their case. Additionally, in order to gauge the impact of the build-up of risks in one bank or banking group to the entire system, there is the Contagion Analysis. It uses data stored in the BCB databases (required from the clearing houses) and allows the BCB to assess how connected the financial institutions are and the potential for contagion to affect other institutions through their interbank exposures. |
||||||||||||||||||||
| EC3 | The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements. | ||||||||||||||||||||
| Description and findings re EC3 | As set out in the BCB’s Supervision Manual (MSU) (3.10.10, § 2,) the focus of the supervisory model is the assessment of risks and controls as well as analyzing financial statements and checking compliance with applicable laws and regulations applicable (MSU 3:10:10, § 3). In particular, the purpose of the Special Examinations (VEs)—targeted inspections— (MSU 4.30.10.50) is to evaluate matters or relevant areas of the FIs, such as—level of risk exposure and the capacity of the FI to manage it adequately; quality and reliability of accounting and financial information provided to the BCB and general public; and compliance with applicable laws and regulations of the BCB. The SRC process (MSU 4.30.40) also includes the verification of compliance with key regulatory and legal standards - including the minimum Basel capital ratio, credit concentration limits, currency exposure and immobilization and, in particular, standards relating to risk management - and requires financial institutions to correct deficiencies. Supervision monitors regulatory operational limits (MSU 4.20). The Offsite monitoring (DESIG) plays an important role in identification and also assessment of compliance with regulations. Noncompliance is reported through the Integrated Monitoring System—SIM—on a monthly basis, or via ad hoc communications, when necessary. For example, SIM can issue signals relating to: a) significant changes in economic and financial indicators and scores, based on the accounting information (Cosif) and capital (DLO), which may indicate risks related to the soundness of assets and the ability to generate profits; b) situations that may represent a particular type of risk (credit, market, liquidity, etc.); c) occurrence of events that indicate irregularities; d) possible changes in the operational profile; e) possible non-compliance with the operational and regulatory limits; and f) Special studies as a way to deepen or improve some specific risk or theme. Also, the Conduct Supervision Department (DECON) is responsible for assessing compliance with regulation related to consumers of financial products, ALM and CFT. As with supervision, DECON carries out its responsibilities through onsite and offsite reviews. Like DESUP, DECON has autonomy to issue letters to FIs or propose a punitive process against entities or administrators. Decon must, however, communicate the conclusions of such actions to the Supervision Department and the outcomes must be incorporated to the SRC conclusions. |
||||||||||||||||||||
| EC4 | The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectorial developments, for example in non-bank financial institutions, through frequent contact with their regulators. | ||||||||||||||||||||
| Description and findings re EC4 | The BCB is able to monitor a number of sectors of the financial system providing it with information that can support its supervisory work. For example, loans with an exposure of more than R$200 (USD60) are reported to the Credit Information System (SCR) giving the BCB the scope to monitor individuals’ debt servicing burden, LTVs on housing and vehicle financing, risk appetite, forbearance and several other credit risk metrics. Similarly, all FX operations and credit lines are registered online at the BCB. Additionally, the BCB has the registration data on, for example, derivatives and securities issued by all financial institutions. In order to perform its systemic and sectoral analysis, the BCB obtains information not only from the FIs and non-FIs but also from other sources: the SCR, other regulators (financial markets, investment funds, pension funds and insurance), central registries, clearinghouses, external auditors, rating agencies, government data, private data, international agencies (FSB) and international data, facilitated through MoUs. Data is aggregated by risks, markets and products. Stress tests, interconnectivity and systemic tests are conducted on a macro level. Also, the supervisors seek industry perspectives on financial market issues such as credit growth, new instruments, market practices, deterioration of sectors or individual companies, investors’ risk appetite, etc. Information is analyzed by the Financial System Monitoring Department of the BCB, and then shared with the Banking Supervision Department, the Financial Stability Committee (COMEF) and the Financial Stability Report. Moreover, the COREC discussions, where the rating and supervisory plan for FIs are agreed, reflect the key concerns and themes arising from these analyses and can lead either to targeted inspections in relevant institutions or to horizontal reviews. The Financial Stability Report (FSR), published twice a year on recent developments and outlook on financial stability in Brazil. The FSR, recently relaunched to be more forward looking, and includes research and analysis on current topics that may have financial stability implications. The FSR also publishes the forecast baseline and adverse scenarios for the BCB macro economic stress test. The BCB is a member of two committees which are concerned with systemic risk: the Financial Stability Committee (COMEF) which is internal to the BCB and Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension (Coremec) which is cross sectoral. In the 2015/2016 crisis, stress tests reports were made to both forums on: FX; credit; liquidity; NPL; funding; household debt service ratio; house price index; and total capital ratio among several others. The analyses provided the BCB with a financial stability map, aiding it in defining its course of action. The BCB maintains an annual schedule of meetings with other domestic authorities, including insurance supervisors, the Securities and Exchanges Commission (CVM) and the Brazilian Federal Revenue Office. The meetings with the insurance supervisors focus on the banking-insurance conglomerates. Drawing on its experience participating in a number of FSB working groups on shadow banking, including the collection of system wide data, the BCB has developed some monitoring tools including non-banking financial entities, such as the step-in risk for investment funds liquidity and direct interconnections in the wide financial system as described in EC5. |
||||||||||||||||||||
| EC5 | The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability. | ||||||||||||||||||||
| Description and findings re EC5 | The main coordination between national regulators of the banking system, capital markets, pension and insurance sectors is carried out through Coremec which is composed of representatives of the BCB, CVM (Financial services and securities regulator), Previc (Social Security regulator) and Susep (insurance regulator). The committee’s objective is to promote the improved performance of the domestic authorities with regulatory and supervisory responsibility for activities related to the collection of public savings (Decree 5,685). Additionally, the information-sharing agreements established between the BCB, CVM, Previc and Susep, facilitate exchange of specific supervisory information on the investment fund, insurance and pension fund sectors. For example, from 2014 onwards, data on loans held by SFVs (supervised by CVM) are also held in BCB’s Credit Information System (SCR), as noted in EC4, and supports supervisory analysis and cross checking of exposures, concentrations, quality of loan performance and inter-connectedness. Findings and concerns received from these regulators are incorporated on the SRC analysis. Depending on the degree of concern, issues are escalated to the senior management or even the Board of the FI. The BCB’s monitoring includes: a) generation of information and analysis on the behavior of entities and sectors by type of activity; b) monitoring the trends in the banking system’s aggregate balance sheet, results, and activities; c) early warning communications to supervision on changes in the capital and financial structure of banking entities; and d) indication of shifting risks and potential changes in the operational strategy of institutions. As noted in other ECs in CP8, stress tests and the contagion exercises are seen as important tools in assessing the built-up of risks within and across banks. Individual results of stress tests are presented in the supervisory colleges which the BCB is part of. Information received by the BCB from Previc, Susep and CVM is used to construct a system wide financial network in which direct interconnections are mapped and a better picture of financial contagion can be identified and analyzed. The agreement with CVM also allows a closer assessment of liquidity step-in risks for open-ended investment funds. As the largest asset managers are part of or linked to banking groups, the BCB monitors open-ended investment funds’ exposures to less liquid assets in order to evaluate the impact on banks’ liquidity of a possible provision of financial support in stressed scenarios. The numbers are available to the on-site supervision on a monthly basis and are used when analyzing contagion risk. Aggregate numbers are reported to the Financial Stability Committee (COMEF) on a quarterly basis. Since 2015, and also as noted in EC4, several stress tests have been carried out and results presented at the forums of COMEF and the Coremec. The analyses provided the BCB with a financial stability map. A recent (2017) revision of the BCB’s Financial Crisis Management Plan (FCMP), which sets out governance and arrangements for crisis management, establishes that, depending on the behavior of a series of certain variables, alerts will be triggered, leading if necessary to an “Alarm Situation.” |
||||||||||||||||||||
| EC6 | Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business. | ||||||||||||||||||||
| Description and findings re EC6 | BCB is the single resolution authority for financial institutions but resolvability assessment is still in progress. Additionally, legislative changes in resolution law are anticipated. The current resolution framework is established by Law 6,024 and Decree-law 2,321, where Law 6,024 regulates the intervention and liquidation and Decree-law 2,321 regulates the Temporary Special Administration Regime (Raet). Combined, those are the resolution regimes applicable to financial institutions in Brazil. In addition, Law 9,447 regulates the responsibility of owners, directors, executives, officers, members of other corporate structures and independent auditors of a firm under resolution and, provides BCB with the following complementary powers to early intervene or resolve: I - capitalization of the company, with the contribution of resources necessary for their uplift, in an amount specified by it; II - transfer of control; III - corporate-reorganization, including merger, consolidation or spin-off. The main conditions for entry into resolution are situations of severe economic and/or financial distress (insolvency, failing or likely to fail) and severe violation of Brazilian banking laws. The BCB has discretion to decide on the use of appropriate resolution tools under the legal framework, considering the importance of the operational continuity of the institution and the likelihood of the contagion risk. This decision is taken by the supervisory team and must be approved by BCB’s Board of Governors, which includes the Deputy Governor for supervision and the Deputy Governor for resolution. Since 2013, as the home authority of a G-SIB resolution entity (Santander in a Multiple Point of Entry approach), BCB has a Cross-border Cooperation Agreement with authorities from EU, Spain and the United Kingdom concerning the Santander Group. The agreement sets out how the authorities will communicate and coordinate, both during normal periods and in times of crisis, with a view to facilitating the resolvability, recovery or, as necessary, an orderly resolution of Santander, including its recapitalization, restructuring, sale, liquidation or wind-down, where appropriate. The resolution department heads the work under the Santander’s CMG in joint responsibility with the supervisory area. In 2016, recovery planning was extended to all of domestic systemic important banks (D-SIBs). Under Resolution 4,502, D-SIBs are required to prepare recovery plans. The phase-in of this process started in December 2016 and will end in July 2018. After that, the D-SIBs will update their recovery plans annually. To support the work on resolution, in 2016 the BCB created the Department of Resolution Regimes (Deres), with the staff of the former Department of Bank Liquidation. This new department has, among other mandates, the responsibility for developing resolution plans and conducting resolvability assessments. While progress has been made on the resolution plans of all D-SIBs, such plans will only be concluded after the first recovery plans are delivered by the banks. In January 2017, the BCB also created a strategic Resolution Committee (COPAR) to support coordination between supervision and resolution areas in relation to resolution planning, resolvability assessment and resolution actions. COPAR’s membership is composed of the heads of the departments involved in resolution and crisis management (departments report to the Deputy Governor for supervision and the Deputy Governor for resolution respectively) Additionally, the BCB participates in the FSB Cross-Border Crisis Management Group (CBCM) and FSB Resolution Steering Group (ReSG) and, at the time of the mission, the BCB was in the final stages of preparing a new resolution law, aimed at aligning the Brazilian legal framework with the FSB’s Key Attributes for Effective Resolution. Until the new resolution law is passed the BCB lacks the power to require changes in firms’ structures to improve their resolvability. It is also hoped the new law will bring a broader list of situations when resolution can be decreed. |
||||||||||||||||||||
| EC7 | The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner. | ||||||||||||||||||||
| Description and findings re EC7 | BCB’s supervision relies on daily information provided by the system-monitoring department, which uses early warning alerts to flag where a prompt response is needed. This mechanism is designed to permit the BCB’s staff to take timely actions to deal with situations of severe stress. As described in EC6, the BCB has introduced a department focused on resolution and created a coordinating committee to support the communication and relationship between the supervision and resolution departments, and ultimately any need for resolution decisions to be made. The BCP pays attention to changes in patterns of operational indicators and has devoted analytical efforts to designing early warning indicators (which are refined over time through supervisory evaluations). Indicators such as delinquency, provisions, credit migration matrix, and the condition of individual debtors are also monitored. Besides the mainstream supervisory process, in stress situations, indicators such as exposure to sectors, to individual clients, stress tests or delinquency evolution are set and monitored. Supervisors also collect managerial information and market perspectives from the banks. For example:
When signals of deterioration are identified, the supervisors decide on the escalation of measures to adopt, on a case by case basis. These measures can range from discussions with senior management expressing concerns and asking for a corrective action, up to prudential preventive measures or resolution strategies. For Recovery and Resolution actions please see EC6. As mentioned above, the BCB has a Financial Crisis Management Plan (FCMP), whose objective is to prepare the Central Bank to act in times of crisis, through the prior identification of actions that can be implemented, and with emphasis on the coordinated action of different areas of the BCB, and of national and international authorities. |
||||||||||||||||||||
| EC8 | Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. | ||||||||||||||||||||
| Description and findings re EC8 | Supervisors have the authority to prevent restructuring if they suspect the intent is to evade the regulatory perimeter. Notably, the BCB has extensive powers—see CPs 6 and 7—in relation to the establishment of new FIs, acquisitions, mergers or changing of corporate purpose, either of financial or non-financial entities, which provides it with a locus in respect of active restructuring by banks. The perimeter of the prudential regulation has been expanded by Resolution 4,280. From 2015 onwards, in line with Basel III recommendations, banking groups’ prudential consolidation has been widened, to include consortium managers, credit card acquirers, securitization companies, special purpose entities and investment funds, if the majority of its risk or economic benefits are held by the financial conglomerate. The BCB has also been given the responsibility for authorization and supervision of a significant part of the Brazilian Payment System entities (Law 12,865) providing oversight and understanding to a wider sector of the financial markets. |
||||||||||||||||||||
| Assessment of Principle 8 | Largely Compliant | ||||||||||||||||||||
| Comments | The BCB has continued to develop its high quality SRC methodology for assessing banks and has made some significant and valuable changes since the last assessment. One is through the introduction of its twin peak model so that the perspective of the prudential and conduct supervisory processes can be integrated into the overall view of the financial institution. Another is through the recent decision to place a central emphasis on the role and execution of corporate governance in financial institutions. Thirdly, the BCB has formally segmented the banking sector into categories ranging from the DSIBs (segment 1) to the micro credits and cooperatives at segment 5. This segmentation, formally confirmed in a resolution, has facilitated policy reflection on the appropriate application of proportionate supervisory action, while ensuring that all institutions are assessed over a reasonable time horizon as well as ensuring that the system has flexibility to respond to emerging stress at individual institution level or at the system level. No formal distinction of process is made between publicly owned banks and privately-owned banks. The BCB has begun work on recovery and resolvability, a component in the revised 2012 BCP methodology that affects several CPs (including CPs 3, 8 and 13). This work is not yet complete and is reflected in the grade of this CP only. It is, however, important to recognize that neither this CP nor CPs 3 and 13 comments on or assess whether a jurisdiction has been effective in resolution actions. In CP8, the test is notably to ensure that any preparatory work that can take place pre-crisis has been undertaken. This includes work on ensuring, in the course of day to day supervision and not at a time of stress, that a bank or banking group can be resolved in an orderly and efficient manner (i.e. assessment of resolvability and action to ensure resolvability if needed). It also includes ensuring that internal planning and organization has been designed optimally to facilitate swift and effective decision making, including, as necessary, resolution action. Because the new resolution bill had not been passed at the time of the assessment, a number of the BCB’s new internal regulations and procedures were still pending. The BCB is, however, recommended to ensure that it designs a clear decision-making process to avoid any undue delay in moving to recovery or resolution if needed. |
||||||||||||||||||||
| Principle 9 | Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The supervisor employs an appropriate mix of on-site10 and off-site11 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed. | ||||||||||||||||||||
| Description and findings re EC1 | The supervisory process is documented in the Supervision Manual (MSU), which describes the supervisory model adopted by the BCB and sets out all the tools that can be used by Supervisors. The supervisory approach incorporates a twin peaks model and consists of the following overarching-processes:
The monitoring approach focuses on assessing the economic and financial condition and other risk dimensions of the individual and prudential conglomerate institution. This monitoring covers a wide range of oversight, including areas such as balance sheet analysis, regulatory limits and solvency, and also includes risk analysis such as credit, liquidity and market, as well as analysis of integrity of information and performance in other markets. In order to perform off-site monitoring, a comparative analysis among institutions is performed to identify outlier behavior that might represent a risk to financial institutions. When an irregularity, such as a significant variation in a monitored indicator, is observed in the monitoring process, DESIG notifies the Supervision Department (DESUP) using the Integrated Monitoring System (SIM) - please see CP8 EC3 for a more detailed description. The range of supervisory activities conducted by DESUP, set out in the MSU, includes on and off site inspections, ongoing monitoring and horizontal reviews. It is responsibility of the Supervisor, defined as Central Point of Information (PCI), to consolidate the results of these activities in the SRC process. In banking supervision, the PCI is the supervisor in charge of the financial institution (FI). A supervisory cycle will include inspections and supervision has in its portfolio of on-site procedures inspections to assess specific risks and to verify the compliance of institutions with laws and regulations. Inspections are typically agreed during the planning period of the supervisory cycle but can be commissioned at any point during the cycle in response to new information. Inspections can be on a single FI or also horizontal reviews. Supervision may therefore undertake focused inspections responding to indications of possible breach of laws or regulations; trends identified during the supervisory cycle; or to follow up on progress regarding corrective actions and previous inspection results. Inspections can be carried out by the team responsible for the supervision of the conglomerate or targeted, special verification (VE) examinations can be performed by specialist units in DESUP, focusing on, for example, on credit, market, and liquidity risk. In scoping the intensity and duration of the inspection, the Supervisor is required to take into account the principle of proportionality, reflecting nature, size and complexity of the FI. Inspections can be performed either on the FI premises or remotely, if physical presence is not necessary. The objective of any inspection is to identify the risks of the FI and the evaluate the control environment, as well as examine the performance of the senior management. The ongoing monitoring by Supervision is expected to verify any changes in equity structure and risk profile; quality of management; compliance with regulatory standards and limits; and the reliability of the accounting and financial information of the FIs. The ongoing monitoring should enable the supervisor to act proactively by proposing specific supervisory actions and providing timely information to senior management. It is the responsibility of the supervisor defined as the PCI to keep up-to-date records on the risk profile of the FI, consolidating and, when necessary, sharing information on the FI. (MSU 3.10.10.10) Under the overarching supervisory model, each department has the autonomy to carry out its own activities but has the responsibility of cooperating with the other departments to ensure an overall comprehensive and consolidated assessment of the FI. The BCB has created three committees—strategic, tactical and operational—in order to enhance the governance and integration of the Supervision Division (DIFIS) to which DESUP, DESIG and other supervisory departments belong.
|
||||||||||||||||||||
| EC2 | The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. | ||||||||||||||||||||
| Description and findings re EC2 | The supervisory action plan for each prudential conglomerate—and for individual banks if there is no conglomerate—is set out in the Supervision Action Plan (PAS) and is monitored throughout the year. It includes all the planned actions - inspections, horizontal reviews, monitoring, SRC process - as well as the budget. The PAS is proposed by the on-site supervisor and is agreed at the COMEF for the forthcoming supervisory cycle for the institution/conglomerate. In designing the PAS, a number of elements must be taken into account:
Taken together, these elements ensure that the supervisory planning process reflects a number of factors such as: macroeconomic scenario; results of previous work at the supervised institutions; Risk and Control Assessment System - SRC; monitoring; data from the supervisory cycles; information from other areas of the BCB, international supervisory entities, government agencies, independent audits and the press. (MSU 4:10:10 - 4) The greater the systemic importance of the institution, the greater the number of supervisory activities planned as well as the amount of resources allocated and closer monitoring. The PAS can be and is adjusted during the year, reflecting new information or developments identified through off-site monitoring and on-site examinations (MSU 4.10.10: Supervision Process of the National System - Planning and Management of Supervision - Elaboration of the Supervision Program - 8 and 9). The assessors saw examples of the dashboard monitoring the progress of the PAS and the underlying records of reasons why certain activities were not taking place according to the initial planned timetables. The Supervision Process Automation System (APS) ensure that the supervisor responsible for a conglomerate has straightforward access to a dashboard indicating the progress of the PAS. Also, each level of hierarchy can see a more aggregated picture of the overall progress of the PAS, as well as being able to drill down into the specifics for any given institution/conglomerate. The execution of the PAS is recorded and monitored in the Integrated Supervisory Action Management System (Sigas)—the IT system—and periodic reports are prepared on its implementation. At the end of the year a summary of completed supervisory actions is posted on DIFIS’ web portal. The BCB explained that supervisors in charge of FIs as well as the supervisory teams are expected to share information with colleagues and teams on a proactive basis. In particular there is information exchange prior to the start of a planned action and again at its conclusion. Ultimately, the Supervision Action Plan (“PAS”) must be approved by the Head of DESUP, together with the other units in DIFIS (Internal Rules of the BCB, item V of Article 81 of Decree 84287, as amended by Decree 92743). It is the responsibility of the Planning, Budget and Management Department (DEPOG) to coordinate the planning, budgeting and management regarding DIFIS (Article 56). The Strategic Management, Integration and Support for Supervision Department (DEGEF) is the unit responsible for coordinating the planning, budget and management processes regarding the departments of DIFIS (Article 74). |
||||||||||||||||||||
| EC3 | The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable and obtains, as necessary, additional information on the banks and their related entities. | ||||||||||||||||||||
| Description and findings re EC3 | SRC guidelines require a wide variety of qualitative and quantitative information that supervisors should obtain from institutions and other available internal and external sources. In addition to supervisory reporting (please see CP10) the BCB has a range of data and databases at its disposal. For example, the Solvency Component of the economic-financial assessment module of the SRC includes the verification of the adequacy of the recognition and accounting measurement of the main assets and liabilities in the financial statements, as well as the evaluation of certain issues related to the composition and evolution of the capital (MSU 4.30.40.10.3). Furthermore, the validation of information received by the supervisor is conducted through the continuous monitoring process (receipt, reconciliation, and monitoring of information and developing trends) as well as through the inspection process. In addition to the information produced by the institutions themselves, Supervision also receives information from Trading Repositories (TRs). This is deemed essential by the BCB to assure and enhance data quality in the Supervisory Processes. Reporting data to a TR is mandatory in Brazil for most transaction types and for nearly all asset classes. In addition to financial transactions that are traded on and registered in authorized exchanges and electronic trading platforms, OTC derivative, spot foreign exchange, fixed income, and credit operation transactions must also be reported to TRs. Five of the main TRs operated by the BCB cover FX transactions, (Sisbacen – Sistema Câmbio), a central securities depository for government bonds (Selic), the credit information system (SCR – discussed in CP8), credit information on domestic residents raising funds outside Brazil (RDE-ROF), and on loans which are originated for on-sale in certain sectors, such as auto loans (CIP-C3). Two privately operated TRs, recently merged (“B3”) covering a range of transactions including private and government bonds, OTC derivatives, equities and FX. The BCB has a data quality framework that includes the use of defined standards, terms and governing principles regarding information management. Supervision may, at any time, demand additional information needed to evaluate the institutions’ risk exposure. Supervisors may also use the work of external auditors, and meet with their representatives. Resolution 3,198 of 2004 requires the detailed auditor’s opinion on the financial statements. |
||||||||||||||||||||
| EC4 | The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any. |
||||||||||||||||||||
| Description and findings re EC4 | Analysis of financial statements Analysis of financial statements and accounts takes place within the framework of the economic-financial assessment module under SRC process (ANEFs). (MSU 4.30.40.10 3):
Business model analysis (BMA) The BCB has been rolling out a Business Model Analysis (BMA) program since 2016, with full implementation expected by 2019, seeking to identify FIs or business sectors with vulnerabilities in their models, or even unrealistic business models, which may lead to an early intervention by DESUP. The BMA entails: 1) structured processes for forward looking analysis; 2) structured and periodic collection of forward-looking information; and 3) setting of parameters to evaluate the information obtained. The BMA is intended to improve the peer grouping and peer group analysis and development of relevant benchmark criteria for business models and also for individual business lines that will facilitate comparative analysis of FIs with their peer group, or competitors in the various sectors. The consistency of FIs’ financial projections can also be assessed. Even though the BCB is still rolling out its new BMA program, elements of the current supervisory process already address business model analysis:
Horizontal peer reviews Horizontal reviews are usually carried out to assess a theme or issue in a banking sector (eg SIFIs). Horizontal analysis approaches were formalized in the MSU in 2017. Horizontal reviews require a specialized or central team to coordinate the work, defining the procedures and approaches to be used. The assessors were able to discuss some of the horizontal reviews with the specialist teams. Recent topics have included: Concentration risk management in six major banks based on analysis of ICAAP reports of these FIs; Procedures for recognizing credit risk mitigation in the calculation of risk-weighted assets (RWA) in the standardized approach to capital adequacy calculation; Analysis of the Explanatory Notes to the Financial Statements of DSIBs; Foreign Exchange Operations; and Contingent Tax Liabilities. Stress tests In the wake of the financial crisis, the BCB wanted FIs to improve their use of stress tests as a risk management tool. Several regulations have been issued since 2009: Resolution 3,721 and Resolution 3,988 and since 2017 Resolution 4,557sets out the framework for stress tests in FIs (although as noted in CP14 and elsewhere, the implementation of Resolution 4557 is being phased in and will not be fully in force until February 2018 for all banks). BCB also developed guidelines for Stress Test exercises in Market, Liquidity and Credit Risk, most recently revised in 2016 and which serve as a main reference source for supervisory inspections to assess whether the FI’s internal stress tests are acting as an effective risk management tool. Deficiencies identified in the inspection can result in requirements for improvements and corrections. Additionally, there was a specific workstream in relation to the evaluation of the 2016 ICAAP reports, that cover the nine largest financial institutions in Brazil. The integrated stress tests (application of a common macroeconomic scenario to different risks) and the use of stress test as an effective risk management tool were both evaluated and the BCB has required improvements in the stress test programs. From 2017, corporate governance has been subject to assessment separately from other risks in the matrix. Formerly it was considered in the context of strategy risk. The revised evaluation covers the bank’s corporate governance structure and its effectiveness in establishing and maintaining a business, management and control environment in line with the approved culture and strategies (MSU 4.30.40.20 7.1). Risk management and internal control systems are continuously evaluated through the SRC process as well as in the context of on-site inspections. (e.g., MSU 4.30.10.50.01.01 -Credit; 4.30.10.50.02 - Treasury; 4.30.10.50.06.02 - Internal Controls at Corporate Level; 4.30.10.50.11 - Operational Risk management; 4.30.10.50.13 - Auditing Committee; and others). Please see EC8 and EC9 for findings on communication and follow-up work. Please also see CP8 for further references to stress tests. |
||||||||||||||||||||
| EC5 | The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any. | ||||||||||||||||||||
| Description and findings re EC5 | The Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension Markets (COREMEC) was established through Decree 5,685, to promote coordination and operational improvement of the federal authorities that regulate and supervise activities related to investments and savings. Together with the BCB, the COREMEC comprises the Securities and Exchange Commission (CVM), the Private Insurance Superintendence (SUSEP) and the National Complementary Pension Superintendence (PREVIC). This structure allows coordinated actions with those authorities. For more details, please see CP03. Monitoring of the financial system is carried out by the BCB, with to identify, assess and, as necessary act to mitigate emerging risks in individual banks and across the system. The information derived from the monitoring process is conveyed to the Banking Supervision Department, the Financial Stability Committee (COMEF) and the Financial Stability Report (REF). Stress testing is one of the tools specifically prescribed for the monitoring process. The stress tests run and used by the BCB assess the stability of the financial system, and focus on solvency and contagion risks. Stress tests on banks and bank conglomerates are conducted monthly, while those for credit unions and other banking institutions are conducted on an ad-hoc basis. In addition to macroeconomic projections/scenarios, data for these tests are retrieved from standardized reports by financial institutions or other sources, such as the credit information system (SCR) and other TRs. The results of the stress tests are made available to the COMEF for discussion, and also to the public in an aggregate form through the Financial Stability Report (FSR). The models and main assumptions of stress tests run by the BCB are summarized below:
In addition, contagion analysis is used by the BCB to assess how the default of one entity affects other entities in the financial system and real economy. The analysis aims at identifying systemic consequences from events such as a bank’s resolution, the bankruptcy of a large economic conglomerate, or reputational/corruption issues. The tools allow the mapping of vulnerabilities from different perspectives: interconnectedness within the financial system and in the non-financial sector, as well as interbank market, non-financial sector and unemployment contagion. One of the main improvements in systemic risk analysis since the last 2012 FSAP has been the development of a real economy network model based on data from the Brazilian Payments System so that the simulation of contagion between financial is capable of incorporating effects from the real economy. A practical example of the use of such data in contagion analysis is the assessment of the financial system’s resilience to possible default effects of the companies involved in the so-called “car wash” operation. “Car Wash Operation” is the name of an investigation by the Federal Police of Brazil that was first made public in March 2014. Initially a money laundering investigation, it has expanded to cover allegations of corruption at the state-controlled oil company Petrobras, where it is alleged that executives accepted bribes from supplier companies in return for awarding contracts at inflated prices. The BCB assessed the financial system’s resilience to possible default by the core companies important (engineering companies, contractors and economic groups to which they belong). Mapping a network of the real economy was achieved by analyzing the payments made—through the Brazilian Payment System (SPB)—to and from companies and their relevant importance to the companies’ revenues. The mapping enabled the BCB to estimate the degree of dependency each company had on each other. Using factors such as their average risk rating in the SCR and dependence on Petrobras in terms of revenue, a subgroup of vulnerable companies (from among the core companies involved in the investigation) was identified. These companies were then assumed to default, triggering a chain of subsequent defaults on other companies (based on SPB data) that were directly or indirectly reliant on them. When the company was a member of an economic group (based on data from the IRS and CVM), the analysis could be performed on the consolidated group. The exercise included a number of scenarios with very conservative assumptions, such as the default of all members of selected economic groups, and associated job losses of their employees (using data from the Ministry of Labor) should those companies collapse into insolvency. In addition, full losses were simulated in the event of default. This estimation was conservative and excluded the effect of guarantees, insurance and other forms of loss mitigation. The relationship between the real economy and the financial system was investigated by gathering data (mainly drawn from various TRs) on the full range of exposures via credits and guarantees, debentures and commercial paper, foreign debt, OTC derivatives, foreign exchange transactions, and equities, in order to measure the contagion effects in the financial system stemming from the default of those companies in the real sector (and loss of jobs of their employees). The analysis showed that despite estimated losses, the impact on banks’ capital was moderate and could be absorbed by existing regulatory capital levels. The BCB has run similar exercises to map out potential financial risk contagion effects in relation to other shocks, both hypothetical and in response to events/shocks in the real economy. The deliberations and conclusions from both COREMEC and COMEF are communicated to banks primarily through the publication of the Financial Stability Review (a twice-yearly publication of the BCB) and themes and concerns which are identified are incorporated into the targeting of the supervisory processes for the year. |
||||||||||||||||||||
| EC6 | The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk. | ||||||||||||||||||||
| Description and findings re EC6 | The BCB takes the work of the internal audit of the FI into consideration in the SRC process. In most inspections, the supervisor requests the work of the internal audit and meets with their representatives. The assessors saw documentation related to this process. The BCB may also request Internal and External Audit annual plans and the report of accompanying notes. The BCB’s objective in obtaining information from the internal audit function and evaluating it, is to better shape the scope and the depth of on-site examinations. The most comprehensive assessment of the internal audit activities in relation to the internal control system is set out in MSU 4.30.40.20.09 - Corporate Governance. This assessment is performed under the SRC process and aims to verify whether internal audit has sufficient independence, authority and resources. The internal audit function is also evaluated at the business lines level, specifically the works carried out in the control processes of the following risks: market, liquidity, operational, IT and money laundering. Any shortcomings of the internal audit are subject to required improvements notified through inspection letters. Resolution 2,554 states that internal audit is part of the internal controls system. It also states that the internal control of the financial institution must provide, among other things, ways to identify and assess internal and external factors that may adversely affect the successful achievement of the objectives of the institution. The regulation also requires continuous assessment of the various risks associated with the activities of the institution. The assessors were able to see supervisory documents in relation to the BCB’s consideration of internal audit work. |
||||||||||||||||||||
| EC7 | The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models. | ||||||||||||||||||||
| Description and findings re EC7 | Supervisors hold several meetings with representatives of the FI throughout the supervisory cycle. The new Corporate Governance assessment approach under the SRC process (MSU 4.30.40.20.09) was introduced in June 2017. Prior to this date, corporate responsibility and capacity was assessed in the context of strategy risk. The Corporate Governance assessment is a structured proceeding that includes meetings with: members of the board, senior management, Fiscal Council (a body that some institutions have in their corporate structure that is responsible for oversight of financial data and which reports directly to the shareholders—please see also CP14); partners; representatives of any minority shareholders; the members of the Audit Committee and other higher advisory committees; the CEO; the executive directors and those responsible for strategic planning, human resources and investors’ relations. The frequency of the meetings reflects several factors, such as the complexity of the governance structure of the FI or group and the supervisory priority assigned to the FI. The BCB also identifies whether the FI has independent and qualified directors on the board, also assessing the adequacy of non-executive number of board members and the ability to express their views independently of the tasks with potential conflict of interest. In addition to performance at board level, the evaluation of the performance of members of board and senior management are assessed in the context of business units, during the assessment of the specific risks and controls, in the SRC process. If the SRC process flags a need to carry out a more detailed evaluation of corporate governance, the Supervisor may perform the Corporate Governance inspection (MSU 4.30.10.50.06.01). In other words, if necessary, targeted inspections can be performed in specific areas. Regular meetings are scheduled with senior management and middle management in order to understand the strategy related to the business lines, sources of funding, Assets and Liabilities Management, Capital Management, Risk Management and Internal Control Systems among others. For those FIs that should constitute an Auditing Committee, the overall conditions of internal control system and the quality of the financial statements are discussed on a regular basis. The results of these agendas are considered by supervisors when assessing the FIs. In relation to engagement with the FIs in terms of business strategy, whenever a new bank presents its business plan or a bank makes a substantial change in their business model, DESUP evaluates its Business Plan (MSU 4.30.10.50.14) taking in account, among other elements, any deviation between the Fl’s results and its projections. Banks with whom the assessors met indicated that the BCB maintained strong contact with the institution at senior levels. In addition, the major firms noted that BCB staff maintained an almost permanent presence in the financial institution. An ancillary form of contact is through the BCB’s macroprudential function as the BCB maintains contact with the units responsible for the producing and submitting information to the BCB, and schedules meetings with market representatives to better understand market sentiment and perspectives. |
||||||||||||||||||||
| EC8 | The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary. | ||||||||||||||||||||
| Description and findings re EC8 | At the end of an inspection work, a closing meeting is held with the Fl’s management to discuss the preliminary results of the inspection. The final conclusions of the inspection are communicated to the institution by means of an Official Letter, which contains the description of the findings, which may be classified as irregularities (when there is an infringement of rules governing banking operations), accounting adjustments (usually when additional provisions are necessary) or weaknesses in the internal controls. In the absence of these types of findings, or even when they are remediated during the course of the inspection, it is not necessary to prepare an Official Letter on the result of the inspection, and it is sufficient to present the conclusions to the management of the institution in the closing meeting of the work. The BCB Letter must be addressed to the senior management, and its contents may be shared with the Board, Fiscal Council, Audit Committee and External Auditors. (MSU 4.30.30.10.01 2-c). (Please see CP14 for a further discussion of the corporate bodies, including Board and Fiscal Council.) The Official Letter must require the FI to remediate the findings or discontinue unacceptable, irregular practices. The FI has 30 days to comply with the requirements of the Official Letter. In the SRC process, any findings, particularly irregularities, control weaknesses or financial fragilities, must be communicated to the FI as soon as they are identified and assessed. The follow-up of these findings is monitored in the assessments of the relevant risks, controls or economic-financial component of the SRC. An Official Letter is also sent at the end of the supervisory cycle, after the SRC Committee (Corec) meeting, to inform the FI formally informed, of the conclusions of the evaluations performed. This communication includes the scores assigned to the risks and controls assessment and economic financial assessment modules as well as the final grade assigned to the FI. It also includes the overall conclusion of the Supervisor and the description of the strengths and weaknesses identified. Additionally, the Letter raises any irregularities, control deficiencies or economic financial weaknesses that were not previously communicated, or that were communicated but have not yet been resolved. This Letter is a confidential communication to the FI and may not be published by the institution. The delivered to the institution in a meeting with its board but if there is no board, the letter must be addressed to the executive directors. The assessors saw a number of examples of the Official Letter. As a disciplinary instrument, there is the “Term of Attendance”, which can be triggered by the results of supervisory activities, being used to summon the legal representatives of the supervised institution, and in some cases, depending on the gravity of the situation, even the controlling shareholders (for instance, insufficient capital or unsafe and unsound operating condition). As a result of this instrument, a commitment to corrective action is entered into by the managers and controllers (MSU 4.50.40 e 4.50.40.10). See also CP11. Furthermore, Supervision meets from time to time with the senior management to communicate observations, concerns, plans, etc. |
||||||||||||||||||||
| EC9 | The supervisor undertakes appropriate and timely follow-up to verify that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner. | ||||||||||||||||||||
| Description and findings re EC9 | If necessary, at the end of the on-site inspections or during the inspection process/off-site monitoring, the supervisor may demand an action plan of the institution for the correction of irregularities and deficiencies. Supervision monitors the progress of the remedial action plan. This follow-up is carried out with the support of the Supervision Memory System (SMF), which is the IT system used to record the main findings of supervisory work (irregularities, accounting adjustments and deficiencies in the internal controls). If action points are not addressed in an adequate or timely manner, procedures such a Reiteration Letter (with the escalation to the Bank’s Board), Term of Attendance (see in EC 8) or punitive administrative procedures can be applied. Depending on the gravity of the situation, the FI can be submitted to a more intensive monitoring (Watch List) with the escalation within the BCB. The assessors were able to see files that showed follow up processes that had taken place. |
||||||||||||||||||||
| EC10 | The supervisor requires banks to notify in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. | ||||||||||||||||||||
| Description and findings re EC10 | FIs are under an obligation to notify the Supervisor of the occurrence of a number of events such as changes in the structure and composition of Senior Management, Board of Directors and Audit Committee as well unusual events such as selling or acquisition of banks or business lines. Changes that require specific reporting to the BCB are set out in Resolution 3,198 (frauds, errors in financial statements and non-compliance with standards that put in risk the continuity of the audited institution), Resolution 4,557 (reasons for removal of the Chief Risk Officer) and Resolution 4,588 (appointment, designation, exoneration or dismissal of the Head of Audit Function). Changes in control and corporate reorganizations depend on BCB approval and must comply with Resolution 4122 (articles 13, 14 and 19) as discussed in CPs 6 and 7, but it is not mandatory to notify the BCB regarding negotiations to acquire or dispose of a bank until an agreement has been reached. Other notifications that must be made to the BCB include: establishment or closure of branches or subsidiaries outside of Brazil as well as direct or indirect corporate participation, in accordance with (Article 13 of Resolution 2723), the acquisition or divestment of equity interest in a company located abroad, the start or cessation of activities of a foreign subsidiary. |
||||||||||||||||||||
| EC11 | The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties. | ||||||||||||||||||||
| Description and findings re EC11 | While the BCB carries out its supervisory function using its own staff, it may require an external auditor to perform additional procedures. More specifically, Circular 3,467 grants the BCB the power to direct complementary examinations depending on its own findings in an FI. The BCB takes into consideration that any complementary examination should be required according to the professional norms that regulate the work of external auditors that are established by resolutions issued by the CFC (Brazilian Accounting Council). These engagements do not replace the legal obligations and responsibilities of the Supervisor. | ||||||||||||||||||||
| EC12 | The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action. | ||||||||||||||||||||
| Description and findings re EC12 | The Financial System Monitoring Department (DESIG) was created in 2000 as an off-site supervisory department to maintain internal databases and promote data sharing within the BCB. DESIG has a complement of over 200 staff, and is responsible, among other things, for monitoring the financial system taking a macro prudential perspective. DESIG has dedicated teams to receive, manage and process data according to BCB-wide governance principles regarding information management and together with other departments support the BCB’s internal Financial Stability Committee (COMEF), which was established in 2011, to detect and monitor systemic risk. BCB also has teams that use supervisory data to monitor specific risks (e.g. credit, liquidity, market) across the system, as well as to perform systemic risk analyses such as contagion cascades and top-down macroeconomic stress tests. This integrated assessment allows monitoring teams in BCB to assess the relevance of trends in each specific risk and to discuss them with on-site supervisors. Supervisory data and a combination of information from supervised entities and third-party providers such as TRs may point to an elevated risk in a specific institution. In such cases, DESIG interacts with on-site supervisors to ensure that they are aware of this potential risk, or to point to possible data quality issues. For example, the SIM, is an alert from DESIG to DESUP to make the supervisors aware of an issue that may require attention. The SIM system allows for the analyst in DESIG to describe the concern and explain what research may have been done to explore or resolve the anomaly so the on-site supervisor has additional information. The system also includes a signaling device to indicate when a query has been resolved. DESIG and DESUP have access to the same sets of information and monitoring tools. The assessors were able to see a number of the information system tools in action, whether the tools were to assist in consultation of a static database, or whether the tool was to assist the supervisor in running various forms of analysis, such as peer group checks over tailored periods. The system is also designed to assist the supervisors to create their own “tools.” As noted in EC2, the management information system also supports the monitoring of progress on the supervisory action plans, both at institution level and multiple levels of aggregation. Information systems specific to the supervisory function include the Supervision Memory System (SMF) and Supervision Process Automation System (APS). The SMF allows supervisors to record, systematically and in a timely manner, the history of events observed through supervisory work in institutions/conglomerates. The Automation of Supervision Processes (APS) went live in March of 2017 replacing the earlier Comment System, which still remains available for consultation by supervisors. The comments include information about institutions/ conglomerates under the supervision of BCB and inputs to the decision-making process. The APS is being further improved, however, and work is completed, it will act as the database for all supervisory work papers. At present, the APS permits supervisors to interrogate and update Fls’ risk profiles. A notable feature of data collection and use in Brazil, as stated in the “Peer Review of Brazil - Review Report” released in April 2017 (available at http://www.fsb.org/2017/04/fsb-completes-peer-review-of-brazil/), Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring.” Some factors worth observing include: • Mandatory Identification of the final beneficiary of each counterparty to a transaction. • Direct access by the relevant authorities (BCB and CVM) to transaction-level datasets from multiple asset classes. • TRs are subject to requirements assigning senior executive responsibility for data quality and strong validation checks, to help ensure data completeness and quality, and lessen time spent by the authorities on data cleansing and mapping. The BCB has invested significant resources into the analysis of TR data for identifying, measuring and monitoring systemic risk. The breadth and depth of TR data enables the BCB to undertake extensive systemic risk monitoring using a range of analytical tools, such as automated early warning indicators, contagion analysis and top-down macroeconomic stress tests. As noted in EC3, reporting data to a Trading Repository (TR) is mandatory in Brazil for most transaction types and for nearly all asset classes. In addition to financial transactions that are traded on and registered in authorized exchanges and electronic trading platforms, OTC derivative, spot foreign exchange, fixed income, and credit operation transactions must also be reported to TRs. Care is taken to assure the quality of the data as TRs operated by the BCB, such as the FX System and SCR, have automatic validation procedures that check the consistency of the data. The information is also compared to data from the Internal Revenue Service (IRS), Ministry of Development, Industry and Foreign Trade, and the National Social Security Institute. Similarly, the External Funding System, which tracks all financial institutions’ funding operations, contains automated data checking routines. The authorities use TR data for a wide range of purposes, including supervision and oversight of market participants, calibration and impact studies of regulatory policies; and for issues related to the supervision of conduct, such as market abuse and suitability; oversight and supervision of trading venues and financial market infrastructure; and monitoring of financial markets. Users access the data through the Financial System Monitoring’s panel. All historical data for stock exchanges and clearing houses is kept at a transaction level. |
||||||||||||||||||||
| AC1 | The supervisor has a framework for periodic independent review, for example by an internal audit function or third-party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. | ||||||||||||||||||||
| Description and findings re AC1 | As provided in the Internal Rules of the BCB (Article 39, items I and IV Decree 84,287, as amended by Decree 92,743) the Internal Audit of the BCB (Audit) is required carry out audits, ensuring compliance with the established goals and objectives of the BCB, as well as providing guidance to the Board. More specifically, the Internal Audit is required to examine the processes that are intended to deliver the missions of the BCB one of which is “to ensure a solid and efficient financial system”. Audit thus examines the functions related to: financial stability, regulation, licensing activities, on-site and off-site supervision, conduct and banking resolution. Like Supervision, the Internal Auditing annual plan has also a risk based approach which assures that all auditable processes of supervision are performed every five years. The internal audit also considers governance issues as well as internal control and risk management and, when necessary, requires improvements on the governance of the supervisory function. For example, the 2017 audit plan included one engagement on on-site supervision, and two in off-site supervision. The work in off-site supervision focused on the methodology used in the top-down stress tests. There are external examinations also. The Federal Court of Accounts (TCU) performed an audit (Acórdão 395 - 2015) focused in the governance of the supervision function. |
||||||||||||||||||||
| Assessment of Principle 9 | Compliant | ||||||||||||||||||||
| Comments | As the FSB has noted “Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring” (April 2017). This monitoring has been used in support of financial stability at system level and also at individual institution level. The BCB has very clearly expended considerable efforts in mobilizing an extremely wide range of primary transaction data—credit register and trade repositories for example–to support the activity of the on and offsite supervisors in the area of contagion risk most particularly. The BCB has a well thought out supervisory strategy to enable it to target, management and monitor its supervisory processes. Supervisory planning is a proactive process, taking into account a range of sources, from the idiosyncratic needs of an institution to wider macro concerns, identified through COMEF or COREMEC. The supervisory manual provides a clear guide to support both quantitative and qualitative tasks. |
||||||||||||||||||||
| Principle 10 | Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns12 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The supervisor has the power13 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk. | ||||||||||||||||||||
| Description and findings re EC1 | As discussed (e.g. in CP1) the BCB has extensive information gathering powers. Some of the information gathered by the BCB is on a consolidated basis (using the concept of prudential conglomerate). Some information—e.g. financial statements—is required on an individual entity level. FIs are required to provide data or reports deemed necessary by the BCB to perform its duties under the Banking Law (Law 4,595). Further, Resolution 4280 establishes the Prudential Conglomerate Financial Statement, requiring credit related operations to be consolidated for any participation, direct or indirect, on entities that perform credit related operations or have provisions at their bylaws to do so. For consolidation purposes, BCB can determine the inclusion or exclusion of entities (Articles 8° and 9°). Resolution 4,193 requires the exposure of affiliates and of equity investments in FIs, domestically and abroad, to be included in the calculation for minimum total capital. Circular 3,764 empowers supervision with the authority to request information as needed, on non-specified dates. As a result, the BCB can request and receive information whenever deemed necessary. Circulars typically include the requirement for institutions to maintain their records for the disposal of the BCB, for up to five years as from publication (e.g. Article 85 of Circular 3467). The Supervision Department also has the authority (under Resolution 2723) to request information relating to nonfinancial companies (insurance, pension funds) from their financial controlling shareholder. Resolution 4192 defines the methodology for the calculation of regulatory capital and the eligible capital instruments. Information collected by the BCB can be classified as:
Additionally, as discussed particularly in CP9, the BCB receives information from Trade Repositories and clearing entities. Finally, the BCB uses meetings with FI’s senior management to obtain a better understanding of strategies and plans which assists in interpreting prudential data that is received through the year. Such meetings also provide an opportunity for the BCB to challenge the FI’s assumptions underpinning its business strategy. The following information is captured on a consolidated basis:
There is a specific procedure in the Special Examination - Internal Control (targeted examination) in order to evaluate the institution’s performance in providing regulatory reports and its compliance with other demands from the BCB. |
||||||||||||||||||||
| EC2 | The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally. | ||||||||||||||||||||
| Description and findings re EC2 | The BCB establishes the accounting standards that must be followed by supervised institutions. The accounting standards supervised institutions must use are defined in the Accounting Plan of National Financial System Institutions (Cosif), (Circular 1,273) which is consistent with the Fundamental Principles and the accounting standards issued by the CFC, the Federal Accounting Council, and which is endorsed by the CMN. Cosif is the basic mandatory chart of accounts, first established in December 1987 and continuously updated. Other mandatory charts have been created as necessary. Cosif aggregates all the regulations issued by the CMN/BCB related to accounting and audit procedures, such as: standards of accounts, accounting documents, for individual firms and for conglomerates, requirements for publishing and of submitting this information to the BCB, and IFRS statements that have been incorporated to Cosif. The accounting rules for the financial system follow the general accepted accounting principles of the country and are aligned with international accounting standards, in particular, IFRS from the IASB. In terms of consolidated financial statements, Resolution 3,786 requires FIs listed as public companies or those required to establish an Audit Committee, set out and annually disclose consolidated financial statements based on international accounting standards issued by the International Accounting Standards Board (IASB) as of December 31, 2010. The BCB is the course of implementing a strategic project called “Reduction of Asymmetries” in order to harmonize the national accounting standards and lnternational Financial Reporting Standards (IFRS), on a solo basis. The project is longstanding and has been working through the IAS standards. For examples IAS 16, 21 and 38 have been completed and work is currently focused on implementing IFRS9. Accounting statements are required to include specific notes on assets and liabilities, profits and losses, capital adequacy, liquidity, large exposures and risk concentration. Additional or complementary information can be requested, encompassing off balance sheet assets and liabilities, which are part of Cosif. In terms of prudential reporting, the templates and instructions to institutions are public (they can, for example, be accessed by an internet search engine) and when new reporting requirements are introduced, there is a consultative process with the industry. The accounting standards that apply to the different reports are as follows
|
||||||||||||||||||||
| EC3 | The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. | ||||||||||||||||||||
| Description and findings re EC3 | General rules of accounting valuation are described in the Cosif. Specific regulations deal with the procedures of marking to market, such as Circular 3,068 (securities - which requires securities for trading, or available for sale must be marked to market), Circular 3,082 (derivatives) and Resolution 4,277 (prudential adjustments which includes the requirement for institutions to be able to prove the independence between the verification and pricing procedures). Regulatory reports, such as the daily monitoring market risk report (DDR), market risk report - positions on trading book and banking book allocated at vertices (DRM) and liquidity risk balance sheet (DRL) are important tools to understand the risk profile and risk trends on banks and segments of operation and constitute important subsidies to help define the supervision program and the scope of analyses. Discrepancies between asset positions in certain instruments and the values reported in the financial statements are flagged for investigation with the institutions. Each year, different banks are subject to reviews on their portfolios conducted by specialized teams (risk-focused teams) together with members of the on-site team focused on the firm. These reviews check not only consistency of valuation of products and methodologies but adequacy of accounting practices and registration are verified. Some examples of these examinations are:
There are also several procedures set out in the Supervision Manual, including frequency and sources of information to be used, to ensure an indirect verification of the quality of the accounting policies and asset pricing. Some examples of the procedures are:
Regular meetings with external auditors are regarded as an important part of the Risks and Controls System (SRC). The coverage, rotation of scope and depth of the analyses is checked and it represents an auxiliary, but very important, tool to assure that the valuation framework is adequate. There are also horizontal reviews where the same scope is performed by specialized teams in different banks to get insights about new products and valuation practices and to understand discrepancies and the reliability of methodologies. |
||||||||||||||||||||
| EC4 | The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank. | ||||||||||||||||||||
| Description and findings re EC4 | Required reporting submissions and deadlines to be followed by FIs are set out in Circular 3764. FIs which are the parent institution of a conglomerate are required to submit a consolidated financial statement, from the financial group and from the prudential conglomerate (ie the grouping that aggregates entities that carries credit risk). Information on exposures to market risk is collected daily and monthly. In addition, daily reports of transactions recorded in clearinghouses are collected and used for specific analyses of market risk and also in the monthly reconciliation of the information provided by FIs. Information related to liquidity risk is received every day from Clearings and Custody entities and monthly from FIs, as well as balance sheets and the Liquidity Risk Statement (DRL). Credit transaction information is reported monthly by means of the Credit Information System (SCR). For institutions on the watch list, special monitoring can be required to supplement regular reporting. Please also see EC1 above. |
||||||||||||||||||||
| EC5 | In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). | ||||||||||||||||||||
| Description and findings re EC5 | Cosif is the main instrument for collecting financial information from the universe of regulated entities. Cosif is a standard accounting plan, applicable to all entities, where accounting records are expected to comply with a set of accounting procedures and criteria. The scope, valuation methodology, frequency of reporting, and recipients of information are clearly defined in this standard accounting plan. There are consistent reporting dates for all FIs. Comparisons between banks and banking groups (i.e. the financial conglomerate versus the prudential conglomerate) are important elements of the continuous monitoring system. The BCB uses an early warning system (EWS) which generates automatic alerts for variations in various indicators and ratios. Some of the tolerance levels might be as low as 5 percent. The EWS are evaluated by an analyst who decides whether it should be sent as an early warning to the Supervision Department. Improvements to the accounting plan (COSIF) are made for a range of reasons, such as: Financial innovation, new regulation, new accounting standards or principles and demands from users of the information. For instance, new accounting registers can be created to provide a more granular view on exposures on different products or lines of business, to allow reconciliation with balances of position in Clearing Houses, to improve indicators and ratios that support supervision, etc. |
||||||||||||||||||||
| EC6 | The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information. | ||||||||||||||||||||
| Description and findings re EC6 | There are disclosure requirements for transactions and outstanding balances with related parties, who do not meet the criteria for consolidation as established in Resolution 4280. Please also see EC1. | ||||||||||||||||||||
| EC7 | The supervisor has the power to access all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required. | ||||||||||||||||||||
| Description and findings re EC7 | The BCB has full powers to access bank records and information. Please also see EC 1. The Banking Law requires FIs to provide the data or reports deemed necessary by the BCB to perform its duties. Notably, article 10 of Resolution 4280 establishes that FIs must ensure to the BCB full and unrestricted access to all information deemed necessary for a proper evaluation of assets, liabilities and risks incurred. This obligation extends to all entities consolidated in the prudential conglomerate, independently of its operational activity. There are specific regulations establishing that contracts signed between the institution(s) IT service providers (Resolution 4557), and external auditors (Resolution 3198) must have specific language authorizing the BCB full access, at any time, to the work performed therein. The BCB indicated that they have made use of these powers of access. Supervisors have periodic meetings with the board of directors, at least at the end of the supervision cycle, when conclusions from the SRC are delivered and, at least annually, depending on relevance of the bank, with the Executive Committee. Minutes of meetings of relevant committees, including the board of directors, are required to be sent to the supervisor as part of the supervisory process. |
||||||||||||||||||||
| EC8 | The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended. | ||||||||||||||||||||
| Description and findings re EC8 | The BCB has a wide complement of disciplinary powers as discussed in CP11. Specifically, with respect to reporting, Circular 1273 (item 21.2.11), establishes that the accounting director is ultimately responsible for the elaboration and delivery, at due date, of the accounting documents. Failure to provide or providing incorrect information, in violation of the terms and conditions established by the laws and regulations, subjects the FIs as well as their administrators to penalties (Resolution 3883 and Resolution 1065). Failure to comply within the deadline granted for clarification of the information provided or for certain procedures is considered an incorrect supply of information or non-observance of procedures. Most norms designate a director responsible for supplying information, for example:
The BCB has regular contact with the institutions regarding the reporting submissions and may apply remedial action if needed. |
||||||||||||||||||||
| EC9 | The supervisor utilises policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts. | ||||||||||||||||||||
| Description and findings re EC9 | The BCB has processes in place for the continuous verification of the validity and integrity of the information provided by institutions. A large part of the validation is carried out at the moment of delivery, through internal consistency tests and validation rules. As a result, the institution may be asked to confirm data or even to modify the submitted document. The data and integrity process performed by the BCB has multiple stages. Submissions are rejected by the BCB if they fail the XSD validation test. The reports, if successfully submitted, are documented in a centralised registry and timeliness of reporting is checked. At this stage, validation checks on the data content is performed including whether the data adheres to legislation, has internal consistency and also demonstrates consistency with external data sources. Further validations are performed against internal BCB databases and errors and inconsistencies will lead to warnings to the financial institution as well as requirements for re-submission. Once data has passed the validity checks, the BCB continues validation against external databases, such clearing houses or government agencies (Social Security Institute and Ministry of Labor, among others). Hence, for example, the BCB would cross-check information received on vehicle financing contracts against the national vehicle lien database (Sistema Nacional de Gravames - SNG) to ensure the bank has a lien on the vehicle, and also to check the balance of the loan against the vehicle’s market value (loan to value). The BCB also validates the data received in its supervisory inspections. As an example, there is a special examination focused on verifying the Integrity and quality of periodic regulatory information. The examination will scrutinise the efficiency of systems and controls used to assure the reliability and integrity of information used to prepare the regulatory reports. The assessors discussed with the BCB, the use of consistency checks, internal and external cross checks, and sequences of validation of information that are made. |
||||||||||||||||||||
| EC10 | The supervisor clearly defines and documents the roles and responsibilities of external experts, including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations. | ||||||||||||||||||||
| Description and findings re EC10 | When performing supervisory activities, the BCB only uses in-house experts. In certain situations, the BCB may require the external auditor to perform additional procedures or assurance engagements. However, these engagements do not replace the legal obligations and responsibilities of the Supervisor. Certain resolutions and circulars establish the requirement for the independent auditor to carry out a report on a specific aspect of the financial institution. For example, Art. 12 of Resolution 2682 on classification criteria. | ||||||||||||||||||||
| EC11 | The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes. | ||||||||||||||||||||
| Description and findings re EC11 | The BCB stated that it is routine to require an external expert to bring matters promptly to its attention should the expert undertake any work for supervisory purposes. | ||||||||||||||||||||
| EC12 | The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. | ||||||||||||||||||||
| Description and findings re EC12 | The BCB operates a governance process covering all its information gathering so that new reporting requirements are scrutinised as is the continuing need for exiting data reporting. The governance process is wider than supervision and all departments are represented. As noted above, the BCB requires FIs to submit internal management reports and there is an annual process to identify which reports may be of interest to the supervisory process, before the formal request, containing the list of reports that must be submitted, is sent to the bank, together with the schedule of its remittance. In 2017, a task force with members from the supervision and monitoring departments has been established to review the framework of alerts or “monitored situations.” A monitored situation is a predefined event that can be a ratio, a variable, a trend or an accounting position that could be a matter of concern or be an important indicator for the supervision. The idea of this work is to assess whether the metric is still useful, and is still used, in the supervision process. The review work will address “What, Why, Whom, How and with what frequency” a situation is monitored. |
||||||||||||||||||||
| Assessment re Principle 10 | Compliant | ||||||||||||||||||||
| Comments | The BCB obtains a very wide range of data from the supervised entities and both the on-site (DESUP) and offsite (DESIG) departments have access to a suite of analytical tools and resources to scrutinize the data and carry out comparative studies and investigations. The assessors were able to see a number of these tools in operation. Although this principle is marked compliant, there are, however, some gaps in the BCB approach as the principle asks the supervisor to obtain and analyze information from banks on both a solo and a consolidated basis. While the BCB obtains some data on an individual bank level, it does not require a full range of prudential information on a solo basis. This specific topic is graded in CP12 on consolidated supervision. In any case, without clear knowledge of the solo bank it is not possible to determine, for example, if it continues to meet its conditions for authorization on an ongoing basis, or may be unduly reliant on other parts of the conglomerate for support. It is clear that the in view of the extensive data bases and analytic capability of the BCB, the supervisors are able to cross check returns submitted by conglomerates and even to recreate prudential returns that are not submitted, such as large exposures for the conglomerates by aggregating the exposures of the entities within the conglomerate from the registries and repositories. At the time of the FSAP, the assessors were not aware of any other supervisory authority with such capability. Nevertheless, although the BCB is encouraged strongly to maintain its existing data requirements it is equally strongly recommended to add to them by ensuring all banks also submit solo prudential returns covering all the standard prudential data such as large exposures, related party exposure, problem assets. This requirement would signal an important onus on the financial institutions that they are responsible for monitoring and managing these prudential and risk dimensions. The financial institutions must be under the discipline and obligation to bring information proactively to the BCB rather than rely on the BCB to cross check and, by any other name, act as a supplementary risk management function for the bank. |
||||||||||||||||||||
| Principle 11 | Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified. | ||||||||||||||||||||
| Description and findings re EC1 | The legal backdrop to the BCB’s corrective action is also discussed in CP1 EC6. In summary, the BCB has the following enforcement powers: corrective; prudential (preventive measures); sanctioning; and intervention or resolution or liquidation. The Banking Law establishes that the BCB is responsible for banking surveillance, with competence to identify and require corrective action for violations and unsafe and unsound banking practices, including inadequate risk management and internal control deficiencies. Resolution 4019 establishes a set of preventive enforcement measures the BCB may use, but more importantly the Resolution permitted the BCB to require correction based on judgmental views on the adequacy of internal controls, and corporate governance rather than having to wait until the bank condition had deteriorated before being able to require corrective action. The BCB’s power to apply “temporary special administration”, “intervention” and “extrajudicial liquidation” regimes are prescribed, respectively, in the following instruments: Law 6,024, Decree-Law 2,321 and Law 9,447. From the period of June to October 2017, formal sanctioning could be exercised through an instrument called the “Sanctioning Administrative Process” which was regulated by Provisional Measure 784. As mentioned elsewhere (eg CP1), the Provisional Measure lapsed before it was confirmed and it needs to be replaced by an Ordinary Law which was still pending at the time of the assessment. The elements that were included in the Provisional Measure and are expected under the Ordinary Law prescribe the penalties applicable: (i) public reprimand; (ii) fines; (iii) prohibition to engage in certain activities or to provide certain services; (iv) temporary disqualification or suspension from holding executive positions and (v) revocation of the banking license. In discussion, the BCB officials pointed out that the suspension can be from three to twenty years and if the individual were to apply for an executive position in another institution after the suspension there would still need to be a consideration of the fit and proper principles. The improvements for supervisory action and effective sanctioning processes by the BCB were in the end replaced in mid-November—during the BCP assessment—following the passage of the new Ordinary Law 13,506. The text approved is essentially the same as the lapsed Provisional Measure no. 784. The key differences are:
In terms of supervisory practice, however, whenever the findings of the supervisory process identify only minor deficiencies, the BCB communicates its concerns and required corrections are an “inspection letter” sent to the financial institution. The assessors saw examples of these letters. In more severe cases, the supervisory staff summons the managers and the controlling shareholders of the financial institution through an “attendance order”. The objective is to discuss the problems and the possible solutions, and also to define a deadline for the institution to present a corrective action plan. This plan and its timeline must be approved and followed-up by the BCB. When carrying out its duties, the supervisory staff may directly contact any unit or employee of the financial institution. When a bank has been placed under enforcement or corrective action requirements, the BCB may place the institution on a watch list and subject it to increased monitoring. The main features of this monitoring are: (i) checking that the FI meets the corrective action deadlines; (ii) implementing a plan to regularize the institution; (iii) the monitoring carried out by the independent auditor and timely reporting. The assessors were able to review files recording instances where the BCB employed some of the enforcement tools provided by Resolution 4019: acting in advance, imposing dividend restrictions and requiring managers to restore the institution’s liquidity levels. As discussed also in CP2 EC4, decision-making authority varies according to the measure that is being taken. Summoning, or Attendance Orders, for instance, require at least the approval of a Head of Division, whereas the imposition of penalties in a sanctioning administrative process is decided by the Head of Sanctioning Proceedings Department or by the Deputy Governor for Financial System Organization and Resolution. Decision making powers and processes will be amended as necessary following the passage of Ordinary Law. |
||||||||||||||||||||
| EC2 | The supervisor has available an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened. | ||||||||||||||||||||
| Description and findings re EC2 | The BCB may apply the following measures: (i) additional controls and procedures; (ii) reduction of the risk of exposures; iii) increase of minimum capital levels; (iv) more restrictive operational limits; (v) increase of liquidity level; (vii) restriction on the managers’ compensation as well as on dividend distribution to shareholders; (vii) restriction on operations, acquisitions and opening of new branches; (viii) sale of assets. These measures can be applied in any sequence and combination, so the BCB has the flexibility to respond to the circumstances of each individual case. Faced with severe and continuous breaches, inconsistency in information submitted, or FX exceptions, the BCB may impose the penalties established by the Banking Law and by Law 9613. In extreme cases, such as a severe impairment of assets or a continuous breach of regulation by a bank, and where the bank cannot remedy its deficiencies, the BCB can adopt resolution tools and impose “intervention”, “extrajudicial liquidation” or “temporary special administration” (Law 6024, Decree-law 2321, and Law 9447). |
||||||||||||||||||||
| EC3 | The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios. | ||||||||||||||||||||
| Description and findings re EC3 | Resolution 4019 provides the BCB with a set of preventive prudential measures to use if a bank’s stability and soundness is at risk. As discussed in EC 1, the BCB is not required to wait until an FI has deteriorated before it can act. As mentioned in EC2, Resolution 4019 (Article 2), grants the BCB power to require supplementary regulatory capital as a preventive measure, as well as imposing restrictions on current or new activities, on acquisitions and on payments to shareholders to protect the Fl’s resources and its regulatory limits. Breaching a regulatory limit triggers the BCB’s powers. The BCB’s data systems which monitor breaches of and variations in operational limits triggers alerts which are investigated and letters issued to institutions in the first instance. The powers permit the BCB to design and impose timely and graduated remedial actions. These actions may be carried out through rehabilitation measures or, ultimately, by intervention, closure and liquidation, allowing the supervisor to effectively deal with a troubled bank and to take timely corrective measures when needed. |
||||||||||||||||||||
| EC4 | The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in EC 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements; withholding approval of new activities or acquisitions; restricting or suspending payments to shareholders or share repurchases; restricting asset transfers; barring individuals from the banking sector; replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank; and revoking or recommending the revocation of the banking license. | ||||||||||||||||||||
| Description and findings re EC4 | As already stated, according to Resolution 4019, the BCB may require banks to allocate supplementary amounts of regulatory capital as a preventive measure. The BCB may also impose a restriction on current or new activities, on acquisitions and on payments to shareholders as preventive measures. The BCB recently revised and implemented a methodology to aid the requirement of supplementary capital based on its Risk and Control Assessment System - SRC and is also in the process of implementing another one based on Pillar 2 specifically applicable to the largest banks. As part of the recent refreshing of the supervisory process, banks scoring one of the 3 lowest supervisory ratings (on a scale of 10 grades) are automatically subject to an Attendance Order so that management is required to discuss deficiencies and concrete plans to remedy or resolve the situation. Banks scoring the 4th worst grading are put on a watch list and are subject to heightened monitoring. The BCB uses the following supervisory tools, dependent on the severity of the situation, and reflecting whether or not there has been an accumulation of risks and concerns.
As also described in EC1, the Provisional Measure 784 of 2017, now replaced by Law 13,506, provided the BCB with powers of disqualification, revocation of license and prohibition of certain activities. These powers are expected to be confirmed by the forthcoming Ordinary Law. In addition, in severe cases, resolution measures may be triggered, if proposed by the supervisory staff, approved by the BCB’s Board of Directors and a set out in a decree issued by the BCB’s Governor: (i) Actions by controlling shareholders in order to resolve problems in relation to capitalization, transfer of control, merger or other restructuring processes; (ii) Adoption of a temporary special administration regime conducted on a “going concern” basis and carried out by an Executive Board appointed by the BCB; (iii) Adoption of an intervention regime conducted on a “going concern” basis and carried out by an intervener appointed by the BCB; (iv) Adoption of an extrajudicial liquidation regime, conducted on a “gone concern” basis and carried out by a liquidating agent appointed by the BCB. The Department of Resolution Regimes is responsible for conducting the resolution regime. |
||||||||||||||||||||
| EC5 | The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein. | ||||||||||||||||||||
| Description and findings re EC5 | Provisional Measure 784 (in force June to October 2017) extended penalties and sanctions to managers, directors and auditors and the new Law 13, 506 confirms these powers. Nevertheless, even without the Provisional Measure, in case of liquidation, the assets of controlling owners, directors and management can be frozen. The BCB may also propose to the National Monetary Council (CMN) to have the assets of the members of the audit committee frozen, among others (Article 36 of Law 6024). The seized property, following due court process, is made available for the payment of creditors in the event of bankruptcy (Articles 41 and 45 of Law 6024). Law 9613 sets administrative penalties for financial institutions and their managers covering noncompliance with obligations regarding client’s identification, record keeping and communication of financial operations. Law 4131 also sets administrative penalties and fines related to foreign exchange operations, applying to individuals and the firm itself. In the event a resolution regime is imposed on the institution, it is mandatory for the BCB to conduct an inquiry to assess whether individual members of management and the Board were ultimately responsible for the insolvency of the financial institution. The BCB’s conclusions are then used by the Judiciary Branch to recover amounts from managers and board members and apply them towards the reimbursement of creditors or of the institution; and, if applicable, impose criminal sanctions. If there are no losses to creditors, there is no obligation to forward the dossier to the Judiciary, but if a dossier is forwarded, the BCB sets out its view on why the losses were caused. The BCB noted that absent willful misconduct, a case was unlikely to proceed. |
||||||||||||||||||||
| EC6 | The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures, and other related entities in matters that could impair the safety and soundness of the bank or the banking system. | ||||||||||||||||||||
| Description and findings re EC6 | Possible risks that the activities of holding companies and their affiliates (including non-consolidated affiliates) may bring to the safety and soundness of a bank or banking conglomerate are assessed in the SRC methodology (as described in CP12 EC1), through the Contagion Risk Module. In addition, contagion analysis is used by the BCB to assess how the default of one entity affects other entities in the financial system and real economy. For more details, please see CP09 EC5). The Resolution 4280 defines the concept of Prudential Conglomerate and establishes that BCB may determine the inclusion or exclusion of entities in order to have a better representation of qualitative and quantitative aspects of the conglomerates. The power to take corrective actions in order to prevent safety and soundness of the bank and the banking system that arises from contagion risk is established by the Resolution 4019. The BCB may determine the following preventive prudential measures: (ii) reduction of the risk of exposures; iii) increase of minimum capital levels; (iv) adoption of more restrictive operational limits; (v) increase of liquidity level; (vii) restriction on payments to shareholders; viii) restriction on operations, new activities and acquisitions (ix) sale of assets. Additionally, according article 34 of Banking Law, prior to the amendments of Law 13, 506, the BCB forbade loans to certain related parties and the BCB did not approve nor authorize operations considered inappropriate among related parties. Now that Law 13,506 is in place, loans to certain related parties are forbidden if undertaken on more favorable terms than corresponding transactions with unrelated counterparties. Please also see CP21. |
||||||||||||||||||||
| EC7 | The supervisor cooperates and collaborates with relevant authorities in deciding when and how to affect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). | ||||||||||||||||||||
| Description and findings re EC7 | As the BCB is both the supervisor and the resolution authority, most of the decisions are made inside the same organizational body, allowing responsibilities and decisions to be centralized and due action to be taken promptly. Regarding cooperation with foreign authorities, the BCB participates in the Crisis Management Group of Banco Santander, alongside Bank of England and Banco de España. Please see CP13 EC6. |
||||||||||||||||||||
| AC1 | Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions. | ||||||||||||||||||||
| Description and findings re AC1 | Financial supervisors are federal public servants in Brazil and, as such, must follow a strict standard of conduct provided for in federal statutes (Law 8,112, Law 8,429, Criminal Code etc.). The breach of their legal duties must give rise to criminal and administrative sanctions, as follows:
Finally, depending on the severity of the situation, a federal civil servant could also be prosecuted for breaching the Statute of Administrative Dishonesty (Law 8,429) which would give rise to the following sanctions: suspension of political rights, loss of public function, prohibition to transfer personal property and reimbursement to the Public Treasury. |
||||||||||||||||||||
| AC2 | When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them. | ||||||||||||||||||||
| Description and findings re AC2 | The BCB has agreements with CVM, Previc and Susep covering the exchange of confidential information and the coordination of activities involving common interests. The agreements prescribe the communication to all mentioned entities of formal corrective actions taken in relation to a financial institution. |
||||||||||||||||||||
| Assessment re Principle 11 | Largely Compliant | ||||||||||||||||||||
| Comments | The BCB has a wide range of powers and tools to impose corrective and remedial measures. Just prior to the assessment, a Provisional Measure (784) which provided the BCB with greater flexibility to tailor the supervisory action to the specific concern as well as to expedite its processes, which is critical for supervisory authorities, had lapsed and the BCB was waiting for new legislation to pass in order to regain these powers. In the period between the lapse of the Provisional Measure and the enforcement of the new law, the BCB retained its core powers to act. In fact, passage of legislation that replaced the lapsed Provisional Measure took place midway through the BCP assessment. On November 13th, 2017, the president of Brazil sanctioned Law no. 13,506. The BCB issued Circular 3,857 on 14th November which complements the law and provides for the rite of the administrative sanctioning process, the application of penalties, the term of commitment, the precautionary measures, the coercive fine and the administrative agreement in the supervision process. Based on the assessors’ review of materials, the BCB is attentive to real or potential deterioration in the condition and governance of an institution and is ready to use available tools to act at an early stage as well as to escalate its actions as needed. The overall timescales of process are a possible concern, however. A reason for slow process may have been the lack of nuance of escalation in instruments that the lapsed Provisional Measure had briefly supplied. The passage of replacement legislation is extremely welcome, albeit there is no opportunity for the BCB to demonstrate track record for the purposes of the current assessment. The grading of this CP also addresses remedial actions that are discussed in the summary comments to CP29 which relates to supervisory action in the field of AML/CFT. |
||||||||||||||||||||
| Principle 12 | Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.15 | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system. | ||||||||||||||||||||
| Description and findings re EC1 | The focus of the BCB’s supervisory practice is primarily, if not exclusively, on the Prudential Conglomerate (PC) This concept, defined in Resolution 4280 and comprises not only financial entities that are directly controlled by the authorized bank, but also entities in the wider group and does not rely on an ownership link. Hence, for example, two financial institutions that are both fully owned by the same foreign parent can be considered to be a prudential conglomerate, although they are sister entities with no ownership or control link between them. This approach has been adopted not least to probe the business management structures deployed by more complex groups and to ensure relevant entities are captured in the prudential conglomerate. There is also the concept of “financial conglomerate” which, unlike the prudential conglomerate, depends on control/ownership relationships. Neither the prudential nor the financial conglomerate would include insurance companies, although the concept of “economic conglomerate” does include all ownership relationships, even for non-financial entities. The concept of economic conglomerate is no longer used in the supervisory approach, but information is obtained, periodically, on the financial conglomerate. (Please see CP10) As described in CP8, the BCB’s SRC methodology for supervision is predicated on analyzing the relevant business activities within the prudential conglomerate. The following aspects of the SRC methodology assist the BCB in understanding the banking group, and any wider group of which it is a part. The identification of the significant activities and functional activities under ARC (risk and controls assessment) is based on criteria such as potential impact on capital and profits and includes non-banking activities not supervised by the BCB. Contagion Risk, which is one of the risks in the methodology (i.e. risk and control group) is defined as the potential for losses to the entities belonging to the Prudential Conglomerate (PC), including the parent bank, arising from their relationship with:
Stress tests associated with contagion assessment are conducted in order to verify the systemic risk and the financial institution’s soundness. The solvency and liquidity of banks are evaluated taking into account adverse scenarios for the macroeconomy, delinquency rate, market risk and confidence. Please also see EC5 CP9. Another of the SRC risk and control groups addresses Reputational Risk. The use of a common logo or brand by non-financial companies (which may or may not be part of the PC) represents a reputational risk factor. Likewise, different brands that are recognized by the market as related to the bank or banking conglomerate is also a risk factor. In terms of scope of consolidation, funds must be consolidated if there is evidence off substantial risk assumption on behalf of the fund. The funds industry is equivalent to 50.1 percent of the banking system’s total assets and is monitored with respect to liquidity demands arising and the possibility of support from the banks (step-in risk). Brazil’s regulatory framework also establishes prudential adjustments for significant investments in the capital of banking, financial and insurance entities and investments in institutions whose information is not available to supervision. Investment in funds whose composition are not known receive a risk weight of 1,250 percent in the risk weight capital calculation and which is equivalent to a deduction from capital. Cross-border activities are monitored and communication with home/host supervisors is maintained, through cross-border inspections, supervisory colleges and bilateral relationships. The assessors were able to see examples of such communications. The supervision of cross border Agencies, Branches and Subsidiaries follows the guidelines “Supervision of Units Abroad – Orientation”, which defines two different approaches: Type 1 for significant units and Type 2 for non-significant units. Type 1 Approach:
For non-significant cross border establishments—the Type 2 Approach—the approach is more discretionary and supervisor can use some or all of the Type 1 procedures if the establishment represents a potential or material risk to the bank or banking conglomerate. The BCB maintains detailed information and organizational charts on all conglomerates (i.e. groups), including cross-border operations. The information is held in the BCB’s information systems and at the time of the mission further improvements were being developed to make supervisory access to group structures even more accessible. |
||||||||||||||||||||
| EC2 | The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. | ||||||||||||||||||||
| Description and findings re EC2 | The regulatory framework that is applied in Consolidated Supervision is set out in the circulars and resolutions below and the supervisory methodology is applied on a consolidated basis and covered in CP8:
(*) Will be replaced by Resolution 4,557/2017 by the end of February 2018; for D-SIBs, by the end of August 2017. The following information is captured on a consolidated basis:
The following solo information is captured:
Moreover, banks subject to the internal capital adequacy assessment process (ICAAP), according to Resolution 3988 and Circular 3547, must assess their overall capital sufficiency to cover all risks, including strategic, reputational and stress scenarios. The ICAAP is differentiated between SIFIs and smaller banks who are not expected to meet a fully articulated standard. The BCB monitors capital adequacy on a consolidated basis the supervisory process involves (as discussed in CP8 and 9) early warning indicators, alerts on significant variations, monitoring reports, and simulations. In the ANEF process capital adequacy is assessed in relation to the nature and extent of the exposures held by banks or banking conglomerates, as well as the administration’s ability to manage such exposures. The assessors saw several examples of such analysis. Disclosure is on a consolidated basis (Circular 3,678), requiring information on conglomerates’ composition, financial statements, regulatory framework, and credit exposure segregated by economic sector, country, geographic region, economic sectors, remaining maturity, delinquency and other, securitization, equity holdings, etc. The various prudential risk components are examined and evaluated on the basis of the prudential conglomerate. For example: In 2016, the BCB launched a procedure to monitor large and problematic exposures to credit risk in DSIBS. The approach was designed to incentivize prudent credit risk management in conglomerates and is described in the guidelines “Orientation for Monitoring Large Exposures to Credit Risk”. For more information, please refer to CP16. Exposure/concentration limits and risk diversification are monitored on a consolidated basis, based on the aggregation of individual information provided by the SCR and the market infrastructure institutions (trade registers). Brazilian regulations limits conglomerates’ large exposures through Resolution 2,844. (Please see also CP19) For related party requirements please see CP20. Liquidity monitoring includes daily and monthly information from trade repositories and financial institutions and aims to provide timely assessment about capital flows and dynamics. For more information, please refer to the CP24. Supervisory examination guidance focuses on the conglomerate dimension - e.g. compliance with internal and regulatory concentration limits and may be found, for example: Credit Risk Management (MSU 4.30.10.50.01.01), Treasury Operations (MSU 4.30.10.50.02) and Operational Risk Management (4.30.10.50.11). A notable aspect of the BCB approach to group supervision is its evaluation of Contagion Risk in the SRC methodology. This evaluation considers the type of relationship between the entities belonging to the PC and other related parties. When transactions between these entities exist, the Supervisor must evaluate the relevance of the exposures in terms of potential impact on the capital and the profits of the PC. Besides that, some aspects of those transactions must be analyzed, such as the independence between the entities and the pricing criteria (market reference), in order to avoid losses to the PC arising from conflicts of interest that may distort the prices. If necessary, the BCB may impose prudential actions on banks or banking conglomerates in order to limit risk exposure (Resolution 4019). That power can be used upon domestic institutions or Brazilian subsidiaries of foreign banks or banking conglomerates. The power includes the ability restrict the opening of new branches or to undertake new operations as well as the requirement for asset disposal, among other measures. Please also see CP11. |
||||||||||||||||||||
| EC3 | The supervisor reviews whether management oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations. | ||||||||||||||||||||
| Description and findings re EC3 | Depending on the significance of the cross-border establishments, the SRC methodology permits the supervisor to define the head office business unit responsible for cross-border operations as a significant business activity. As a result, inherent risks and controls are evaluated under the Risk and Control Analysis - ARC framework. The guidelines in “Supervision of Units Abroad - Orientation”, as mentioned in EC2, define the depth and frequency of the supervisory actions related to the cross-border establishment. The guidelines require the BCB to take the effectiveness and the quality of supervision conducted by the host supervisor into consideration in its own analysis. Moreover, the Special Examination for Corporate Governance (4.30.10.50.06.01) evaluates the adequacy of governance practices, and is focused on control functions, risk governance, compensation structure, communication and transparency. In order to identify possible conflict of interests and influences, it also analyzes the banking group (item 5.1.1) and whether the directors and members of the board hold shares in other companies not related to the bank conglomerate in question (item 5.1.2). Such inspections can provide insight into a group’s capacity to manage its cross-border entities effectively. The assessors saw examples of documentation confirming the importance the BCB attached to effective consolidation over a cross-border group. The BCB adopts the same framework, as set out in the SRC, to both domestic and foreign banks or banking conglomerates operating in Brazil. As a host supervisor, the BCB participates in colleges for Credit Suisse, Deutsche Bank, Citibank, GMAC, Rabobank and Santander. Please also see CP13. As the home supervisor, the BCB holds supervisory colleges for Banco do Brasil and Itaú-Unibanco. To facilitate cross border supervisory information exchange, the BCB has signed several MoUs with foreign jurisdictions. Please see CP3. |
||||||||||||||||||||
| EC4 | The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate. | ||||||||||||||||||||
| Description and findings re EC4 | The guidelines on “Supervision of Units Abroad - Orientation” set out the criteria used to identify cross border significant establishments where on or off-site inspection is needed and the frequency of this examination (four or five-year cycle, depending on the supervision priority of the bank or banking conglomerate). The following procedures are applied in case of an on-site examination in a unit abroad. In undertaking an inspection of a cross border entity, the BCB establishes contact with the host supervisor providing information on its own planned activities and requesting recent examination reports from the host. Meetings are held with the host supervisor both prior to and at the end of the examination to share findings, conclusions and views. Both the local head office of the institution as well as the host supervisor receive copies of the BCB’s examination report. The BCB has arranged cross border inspections for a number of its banks and the assessors were able to discuss the BCB’s past experience and future expectations of such inspections with some of the banks. |
||||||||||||||||||||
| EC5 | The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action. | ||||||||||||||||||||
| Description and findings re EC5 | The concept and supervisory practice based on the Prudential Conglomerate allows the BCB to focus its attention on entities and activities located in or arising from the wider group that could have an impact on the banking institution. As discussed in EC1, a direct ownership link is not required for an institution to be included in the Prudential Conglomerate, so an affiliate owned by a parent company that is not consolidated in the Prudential Conglomerate can be included in the prudential consolidation. Risks arising from the wider group, including holding companies and their affiliates (including non-consolidated affiliates) are assessed in the SRC methodology, through the assessment of Contagion Risk. This is used to assess the level of exposure to the risks incurred by these companies and the efficiency of controls and management as well as financial performance and condition. Further, Resolution 4122 establishes that the reputation of final owners of financial institutions within a group is to be evaluated/analyzed by the BCB at the time of the licensing application by the financial institution. Contagion risk analysis on an ongoing basis facilitates the BCB in monitoring and assessing reputational issues post authorization. Specifically, in the stress testing program section of Resolution 4557 (Art 15 - V), there is a requirement to include the risk of the institution providing financial support to an entity that is not part of its conglomerate into the stress test scenarios, if relevant. In the case of insurance and private pension companies related to a bank or banking conglomerate, periodic meetings are held with the Superintendence of Private Insurance (SUSEP). In terms of power to act, the the BCB has the power to require transfer of ownership or corporate (Article 5, Law 9,447) which, ensures that the banking entity could be removed from an ownership that is not fit and proper. |
||||||||||||||||||||
| EC6 |
The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
(a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered. |
||||||||||||||||||||
| Description and findings re EC6 | The BCB has the power to limit the conglomerate’s activities, as new activities by financial institutions require an application for approval. Resolution 4122 establishes that the business plan, composed by a financial plan, marketing plan and operational plan, is to be evaluated/analyzed by the BCB at the time of the licensing application by the financial institution. The BCB, through Resolution 4019, and as discussed in CP11 for example, has powers to require institutions to limit their risk exposures. That power can be used upon domestic or foreign branches and extends to the power to restrict the opening of new units (branches, subsidiaries or agencies) or new operations, as well as the power to require the sale of assets, among other measures. The Commitment Letter (MSU 4.50.40) is used to notify and formalize the commitment of the legal representatives of a bank or banking conglomerate and, whenever necessary, their controllers, to adopt measures to correct deficiencies of a serious nature, related to insufficient capital or to other aspects of the operations that could undermine the bank. The assessors saw examples of such interventions and exchanges, including a denial of a change of group structure on the basis that consolidated supervision would have been impaired. |
||||||||||||||||||||
| EC7 | In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group. | ||||||||||||||||||||
| Description and findings re EC7 | The BCB’s current policy is not to supervise the solo bank within the consolidated group on a systematic basis. The Specific Examinations (on-site and off-site), can set the focus explicitly on the perspective of a bank individually or as a conglomerate, on a consolidated basis (MSU 4.30.10). The BCB receives accounting information, and monitors, financial institutions on a sub-consolidated or on a standalone basis. Supervisory action on an individual base is taken if deemed necessary. The SRC methodology permits the evaluation of individual business units/activities, which could be an individual bank or entity belonging to the banking conglomerate. Other sources of information on a solo entity basis include SCR system on credit risk and market information on derivatives, stocks and securities provided by trade repositories, such as B3 (BM&F, Bovespa and Cetip). |
||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||
| AC1 | For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies. | ||||||||||||||||||||
| Description and findings re AC1 | Banks may be owned by individuals and financial holding companies, but not by nonfinancial corporations. | ||||||||||||||||||||
| Assessment of Principle 12 | Largely Compliant | ||||||||||||||||||||
| Comments | The BCB methodology that ensures a prudential conglomerate includes all entities that are relevant to the understanding of the banking group and the use of Contagion Risk analysis in the supervisory approach yield valuable insights into group risk. Importantly, this insight is not static but is maintained on a continuous basis as part of the overall supervisory approach. The assessors were able to see examples of contagion risk analysis. The BCB does not, however, systematically obtain or assess an individual banking entity within a prudential conglomerate against prudential standards. In practical terms, it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. The system, as currently designed and organized, means that the BCB has not communicated the expectation or established the requirement that an individual bank within the conglomerate is continuing to meet the prudential standards that were required of it for authorization. In undertaking resolvability assessment and planning, the BCB will need to understand any obstacles to the transfer of liquidity and capital across the entities of a group, and to require changes to group structure if impediments are identified. Although the Brazilian banking system is largely domestic, it has some cross-border features in respect of some of the DSIB, and even within a purely domestic context, past experience in other jurisdictions has demonstrated that a banking entity cannot necessarily rely on prompt access to group capital or liquidity resources in time of stress, which puts a premium on solo supervision, and the provision of information for any individual bank within a prudential conglomerate. In practical terms, it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. As argued in other principles it is necessary for financial institutions with banking authorizations to recognize the onus is on them to provide the BCB with information and not rely on the BCB to gather and assess such information independently. Equally, as this CP indicates, it is appropriate for the BCB to make its expectations clear that prudential standards should be met and monitored at all times on a solo basis for any individual bank within a prudential conglomerate. |
||||||||||||||||||||
| Principle 13 | Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks. | ||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||
| EC1 | The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors. | ||||||||||||||||||||
| Description and findings re EC1 | In establishing and hosting a supervisory college, the BCB takes into account the risk profile of the branches and subsidiaries in respect of the overall group as well as the systemic importance of these establishments for the host supervisors. This process is periodically reviewed—on average every two years—or triggered by a relevant event such as acquisitions or changes in the organizational restructuring in branches or subsidiaries. As the home supervisor, the BCB conducts biennial supervisory colleges for Banco do Brasil and Itaú-Unibanco, which are the domestic groups with the most significant cross-border presence. The respective host authorities of these groups are invited to participate. |
||||||||||||||||||||
| EC2 | Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information. | ||||||||||||||||||||
| Description and findings re EC2 | BCB as Host Supervisor During the licensing process of a foreign owned subsidiary, the BCB requests detailed information from the home supervisors. Once the subsidiary starts its operations, the BCB responds to requests for information on demand and also will notify the home supervisor of any material issues, including any concerns regarding the safety and soundness of the operations and/or structures of foreign subsidiaries in Brazil. The BCB also notifies the home supervisor of any actions being taken in Brazil. BCB as Home Supervisor Brazilian banks require explicit authorization to establish subsidiaries or branches abroad. As part of the authorization process, Brazilian banks must pledge to provide the BCB full and unrestricted access to any and all information, data, documents and verifications necessary to evaluate the authorisation request. Whether BCB is Home or Host supervisor As noted in CP3, information shared with relevant home or host supervisor includes the results of supervisory assessments of the Brazilian subsidiaries/parent (as appropriate. These assessments include the results of the Risks and Controls System evaluation (SRC -for more information please see BCP 9). Further information on general issues as corporate governance, risk management and exposure, among others, is disclosed on demand. The MoUs between the BCB and foreign supervisory authorities detail the circumstances and the type of information that can be exchanged, subject to the bank secrecy laws of each jurisdiction. Typically, the agreements provide that, in the performance of their duties, both authorities must meet the requests for information from the other party, except under a few exceptional circumstances specified in the MoU, and as long as they are strictly linked to the supervisory process. Supervisory college activity The BCB noted that participation in supervisory colleges has fostered a more comprehensive perspective of foreign banks operating in Brazil and that the information has been used in the context of planning supervisory activities. Exchange of information between supervisors has included, for example, global strategy and risk controls. In colleges, as with bilateral relationships, information is shared, in each case, according to the Brazilian legislation and that of the foreign country’s jurisdiction, especially with respect to confidentiality laws. Since 2016, the BCB has requested Confidentiality Agreements from all participants when convening the supervisory college as the home supervisor. Please refer to CP3 for more details of the MoU agreements in place and the legislative basis for these agreements. |
||||||||||||||||||||
| EC3 | Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups. | ||||||||||||||||||||
| Description and findings re EC3 | As noted in CP3, while collaborative work, such as joint inspections, are permitted within the legal framework and considered in the MoUs, there have been no recent cases of joint examination of a cross-border bank. Nevertheless, if common areas of interest of supervisory work are identified, the BCB, as home or host supervisor, will engage in collaborative work. The Santander Group is the only foreign international group with significant cross-border activities in Brazil. In this context, the BCB participates in the core college and Crisis Management Group (CMG) of the Santander Group with the Banco de España. Please see also EC5 below. There is also a more intensive flow of information with the Bank of England, in relation to the UK presences of Itaú and Banco do Brasil. Information regarding the material risks of the subsidiaries and the overall condition of the parent companies is exchanged. |
||||||||||||||||||||
| EC4 | The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues. | ||||||||||||||||||||
| Description and findings re EC4 | Communication practices for authorities who participate in the BCB’s supervisory colleges for Banco do Brasil and Itaú-Unibanco include the physical meetings, supplemented by bilateral calls where frequency of contact varies according to the risk profile and needs of the host and home supervisors. As noted above, the BCB shares the conclusions of inspections and assessments carried out under the SRC methodology. As host supervisor, the communication procedures may vary according to the relevance of the subsidiary, ranging from very intense, in the case of the Santander Conglomerate (emails, conference calls every two months on average and participation in the Core College and in the CMG), to occasional contacts, only when there is a significant event, in the case of smaller institutions. |
||||||||||||||||||||
| EC5 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. | ||||||||||||||||||||
| Description and findings re EC5 | The BCB is the single supervisory and resolution authority for financial institutions in Brazil. The Department of Resolution Regimes (Deres) was established in 2016 with the staff of the former Department of Bank Liquidation. This new department has, among other mandates, the duty of preparing resolution plans and conduct resolvability assessments. Since 2013, as the home resolution authority of a G-SIB resolution entity (Santander in an MPE approach), the BCB has had a Cross-border Cooperation Agreement (CoAg) with authorities from the EU, Spain and the United Kingdom, concerning the Santander Group. The BCB has signed a specific MoU (Cross-border Cooperation Agreement - CoAg) with Banco de España, in which terms and policies for information sharing related to resolution strategies are established. The CoAg sets out how the respective parties will communicate and coordinate, both during normal periods and in times of crisis, with a view to facilitating the resolvability, recovery or, as necessary, an orderly resolution of Santander, including its recapitalization, restructuring, sale, liquidation or wind-down, where appropriate. The resolution department leads the work that takes place under the remit of Santander’s CMG, working with joint responsibility with the supervisory area. In 2016, resolution and recovery planning was extended to all domestic systemically important banks (D-SIBs). Under resolution 4,502 D-SIBs are required to prepare recovery plans, a phased process that began in December 2016 and will end in July 2018. After that, the D-SIBs will update their recovery plans annually. The recovery plans provide an additional extra layer of information to inform the work of the supervisory and resolution areas in recovery and resolution planning and resolvability assessments and ought to support or improve the supervisory early intervention mechanism. This recent-implemented recovery and resolution planning process is seen as a first step to building a similar framework for a CMG for each Brazilian D-SIB. It is anticipated that information gathering concerning contingency strategies and mapping the any existing impediments to an orderly resolution will set the grounds for information sharing on crisis preparation. Additionally, aiming to enhance cross-border resolution cooperation, the BCB participates actively in the FSB Resolution Steering Group (ReSG) and is currently in the final stages of preparing a new resolution law, aligning the Brazilian legal framework with the Key Attributes of Effective Resolution Regimes. |
||||||||||||||||||||
| EC6 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and Resolution measures. | ||||||||||||||||||||
| Description and findings re EC6 | As noted above, BCB is the single supervisory and resolution authority, and since 2016 has had a department dedicated to bank resolution. Moreover, since January 2017, the BCB has established a strategic Resolution Committee (COPAR) in order to focus on coordination between the supervisory and resolution departments to deal with resolution planning, resolvability assessment and resolution. As noted in CP3, COPAR is composed of the heads of the departments involved in resolution and crisis management. These two departments report to different deputy governors and a governance architecture has been put into place to avoid conflicts of interest when dealing with a crisis scenario (e.g. assessment of the “fail or likely to fail”). The BCB’s governance structure was last published on November 17, 2016 and the objectives of COPAR were set out. Please also see EC5. |
||||||||||||||||||||
| EC7 | The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks. | ||||||||||||||||||||
| Description and findings re EC7 | All banks in Brazil are subject to the same regulatory and supervisory requirements irrespective of whether they are foreign or domestic. There is no treatment differentiation, by Brazilian supervision, in relation to domestic or foreign-controlled institutions. |
||||||||||||||||||||
| EC8 | The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups. | ||||||||||||||||||||
| Description and findings re EC8 | Confirmed by the Memorandums of Understanding (MoU) signed with the supervisory authorities of the home countries of foreign financial institutions operating in Brazil, home authorities are granted access to carry out On-Site reviews, inspections and visits to the subsidiaries of their supervised institutions in Brazil. The MoUs also indicate that the foreign supervisor must inform the BCB of their planned activities. Firms with whom the assessors met referred to past and planned inspections of subsidiaries in Brazil. As home supervisor itself, the BCB informs host supervisors of intended visits to local offices and subsidiaries of Brazilian banking groups and shares the results of these activities. Banks headquartered in Brazil with whom the assessors met also confirmed past and future inspections of their cross-border establishments by the BCB. For those jurisdictions where no MoU is in place, there are informal arrangements to enable supervisory visits to local subsidiaries and the exchange of confidential information. In these cases, the information is shared subject to the legislation of each country, especially with regard to laws concerning the obligation to maintain the confidentiality of the information and the restriction of its use only for supervisory purposes. |
||||||||||||||||||||
| EC9 | The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks. | ||||||||||||||||||||
| Description and findings re EC9 | Given that there is no legal provision for licensing booking offices in the Brazilian financial system, the BCB does not act as host supervisor for booking offices. While there is no explicit legal or regulatory prohibition in respect of shell banks, the BCB’s licensing framework does not, in practice, permit the incorporation of shell banks as defined by the Basel Committee, namely banks that have no physical presence (i.e. meaningful mind and management) in the country where they are incorporated and licensed), and are not affiliated to any financial services group that is subject to effective consolidated supervision financial institutions without a physical presence. For example, under Resolution no. 4122, the BCB must conduct an inspection of any new institution prior to granting authorization (MSU 4.30.10.50.61). The same regulation permits the BCB to revoke the authorization, among other reasons, due to absence of evidence of practice of essential operations. |
||||||||||||||||||||
| EC10 | A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action. | ||||||||||||||||||||
| Description and findings re EC10 | The BCB’s policy is to notify the relevant supervisory authority and probe the information received in the event that this information has the potential to lead to supervisory actions by the BCB. This interaction is facilitated by the frequent information exchange with foreign supervisors as discussed in earlier EC. The BCB has practical experience of this scenario in relation to orderly bank resolution and to the investigation of illegal operations. | ||||||||||||||||||||
| Assessment of Principle 13 | Compliant | ||||||||||||||||||||
| Comments | The BCB has made efforts to establish effective communication with its peer authorities in the context of both home and host supervision. The banks with whom the assessors met spoke highly of their experience of international coordination by the BCB. There are aspects of the BCB’s supervisory approach that could be enhanced, including a formal feedback to the banks it supervises following any meeting of a supervisory college or other major supervisory exchange. Also, in the context of the institutions which have cross border entities outside of Brazil which are systemic for the host jurisdiction, the BCB could consider annual supervisory colleges to ensure that all aspects of strategy, reputation and contagion risk outside of Brazil are being factored into supervisory planning. Finally, and as also touched on in CPs 3 and 8, the BCB’s work on recovery and resolution with its banks is not yet fully completed. This element is graded in CP8. |
||||||||||||||||||||
| Principle 1 | Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups.4 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.5 | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The responsibilities and objectives of each of the authorities involved in banking supervision6 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The regulatory structure of the national financial system (SFN) is established by Law 4595 (the “Banking Law”). This law (Article 1) defines the SFN as comprising The National Monetary Council (CMN), the BCB, the Banco do Brasil S.A., the National Bank of Economic Development; and all other public and private financial institutions. The Banking Law further sets out the responsibilities of the Central Bank of Brazil (BCB). Specifically, the Banking Law provides the BCB with the exclusive authority to license banks (Art 10, Section X), conduct inspections (Art 10, Section IX) and to carry out corrective and remedial actions (Chapter V - penalties including recovery powers). No other authority in Brazil is granted supervisory powers in respect of the financial system, but the powers and execution of tasks by the BCB are subject to scrutiny by and report to the CMN, which has the wider responsibility for the soundness of the SFN. Additionally, laws 6,024 and 9,447 and Decree-Law 2,321 grant the BCB resolution powers, including intervention, liquidation or temporary special administration regime. The BCB holds the authority to regulate and supervise the banking system with respect to anti-money laundering and combating terrorism financing (AML/CFT) under Law 9,613. The BCB is responsible for the supervision of: commercial banks, universal banks (‘bancos multiplos”), exchange banks, development banks, investment banks, the Federal Savings Bank and credit/finance investment societies. All these institutions accept insured deposits but only commercial and multiple banks may accept demand deposits and grant commercial loans. Other financial institutions supervised by the BCB include: brokers and brokerage firms, credit cooperatives, leasing companies and micro credit companies. |
||||||||||||||||||||||||||||||||||||||||
| EC 2 | The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | As noted above, according to the Banking Law, the BCB is the banking system supervisor and acts in accordance with the rules issued by the CMN. The Banking Law establishes multiple tasks for the BCB under Chapter III. The exclusive responsibilities of the BCB are set out, for example, in Articles 10 and 11 in the form of a list of tasks. While the role of the BCB is clear, in terms of tasks, the Banking Law does not include an explicit objective for the BCB for supervising banks and being responsible for the safety and soundness of the banking system. However, Resolution 4019, establishes that the BCB’s powers of corrective action are triggered in order to protect the safety and stability of the national financial system (Article 1). It may be noted, however, that according to Article 3 of the Banking Law, the responsibility for safeguarding the liquidity and solvency of financial institutions rests with the CMN itself and not the BCB. It is the CMN that issues the Resolutions (regulations) that govern liquidity and solvency. The BCB has authority to issue regulations (the BCB circulars) or guidelines as deemed necessary to ensure the safety and soundness of the banks under its jurisdiction. The BCB circulars set out the more detailed conditions required to operationalize the requirements in the Resolutions. Furthermore, as a member of the CMN, the BCB has the right to propose regulations and thus has the ability to initiate necessary revisions to the regulatory framework. In addition to its contribution to financial stability, and as is common for central banks with supervisory functions, the BCB plays a monetary policy role. Hence, Members of the BCB’s board convene periodically as two different, but complementary, committees: the Financial Stability Committee (COMEF) defines strategies and guidelines to preserve financial stability and mitigate systemic risk; and the Monetary Policy Committee (Copom), which sets the target for the policy interest rate, under an inflation targeting framework. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile and systemic importance. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The Banking Law grants powers to the CMN and the BCB the authority to define prudential standards to banks and other financial institutions through the issuance of regulations on a timely basis to address prudential concerns. In order to establish minimum prudential standards, regulations address, for example:
Please see EC6 for recent developments in the refinements of powers for the BCB. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The Banking Law is broad and allows for the issuance of regulations, including those necessary to implement international standards, without the need for legislative action. As noted above, prudential regulations are issued in the form of Resolutions (by the CMN) and circulars (by the BCB). CMN Resolutions take precedence over the BCB Circulars, so the latter must be consistent with the former. The BCB can propose the issuance of a resolution by the CMN and can also propose changes to federal laws to the Executive Branch. The BCB participates in the analysis of amendments to federal laws under discussion in the Congress. When applicable the BCB launches public consultations on new regulations. The banks and firms with whom the assessors met confirmed that the BCB is scrupulous in engaging in consultative processes before introducing new requirements. |
||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor has the power to:
|
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The Banking Law grants the BCB’s supervision unrestricted access to bank records, bookkeeping, documents and frequent contact with bank management. Specifically, Resolution 2723 (see in particular articles 9 and 10) provides the BCB with access to information, data, documents and verifications necessary for assessing the assets and liabilities, and the risks assumed by domestic or foreign subsidiaries of the bank. The Banking Law and the regulations apply equally to both domestic banks and foreign-owned banks incorporated in Brazil. The officers responsible for specific issues, including operational risk, market risk, liquidity risk, credit risk, risk management, foreign exchange, swaps, etc, must be available to the BCB provide any necessary clarifications. The BCB confirmed that the prevailing legislation did not formally grant the supervisor the right of access to the institutions’ premises, in the case of resolution or liquidation the BCB had the immediate right of entry, accompanied by the police. If the BCB were denied access under other (i.e. non-liquidation or resolution) circumstances, it would proceed via use of powers to punish the institution for denial of information. |
||||||||||||||||||||||||||||||||||||||||
| EC6 |
When, in a supervisor’s judgment, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to:
|
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB has a range of corrective actions, powers and sanctions that are set out in Resolution 4,019, derived from the Banking Law and other laws. As noted under EC3, the BCB’s powers include:
The intent for the new Ordinary Law, was to allow for harsher penalties and more expedited procedures. For example, revocation will be possible as a result of a grave infraction rather than only because the same infraction had been committed in the previous three years. The BCB will also be able institute immediate revocation if an institution is a danger to itself or to the market. Please see CP11 EC1 for more detail. In terms of cooperation and collaboration to ensure orderly resolution, Complementary Law 105, creates a general framework for information exchange and cooperation with foreign and domestic authorities who are relevant for resolution. This law will be supplemented by a Bill prepared by the BCB in order to align the Brazilian Resolution Framework with the 2014 FSB Key Attributes of Effective Resolution Regimes. The Bill is intended to enhance the framework for cooperation established under Complementary Law 105. For example, the bill contains more specific provisions dealing with cooperation and exchange of information with foreign resolution authorities in connection with the resolution of multinational firms. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | The BCB’s supervisory scope is widely drawn. Article 11 of the Banking Law establishes the BCB’s responsibility to exercise supervision over companies which are, directly or indirectly, involved or participate in the capital or financial markets. Hence, parent companies, subsidiaries or affiliates are subject to the oversight—though not the supervisory powers—of the BCB. | ||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 1 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The Banking law clearly establishes the BCB as the supervisory responsibility with a suite of tasks and powers. Further, the BCB’s corrective powers are triggered (Resolution 4019) with the aim of ensuring the solidity, stability and regular operation of the National Financial System. More generally, Brazil has a well-developed regulatory framework. All laws and regulations are published in the Federal Official Gazette of Brazil. Updated Federal legislation is accessible to the public through a variety of means, among which the site of the Presidency of the Republic of Brazil: www.planalto.gov.br. Regulations edited by the CMN and the BCB are accessible to the public through the BCB site: www.bcb.gov.br. While the BCB does not have the power to issue regulations independently, it sits on the body (the CMN) that issues the regulations and has the right of initiative for any new regulation in its sphere of responsibility. |
||||||||||||||||||||||||||||||||||||||||
| Principle 2 | Independence, accountability, resourcing and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The operational independence, accountability and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Independence The Banking Law (Law 4595) establishes the National Monetary Council (CMN) as the main regulatory authority on financial issues and the Central Bank of Brazil (BCB) as the financial supervision authority, also with some regulatory power. Nevertheless, the Banking Law itself (Article 8) denotes the BCB as “a semi-autonomous federal agency.” Pursuant to Article 4 (items XXV and XXVII), the CMN decides upon the administrative structure, staff, and benefits of the BCB as well as approving the BCB’s internal bylaws, accounts, budget and accounting systems. Governance Governance provisions for the BCB are set out in law, notably the Banking Law (Arts 14 and 15). The Banking Law (Art 14) establishes that the BCB’s Board of Directors will have five members, including by the Governor. The members of the Board of the BCB are appointed by the President of the Republic and approved by the Senate. The Banking Law (Art 15) specifies decision making and frequency of Board meetings. Accountability The accountability of the BCB is to the CMN as set out in the Banking Law (Art 9) which requires the BCB to comply with and ensure compliance with the provisions attributed to it by current legislation and the norms issued by the CMN. The Central Bank’s Governor has government ministerial status and thus is accountable directly to the President. The BCB acts as executive secretariat to the CMN, and publishes the CMN’s decisions on financial issues in the form of resolutions. Supervisory discretion to act Decisions made by the board of the Central Bank of Brazil falling within the scope of its regulatory powers are published in the form of circulars, and as noted in CP1, typically iterate the detailed operational requirements that complement resolutions of the CMN. The BCB can also issue circular letters if there is a need to clarify some aspect of a resolution or a circular. Such information, contained in a circular letter, is complementary to the regulatory text and is also enforceable. Decisions on financial issues published in the form of resolutions or circulars are enforceable. Noncompliance with rules established in resolutions and circulars may therefore result in supervisory actions by the BCB. The BCB’s power to take supervisory action or decisions on banks under its supervision derives from three laws: the Banking Law, Law 6,024 and Resolution 4019. The BCB may thus undertake enforcement or corrective action, apply penalties and intervene and resolve weak banks independently, without recourse to formal or informal consultation or approval by the CMN or other authority. Although a Presidential Decree/Decision is required before a foreign owned subsidiary or branch can enter the Brazilian market, the procedure, which is seen largely as a formality, is not initiated unless the BCB has first scrutinised the application and concluded it is willing to grant its supervisory approval for a new authorisation. Hence, the prudential veto is in place. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The Federal Constitution of Brazil of 1988 (Article 52), determines that the members of the BCB’s Board of Governors be appointed by the President of the Republic and ratified by vote of the Senate following a public hearing. There is no established mandate or fixed-term for these positions. The tenure of the most recent Governors has ranged from three to eight years. The Governor and Deputy Governors of the BCB may be summarily dismissed at any time by the President of the Republic, (Decree 91,961, Art 1). The reasons for dismissal are not specified in law and nor is there a legal requirement for the grounds of dismissal to be made public. In addition, there are legal provisions for mandatory dismissal, applicable to any civil servant, pursuant to Law 8,112. Also, as is the case with any other civil servant, the BCB’s Governor and other Board members are subject to administrative processes for misconduct in accordance with Law 8,112 and Law 8,429. Grounds for dismissal include, for example, criminal or corrupt activities, violation of professional secrecy, and inappropriate behaviour. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The BCB publishes the objectives and processes of supervision in the Supervisory Manual, available on its website, in both Portuguese and in English. The BCB also publishes its Financial Statements in the Federal Official Gazette of Brazil and on its website. The Financial Stability Report (FSR), which contains an overview of the SFN and its risks, is released biannually. The Deputy Governor for Supervision presents to the press at the release of each FSR. This presentation includes live broadcasting through the BCB’s channel on YouTube. The FSR communicates the views of the BCB’s Board on the main risks regarding the National Financial System. The BCB’s finances, budget and operations are subject to oversight by the Congress with the assistance of the Federal Audit Court. The Governor appears before the Committee of Budget twice a year and meets the Committee of Economic Affairs on a quarterly basis. These meetings are in open session and are broadcast on television. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The BCB has operational rulebooks which set out the internal governance and communication processes. The internal Management Operational Manuals explicitly define practices and processes to reach institutional decisions. While some decisions are reserved for the Board and Governor, such as revocation or major intervention, there are delegated powers to ensure that decisions can be taken and action pursued at lower levels of the hierarchy. For example, the Deputy Governor for Supervision may apply all sanctions and preventative measures; a head of department, acting on delegated powers from the Deputy Governor, can propose certain sanctions such as requiring an increase of capital, up to a certain level; a head of division is normally responsible for signing written requirements to banks to remedy deficiencies, but can escalate problems to the deputy head of the department to issue an attendance order to summon the controller of an institution to the BCB in order to resolve an issue. The BCB has a department of supervisory methodology which is responsible for designing decision making processes. At the time of the assessment these procedures and processes were under revision due to the expected legal changes arising from the ordinary law (13,506) that replaced Provisional Measure 784/17 which had lapsed (please see CP1 and CP11). As noted in EC2, the Governor and Board Members are appointed by the President and ratified by the Senate. A reputation for integrity and possession of technical competence are required in order to be eligible for these posts, and all members of the governing body are subject to the laws addressing conflict of interests as noted in EC5. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Professionalism In terms of appointment and recruitment, the law requires that certain standards are observed. Decree 91,961 provides that the Governor and Deputy Governors of the BCB shall be individuals of unblemished reputation and with a strong reputation and skill in economic and financial matters. The remainder of the BCB’s professional staff are hired via public examinations at entry level positions (Art 6, Law 9,650). The BCB is permitted to tailor its examination to focus on expertise needed. Integrity With regard to the professionalism of duty and integrity of the supervisor, Law 8,112, which establishes the legal regime for civil servants, provides (Art 121) that public servants are subject to civil, criminal and administrative proceedings in case of unlawful performance of their duties. Conflicts of interest are addressed by Law 9,650 (Art 17), which forbids staff members to provide services to companies supervised by the BCB or to receive any commercial advantages not available to other customers. The law (Art 17) further establishes responsibilities on the professional secrecy of information. BCB’s officials and staff members with access to privileged information are also subject to Law 12,813 (Art 6 (2)) which establishes clear definitions of conflict of interest, and requires a cooling off period of 6 months, unless an exemption is granted by the Public Ethics Committee or by the Office of the Comptroller General of the Union. Article 13 of this law indicates that sanctions can be applied, under Law 8,112, in the event of conflict of interest or of impropriety. Additionally, Board members and staff are subject to Law 8730 which addresses individuals in public service and positions of trust and requires an annual declaration of interests. In the BCB this declaration is made to the HR and Ethics Committee. Additionally, the BCB officials are subject to the Federal Government’s “Code of Conduct of the High Federal Administration.” The code establishes, among other rules of conduct applicable to senior public administration, the prohibition of accepting gifts of more than R$100.00, the obligation to clarify the existence of any conflict of interest and the use of insider information to their advantage. The BCB has taken several additional steps to promote professional conduct and ethical behavior. The Code of Conduct of Public Servants of the Central Bank of Brazil was published in 2009, and is available on the BCB’s website. The Ethics Committee of the BCB promotes the adoption and enforcement of both the Civil Service Code of Professional Ethics and the Code of Conduct of the CBC. The BCB also has an Ombudsman (Ouvidoria), which is responsible for dealing with any complaints related to the actions of the Central Bank and its staff members. While the Ombudsman has no direct powers, other than to ask for information, it is able to open procedures which are forwarded to the BCB unit of Internal Affairs to investigate. |
||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes:
(a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation and participation in domestic and international meetings of significant relevance (eg supervisory colleges). |
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB’s budget is composed of two elements, one of which addresses the BCB’s operations as the Monetary Authority and must be approved by the CMN. Supervisory activities, are met from the organisational budget, which under the Fiscal Responsibility Law forms part of the General Federal Government Budget (OGU). Additionally, the BCB has access to the resources of Reserve for Institutional Development of BCB (REDI-BC) which is the source of funding for the BCB’s key strategic projects, for long-term professional development of the BCB staff and technical and physical infrastructure, such as IT investments. The BCB considers that it has an adequate budget allocation to support an appropriate complement of staff, of requisite skills, as well as for training and development, IT systems, and other resources necessary for supervisory activities. Nonetheless, over the course of the assessment, the assessors became aware of some meetings and events that had been restricted due to budget constraint. All BCB staff recruitment, including mid-career specialists, is at entry level through public examinations. It is important to note that the BCB has the flexibility to tailor the examination to the expertise needed in order to recruit the range of skills that it needs. Equally, despite the entry level condition for hiring, the BCB has the power to ensure that skilled and experienced staff are allocated positions commensurate with their seniority (Law 9,650, Chapter III). The BCB staff with whom the assessors met valued the entry exam as an effective tool to identify the right skill set in prospective staff. Moreover, the entry exam process was seen as a protection of the BCB’s neutrality and independence as it was a way to avoid political appointees being imposed on the technical ranks of the institution. The BCB may, in addition, if needed, hire external consulting services, in order to perform a specific task or function if the relevant expertise is not possessed by BCB staff. Salary scales are governed by Law 9,650. Staff retention is high, with very few exits from officer ranks, apart from retirement or international service. BCB staff, with whom the assessors discussed the issue, highlighted the benefits of access to further education (e.g. higher degrees), security of tenure, and generous pension benefits as reasons that the BCB attracts quality staff and has high rates of retention. Among the staff with whom the assessors discussed these issues, were high calibre officers, with extensive experience in high profile industry and professional positions. Examples of support for staff development include the sponsorship of the Post-Graduate Programs; in-house training in banking regulation and supervision; and attendance in training events abroad (such as with the Association of Supervisors of Banks of the Americas (ASBA), the Financial Stability Institute (FSI), the IMF, WB, or other bodies). The BCB acknowledges increasing budget restrictions in the recent years, reflecting the domestic recession. Budgetary restrictions are expected to continue for the next few years due to the recent law imposing a limit on government expenses. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | There is an annual process to identify and take action in respect of skills gaps, coordinated by the Strategic Management, Integration and Support for Supervision Department (DEGEF). A stock-take of skills needed in the Supervisory department, which includes a prioritisation of the most needed skills in the coming year, is cross referenced with skills of existing staff (on a self-reporting basis) through the Training Management System. The system can thus prioritize the most essential skills, but also identify the priority needs of individual staff. The Central Bank’s Corporate University (UniBC) is responsible for offering, executing and evaluating the educational initiatives of the BCB as a whole. Domestic and foreign training is available and a number of staff with whom the assessors spoke indicated that the opportunity for further training and development at the BCB had been an important factor in seeking a career at the central bank. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The BCB utilizes a risk-based supervisory approach (using a 1-4 rating system, subdivided into 10 grades overall), where the supervisory cycle is designed to take account of the bank’s risk and impact to the financial system, based on asset size thresholds and supervisory rating criteria. Supervisory plans are developed and resources assigned reflecting the risk profile of the bank and tailored to the geographic scope and degree of specialization, sophistication, risk, size, and complexity of the activities and organization of banks. In general, those entities presenting the greatest risk receive the most intense, frequent, and comprehensive scrutiny. Please see CP8 for more details. The BCB seeks to staff each supervisory program with personnel of appropriate training and experience. All of the supervisory programs consider the best approaches available to mitigate risks. |
||||||||||||||||||||||||||||||||||||||||
| EC9 | Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | While not providing immunity from lawsuit or litigation, Brazilian law provides a degree of legal protection to managers and its employees. Thus, the BCB’s Governor, its Deputy Governors and certain other staff (current and former) have the right to representation by the BCB’s General Counsel (PGBC), pursuant to Law 9,028. This legal assistance extends to those assigned to the administration of special regimes under Law 6,024, and Decree-Law 2,321. This assistance may include representation before the Federal Public Prosecutor, if the officials are charged with criminal acts carried out in the course of their constitutional, legal or regulatory duties, or when acting in the public interest. Additionally, the PGBC may file a habeas corpus and a writ of mandamus in defence of current and former officials in respect of such charges. It may be noted that the Governor of the BCB has the status of a Minister of State, and his actions can only be challenged in the Superior Court of Justice (STJ) or in the Supreme Court (STF), and not in lower level Federal courts. BCB staff, however, do not enjoy the automatic services of the PGBC, or of protection against costs of lawsuit for actions taken when discharging their duties in good faith. Instead, staff are subject to a review and approval process. BCB staff can only obtain legal assistance following a review of the request by the PGBC and submission to the Board of Governors. If approval is granted, the PGBC conducts the defence and absorbs all costs of representation. The procedure for seeking legal assistance is set out in BCB Directive 088. Nevertheless, the BCB was concerned that the existing legal framework may afford insufficient protection to its staff. Hence, in the context of the Bill on bank resolution, provisions have been put forward that would provide enhanced legal protection for BCB officials and staff. According to these provisions, no central bank official or staff member shall be held liable for any act or omission related to the performance of his legal duties, provided that such acts or omissions do not arise from wilful misconduct or fraud. At the time of the assessment mission the Bill had not yet been passed. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 2 | Materially Non-Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The legal framework does not grant the BCB a full, de jure independence from the government to conduct its activities, and there are important deficiencies in relation to the assessment of this principle. These deficiencies, unless and until amended, are potential conduits through which the de facto independence of the BCB could be impaired or compromised, irrespective of previous track record. The legal protection for staff of the BCB is lacking. The BCP methodology highlights the vulnerability that supervisory staff can be exposed to if such protection is weak or missing and it is therefore welcome that legislative initiatives to put this protection in place were in progress at the time of the mission. Brazil also falls behind good practice in that there is no fixed mandate for the term of the Governor, or for Board members. Also, the Governor can be dismissed from his/her position at the will of the President and there are no formal reasons for which dismissal can be made and no requirement for there to be a public disclosure of the reasons for dismissal. Although it is clear that in past years there has been great stability in terms of position holders of the Governor, and there is no evidence that the BCB has been unsuccessful in launching necessary regulatory initiatives, this track record cannot provide a protection against potential future volatility. Ancillary points that should fall within the BCB’s own discretion include budget and personnel decisions, to confirm that it is an independent institution fulfilling an important role on behalf of the state. |
||||||||||||||||||||||||||||||||||||||||
| Principle 3 | Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.7 | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | To date, the BCB has made use of Complementary Law 105 to establish formal agreements with the following Brazilian authorities:
An annual meeting schedule has been established between the supervisory areas of the BCB, SUSEP and, more recently, PREVIC, in order to support the assessment of the risk and controls of banking conglomerates. Information exchange typically covers such issues as of internal controls, corporate governance, solvency, and quality of the assets. Additionally, the Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension Markets (COREMEC) was established through Decree 5,685, in order to promote the coordination and the improvement of the operations of federal public administration entities that regulate and supervise activities related to investments and savings. COREMEC meetings take place quarterly and the information exchange typically includes: (i) financial stability issues; (ii) risk-based supervision; (iii) rationalization and standardization of information requested by supervisory bodies; (iv) anti-money laundering issues; and (v) financial education and financial inclusion strategy. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Complementary Law 105, (Article 2, § 4°, subsection II) provides the basis for cooperation agreements with foreign supervisory authorities in respect of:
The BCB maintains arrangements with foreign (home and host) supervisors and seeks to meet, as far as possible, requests from foreign supervisors even when no formal MoU is in place, providing that the requirements of Complementary Law 105 are met. Where information is governed by the law on secrecy, an MoU is required before information exchange can take place. However, information in relation to prudential supervision is not covered by the secrecy law and the BCB endeavors to maintain open communication and exchange information even prior to an MoU being signed. At the time of the assessment, the BCB had 25 Memoranda of Understanding (MoUs) with 29 foreign supervisory authorities, from 23 countries and the European Central Bank (ECB). The BCB has signed MoUs with the supervisory authorities of the following countries: South Africa, Germany, Argentina, Bahamas, Cayman Islands, China, Chile, Colombia, South Korea, Spain, United States of America (OCC, FDIC, FED and Department of Financial Services), India, Indonesia, Italy, Luxembourg, Mexico, Panama, Portugal, Paraguay, Peru, the United Kingdom, Switzerland and Uruguay. During the assessment, a further MoU was signed with the Austrian authorities. The BCB confirmed that there is a regular/frequent exchange of information with most of the countries with which the BCB has an agreement. The assessors were able to see some examples. The BCB noted that it receives dozens of information requests every year through the MoU arrangements. Furthermore, the BCB Supervision Manual (MSU 4.30.40) provides that the main conclusions of the Risks and Controls Assessment System (SRC), including the supervisory rating, are to be shared with the home supervisor of foreign financial institutions operating in Brazil at the end of the supervisory cycle. Although the MoUs confirm that joint inspections may take place, and clarify arrangements for the notification of inspections in the jurisdiction of the home/host authority, none have been carried out in recent years. The BCB hosts supervisory colleges for Itaú-Unibanco and Banco do Brasil and participates in colleges for Citibank, JP Morgan Chase, Credit Suisse, Deutsche Bank, UBS, GMAC, and Rabobank. The BCB also participates in the core colleges and Crises Management Group - Santander with Banco de España, having signed a specific MoU -CoAg with that authority establishing policies for information sharing related to resolution strategies. Please see also CP13. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | In exchanging information and signing MOUs, the BCB ensures that the protection of the information meets the privacy standards of Brazil in accordance with Complementary Law 105. The agreements and MoUs signed by the BCB state that the information provided must be used only for supervisory purposes and its confidentiality must be preserved to the extent legally possible. Even when the BCB exchanges information with foreign supervisory authorities with whom there is no MoU in place it is made clear to the foreign authority that the information provided is to be used for supervisory purposes only. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor receiving confidential information from other supervisors uses the confidential information for bank specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The BCB confirmed that its use of confidential information received from other supervisors is only ever for supervisory purposes and that it routinely confirms that the confidentiality of the information it shares with other authorities will be protected, other than in cases of court order or legislative mandate. The BCB itself only has to provide information shielded by bank secrecy Laws in cases of submission of specific requests from Congress /Justice (prescribed by Complementary Law 105). Any request not covered by Complementary Law 105 is denied. However, such requests are uncommon and there have been no cases in recent years. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The BCB is the single supervisory and resolution authority, which facilitates a prompt and effective exchange of information for supervision and for the resolution area to develop resolution plans. As of January 2017, a governance architecture has been created through the establishment of a Resolution Committee (COPAR) constituted by the heads of the departments involved in resolution and crisis management (departments under the Deputy Governor for supervision and the Deputy Governor for resolution). The objective is to support the coordination and communication between supervision and resolution areas to deal with resolution planning, resolvability assessment and resolution actions. COPAR is working on methodologies to be used in time of crisis and should thus assist in avoiding conflicts of interest when dealing with a crisis scenario (e.g. assessment of the “fail or likely to fail” condition) as the supervisory and resolution departments report to different Deputy Governors. The review of the banks’ Recovery Plans is part of the supervisory work process and this review should be carried out as described in the guidance available on the BCB’s intranet. Supervision may, at its discretion, determine the total or partial execution of the recovery plan, in order to maintain the soundness, stability and regular operation of the SFN. Once the recovery plan is triggered, it is the supervisor’s responsibility to share the necessary information with the home or host supervisors. The decision for resolution, though, is a decision of the BCB board, which is made following a proposal by the DG for the resolution department. One purpose of the COPAR, is to ensure that there has been an extensive consideration of the technical issues prior to a recommendation being made to the BCB Board. As mentioned in CP 13 (EC 5), the BCB has required all D-SIBs to submit recovery plans. Information gathered from the recovery plans is planned to be used to enhance resolution planning. The first versions of resolution plans are already in place but will be enhanced and finalized at the end of the phase-in period for the recovery plans which is due in July 2018. Firms with whom the assessors met, confirmed that they had been submitting their recovery plans to the BCB according to the timetable. The BCB participates in the FSB Cross-Border Crisis Management Group (CBCM) and FSB Resolution Steering Group (ReSG). It should be noted, in addition, that the Bank Resolution Bill prepared by the BCB in order to align the Brazilian Resolution Framework with the FSB’s 2014 Key Attributes of Effective Resolution Regimes, and currently under reviewed by the Ministry of Finance, was also designed to enhance the framework under Complementary Law 105. For example, the proposed bill contains more specific provisions dealing with cooperation and exchange of information with foreign resolution authorities. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 3 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has clear powers to exchange information with relevant authorities both domestically and abroad. Relevant MoUs are in place or are in the process of being agreed, in order to adapt to new elements of recovery and resolution, and the BCB places an emphasis on proactive and timely information sharing and of assistance when requested. | ||||||||||||||||||||||||||||||||||||||||
| Principle 4 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The term “bank” is clearly defined in laws or regulations. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Unlike some other jurisdictions, the term “bank” is not specifically defined in laws or regulations. Instead, banks are recognized as a subset of the financial institutions that are authorized and licensed by the BCB. The Banking Law (Article 17) defines financial institutions as “public or private legal entities, whose main or secondary activity is the collection, intermediation or investment of their own or third-party funds, in national or foreign currency, as well as the custody of third party property.” Hence, the BCB licenses and supervises a range of financial institutions (19 types), which includes banks but not all of the financial institutions are banks. Other non-banking financial institutions are licensed and supervised by the BCB and may provide a specified set of financial services. Each of the 19 subsets of financial institutions is subject to its own set of resolutions which define its nature. Please see EC2 below. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The activities permitted for the different sectors of banking institutions are set out in regulations. Commercial Banks are licensed by the BCB to provide a wider set of regulated financial services. Investment banks, development banks, universal (“multiple”) banks, credit cooperatives and exchange banks are covered, respectively, in Resolutions 2624; 394; 2099; 2788; and 3426. | ||||||||||||||||||||||||||||||||||||||||
| EC3 | The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | According to Article 34 of Law 8,934, the names of Brazilian companies must conform to the principle of truthfulness and to be new (“The business name shall obey the principles of veracity and novelty”), in order to be registered with the Trade Boards—these are state controlled institutions. This requirement mitigates risks of the use of the word “bank” and its variations by non-licensed institutions. There is no outright general prohibition on the use of the word of “bank” or of any of its derivatives except in certain specific circumstances. For example, Credit cooperatives are not permitted to use the term bank, based on Article 5 of Law 5764 (“Cooperatives are prohibited from using the term “Bank”) | ||||||||||||||||||||||||||||||||||||||||
| EC 4 | The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Only institutions licensed and supervised by the BCB may engage in deposit taking. Commercial and universal (“multiple”) banks, and credit cooperatives, are the only institutions permitted to receive demand deposits. To accept a deposit of any type an authorization is needed. Additionally, Law 7492, (Article 16) stipulates a sentence of 1 to 4 years and a fine to those that operate a financial institution without due authorization, or with authorization granted based on false statements. Some payments institutions are permitted to receive deposits from the public, solely in order to convert those funds into electronic money through a pre-paid payment account, which is restricted for payment transactions. Those resources are not considered “deposits” (as bank deposits), since they cannot be used to finance the operations of the payments institutions (or of a FI that provides payment services). Nevertheless, these payment institutions are licensed and supervised by the BCB, and customers’ accounts are segregated for their protection. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The BCB’s website contains a registry of all financial institutions and publishes standard basic information of all banks licensed under its jurisdiction (address, directors, branch network, conglomerate data, list of licensed activities, tariffs, etc.): http://www4.bcb.gov.br/?IF. The BCB’s website, identifies institutions by sector (i.e. bank, etc) at: http://www.bcb.gov.br/pt-br/#!/n/SUPERVISAOSFN. Registry information of other institutions licensed by the BCB is available at http://www.bcb.gov.br/?RELINST. The information includes the trade name of the financial institution, its registration number in Brazil (CNPJ), area of operation and address. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 4 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | Information on the identity and permitted activities of all entities operating under a banking authorization is clearly available on the BCB website. If a member of the public wishes to cross check the identity of an institution that is holding itself out as a bank, it is straightforward to consult the list of entities and confirm the legitimacy of the institution. Equally the activities permitted to any financial institution is accessible on the BCB website. Furthermore, no institution in Brazil may accept deposits, of any form, without an authorization from the BCB. There is no direct prohibition on use of the word “bank,” except in some particular cases (such as credit cooperatives), but as the trade boards are responsible for registering corporate entities and this process governs the “truthfulness” or veracity of the name, then only fraudulent operators would be able to use the designation “bank.” However, while the system has an important safeguard in that it is straightforward to check if an institution is legitimate and supervised by the BCB, no authority actively monitors whether there are institutions presenting themselves as banks without the necessary authorizations. |
||||||||||||||||||||||||||||||||||||||||
| Principle 5 | Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management)8 of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition-(including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The Banking Law, (Article 10, subsection X), establishes that the BCB has exclusive competence in authorizing financial institutions, for example, to: a) Operate in the country; b) Establish or transfer their headquarters or offices, including those located abroad; c) be transformed, (i.e. change its authorised status) merged or incorporated or taken over; and d) Transfer their equity control. The Constitution of 1988 prevents the establishment, in Brazil, both of new branches of foreign financial institutions as well as any increase in equity participation in domestic financial institutions by foreign individuals or legal entities. Nevertheless, certain exceptions are permitted in relation to authorizations resulting from international agreements, reciprocity, or of national interest. The national interest, though, must be confirmed by a presidential decree, and therefore the BCB must submit foreign banks’ license applications for presidential approval. The BCB is not required to forward an application by a foreign bank that it finds to be deficient or unsuitable. As can be seen from the licensing process below (EC2), the BCB does not grant an authorisation until having carried out an inspection on the operations of the institution. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the licence was based on false information, the license can be revoked. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Information requirements for licensing are set out in Resolution 4122. The BCB can amend the authorization criteria, if needed, through proposals made through the CMN. The BCB is not obliged to approve an application for an authorization that is made to it. The resolution clearly grants the BCB the ability to reject a deficient proposal (see, for example, Articles 5, 7 and 8). In particular, issues that may affect the reputation of the proposed controllers, will result in the suspension of the application—though time may be granted to rectify the irregularity. Also, any discovery of false or misleading information, at any stage of the process—even if the license has been awarded—leads to automatic revocation. Licensing is a 6-stage process, set out in the Regulation Annex I to Resolution 4122, which progresses through more onerous and detailed requirements at each stage. In summary, the stages are as follows: a) Submission of initial documentation, including:
b) Technical interview. The technical interview is with the members of the institution’s control group (i.e. individual or group of individuals bound by an agreement, controlling at least 50 percent of the entity - i.e. listed) and may be waived depending on the sufficiency of the information in the initial submission to explain the project; whether the future controlling shareholders have demonstrated the necessary business and market knowledge; or if the license application is submitted by an institution already licensed by the BCB (Article 5 of Regulation Annex I of Resolution 4122); c) If the application proposal is approved, the applicant must comply with the following, more detailed, conditions within 60 days:
d) Should the requirements in section (c), be met to the BCB’s satisfaction, the applicant has a further 180 days— to meet the conditions below. This period may be extended for a further 90 days at the discretion of the BCB (Article 7 of Annex I of Resolution 4122):
e) Inspection conducted by the BCB, within 90 days of receipt of the request, (Article 8 of Regulation Annex I of Resolution 4122); failure to satisfy the BCB’s inspection results in the opportunity to make rectification, but a second failure to pass BCB inspection results in rejection of the application. f) If BCB inspection is satisfactory, the institution has 90 days to present documentation proving that various measures have been adopted, relating to the legal establishment of the entity and election of officers of the entity and also including proof of the evidence of the source of funds (Article 9 of Regulation Annex I of Resolution 4122). Once the BCB verifies the submissions made under (“f”), the license is issued. If, at any time, during the licensing process, the BCB, establishes that false claims have been made, the BCB may reject the application. However, depending on the specific circumstances the BCB may grant time for justifications to be submitted. The assessors were able to see very thorough documentation covering the full sequence of examples. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The criteria for issuing licences are consistent with those applied in ongoing supervision. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The criteria for the issuance of a banking license are consistent with the criteria established in the continuous supervisory process. The licensing process, much like the supervisory process, assesses the ownership structure and governance (including the fit and proper assessments of the control group, board members and senior management), internal controls, risk management and projected financial condition (including the capital base). All persons who are proposed as members of the “control bodies” (Supervisory and Executive Boards and Fiscal council) are assessed against fit and proper standards on an ongoing basis. | ||||||||||||||||||||||||||||||||||||||||
| EC4 | The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis. The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | As detailed in EC2, the licensing process as set out under Resolution 4122 requires considerable information on the corporate ownership as well as on the individuals who will direct and execute the bank’s strategy. Further, and Circular 518 establishes information requirements on the capital structure and control structure for the proposed institution. Given that Circular 518, (for all institutions on an annual basis, as well as for new applications) requires the information on the capital structure be broken down until the final controlling interest of the participating companies is identified, the BCB has access to information to assess whether effective supervision could be impeded. The license is not granted unless the BCB concludes, among other criteria, that the institution’s legal structure, chain of control or organizational arrangements do not constitute obstacles. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Identification Again, as noted in EC2, Resolution 4122 requires the identification of members of the control group of the institution, with their respective stockholdings and identification of natural persons and legal entities that are in the wider, mixed activity (not purely prudential) group of the institution. Resolution 4122 is supplemented by Circular 3649 which requires, among the documentation for submission, the complete organisational chart of the economic group. The information must identify all companies with their respective registration number in the National Register of Legal Entities (CNPJ) or, if foreign, with the name of the country where the headquarters is located, and the percentage of total and voting capital held or a statement that the institution does not belong to an economic conglomerate (mixed activity group). Direct shareholding control of banks is restricted to: natural persons; financial institutions and other financial system members licensed by the BCB; and other legal entities whose exclusive business purpose is to invest in the equity of financial institutions and other institutions licensed by the BCB. If the ownership structure is not clearly defined, the BCB requires the agreement of the shareholders so that the BCB may scrutinize the controlling group’s structure. In other words, if there is a small group of shareholders who collectively hold a majority of shares, the BCB requires there to be a formal agreement between the shareholders and this group is considered to be the control group (e.g. Article 6, Resolution 4122, and Annex 1, Article 6, Paragraph 1, Section II of Resolution 4122). Suitability Under Resolution 4122 the members of the controlling group are required to be knowledgeable about the business and market sector. If a member of the controlling group is a new entrant to the National Financial System (SFN), further verification might take place, including criminal checks through Interpol if the member is not a Brazilian national; and checks with any relevant foreign supervisory authority (with respect to individuals or corporate controllers). Moreover, the BCB requires the prospective controlling group to authorize the BCB to consult any public or private system of registration or other information containing their data. The BCB also investigates and verifies qualified participation holders or of participants who hold, directly or indirectly, 15 percent or more of the shares of the capital of the institution. Financial support The BCB examines whether controlling interest holders have financial capacity compatible with the size, nature and purpose of the proposed bank, considering the initial and future capital necessities as indicated by the business plan and the viability study. The analyses are based on tax returns (for individuals), and financial statements and audited accounts (legal entities). The BCB includes an analysis of the net worth of controlling interest holders and consistency with records held the Credit Information System (SCR). If information contains discrepancies and/or information suggests any involvement in suspicious transactions by the controlling interest holders or a qualified stakeholder, the BCB will request additional information, including the previous three years’ tax records from the Federal Revenue of Brazil. Source of funds The holders of controlling interests and qualified participations holders must provide evidence of the source of funds through income tax returns, the previous financial year’s balance sheet and three years’ auditor reports as well as other relevant information such as bank statements, invoices, deeds, purchase and sale contracts, etc. |
||||||||||||||||||||||||||||||||||||||||
| EC6 | A minimum initial capital amount is stipulated for all banks. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | According to Resolution 2,099 and Resolution 2,607 the following minimum limits of paid-in capital and net stockholders’ equity must always be met: I - R$ 17,500,000.00: for commercial banks and universal banks (“multiple banks”) with commercial portfolio; II - R$ 12,500,000.00: for investment banks, development banks, and corresponding portfolios of universal banks and savings banks; III - R$ 7,000,000.00: for credit, financing and investment societies, real estate credit society, leasing society and corresponding portfolios of universal banks. Should an institution wish to undertake foreign exchange operations, the minimum capital level is increased by R$ 6,500,000.00. Furthermore, there are additional capital requirements for the installation of branches beyond the threshold previously established by the BCB. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The licensing authority, at authorisation, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank. The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | In the terms of the Banking Law, the BCB has to establish “(...) conditions for the occupation and exercise of any position in the management of private financial institutions, as well as the occupation of any Office in advisory, supervisory or similar bodies, according to norms issued by the National Monetary Council.” Resolution 4122 establishes that the exercise of positions in statutory bodies of financial institutions are restricted to those whose appointment has been ratified by the BCB to meet the following conditions: (i) have unblemished reputation; (ii) be resident in Brazil, in the case of directors and managing partners; (iii) not be under restriction by special laws, or having been convicted for any bankruptcy crime, tax evasion, prevarication, corruption, graft, embezzlement, crime against the public economy or the SFN, or of any crime that restricts, even temporarily, access to public offices; (iv) not be held as unfit, or suspended for the performance of duties as member of the statutory audit committee, member of the board of directors, member of the executive board or managing partner in the institutions mentioned in Article 1 or in private pension entities, insurance companies, capitalization companies, publicly held companies or entities subject to supervision by Comissão de Valores Mobiliarios, the Brazilian securities and exchange commission; (v) not be subject to, and nor must any company of which he or she is a controlling interest holder or administrator, any contested securities, judicial collection, issuance of checks without funds, default of obligations or similar circumstances; (vi) not have been declared bankrupt or insolvent, (vii) not have been either a controlling interest holder or administrator, over the 2 (two) years preceding the election or appointment, of a firm or company object of declaration of insolvency, liquidation, intervention, bankruptcy or judicial reorganization. Where nominees for managerial positions have not been previously ratified, the applicant must publish a declaration of purpose to obtain the ratification. In these cases, the following inquiries are made, which are comparable to checks made in EC4/5 above:
The BCB can revoke a ratification at its discretion at any time if irregularities are uncovered or if false declarations or documents have been presented. Please also see EC5. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | As described in EC2 Resolution 4122 sets out extensive documentation requirements relating to strategy and operation in relation to a licensing application. Furthermore, Circular 3649 provides instructions for the review of the strategy and the operating plans of a prospective bank. The business plan must, at a minimum, describe:
As indicated in EC2, the BCB conducts an inspection, during the licensing process, in order to assess the consistency between the organizational structure implemented and that set out in the business plan. |
||||||||||||||||||||||||||||||||||||||||
| EC9 | The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | The proposal must include information to support the financial capacity of controlling shareholders to support the bank. The approval depends on the evaluation of the financial capacity of the owner, the origin of the invested funds and estimates of the initial and future capital needs as indicated by the business plan and viability study. Pro forma financial statements are provided and, based on projected growth and capital needs, a determination is made of the controlling interest holders ability to support future growth. Please see EC2 for further details. |
||||||||||||||||||||||||||||||||||||||||
| EC10 | In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | Whenever the participation of foreign capital in the SFN involves the establishment of foreign bank subsidiaries in Brazil, Circular 3317, (Article 3) stipulates that the BCB may request information from the respective supervisory authority (home supervisor) regarding the bank’s legal status, as well as the intended investment. It is typical for the BCB to make such a request. The consultation is usually done under an MoU between the foreign supervisory authority and the BCB. The absence of an MoU does not prevent a consultation from being made. In making this consultation, the BCB aims to assess the extent to which the foreign supervisory authority:
|
||||||||||||||||||||||||||||||||||||||||
| EC11 | The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Resolution 4122 states that, for the first five years of operation, new institutions must report its performance set against the strategic objectives stated in their business plan. This information must be presented in the financial statements. If the BCB finds the operations to be inadequate in relation to the strategic objectives, the institution must present justification which the BCB will also evaluate and which may lead to the BCB establishing a timetable to meet additional conditions. As set out in Resolution 4122 (Annex I, Article 21), the BCB may revoke the bank’s authorisation at any time, for any of the following reasons: I - failure to meet regulations in carrying out essential operations; II - lack of operating activity; III - failure to occupy the address notified to the BCB; IV - delay of over four months in submitting legally required financial statements to the BCB without adequate justification; V - failure to follow the business plan. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 5 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The licensing model followed by the BCB is comprehensive, ranging from identification of ultimate beneficial control, to refusal to issue an authorization until and operational inspection has taken place and the BCB also specifies a period of time during which it monitors whether the new institution is executing (or capable of executing) its business plan and achieving its stated objectives. In the last X years, the BCB has received five applications for banking authorizations, of which only one was approved. One was denied outright, and the other three applications withdrew during the course of the process. The BCB does not favor an approach whereby informal decision or advice is given to an applicant, preferring to ensure that all applications are subjected to the same due process, in order to signal parity of treatment for all applicants. |
||||||||||||||||||||||||||||||||||||||||
| Principle 6 | Transfer of significant ownership. The supervisor9 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The corporate law (Law 6404, Article 116) defines controlling shareholder as the individual, legal entity, group of people joined by voting agreement or group of legal entities under common control (control group), which:
Additionally, Resolution 4122, (Article 6) defines qualified ownership as the direct or indirect participation, by individuals or legal entities, equivalent to 15 percent or more of the shares or representative quotas of the total capital of a financial institution. A “control group” is defined under Resolution 4122 (Article 6) as individuals or groups who are bound by a voting agreement or common control and hold shareholding rights equivalent to the majority (50 percent) of the voting capital of a public company or at least 75 percent of the shareholding capital of a limited liability company. Additionally, Article 6 permits the BCB to use additional criteria (“other elements”) to identify the control group if the stated definition is insufficient. Participation is calculated on the basis of both direct and indirect investments. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Resolution 4122 (see preamble and purpose, and more specifically, Regulatory Annex II) establishes the requirements and procedures not only for authorisation but for changes of control and corporate reorganisation, among other matters. Hence, BCB authorization is required for the transfer of corporate control and any change, direct or indirect, in the control group, that might imply change in the effective control of institutional business. Chapter II of the Regulatory Annex to Resolution 4122 sets out requirements for change of control and also reorganisation (Chapter I relates to new authorisation as discussed in CP5). The approval process is not triggered (Article 13 of the regulatory annex) where there is no change in the ultimate beneficial controller (“final controller”) of the institution. Authorisation is needed for a proposed participation equal to or greater than 15 percent in a financial institution (Article 16 of Chapter II of the Regulatory Annex). There is a notification requirement to the BCB in respect of changes of voting or nonvoting capital above 5 percent (essentially creating a 5 percent threshold for notification); any change in control; and/or any change in foreign capital ownership (Circular 624, amending item 2 of Circular 518). The notification in Circular 624 is triggered when the change is direct or indirect. The Licensing Department (DEORF) is responsible for analysis and approval of any change in control through the application of a fit and proper test, using a broad definition of control in these instances. The requirements for a transfer or change in the control group are essentially the same as those applied in the licensing of a financial institution and are set out in Resolution 4122, Annex II. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The 1964 Banking Law, (Article 10, Section X), establishes that the BCB has exclusive responsibility, not only for initial authorisation, but for approving changes of control. The article establishes that only the BCB can authorize financial institutions to, “transform, merge, incorporated, or taken over. The same article further confirms that, “(... ) based on the rules established by the National Monetary Council, the Central Bank of Brazil will analyse the requests formulated and will decide to grant or to deny the requested authorization (...).” Operations that result in transfer of control and/or corporate reorganization are subject to the same requirements as the licensing of new banking institutions that are iterated in in Resolution 4122 (presentation of business plan, economic and financial capability studies, origin of funds, access to information about the controllers and qualified participants, among others). However, Resolution 4122 allows the BCB to waive some of these requirements at its discretion. For example, typically, a business plan is only requested if major strategic changes to the institution are planned. A transfer of control is only finalised after the approval of the BCB has been issued. Should the authorisation for change of control have been based on false information, the BCB, may review the decision, take into consideration public interest and the circumstances of each case, and require the situation (transaction) to be regularised. (Resolution 4122, Article 8) |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | According to Circular 3649 transactions that involve the transfer of control—directly or indirectly—or newly qualified shareholders must be reported to the BCB within 15 days. | ||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Changes of control that fail to comply with regulation can lead to a number of punitive measures, such as: a) the immediate reversal of the transaction; b) ruling of ineligibility of the relevant administrators for management positions in financial institutions; and c) revocation of the entity’s operating license (Banking Law, article 10, clause IX). | ||||||||||||||||||||||||||||||||||||||||
| EC6 | Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | According to Resolution 4567 (Article 1) financial institutions and other institutions authorized to operate by BCB must report any information that may affect the reputation of their:
The information expected to be provided under the resolution includes police investigations, criminal proceedings or judicial or administrative proceedings related to the National Financial System, within 10 working days from the institution having access to the information. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of principle 6 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The powers of the BCB are very similar in respect of both initial authorisation and change of control. Similarly, the BCB’s practices are also careful and attention is paid to determination of ultimate control of a banking entity or group. While the Brazilian market has not yet developed markedly complex group structures in which banks are embedded, there are foreign owned banks with greater levels of complexity. The authorities stressed, and it was consistent with the documents the assessors could review, that the BCB placed great importance on the clarity of group structures and being able to understand how group relationships might change in the event of change of control. It was also clear in the documentation that the BCB is ready to deny changes of control if it is in anyway unsatisfied with the proposals or information it has received. | ||||||||||||||||||||||||||||||||||||||||
| Principle 7 | Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 |
Laws or regulations clearly define:
|
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The Banking Law and Resolutions 2723 and 4062 set requirements and provide guidance with respect to acquisitions and investments that require BCB notification and approval. There is no minimum threshold that triggers a requirement for prior approval as any capital investment, other than investment firm activity, is subject to approval. Article 30 of the Banking Law states that: “private credit institutions, with the exception of investment institutions, may participate in the capital of any company only with prior authorization from the BCB.” Given that the lack of an approval threshold leads to the potential for an excessive level of filings with the BCB, the BCB has proposed an amendment to Article 30 of the Banking Law, to introduce a de minimis level up to which no authorization would be required. The BCB indicated that regulations lower than the Banking Law were not permitted to amend the approval threshold and nor could can ordinary law be used to amend the Banking Law as the Banking Law has the status of a Complimentary Law and there is a high threshold that must be passed to pass amendments. The BCB also indicated that amending the approval threshold is not seen as a priority in the overall legislative agenda. The one exception to this threshold is in relation to investment (trading) activity and is governed by Resolution 4062 which confirms the basic principle of prior authorization but then indicates the exemption. It states (Article 1) “[.] The direct or indirect investment in the capital of any domestic or foreign companies by financial institutions and other similar licensed entities is dependent on prior authorization by the BCB. Exceptions are granted for shareholding operations typical of investment portfolios held by investment and development banks, development agencies or universal banks with an investment or development portfolio [.]”. Moreover, it states “[.] Authorization for investment shall be granted only in cases where the invested company’s activities complement or support the investing entity’s [.]”. The terms for prior authorization by the BCB when a domestic financial institution seeks to establish a direct or indirect ownership interest, abroad are set out in Resolution 2723. The resolution also governs the establishment of branches abroad. Resolution 2723 (Article 8, paragraph 1) establishes that prior BCB authorization is required for cases of participation, increased percentage of participation and any case in which the preparation of financial statements is required. The resolution also confirms that the BCB can only grant authorization when it has been given all relevant information, data and documents in order to evaluate and ensure that consolidated global supervision will not be impeded. This rule applies to all investments abroad, including in the so called “tax havens”. A domestic financial institution seeking an investment or establishment abroad must comply with the following conditions:
Since 2012 the BCB has examined 602 applications filed by financial institutions seeking approval for investments in the capital of other companies, as required by Resolution 2723. Investments in domestic financial institutions follow the guidelines established in Resolution 4122, (please see CP 6 - Transfer of Significant Ownership). Mutual participation (i.e. cross shareholding) between financial institutions is prohibited pursuant to Article 7 of Resolution 2723. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | Laws or regulations provide criteria by which to judge individual proposals. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see EC1. | ||||||||||||||||||||||||||||||||||||||||
| EC3 | Consistent with the licensing requirements, among the objective criteria that the supervisor uses is that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. The supervisor can prohibit banks from making major acquisitions/ investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | As established by Resolution 2723 (Article 9), any investment subject to consolidation, irrespective of the company’s area of business, requires that the financial institution grant full and unrestricted access to the BCB, to all information and documents that are necessary for the correct assessment of the risk that the investment represents for the financial institution. As also established by Resolution 2723 financial institutions must prepare their financial statements in a consolidated manner, including in the scope of consolidation domestic and foreign companies in which they have, one or more of the following:
It is worth noting that, when preparing the consolidated financial statements, the scope of consolidation must include the financial institutions and similar companies licensed by the BCB which are bound by effective operational control, defined as being under common management or by operating in the market under the same brand or commercial name. This clause applies even when there is no shareholding participation. Consolidated statements may encompass mutual funds, in which banks face substantial risk exposure. Resolution 2723 states that the BCB may only grant authorization where it has full information required to evaluate the cross-border investments, in order to ensure a global consolidated supervision. Such regulation applies to all cross-border entities. Banks that establish foreign branches or have control of foreign financial institutions should submit the reports and queries addressed to their branches or subsidiaries by the host supervision authority to the BCB. The BCB considers access of information and exchange of information with the host supervisory authority as part of the overall approval process. The applicant must present a declaration committing itself to provide the BCB, complete and unrestrictedly, with all information, data, documents and verifications needed to evaluate operations and the risks assumed by affiliated institutions. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that the bank has, from the outset, adequate financial, managerial and organizational resources to handle the acquisition/investment. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | For investments resulting in the acquisition of controlling interest in domestic financial institutions, the BCB performs the type of analysis required for changes in control as described in CP 6 - Transfer of Significant Ownership. In all other cases of investments by financial institutions, the BCB requests, at least, “[.] the description of the invested company’s activities and business purpose, the expected synergies stemming from the investment and its alignment with the participating entity’s business strategy [.]”, according to Resolution 4062. | ||||||||||||||||||||||||||||||||||||||||
| Once again, it is worth noting that authorization for investment may be granted only where the activities of the investment target complement or support the activities of the investing entity. | |||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in non-banking activities. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | As discussed in EC1 above, the BCB has the power to prevent the investment in non-banking activities by a bank as the Banking Law requires prior approval of acquisitions. On a continuing basis, the BCB, through Circular 2981, requires banks to detail their direct or indirect investment in: all foreign companies, domestic companies that are subject to consolidation, companies where the bank investment exceeds 10 percent of the company’s shares and where the book value of the investment exceeds 10 percent of the net worth of the participant. The BCB includes these investments in the supervision of the bank and the regulations provide the BCB with the authority to require information needed for its supervisory purposes. The BCB’s SRC (see CP8) aims to routinely perform a comprehensive assessment of the risks each supervised institution is subject to. This assessment considers the risks related to its most relevant activities and familiarizes the supervisor with the entity’s general risk structure and encompasses all material risk areas. In financial conglomerates with relevant pension fund and insurance activities, those risks are assessed within the existing methodological limits, and when necessary, information is sought with the respective supervisory bodies. In addition, according to Resolution 4019, the BCB is able to take preventive actions regarding any financial institution in order to mitigate systemic risks. In this sense, BCB can restrict or put any bank investments on hold, or even require asset disposal. |
||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | The terms of Resolution 4062 (which itself amends Resolution 2723) require the BCB’s pre-authorisation for any acquisition by a financial institution (including the bank) whether the investment is direct or indirect. Acquisitions by the controlling shareholders of the financial institution do not require the BCB authorization. While the BCB does not have the legal powers to review and approve acquisitions made by related entities outside the BCB’s supervisory perimeter, the risks related to such acquisitions are considered in the context of ongoing supervisory process. Specifically, the exposure of a financial institution to risks relative to activities performed by related entities outside the BCB’s supervisory perimeter is assessed in the context of the supervisory analysis of contagion risk within the overall SRC process (please see CP8 for more details). The non-financial objectives of a financial institution and its management are assessed as strategy risk. The supervisory work also aims to gather information regarding the financial conglomerate’s management quality, including all industries and the companies that are part of the conglomerate, including the non-financial industries. “Management Special Verification - Corporate Governance” includes, among its procedures, an analysis of the quality and effectiveness of the performance monitoring process relative to the planned goals and strategies, including non-financial objectives. The existence of procedures to identify and track operational risk of non-financial companies that are part of the consolidated group is assessed in “Management Special Verification - Operational Risk”. (Please see EC4 of CP 9 - Supervisory Techniques). “Special Verification - Other Assets and Non-Financial Liabilities” deals with the assessment of the quality of management of non-financial assets and liabilities, with emphasis on internal controls and the procedures used for bookkeeping. It is worth noting that, according to Resolution 4122, acquisitions of 15 percent or more of the capital of any financial institution is subject to subsequent authorization by the BCB, which takes into account possible relevant interference on the management and strategic decisions taken by invested company. In addition, as earlier mentioned (please see EC 5), the BCB has the option to use prudential measures regarding any financial institution in order to mitigate systemic risks, according to Resolution 4,019 (see Article 3 for list of measures). These powers provide the BCB with a range of options, including asset disposal, to remedy concerns arising in this scenario. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 7 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB operates under a at tight legal regime which requires it to authorize all acquisitions, significant or otherwise, whether direct or indirect. Based on documents the assessors were able to review, the BCB carries out its assessments and approvals on a conscientious and rigorous basis, and the ongoing supervisory process is alert to the range of risks that can be triggered by major acquisitions, such as reputational, strategic or contagion. Notwithstanding the BCB’s ability to ensure an efficient process when scrutinizing acquisitions and discriminating in terms of the significance of the acquisition, the BCB would benefit from a de minimis threshold being inscribed in the Banking Law, albeit with continuing discretionary powers to examine an acquisition if deemed necessary Over the past five years, the BCB has had to assess 563 acquisitions, of which approximately only 20 percent related to financial institutions. |
||||||||||||||||||||||||||||||||||||||||
| Principle 8 | Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 |
The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks:
The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis. |
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The BCB has undertaken a major refreshing of its supervisory approach since the last BCP assessment. This approach is set out in the Risks and Controls Assessment System—the SRC—a methodology that is applied on a consolidated basis and whose application is supported by guidelines (supervisory manuals), parameters and structured processes to support the risk analysis of the financial institutions (FIs). The SRC includes two main assessment modules: Risks and Controls Assessment (ARC), and Economic-Financial Assessment (ANEF). These assessments are designed to be independent but interrelated, and are updated throughout the supervisory cycle through a combination of on-site and off-site procedures and using both quantitative and qualitative information. The ARC component considers 10 types of risk: Credit; Market; Liquidity; Contagion, Reputation; Strategy, Operational, Information Technology, Anti Money Laundering and Relationship with Customers and Users of the Banking System. ANEF combines quantitative and qualitative analysis to assess Solvency (including liabilities, quality of assets and capital adequacy), Liquidity and Profitability. The SRC methodology is applied to the significant business activities of the institution. The significant business line activities of the FI are identified based on parameters such as relevancy to the assets, contribution to income, off balance sheet activities, potential impact on the capital, etc. The business activities, therefore may, or may not (at the supervisor’s discretion) map to the individual entities within the prudential conglomerate. The BCB supervisors noted that although the more complex banks had a tendency towards matrix management, the supervisor might have reasons to identify a specific legal entity as one of the significant business lines in the risk matrix. Some of the risk components are considered for each of the significant business activities (some risks will not be relevant for some business activities) and the “corporate” risks (Reputation; Strategy, Operational, Information Technology, Anti Money Laundering and Relationship with Customers) are considered on a consolidated basis. The Risks and Controls Assessment in the SRC evaluates the level of inherent risks of the Fl’s business lines as well as the residual risks once the quality of mitigating controls, including the corporate governance of the FI, has been taken into account. The result of this evaluation is summarized in the risk and control matrix of the FI, which shows the scores assigned to each risk and control. The results of the ANEF are combined with the conclusions of the risks and controls assessment. The final score of the Risks and Controls Assessment module, is based on a weighting of the relative importance of each business or activity to the FI. Scores have recently been made more granular to allow for greater distinction when comparing peer groups of banks. The activities of the FI as well as the scores assigned to the associated risks and controls are thus shown in a risk matrix of the FI (which is held in the SisAPS database). The supervisor uses the matrix to identify fragilities or areas of special concern, that warrant special monitoring, specific and in-depth reviews, or where the FI will have to define actions plans to address or mitigate risks. The assessments’ findings, scores, as well the weight of each significant business or activity and its associated types of risks can be adjusted at any point during the cycle responding to the results of any actions taken during the continuous evaluation process. All outputs and conclusions from the assessments under the SRC, as well as monitoring of follow up procedures, are input into the SisAPS (Supervision Process Automation System). There is an extensive and detailed supervisory manual available to the staff to guide them in how to analyze the information and identify suitable scores. This guidance, which is ultimately made public, was in the course of revision at the time of the assessment. Credit, Market and Operational Risk modules were published in the second half of 2017, the modules on corporate governance and IT risks were targeted for publication by end 2017 and the modules on Liquidity Risk, Reputational Risk, Contagion Risk and AML/CFT were due by end 2018. All of the elements of the SRC (both ARC and ANEF) must be kept updated and examined throughout the supervisory cycle. The scores are aggregated in an overall score that expresses the Fl’s risk profile. (See EC2 for explanation of cycle and planning). It should also be noted that two of the risks—AML/CFT and client relations—are not examined by the prudential supervision department (DESUP), but by the conduct supervision department (DECON) and thus the integrated assessment of an institution depends on the coordination between the onsite prudential supervisors (DESUP), and the offsite monitoring department which handles, processes, analyses and flags data (DESIG). |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | As noted in EC1, the supervisor must evaluate elements of Risks and Controls as well as the Economic-Financial Assessment during the supervisory cycle for the FI. The duration of the supervisory cycle, as well as planning and prioritisation of supervisory actions, depends on the supervisory priority or rating, ranging from one year for the FIs classified as SIFIs (systemic important financial institutions), and High or Medium-High priority to a three-year cycle for the low priority FIs. The priority given to the FIs is set using a combination of systemic importance and risk profile. Quantitative data are used to determine the systemic importance of the FIs, while the SRC process delivers the risk profile. The priority/ratings matrix is updated a minimum once a year to identify changes in the classification of priorities. Although the BCB introduced a formal segmentation of the banks in 2017 (Resolution 4553), distributing the banking sector into 5 segments, of which segment 1 (S1) is the highest and reserved for the domestically systemic banks (DSIBs), the supervisory cycle is not an automatic reflection of the segment in which a bank is placed, except for the S1 banks who are always on the shortest cycle (1 year) and to whom the highest supervisory standards are imposed. If a smaller bank, of S3 or S4 had elevated risks or vulnerabilities in its profile, it would also be put on a shorter supervisory cycle. Overall, the planning and the prioritization of supervisory activities is based on a variety of factors: inputs and guidance from the Deputy Governor for Supervision and the Heads of Departments; Priority Matrix; macroeconomic scenarios; results of previous work in the institutions, SRC process; ongoing monitoring; and information from other areas of the BCB, international supervision bodies, government entities, and external auditors. At the end of the supervisory cycle, the supervisor presents the conclusions on the risk profile and viability of the FI to the SRC Committee—COREC. All the analyses, data and evaluations from the supervisory cycle are factored into the presentation to the COREC which undertakes a challenge process and ultimately decides upon the rating for the FI as well as specific supervisory actions proposed for the next supervisory cycle. Although the COREC receives a presentation and documentation prepared specifically for the ratings assessment, all the members of COREC have full access to the supervisory database and can examine this information independently if they wish to do so. When the COREC makes its decision, it is at this point that the Fl’s rating becomes a formal view of the Supervision Department of the BCB. Nevertheless, it is important to note that the supervisor responsible for the FI can amend individual component scores or the rating of the FI at any point during the cycle, responding to information that is received and evaluated. The Supervisor can review the scope defined for each FI at any time during the cycle if there are any changes in its strategy, risk profile or economic-financial situation. If necessary, the supervisor can call a meeting of the COREC. This allows, for example, for an FI that had been on a three-year cycle, to be brought onto a shorter supervisory cycle in order to address emerging risks and stresses. The SRC methodology is based on the principle of proportionality in defining both the scope of evaluation and the intensity of the supervisory actions. Hence, in terms of planning the supervisory actions, the Supervisor must include a schedule of meetings with senior management, in order to get an understanding of strategies, plans and expectation over the coming and future years, but the frequency of such meetings will vary. For one of the major systemic banks, an excess of 60 meetings per year may be required. The lower priority banks are allocated 40 working days per year for the completion of supervisory tasks and there is a stronger reliance on quantitative analysis for such banks than there is for the more systemic or higher risk banks. In terms of monitoring progress, the supervisory activities over the course of the cycle, established at the Annual Supervision Program (PAS), are monitored through the SIGAS system and the more senior the management level, the greater the degree of aggregation of data is available so that overall progress of activity in the department can be monitored. The SIGAS system also includes detailed information—as relevant—for why activities have been delayed and what relevant action or monitoring is being conducted instead. In terms of executing the activities of the supervisory cycle, CP9 provides more information, but the on-site procedures are an integral part of the SRC process and the Supervisor can carry out targeted inspections to assess specific risks as well as for verification of regulatory compliance by FIs. On site procedures seek to combine periodic reviews of areas identified as relevant to the FI through the normal process of monitoring as well as issues for follow up from previous assessment. Continuous monitoring (offsite), under SRC, uses information from a range of different sources such as:
In terms of forward looking analysis, the BCB’s off-site supervisory department conducts stress tests. Both macroeconomic stress tests and sensitivity analyses are used. The macroeconomic stress test measures effects in credit and market exposures and the resulting impact on capital needs for each bank. The sensitivity analysis, on the other hand, stresses one variable (delinquency rate, exchange rate, interest rate, house prices) and calculates the capital needs. In the wake of the financial crisis, the BCB wished to improve stress tests as a risk management tool by the FIs and the BCB itself. Improvements the BCB has worked on since the last FSAP include:
At the end of 2015, the Financial System Monitoring Department (DESIG) initiated a project to enhance the use of stress tests, integrating the tools into both macro and micro prudential approaches. The project includes the following:
The top down stress testing model includes the development of macroeconomic scenarios (baseline and adverse) with different indicators such as output, domestic interest rate, exchange rate, inflation, unemployment, country risk premium and foreign interest rate. Besides the indicators there are two stages in the stress testing model: (i) a macro econometric model (a VAR (vector autoregressive) model), that estimates stressed relevant macroeconomic variables (FX, GDP, CPI, IR (US and BR)), and (ii) a dynamic panel model estimating delinquency and credit portfolios (NPLs) bank-by-bank based on the predictions obtained from the VAR model and the parameters established by the BCB. The two-stage model is designed in order to analyze a bank’s portfolio sensitivity / quality to the economic cycle. The overall objective is that, taken together, TEBU, TEMTD and the internal capital adequacy assessment process (ICAAP) stress tests should be capable of providing a comprehensive insight into of the solvency of large banks in Brazil and, consequently, of the stability of the financial system. The smaller banks are not required to perform the full ICAAP approach and a simpler ICAAP approach is applied in their case. Additionally, in order to gauge the impact of the build-up of risks in one bank or banking group to the entire system, there is the Contagion Analysis. It uses data stored in the BCB databases (required from the clearing houses) and allows the BCB to assess how connected the financial institutions are and the potential for contagion to affect other institutions through their interbank exposures. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | As set out in the BCB’s Supervision Manual (MSU) (3.10.10, § 2,) the focus of the supervisory model is the assessment of risks and controls as well as analyzing financial statements and checking compliance with applicable laws and regulations applicable (MSU 3:10:10, § 3). In particular, the purpose of the Special Examinations (VEs)—targeted inspections— (MSU 4.30.10.50) is to evaluate matters or relevant areas of the FIs, such as—level of risk exposure and the capacity of the FI to manage it adequately; quality and reliability of accounting and financial information provided to the BCB and general public; and compliance with applicable laws and regulations of the BCB. The SRC process (MSU 4.30.40) also includes the verification of compliance with key regulatory and legal standards - including the minimum Basel capital ratio, credit concentration limits, currency exposure and immobilization and, in particular, standards relating to risk management - and requires financial institutions to correct deficiencies. Supervision monitors regulatory operational limits (MSU 4.20). The Offsite monitoring (DESIG) plays an important role in identification and also assessment of compliance with regulations. Noncompliance is reported through the Integrated Monitoring System—SIM—on a monthly basis, or via ad hoc communications, when necessary. For example, SIM can issue signals relating to: a) significant changes in economic and financial indicators and scores, based on the accounting information (Cosif) and capital (DLO), which may indicate risks related to the soundness of assets and the ability to generate profits; b) situations that may represent a particular type of risk (credit, market, liquidity, etc.); c) occurrence of events that indicate irregularities; d) possible changes in the operational profile; e) possible non-compliance with the operational and regulatory limits; and f) Special studies as a way to deepen or improve some specific risk or theme. Also, the Conduct Supervision Department (DECON) is responsible for assessing compliance with regulation related to consumers of financial products, ALM and CFT. As with supervision, DECON carries out its responsibilities through onsite and offsite reviews. Like DESUP, DECON has autonomy to issue letters to FIs or propose a punitive process against entities or administrators. Decon must, however, communicate the conclusions of such actions to the Supervision Department and the outcomes must be incorporated to the SRC conclusions. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectorial developments, for example in non-bank financial institutions, through frequent contact with their regulators. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The BCB is able to monitor a number of sectors of the financial system providing it with information that can support its supervisory work. For example, loans with an exposure of more than R$200 (USD60) are reported to the Credit Information System (SCR) giving the BCB the scope to monitor individuals’ debt servicing burden, LTVs on housing and vehicle financing, risk appetite, forbearance and several other credit risk metrics. Similarly, all FX operations and credit lines are registered online at the BCB. Additionally, the BCB has the registration data on, for example, derivatives and securities issued by all financial institutions. In order to perform its systemic and sectoral analysis, the BCB obtains information not only from the FIs and non-FIs but also from other sources: the SCR, other regulators (financial markets, investment funds, pension funds and insurance), central registries, clearinghouses, external auditors, rating agencies, government data, private data, international agencies (FSB) and international data, facilitated through MoUs. Data is aggregated by risks, markets and products. Stress tests, interconnectivity and systemic tests are conducted on a macro level. Also, the supervisors seek industry perspectives on financial market issues such as credit growth, new instruments, market practices, deterioration of sectors or individual companies, investors’ risk appetite, etc. Information is analyzed by the Financial System Monitoring Department of the BCB, and then shared with the Banking Supervision Department, the Financial Stability Committee (COMEF) and the Financial Stability Report. Moreover, the COREC discussions, where the rating and supervisory plan for FIs are agreed, reflect the key concerns and themes arising from these analyses and can lead either to targeted inspections in relevant institutions or to horizontal reviews. The Financial Stability Report (FSR), published twice a year on recent developments and outlook on financial stability in Brazil. The FSR, recently relaunched to be more forward looking, and includes research and analysis on current topics that may have financial stability implications. The FSR also publishes the forecast baseline and adverse scenarios for the BCB macro economic stress test. The BCB is a member of two committees which are concerned with systemic risk: the Financial Stability Committee (COMEF) which is internal to the BCB and Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension (Coremec) which is cross sectoral. In the 2015/2016 crisis, stress tests reports were made to both forums on: FX; credit; liquidity; NPL; funding; household debt service ratio; house price index; and total capital ratio among several others. The analyses provided the BCB with a financial stability map, aiding it in defining its course of action. The BCB maintains an annual schedule of meetings with other domestic authorities, including insurance supervisors, the Securities and Exchanges Commission (CVM) and the Brazilian Federal Revenue Office. The meetings with the insurance supervisors focus on the banking-insurance conglomerates. Drawing on its experience participating in a number of FSB working groups on shadow banking, including the collection of system wide data, the BCB has developed some monitoring tools including non-banking financial entities, such as the step-in risk for investment funds liquidity and direct interconnections in the wide financial system as described in EC5. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The main coordination between national regulators of the banking system, capital markets, pension and insurance sectors is carried out through Coremec which is composed of representatives of the BCB, CVM (Financial services and securities regulator), Previc (Social Security regulator) and Susep (insurance regulator). The committee’s objective is to promote the improved performance of the domestic authorities with regulatory and supervisory responsibility for activities related to the collection of public savings (Decree 5,685). Additionally, the information-sharing agreements established between the BCB, CVM, Previc and Susep, facilitate exchange of specific supervisory information on the investment fund, insurance and pension fund sectors. For example, from 2014 onwards, data on loans held by SFVs (supervised by CVM) are also held in BCB’s Credit Information System (SCR), as noted in EC4, and supports supervisory analysis and cross checking of exposures, concentrations, quality of loan performance and inter-connectedness. Findings and concerns received from these regulators are incorporated on the SRC analysis. Depending on the degree of concern, issues are escalated to the senior management or even the Board of the FI. The BCB’s monitoring includes: a) generation of information and analysis on the behavior of entities and sectors by type of activity; b) monitoring the trends in the banking system’s aggregate balance sheet, results, and activities; c) early warning communications to supervision on changes in the capital and financial structure of banking entities; and d) indication of shifting risks and potential changes in the operational strategy of institutions. As noted in other ECs in CP8, stress tests and the contagion exercises are seen as important tools in assessing the built-up of risks within and across banks. Individual results of stress tests are presented in the supervisory colleges which the BCB is part of. Information received by the BCB from Previc, Susep and CVM is used to construct a system wide financial network in which direct interconnections are mapped and a better picture of financial contagion can be identified and analyzed. The agreement with CVM also allows a closer assessment of liquidity step-in risks for open-ended investment funds. As the largest asset managers are part of or linked to banking groups, the BCB monitors open-ended investment funds’ exposures to less liquid assets in order to evaluate the impact on banks’ liquidity of a possible provision of financial support in stressed scenarios. The numbers are available to the on-site supervision on a monthly basis and are used when analyzing contagion risk. Aggregate numbers are reported to the Financial Stability Committee (COMEF) on a quarterly basis. Since 2015, and also as noted in EC4, several stress tests have been carried out and results presented at the forums of COMEF and the Coremec. The analyses provided the BCB with a financial stability map. A recent (2017) revision of the BCB’s Financial Crisis Management Plan (FCMP), which sets out governance and arrangements for crisis management, establishes that, depending on the behavior of a series of certain variables, alerts will be triggered, leading if necessary to an “Alarm Situation.” |
||||||||||||||||||||||||||||||||||||||||
| EC6 | Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | BCB is the single resolution authority for financial institutions but resolvability assessment is still in progress. Additionally, legislative changes in resolution law are anticipated. The current resolution framework is established by Law 6,024 and Decree-law 2,321, where Law 6,024 regulates the intervention and liquidation and Decree-law 2,321 regulates the Temporary Special Administration Regime (Raet). Combined, those are the resolution regimes applicable to financial institutions in Brazil. In addition, Law 9,447 regulates the responsibility of owners, directors, executives, officers, members of other corporate structures and independent auditors of a firm under resolution and, provides BCB with the following complementary powers to early intervene or resolve: I - capitalization of the company, with the contribution of resources necessary for their uplift, in an amount specified by it; II - transfer of control; III - corporate-reorganization, including merger, consolidation or spin-off. The main conditions for entry into resolution are situations of severe economic and/or financial distress (insolvency, failing or likely to fail) and severe violation of Brazilian banking laws. The BCB has discretion to decide on the use of appropriate resolution tools under the legal framework, considering the importance of the operational continuity of the institution and the likelihood of the contagion risk. This decision is taken by the supervisory team and must be approved by BCB’s Board of Governors, which includes the Deputy Governor for supervision and the Deputy Governor for resolution. Since 2013, as the home authority of a G-SIB resolution entity (Santander in a Multiple Point of Entry approach), BCB has a Cross-border Cooperation Agreement with authorities from EU, Spain and the United Kingdom concerning the Santander Group. The agreement sets out how the authorities will communicate and coordinate, both during normal periods and in times of crisis, with a view to facilitating the resolvability, recovery or, as necessary, an orderly resolution of Santander, including its recapitalization, restructuring, sale, liquidation or wind-down, where appropriate. The resolution department heads the work under the Santander’s CMG in joint responsibility with the supervisory area. In 2016, recovery planning was extended to all of domestic systemic important banks (D-SIBs). Under Resolution 4,502, D-SIBs are required to prepare recovery plans. The phase-in of this process started in December 2016 and will end in July 2018. After that, the D-SIBs will update their recovery plans annually. To support the work on resolution, in 2016 the BCB created the Department of Resolution Regimes (Deres), with the staff of the former Department of Bank Liquidation. This new department has, among other mandates, the responsibility for developing resolution plans and conducting resolvability assessments. While progress has been made on the resolution plans of all D-SIBs, such plans will only be concluded after the first recovery plans are delivered by the banks. In January 2017, the BCB also created a strategic Resolution Committee (COPAR) to support coordination between supervision and resolution areas in relation to resolution planning, resolvability assessment and resolution actions. COPAR’s membership is composed of the heads of the departments involved in resolution and crisis management (departments report to the Deputy Governor for supervision and the Deputy Governor for resolution respectively) Additionally, the BCB participates in the FSB Cross-Border Crisis Management Group (CBCM) and FSB Resolution Steering Group (ReSG) and, at the time of the mission, the BCB was in the final stages of preparing a new resolution law, aimed at aligning the Brazilian legal framework with the FSB’s Key Attributes for Effective Resolution. Until the new resolution law is passed the BCB lacks the power to require changes in firms’ structures to improve their resolvability. It is also hoped the new law will bring a broader list of situations when resolution can be decreed. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | BCB’s supervision relies on daily information provided by the system-monitoring department, which uses early warning alerts to flag where a prompt response is needed. This mechanism is designed to permit the BCB’s staff to take timely actions to deal with situations of severe stress. As described in EC6, the BCB has introduced a department focused on resolution and created a coordinating committee to support the communication and relationship between the supervision and resolution departments, and ultimately any need for resolution decisions to be made. The BCP pays attention to changes in patterns of operational indicators and has devoted analytical efforts to designing early warning indicators (which are refined over time through supervisory evaluations). Indicators such as delinquency, provisions, credit migration matrix, and the condition of individual debtors are also monitored. Besides the mainstream supervisory process, in stress situations, indicators such as exposure to sectors, to individual clients, stress tests or delinquency evolution are set and monitored. Supervisors also collect managerial information and market perspectives from the banks. For example:
When signals of deterioration are identified, the supervisors decide on the escalation of measures to adopt, on a case by case basis. These measures can range from discussions with senior management expressing concerns and asking for a corrective action, up to prudential preventive measures or resolution strategies. For Recovery and Resolution actions please see EC6. As mentioned above, the BCB has a Financial Crisis Management Plan (FCMP), whose objective is to prepare the Central Bank to act in times of crisis, through the prior identification of actions that can be implemented, and with emphasis on the coordinated action of different areas of the BCB, and of national and international authorities. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Supervisors have the authority to prevent restructuring if they suspect the intent is to evade the regulatory perimeter. Notably, the BCB has extensive powers—see CPs 6 and 7—in relation to the establishment of new FIs, acquisitions, mergers or changing of corporate purpose, either of financial or non-financial entities, which provides it with a locus in respect of active restructuring by banks. The perimeter of the prudential regulation has been expanded by Resolution 4,280. From 2015 onwards, in line with Basel III recommendations, banking groups’ prudential consolidation has been widened, to include consortium managers, credit card acquirers, securitization companies, special purpose entities and investment funds, if the majority of its risk or economic benefits are held by the financial conglomerate. The BCB has also been given the responsibility for authorization and supervision of a significant part of the Brazilian Payment System entities (Law 12,865) providing oversight and understanding to a wider sector of the financial markets. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 8 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has continued to develop its high quality SRC methodology for assessing banks and has made some significant and valuable changes since the last assessment. One is through the introduction of its twin peak model so that the perspective of the prudential and conduct supervisory processes can be integrated into the overall view of the financial institution. Another is through the recent decision to place a central emphasis on the role and execution of corporate governance in financial institutions. Thirdly, the BCB has formally segmented the banking sector into categories ranging from the DSIBs (segment 1) to the micro credits and cooperatives at segment 5. This segmentation, formally confirmed in a resolution, has facilitated policy reflection on the appropriate application of proportionate supervisory action, while ensuring that all institutions are assessed over a reasonable time horizon as well as ensuring that the system has flexibility to respond to emerging stress at individual institution level or at the system level. No formal distinction of process is made between publicly owned banks and privately-owned banks. The BCB has begun work on recovery and resolvability, a component in the revised 2012 BCP methodology that affects several CPs (including CPs 3, 8 and 13). This work is not yet complete and is reflected in the grade of this CP only. It is, however, important to recognize that neither this CP nor CPs 3 and 13 comments on or assess whether a jurisdiction has been effective in resolution actions. In CP8, the test is notably to ensure that any preparatory work that can take place pre-crisis has been undertaken. This includes work on ensuring, in the course of day to day supervision and not at a time of stress, that a bank or banking group can be resolved in an orderly and efficient manner (i.e. assessment of resolvability and action to ensure resolvability if needed). It also includes ensuring that internal planning and organization has been designed optimally to facilitate swift and effective decision making, including, as necessary, resolution action. Because the new resolution bill had not been passed at the time of the assessment, a number of the BCB’s new internal regulations and procedures were still pending. The BCB is, however, recommended to ensure that it designs a clear decision-making process to avoid any undue delay in moving to recovery or resolution if needed. |
||||||||||||||||||||||||||||||||||||||||
| Principle 9 | Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor employs an appropriate mix of on-site10 and off-site11 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The supervisory process is documented in the Supervision Manual (MSU), which describes the supervisory model adopted by the BCB and sets out all the tools that can be used by Supervisors. The supervisory approach incorporates a twin peaks model and consists of the following overarching-processes:
The monitoring approach focuses on assessing the economic and financial condition and other risk dimensions of the individual and prudential conglomerate institution. This monitoring covers a wide range of oversight, including areas such as balance sheet analysis, regulatory limits and solvency, and also includes risk analysis such as credit, liquidity and market, as well as analysis of integrity of information and performance in other markets. In order to perform off-site monitoring, a comparative analysis among institutions is performed to identify outlier behavior that might represent a risk to financial institutions. When an irregularity, such as a significant variation in a monitored indicator, is observed in the monitoring process, DESIG notifies the Supervision Department (DESUP) using the Integrated Monitoring System (SIM) - please see CP8 EC3 for a more detailed description. The range of supervisory activities conducted by DESUP, set out in the MSU, includes on and off site inspections, ongoing monitoring and horizontal reviews. It is responsibility of the Supervisor, defined as Central Point of Information (PCI), to consolidate the results of these activities in the SRC process. In banking supervision, the PCI is the supervisor in charge of the financial institution (FI). A supervisory cycle will include inspections and supervision has in its portfolio of on-site procedures inspections to assess specific risks and to verify the compliance of institutions with laws and regulations. Inspections are typically agreed during the planning period of the supervisory cycle but can be commissioned at any point during the cycle in response to new information. Inspections can be on a single FI or also horizontal reviews. Supervision may therefore undertake focused inspections responding to indications of possible breach of laws or regulations; trends identified during the supervisory cycle; or to follow up on progress regarding corrective actions and previous inspection results. Inspections can be carried out by the team responsible for the supervision of the conglomerate or targeted, special verification (VE) examinations can be performed by specialist units in DESUP, focusing on, for example, on credit, market, and liquidity risk. In scoping the intensity and duration of the inspection, the Supervisor is required to take into account the principle of proportionality, reflecting nature, size and complexity of the FI. Inspections can be performed either on the FI premises or remotely, if physical presence is not necessary. The objective of any inspection is to identify the risks of the FI and the evaluate the control environment, as well as examine the performance of the senior management. The ongoing monitoring by Supervision is expected to verify any changes in equity structure and risk profile; quality of management; compliance with regulatory standards and limits; and the reliability of the accounting and financial information of the FIs. The ongoing monitoring should enable the supervisor to act proactively by proposing specific supervisory actions and providing timely information to senior management. It is the responsibility of the supervisor defined as the PCI to keep up-to-date records on the risk profile of the FI, consolidating and, when necessary, sharing information on the FI. (MSU 3.10.10.10) Under the overarching supervisory model, each department has the autonomy to carry out its own activities but has the responsibility of cooperating with the other departments to ensure an overall comprehensive and consolidated assessment of the FI. The BCB has created three committees—strategic, tactical and operational—in order to enhance the governance and integration of the Supervision Division (DIFIS) to which DESUP, DESIG and other supervisory departments belong.
|
||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The supervisory action plan for each prudential conglomerate—and for individual banks if there is no conglomerate—is set out in the Supervision Action Plan (PAS) and is monitored throughout the year. It includes all the planned actions - inspections, horizontal reviews, monitoring, SRC process - as well as the budget. The PAS is proposed by the on-site supervisor and is agreed at the COMEF for the forthcoming supervisory cycle for the institution/conglomerate. In designing the PAS, a number of elements must be taken into account:
Taken together, these elements ensure that the supervisory planning process reflects a number of factors such as: macroeconomic scenario; results of previous work at the supervised institutions; Risk and Control Assessment System - SRC; monitoring; data from the supervisory cycles; information from other areas of the BCB, international supervisory entities, government agencies, independent audits and the press. (MSU 4:10:10 - 4) The greater the systemic importance of the institution, the greater the number of supervisory activities planned as well as the amount of resources allocated and closer monitoring. The PAS can be and is adjusted during the year, reflecting new information or developments identified through off-site monitoring and on-site examinations (MSU 4.10.10: Supervision Process of the National System - Planning and Management of Supervision - Elaboration of the Supervision Program - 8 and 9). The assessors saw examples of the dashboard monitoring the progress of the PAS and the underlying records of reasons why certain activities were not taking place according to the initial planned timetables. The Supervision Process Automation System (APS) ensure that the supervisor responsible for a conglomerate has straightforward access to a dashboard indicating the progress of the PAS. Also, each level of hierarchy can see a more aggregated picture of the overall progress of the PAS, as well as being able to drill down into the specifics for any given institution/conglomerate. The execution of the PAS is recorded and monitored in the Integrated Supervisory Action Management System (Sigas)—the IT system—and periodic reports are prepared on its implementation. At the end of the year a summary of completed supervisory actions is posted on DIFIS’ web portal. The BCB explained that supervisors in charge of FIs as well as the supervisory teams are expected to share information with colleagues and teams on a proactive basis. In particular there is information exchange prior to the start of a planned action and again at its conclusion. Ultimately, the Supervision Action Plan (“PAS”) must be approved by the Head of DESUP, together with the other units in DIFIS (Internal Rules of the BCB, item V of Article 81 of Decree 84287, as amended by Decree 92743). It is the responsibility of the Planning, Budget and Management Department (DEPOG) to coordinate the planning, budgeting and management regarding DIFIS (Article 56). The Strategic Management, Integration and Support for Supervision Department (DEGEF) is the unit responsible for coordinating the planning, budget and management processes regarding the departments of DIFIS (Article 74). |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available information. The supervisor determines that information provided by banks is reliable and obtains, as necessary, additional information on the banks and their related entities. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | SRC guidelines require a wide variety of qualitative and quantitative information that supervisors should obtain from institutions and other available internal and external sources. In addition to supervisory reporting (please see CP10) the BCB has a range of data and databases at its disposal. For example, the Solvency Component of the economic-financial assessment module of the SRC includes the verification of the adequacy of the recognition and accounting measurement of the main assets and liabilities in the financial statements, as well as the evaluation of certain issues related to the composition and evolution of the capital (MSU 4.30.40.10.3). Furthermore, the validation of information received by the supervisor is conducted through the continuous monitoring process (receipt, reconciliation, and monitoring of information and developing trends) as well as through the inspection process. In addition to the information produced by the institutions themselves, Supervision also receives information from Trading Repositories (TRs). This is deemed essential by the BCB to assure and enhance data quality in the Supervisory Processes. Reporting data to a TR is mandatory in Brazil for most transaction types and for nearly all asset classes. In addition to financial transactions that are traded on and registered in authorized exchanges and electronic trading platforms, OTC derivative, spot foreign exchange, fixed income, and credit operation transactions must also be reported to TRs. Five of the main TRs operated by the BCB cover FX transactions, (Sisbacen – Sistema Câmbio), a central securities depository for government bonds (Selic), the credit information system (SCR – discussed in CP8), credit information on domestic residents raising funds outside Brazil (RDE-ROF), and on loans which are originated for on-sale in certain sectors, such as auto loans (CIP-C3). Two privately operated TRs, recently merged (“B3”) covering a range of transactions including private and government bonds, OTC derivatives, equities and FX. The BCB has a data quality framework that includes the use of defined standards, terms and governing principles regarding information management. Supervision may, at any time, demand additional information needed to evaluate the institutions’ risk exposure. Supervisors may also use the work of external auditors, and meet with their representatives. Resolution 3,198 of 2004 requires the detailed auditor’s opinion on the financial statements. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any. |
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Analysis of financial statements Analysis of financial statements and accounts takes place within the framework of the economic-financial assessment module under SRC process (ANEFs). (MSU 4.30.40.10 3):
Business model analysis (BMA) The BCB has been rolling out a Business Model Analysis (BMA) program since 2016, with full implementation expected by 2019, seeking to identify FIs or business sectors with vulnerabilities in their models, or even unrealistic business models, which may lead to an early intervention by DESUP. The BMA entails: 1) structured processes for forward looking analysis; 2) structured and periodic collection of forward-looking information; and 3) setting of parameters to evaluate the information obtained. The BMA is intended to improve the peer grouping and peer group analysis and development of relevant benchmark criteria for business models and also for individual business lines that will facilitate comparative analysis of FIs with their peer group, or competitors in the various sectors. The consistency of FIs’ financial projections can also be assessed. Even though the BCB is still rolling out its new BMA program, elements of the current supervisory process already address business model analysis:
Horizontal peer reviews Horizontal reviews are usually carried out to assess a theme or issue in a banking sector (eg SIFIs). Horizontal analysis approaches were formalized in the MSU in 2017. Horizontal reviews require a specialized or central team to coordinate the work, defining the procedures and approaches to be used. The assessors were able to discuss some of the horizontal reviews with the specialist teams. Recent topics have included: Concentration risk management in six major banks based on analysis of ICAAP reports of these FIs; Procedures for recognizing credit risk mitigation in the calculation of risk-weighted assets (RWA) in the standardized approach to capital adequacy calculation; Analysis of the Explanatory Notes to the Financial Statements of DSIBs; Foreign Exchange Operations; and Contingent Tax Liabilities. Stress tests In the wake of the financial crisis, the BCB wanted FIs to improve their use of stress tests as a risk management tool. Several regulations have been issued since 2009: Resolution 3,721 and Resolution 3,988 and since 2017 Resolution 4,557sets out the framework for stress tests in FIs (although as noted in CP14 and elsewhere, the implementation of Resolution 4557 is being phased in and will not be fully in force until February 2018 for all banks). BCB also developed guidelines for Stress Test exercises in Market, Liquidity and Credit Risk, most recently revised in 2016 and which serve as a main reference source for supervisory inspections to assess whether the FI’s internal stress tests are acting as an effective risk management tool. Deficiencies identified in the inspection can result in requirements for improvements and corrections. Additionally, there was a specific workstream in relation to the evaluation of the 2016 ICAAP reports, that cover the nine largest financial institutions in Brazil. The integrated stress tests (application of a common macroeconomic scenario to different risks) and the use of stress test as an effective risk management tool were both evaluated and the BCB has required improvements in the stress test programs. From 2017, corporate governance has been subject to assessment separately from other risks in the matrix. Formerly it was considered in the context of strategy risk. The revised evaluation covers the bank’s corporate governance structure and its effectiveness in establishing and maintaining a business, management and control environment in line with the approved culture and strategies (MSU 4.30.40.20 7.1). Risk management and internal control systems are continuously evaluated through the SRC process as well as in the context of on-site inspections. (e.g., MSU 4.30.10.50.01.01 -Credit; 4.30.10.50.02 - Treasury; 4.30.10.50.06.02 - Internal Controls at Corporate Level; 4.30.10.50.11 - Operational Risk management; 4.30.10.50.13 - Auditing Committee; and others). Please see EC8 and EC9 for findings on communication and follow-up work. Please also see CP8 for further references to stress tests. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor, in conjunction with other relevant authorities, seeks to identify, assess and mitigate emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The Committee of Regulation and Supervision of Financial, Securities, Insurance, and Complementary Pension Markets (COREMEC) was established through Decree 5,685, to promote coordination and operational improvement of the federal authorities that regulate and supervise activities related to investments and savings. Together with the BCB, the COREMEC comprises the Securities and Exchange Commission (CVM), the Private Insurance Superintendence (SUSEP) and the National Complementary Pension Superintendence (PREVIC). This structure allows coordinated actions with those authorities. For more details, please see CP03. Monitoring of the financial system is carried out by the BCB, with to identify, assess and, as necessary act to mitigate emerging risks in individual banks and across the system. The information derived from the monitoring process is conveyed to the Banking Supervision Department, the Financial Stability Committee (COMEF) and the Financial Stability Report (REF). Stress testing is one of the tools specifically prescribed for the monitoring process. The stress tests run and used by the BCB assess the stability of the financial system, and focus on solvency and contagion risks. Stress tests on banks and bank conglomerates are conducted monthly, while those for credit unions and other banking institutions are conducted on an ad-hoc basis. In addition to macroeconomic projections/scenarios, data for these tests are retrieved from standardized reports by financial institutions or other sources, such as the credit information system (SCR) and other TRs. The results of the stress tests are made available to the COMEF for discussion, and also to the public in an aggregate form through the Financial Stability Report (FSR). The models and main assumptions of stress tests run by the BCB are summarized below:
In addition, contagion analysis is used by the BCB to assess how the default of one entity affects other entities in the financial system and real economy. The analysis aims at identifying systemic consequences from events such as a bank’s resolution, the bankruptcy of a large economic conglomerate, or reputational/corruption issues. The tools allow the mapping of vulnerabilities from different perspectives: interconnectedness within the financial system and in the non-financial sector, as well as interbank market, non-financial sector and unemployment contagion. One of the main improvements in systemic risk analysis since the last 2012 FSAP has been the development of a real economy network model based on data from the Brazilian Payments System so that the simulation of contagion between financial is capable of incorporating effects from the real economy. A practical example of the use of such data in contagion analysis is the assessment of the financial system’s resilience to possible default effects of the companies involved in the so-called “car wash” operation. “Car Wash Operation” is the name of an investigation by the Federal Police of Brazil that was first made public in March 2014. Initially a money laundering investigation, it has expanded to cover allegations of corruption at the state-controlled oil company Petrobras, where it is alleged that executives accepted bribes from supplier companies in return for awarding contracts at inflated prices. The BCB assessed the financial system’s resilience to possible default by the core companies important (engineering companies, contractors and economic groups to which they belong). Mapping a network of the real economy was achieved by analyzing the payments made—through the Brazilian Payment System (SPB)—to and from companies and their relevant importance to the companies’ revenues. The mapping enabled the BCB to estimate the degree of dependency each company had on each other. Using factors such as their average risk rating in the SCR and dependence on Petrobras in terms of revenue, a subgroup of vulnerable companies (from among the core companies involved in the investigation) was identified. These companies were then assumed to default, triggering a chain of subsequent defaults on other companies (based on SPB data) that were directly or indirectly reliant on them. When the company was a member of an economic group (based on data from the IRS and CVM), the analysis could be performed on the consolidated group. The exercise included a number of scenarios with very conservative assumptions, such as the default of all members of selected economic groups, and associated job losses of their employees (using data from the Ministry of Labor) should those companies collapse into insolvency. In addition, full losses were simulated in the event of default. This estimation was conservative and excluded the effect of guarantees, insurance and other forms of loss mitigation. The relationship between the real economy and the financial system was investigated by gathering data (mainly drawn from various TRs) on the full range of exposures via credits and guarantees, debentures and commercial paper, foreign debt, OTC derivatives, foreign exchange transactions, and equities, in order to measure the contagion effects in the financial system stemming from the default of those companies in the real sector (and loss of jobs of their employees). The analysis showed that despite estimated losses, the impact on banks’ capital was moderate and could be absorbed by existing regulatory capital levels. The BCB has run similar exercises to map out potential financial risk contagion effects in relation to other shocks, both hypothetical and in response to events/shocks in the real economy. The deliberations and conclusions from both COREMEC and COMEF are communicated to banks primarily through the publication of the Financial Stability Review (a twice-yearly publication of the BCB) and themes and concerns which are identified are incorporated into the targeting of the supervisory processes for the year. |
||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB takes the work of the internal audit of the FI into consideration in the SRC process. In most inspections, the supervisor requests the work of the internal audit and meets with their representatives. The assessors saw documentation related to this process. The BCB may also request Internal and External Audit annual plans and the report of accompanying notes. The BCB’s objective in obtaining information from the internal audit function and evaluating it, is to better shape the scope and the depth of on-site examinations. The most comprehensive assessment of the internal audit activities in relation to the internal control system is set out in MSU 4.30.40.20.09 - Corporate Governance. This assessment is performed under the SRC process and aims to verify whether internal audit has sufficient independence, authority and resources. The internal audit function is also evaluated at the business lines level, specifically the works carried out in the control processes of the following risks: market, liquidity, operational, IT and money laundering. Any shortcomings of the internal audit are subject to required improvements notified through inspection letters. Resolution 2,554 states that internal audit is part of the internal controls system. It also states that the internal control of the financial institution must provide, among other things, ways to identify and assess internal and external factors that may adversely affect the successful achievement of the objectives of the institution. The regulation also requires continuous assessment of the various risks associated with the activities of the institution. The assessors were able to see supervisory documents in relation to the BCB’s consideration of internal audit work. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Supervisors hold several meetings with representatives of the FI throughout the supervisory cycle. The new Corporate Governance assessment approach under the SRC process (MSU 4.30.40.20.09) was introduced in June 2017. Prior to this date, corporate responsibility and capacity was assessed in the context of strategy risk. The Corporate Governance assessment is a structured proceeding that includes meetings with: members of the board, senior management, Fiscal Council (a body that some institutions have in their corporate structure that is responsible for oversight of financial data and which reports directly to the shareholders—please see also CP14); partners; representatives of any minority shareholders; the members of the Audit Committee and other higher advisory committees; the CEO; the executive directors and those responsible for strategic planning, human resources and investors’ relations. The frequency of the meetings reflects several factors, such as the complexity of the governance structure of the FI or group and the supervisory priority assigned to the FI. The BCB also identifies whether the FI has independent and qualified directors on the board, also assessing the adequacy of non-executive number of board members and the ability to express their views independently of the tasks with potential conflict of interest. In addition to performance at board level, the evaluation of the performance of members of board and senior management are assessed in the context of business units, during the assessment of the specific risks and controls, in the SRC process. If the SRC process flags a need to carry out a more detailed evaluation of corporate governance, the Supervisor may perform the Corporate Governance inspection (MSU 4.30.10.50.06.01). In other words, if necessary, targeted inspections can be performed in specific areas. Regular meetings are scheduled with senior management and middle management in order to understand the strategy related to the business lines, sources of funding, Assets and Liabilities Management, Capital Management, Risk Management and Internal Control Systems among others. For those FIs that should constitute an Auditing Committee, the overall conditions of internal control system and the quality of the financial statements are discussed on a regular basis. The results of these agendas are considered by supervisors when assessing the FIs. In relation to engagement with the FIs in terms of business strategy, whenever a new bank presents its business plan or a bank makes a substantial change in their business model, DESUP evaluates its Business Plan (MSU 4.30.10.50.14) taking in account, among other elements, any deviation between the Fl’s results and its projections. Banks with whom the assessors met indicated that the BCB maintained strong contact with the institution at senior levels. In addition, the major firms noted that BCB staff maintained an almost permanent presence in the financial institution. An ancillary form of contact is through the BCB’s macroprudential function as the BCB maintains contact with the units responsible for the producing and submitting information to the BCB, and schedules meetings with market representatives to better understand market sentiment and perspectives. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | At the end of an inspection work, a closing meeting is held with the Fl’s management to discuss the preliminary results of the inspection. The final conclusions of the inspection are communicated to the institution by means of an Official Letter, which contains the description of the findings, which may be classified as irregularities (when there is an infringement of rules governing banking operations), accounting adjustments (usually when additional provisions are necessary) or weaknesses in the internal controls. In the absence of these types of findings, or even when they are remediated during the course of the inspection, it is not necessary to prepare an Official Letter on the result of the inspection, and it is sufficient to present the conclusions to the management of the institution in the closing meeting of the work. The BCB Letter must be addressed to the senior management, and its contents may be shared with the Board, Fiscal Council, Audit Committee and External Auditors. (MSU 4.30.30.10.01 2-c). (Please see CP14 for a further discussion of the corporate bodies, including Board and Fiscal Council.) The Official Letter must require the FI to remediate the findings or discontinue unacceptable, irregular practices. The FI has 30 days to comply with the requirements of the Official Letter. In the SRC process, any findings, particularly irregularities, control weaknesses or financial fragilities, must be communicated to the FI as soon as they are identified and assessed. The follow-up of these findings is monitored in the assessments of the relevant risks, controls or economic-financial component of the SRC. An Official Letter is also sent at the end of the supervisory cycle, after the SRC Committee (Corec) meeting, to inform the FI formally informed, of the conclusions of the evaluations performed. This communication includes the scores assigned to the risks and controls assessment and economic financial assessment modules as well as the final grade assigned to the FI. It also includes the overall conclusion of the Supervisor and the description of the strengths and weaknesses identified. Additionally, the Letter raises any irregularities, control deficiencies or economic financial weaknesses that were not previously communicated, or that were communicated but have not yet been resolved. This Letter is a confidential communication to the FI and may not be published by the institution. The delivered to the institution in a meeting with its board but if there is no board, the letter must be addressed to the executive directors. The assessors saw a number of examples of the Official Letter. As a disciplinary instrument, there is the “Term of Attendance”, which can be triggered by the results of supervisory activities, being used to summon the legal representatives of the supervised institution, and in some cases, depending on the gravity of the situation, even the controlling shareholders (for instance, insufficient capital or unsafe and unsound operating condition). As a result of this instrument, a commitment to corrective action is entered into by the managers and controllers (MSU 4.50.40 e 4.50.40.10). See also CP11. Furthermore, Supervision meets from time to time with the senior management to communicate observations, concerns, plans, etc. |
||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor undertakes appropriate and timely follow-up to verify that banks have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | If necessary, at the end of the on-site inspections or during the inspection process/off-site monitoring, the supervisor may demand an action plan of the institution for the correction of irregularities and deficiencies. Supervision monitors the progress of the remedial action plan. This follow-up is carried out with the support of the Supervision Memory System (SMF), which is the IT system used to record the main findings of supervisory work (irregularities, accounting adjustments and deficiencies in the internal controls). If action points are not addressed in an adequate or timely manner, procedures such a Reiteration Letter (with the escalation to the Bank’s Board), Term of Attendance (see in EC 8) or punitive administrative procedures can be applied. Depending on the gravity of the situation, the FI can be submitted to a more intensive monitoring (Watch List) with the escalation within the BCB. The assessors were able to see files that showed follow up processes that had taken place. |
||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor requires banks to notify in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | FIs are under an obligation to notify the Supervisor of the occurrence of a number of events such as changes in the structure and composition of Senior Management, Board of Directors and Audit Committee as well unusual events such as selling or acquisition of banks or business lines. Changes that require specific reporting to the BCB are set out in Resolution 3,198 (frauds, errors in financial statements and non-compliance with standards that put in risk the continuity of the audited institution), Resolution 4,557 (reasons for removal of the Chief Risk Officer) and Resolution 4,588 (appointment, designation, exoneration or dismissal of the Head of Audit Function). Changes in control and corporate reorganizations depend on BCB approval and must comply with Resolution 4122 (articles 13, 14 and 19) as discussed in CPs 6 and 7, but it is not mandatory to notify the BCB regarding negotiations to acquire or dispose of a bank until an agreement has been reached. Other notifications that must be made to the BCB include: establishment or closure of branches or subsidiaries outside of Brazil as well as direct or indirect corporate participation, in accordance with (Article 13 of Resolution 2723), the acquisition or divestment of equity interest in a company located abroad, the start or cessation of activities of a foreign subsidiary. |
||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | While the BCB carries out its supervisory function using its own staff, it may require an external auditor to perform additional procedures. More specifically, Circular 3,467 grants the BCB the power to direct complementary examinations depending on its own findings in an FI. The BCB takes into consideration that any complementary examination should be required according to the professional norms that regulate the work of external auditors that are established by resolutions issued by the CFC (Brazilian Accounting Council). These engagements do not replace the legal obligations and responsibilities of the Supervisor. | ||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | The Financial System Monitoring Department (DESIG) was created in 2000 as an off-site supervisory department to maintain internal databases and promote data sharing within the BCB. DESIG has a complement of over 200 staff, and is responsible, among other things, for monitoring the financial system taking a macro prudential perspective. DESIG has dedicated teams to receive, manage and process data according to BCB-wide governance principles regarding information management and together with other departments support the BCB’s internal Financial Stability Committee (COMEF), which was established in 2011, to detect and monitor systemic risk. BCB also has teams that use supervisory data to monitor specific risks (e.g. credit, liquidity, market) across the system, as well as to perform systemic risk analyses such as contagion cascades and top-down macroeconomic stress tests. This integrated assessment allows monitoring teams in BCB to assess the relevance of trends in each specific risk and to discuss them with on-site supervisors. Supervisory data and a combination of information from supervised entities and third-party providers such as TRs may point to an elevated risk in a specific institution. In such cases, DESIG interacts with on-site supervisors to ensure that they are aware of this potential risk, or to point to possible data quality issues. For example, the SIM, is an alert from DESIG to DESUP to make the supervisors aware of an issue that may require attention. The SIM system allows for the analyst in DESIG to describe the concern and explain what research may have been done to explore or resolve the anomaly so the on-site supervisor has additional information. The system also includes a signaling device to indicate when a query has been resolved. DESIG and DESUP have access to the same sets of information and monitoring tools. The assessors were able to see a number of the information system tools in action, whether the tools were to assist in consultation of a static database, or whether the tool was to assist the supervisor in running various forms of analysis, such as peer group checks over tailored periods. The system is also designed to assist the supervisors to create their own “tools.” As noted in EC2, the management information system also supports the monitoring of progress on the supervisory action plans, both at institution level and multiple levels of aggregation. Information systems specific to the supervisory function include the Supervision Memory System (SMF) and Supervision Process Automation System (APS). The SMF allows supervisors to record, systematically and in a timely manner, the history of events observed through supervisory work in institutions/conglomerates. The Automation of Supervision Processes (APS) went live in March of 2017 replacing the earlier Comment System, which still remains available for consultation by supervisors. The comments include information about institutions/ conglomerates under the supervision of BCB and inputs to the decision-making process. The APS is being further improved, however, and work is completed, it will act as the database for all supervisory work papers. At present, the APS permits supervisors to interrogate and update Fls’ risk profiles. A notable feature of data collection and use in Brazil, as stated in the “Peer Review of Brazil - Review Report” released in April 2017 (available at http://www.fsb.org/2017/04/fsb-completes-peer-review-of-brazil/), Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring.” Some factors worth observing include: • Mandatory Identification of the final beneficiary of each counterparty to a transaction. • Direct access by the relevant authorities (BCB and CVM) to transaction-level datasets from multiple asset classes. • TRs are subject to requirements assigning senior executive responsibility for data quality and strong validation checks, to help ensure data completeness and quality, and lessen time spent by the authorities on data cleansing and mapping. The BCB has invested significant resources into the analysis of TR data for identifying, measuring and monitoring systemic risk. The breadth and depth of TR data enables the BCB to undertake extensive systemic risk monitoring using a range of analytical tools, such as automated early warning indicators, contagion analysis and top-down macroeconomic stress tests. As noted in EC3, reporting data to a Trading Repository (TR) is mandatory in Brazil for most transaction types and for nearly all asset classes. In addition to financial transactions that are traded on and registered in authorized exchanges and electronic trading platforms, OTC derivative, spot foreign exchange, fixed income, and credit operation transactions must also be reported to TRs. Care is taken to assure the quality of the data as TRs operated by the BCB, such as the FX System and SCR, have automatic validation procedures that check the consistency of the data. The information is also compared to data from the Internal Revenue Service (IRS), Ministry of Development, Industry and Foreign Trade, and the National Social Security Institute. Similarly, the External Funding System, which tracks all financial institutions’ funding operations, contains automated data checking routines. The authorities use TR data for a wide range of purposes, including supervision and oversight of market participants, calibration and impact studies of regulatory policies; and for issues related to the supervision of conduct, such as market abuse and suitability; oversight and supervision of trading venues and financial market infrastructure; and monitoring of financial markets. Users access the data through the Financial System Monitoring’s panel. All historical data for stock exchanges and clearing houses is kept at a transaction level. |
||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor has a framework for periodic independent review, for example by an internal audit function or third-party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | As provided in the Internal Rules of the BCB (Article 39, items I and IV Decree 84,287, as amended by Decree 92,743) the Internal Audit of the BCB (Audit) is required carry out audits, ensuring compliance with the established goals and objectives of the BCB, as well as providing guidance to the Board. More specifically, the Internal Audit is required to examine the processes that are intended to deliver the missions of the BCB one of which is “to ensure a solid and efficient financial system”. Audit thus examines the functions related to: financial stability, regulation, licensing activities, on-site and off-site supervision, conduct and banking resolution. Like Supervision, the Internal Auditing annual plan has also a risk based approach which assures that all auditable processes of supervision are performed every five years. The internal audit also considers governance issues as well as internal control and risk management and, when necessary, requires improvements on the governance of the supervisory function. For example, the 2017 audit plan included one engagement on on-site supervision, and two in off-site supervision. The work in off-site supervision focused on the methodology used in the top-down stress tests. There are external examinations also. The Federal Court of Accounts (TCU) performed an audit (Acórdão 395 - 2015) focused in the governance of the supervision function. |
||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 9 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | As the FSB has noted “Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring” (April 2017). This monitoring has been used in support of financial stability at system level and also at individual institution level. The BCB has very clearly expended considerable efforts in mobilizing an extremely wide range of primary transaction data—credit register and trade repositories for example–to support the activity of the on and offsite supervisors in the area of contagion risk most particularly. The BCB has a well thought out supervisory strategy to enable it to target, management and monitor its supervisory processes. Supervisory planning is a proactive process, taking into account a range of sources, from the idiosyncratic needs of an institution to wider macro concerns, identified through COMEF or COREMEC. The supervisory manual provides a clear guide to support both quantitative and qualitative tasks. |
||||||||||||||||||||||||||||||||||||||||
| Principle 10 | Supervisory reporting. The supervisor collects, reviews and analyses prudential reports and statistical returns12 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor has the power13 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | As discussed (e.g. in CP1) the BCB has extensive information gathering powers. Some of the information gathered by the BCB is on a consolidated basis (using the concept of prudential conglomerate). Some information—e.g. financial statements—is required on an individual entity level. FIs are required to provide data or reports deemed necessary by the BCB to perform its duties under the Banking Law (Law 4,595). Further, Resolution 4280 establishes the Prudential Conglomerate Financial Statement, requiring credit related operations to be consolidated for any participation, direct or indirect, on entities that perform credit related operations or have provisions at their bylaws to do so. For consolidation purposes, BCB can determine the inclusion or exclusion of entities (Articles 8° and 9°). Resolution 4,193 requires the exposure of affiliates and of equity investments in FIs, domestically and abroad, to be included in the calculation for minimum total capital. Circular 3,764 empowers supervision with the authority to request information as needed, on non-specified dates. As a result, the BCB can request and receive information whenever deemed necessary. Circulars typically include the requirement for institutions to maintain their records for the disposal of the BCB, for up to five years as from publication (e.g. Article 85 of Circular 3467). The Supervision Department also has the authority (under Resolution 2723) to request information relating to nonfinancial companies (insurance, pension funds) from their financial controlling shareholder. Resolution 4192 defines the methodology for the calculation of regulatory capital and the eligible capital instruments. Information collected by the BCB can be classified as:
Additionally, as discussed particularly in CP9, the BCB receives information from Trade Repositories and clearing entities. Finally, the BCB uses meetings with FI’s senior management to obtain a better understanding of strategies and plans which assists in interpreting prudential data that is received through the year. Such meetings also provide an opportunity for the BCB to challenge the FI’s assumptions underpinning its business strategy. The following information is captured on a consolidated basis:
There is a specific procedure in the Special Examination - Internal Control (targeted examination) in order to evaluate the institution’s performance in providing regulatory reports and its compliance with other demands from the BCB. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The BCB establishes the accounting standards that must be followed by supervised institutions. The accounting standards supervised institutions must use are defined in the Accounting Plan of National Financial System Institutions (Cosif), (Circular 1,273) which is consistent with the Fundamental Principles and the accounting standards issued by the CFC, the Federal Accounting Council, and which is endorsed by the CMN. Cosif is the basic mandatory chart of accounts, first established in December 1987 and continuously updated. Other mandatory charts have been created as necessary. Cosif aggregates all the regulations issued by the CMN/BCB related to accounting and audit procedures, such as: standards of accounts, accounting documents, for individual firms and for conglomerates, requirements for publishing and of submitting this information to the BCB, and IFRS statements that have been incorporated to Cosif. The accounting rules for the financial system follow the general accepted accounting principles of the country and are aligned with international accounting standards, in particular, IFRS from the IASB. In terms of consolidated financial statements, Resolution 3,786 requires FIs listed as public companies or those required to establish an Audit Committee, set out and annually disclose consolidated financial statements based on international accounting standards issued by the International Accounting Standards Board (IASB) as of December 31, 2010. The BCB is the course of implementing a strategic project called “Reduction of Asymmetries” in order to harmonize the national accounting standards and lnternational Financial Reporting Standards (IFRS), on a solo basis. The project is longstanding and has been working through the IAS standards. For examples IAS 16, 21 and 38 have been completed and work is currently focused on implementing IFRS9. Accounting statements are required to include specific notes on assets and liabilities, profits and losses, capital adequacy, liquidity, large exposures and risk concentration. Additional or complementary information can be requested, encompassing off balance sheet assets and liabilities, which are part of Cosif. In terms of prudential reporting, the templates and instructions to institutions are public (they can, for example, be accessed by an internet search engine) and when new reporting requirements are introduced, there is a consultative process with the industry. The accounting standards that apply to the different reports are as follows
|
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | General rules of accounting valuation are described in the Cosif. Specific regulations deal with the procedures of marking to market, such as Circular 3,068 (securities - which requires securities for trading, or available for sale must be marked to market), Circular 3,082 (derivatives) and Resolution 4,277 (prudential adjustments which includes the requirement for institutions to be able to prove the independence between the verification and pricing procedures). Regulatory reports, such as the daily monitoring market risk report (DDR), market risk report - positions on trading book and banking book allocated at vertices (DRM) and liquidity risk balance sheet (DRL) are important tools to understand the risk profile and risk trends on banks and segments of operation and constitute important subsidies to help define the supervision program and the scope of analyses. Discrepancies between asset positions in certain instruments and the values reported in the financial statements are flagged for investigation with the institutions. Each year, different banks are subject to reviews on their portfolios conducted by specialized teams (risk-focused teams) together with members of the on-site team focused on the firm. These reviews check not only consistency of valuation of products and methodologies but adequacy of accounting practices and registration are verified. Some examples of these examinations are:
There are also several procedures set out in the Supervision Manual, including frequency and sources of information to be used, to ensure an indirect verification of the quality of the accounting policies and asset pricing. Some examples of the procedures are:
Regular meetings with external auditors are regarded as an important part of the Risks and Controls System (SRC). The coverage, rotation of scope and depth of the analyses is checked and it represents an auxiliary, but very important, tool to assure that the valuation framework is adequate. There are also horizontal reviews where the same scope is performed by specialized teams in different banks to get insights about new products and valuation practices and to understand discrepancies and the reliability of methodologies. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Required reporting submissions and deadlines to be followed by FIs are set out in Circular 3764. FIs which are the parent institution of a conglomerate are required to submit a consolidated financial statement, from the financial group and from the prudential conglomerate (ie the grouping that aggregates entities that carries credit risk). Information on exposures to market risk is collected daily and monthly. In addition, daily reports of transactions recorded in clearinghouses are collected and used for specific analyses of market risk and also in the monthly reconciliation of the information provided by FIs. Information related to liquidity risk is received every day from Clearings and Custody entities and monthly from FIs, as well as balance sheets and the Liquidity Risk Statement (DRL). Credit transaction information is reported monthly by means of the Credit Information System (SCR). For institutions on the watch list, special monitoring can be required to supplement regular reporting. Please also see EC1 above. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Cosif is the main instrument for collecting financial information from the universe of regulated entities. Cosif is a standard accounting plan, applicable to all entities, where accounting records are expected to comply with a set of accounting procedures and criteria. The scope, valuation methodology, frequency of reporting, and recipients of information are clearly defined in this standard accounting plan. There are consistent reporting dates for all FIs. Comparisons between banks and banking groups (i.e. the financial conglomerate versus the prudential conglomerate) are important elements of the continuous monitoring system. The BCB uses an early warning system (EWS) which generates automatic alerts for variations in various indicators and ratios. Some of the tolerance levels might be as low as 5 percent. The EWS are evaluated by an analyst who decides whether it should be sent as an early warning to the Supervision Department. Improvements to the accounting plan (COSIF) are made for a range of reasons, such as: Financial innovation, new regulation, new accounting standards or principles and demands from users of the information. For instance, new accounting registers can be created to provide a more granular view on exposures on different products or lines of business, to allow reconciliation with balances of position in Clearing Houses, to improve indicators and ratios that support supervision, etc. |
||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | There are disclosure requirements for transactions and outstanding balances with related parties, who do not meet the criteria for consolidation as established in Resolution 4280. Please also see EC1. | ||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor has the power to access all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | The BCB has full powers to access bank records and information. Please also see EC 1. The Banking Law requires FIs to provide the data or reports deemed necessary by the BCB to perform its duties. Notably, article 10 of Resolution 4280 establishes that FIs must ensure to the BCB full and unrestricted access to all information deemed necessary for a proper evaluation of assets, liabilities and risks incurred. This obligation extends to all entities consolidated in the prudential conglomerate, independently of its operational activity. There are specific regulations establishing that contracts signed between the institution(s) IT service providers (Resolution 4557), and external auditors (Resolution 3198) must have specific language authorizing the BCB full access, at any time, to the work performed therein. The BCB indicated that they have made use of these powers of access. Supervisors have periodic meetings with the board of directors, at least at the end of the supervision cycle, when conclusions from the SRC are delivered and, at least annually, depending on relevance of the bank, with the Executive Committee. Minutes of meetings of relevant committees, including the board of directors, are required to be sent to the supervisor as part of the supervisory process. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The BCB has a wide complement of disciplinary powers as discussed in CP11. Specifically, with respect to reporting, Circular 1273 (item 21.2.11), establishes that the accounting director is ultimately responsible for the elaboration and delivery, at due date, of the accounting documents. Failure to provide or providing incorrect information, in violation of the terms and conditions established by the laws and regulations, subjects the FIs as well as their administrators to penalties (Resolution 3883 and Resolution 1065). Failure to comply within the deadline granted for clarification of the information provided or for certain procedures is considered an incorrect supply of information or non-observance of procedures. Most norms designate a director responsible for supplying information, for example:
The BCB has regular contact with the institutions regarding the reporting submissions and may apply remedial action if needed. |
||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor utilises policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | The BCB has processes in place for the continuous verification of the validity and integrity of the information provided by institutions. A large part of the validation is carried out at the moment of delivery, through internal consistency tests and validation rules. As a result, the institution may be asked to confirm data or even to modify the submitted document. The data and integrity process performed by the BCB has multiple stages. Submissions are rejected by the BCB if they fail the XSD validation test. The reports, if successfully submitted, are documented in a centralised registry and timeliness of reporting is checked. At this stage, validation checks on the data content is performed including whether the data adheres to legislation, has internal consistency and also demonstrates consistency with external data sources. Further validations are performed against internal BCB databases and errors and inconsistencies will lead to warnings to the financial institution as well as requirements for re-submission. Once data has passed the validity checks, the BCB continues validation against external databases, such clearing houses or government agencies (Social Security Institute and Ministry of Labor, among others). Hence, for example, the BCB would cross-check information received on vehicle financing contracts against the national vehicle lien database (Sistema Nacional de Gravames - SNG) to ensure the bank has a lien on the vehicle, and also to check the balance of the loan against the vehicle’s market value (loan to value). The BCB also validates the data received in its supervisory inspections. As an example, there is a special examination focused on verifying the Integrity and quality of periodic regulatory information. The examination will scrutinise the efficiency of systems and controls used to assure the reliability and integrity of information used to prepare the regulatory reports. The assessors discussed with the BCB, the use of consistency checks, internal and external cross checks, and sequences of validation of information that are made. |
||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor clearly defines and documents the roles and responsibilities of external experts, including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | When performing supervisory activities, the BCB only uses in-house experts. In certain situations, the BCB may require the external auditor to perform additional procedures or assurance engagements. However, these engagements do not replace the legal obligations and responsibilities of the Supervisor. Certain resolutions and circulars establish the requirement for the independent auditor to carry out a report on a specific aspect of the financial institution. For example, Art. 12 of Resolution 2682 on classification criteria. | ||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | The BCB stated that it is routine to require an external expert to bring matters promptly to its attention should the expert undertake any work for supervisory purposes. | ||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | The BCB operates a governance process covering all its information gathering so that new reporting requirements are scrutinised as is the continuing need for exiting data reporting. The governance process is wider than supervision and all departments are represented. As noted above, the BCB requires FIs to submit internal management reports and there is an annual process to identify which reports may be of interest to the supervisory process, before the formal request, containing the list of reports that must be submitted, is sent to the bank, together with the schedule of its remittance. In 2017, a task force with members from the supervision and monitoring departments has been established to review the framework of alerts or “monitored situations.” A monitored situation is a predefined event that can be a ratio, a variable, a trend or an accounting position that could be a matter of concern or be an important indicator for the supervision. The idea of this work is to assess whether the metric is still useful, and is still used, in the supervision process. The review work will address “What, Why, Whom, How and with what frequency” a situation is monitored. |
||||||||||||||||||||||||||||||||||||||||
| Assessment re Principle 10 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB obtains a very wide range of data from the supervised entities and both the on-site (DESUP) and offsite (DESIG) departments have access to a suite of analytical tools and resources to scrutinize the data and carry out comparative studies and investigations. The assessors were able to see a number of these tools in operation. Although this principle is marked compliant, there are, however, some gaps in the BCB approach as the principle asks the supervisor to obtain and analyze information from banks on both a solo and a consolidated basis. While the BCB obtains some data on an individual bank level, it does not require a full range of prudential information on a solo basis. This specific topic is graded in CP12 on consolidated supervision. In any case, without clear knowledge of the solo bank it is not possible to determine, for example, if it continues to meet its conditions for authorization on an ongoing basis, or may be unduly reliant on other parts of the conglomerate for support. It is clear that the in view of the extensive data bases and analytic capability of the BCB, the supervisors are able to cross check returns submitted by conglomerates and even to recreate prudential returns that are not submitted, such as large exposures for the conglomerates by aggregating the exposures of the entities within the conglomerate from the registries and repositories. At the time of the FSAP, the assessors were not aware of any other supervisory authority with such capability. Nevertheless, although the BCB is encouraged strongly to maintain its existing data requirements it is equally strongly recommended to add to them by ensuring all banks also submit solo prudential returns covering all the standard prudential data such as large exposures, related party exposure, problem assets. This requirement would signal an important onus on the financial institutions that they are responsible for monitoring and managing these prudential and risk dimensions. The financial institutions must be under the discipline and obligation to bring information proactively to the BCB rather than rely on the BCB to cross check and, by any other name, act as a supplementary risk management function for the bank. |
||||||||||||||||||||||||||||||||||||||||
| Principle 11 | Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The legal backdrop to the BCB’s corrective action is also discussed in CP1 EC6. In summary, the BCB has the following enforcement powers: corrective; prudential (preventive measures); sanctioning; and intervention or resolution or liquidation. The Banking Law establishes that the BCB is responsible for banking surveillance, with competence to identify and require corrective action for violations and unsafe and unsound banking practices, including inadequate risk management and internal control deficiencies. Resolution 4019 establishes a set of preventive enforcement measures the BCB may use, but more importantly the Resolution permitted the BCB to require correction based on judgmental views on the adequacy of internal controls, and corporate governance rather than having to wait until the bank condition had deteriorated before being able to require corrective action. The BCB’s power to apply “temporary special administration”, “intervention” and “extrajudicial liquidation” regimes are prescribed, respectively, in the following instruments: Law 6,024, Decree-Law 2,321 and Law 9,447. From the period of June to October 2017, formal sanctioning could be exercised through an instrument called the “Sanctioning Administrative Process” which was regulated by Provisional Measure 784. As mentioned elsewhere (eg CP1), the Provisional Measure lapsed before it was confirmed and it needs to be replaced by an Ordinary Law which was still pending at the time of the assessment. The elements that were included in the Provisional Measure and are expected under the Ordinary Law prescribe the penalties applicable: (i) public reprimand; (ii) fines; (iii) prohibition to engage in certain activities or to provide certain services; (iv) temporary disqualification or suspension from holding executive positions and (v) revocation of the banking license. In discussion, the BCB officials pointed out that the suspension can be from three to twenty years and if the individual were to apply for an executive position in another institution after the suspension there would still need to be a consideration of the fit and proper principles. The improvements for supervisory action and effective sanctioning processes by the BCB were in the end replaced in mid-November—during the BCP assessment—following the passage of the new Ordinary Law 13,506. The text approved is essentially the same as the lapsed Provisional Measure no. 784. The key differences are:
In terms of supervisory practice, however, whenever the findings of the supervisory process identify only minor deficiencies, the BCB communicates its concerns and required corrections are an “inspection letter” sent to the financial institution. The assessors saw examples of these letters. In more severe cases, the supervisory staff summons the managers and the controlling shareholders of the financial institution through an “attendance order”. The objective is to discuss the problems and the possible solutions, and also to define a deadline for the institution to present a corrective action plan. This plan and its timeline must be approved and followed-up by the BCB. When carrying out its duties, the supervisory staff may directly contact any unit or employee of the financial institution. When a bank has been placed under enforcement or corrective action requirements, the BCB may place the institution on a watch list and subject it to increased monitoring. The main features of this monitoring are: (i) checking that the FI meets the corrective action deadlines; (ii) implementing a plan to regularize the institution; (iii) the monitoring carried out by the independent auditor and timely reporting. The assessors were able to review files recording instances where the BCB employed some of the enforcement tools provided by Resolution 4019: acting in advance, imposing dividend restrictions and requiring managers to restore the institution’s liquidity levels. As discussed also in CP2 EC4, decision-making authority varies according to the measure that is being taken. Summoning, or Attendance Orders, for instance, require at least the approval of a Head of Division, whereas the imposition of penalties in a sanctioning administrative process is decided by the Head of Sanctioning Proceedings Department or by the Deputy Governor for Financial System Organization and Resolution. Decision making powers and processes will be amended as necessary following the passage of Ordinary Law. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor has available an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The BCB may apply the following measures: (i) additional controls and procedures; (ii) reduction of the risk of exposures; iii) increase of minimum capital levels; (iv) more restrictive operational limits; (v) increase of liquidity level; (vii) restriction on the managers’ compensation as well as on dividend distribution to shareholders; (vii) restriction on operations, acquisitions and opening of new branches; (viii) sale of assets. These measures can be applied in any sequence and combination, so the BCB has the flexibility to respond to the circumstances of each individual case. Faced with severe and continuous breaches, inconsistency in information submitted, or FX exceptions, the BCB may impose the penalties established by the Banking Law and by Law 9613. In extreme cases, such as a severe impairment of assets or a continuous breach of regulation by a bank, and where the bank cannot remedy its deficiencies, the BCB can adopt resolution tools and impose “intervention”, “extrajudicial liquidation” or “temporary special administration” (Law 6024, Decree-law 2321, and Law 9447). |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Resolution 4019 provides the BCB with a set of preventive prudential measures to use if a bank’s stability and soundness is at risk. As discussed in EC 1, the BCB is not required to wait until an FI has deteriorated before it can act. As mentioned in EC2, Resolution 4019 (Article 2), grants the BCB power to require supplementary regulatory capital as a preventive measure, as well as imposing restrictions on current or new activities, on acquisitions and on payments to shareholders to protect the Fl’s resources and its regulatory limits. Breaching a regulatory limit triggers the BCB’s powers. The BCB’s data systems which monitor breaches of and variations in operational limits triggers alerts which are investigated and letters issued to institutions in the first instance. The powers permit the BCB to design and impose timely and graduated remedial actions. These actions may be carried out through rehabilitation measures or, ultimately, by intervention, closure and liquidation, allowing the supervisor to effectively deal with a troubled bank and to take timely corrective measures when needed. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in EC 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements; withholding approval of new activities or acquisitions; restricting or suspending payments to shareholders or share repurchases; restricting asset transfers; barring individuals from the banking sector; replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank; and revoking or recommending the revocation of the banking license. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | As already stated, according to Resolution 4019, the BCB may require banks to allocate supplementary amounts of regulatory capital as a preventive measure. The BCB may also impose a restriction on current or new activities, on acquisitions and on payments to shareholders as preventive measures. The BCB recently revised and implemented a methodology to aid the requirement of supplementary capital based on its Risk and Control Assessment System - SRC and is also in the process of implementing another one based on Pillar 2 specifically applicable to the largest banks. As part of the recent refreshing of the supervisory process, banks scoring one of the 3 lowest supervisory ratings (on a scale of 10 grades) are automatically subject to an Attendance Order so that management is required to discuss deficiencies and concrete plans to remedy or resolve the situation. Banks scoring the 4th worst grading are put on a watch list and are subject to heightened monitoring. The BCB uses the following supervisory tools, dependent on the severity of the situation, and reflecting whether or not there has been an accumulation of risks and concerns.
As also described in EC1, the Provisional Measure 784 of 2017, now replaced by Law 13,506, provided the BCB with powers of disqualification, revocation of license and prohibition of certain activities. These powers are expected to be confirmed by the forthcoming Ordinary Law. In addition, in severe cases, resolution measures may be triggered, if proposed by the supervisory staff, approved by the BCB’s Board of Directors and a set out in a decree issued by the BCB’s Governor: (i) Actions by controlling shareholders in order to resolve problems in relation to capitalization, transfer of control, merger or other restructuring processes; (ii) Adoption of a temporary special administration regime conducted on a “going concern” basis and carried out by an Executive Board appointed by the BCB; (iii) Adoption of an intervention regime conducted on a “going concern” basis and carried out by an intervener appointed by the BCB; (iv) Adoption of an extrajudicial liquidation regime, conducted on a “gone concern” basis and carried out by a liquidating agent appointed by the BCB. The Department of Resolution Regimes is responsible for conducting the resolution regime. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Provisional Measure 784 (in force June to October 2017) extended penalties and sanctions to managers, directors and auditors and the new Law 13, 506 confirms these powers. Nevertheless, even without the Provisional Measure, in case of liquidation, the assets of controlling owners, directors and management can be frozen. The BCB may also propose to the National Monetary Council (CMN) to have the assets of the members of the audit committee frozen, among others (Article 36 of Law 6024). The seized property, following due court process, is made available for the payment of creditors in the event of bankruptcy (Articles 41 and 45 of Law 6024). Law 9613 sets administrative penalties for financial institutions and their managers covering noncompliance with obligations regarding client’s identification, record keeping and communication of financial operations. Law 4131 also sets administrative penalties and fines related to foreign exchange operations, applying to individuals and the firm itself. In the event a resolution regime is imposed on the institution, it is mandatory for the BCB to conduct an inquiry to assess whether individual members of management and the Board were ultimately responsible for the insolvency of the financial institution. The BCB’s conclusions are then used by the Judiciary Branch to recover amounts from managers and board members and apply them towards the reimbursement of creditors or of the institution; and, if applicable, impose criminal sanctions. If there are no losses to creditors, there is no obligation to forward the dossier to the Judiciary, but if a dossier is forwarded, the BCB sets out its view on why the losses were caused. The BCB noted that absent willful misconduct, a case was unlikely to proceed. |
||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures, and other related entities in matters that could impair the safety and soundness of the bank or the banking system. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Possible risks that the activities of holding companies and their affiliates (including non-consolidated affiliates) may bring to the safety and soundness of a bank or banking conglomerate are assessed in the SRC methodology (as described in CP12 EC1), through the Contagion Risk Module. In addition, contagion analysis is used by the BCB to assess how the default of one entity affects other entities in the financial system and real economy. For more details, please see CP09 EC5). The Resolution 4280 defines the concept of Prudential Conglomerate and establishes that BCB may determine the inclusion or exclusion of entities in order to have a better representation of qualitative and quantitative aspects of the conglomerates. The power to take corrective actions in order to prevent safety and soundness of the bank and the banking system that arises from contagion risk is established by the Resolution 4019. The BCB may determine the following preventive prudential measures: (ii) reduction of the risk of exposures; iii) increase of minimum capital levels; (iv) adoption of more restrictive operational limits; (v) increase of liquidity level; (vii) restriction on payments to shareholders; viii) restriction on operations, new activities and acquisitions (ix) sale of assets. Additionally, according article 34 of Banking Law, prior to the amendments of Law 13, 506, the BCB forbade loans to certain related parties and the BCB did not approve nor authorize operations considered inappropriate among related parties. Now that Law 13,506 is in place, loans to certain related parties are forbidden if undertaken on more favorable terms than corresponding transactions with unrelated counterparties. Please also see CP21. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor cooperates and collaborates with relevant authorities in deciding when and how to affect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | As the BCB is both the supervisor and the resolution authority, most of the decisions are made inside the same organizational body, allowing responsibilities and decisions to be centralized and due action to be taken promptly. Regarding cooperation with foreign authorities, the BCB participates in the Crisis Management Group of Banco Santander, alongside Bank of England and Banco de España. Please see CP13 EC6. |
||||||||||||||||||||||||||||||||||||||||
| AC1 | Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Financial supervisors are federal public servants in Brazil and, as such, must follow a strict standard of conduct provided for in federal statutes (Law 8,112, Law 8,429, Criminal Code etc.). The breach of their legal duties must give rise to criminal and administrative sanctions, as follows:
Finally, depending on the severity of the situation, a federal civil servant could also be prosecuted for breaching the Statute of Administrative Dishonesty (Law 8,429) which would give rise to the following sanctions: suspension of political rights, loss of public function, prohibition to transfer personal property and reimbursement to the Public Treasury. |
||||||||||||||||||||||||||||||||||||||||
| AC2 | When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of non-bank related financial entities of its actions and, where appropriate, coordinates its actions with them. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC2 | The BCB has agreements with CVM, Previc and Susep covering the exchange of confidential information and the coordination of activities involving common interests. The agreements prescribe the communication to all mentioned entities of formal corrective actions taken in relation to a financial institution. |
||||||||||||||||||||||||||||||||||||||||
| Assessment re Principle 11 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has a wide range of powers and tools to impose corrective and remedial measures. Just prior to the assessment, a Provisional Measure (784) which provided the BCB with greater flexibility to tailor the supervisory action to the specific concern as well as to expedite its processes, which is critical for supervisory authorities, had lapsed and the BCB was waiting for new legislation to pass in order to regain these powers. In the period between the lapse of the Provisional Measure and the enforcement of the new law, the BCB retained its core powers to act. In fact, passage of legislation that replaced the lapsed Provisional Measure took place midway through the BCP assessment. On November 13th, 2017, the president of Brazil sanctioned Law no. 13,506. The BCB issued Circular 3,857 on 14th November which complements the law and provides for the rite of the administrative sanctioning process, the application of penalties, the term of commitment, the precautionary measures, the coercive fine and the administrative agreement in the supervision process. Based on the assessors’ review of materials, the BCB is attentive to real or potential deterioration in the condition and governance of an institution and is ready to use available tools to act at an early stage as well as to escalate its actions as needed. The overall timescales of process are a possible concern, however. A reason for slow process may have been the lack of nuance of escalation in instruments that the lapsed Provisional Measure had briefly supplied. The passage of replacement legislation is extremely welcome, albeit there is no opportunity for the BCB to demonstrate track record for the purposes of the current assessment. The grading of this CP also addresses remedial actions that are discussed in the summary comments to CP29 which relates to supervisory action in the field of AML/CFT. |
||||||||||||||||||||||||||||||||||||||||
| Principle 12 | Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.15 | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The focus of the BCB’s supervisory practice is primarily, if not exclusively, on the Prudential Conglomerate (PC) This concept, defined in Resolution 4280 and comprises not only financial entities that are directly controlled by the authorized bank, but also entities in the wider group and does not rely on an ownership link. Hence, for example, two financial institutions that are both fully owned by the same foreign parent can be considered to be a prudential conglomerate, although they are sister entities with no ownership or control link between them. This approach has been adopted not least to probe the business management structures deployed by more complex groups and to ensure relevant entities are captured in the prudential conglomerate. There is also the concept of “financial conglomerate” which, unlike the prudential conglomerate, depends on control/ownership relationships. Neither the prudential nor the financial conglomerate would include insurance companies, although the concept of “economic conglomerate” does include all ownership relationships, even for non-financial entities. The concept of economic conglomerate is no longer used in the supervisory approach, but information is obtained, periodically, on the financial conglomerate. (Please see CP10) As described in CP8, the BCB’s SRC methodology for supervision is predicated on analyzing the relevant business activities within the prudential conglomerate. The following aspects of the SRC methodology assist the BCB in understanding the banking group, and any wider group of which it is a part. The identification of the significant activities and functional activities under ARC (risk and controls assessment) is based on criteria such as potential impact on capital and profits and includes non-banking activities not supervised by the BCB. Contagion Risk, which is one of the risks in the methodology (i.e. risk and control group) is defined as the potential for losses to the entities belonging to the Prudential Conglomerate (PC), including the parent bank, arising from their relationship with:
Stress tests associated with contagion assessment are conducted in order to verify the systemic risk and the financial institution’s soundness. The solvency and liquidity of banks are evaluated taking into account adverse scenarios for the macroeconomy, delinquency rate, market risk and confidence. Please also see EC5 CP9. Another of the SRC risk and control groups addresses Reputational Risk. The use of a common logo or brand by non-financial companies (which may or may not be part of the PC) represents a reputational risk factor. Likewise, different brands that are recognized by the market as related to the bank or banking conglomerate is also a risk factor. In terms of scope of consolidation, funds must be consolidated if there is evidence off substantial risk assumption on behalf of the fund. The funds industry is equivalent to 50.1 percent of the banking system’s total assets and is monitored with respect to liquidity demands arising and the possibility of support from the banks (step-in risk). Brazil’s regulatory framework also establishes prudential adjustments for significant investments in the capital of banking, financial and insurance entities and investments in institutions whose information is not available to supervision. Investment in funds whose composition are not known receive a risk weight of 1,250 percent in the risk weight capital calculation and which is equivalent to a deduction from capital. Cross-border activities are monitored and communication with home/host supervisors is maintained, through cross-border inspections, supervisory colleges and bilateral relationships. The assessors were able to see examples of such communications. The supervision of cross border Agencies, Branches and Subsidiaries follows the guidelines “Supervision of Units Abroad – Orientation”, which defines two different approaches: Type 1 for significant units and Type 2 for non-significant units. Type 1 Approach:
For non-significant cross border establishments—the Type 2 Approach—the approach is more discretionary and supervisor can use some or all of the Type 1 procedures if the establishment represents a potential or material risk to the bank or banking conglomerate. The BCB maintains detailed information and organizational charts on all conglomerates (i.e. groups), including cross-border operations. The information is held in the BCB’s information systems and at the time of the mission further improvements were being developed to make supervisory access to group structures even more accessible. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The regulatory framework that is applied in Consolidated Supervision is set out in the circulars and resolutions below and the supervisory methodology is applied on a consolidated basis and covered in CP8:
(*) Will be replaced by Resolution 4,557/2017 by the end of February 2018; for D-SIBs, by the end of August 2017. The following information is captured on a consolidated basis:
The following solo information is captured:
Moreover, banks subject to the internal capital adequacy assessment process (ICAAP), according to Resolution 3988 and Circular 3547, must assess their overall capital sufficiency to cover all risks, including strategic, reputational and stress scenarios. The ICAAP is differentiated between SIFIs and smaller banks who are not expected to meet a fully articulated standard. The BCB monitors capital adequacy on a consolidated basis the supervisory process involves (as discussed in CP8 and 9) early warning indicators, alerts on significant variations, monitoring reports, and simulations. In the ANEF process capital adequacy is assessed in relation to the nature and extent of the exposures held by banks or banking conglomerates, as well as the administration’s ability to manage such exposures. The assessors saw several examples of such analysis. Disclosure is on a consolidated basis (Circular 3,678), requiring information on conglomerates’ composition, financial statements, regulatory framework, and credit exposure segregated by economic sector, country, geographic region, economic sectors, remaining maturity, delinquency and other, securitization, equity holdings, etc. The various prudential risk components are examined and evaluated on the basis of the prudential conglomerate. For example: In 2016, the BCB launched a procedure to monitor large and problematic exposures to credit risk in DSIBS. The approach was designed to incentivize prudent credit risk management in conglomerates and is described in the guidelines “Orientation for Monitoring Large Exposures to Credit Risk”. For more information, please refer to CP16. Exposure/concentration limits and risk diversification are monitored on a consolidated basis, based on the aggregation of individual information provided by the SCR and the market infrastructure institutions (trade registers). Brazilian regulations limits conglomerates’ large exposures through Resolution 2,844. (Please see also CP19) For related party requirements please see CP20. Liquidity monitoring includes daily and monthly information from trade repositories and financial institutions and aims to provide timely assessment about capital flows and dynamics. For more information, please refer to the CP24. Supervisory examination guidance focuses on the conglomerate dimension - e.g. compliance with internal and regulatory concentration limits and may be found, for example: Credit Risk Management (MSU 4.30.10.50.01.01), Treasury Operations (MSU 4.30.10.50.02) and Operational Risk Management (4.30.10.50.11). A notable aspect of the BCB approach to group supervision is its evaluation of Contagion Risk in the SRC methodology. This evaluation considers the type of relationship between the entities belonging to the PC and other related parties. When transactions between these entities exist, the Supervisor must evaluate the relevance of the exposures in terms of potential impact on the capital and the profits of the PC. Besides that, some aspects of those transactions must be analyzed, such as the independence between the entities and the pricing criteria (market reference), in order to avoid losses to the PC arising from conflicts of interest that may distort the prices. If necessary, the BCB may impose prudential actions on banks or banking conglomerates in order to limit risk exposure (Resolution 4019). That power can be used upon domestic institutions or Brazilian subsidiaries of foreign banks or banking conglomerates. The power includes the ability restrict the opening of new branches or to undertake new operations as well as the requirement for asset disposal, among other measures. Please also see CP11. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor reviews whether management oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Depending on the significance of the cross-border establishments, the SRC methodology permits the supervisor to define the head office business unit responsible for cross-border operations as a significant business activity. As a result, inherent risks and controls are evaluated under the Risk and Control Analysis - ARC framework. The guidelines in “Supervision of Units Abroad - Orientation”, as mentioned in EC2, define the depth and frequency of the supervisory actions related to the cross-border establishment. The guidelines require the BCB to take the effectiveness and the quality of supervision conducted by the host supervisor into consideration in its own analysis. Moreover, the Special Examination for Corporate Governance (4.30.10.50.06.01) evaluates the adequacy of governance practices, and is focused on control functions, risk governance, compensation structure, communication and transparency. In order to identify possible conflict of interests and influences, it also analyzes the banking group (item 5.1.1) and whether the directors and members of the board hold shares in other companies not related to the bank conglomerate in question (item 5.1.2). Such inspections can provide insight into a group’s capacity to manage its cross-border entities effectively. The assessors saw examples of documentation confirming the importance the BCB attached to effective consolidation over a cross-border group. The BCB adopts the same framework, as set out in the SRC, to both domestic and foreign banks or banking conglomerates operating in Brazil. As a host supervisor, the BCB participates in colleges for Credit Suisse, Deutsche Bank, Citibank, GMAC, Rabobank and Santander. Please also see CP13. As the home supervisor, the BCB holds supervisory colleges for Banco do Brasil and Itaú-Unibanco. To facilitate cross border supervisory information exchange, the BCB has signed several MoUs with foreign jurisdictions. Please see CP3. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The guidelines on “Supervision of Units Abroad - Orientation” set out the criteria used to identify cross border significant establishments where on or off-site inspection is needed and the frequency of this examination (four or five-year cycle, depending on the supervision priority of the bank or banking conglomerate). The following procedures are applied in case of an on-site examination in a unit abroad. In undertaking an inspection of a cross border entity, the BCB establishes contact with the host supervisor providing information on its own planned activities and requesting recent examination reports from the host. Meetings are held with the host supervisor both prior to and at the end of the examination to share findings, conclusions and views. Both the local head office of the institution as well as the host supervisor receive copies of the BCB’s examination report. The BCB has arranged cross border inspections for a number of its banks and the assessors were able to discuss the BCB’s past experience and future expectations of such inspections with some of the banks. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The concept and supervisory practice based on the Prudential Conglomerate allows the BCB to focus its attention on entities and activities located in or arising from the wider group that could have an impact on the banking institution. As discussed in EC1, a direct ownership link is not required for an institution to be included in the Prudential Conglomerate, so an affiliate owned by a parent company that is not consolidated in the Prudential Conglomerate can be included in the prudential consolidation. Risks arising from the wider group, including holding companies and their affiliates (including non-consolidated affiliates) are assessed in the SRC methodology, through the assessment of Contagion Risk. This is used to assess the level of exposure to the risks incurred by these companies and the efficiency of controls and management as well as financial performance and condition. Further, Resolution 4122 establishes that the reputation of final owners of financial institutions within a group is to be evaluated/analyzed by the BCB at the time of the licensing application by the financial institution. Contagion risk analysis on an ongoing basis facilitates the BCB in monitoring and assessing reputational issues post authorization. Specifically, in the stress testing program section of Resolution 4557 (Art 15 - V), there is a requirement to include the risk of the institution providing financial support to an entity that is not part of its conglomerate into the stress test scenarios, if relevant. In the case of insurance and private pension companies related to a bank or banking conglomerate, periodic meetings are held with the Superintendence of Private Insurance (SUSEP). In terms of power to act, the the BCB has the power to require transfer of ownership or corporate (Article 5, Law 9,447) which, ensures that the banking entity could be removed from an ownership that is not fit and proper. |
||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that:
(a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered. |
||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB has the power to limit the conglomerate’s activities, as new activities by financial institutions require an application for approval. Resolution 4122 establishes that the business plan, composed by a financial plan, marketing plan and operational plan, is to be evaluated/analyzed by the BCB at the time of the licensing application by the financial institution. The BCB, through Resolution 4019, and as discussed in CP11 for example, has powers to require institutions to limit their risk exposures. That power can be used upon domestic or foreign branches and extends to the power to restrict the opening of new units (branches, subsidiaries or agencies) or new operations, as well as the power to require the sale of assets, among other measures. The Commitment Letter (MSU 4.50.40) is used to notify and formalize the commitment of the legal representatives of a bank or banking conglomerate and, whenever necessary, their controllers, to adopt measures to correct deficiencies of a serious nature, related to insufficient capital or to other aspects of the operations that could undermine the bank. The assessors saw examples of such interventions and exchanges, including a denial of a change of group structure on the basis that consolidated supervision would have been impaired. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | The BCB’s current policy is not to supervise the solo bank within the consolidated group on a systematic basis. The Specific Examinations (on-site and off-site), can set the focus explicitly on the perspective of a bank individually or as a conglomerate, on a consolidated basis (MSU 4.30.10). The BCB receives accounting information, and monitors, financial institutions on a sub-consolidated or on a standalone basis. Supervisory action on an individual base is taken if deemed necessary. The SRC methodology permits the evaluation of individual business units/activities, which could be an individual bank or entity belonging to the banking conglomerate. Other sources of information on a solo entity basis include SCR system on credit risk and market information on derivatives, stocks and securities provided by trade repositories, such as B3 (BM&F, Bovespa and Cetip). |
||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||
| AC1 | For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit and proper standards for owners and senior management of parent companies. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Banks may be owned by individuals and financial holding companies, but not by nonfinancial corporations. | ||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 12 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB methodology that ensures a prudential conglomerate includes all entities that are relevant to the understanding of the banking group and the use of Contagion Risk analysis in the supervisory approach yield valuable insights into group risk. Importantly, this insight is not static but is maintained on a continuous basis as part of the overall supervisory approach. The assessors were able to see examples of contagion risk analysis. The BCB does not, however, systematically obtain or assess an individual banking entity within a prudential conglomerate against prudential standards. In practical terms, it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. The system, as currently designed and organized, means that the BCB has not communicated the expectation or established the requirement that an individual bank within the conglomerate is continuing to meet the prudential standards that were required of it for authorization. In undertaking resolvability assessment and planning, the BCB will need to understand any obstacles to the transfer of liquidity and capital across the entities of a group, and to require changes to group structure if impediments are identified. Although the Brazilian banking system is largely domestic, it has some cross-border features in respect of some of the DSIB, and even within a purely domestic context, past experience in other jurisdictions has demonstrated that a banking entity cannot necessarily rely on prompt access to group capital or liquidity resources in time of stress, which puts a premium on solo supervision, and the provision of information for any individual bank within a prudential conglomerate. In practical terms, it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. As argued in other principles it is necessary for financial institutions with banking authorizations to recognize the onus is on them to provide the BCB with information and not rely on the BCB to gather and assess such information independently. Equally, as this CP indicates, it is appropriate for the BCB to make its expectations clear that prudential standards should be met and monitored at all times on a solo basis for any individual bank within a prudential conglomerate. |
||||||||||||||||||||||||||||||||||||||||
| Principle 13 | Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks. | ||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||
| EC1 | The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | In establishing and hosting a supervisory college, the BCB takes into account the risk profile of the branches and subsidiaries in respect of the overall group as well as the systemic importance of these establishments for the host supervisors. This process is periodically reviewed—on average every two years—or triggered by a relevant event such as acquisitions or changes in the organizational restructuring in branches or subsidiaries. As the home supervisor, the BCB conducts biennial supervisory colleges for Banco do Brasil and Itaú-Unibanco, which are the domestic groups with the most significant cross-border presence. The respective host authorities of these groups are invited to participate. |
||||||||||||||||||||||||||||||||||||||||
| EC2 | Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | BCB as Host Supervisor During the licensing process of a foreign owned subsidiary, the BCB requests detailed information from the home supervisors. Once the subsidiary starts its operations, the BCB responds to requests for information on demand and also will notify the home supervisor of any material issues, including any concerns regarding the safety and soundness of the operations and/or structures of foreign subsidiaries in Brazil. The BCB also notifies the home supervisor of any actions being taken in Brazil. BCB as Home Supervisor Brazilian banks require explicit authorization to establish subsidiaries or branches abroad. As part of the authorization process, Brazilian banks must pledge to provide the BCB full and unrestricted access to any and all information, data, documents and verifications necessary to evaluate the authorisation request. Whether BCB is Home or Host supervisor As noted in CP3, information shared with relevant home or host supervisor includes the results of supervisory assessments of the Brazilian subsidiaries/parent (as appropriate. These assessments include the results of the Risks and Controls System evaluation (SRC -for more information please see BCP 9). Further information on general issues as corporate governance, risk management and exposure, among others, is disclosed on demand. The MoUs between the BCB and foreign supervisory authorities detail the circumstances and the type of information that can be exchanged, subject to the bank secrecy laws of each jurisdiction. Typically, the agreements provide that, in the performance of their duties, both authorities must meet the requests for information from the other party, except under a few exceptional circumstances specified in the MoU, and as long as they are strictly linked to the supervisory process. Supervisory college activity The BCB noted that participation in supervisory colleges has fostered a more comprehensive perspective of foreign banks operating in Brazil and that the information has been used in the context of planning supervisory activities. Exchange of information between supervisors has included, for example, global strategy and risk controls. In colleges, as with bilateral relationships, information is shared, in each case, according to the Brazilian legislation and that of the foreign country’s jurisdiction, especially with respect to confidentiality laws. Since 2016, the BCB has requested Confidentiality Agreements from all participants when convening the supervisory college as the home supervisor. Please refer to CP3 for more details of the MoU agreements in place and the legislative basis for these agreements. |
||||||||||||||||||||||||||||||||||||||||
| EC3 | Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | As noted in CP3, while collaborative work, such as joint inspections, are permitted within the legal framework and considered in the MoUs, there have been no recent cases of joint examination of a cross-border bank. Nevertheless, if common areas of interest of supervisory work are identified, the BCB, as home or host supervisor, will engage in collaborative work. The Santander Group is the only foreign international group with significant cross-border activities in Brazil. In this context, the BCB participates in the core college and Crisis Management Group (CMG) of the Santander Group with the Banco de España. Please see also EC5 below. There is also a more intensive flow of information with the Bank of England, in relation to the UK presences of Itaú and Banco do Brasil. Information regarding the material risks of the subsidiaries and the overall condition of the parent companies is exchanged. |
||||||||||||||||||||||||||||||||||||||||
| EC4 | The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Communication practices for authorities who participate in the BCB’s supervisory colleges for Banco do Brasil and Itaú-Unibanco include the physical meetings, supplemented by bilateral calls where frequency of contact varies according to the risk profile and needs of the host and home supervisors. As noted above, the BCB shares the conclusions of inspections and assessments carried out under the SRC methodology. As host supervisor, the communication procedures may vary according to the relevance of the subsidiary, ranging from very intense, in the case of the Santander Conglomerate (emails, conference calls every two months on average and participation in the Core College and in the CMG), to occasional contacts, only when there is a significant event, in the case of smaller institutions. |
||||||||||||||||||||||||||||||||||||||||
| EC5 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The BCB is the single supervisory and resolution authority for financial institutions in Brazil. The Department of Resolution Regimes (Deres) was established in 2016 with the staff of the former Department of Bank Liquidation. This new department has, among other mandates, the duty of preparing resolution plans and conduct resolvability assessments. Since 2013, as the home resolution authority of a G-SIB resolution entity (Santander in an MPE approach), the BCB has had a Cross-border Cooperation Agreement (CoAg) with authorities from the EU, Spain and the United Kingdom, concerning the Santander Group. The BCB has signed a specific MoU (Cross-border Cooperation Agreement - CoAg) with Banco de España, in which terms and policies for information sharing related to resolution strategies are established. The CoAg sets out how the respective parties will communicate and coordinate, both during normal periods and in times of crisis, with a view to facilitating the resolvability, recovery or, as necessary, an orderly resolution of Santander, including its recapitalization, restructuring, sale, liquidation or wind-down, where appropriate. The resolution department leads the work that takes place under the remit of Santander’s CMG, working with joint responsibility with the supervisory area. In 2016, resolution and recovery planning was extended to all domestic systemically important banks (D-SIBs). Under resolution 4,502 D-SIBs are required to prepare recovery plans, a phased process that began in December 2016 and will end in July 2018. After that, the D-SIBs will update their recovery plans annually. The recovery plans provide an additional extra layer of information to inform the work of the supervisory and resolution areas in recovery and resolution planning and resolvability assessments and ought to support or improve the supervisory early intervention mechanism. This recent-implemented recovery and resolution planning process is seen as a first step to building a similar framework for a CMG for each Brazilian D-SIB. It is anticipated that information gathering concerning contingency strategies and mapping the any existing impediments to an orderly resolution will set the grounds for information sharing on crisis preparation. Additionally, aiming to enhance cross-border resolution cooperation, the BCB participates actively in the FSB Resolution Steering Group (ReSG) and is currently in the final stages of preparing a new resolution law, aligning the Brazilian legal framework with the Key Attributes of Effective Resolution Regimes. |
||||||||||||||||||||||||||||||||||||||||
| EC6 | Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and Resolution measures. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | As noted above, BCB is the single supervisory and resolution authority, and since 2016 has had a department dedicated to bank resolution. Moreover, since January 2017, the BCB has established a strategic Resolution Committee (COPAR) in order to focus on coordination between the supervisory and resolution departments to deal with resolution planning, resolvability assessment and resolution. As noted in CP3, COPAR is composed of the heads of the departments involved in resolution and crisis management. These two departments report to different deputy governors and a governance architecture has been put into place to avoid conflicts of interest when dealing with a crisis scenario (e.g. assessment of the “fail or likely to fail”). The BCB’s governance structure was last published on November 17, 2016 and the objectives of COPAR were set out. Please also see EC5. |
||||||||||||||||||||||||||||||||||||||||
| EC7 | The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic banks. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | All banks in Brazil are subject to the same regulatory and supervisory requirements irrespective of whether they are foreign or domestic. There is no treatment differentiation, by Brazilian supervision, in relation to domestic or foreign-controlled institutions. |
||||||||||||||||||||||||||||||||||||||||
| EC8 | The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Confirmed by the Memorandums of Understanding (MoU) signed with the supervisory authorities of the home countries of foreign financial institutions operating in Brazil, home authorities are granted access to carry out On-Site reviews, inspections and visits to the subsidiaries of their supervised institutions in Brazil. The MoUs also indicate that the foreign supervisor must inform the BCB of their planned activities. Firms with whom the assessors met referred to past and planned inspections of subsidiaries in Brazil. As home supervisor itself, the BCB informs host supervisors of intended visits to local offices and subsidiaries of Brazilian banking groups and shares the results of these activities. Banks headquartered in Brazil with whom the assessors met also confirmed past and future inspections of their cross-border establishments by the BCB. For those jurisdictions where no MoU is in place, there are informal arrangements to enable supervisory visits to local subsidiaries and the exchange of confidential information. In these cases, the information is shared subject to the legislation of each country, especially with regard to laws concerning the obligation to maintain the confidentiality of the information and the restriction of its use only for supervisory purposes. |
||||||||||||||||||||||||||||||||||||||||
| EC9 | The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Given that there is no legal provision for licensing booking offices in the Brazilian financial system, the BCB does not act as host supervisor for booking offices. While there is no explicit legal or regulatory prohibition in respect of shell banks, the BCB’s licensing framework does not, in practice, permit the incorporation of shell banks as defined by the Basel Committee, namely banks that have no physical presence (i.e. meaningful mind and management) in the country where they are incorporated and licensed), and are not affiliated to any financial services group that is subject to effective consolidated supervision financial institutions without a physical presence. For example, under Resolution no. 4122, the BCB must conduct an inspection of any new institution prior to granting authorization (MSU 4.30.10.50.61). The same regulation permits the BCB to revoke the authorization, among other reasons, due to absence of evidence of practice of essential operations. |
||||||||||||||||||||||||||||||||||||||||
| EC10 | A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action. | ||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | The BCB’s policy is to notify the relevant supervisory authority and probe the information received in the event that this information has the potential to lead to supervisory actions by the BCB. This interaction is facilitated by the frequent information exchange with foreign supervisors as discussed in earlier EC. The BCB has practical experience of this scenario in relation to orderly bank resolution and to the investigation of illegal operations. | ||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 13 | Compliant | ||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has made efforts to establish effective communication with its peer authorities in the context of both home and host supervision. The banks with whom the assessors met spoke highly of their experience of international coordination by the BCB. There are aspects of the BCB’s supervisory approach that could be enhanced, including a formal feedback to the banks it supervises following any meeting of a supervisory college or other major supervisory exchange. Also, in the context of the institutions which have cross border entities outside of Brazil which are systemic for the host jurisdiction, the BCB could consider annual supervisory colleges to ensure that all aspects of strategy, reputation and contagion risk outside of Brazil are being factored into supervisory planning. Finally, and as also touched on in CPs 3 and 8, the BCB’s work on recovery and resolution with its banks is not yet fully completed. This element is graded in CP8. |
||||||||||||||||||||||||||||||||||||||||
B. Prudential Regulations and Requirements
| Principle 14 | Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,17 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor establish the responsibilities of a bank’s Board an d senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Corporate Law (Law 6404) establishes general requirements for the composition and overall responsibilities of the board of directors, which include but are not limited to steering the corporations’ general business. However, some corporate governance requirements differ between financial institutions that are listed and those that are in private ownership. Only a listed company is required to have a board of directors (conselho de administracao). A non-listed company is required to have senior (executive) management (presidente and directores). In the latter case, the duties of the board fall upon the senior management. Audit Committees and Remuneration Committees are required for some financial companies based on criteria of systemic relevance and proportionality. Not all listed financial companies are required to establish the committees and, conversely, an unlisted financial institution that meets the criteria will be required to establish the committees. Nominations Committees are not required but the BCB requires banks to consider succession planning (implement and maintain a policy) and some banks have such committees (notably the systemic banks). A number of resolutions further specify corporate governance requirements. Resolution 4122 which sets out licensing conditions, which also apply at any point of change of control and apply to all banks (listed or otherwise) also establishes the conditions for membership of the statutory or contractual bodies of these entities. Among the licensing requirements is the submission of an operational plan detailing the shareholding structure, the control group, and corporate governance standards, among other items. Boards of directors and senior management are responsible for implementing an effective internal control framework encompassing all business levels of the financial institution, including their objectives and procedures. Internal controls must be consistent with the nature, complexity, and risk of operations conducted, encompassing all financial institutions’ businesses. An annual report to the board on the performance of the internal control framework must cover activities such as examinations’ conclusions, framework deficiencies and corrective measures. (Resolution 2,554) Board of directors must approve and review risk management policies at least annually. Reports allowing the identification and correction of deficiencies in control and management of risks have to be prepared at least annually and submitted to the board for approval and direction. (Resolution 4557) Furthermore, for all banks, a Chief Risk Officer (CRO) must be appointed and key elements for the risk management structure, including a risk management unit independent from the business units and from the internal audit function, and a board-level risk committee, are set out. FIs must establish appropriate conditions for the CRO to exercise its assignment independently and to report directly to the board of directors, the risk committee, and the Chief Executive Officer (CEO). The board must approve the appointment and dismissal of the CRO, and the dismissal of a CRO must be disclosed in a timely manner. (Resolution 4557) It may be noted that although Risk Committees are, or will be, required for banks in segments 1 to 3, banks in segments 4 and 5 are exemd. Banks in segment 3 are also exempted from certain restrictions in terms of eligible persons to sit on the Risk Committee. (Resolution 4557, Article 59 et seq. As noted elsewhere, Resolution 4557 came into force for S1 banks in August 2017 but will only enter into force for the remaining banks in February 2018, permitting the lower segments to have a full year, rather than 6 months to comply). The corporate governance framework for state-owned entities, including FIs, whether wholly or partially owned, is set out in Law 13,303 dating from 2016. It establishes, among other things, overall responsibilities of the board, senior management and audit committee. By end 2017, BCB intended to release Guidance of Supervision Practices (GPS) to further inform banks and banking groups of its expectations for sound corporate governance practices regarding the role of a bank’s board, senior management and board committees, risk governance and the role of control functions. The Guidance was published in March 2018. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | In the monitoring process, the BCB Supervision assesses all regulatory aspects as well as those aspects defined as best practices are assessed. The BCB’s assessment of corporate governance and of internal controls is through a combination of supervisory techniques, including risk and control assessment via the Risks and Controls Evaluation System (SRC) and specific inspections (Special Examinations/ Verifications - VEs). The resolution on consolidated supervision (Resolution 4090) confirms the BCB’s right of access to all information and persons within an FI and the BCB holds frequent meetings with the board of directors, senior management, audit committee, remuneration committee, internal audit, CRO. There is a frequency specified for such meetings depending on the supervisory cycle of the institution. For example, an S1 bank will have 2 meetings of the audit committee, one meeting of the risk committee and one meeting with the Chairman of the bank, on his own, with the BCB. For a bank on a longer supervisory cycle such meetings are also mandatory but the frequency is lower. SRC: Inspired by the BCBS’ Corporate Governance Principles for Banks (2015), the BCB refreshed the corporate governance module, within Risk and Controls Analysis (ARC), to include board-related issues such as composition recruitment and qualification of members; organization and evaluation, overall responsibilities. Other elements included in the evaluation are: corporate culture and values; risk appetite; conflicts of interest; disclosure and transparency; group structure; advisory committees to the board; senior management; risk governance; compliance function; audit function and remuneration structure. The assessment of corporate governance, through the SRC, has a significant weight in the overall internal grading of banks or banking groups. VE (special examinations) - Corporate Governance: The specific inspections, also inspired by Corporate Governance Principles for Banks (BCBS, 2015), are carried out to verify components of the corporate governance structure. Special Verifications of Market, Credit, Operational and Liquidity Risks, also consider aspects of risk governance are also assessed. Risk governance mechanisms are also considered in the context of the supervisory review of the Internal Capital Adequacy Assessment Process (ICAAP) (now Resolution 4557, but formerly Resolution 3988) At the end of its inspections, BCB formally notifies a financial institution on the results and findings, and requires the correction of the issues that have been identified. As discussed in CP11, the BCB has requisite enforcement powers in relation to legal and regulatory provisions stemming from the Banking Law (Law 4,595). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Corporate Law (Law 6404) establishes that corporations’ board of directors must have at least three members and that membership of senior management executives is limited to one third of board positions. Law 13,303 of 2016, which sets a corporate governance framework for state-owned organizations, establishes that these companies board of directors should have between seven and eleven members of whom at least 25 percent are independent. Competence Resolution 4122 establishes the licensing requirements for financial institutions and establishes the requisites for board and senior management membership. Appointment to a managerial position is based on an assessment of technical capacity and unsullied reputation. The BCB’s assessment of adequacy is based on a statement submitted by the institution and on the candidate’s résumé and takes into consideration, previous positions held, the size and nature of the previous employers, and (as appropriate) the amount and type of funds managed or under the responsibility of the appointed person. Succession Policy Banks are required to develop and maintain a succession policy for senior executives and board member that is commensurate with the nature, complexity, structure, risk profile and business model of the FI. Succession policy is a Board responsibility and must cover recruitment, promotion, selection and retention of executives. Board Structures (a) Audit The provision of external audit services and the constitution of an audit committee are governed by Resolution 3198. Banks above a size threshold, systemic relevance and other criteria are required to establish an audit committee (Article 10: banks with equity equal to or greater than 1bn reais; or with deposits and asset management equal to or greater than 5bn reais), which must report to the board of directors. The audit committee of publicly traded financial institutions or state-owned closed institutions must be composed only by non-executive members. At least one member of the audit committee must have a proven background in accounting and auditing. (b) Risk A risk committee with direct access to the Board and composed of at least three members, the majority of whom should be independent, is required by Resolution 4,557. The risk committee must be chaired by an independent member, who is not or has not been in the past 6 months the chairperson of the board or of a board auxiliary committee. Also, the risk committee must coordinate its activities with the audit committee to facilitate information exchange and adjustments to the risk governance structure. Committee members must be experienced and qualified. Please also note EC1 for details on some differences in requirements between segments of banks. (c) Remuneration A remuneration committee is required under Resolution 3921 for a publicly traded FI or one required to constitute an audit committee. As with the Risk Committee, the committee must be accountable to the board and be composed of three members, at least, one of which not in management. Committee members must be experienced and qualified. In both the SRC and the VE analysis, BCB assesses the criteria for board membership, succession plans and board and senior management performance. During the SRC, the BCB also assesses execution of the financial institution’s business strategy. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.18 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC 4 | Corporate Law (Law 6404) establishes that the board of directors and senior management must perform their duties with loyalty and diligence. In terms of suitability of qualification, please see also EC3 above. Inspections directed at corporate governance (SRC and VEs) evaluate ethics rules and standards of conduct contained in regulations. Besides that, BCB assesses qualification and suitability of board members, their effectiveness and their exercise of the “duty of care” and the “duty of loyalty”. All new board members or members of the senior management are assessed by the BCB (licensing department) for fit and proper suitability. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite and strategy, and related policies; establishes and communicates corporate culture and values (eg through a code of conduct), and establishes conflicts of interest policies and a strong control environment. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The Boards’ competences, under the Corporate Law (Law 6404) include the obligations to: set the general orientation of the company’s business; elect, dismiss determine the attributions, and oversee the senior management; examine, at any time, the books and papers of the company and request information on contracts entered into or in the process of execution, and any other acts. The Board has responsibilities for risk management and capital management under Resolution 4557 including: (i) establishing the risk appetite of the FI in the Risk Appetite Statement (RAS) and revising them, with the assistance of the risk committee, the board of directors, and the CRO; (ii) approving and reviewing policies, strategies and risk management limits; capital management policies and strategies; the stress testing program; policies for business continuity management; the liquidity contingency plan; the capital plan; the capital contingency plan. Conflict of interest is partly addressed by the Corporate Law (Law 6,404) which requires Board members or senior management, when facing any conflict of interest, should abstain from voting and that this should be clearly recorded in the minutes of the Board or senior management meetings. Furthermore, Resolution 2554 states that internal controls include the segregation of the duties to prevent conflicts of interest and to minimize and properly monitor areas of potential conflicts of interest that are identified. The resolution also establishes senior management responsibility for the promotion of ethical standards and integrity and of an organizational culture that reinforces the importance of internal controls and the role of employees in this. Circular 3467 requires an evaluation report on the quality and adequacy of the internal control systems and determines that “the description of aspects related to the control environment should address the financial institution’s control culture, including, among others, the commitment to ethics and integrity, including but not limited to establishing a code of ethics and disclosure within the organization.” The description of a financial institution’s risk appetite in line with their strategic objectives is required as part of the ICAAP process (Resolution 4557 - formerly in Resolution 3988), and must be approved by the board of directors (Circular 3547). The SRC analyzes the quality of the strategic planning process of a financial institution. This analysis also includes a verification of the processes and procedures for the implementation of strategic plans and the controls established for their adequate implementation. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The Board is responsible for selecting and dismissing company’s executives, for overseeing senior management’s performance and for defining the strategic objectives of the company under the terms of the Corporate Law (Law 6,404). In addition, Law 4595 (Banking Law) empowers the BCB to establish conditions for the exercise of any executive positions in private financial institutions, as well as for the exercise of any functions in bodies such as the Fiscal Council. Technical capacity and behavioural attributes for executive positions in financial institutions are set out in Resolution 4122. Succession planning and implementation is addressed by Resolution 4,538 which establishes Board responsibility including the criteria used in the recruitment and selection process of senior management. The SRC review and the VE on corporate governance assess the standards in senior management selection, plans for succession and senior management’s performance. The SRC also evaluates the execution of strategic plans. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Remuneration policy is addressed by Resolution 3921 which requires executive remuneration to be commensurate with the Fl’s risk policy, formulated to discourage strategies that would lead to imprudent risk exposure whether over the short or long term. This resolution also determines the constitution of a compensation committee which reports to the Board and which is responsible for proposing the remuneration policy. The remuneration policy is applicable only to Board members and executive officers and must be reviewed yearly by the board. Compensation standards established by Resolution 3,921 include: (i) performance-based compensation at individual, business-unit and firm-wide level, except for directors, whose compensation should be performance-based; (ii) deferral of at least 40% of the variable compensation; (iii) minimum deferral period of three years; (iv) at least 50% of variable compensation in shares or share-linked instruments; and (v) malus clauses. In defining their compensation policy, financial institutions must take into account issues such as the overall compensation amount and its allocation, the current and the potential risks, the overall financial results of the institution, the ability to generate cash flows, the economic environment and financial sustainability in the long term. SRC and VEs on Corporate Governance assess compensation issues. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g. special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Under Resolution 4,557 risk management policies and strategies must be approved and revised annually by the board. Annual performance reports on the risk management structure that allow for identification and timely correction of deficiencies must be submitted to the board. Resolution 4,557 also establishes that the board of directors and the senior management must have a comprehensive and integrated understanding of the risks of the financial institution that may affect capital, including possible impacts on prudential conglomerate’s capital coming from the risks associated with other companies of the prudential conglomerate. Financial institutions must be able to identify, assess, monitor and control risks associated to each institution individually and to the prudential conglomerate, as well as to identify and monitor risks associated with other companies controlled by members of the prudential conglomerate. Financial institutions belonging to a financial or prudential conglomerate must prepare their financial statements on a consolidated basis. For regulatory purposes, the financial statements of a prudential conglomerate must include mutual funds of which it retains substantial risks and benefits, as well as securitization entities and other non-financial institutions over which it has a direct or indirect control, thus bringing the shadow banking system into the scope of consolidation of financial statements under BCB supervision, including capital requirements. Special purpose entities are included in the consolidated statements of the prudential conglomerate in the cases where they operate in the activities listed in Resolution 4280and are directly or indirectly controlled by the parent institution. Additionally, the BCB supervision can determine their inclusion or exclusion in a prudential conglomerate, to avoid distortions on the representation of the equity of the group. The SRC and the VE (targeted inspections) on Corporate Governance the BCB seeks to assess the role of board and senior management in relation to group structure issues, particularly in respect of risks that may arise from complex structures. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Penalties under the Banking Law (Law 4,595) that are applicable to managers of FIs, include the temporary prohibition from occupying a management position in an FI. Once administrative proceedings have been initiated against an FI, its executives, members of its board, its internal or external auditors, the BCB can require the removal of the Fl’s senior management and board of directors, (Law 9,447). Such persons may also be precluded from assuming any management position in financial institutions or act as agents or representatives of members of their board of directors. Under Resolution 4122 the BCB may deny managerial appointments in FIs on the grounds of circumstances that may affect the reputation of the managers, the control group members, the holders of qualified participation, or due to falsehood in the application documents. The BCB may review its decision to approve a director or a senior executive of a financial institution at any time, if pre-existing or post-appointment circumstances are confirmed that could affect the reputation of those elected or appointed to statutory or contractual positions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Obligations under Resolution 3198 provide that the external auditor and the audit committee, when installed, must, individually or collectively, communicate formally to the BCB, within three working days of identifying the existence or evidence of error or fraud represented by: i) failure to comply with laws and regulations, which jeopardize the continuity of the audited entity; ii) fraud, of any amount, perpetrated by the management of the financial institution; iii) material fraud perpetrated by employees or third parties; iv) errors that result in material inaccuracies in the financial statements of the financial institution. Further, any institution licensed by BCB must provide notification of any information that could negatively affect the reputation of its controllers, board members or senior management members within 10 business days (Resolution 4567). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 14 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has a long track record of taking account of governance practices in its supervisory approach and has recently reoriented its supervisory approach (SRC and targeted on-site inspections) to reflect further the weight it places on sound corporate governance within financial institutions. Analytical internal documents in the BCB and discussions with banks were consistent with the emphasis that the BCB places on corporate governance. The BCB’s attitude and work that it has undertaken to date in the field of corporate governance is completely commendable. The corporate governance work is, however, still in progress. Some important components are not yet in place, notably including the fact that the critical Resolution on risk management and governance (Resolution 4557) has only been in force for 6 months for the systemic banks and is not yet in force (until February 2018) for the rest of the banking sector. Moreover, the BCB had, at the time of the assessment, not yet completed and published its guidance on the assessment of corporate governance, although this is targeted for release by end 2017. A full supervisory cycle reflecting the corporate governance assessment under the new regulations had not yet taken place even for the systemic banks. As noted above, the BCB published guidance on corporate governance in March 2018. Nevertheless, and notwithstanding the principle of proportionality, the BCB should ensure that even unlisted banks have a board of directors. In exchanges with the BCB, the assessors understand that the BCB considers that a requirement for Boards of directors to be instituted in all banks may be excessively burdensome to many of non-listed companies, which are small sized institutions. In other words that the financial burden on small sized institutions does not seem justifiable for the risks they represent. There are very few jurisdictions where failures in small banks have not been directly attributable or strongly associated with corporate governance failings. While an evolved committee structure (audit, remuneration, risk, etc) is not required for very small institutions, board oversight to provide checks and balances on management is a basic safeguard. There are a number of ECs that cannot, by definition, be fully met if there is no Board in place in a bank—such as EC6, which seeks to confirm that management functions under Board oversight. While the number and scale of activity of non-listed banks that do not, of their own volition, have a corporate governance structure is also small, it is a deficiency to be addressed. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 15 | Risk management process. The supervisor determines that banks19 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate20 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.21 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 |
The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Regulations on risk management include requirements for the implementation of a continuous and integrated risk management structure (Resolution CMN 4,557 of 2017). These requirements are effective from August 2017 for institutions allocated to Segment 1 (S1), and will become effective from February 2018 for institutions allocated to Segments 2 to 5 (S2, S3, S4 and S5). The structure must
The criteria established for inclusion of banks in the five segments are summarized in Table 1 below: Table 1. Criteria for Segmentation of Banks Table 1. Criteria for Segmentation of Banks
Financial institutions are required to identify, measure, evaluate, monitor, report, control and mitigate risks. The risk management framework must also be integrated across risks, allowing for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of adverse effects arising from interactions between them. (Art.6, CMN 4557 of 2017). The other requirements of the risk management framework include risk management policies, systems, procedures and routines; establishment of risk limits, and management of risk exposures within limits that are consistent with the risk appetite statement (RAS); processes for tracking and timely reporting of exceptions to the risk management policies, limits and levels of risk appetite set in the RAS; periodic assessment of the adequacy of risk management systems, routines and procedures; need for clear documentation of roles and responsibilities for risk management; stress testing; continuous evaluation of the effectiveness of the risk mitigation strategies; policies and strategies for business continuity management; timely reporting to the senior management, the risk committee and the board are also laid down in regulations (Art.7, CMN 4557 of 2017). Resolution CMN 4,557 requires the implementation of a structure for risk management that covers operational risk, market risk, interest rate risk in the banking book, credit risk, liquidity risk, socio-environmental risk and other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). According to Resolution CMN 4,557, the board’s responsibilities include defining and revising, jointly with the risk committee, the senior management and the Chief Risk Officer (CRO), the risk appetite levels expressed in the institution’s Risk Appetite Statement (RAS). The board’s responsibilities also include:
Prior to Res. CMN 4557, the regulatory framework for risk management was articulated by a set of regulations that were developed to require banks to establish risk management structures for identifying, measuring, monitoring and managing individual risks like credit, market, liquidity, operational risks. This set of regulations dealing with individual risks lays down the regulatory requirements for banks in S2 to S5. With the maturity of the risk management structures and practices in banks, the development of the skills in the banks and in the BCB, through CMN 4557, BCB is requiring the banking system to embrace integrated risk management systems. The set of regulations on management of market risk, credit risk, operational risk and liquidity risk that are in operation for the institutions in S2 to S5, prescribe the adoption of policies and strategies, that were required to be documented, and establish operational limits and procedures consistent with levels of risk deemed acceptable by the institution. Regulations require that risk management policies and strategies must be approved and reviewed, at a minimum on a yearly basis, by senior management and the board, and that the director responsible for managing risks must not perform activities that may give rise to a conflict of interest. Former regulation on operational risk management already prescribed the dissemination of the risk policy to all levels of personnel. The Risks and Controls Assessment (SRC) conducted by the Banking Supervision Department (Desup) evaluates ten types of risk and their associated controls, through a qualitative approach: credit, market, liquidity, contagion, operational, reputational, strategic, information technology (IT), money laundering and consumer relationship. Corporate governance issues are evaluated in relation to each of the mentioned risks, including risk appetite definitions and the risk management framework. A new ARC (a report where SRC’s analysis are formalized, similar to a working paper) on corporate governance is being implemented, adding a broader and updated view of this subject. This ARC will represent 30 percent of the qualitative score accorded, the other 70 percent being a weighted average of the assessment of the ten mentioned risks. The SRC handbook establishes that the analysis of each risk type is conducted according to the size of an institution and the complexity of its operations. This manual requires the supervisory team to evaluate whether the bank has a sound risk management framework in place, whether policies and strategies are approved by the board, whether senior management has implemented adequate tools to monitor and control risk’s exposure vis-à-vis its appetite as defined by the board, etc. Moreover, according to each bank’s supervision cycle (MSU 3.10.40) which is currently defined taking its previous SRC’s overall score (quantitative and qualitative evaluations) along with its systemic relevance, focused examinations on specific themes may also be performed. The decision on whether one or more examinations are needed is made by each supervision team on a regular basis supported by their knowledge of the bank’s main weaknesses and strategic choices, as well as qualitative and quantitative inputs by Desup’s specialized teams. Those focused examinations (mainly Special Verifications - VEs, as defined in Supervision Manual - MSU) are designed to provide a deeper and more detailed view of a specific theme. Examples of VEs are: credit risk (MSU 4.30.10.50.01.01), market risk (MSU 4.30.10.50.02.03), liquidity risk (MSU 4.30.10.50.02.02), IRRBB (MSU 4.30.10.50.02.07), treasury operations (MSU 4.30.10.50.02.01), corporate governance (MSU 4.30.10.50.06.01), operational risk (MSU 4.30.10.50.11), contingencies - legal claims (MSU 4.30.10.50.07.01), review of IT environment (MSU 4.30.10.50.18), review of IT systems (MSU 4.30.10.50.19), data integrity (MSU 4.30.10.50.32), AML procedures and structure (MSU 4.30.10.50.08.02). The scope of VEs include whether senior management and the board have formally set formal strategies and policies, if appropriate limits are established and consistent with the bank’s risk profile and if they are properly monitored and communicated. It is also important to say that the conclusions of examinations are incorporated to the SRC assessment. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 |
The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1. Resolution CMN 4557 establishes requirements for the implementation of a continuous and integrated risk management structure. These requirements are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. A synopsis of these requirements is presented below:
The risk management structure must allow for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of credit risk, market risk, and IRRBB, when they are deemed material by the institution. The same applies to other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). The risk management structure must allow for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of operational risk, liquidity risk and socio-environmental risk, regardless of materiality. The risk management must be integrated across risks, allowing for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of adverse effects arising from interactions between them. For institutions in S2 to S5, as mentioned in the description under EC1, the regulatory requirement for risk management is articulated in a set of regulations that addresses individual risks. A summary of this set of regulations is presented below:
During the supervision cycle, the supervision team evaluates the ten risks mentioned in EC1 on an ongoing basis, as well as quantitative indicators (capital strength, liquidity and results - P&L). The quantitative evaluation considers the macroeconomic environment and its connection to the performance of those three indicators, as well as the qualitative side. The qualitative analysis on the ten risks take into consideration the policies and processes to identify, measure, evaluate, monitor, report, control and mitigate. This can be done through a variety of tools, including regular meetings with the bank’s staff, evaluation of the bank’s managerial reports sent to senior management (also sent to Desup when required by the supervision team), analysis of high level committees’ meeting records, reports and alerts from BCB’s Financial System Monitoring Department (Desig), meetings with other regulators and supervisors, etc. All these procedures provide the supervision team with a comprehensive view of the risk management framework, which is commensurate with the bank’s size, complexity and risk profile. When the supervision cycle comes to a close, the supervision team presents the SRC to a committee at BCB (Risks and Controls Assessment Committee - Corec). Larger and more complex banks are submitted to shorter supervision cycles and endure deeper analysis (all ARCs are evaluated on this cluster of institutions, which may not be case for smaller and simpler banks). On Corecs, the committee members have a broad and comprehensive view of all material risks, in a bank-wide perspective (including non-financial companies connected to the assessed financial firm). This view is considered when the committee approves or proposes a new qualitative or overall score. For more detailed supervisory procedures, please see EC1. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that risk management strategies, policies, processes and limits are:
The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorization by, the appropriate level of management and the bank’s Board where necessary. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | According to Resolution CMN 4,557 of 20/17, the risk management structure must comprise clearly documented policies and strategies for risk management, establishing limits and procedures designed to maintain the exposures to risks at levels consistent with the ones set in the RAS. Regulation also requires effective processes for tracking and timely reporting exceptions to the risk management policies, limits and levels of risk appetite set in the RAS. The risk management policies must prescribe necessary authorizations, as well as timely and appropriate actions to be taken by senior management and, when necessary, the board, in case of exceptions to policies, procedures, limits and RAS stipulations. The following information must be disseminated to all levels of the institution’s personnel and to the relevant providers of outsourced services, in a language and a degree of information commensurate with their assignment:
The board’s responsibilities include approving and revising, at least annually, the risk management policies and strategies, establishing limits and procedures designed to maintain the exposures to risks at levels consistent with the ones set in the RAS. Resolution CMN 3,380 of 2006, Resolution CMN 3,464 of 2007, Resolution CMN 3,721 of 2009 and Resolution CMN 4,090 of 2012 already prescribed that policies and strategies for risk management must be clearly documented, establishing operational limits, mechanisms for risk mitigation, and procedures aimed at maintaining exposure to risk within levels deemed acceptable by the institution. Resolution CMN 3,721 of 2009 already prescribed the adoption of practices to ensure that exceptions to the risk policy, to procedures, and to limits were appropriately informed in the periodic reports to senior management. Supervision teams evaluate the following aspects, in order to ensure that the bank adopts appropriate strategies for risk management: if the bank has established formal strategies/policies for risk management duly approved by the senior management and the board; the clarity and quality of documents; the alignment of these strategies and policies with the bank’s objectives and goals for its risk management; the degree of communication of those documents within the institution. SRC ARCs state that policies, limits and procedures should be assessed on each bank’s supervision cycle, according to its size, complexity and risk profile. When performing VEs, the supervision team verifies high level committees’ records (including board meetings) in order to check what was considered when approving or reviewing policies and strategies. Exceptions to limits are also verified by Desup, especially regarding whether risk governance procedures were observed. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | According to Resolution 4,557 of 2017, the risk management structure for S1 institutions must provide for timely reports for the senior management, the risk committee and the board on:
Reporting provided by the information systems must:
The board, the risk committee, the CRO and the senior management must comprehensively understand the risks that may affect the institution’s capital and liquidity, as well as the limitations of the available information on risk and capital management. They must also understand the limitations and uncertainties related to the risk evaluation, to the models, even when developed by third parties, and to the methodologies used in risk management. For institutions in S2 to S5, Resolution CMN 3,380 of 2006 prescribes the submission of reports to senior management and the board, at least on a yearly basis, allowing the identification and timely correction of deficiencies in control and management of operational risk. Senior management and the board must expressly approve actions for a timely correction of deficiencies identified. Resolution CMN 3,721 of 2009 prescribes that the structure for credit risk management must stipulate adequate levels of regulatory capital and provisioning that are compatible with credit risk incurred by the institution. Policies and strategies for credit risk management must be approved and revised, at least annually, by senior management and the board, considering the periodic reports on the performance of the managing structure. Especially on VEs, Supervision teams evaluate reports received by the bank’s board and senior management and analyse if they present an adequate level of information, considering the risk appetite defined in policies, clarity, level of data aggregation, size, complexity and risk profile. In addition, Desup’s specialized teams run a horizontal examination that checks a sample of banks’ policies on pricing procedures, including whether the board and senior management are aware of the implied limitations. In the VE on corporate governance requirements (MSU 4.30.10.50.06.01), the supervision team assess the level of understanding of senior management and the nature of the bank’s risk level and its inter-relationship with capital and liquidity levels. Furthermore, it evaluates the understanding and the knowledge of senior management on information systems. The quality of the information produced by the bank is also verified, with special attention to that forwarded to the board and senior management. On SRC, the ARC routine on strategic risk control prescribes an evaluation by the supervision team on the degree of attention by the bank’s board and senior management to internal controls, compliance and risk management matters. The ARC routine on corporate governance, add more precision to this evaluation, comprising the understanding of risk management uncertainties. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | According to Resolution CMN 4,557 of 2017, the risk management structure must prescribe policies, strategies and procedures ensuring the identification, measurement, evaluation, monitoring, reporting, control and mitigation of liquidity risk in different time horizons, including intraday, under normal circumstances and in periods of stress, comprising a daily assessment of operations with a maturity lesser than 90 (ninety) days. Polices, strategies and procedures must also ensure a funding profile that is adequate to the liquidity risk arising from assets and off-balance sheet exposures. The capital management framework must comprise a capital adequacy assessment, considering adequate levels of total Regulatory Capital (PR), Tier 1 and CET1 commensurate with the risks incurred by the institution. For the purposes of risk management and capital management, the board’s responsibilities include assuring that capital and liquidity levels are adequate and sufficient. Resolution CMN 3,988 of 2011 already prescribed the establishment of a capital management structure commensurate with the nature of operations conducted, the complexity of products and services and the level of exposure to risks. The structure must be able to identify and assess relevant risks incurred, including those risks not covered by capital requirements. Such structure must establish policies and strategies clearly documented that adopt mechanisms and procedures aimed at allocating an amount of capital compatible with risks incurred. A capital plan for a minimum three-year horizon was already required, as well as periodic reports to senior management and the board on the adequacy of capital allocated. Resolution CMN 4,090 of 2012 already prescribed the establishment of a liquidity risk management structure commensurate with the nature of operations conducted, the complexity of products and services and the level of exposure to such risk. The structure must be able to identify, assess, monitor and control the exposure to liquidity risk in different time horizons, including the intraday one. Operations with maturity below 90 days must be assessed on a minimum daily basis. Liquidity risk management must consider all financial exposures, including contingent and unexpected ones. The processes for risk identification, assessment, monitoring and control must be revised annually, at minimum. A liquidity contingency plan must be in place establishing responsibilities and procedures for liquidity stress scenarios. Policies and strategies, as well as the liquidity contingency plan, must be approved and revised at least annually by senior management and the board. Resolution CMN 2,554 of 1998 determines that the internal controls must provide for the definition of responsibilities within the institution and the segregation of activities in order to avoid conflicts of interest, as well as to minimize and monitor areas of potential conflicts. The risk management activities must be conducted by a specific unit, segregated from the business unit and from the unit responsible for the execution of the internal auditing activity. In the SRC model, the bank’s process of assessing its capital adequacy is mainly evaluated at the ARC routine on strategic risk control. The supervision team analyses policies and strategies for capital management, capital planning for the next three years, capital contingency plans, commensurate with size, complexity and risk profile of the institution. Items evaluated include: risk appetite defined as a minimum capital required; aimed composition; tools to regularly and timely monitor capital adequacy; adequacy of capital planning regarding economic environment, alignment with strategic objectives, dividends policies; feasibility of capital sources on contingency plans, etc. Liquidity needs are evaluated both on quantitative (inherent risk) and qualitative (risk control) approaches of SRC. For larger banks (total assets above or equal to R$100 billion), an annual ICAAP report is mandatory. Such documents are regularly reviewed by each bank’s supervision team with the support of specialized teams (e.g. credit, operational, IRRBB, market, quantitative assessment, capital). The supervision team’s conclusions on Internal capital adequacy assessment process (ICAAP) reports are also reflected on SRC in specific items of the ARC routine on strategic risk control. For these banks, the additional assessment includes: clarity, aggregation and understating of risk appetite statement (RAS); risk limits and metrics; responsibilities; material risks identification; feasibility of baseline and stress scenarios; impact of new regulatory requirements, etc. Moreover, supervision teams also evaluate the internal process of capital adequacy for banks required to prepare an ICAAP report. Differences between internally calculated capital figures and the ones using standardized models are expected to be monitored and explained by the bank’s management. The governance of the process is included on the SRC scope, concerning the roles of the board and senior management, internal audit and validation. According to Brazilian rules, liquidity, strategic and reputational risks should be assessed, even in the absence of capital impacts. In implementing a VE on corporate governance (MSU 4.30.10.50.06.01), the supervision team must assess the level of understanding of the board and senior management on the risks taken, as well as on the nature of the bank’s risk level and its inter-relationship with capital and liquidity levels. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
Where banks use models to measure components of risk, the supervisor determines that:
The supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | According to Resolution CMN 4,557 of 2017, risk management models, when relevant, must be subject to a periodic evaluation of the adequacy and robustness of assumptions and methodologies and their performance, including backtesting when applicable. The evaluation must not be performed by the unit responsible for the development of the models or by a risk-taking unit, according to segmentation criteria. The Board, the risk committee, the CRO and the senior management must comprehensively understand the limitations of the available information on risk and capital management. These instances must also understand the limitations and uncertainties related to the risk evaluation, to the models, even when developed by third parties, and to the methodologies used in risk management. Regulations have established requisites and procedures for internal models that assess market risk, credit risk and operational risk for regulatory purposes. The banks’ requests for using the internal models are required to be subjected to rigorous testing and approval processes before banks are allowed to use the internal models for regulatory purposes. Supervisors use similar approaches during their on-site visits while reviewing the banks’ internal models that are used for internal risk management purposes. Furthermore, supervision teams constantly monitor the output of the approved models and check whether reasonable figures are resulting. Information is conveyed either by an official standardized document named DLO (operational limits document) on a monthly basis to the BCB or through a request by the supervision team of managerial reports. The conclusion on the models used and their output is expressed through the corresponding ARC routine on risks and controls. On model approval examinations, the roles of the board and the senior management are evaluated, including their knowledge of limitations and uncertainties. Three years after approval, all models must be again submitted to an independent validation process. Supervision teams evaluate this revalidation process when it is concluded. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | According to Resolution CMN 4,557 of 2017, the risk management structure must comprise risk management systems, including information systems deemed adequate, both under normal circumstances and in periods of stress, to assess, measure and report on the size, composition and quality of the institution’s risk exposures. Reporting provided by the information systems must reflect the institution’s risk profile and liquidity needs and be provided, on a timely basis and in a suitable form, to the board and senior management. The reporting must also note any deficiencies or limitations in risk estimation and in the assumptions of quantitative models and scenarios. The supervisory process assesses how information on corporate risks must be captured and reported to the board and senior management on a regular and timely basis. Management reports are expected to provide a comprehensive view (on a solo and consolidated basis) of the bank’s risk profile and allow the identification, prevention and timely correction of risk control and management deficiencies During specific examinations (VEs), supervision teams assess the clarity, quality, timing and regularity of reports of the risks taken (e.g. risk market - MSU 4.30.10.50.02.03 -, liquidity risk - MSU 4.30.10.50.02.02 -, credit risk MSU 4.30.10.50.01.01). This includes the adequacy of the reports for the board and senior management’s. This assessment is also regularly performed in SRC, when the oversight of a specific control of a specific risk is evaluated, in addition to the ARC routine on strategic risk control with a broader approach. Moreover, the ARC routine on corporate governance add additional precision to this evaluation. For more detailed supervisory procedures, please see EC1. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,22 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | According to Resolution CMN 4,557 of 2017, the risk management structure must comprise adequate board approved policies, procedures and controls to ensure a prior identification of risks inherent to:
Regulation states that the board must approve relevant changes, induced from these risks in risk management policies and strategies, as well as in systems, routines and procedures. The supervision process takes in consideration the new product approvals when conducting examinations, including policies, processes, authorizations, reviews, testing, etc. In the deeper examinations (VEs - e.g. risk market - MSU 4.30.10.50.02.03 -, liquidity risk - MSU 4.30.10.50.02.02), the supervision teams ask for an inventory of recently approved or reviewed products together with their dossiers. A sample is selected and its documents are compared to the new product approval or review policy in order to check whether the specific risk under evaluation has been considered. The conclusions feed the SRC process. For more detailed supervisory procedures, please see EC1. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Resolution CMN 4,557 of 2017 requires the periodical submission of risk and capital management processes to internal auditing. Regulation also requires that risk management must be performed by a specific unit, segregated from business units and from the unit that conducts the internal audit. The unit must be sufficiently staffed by members with certified expertise and qualification in managing risks. The institution must establish adequate conditions for the independence of the CRO and for the CRO’s direct and exclusive access to the risk committee, to the CEO and the board. The CRO access to all information deemed necessary to fulfill the job’s responsibilities must be ensured. VEs focused on the management of specific risks assess if risk management function is independent, equipped with sufficient resources and has the recommended authority to challenge front office decisions up to the highest levels of the bank. Credit risk (MSU 4.30.10.50.01.01), market risk (MSU 4.30.10.50.02.03), liquidity risk (MSU 4.30.10.50.02.02), operational risk (MSU 4.30.10.50.11) and corporate governance (MSU 4.30.10.50.06.01) examinations are examples of such inspections. Moreover, this is also evaluated on SRC, through specific risk control ARCs. Internal audit reviews and findings on risk management are taken into consideration when VEs are performed. In SRC, this issue is evaluated by ARC routines on control of specific risks (e.g. liquidity risk control, market risk control, operation risk control, etc.). A more comprehensive view of the internal audit unit is assessed by the ARC routine on strategic risk control. For more detailed supervisory procedures, please see EC1. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | According to Resolution CMN 4,557 of 2017, institutions must appoint a CRO responsible for the risk management specific unit. The CRO’s responsibilities, which must be stated in the institution’s bylaws, include:
Provided the absence of conflicts of interest, the CRO may perform other functions in the institution, including those related to the capital adequacy assessment. The board must approve both the appointment and the dismissal of the CRO. The dismissal of the CRO must be timely disclosed on the institution’s website, and the reasons for such removal must be communicated to BCB, which may require additional information. Resolution CMN 3,380 of 2006, Resolution CMN 3,464 2007, Resolution CMN 3,721 of 2009 and Resolution CMN 4,090 of 2012 already prescribed the appointment of a member of senior staff to be responsible for risk management. The appointed person must not perform activities that give rise to a conflict of interest with risk management activities. Most of the larger and more complex banks already had a dedicated risk management unit overseen by a CRO before such a requirement by Resolution CMN 4,557 of 2017. Although the previous regulation on specific risks (i.e. operational risk, market risk -including IRRBB, credit risk and liquidity risk) required the appointment of a senior management member to be responsible for that specific risk, the appointment of a single person was a common practice. VEs on specific risks and on corporate governance (MSU 4.30.10.50.06.01) conducted deeper analyses and more robust conclusions on the role of members in charge of risk management functions, including the CRO. This is also seen on specific risks and on strategic risk controls by ARC routines in SRC. An ARC routine on corporate governance currently under implementation will add a strengthened focus on that assessment. Even though the public disclosure of a dismissal of the CRO and the communication of such event to BCB were not required until Resolution CMN 4,557 of 2017, supervision teams have been receiving information on the reasons for changes in the risk management function. Supervision teams regularly meet members of the boards and high-level committees’ (e.g. audit committee, compensation committee) of supervised entities and are able to get their perspectives on risk management members and functions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Regulation on risk management comprises requirements for the implementation of a structure for continuous and integrated risk management according to Resolution CMN 4,557 of 2017, effective from August 2017 for institutions allocated to S1, and from February 2018 for institutions allocated to S2, S3, S4 or S5. Resolution CMN 4,557 of 2017 requires the implementation of a structure for risk management that covers operational risk (formerly addressed by Resolution CMN 3,380 of 2006), market risk and interest rate risk in the banking book (formerly addressed by Resolution CMN 3,464 of 2007), credit risk (formerly addressed by Resolution CMN 3,721 of 2009), liquidity risk (formerly addressed by Resolution CMN 4,090 of 2012), socio-environmental risk (addressed by Resolution CMN 4,327 of 2014) and other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). Banking Supervision Department is working along with other departments to make its standards public, in a summarized version of SRC guidelines. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | According to Resolution CMN 4,557 of 2017, the integrated risk management structure must comprise clearly documented policies and strategies for business continuity management. The policies for the business continuity management must establish:
Institutions are also required to have in place liquidity and capital contingency plans. Such plans must be regularly reviewed and establish clearly defined and documented responsibilities, strategies and procedures to face stress conditions. The board is responsible for approving and reviewing, at least annually, the business continuity policies, the liquidity contingency plan and the capital contingency plan. Resolution CMN 4,557 of 2017 also requires the implementation of a stress test program, and the use of its results in identifying, measuring, evaluating, monitoring, controlling and mitigating risks. Stress test results must be considered in strategic decisions, revision of risk appetite levels, revision of policies, strategies and limits established for risk and capital management purposes. Such results must also be considered in the assessment of the institution’s capital and liquidity, as well as in the development of contingency plans and recovery plans, as established by Resolution CMN 4,502 of 2016. Information on corporate risks must result in consistent and concise management reports that meet the needs of the board and the board of directors, and must be regularly and timely delivered. Management reports should provide a comprehensive view of the bank’s risk profile and allow the identification, prevention and timely correction of risk control and management deficiencies. Resolution CMN 2,554 of 1998 generally addresses the monitoring reports, while other Resolutions explicitly state the need to issue reports to the senior management. All banks must have specific contingency plans related to liquidity, capital and operational issues. Those plans are assessed during examinations (VEs) regarding liquidity risk (MSU 4.30.10.50.02.02), capital management (MSU 4.30.10.50.30) and operational risk (MSU 4.30.10.50.11) with a deeper and more focused view. Aspects like feasibility of actions or sources, timing of decisions, dedicated governance and regular tests (if that is the case, like operational risk contingency plans) are examined. In the SRC, these plans are also evaluated by ARCs routines on liquidity risk control, operational risk control and strategic risk control. According to Resolution CMN 4,502 of 2016 financial institutions with a critical role23 or significant level of exposures in the Brazilian Financial System24, must prepare a recovery plan with the objective of restoring appropriate levels of capital and liquidity and preserving their viability, in response to stress situations. The recovery plan should contain, at a minimum, a detailed description of the following items:
The BCB may determine the inclusion, in the recovery plan, of other activities, operations or services performed by an entity, other indicators and additional information in the monitoring program and of additional stress scenarios and the execution of stress tests that consider such scenarios. BCB may also determine the total or partial execution of the recovery plan. Despite the fact that Resolution CMN 4,502 of 2016 established a phased-in schedule for submiting recovery plans to BCB ending on December 31st, 2017, supervision teams have already started evaluating documents prepared so far (e.g. on definition of senior management member in charge of recovery plan, definition of critical roles, etc.). In addition, in cases where a financial institution has prepared a recovery plan following a parent company model or a home supervisor decision, BCB supervision team has been examining those documents. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC13 |
The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing program and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing program:
The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing program or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC13 | Resolution CMN 4,577 of 2017, requires the risk management structure in banks must include a stress test program that complies with the following requisites:
Regulations require banks to use the stress test results in:
Regulation also states that the complementary use of the stress test program in assessing the adequacy and robustness of the assumptions and methodologies related to models must be ensured. The senior management and the board must be actively involved in the stress test program, indicating guidelines and approving scenarios when the scenario analysis methodology is required. The board is responsible for approving and reviewing, at least annually, the stress test program. Desup performs regular evaluation of stress test processes performed by banks on specific risks when VEs are conducted. Consideration of stress test results by senior management and the board is also assessed (e.g. market risk - MSU 4.30.10.50.02.03, liquidity risk - MSU 4.30.10.50.02.02, credit risk - MSU 4.30.10.50.01.03). Supervision teams’ findings are communicated to the bank’s staff, who must come up with a working plan to correct identified shortcomings. The assessment of stress tests is included on the SRC, at the corresponding ARC routines on risk control (e.g. market risk control, liquidity risk control, etc.). During the review of ICAAP reports, deficiencies on stress tests’ concepts, tools, scenarios and model outputs are gathered in a comprehensive evaluation of the process. Those findings are then informed to the bank’s staff, which must adjust identified deficiencies until the following report. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC14 | The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC14 | Regulations require the risk management structure must comprise adequate policies, procedures and controls to ensure prior identification of risks inherent to:
Regulation states that the board must approve relevant changes, induced from these risks in risk management policies and strategies, as well as in systems, routines and procedures. When a special examination (VE) is performed, supervision teams are required to verify if the new products are assessed from a risk perspective. The process includes requesting the list of all products approved in previous years and dossiers of their approval process. A sample is selected allowing examiners to evaluate if the internal new product approval policy has been followed and if risk management areas have assessed its impacts. Lack of evidence of this assessment is reported to bank’s staff and a correction plan must be designed. In the SRC quantitative evaluation, supervisory teams analyze the results obtained vis-à-vis the risk taken. In a financial and economic assessment (ANEF) of results - specifically P&L -, the supervision team measures the performance of the bank in diverse ways, including a RORWA (return on risk weighted assets). This metric considers the bank P&L based on the amount of risk the bank has assumed, on a standardized calculation. This allows the supervisors to assess the extent to which risk has been priced into the products and business activities. The RORWA is also compared with the return of the bank’s cluster, which provides for a comparison among peers to supervision teams. In addition, managerial figures are also considered when the ANEF results are being completed. In this case, RAROC figures are also assessed to grant the bank an overall grade. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Resolution CMN 4,557 of 2017 requires the implementation of a risk management structure that covers operational risk (formerly addressed by Resolution CMN 3,380 of 2006), market risk and interest rate risk in the banking book (formerly addressed by Resolution CMN 3,464 of 2007), credit risk (formerly addressed by Resolution CMN 3,721 of 2009), liquidity risk (formerly addressed by Resolution CMN 4,090 of 2012), socio-environmental risk (addressed by Resolution CMN 4,327 of 2017) and other risks deemed material according to criteria defined by the institution itself, including those risks not considered in the calculation of the risk-weighted assets (RWA). Regulations require banks’ ICAAP reports to include their strategies and procedures to manage other risks not addressed in the Supervisory expectations report, with explicit reference to reputational, strategic and contagion risks. The supervision team is required to confirm the adequacy of the procedures established by the board and conducted by the risk management unit for a continuous monitoring of the effectiveness of the strategic risk control. The SRC handbook also provides guidance to the supervisors for the evaluation of contagion risk, reputational risk, strategic risk, IT risk, money laundering risk and consumer relations’ risk. Additionally, the SRC requires supervisors to consider the interaction between different types of risk. The ANEF states that “Pilar 2 risks” should impact the evaluation on the adequacy of capital held by the bank. Also, the ARC routine on strategic risk control assesses banks’ processes for identifying material risks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 15 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory and supervisory frameworks come together collectively to promote a comprehensive risk management culture and frameworks in the banks operating in Brazil. The frameworks are required to be compliant with the key elements of risk management (identify, measure, monitor and manage) and also are required to be comprehensive in scope to cover all material risks, in proportion to their materiality, and the risk profile and systemic relevance of the institutions. This is achieved in some degree with the adoption of the segment approach. The regulations are comprehensive and explicitly establish detailed expectations for credit, market, operational and liquidity risk management frameworks and the related governance frameworks. While the work on recovery and resolution planning is progressing for the large banks, the stress testing and contingency planning requirements help in assessing the resilience and preparedness in the other banks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 16 | Capital adequacy.25 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC 1 | Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The BCB implemented Basel II in Brazil in 2007. The regulations established a minimum total regulatory capital ratio of 11 percent, i.e., 3 percentage points above the 8 percent minimum set out in the Basel II framework. The regulations covered all financial institutions, including all deposit-taking banks operating in Brazil. The BCB introduced its regulations that implemented Basel 2.5 with effect from 1 January 2012, in line with the globally agreed timeline. BCB implemented Basel III with effect from 1 October 2013. The regulations cover the revised definition of capital, capital requirements, capital buffers, credit valuation adjustments (CVA), exposures to central counterparties (CCPs), securitizations, and Pillar 3 (Market Discipline). Regulations issued in 2015 define the computation methodology of th Systemic buffer (effective 2017), the Countercyclical Basel III Buffers (currently at zero percent) and the Basel III leverage ratio (effective 2018). The timeline for implementation was slightly later than the globally agreed start date of January 1, 2013 but includes accelerated transitional arrangements such that Common Equity Tier 1 (CET1) of 4.5 percent is the minimum from 1 October 2013 (compared with Basel III phase-in arrangements that require a CET1 minimum of 3.5 percent in 2013). At the same time, there is also a corresponding reduction in Brazil’s current 11 % total minimum capital requirement to bring it into line with the Basel minimum of 8 percent by 2019. Please see Table 2 below for the minimum capital requirements established under the regulations. Table 2. Minimum Risk-Based Capital Requirements During the Implementation Period Table 2. Minimum Risk-Based Capital Requirements During the Implementation Period
In February 2017, BCB issued regulations on capital management that are applied in a graded manner to institutions belonging to the segments S1 to S5. While the definitions of capital, Pillar 1 capital requirements and the SREP under Pillar 2 apply to all segments, the Pillar 2 ICAAP applies only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. The current definition of regulatory capital is established by Resolution CMN 4,192 of 2013 and the minimum required amount in each category of regulatory capital (PR), according to Basel III definitions, is defined by Resolution CMN 4,193 of 2013. Besides, Resolution CMN 4,193 requires explicitly the computation and maintenance of an amount of capital to face the interest rate risk in the banking book (IRRBB), while Resolution CMN 4,557 of 2017 (issue formerly addressed by Resolution CMN 3,988 of 2011) requires banks to assess and maintain capital to face all relevant risks to which a bank is subject. Circular BCB 3,768 and Circular BCB 3,769, both of 2015, define respectively the computation methodology of the Systemic and the Countercyclical Basel III Buffers. This set of regulations is compliant with Basel III criteria, both in terms of composition requisites and loss-absorbing characteristics. These regulations apply to all banks operating in Brazil. With effect from August 2017, the capital adequacy requirements for prudential conglomerates apply at the level of the prudential conglomerate (consolidated) and are not required for the solo banks that may be included in the prudential conglomerate. In addition to the financial institutions, the scope of prudential consolidation includes all financial-related entities and vehicles that can bring risks to the economic group. Such entities include payment institutions, private equities, securitization companies, factorings and funds with material retention of risks and benefits. Five banks in Brazil have been determined as D-SIBs, and are required to establish a systemic capital buffer, which is in transition stage. (See Table 2) While the BCB is yet to establish hard-wired thresholds by reference to which an institution might be subject to supervisory action, with reference to the minimum capital requirement, the regulations do provide for dividend pay-out restrictions and compensation limits when the institution breaches the capital conservation buffer and the countercyclical buffer. The supervisors do not see a need for additional hard-wired threshold, a breach of which would trigger a supervisory response. They are comfortable with the current framework as it allows them to engage with the bank even before there is a breach of a formal threshold, if it were to be in place. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | At least for internationally active banks,26 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | As mentioned under EC1, the capital thresholds, risk coverage, capital definition and the methodology to calculate the minimum capital required are in alignment with the Basel III norms and are applied to all licensed banks or the prudential conglomerates to which they belong. Brazil underwent an assessment under the Regulatory Consistency Assessment Program (RCAP) of the Basel Committee in 2013 and the Brazilian capital framework was considered “Compliant” with the Basel Committee minimum requirements. In Brazil, institutions with total exposure equal to or greater than 10% (ten percent) of the nominal Gross Domestic Product (GDP) of Brazil or total consolidated foreign assets equal to or greater than USD10 billion (considered as relevant international activity) are included in S1 segment. The capital regime applies in its entirety (Pillars 1, 2 and 3) to the S1 institutions. Some elements of the capital adequacy framework in Brazil can be seen to be more conservative than the Basel requirements. A few examples of the more conservative approach are:
Deferred Tax Assets As a result of the differences between the timing when a provision is established by the bank and when it is actually allowed as an expenditure for tax purposes, the banks recognize (in compliance with accounting standards) a ‘deferred tax asset’ (DTA). DTAs arise in Brazilian banks primarily because of loan loss provisions (about 55 percent of total DTAs out of aggregate gross DTAs of around R$280 billion). Instead of a full deduction, DTAs that arise from temporary differences (such as loan loss provisions), are allowed to be included in CET1 capital, up to 10 percent of the bank’s common equity. In Brazil, a law (No. 12,838 of July 2013), was introduced to allow banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. It is understood that about 3 banks that are under resolution have claimed compensation in lieu of DTCs for about R$ 450 million and are awaiting issue of the government securities. The claim of one bank (for R$ 36 million) has been recently approved by the Government. The Basel Committee’s Regulatory Consistency Assessment Program (RCAP) has assessed the prudential capital adequacy regulations in Brazil as Basel III compliant. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are therefore included in CET1 capital and constitute about 25 percent of CET1 capital. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)27 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | As per regulations, all banks are required to maintain capital for credit risk, market risk and operational risk. Though institutions were allowed the option of using the advanced approaches for credit risk and the AMA approach for operational risk, all are using the ‘standardised’ approach for credit risk, and either Basic Indicator Approach (BIA) or Alternative Standardised Approach (ASA) for operational risk. For market risk, only two institutions have been permitted to use the internal models approach, and the requests from two other institutions are under consideration by the BCB. In addition to the above, the BCB has advised all banks to maintain capital for interest rate risk in the banking book (IRRBB). While this is not a formal Pillar 1 (and therefore binding) requirement, the BCB assesses banks’ capital adequacy for supervisory purposes after taking into consideration the capital that may be required to support the institution’s exposure to IRRBB. Regulations require inclusion of on-balance sheet and off-balance sheet risks in the calculation of prescribed capital requirements (Resolution CMN 4,193 of 2013). BCB has the authority to impose, when required, preventive prudential measures like a reduction in the degree of risk of exposures, or an add-on to the minimum required regulatory capital, or more restrictive operational limits (Resolution CMN 4,019 of 2011). Since 2013, ten institutions that met the stipulated criteria were required to implement an ICAAP. The criteria were (a) have total assets over one hundred billion Reais, and (b) have been authorized to use internal models of market risk, credit risk or operational risk or are part of a financial conglomerate with total assets over one hundred billion Reais and composed of at least one multiple bank, commercial bank, investment bank, development bank, exchange bank or savings bank. With the introduction of the segmentation concept for banks (S1 to S5), 6 of these institutions are currently included in Segment 1 and hence are required to implement ICAAP. The ICAAP reports are reviewed annually by the supervisors when analyzing the banks’ capital adequacy. Based on the ICAAP analyses performed by the supervisor, the results of a quantitative analysis, opinion of capital expert teams and inputs from banks, the BCB has developed risks benchmark models for use in their Pillar 2 process. Very recently (September 2017), the BCB has established a Board of Governors approved process to assess and require a capital add-on under the Basel Pillar 2 principles. Under this process, two categories of quantitative Pillar 2 capital add-on are envisaged:
The add-on notification process would consist of two steps. At first, a bank will be informed about its weaknesses, either related to category 1 or 2 above. In case such weaknesses persist at the end of the next SRC cycle, the Pillar 2 capital add-on will be required. This process is expected to be initiated during the second semester of 2017. A breach of Pillar 2 add-on requirement is subject to the supervisory action prescribed in Resolution CMN 4,019 of 2012, which can include (a) more stringent controls or operational limits, (b) reduction of risk exposures, (c) limitation or cessation of (i) increase in managers’ compensation, (ii) payment of variable compensation to senior managers, (iii) dividends distribution, (iv) selected types of transactions, (v) deployment of new business lines, (vi) acquisition of financial or nonfinancial companies, and (vii) opening of new branches or subsidiaries. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The prescribed capital requirements reflect the risk profile and systemic importance of banks28 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | In Brazil, the risk based capital adequacy requirements and the leverage ratio requirements have been extended to all licensed banks. The modulation of the capital requirements according to the bank’s risk profile and systemic relevance is achieved through the extension of the SIB buffer and the Pillar 2 SREP process. However, the BCB is yet to feel a need to establish a higher minimum Pillar 1 capital requirement for any bank. Circular BCB 3,768 of 2015 sets the methodology for calculating the D-SIBs higher loss absorbance capital buffer established in Resolution CMN 4,193 of 2013. Circular BCB 3,769 of 2015 sets the procedures for calculating the Countercyclical Capital Buffer, established in Resolution 4,193, of 2013, and is designed to reflect the geographical location of a bank’s exposures. Please see description under EC1 and EC2 which lay out the adoption of a proportionate approach to implementation of the capital adequacy requirements. For all banks, capital adequacy is assessed in every supervision cycle through the Risk and Control Assessment System (SRC). The supervisor evaluates whether the institution’s capital is adequate to support the risks associated with current and foreseen levels of business activities. The SRC work is composed of two parts, which are spread over two parts across the whole supervision cycle of a bank.
Institutions failing to meet Pillar 2 requirements may be subject to regulatory action, including balance sheet deleverage and requirements to strengthen risk management as detailed in the description under EC3. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use:
if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Regulations allow banks to use, upon approval by the BCB, internal models for credit, market and operational risk assessment (Resolution CMN 4,193 of 2013). Methodologies for internal models (Circular BCB 3,646 of 2013 for market risk, Circular BCB 3,647 of 2013 for operational risk and Circular BCB 3,648 of 2013 for credit risk) are based on the qualifying standards set by the Basel Committee. The internal guidance issued by the BCB for the validation of models is conservative and requires that the standards be followed on an ongoing basis. After approval, the model evolution is followed-up by supervision regularly. In case a bank ceases to meet the qualifying standards or conditions imposed, the model authorization may be withdrawn, though that has not happened so far. As on date, two banks are adopting internal models for market risk assessment, and the requests from two other banks to use internal models for capital adequacy purposes are under processing. No bank has been authorised to use internal models for computing capital requirements for credit risk (IRB) and operational risk (AMA), though some banks at relatively early stages of planning and development of models for use in calculating regulatory capital. No formal applications have yet been received by the BCB for IRB and AMA. The supervisory approval process of a risk model is divided in four phases:
Supervisory capacity: The assessment of internal models by the BCB began in June 2010 -although the BCB experts began to study the subject and helped in regulation-making years before. Besides the team directly responsible for supervising a bank, the assessment is performed by three specialized teams:
Regulations have laid down clear and comprehensive requirements for banks’ validation processes. At the minimum, it includes an evaluation of methodologies, assumptions and theoretical foundations of the model, including the mapping of the positions and the pricing methods; accuracy and appropriateness of the assumptions of volatility and correlation; inclusion of all relevant risk factors; comprehensiveness, consistency, integrity and reliability of the input data of the model as well as the independence of their sources; ability to adequately consider the characteristics of new products that could impact the market risk of the institution; adequacy of compliance tests and stress tests, including the suitability of the reports and their use in the prediction of the measurement process, monitoring and managing market risk; adequacy of internal controls related to the model; adequacy of the technological infrastructure and the operation of the systems used in the model, including testing, approvals and certifications; compatibility of the calculations performed by the operating systems and the logic of the assumptions and methodologies used; integrity, completeness and adequacy of the documentation of the model, and content and scope of the risk measurement reports. Besides the above, there are additional requirements which establish the institution’s responsibility for the validation process, requires validation at least once in three years, test should include hypothetical portfolios, independence, insulation from pressures, documentation and reporting to the board. The requirements mentioned above are broadly presented in regulation (Circular BCB 3,646 of 2013), and are detailed in the supervisory guideline “Internal Validation”. Regulations also establish several requirements for the internal audit review, (also defined in Circular BCB 3,646) that must include, at least, checks on the effectiveness of the validation process; checks on process validation in the case of relevant changes in the risk model or the risk profile of the institution; organization of the management structure of market risk; integration of the internal model to the daily management of activities subject to market risk, including stress testing; backtests and their effective use in reviewing the performance and improvement of the model; compliance with risk management policies, including structural limits and related policies; sufficient and technically qualified professionals in the areas of business, operational, risk management, information technology, as well as any others involved in the development, validation and use of the internal model; integrity and adequacy of management information systems; involvement of the senior administration in the market risk management process and timeliness and quality of information provided to the board. Moreover, the internal audit must be independent from the teams responsible for development, use and validation of the risk model. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).29 The supervisor has the power to require banks:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Regulations require that banks must implement a capital management framework commensurate with the nature of their operations, the complexity of their products and services, and the dimension of their risk exposure. Capital management is defined as the continuous process of monitoring and controlling the capital held by the institution, evaluating the capital necessary to face the risks that the institution is subjected to; and planning of capital target and necessity, considering the strategic objectives of the institution. While managing its capital, the institution must embrace a prospective behavior, forecasting capital needs due to possible changes in market conditions. The capital management framework must, at the minimum, include (a) mechanisms which enable the identification and evaluation of the relevant risks faced by the institution, including those not covered under regulations, (b) clearly documented policies and strategies for capital management, establishing mechanisms and procedures aimed at maintaining the capital compatible with the risks faced by the institution, (c) capital plan comprising a minimum three-year horizon; (d) stress testing and the assessment of its impacts on capital; (e) periodic reports to the senior management and the board on capital adequacy; and (f) Internal Capital Adequacy Assessment Process (ICAAP). The capital plan, mentioned above, must be consistent with strategic planning and include, at least, (a) capital target and capital projections, (b) main capital sources of the institution; and (c) a capital contingency plan. (Res 3988 of 2011, Art 3 to 5) With the issue of the revised regulations on capital management (Res 4557 of 2017) institutions allocated to segments S1, S2, S3 and S4 must implement a structure for the management of capital that aims at (a) monitoring and controlling the capital held by the institution; (b) assessing the capital deemed necessary to face the risks incurred by the institution; and (c) planning capital targets and needs, considering the institution’s strategic goals. The revised requirements for capital management frameworks include (a) clearly documented policies and strategies for capital management, establishing procedures aimed at maintaining total regulatory capital, Tier 1 and the CET1 compatible with the risks faced by the institution; (b) systems, routines and procedures for capital management; (c) assessment of the impacts on the institution’s capital as indicated by the stress tests results; (d) a capital plan; (e) a capital contingency plan, establishing responsibilities, strategies and procedures; to be periodically revised, clearly defined and well documented; to face stress conditions; (f) a capital adequacy assessment; (g) timely reports for the senior management, the risk committee and the board on deficiencies in the capital management framework and actions to address them and adequacy of the levels of PR, Tier I and CET1 considering the risks incurred by the institution. Regulations require that banks’ risk management structure must include a stress test program that complies with the following requisites, among others (Resolution 4,577 of 2017) (a) encompass all material risks, including risk concentrations, (b) use of assumptions and parameters that are adequately severe, (c) for institutions allocated to S1, S2 and S3 (i) be performed in an integrated manner across risks and business areas, (ii) consider different levels of aggregation of exposures and the prudential conglomerate as a whole, and (iii) consider adverse effects arising from interactions between risks. Regulations also require that the stress test results must be considered, among others, in (a) the revision of risk appetite levels, (b) the revision of the policies, strategies and limits established for risk and capital management purposes, (c) the assessment of the institution’s capital and liquidity, as well as in the development of contingency plans, (d) the capital adequacy assessment and (e) the preparation of recovery plans. Supervisors review institutions’ capital adequacy and capital management framework during the supervisory cycle through periodical on-site visits and by engaging with their senior management and board of directors. The banks’ capital management plans are reviewed as part of the SREP and review of the ICAAP, with reference to the institutions’ business plans and stress testing results, as well as with reference to the results of the stress testing undertaken by the BCB. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | In terms of regulations, the capital definition, risk coverage and the methodology to calculate the minimum capital requirements according to Basel recommendations apply to all institutions licensed by the BCB. With respect to non-banking institutions, only credit cooperatives may adopt a simplified methodology for the assessment of required regulatory capital, as long as they meet the following conditions (Resolution 4,194 of 2013):
Currently, Resolution 4,194 of 2013 is under review. The scope of institutions allowed to use a simplified methodology for the assessment of Regulatory Capital is likely to be extended. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC2 | The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.30 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC2 | Regulations and supervision do not explicitly require distribution of capital among the different entities belonging to the prudential conglomerate. Compliance with the regulatory capital requirements is verified on a consolidated basis, for institutions in the same prudential conglomerate (Resolution CMN 4,280 of 2013). As per the supervisory processes adopted by the BCB, the supervisors perform contagion analyses to assess the risks to the supervised institution arising from their group entities that form part of the prudential conglomerate and not necessarily focused on the adequacy of the capital at the entity level with reference to the level of it risk exposures. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 16 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | Banks in Brazil are implementing the Basel III capital requirements and the capital rules have been assessed as compliant by the Basel Committee. Instead of a full deduction, Basel III allows DTAs that arise from temporary differences (such as loan loss provisions to be included in CET1 capital, up to 10% of the bank’s common equity. In Brazil, law (No. 12,838 of July 2013), allows banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are included in CET1 capital and constitute about 25 percent of CET1 capital. Banks are on the transition path and expect to fully transition by 1 January 2019. While the definitions of capital, Pillar 1 capital requirements, and the SREP under Pillar 2 apply to banks in all segments, the Pillar 2 ICAAP applies only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. All banks are required to maintain capital for interest rate risk in the banking book, but not as a binding requirement. At present the prudential capital requirements apply only at the consolidated level, at the level of the prudential conglomerate. BCB is yet to establish thresholds with reference to which it might trigger a supervisory action. Areas for improvement can be: (a) require the individual banks within the prudential conglomerate to also comply with the capital requirement at the solo level; (b) require the prudential conglomerates to ensure adequate distribution of capital within the different entities in the conglomerate according to the allocation of risks; (c) establish thresholds by reference to which supervisory action might be triggered, preferably before breach of the minimum requirements. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 17 | Credit risk.31 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk32 (including counterparty credit risk)33 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The requirements for risk management functions and activities are prescribed by both the Banking Law (Law 4,595 of 1964) and Resolutions of the National Monetary Council (CMN). The Banking Law grants CMN the legal powers for establishing rules on governance structures in addition to the general rules in corporate legislation (Law 6,404 of 1976). Relevant CMN regulation includes:
Regulations (Res CMN 3721) define credit risk as the possibility of losses associated to a failure of a borrower or counterparty to meet financial obligations in the contracted terms, to a devaluation of a credit contract resulting from a deterioration in the risk rating of the borrower, to a reduction in earnings or remuneration, to advantages granted in a renegotiation and to recovery costs. The definition of credit risk comprises, among others, counterparty credit risk, country risk, the possibility of disbursements to honor guarantors, bails, co-obligations, credit commitments or other operations of a similar nature, and the possibility of losses associated with the non-compliance of financial obligations under the terms contracted by an intermediary or convening party in credit operations. The credit risk management framework must allow the identification, measurement, control and mitigation of the risks associated to each individual institution and to the financial conglomerate, in the scope of the Accounting Plan for Financial Institutions (Cosif), as well as the identification and monitoring of the risks associated with other companies of the wider group. Regulation CMN 3721 of 2009 lays down the requirements of a credit risk management framework in the supervised institutions that include the following:
Resolution CMN 4,019 of 2011, which empowers BCB for imposing prudential preventive measures in face of misconduct, inadequate risk management, insufficient internal controls or capital and solvency problems. Supervisory procedures guide the assessment of the framework for credit risk management and require supervisors to take into consideration the size and the complexity of the institution, as well as the nature and the dimension of its credit risk exposures. Supervision of credit risk also entails the review of the institution’s risk appetite and business strategy through a series of interviews with senior management, audit committee members, and the risk management and internal controls staff. Supervisors also assess whether the credit granting process and credit growth plans are commensurate with the policies, procedures, controls and risk appetite of the institution. Please see description under EC2 for more details on the approach to supervision of the credit risk management frameworks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,34 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1. Regulations (Res. CMN 3721 of 2009) also require that:
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for credit risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. Supervisory procedures guide the assessment of the framework for credit risk management and require supervisors to take into consideration the size and the complexity of the institution, as well as the nature and dimension of its credit risk exposures. Supervision of credit risk management also entails the review of the institution’s risk appetite and business strategy through a series of interviews with senior management, audit committees, and the risk management and internal controls staff. Supervisors also assess whether the credit granting process and credit growth plans are commensurate with the policies, procedures, controls and risk appetite of the institution. Examination procedures include assessment of credit risk management from the perspectives of control framework; identification, evaluation and assessment; specific controls; monitoring; and communication and information. Examination procedures aim at assessing whether risk management can effectively identify and measure credit risk and establish strategies to control and mitigate such risk. The assessment targets routines and procedures which aim at identifying, measuring, managing and mitigating credit risk exposures, including the following aspects, among others, (a) credit risk management structure, (b) credit committees, (c) policies, strategies and risk appetite, (d) credit lifecycle, (e) estimation of expected credit losses and provisions, (f) credit portfolio management and (g) models and IT systems. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 and EC2 for details of the regulatory framework for credit risk management and for the approach to its supervision. In addition to the above, supervisors also regularly conduct continuous off-site monitoring, which includes at least the following sources of information:
The database and information used by the BCB Monitoring Department is drawn from (a) the periodical accounting data and the regulatory capital reports received from the supervised institutions, (b) the data from the custody agents, clearings and settlement systems and trade repositories, and (c) BCB Credit Information System (SCR). For the supervision of the credit risk management systems, the SCR is an extremely important source of information. It has historical data on loans and other credit exposures, including credit risk ratings, collateral and expected credit loss ECL provisions. Data is available on a per-operation basis for counterparties with a total exposure larger than BRL200. Otherwise, data is consolidated on a per-type basis. Based on all this information, BCB Monitoring Department is able to generate credit risk metrics at the level of individual exposures, individual financial institutions and comparative data for peer group clusters, which are then monitored for detecting credit risk events such as (a) underperformance in credit portfolios, (b) overexposure or deterioration in credit risk profile, (c) insufficient provision, (d) capital inadequacy, and (e) regulatory arbitrage or misconduct in face of laws and regulations. Supervisors have full access to credit risk metrics as well as to risk monitoring tools and reports, which can be either automatic (e.g., the MRC report) or produced by analysts of the BCB Monitoring Department. The specific concerns and key risk indicators are reported to on-site supervisors and periodically reported to the heads of the supervision and the monitoring departments at BCB. Through the above monitoring and supervisory processes, the supervisors are able to challenge and verify the adequacy and efficacy of the systems and processes, including information and control systems, in establishing an appropriate and controlled credit risk environment in the supervised institutions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC1 and EC2 for details of the regulatory and supervisory approaches and practices with regard to credit risk management in the supervised institutions. Resolution CMN 4,557 of 2017 and Resolution CMN 3,721 of 2009 constitute the specific regulatory framework for this EC. These resolutions require:
Besides the financial capacity of the borrower, the credit risk assessment must take into consideration key risk factors that may lead to underperformance of the credit exposure. The factors that need to be considered by the financial institutions are presented in the above regulations. In addition, Resolution CMN 2,682 of 1999 also establishes the minimum set of risk factors that shall be considered for assessing credit risk of loans, leasing operations and other receivables with loan characteristics. Resolution CMN 4,007 of 2011 requires the financial institutions to reckon the same set of risk factors for assessing credit risk exposure in other financial instruments. Resolution CMN 4,557 of 2017 includes an explicit requirement regarding unhedged foreign exchange risk as a credit risk factor. The financial institutions are able to source a significant level of credit risk background information on the counterparties from the BCB credit registry, but these are supplemented by the information available in the counterparty’s financial statements and relevant notes that support them. Examination procedures require supervisors to review and assess compliance with the regulatory requirements and internal policies, procedures and limits. (MSU 04-30-10-50-01-01) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under CP20 regarding the transactions with related parties and CP26 regarding the internal controls and internal audit, which deal with conflict of interest issues and the framework to address these. Regulations (Resolutions CMN 4,557 of 2017, 3,721 of 2009 and CMN 2,554 of 1998) forbid the CRO, risk management directors and senior risk management staff to engage in or supervise activities that may involve conflicts of interest, for example, being part of credit risk management or internal audit, while engaging in granting of loans. The conflict of interest element with particular reference to transacting with related parties or overseeing transactions with related parties is, however, less explicit. Supervisory procedures (MSU 04-30-10-50-01-01) require supervisors to verify and satisfy themselves that the credit origination and the credit risk management activities are adequately segregated. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | While the regulation Res. CMN 3721 is not explicit about the requirement pertaining to the deciding authority for large or risky exposures, Res. CMN 4557 that became effective for S1 banks in August 2017 and will become effective for the other banks from February 2018 requires the board or senior management to decide on exposures that:
However, even prior to Resolution 4557, the examination procedures (MSU 04-30-10-50-01 -01, Section 3.1 (Control Framework)) require the supervisors to verify that policies and strategies for credit risk management establish that the board of directors or, in its inexistence, the senior management, deliberate on the assumption of exposure to credit risk: a) the value of which exceeds previously established quantitative limits, both in absolute values and in percentages of shareholders’ equity; or (b) incompatible with the institution’s risk profile or with the products and services it offers. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Banking Law (Law 4,595 of 1964) also grants BCB access to all data kept by financial institutions deemed necessary for supervisory activities. In addition, Complementary Law 105 of 2001 establishes that bank secrecy provisions do not apply to BCB while carrying out supervisory duties. Supervisors have extensive access to information through both on- and off-site supervisory processes. Such information is used in the continuous assessment of risk exposure and risk management capacity. Documentation regarding the implementation of the framework for credit risk management must be available to BCB by force of Resolution CMN 3,721 of 2009, Resolution CMN 4,557 of 2017, and Resolution CMN 2,682 of 1999. Institutions must also periodically send information to BCB, including accounting and regulatory capital reports, as well as data on credit risk exposures to the SCR (Resolution CMN 3,658, of 2008). BCB has full access to data from the Brazilian settlement system, the major part of which is also administered by the BCB itself, as well as from custody and clearing systems and other settlement systems. BCB may request information on cross-border operations that are carried out by subsidiaries and business units in foreign countries (Resolution CMN 2,723 of 2000). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor requires banks to include their credit risk exposures into their stress testing programs for risk management purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Resolution CMN 4,557 of 2017 and Resolution CMN 3,721 of 2009 constitute the specific regulatory framework for stress testing in banks. Please see description under EC1 of this CP and EC13 of CP15 regarding the stress testing frameworks required under regulations. The supervisory procedures also require supervisors to review the stress testing frameworks and the use of the stress testing outcomes by the banks. (MSU 04-30-10-50-01-01, Section 3.3.4 (Monitoring), item 3.3.4.3, also hold). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 17 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment | The regulatory and supervisory requirements for credit risk management frameworks combine well to assure adequate and well-functioning frameworks in the supervised institutions. These requirements are well supported by periodical monitoring and analyses of banks’ credit risk exposures that equips the supervisors to challenge the banks’ systems and verify the outputs or outcomes of the banks’ risk management systems. At the same time, as can be seen in this CP and the other credit risk related CPs, there are a few areas that can be improved, and these have been specified in the relevant credit risk related CPs. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 18 | Problem assets, provisions and reserves.35 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.36 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under CP17 for details pertaining to the requirements under laws and regulations regarding the credit risk management frameworks in supervised institutions. Regulations require that the credit risk management frameworks in financial institutions must prescribe, among other things, the following that are relevant for the identification and management of problem assets (i) estimation, according to consistent and prudent criteria, of losses associated with credit risk, as well as comparisons of their estimated values with the losses actually incurred, (ii) procedures for debt recovery, (iii) the adequacy of the provisioning compatible with the credit risk assumed by the institution; (iv) evaluation of operations subject to credit risk, taking into account market conditions, macroeconomic prospects, changes in markets and products and the effects of sector and geographical concentration, among other factors, (v) establishment of clearly defined and documented criteria and procedures, accessible to those involved in the process of granting and managing credit, for, among others, (a) credit risk appraisal prior to granting, (b) granting of credit facilities or assumption of credit risk exposures, (c) renegotiation of transactions subject to credit risk, (d) periodic evaluation of the degree of sufficiency of the collateral, and (e) the detection of signs and prevention of deterioration in the quality of operations based on credit risk; (vi) classification of operations subject to credit risk, based on consistent and verifiable criteria, according to the following aspects (a) economic and financial situation, as well as other updated personal information on the borrower or counterparty; (b) use of instruments that provide effective credit risk mitigation associated with the operation; and (c) period of delinquency in meeting the financial obligations under the contracted terms, (vii) documentation and storage of information related to losses associated with credit risk, including those related to credit recovery (Res 3721 of 2009). The requirements in this regard have been revised with the issue of the regulations on integrated risk and capital management in February 2017 (Resolution CMN 4,557 of 2017), which have become effective for S1 banks in August 2017 and will become effective for other banks in February 2018. In terms of these regulations:
Regulations (Resolution CMN 2,682 of 1999) also require institutions to rate their exposures as per prudential norms, which in brief require institutions to:
Specific asset rating requirements established by Resolution CMN 2,682/1999 applies only to loans, lease operations and other operations with characteristics of credit risk. For the remaining credit risk exposures, however, supervisors may apply the same requirements whenever they consider appropriate (based on Resolution CMN 4,007/2011). The prudential rating and related provisioning requirements are summarized in Table 3 below: Table 3. Minimum Provisioning Requirements National Monetary Council Resolution n. 2,697 of 2.24.2000. Until 3.31.2000 applies to borrowers with balances above R$500 thousand, and until 7.31.2000 also to borrowers with credit balances between R$50 and R$500 thousand. Exceptions for certain types of credits apply. Credit operations classified in level H have to be transferred to Compensation Account—debit in the loan-loss account—six months after being assigned this risk level. Table 3. Minimum Provisioning Requirements
National Monetary Council Resolution n. 2,697 of 2.24.2000. Until 3.31.2000 applies to borrowers with balances above R$500 thousand, and until 7.31.2000 also to borrowers with credit balances between R$50 and R$500 thousand. Exceptions for certain types of credits apply. Credit operations classified in level H have to be transferred to Compensation Account—debit in the loan-loss account—six months after being assigned this risk level. hile the above table seems to suggest a strict application of those norms for classification, there is room for flexibility, as presented below:
As per the revised regulations that became effective in August 2017 for S1 institutions, they are required to treat restructured exposures as problem assets (Resolution CMN 4,557 of 2017). These regulations have introduced a distinction between renegotiation and restructuring, whereby restructuring is one type of renegotiation.
These regulations will become effective for other institutions in S2 to S5, from February 2018. Until then, for renegotiated exposures, which includes forborne exposures, regulations establish that they cannot be assigned a better risk classification until there is significant amortization or when new relevant facts are presented, such as new, liquid and sufficient collateralization (Resolution CMN 2,682/1999). As per regulations, institutions cannot recognize through Profit & Loss account interest on loans that are past-due for 60 days or longer (Resolution CMN 2,682/1999). However, banks can accrue interest on non-performing loan if they do not meet the 60-days past-due criteria. In such cases, the corresponding “accrued, though unpaid” interest can enter the income statement. Nonetheless, such interest shall be taken into account when estimating the expected credit losses for provisioning purposes. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for regulatory requirements on grading and classifying assets, for establishing appropriate and robust provisioning levels and banks’ policies and processes in this regard. The revised regulations (4557 of 2017), which have become effective for S1 banks from August 201 and will become effective from February 2018 for the other banks, explicitly require banks to have a framework for estimating the expected losses, which must consider:
The revised regulations also require that the expected loss estimate must be revised
These requirements are an improvement over the previous regulations, which were silent on these aspects. BCB’s on-site inspections have two major goals: (i) compliance with regulation and assessment of adequacy and efficacy of the risk management frameworks in the supervised institutions in order to ensure that they hold sufficient provisioning to face expected credit losses; and (ii) avoid overexposure to credit risk. During on-site inspections, supervisors verify whether a comprehensive set of credit risk factors is considered by the institution when assigning and reviewing risk ratings. A sample of exposures is selected for examination, and supervisors assess the compliance with regulation, the borrowers’ creditworthiness and the adequacy and sufficiency of guarantees and collateral. Their conclusions are compared with the analysis carried out by the bank’s risk management framework, which includes the credit classification. Samples are selected randomly or based on evidence found in the Credit Information System (SCR). Information from public sources (press, rating agencies, etc.) may also be employed. Selected samples generally include borrowers whose exposures are not performing or face relevant credit deterioration in other financial institutions, which have not yet been observed in or by the financial institution under inspection. On an aggregate level, supervisors are expected to assess the magnitude of credit risk exposure in terms of non-performance risk, concentration risk, mitigation risk, settlement risk and counterparty credit risk. They are also required to evaluate whether the risk management framework (including provisioning levels) is adequate, sufficient and effective. Supervisors use compliance tests, cash flow tests and information from the Financial System Monitoring Department (Desig) while determining the adequacy of the credit classification and provisioning levels. On the basis of the finding of the supervisory assessments or reviews, they may require the banks to make modifications and improvements to their risk management frameworks or activities. They can also impose specific credit classification and provisioning levels for the sampled exposures, which may be extended to other similar exposures. (Resolutions CMN 3,721 of 2009, CMN 4,557 of 2017, CMN 2,682 of 1999 and CMN 4,019 of 2011.) Assessment of the rating assignment and provisioning processes are also part of the continuous (off-site) monitoring process carried out by both supervisors of the Supervision Department and analysts of Desig. In addition, the external auditors are also required to provide a detailed report twice a year (June and December) that reviews the criteria for credit ratings and the adequacy of provision levels. This report is an additional source of information for supervisors, both during on-site inspections and throughout the continuous off-site monitoring process. However, auditors’ reports do not substitute supervisors’ own opinion of the risk assessment and classification procedures. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures. 37 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Law or regulations do not have a clear definition of “exposure” for management of credit risk. Supervisors assert that the methodology adopted for measuring credit risk for capital adequacy purposes apply for other prudential purposes also, including for management of problem assets and provisioning requirement. Please see description under EC1 where it is mentioned that the scope of classification system as per regulations includes loans, lease operations and other operations with characteristics of credit risk, and that the supervisors may apply the same requirements to other exposures as they consider appropriate. The accounting framework introduced by Regulations (Resolutions CMN 3,823 of 2009 and 4,512 of 2016) requires provisions for certain off-balance sheet exposures such as loan commitments and financial guarantee contracts. Regulations are apparently not consistent about the treatment of OBS exposures for provisioning purposes for accounting purposes and prudential purposes. According to Technical Note 170/2017-BCB/Desup, financial guarantees shall generally be considered at the nominal value, but CCFs are accepted for some specific guarantees, e.g., bid and performance bonds, as long as they have not been classified as non-performing exposures. Yet, as per requirements, while reporting on non-performing exposures, banks only report the full transaction on-balance amount as delinquent. Though the off-balance sheet exposures are not reported as delinquent, supervisors expect banks to block the undrawn portion of the loan until overdue payments are made or the loan is restructured. Regulations and practice seem to be at variance from the requirements under this EC. In the absence of a consistent definition of ‘exposure’ that includes all types of on-balance sheet exposures (for example investment in debt securities, and other amounts payable by the counterparty) and off-balance sheet exposures, and in the absence of clarity in terms of how these exposures should be treated while compiling supervisory reporting and while computing the provisioning requirements, quality and consistency of verification of compliance with the regulations and enforcement of uniform approach to measurement and provisioning is unclear. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | While banks are required to comply with IFRS while preparing their consolidated annual financial statement for complying with the listing requirements, they are required to comply with COSIF and BCB regulations while preparing their financial statements at half-yearly intervals and while compiling their prudential reporting. Consequently, Regulations (Resolution CMN 2,682/1999) require the supervised institutions to make minimum provision based on the credit rating assigned as per regulations. In order to assess the overall sufficiency of loan provisions and loan classification system usually the following two methodologies are applied by the supervisors:
While accounting regulation requires provisions only for the following cases, supervisors may require expected loss provisioning for any credit risk exposure (Resolution 4,557/2017):
As an example, supervisors shall follow specific supervisory guidance concerning the ECL provisioning for securities (Technical Note 357/2016-BCB/Desup) and financial guarantees (Technical Note 170/2017-BCB/Desup). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under the previous ECs for details of the regulatory and supervisory frameworks for identifying deterioration in asset quality, assessing the adequacy of banks’ rating/ classification and provisioning, and assessing the banks’ policies and procedures for identification and management of problem assets. The Financial System Monitoring Department (Desig) has developed many reports based on BCB’s credit register system in order to identify and analyze credit risk situations and indicators that can raise flags on credit risk deterioration, including evergreening. After analysis, the warnings are reported to On-Site Supervision to be evaluated by the Supervisors. Based on these reports, supervisors could determine circumvention, if any, by a simple verification either during their continuous off-site supervisory process, or by on-site inspection, as required. To verify evergreening practices, supervisors usually plan an on-site inspection applying cash-flow analysis. If identified, supervisors require corrective actions, which includes risk reclassification, increased provisioning and modification in policies and procedures. In some cases, specific sanctions may also be applied. Uniform classification: One approach to ensure early identification of deteriorating assets is to assess the counterparty’s “unlikely to pay” to mark an exposure as a problem asset. This is required by regulations (Resolution CMN 4,557/2017 and Res 2623 of 1999). At times, the same principle can be used to extend the most adverse rating/ classification to all the exposures of the same counterparty when any of them becomes non-performing. Another approach to ensure early identification of deteriorating assets is to require banks to mandatorily apply the most adverse asset rating/ classification assigned to any of the exposures to a counterparty to all exposures to that counterparty. This is required from banks by regulations (Resolution CMN 4,557/2017, item XIV, and Resolution CMN 2,682/1999, article 3). Supervisors, however, permit exceptions on a case-by-case basis for collateralized and nature-specific exposures (e.g., project finance and payroll guaranteed loans). During inspections, supervisors verify whether such classification requirements are actually satisfied, e.g., by applying the massive analysis technique. Monitoring department also uses the SCR for checking whether different exposures to the same counterparty receive distinct risk ratings. A third approach to ensure early identification of deteriorating assets can be when banks apply the adverse asset rating/ classification in other institutions to the exposures to the common counterparties. As banks in Brazil do not have access to credit assessments carried out by their peers, they are not able to ensure a similar classification for clients across the system. However, the supervisors have access to client data in the SCR and use that information to enforce a minimum classification across the system when they consider appropriate. Regulations require banks to identify connected counterparties, which shall be regarded as a single counterparty for the purposes of credit risk management, including for risk assessment and provisioning (Resolution CMN 4,557/2017, article 22). Regulations allow banks to establish their own criteria for assessing the connection among counterparties, but they must consider at least a minimum set of related-parties criteria provided by the same regulation. In turn, supervisors review banks’ criteria during either on-site inspections or off-site supervision activities, and require corrections and improvements, as appropriate. Additionally, whenever appropriate, supervisors may require banks to consider specific counterparties as they were connected to one another, regardless whether they satisfy banks’ own criteria. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | While there is no specific requirement for reporting details on non-performing exposures to the BCB, banks are required to submit periodical reports to the Credit Register System (SCR). The reports include elaborate details of individual exposure to all counterparties that have availed credit facilities from the supervised institutions. The individual exposure level details include, among others, the contract number, date of granting, amounts drawn, date of repayment, days past due, cash flows, asset rating/ classification, available collateral, collateral value, provisions held there against. The granular details in the SRC allows the supervisors to perform analyses to draw several reports that allow them to undertake comprehensive reviews of the asset quality of banks’ credit portfolio, and also challenge banks’ classification and provisioning, where discrepancies are observed. This database also allows the supervisors to compare classification and provisioning levels for any given counterparty across the banking system. The database is also used by the supervisors to review the renegotiated and restructured exposures, with reference to their classification and provisioning levels in comparison with the prudential requirements. Also, please see description under EC5. Regulations require that banks’ policies, processes and procedures for credit risk management must be completely and adequately documented (Resolutions CMN 4,557 of 2017, 3,721 of 2009 and CMN 2,682 of 1999). Documentation must include all policies and procedures concerning the assessment of credit risk; estimation of the expected credit losses, which includes classification and provisioning of credit exposures, identification of problem assets and management of forborne exposures. According to the on-site examination procedures, supervisors are expected to assess whether the documentation that supports the activities of the risk management framework is comprehensive, technically sound and accessible to all professionals involved in the credit lifecycle. Supervisors have the authority to request additional information or to require improvements whenever necessary. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Please see description under ECs 4, 5 and 6 for the methodologies adopted by the supervisors to determine the overall sufficiency of loan provisions and loan classification system. Under the regulations, supervisors have the authority to:
In case of misconduct in face of legal or regulatory requirements, penalties apply to both a financial institution and its board or senior management. (Resolutions CMN 3,721 of 2009, 4,557 of 2017, 2,682 of 1999 and 4,019 of 2011) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Regulations require that the credit risk management framework must prescribe establishment of clearly defined and documented criteria and procedures, accessible to those involved in the process of granting and managing credit, for periodic evaluation of the degree of sufficiency of the collateral. (Art. 4, Res 3721 of 2009) The regulations, however, do not lay down the norms or requirements that will govern the periodical collateral valuation to be performed by banks, for example, frequency of valuation, assessment of net realizable value, and the reliance on in-house or independent expert valuers. In the absence of substantive guidance or requirements, banks adopt their own methods, norms and practices for valuation of collateral for determining provisioning for problem exposures. Supervisory guidelines expect supervisors to evaluate the adequacy of management reports to the board of directors with regard to the disclosure of the measures of expected loss due to credit risk, comparison with the amounts provisioned and with the valuation of assets subject to marking to market. Supervisors are also expected to evaluate these management reports for quality and comprehensiveness of the information, periodicity and timeliness of the document. Further, since banks have to review their risk rating at least annually and as the value of collateral is an important part of this process, the supervisors expect the banks to reassess the value of collaterals at least annually. Banks are required to report the details of the collateral while submitting their reports to SCR. For auto loans, such information includes the serial number of the vehicle, which allows supervisors to validate the reported value against the public registry (Sistema Nacional de Gravames - SNG) and estimation of the realizable value of the collateral at market values. (car prices indexes provided by Fundação Instituto de Pesquisas Econômicas - FIPE). Similarly, while the SNG started to receive data on new real estate financings at the beginning of 2017, BCB is tracking historical prices of real estate collaterals embedded in mortgage transactions that are reported to SCR. In addition, an ongoing strategic project (ASup/Perda Esperada) of the Supervision Department (Desup) focuses on the use of SCR data for estimating recovery values and backtesting the loss-given default parameters that banks use for establishing their expected credit loss provisions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 |
Laws, regulations or the supervisor establish criteria for assets to be:
identified as a problem asset (e.g., a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and reclassified as performing (e.g., a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Regulation 2682 of 1999 that is currently the operating regulation for the institutions included in S2 to S5 segments, does not provide a definition of a problem or a non-performing asset. However, as explained in the description under EC1, the regulation requires classification of all credit exposures under 9 categories from AA to H based on the ‘days past due’ and the ‘ability to pay’ criteria. Regulations have also not established quantitative criteria for upgrading assets, in terms of either probation period or minimum amortization. However, regulations require that renegotiated loans are held in the same classification category and that the re-classification for a lower risk category is permitted, when there is a significant amortization of the operation or when new relevant facts justify the risk level change. Banks are, therefore, allowed to establish their proprietary criteria based on their own credit experience. For S1 institutions, regulation 4557 issued in February 2017 became effective in August 2017. This regulation establishes the definition of a problem asset as one that is classified as ‘E’ or worse. The supervisors understand the ‘problem assets’ to mean ‘non-performing’. While this is the interpretation and understanding amongst the supervisors this is not articulated in laws or regulations. Resolution 4557 explicitly provides that exposures identified as problem assets may only have this condition changed in face of evidences that the counterparty’s ability to meet obligations under the contracted terms is recovered. Criteria for identifying the counterparty’s ability to pay must be established by the institution and clearly documented. These regulations become effective for the institutions included in S2 to S5 in February 2018. The regulations are unclear about the norms that guide the reclassification of borrowers among the various grades, allowing scope for individual practices amongst banks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | Regulations require banks’ credit risk management frameworks to regularly provide reports to senior management and the board (Resolutions CMN 4,557 of 2017 and 3,721 of 2009). As per the Specific examination procedures, (MSU 04-30-10-50-01-01, Section 3.5 (“Communication and Information”)), supervisors must verify whether such reports are regular, comprehensive and complete, and whether they are provided on a timely basis to support the decision about corrective actions. However, regulations do not explicitly require the supervised institution’s boards to periodically obtain and review the information on the quality of banks’ asset portfolio, major problem assets and levels of provisioning, and their trends. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Regulations require banks to subject all credit exposures to rating/ classification and provisioning on an individual basis. Regulations also require banks to assess expected credit losses both on individual and aggregated basis for determining the adequate level of provisioning, allowing a simpler framework for classification and provisioning for exposures below BRL 50,000. For counterparties with exposures below BRL 50,000, the classification can be determined based on the number of days past due, but the rating cannot be better than ‘A’ implying that banks should hold provisions of at least 0.5 percent for these exposures. (Art 5, (Resolution CMN 2,682 of 1999) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor regularly assesses any trends and concentrations in risk and risk buildup across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | The BCB reviews and assesses the quality of credit risk portfolios of individual banks. While undertaking such reviews based on off-site and on-site inputs, the supervisors are able to review the asset quality of the supervised entity with reference to the peer groups and the banking system. Also at individual counterparty levels, the supervisors are able to review the classification of one counterparty in the supervised institution in comparison with the classification of the same counterparty in the other banks by using the SCR database. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 18 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The supervisory framework for determining that the supervised institutions have adequate policies and processes for early identification and management of problem assets and the maintenance of adequate provisions is largely in place. In the absence of explicit definition of exposure for classification and provisioning purposes, in the absence of explicit prudential reporting by banks, BCB can be seen as estimating the size of NPLs from exposure perspective and from ‘renegotiation’ perspective. Absence of explicit requirement to adopt expected loss approach for all types of exposures, combined with absence of explicit guidance or norms on eligible collateral and valuation thereof for determining provisioning for problem exposures can pose challenges to assessing adequacy of provisions held by banks. The regulatory framework that lays out the minimum requirements for the identification, measurement and provisioning for problem assets is in transition and needs to stabilize. Resolution 4557 of 2017 addresses some of the regulatory gaps. Yet, a few areas where there is scope for further improvement include:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 19 | Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.38 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.39 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under relevant ECs of CP15 and CP17 for the regulatory regime pertaining to credit risk management that is applicable to S1 institutions till August 2017 and to all other institutions. Regulations further require that the credit risk management frameworks in financial institutions must include, among other things, the following that are relevant for the identification and management of concentration risk and large exposures: (i) systems, routines and procedures to identify, measure, control and mitigate credit risk exposures, both at individual and aggregate level of operations with similar characteristics, capturing at least the material sources of credit risk, the identification of the borrower or counterparty, the risk concentration and the form of aggregating operations; (ii) establishment of limits for operations subject to credit risk, both at the individual level and at the aggregate level of groups with a common economic interest and of borrowers or counterparties with similar characteristics; and (iii) evaluation of operations subject to credit risk, taking into account market conditions, macroeconomic prospects, changes in markets and products and the effects of sector and geographical concentration, among other factors. (Res. 3721 of 2009) The revised regulations (Resolution CMN 4,557) that are applicable to S1 banks from Aug 2017 and to the other banks from Feb 2018, has made several improvements over prevailing regulations for banks (Res. 3721 of 2009) regarding identification, measurement and management of concentration risk. The improvements achieved by the revised regulation, include
Regulations that deal with credit risk management, including concentration risk, do not explicitly define exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective. However, supervisors assert that banks and the BCB adopt the same definition and approach as applicable for measuring the exposure under the capital adequacy regulations. The definition of exposure under the capital adequacy regulations applies to both on-balance sheet exposures and off-balance sheet exposures. Exposure, as defined for the purposes of capital adequacy, allows set-offs such as netting of exposures to the same counterparty and for credit risk mitigants. However, from a concentration risk perspective, Basel guidance requires assessment of exposures from a ‘maximum exposure to loss’ perspective for which set-offs will need to be disallowed and exposures that are economically interdependent will have to be aggregated. These elements are absent in the current approach. For credit risk in general (including concentration risk), the supervisors are required to include the evaluation of the risk management policies and processes with reference to the FI’s strategic objectives and their risk appetite. The supervisor is expected to assess the concentration risk limits, in relation to the diversification parameters defined by the Board (MSU 4-30-40-20-01-02 - section 4.2.2.3). According to Continuous Monitoring procedures (AC), which provides information for the SRC, the supervisor must periodically review for each institution, among other documents, credit risk reports sent to senior management (this review must be commensurate with the risk profile and systemic importance of the FIs), including the reports on concentration risk. The on-site examinations carried out by Desup seek to verify whether (a) the concentration limits of portfolio distribution by product type and economic sector are in line with credit policies defined by the institution, (b) those limits are aligned with the risk appetite, as defined by the Board (MSU 4-30-10-50-01-01 - section 3.2.3.2) and (c) supervised institutions comply with the internal and regulatory limits for concentration. During these verifications, supervisors are expected to also check if senior management work within the parameters for the treatment of exceptions to the defined limits (MSU 4-30-10-50-01-01 - section 3.2.3.3). Finally, in the SRC the supervisor is required to include the evaluation of the adequacy of the communication process of credit risk exposures (including concentration risk) to the Board. (MSU 4-30-40-20-01-02 - section 4.1.3.1). Select banks to which the ICAAP process is applicable, are also required to measure concentration risk in that exercise. Accordingly, internal limits for concentration risk must be established and monitored. Failure to comply with such requirements may result in capital add-ons. Supervision reviews management of concentration risk by verifying the existence of and compliance with internal concentration limits and the treatment of exceptions to defined limits (MSU 4-30-10-50-01-01 - sections 3.2.3.2 and 3.2.3.3). The on-site supervision (Desup) verifies the general adherence of the FIs to the regulation in two ways. First, through on-site examinations, Desup ensures that banks identify correctly credit risk and, within credit risk, concentration risk (MSU 4-30-10-50-01-01 -sections 3.2 and 3.7.2). All exposures, including off-balance exposures, must be considered (MSU 4-30-10-50-01-01 - section 3.2.1.2). BCB’s supervision area incorporated in 2016 in the MSU an explicit provision to capture concentration risk exposures including off-balance exposures, although they were already considered in the analysis Secondly, Desup analyses FI internal reports regarding exposure to concentration risk and compliance with limits (MSU 4-30-10-50-01-01 - sections 3.2.3.2 and 3.4.1). The analysis by Desup is complemented with the offsite supervision’s (Desig) monitoring of regulatory limits, as described below. Off-site: The BCB’s Continuous Monitoring (AC) process, includes a periodical review of Credit Risk, that is proportionate to the Fl’s systemic importance and risk profile. Formally, excessive levels of concentration risk are those established by Regulations. However, SRC prescribes the assessment of the level of concentration risk. High exposure to this risk may prompt the supervisors to require the development of a plan for reducing concentration, implementation of which will be monitored. In addition to the information received from banks, Desig uses the information from clearinghouses, which provides information about banks’ operations in certain financial instruments that are traded in the market. This allows it to evaluate concentrations to single counterparties taking into account banks’ exposures through traded securities, and at times to connected counterparties. If a maximum limit established by regulation is surpassed, Desig informs the onsite supervision of the situation. Whenever Desig identifies an out-of-limit exposure the supervisors check the actual level of concentration and demand correction, where required. Compliance with the foreign exchange exposure limit established by Resolution 3,488 and the credit limit to the public sector instituted by Resolution 2,827 are also monitored by Desig via SIM. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure40 to single counterparties or groups of connected counterparties. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 with regard to the regulatory requirements for banks with regard to the management of concentration risk, including the definition of concentration risk. Regulations that are applicable to S1 banks from Aug 2017 and to the other banks from Feb 2018, require supervised institutions to have information systems that identify and aggregate, on a timely basis, the exposures to concentration risk (Article 23, Para 17 of CMN 4557 of 2017). The regulations (4557 of 2017) allow the institution, in exceptional cases, waiver from considering counterparties connected by control as a single counterparty, as long as it can be demonstrated that such counterparties do not share the credit risk incurred by the institution. The BCB has the discretion to consider two or more counterparties as connected, in case they verifiably share the credit risk incurred by the institution. As per regulations, connected counterparties must constitute a single counterparty for the purpose of credit risk management. Such counterparties are those that share the credit risk incurred by the institution, including through a control relationship. For the purposes of Resolution 4,557, the control relationship must be substantiated through the occurrence of at least one of the following criteria:
The institution must document the criteria that uphold the identification of each group of connected counterparties. Reports for the senior management, the risk committee and the board must also include information regarding exposures resulting in risk concentrations. (Art 23, para 3(III), Res 4557) In 2016, the guidelines to supervisors incorporated in the MSU an explicit requirement for verification of the systems in FIs for the identification and aggregation of information regarding large exposures and risk concentration (MSU 4-30-10-50-01-01 - section 3.2.3.4). Supervision Desig reviews the timeliness and accuracy of the bank’s systems by reviewing the data on the credit registry and the bank’s internal reporting. Overall, Desup checks the efficiency of the systems used by the institution to manage, classify and monitor risks, as well as to store the data history of credit transactions, joint obligations and other operations with credit characteristics. (MSU 4-30-10-50-01-01 - section 2.1). On-site examinations seek to analyze the capacity and reliability of information systems in the generation and timely availability of information related to the credit process (MSU 4-30-10-50-01 -01 - section 3.5.2). The SRC also specifically provides that the supervisor must include the assessment of the IT systems that are used by the FI for monitoring and managing concentration risk (MSU 4-30-40-20-01-02 - section 4.2.2.3). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 for requirements in regulations that pertain to the risk management policies and processes pertaining to credit risk in general and concentration risk in particular. In general, banks manage credit concentration risk by setting internal limits by client (including connected counterparties) and by economic sector. Some banks also fix limits for country risk, foreign exchange risk and foreign business units adhering to the Institution’s Risk Appetite Statement. The limits are usually set with reference to regulatory capital. They also monitor clients with the largest exposures. During on-site examinations, supervisors seek to verify or evaluate
During the off-site processes the supervisor is required to periodically review for each institution, among other documents, credit risk reports sent to senior management. This review must be commensurate with the risk profile and systemic importance of the FIs. This review includes the banks’ reporting of information on risk concentration submitted to the senior management. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The regulatory and supervisory framework in Brazil does not require the supervised institutions to periodically submit regulatory reports on their exposure to concentration risks. Instead, the supervisors make extensive use of the data and information to which they have access, to identify the concentrations to which the supervised institutions are exposed. On the basis of the analyses and signals received from the monitoring department, the supervisors may pursue as appropriate with the supervised institutions. The off-site information database that the supervisors can use for reviewing banks’ exposure to concentration risks comprise information and data reported by the banks to the credit registry; daily data received from clearing houses, CCPs and trade repositories; data received from the government agencies, including revenue authorities. Automatic routines (SQL) are used to process information from the various sources. Relying on the above database, the supervisors are able to monitor banks’ exposures to credit concentration risk from different perspectives. Supervision monitors and reviews banks’ exposure to concentration risk and compliance with the prudential limits by relying on inputs from various sources, as below:
Routinely, the supervisory focus is on the exposure to single counterparties, connected counterparties, and large exposures to review banks’ compliance with prudential limits for these exposures. The review of the other types of concentrations is to equip the supervisor to assess compliance with internal concentration limits, if any, or to engage the banks in an informed discussion on their concentration risk management policies and approach. The off-site monitoring process registers limit exceptions in the Integrated Monitoring System (SIM) system, which will prompt supervisors to take action. In addition, cases of exceeded limits are referred to the on-site supervision department for corrective action. A system called “Profile of Operational Limits” provides search and reporting services (SQL and Microsoft Reporting Services) to supervisory teams on occurrences of noncompliance with prudential limits by the supervised institutions. Supervisors of Brazil’s largest banks also receive regular internal reports from banks on their risk profile and risk measurements. These reports usually cover risk concentrations and the largest exposures. Credit concentration and credit risk management are also assessed in SRC and in on-site examinations. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The prevailing regulations on concentration risk management for banks in S2 to S5 do not have clear definitions or guidance on ‘connectedness’ of counterparties. As per current definition (Res 2844 of 2001) a client is defined as a single person, either natural or legal, or a group of persons acting singly or jointly and representing a common economic interest. Economic dependency is situations when difficulties in raising funds or liquidating liabilities faced by one entity entail similar difficulties in another entity. The revised regulations that are in force for S1 banks from August 2017 have provided clarity in this regard. These regulations become effective for all banks from February 2018. (Please see description under ECs1 and 2 for details). The revised regulations require the institution to document the criteria that uphold the identification of each group of connected counterparties. However, in exceptional cases, the institution can be waived from considering counterparties connected by control as a single counterparty, as long as it can be demonstrated that such counterparties do not share the credit risk incurred by the institution. The BCB has the discretion to consider two or more counterparties as connected, in case they verifiably share the credit risk incurred by the institution. The BCB has two sources of information for verifying inter-connectedness:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | Laws, regulations or the supervisor set prudent and appropriate41 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC 1 regarding absence of definition of ‘exposure’ for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective. Regulations establish the following prudential limits to address concentration risk (CMN 2844 and CMN 2827, both of 2001): Table 4: Prudential Exposure Limits-Summary Note: * as percent of regulatory capital; ** excludes exposure to the federal government; *** A large exposure is defined as one that is equal to, or exceeds, 10% of Regulatory Capital.Table 4: Prudential Exposure Limits-Summary
These limits apply on a consolidated basis to the prudential conglomerate, as defined by regulations (Resolution CMN 4,280 of 2013) and to the solo bank for other institutions. Regulations permit the following exemptions while computing compliance with the above prudential limits:
Concentration risk is also addressed by regulations (Resolution CMN 3,488 of 2007), which impose a limit on the net exposure of a financial institution to foreign currencies or gold. The limit is set at 30% of Regulatory Capital (PR) and compliance is verified on a daily basis by the off-site supervision team. Laws or regulations are silent about the treatment of credit risk mitigants, in the computation of exposure and in the computation of compliance with the prudential exposure limits, other than those mentioned above under exemptions. However, it is understood that during on-site examinations and monitoring of large exposures in large banks, supervisors assess the quality of the collateral associated with such exposures on a case-by-case basis. Please see description under EC4 for the supervisory approach to monitoring of compliance by the banks with the prudential limits prescribed for large exposures and foreign currency exposure risk. Please see description under EC3 for the requirements about senior management and board monitoring of banks’ exposure to concentration risk and their compliance with the prudential as well as internal limits for risk concentrations. In addition, supervisors examine the limits for connected counterparties established by the bank’s policy and require banks to monitor the adherence to those limits. (MSU 4-30-10-50-01-01 -sections 3.2.3.2 and 3.2.3.4). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programs for risk management purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Prevailing regulation on the management of credit risk for banks in S2 to S5 segments, had prescribed the implementation of a management structure that assesses credit risk in operations, taking into account simulations of extreme conditions (stress tests), encompassing economic cycles, market conditions, macroeconomic perspectives, changes in markets and products, and the effects of sectoral and geographic concentration, among others. (Resolution CMN 3,721 of 2009) The revised regulations that will become effective for all banks from February 2018 require banks to include in their stress test programs all material risks, including credit risk and the impact of significant risk concentrations. (Resolution CMN 4,557 of 2017) Supervision is required to analyze stress tests of banks as part of the evaluation process of banks’ ICAAPs. While evaluating banks’ stress test programs, supervision is also required to verify whether concentration risk is taken into account (MSU 4.30.10.50.01.03 - section 2.1.10). In practice, relevant concentration risks, especially by client (including connected counterparties), must be incorporated in integrated stress tests conducted by banks. This is explicitly required by Resolution CMN 4,557 of 2017 (as mentioned above), as well as by Circular BCB 3,547 of 2011 and Carta-Circular BCB 3,774 of 2016. The BCB conducts stress testing at periodical intervals, which address concentration risks in the banking system. The focus of these stress tests is to primarily verify the concentration risk in the banking system rather than at individual banks and to assess the contagion risk among the banks. Brief details of the elements of concentration risks addressed in these stress tests are below:
Concentration of credit risk in terms of exposures to a single counterparty is not subjected to specific stress tests as this specific concentration risk is monitored every month based on the supervisory reporting received from the financial institutions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 |
In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialized banks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC6 for the details of the prudential limits established under regulations. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 19 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulations for concentration risk for most banks (S2 to S5) have a few gaps, which can give rise to variations and bank level discretion while implementing the risk management framework to address concentration risk. The key gaps have been addressed in the Resolution 4557 of 2017, that has already become effective for S1 banks from August 2017 and will become effective for the other banks from February 2018. While some banks may be already in compliance with the revised requirements, system-wide implementation will, understandably, take some more time. There are a few additional areas where the lack of clarity may be introducing distortions in implementation. In the absence of (a) an explicit definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective, (b) explicit reporting from banks on their exposures to single or connected counterparties, (c) comprehensive database of all connected parties - through control and through economic interconnectedness, and since the assessment of name concentration is undertaken by the BCB, it is unclear how comprehensive or effective this monitoring can be. Also, in the absence of (a) an explicit reporting from banks on their exposures to economic sectors, geographic regions, and credit risk mitigants; (b) guidance or database on inter-sector correlations or correlations among geographic regions or credit risk mitigants; the supervisors are not able to challenge the assessment of concentration risks and their management by the banks. Areas for improvement can include:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 20 | Transactions with related parties. In order to prevent abuses arising in transactions with related parties42 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties43 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Definition of related party Law and regulations issued by the BCB have not explicitly articulated a definition or list of related parties for regulatory and prudential purposes. However, Article 34 of Law 4595 of 1964 (Banking Law) provide a list of related parties which include the following:
The above list of related parties in law and regulations that is relevant for the prudential application excludes the following related parties that are included in the Basel definition:
The above Article of Law 4595 was amended with effect from 13 Nov 2017 by Article 69 of Law 13506 of 2017, but the gap between the definition in the Brazilian law and the Basel definition remains. The list of related parties after the amendment remained more or less the same, except for the inclusion of the following two:
For the purposes of public disclosure of transactions with related parties, “Related party” is defined in the accounting standards44 as below: Related party is the person or entity that is related to the entity that is preparing its financial statements (in this Technical Pronouncement, treated as “Reporting entity”).
The definition of related parties for the purposes of disclosures as laid down in the accounting standards is more closely aligned to the Basel definition, and the supervisors have found this pronouncement to be helpful in identifying the related parties that were often used by financial institutions to transfer their risks (securitizations, credit transfers etc.). Related party exposures and transactions with related parties Several provisions in laws and regulations prohibited the financial institutions from undertaking certain types of related party transactions. With the amendment to Article 34 of the Banking Law (effected through Law 13,506 of Nov 2017), banks are now allowed to undertake credit transactions with the related parties. In brief, the prohibitions prior to the amendment are as below:
However, the above prohibitions in the Banking Law were revoked on June 7, 2017. Pursuant to art. 3°, §2° of Provisional Measure 784 of 2017, the CMN was empowered to establish which transactions will be prohibited. The CMN issued a new resolution (No. 4596 of 2017) which reinstated the prohibitions enumerated in the law 4595. The restoration of the prohibitions became effective from September 06, 2017, leaving a window where banks could have, hypothetically, extended loans and advances to the related parties listed in the law 4595. The above prohibitions in the law and regulations applied to transactions in the form of loans, advances, and investments and underwriting of debt securities issued by the related parties specified in the law. The restrictions did not explicitly apply to other forms of exposures such as placing deposits with or investing in the equity of the related parties, sale and purchase of assets, acceptance of deposits or borrowing, entering into service contracts, lease agreements, derivative transactions etc. As per Basel norms, related party transactions include dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. Basel recommends that the term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party. The law 4595 also allowed institutions to assume related party exposures with BCB approval, on a case by case basis. The amended provisions of Article 34 of Law 4595 allow financial institutions to extend loans and undertake other credit transactions with the related parties named therein with effect from 13 Nov 2017, provided:
In order to allow a prompt identification of transactions in violation of the prohibition on lending to related parties, the BCB is implementing procedures to compare Credit Risk System (SCR) information with the BCB Interested Entities data base information (Unicad). Since 2012, seven Punitive Administrative Processes (PAP) have been initiated against financial institutions for violating the prohibition of lending to related parties. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties. 45 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see the description under EC1 regarding the prohibition on lending to or investing in related parties, the exemptions to the prohibition and the permitted transactions. BCB regulations are yet to explicitly define ‘related party transaction’ and have not explicitly articulated the governance framework that will be applicable to the transactions with the related parties. The Technical Pronouncement CPC-05 of the Accounting Pronouncement Committee of the CPC, however, defines transactions with related parties for the purposes of public disclosure requirements. Here, related party transactions are defined as ones where there is transfer of resources, services or obligations between an entity that reports the information and a related party, regardless of whether it is charged in return. Regulations or laws have not explicitly required financial institutions to ensure that transactions with other related parties (that are not covered under the definition in the law) are undertaken at arms’ length. While the amended Article 34 of the Banking Law (Nov 2017), requires banks to ensure certain arm’s length norms, these do not explicitly specify that the transactions with the related parties should not entail more favorable tenor, fees, and amortization schedules. However, as part of SRC supervision of Corporate Governance in the entities required to constitute a board of directors (MSU 4.30.40.20.09), the supervisors are required to verify whether boards ensure that transactions with related parties (including transactions among the group entities) are reviewed to ensure that the institution’s resources are properly applied to the benefit of the conglomerate. Supervision also evaluates the disclosures pertaining to related party transactions made by the relevant institutions in compliance with the accounting standards. BCB has recently (2017) developed a methodology to assess contagion risk. In addition to previous analyses, under this approach, the Supervisors are required to perform the following procedures:
To facilitate the above, BCB requires supervised entities to report detailed accounting information for monitoring purposes, and BCB receives daily information from clearings that allow the identification of atypical transactions on securities markets. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see the description under EC1 and EC 2 regarding the transactions with related parties that are permitted under laws and regulations. The conflict of interest requirements are not articulated explicitly in the context of related party transactions, these have been articulated in the regulatory requirements pertaining to internal control and corporate governance in banks. Regulations or laws have not explicitly required from financial institutions that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risks be subjected to prior board approval. Law and regulations have also not explicitly required that Board members with conflict of interest be excluded from the approval process of granting and managing related party transaction. Please see description under EC2 regarding supervision of corporate governance under the SRC. One focus of the Special Verification of Corporate Governance (VE) is the identification of board members who are at the same time shareholder or have relationships with other related or not related companies, to evaluate influences and conflict of interests (MSU 4.30.10.50.06.01). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Regulations require that the institution’s internal controls must ensure the segregation of the activities assigned to members of the institution in a way that avoids conflicts of interests, as well as to mitigate and properly monitor areas identified as potential conflicts. (Resolution CMN 2,554 of 1998). At the same time, there are no explicit requirements in law or regulations that address specifically the requirement articulated in this EC with reference to related party exposures and transactions. While assessing the Internal Controls, supervisors are required to verify the existence of a formal segregation of duties policy, and how conflicts of interest are dealt by the Board of the financial institution (MSU 4.30.10.50.06.02). Supervisors also assess the adequacy of the segregation of potentially conflicting functions, such as trading and controls functions while analyzing Risk and Controls regarding Credit Risk (MSU 4.30.40.20.01.02) and Market Risk (4.30.40.20.02.02). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | As mentioned in the description under EC1 and EC2, law and regulations initially prohibited lending to and investing in some related parties, but now they allow banks to assume exposures on all related parties and enter into other types of transactions with all related parties. While there are no explicit prudential limits for related party exposures, the effective prudential limits are those prescribed for a single counterparty or group of connected counterparties. The details of these limits are explained in the description under EC6 CP19. A reference is also invited to description under EC1 of CP 19 where it is mentioned that law or regulations have not explicitly articulated a definition for ‘exposure’ for assessing compliance with the prudential exposure limits. Under the current prudential framework, banks can assume several sets of related party and connected related party exposures, each up to the level of 25 percent for private sector connected counterparties (or 45 percent for public sector connected counterparties) of regulatory capital. The related party exposures in banks are not subject to an aggregate prudential cap. The supervisory approach to prudential limits is to supervise and enforce these at the level of the prudential conglomerate, and not necessarily at the level of the individual entity within the prudential conglomerate. The prudential framework for limiting exposures to related parties is at variance with the Basel framework, where the expectation is that these limits are at least as strict as the single and group exposure limits articulated under the Basel framework, which is 25 percent of bank’s capital (EC5 of this CP read with AC1 of CP19). Regulations or law do not explicitly provide for deduction of related party exposures from capital. However, according to Resolution 4,019 of 2001, the supervisor can require, among other supervisory measures, additional capital in financial institutions with excessive risk exposures, which includes contagion risk posed by transactions with related parties. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under ECs 1 to 5 regarding (a) the legal and regulatory requirements for related party exposures and related party transactions, (b) the supervisory approach to reviewing and assessing risks arising from related party exposures and transactions and (c) the scope for aligning these better with the Basel requirements. Laws or regulations do not explicitly require banks to establish the policies and procedures envisioned in this EC. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor obtains and reviews information on aggregate exposures to related parties | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | The Supervisor receives prudential conglomerates accounting data on a monthly basis as well as from each of the consolidated entities (financial institutions and other consolidated entities) On the Prudential Conglomerate Financial Statements Special Verification (VE) procedure (MSU 4.30.10.50.31) Supervision carries out analysis of, among other aspects: (i) transactions between consolidated entities; (ii) elimination procedures of intra group transactions, and (iii) adequacy of explanatory notes, including that relating to transactions with related parties. For the related party transactions, the BCB Monitoring Department is implementing procedures to compare Credit Risk System (SCR) information (detailed credit information provided by the financial institutions) with the BCB’s Interested Entities data base information (Unicad), which can allow it to identify the transactions with and exposures to related parties and assess these with regard to the ongoing market prices, market rate of interest and so on. In addition, BCB receives daily information from clearings that allow the identification of atypical transactions on securities markets. The Publicly-Held Companies must notify the CVM within seven days of the occurrence of transactions with related parties that meet the materiality criteria defined in CVM Instruction 480/2009. The BCB does not obtain an exclusive periodical report from the supervised institutions on their transactions with the related parties, exceptions and write-offs. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 20 | Materially Non-Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The key variances from the Basel norms are non-inclusion of all types of related parties within the prudential purview, absence of an explicit and complete definition of related party transactions for prudential purposes, the absence of a prudential limit on banks’ aggregate exposure to related parties, the gaps in the governance requirements, absence of explicit requirement for policies and processes for related party transactions, the absence of explicit and focused supervisory (prudential) reporting requirement for transactions with and exposure to related parties and application of the prudential requirements at the level of the prudential conglomerates and not at the level of the solo bank(s) within the conglomerates. These collectively result in significant gaps in the prudential regime for transactions with related parties. The BCB strives to monitor related party transaction by reviewing extensively the periodical accounting information received from the supervised entities, SCR database, the database on market transactions received from the TRs and the Unicad database. Given the gaps in the definition of related party and the definition of related party transactions, and the absence of a dedicated off-site supervisory (prudential) report on related party exposures, it is unclear that the universe of the database that is reviewed by the BCB is complete. For example, some transactions that may not be reflected in the above databases are transactions with related parties that are outside the list specified in law or regulations; sale and purchase of assets that are outside the scope of the TRs, and the service contracts with related parties. The contagion risk analyses undertaken by the BCB focus on the risks to the supervised institution arising from the activities or risks in the entities belonging to the wider group to which the bank belongs but which are outside the direct supervision of the BCB. While this oversight may be able to identify the risks that could transmit to the supervised institution, the focus of this oversight is not fully aligned to the conflict of interest perspective that is the focus of this CP. The supervisory routines prescribed in the supervisory manual, with reference to assessment of inherent risks and control risks pertaining to credit risk do not explicitly articulate a focus on related party exposures and related party transactions and the governance requirements that are relevant for such exposures and transactions. Areas for improvement can include: (a) Enhanced and explicit requirements for Board oversight of related party exposures and transactions; (b) An explicit definition or articulation of list of “related parties”, to include at least those mentioned in the footnote to the CP; (c) An explicit definition or articulation of the list of “related party transactions” for prudential purposes, to include at least those mentioned in the footnote 69 to the CP; (d) Introduction of prudential limit for aggregate exposures to related parties that are at least as conservative as the limits for connected counterparties; (e) Introduction of periodical focused reporting by the supervised institutions on the exposures, transactions, exceptions and write-offs; (f) Application of the prudential framework for related party exposures and related party transactions to the solo bank(s) within the prudential conglomerate; and (g) Appropriate corresponding improvements to the supervisory manual. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 21 | Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk46 and transfer risk47 in their international lending and investment activities on a timely basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see the description under EC1 and EC2 of CP15 for the details of the requirements under the regulatory framework regarding risk management systems in banks. In the BCB’s view, the banking system exposure to country and transfer risks are not perceived to pose a significant risk to the Brazilian banking system because (a) assets held abroad by the banking system are less than 15% of the total assets of the financial system; (b) most of these assets are invested in G20 countries, and (c) after considering intercompany eliminations, foreign exposures of the supervised entities reportedly account for 6% of the total portfolio. In addition, Brazilian banks reportedly hold small, if any, positions in foreign sovereign bonds. The prevailing regulations that are applicable to country and transfer risks until August 2017 for all banks and until February 2018 for S2 to S5 banks is Resolution CMN 3721 of 2009 that deals with credit risk. The revised regulation on this topic is Resolution CMN 4,557 of 2017 that deals with integrated risk management and capital management, which has come into effect for S1 banks in August 2017 and will come into effect for other banks in February 2018. As per regulations (Resolutions CMN 4,557 of 2017 and 3,721 of 2009), credit risk definition encompasses country and transfer risks. The requirements under the regulations do not explicitly require banks to establish policies and processes for identification, measurement, evaluation, monitoring, reporting and control or mitigation of country and transfer risks. However, the supervisors expect that the credit risk management framework required by regulations also extends to the identification, measurement, control, and mitigation of country and transfer risks. Consequently, they expect that the financial institutions must be able to identify, monitor and manage exposures both on a regional and an individual country basis. (Please see CP17 for details on the regulatory requirements that apply to the credit risk management framework.) Country and transfer risks are described as components of credit risk as below, in regulations: Table 5: Description of Country and Transfer Risks Table 5: Description of Country and Transfer Risks
The Supervision practices guide explains country risk as a risk corresponding to the possibility of losses related to non-compliance with obligations associated with a counterparty or mitigating instrument located outside the Country, including sovereign risk. The description of country risk established in the regulations and in the supervision practices guide are at variance from the Basel definition (please see the footnote 45 above - “Country risk is the risk of exposure to loss caused by events in a foreign country.”), which is wider than the default of the counterparty. This EC requires that exposures are identified, monitored and managed on a regional and an individual country basis in addition to the end-borrower/end-counterparty basis. The BCB approach to supervision of country and transfer risk reflects immediate risk or direct exposure perspective. It does not take into consideration the ultimate risk or indirect exposure perspective. As both country and transfer risks are described and regarded as components of credit risk, the regulatory framework for these risks is not always explicit and is limited. Supervisors also assess the risk management framework for these risks and its adequacy using the same examination and supervisory procedures (MSU 04-30-10-50-01-01), which aim at assessing the counterparty credit risk. Supervisors apply specific assessment procedures for assessing settlement risk (MSU 04-30-10-50-01-01, items 3.2 and 3.9.1), settlement risk management ((MSU 04-30-10-50-01-02), and for assessing branches and subsidiaries abroad (MSU 4.30.10.50.15). These supervisory procedures are primarily oriented towards credit risk management and do not fully address the requirements specific to country and transfer risks as envisioned in this EC and this core principle. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that bank’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see the description under EC1 for the design of the regulatory and supervisory approach towards the management of country and transfer risks by the financial institutions in Brazil. Banks are not explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The BCB is yet to issue specific guidance or establish specific requirements for the measurement or grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. During on-site inspections, the BCB assesses and reviews the information system, the internal control system and risk management systems for credit risks. However, as the BCB does not consider the country and transfer risks as significant for the banks in Brazil, the supervisory focus on the assessment of the adequacy and appropriateness of these systems for the management of country and transfer risks is less evident. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 |
There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC3. There are no explicit requirements for establishing provisions for country and transfer risk exposures. The prudential provisioning framework for problem assets prescribes standardized provisioning rates for credit risk exposures that are related to the prudential rating assigned to the exposure and linked to expected losses. The regulations do not require any provisions for exposures that are rated AA as per the prudential scale. These provisioning rates are applicable to all credit risk exposures irrespective of the level and quality of country or transfer risks inherent in the exposure. However, as regulations define credit risk to include country and transfer risks, supervisory expectation is that the financial institutions must take such risks into consideration when developing their models for estimating the expected credit loss and when assessing the adequacy of provisioning. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor requires banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis for risk management purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see CP 15, EC13. The regulations (Res 3721 of 2009) require credit risk management frameworks to include stress testing, encompassing economic cycles, change in market conditions and liquidity, including the breakdown of key assumptions, and consideration of their results when establishing or reviewing policies and limits. These regulations are not explicitly requiring the supervised institutions to undertake stress testing of their country and transfer risk exposures. Resolution CMN 4.557 of 2017, which became effective in August 2017 for S1 institutions and which will become effective in February 2018 for the other institutions require institutions to consider country and transfer risks in their stress tests, when relevant. In the top down stress tests conducted by the BCB country and transfer risk are not included. (Please see description under EC13 CP 15 for a broad overview of the stress testing frameworks, in general, as required by the BCB.) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC3 pertaining to the BCB guidance on the measurement and reporting of the exposures to these risks. As the supervisor does not obtain information on a regular basis, they are constrained from effectively monitoring the financial institution exposures to these risks or their management. However, they have the power under laws and regulations to obtain information or data on banks’ risk exposures on ad hoc basis, if and when required. (Please see description under EC7 of CP17, for details) Supervisors can assess these risks during the credit risk analysis that they undertake as part of their Risks and Controls Assessment System (SRC) process. For systemically important institutions, the supervisors can also review these risks as part of either the ICAAP or Recovery Plan assessment. Circular BCB 3,678 of 2013 requires the public disclosure of credit risk exposures by countries and geographical regions when significant exposures exist. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 21 | Materially Non Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The requirements under laws and regulations on management of country and transfer risks by financial institutions is not explicit. It is subsumed under the regulations for risk management and under credit risk management. The description of country risk established in the regulations is at variance from the Basel definition, which is wider than the default of the counterparty. The current description and the supervisory approach are adopting an ‘immediate risk’ perspective (direct exposures), and do not take into consideration the “ultimate” risk perspective (direct and indirect exposures). Banks are yet to be explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. The BCB is yet to issue specific guidance or establish specific requirements for the measurement and grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. There are no explicit requirements for establishing provisions for country and transfer risk exposures, and for stress testing country and transfer risk exposures. These need to be viewed along with the absence of supervisory information system that tracks and monitors the exposures from an ultimate risk perspective, the risk grading of these exposures and the provisions held by the banks for these risks. Areas for improvement include (a) revision to the definition of country risk to fully align with the Basel definition, (b) explicit adoption the ‘ultimate risk’ approach to these risks, (c) issue of explicit regulations on identification, measurement, monitoring and management of these risks, including guidance on grading these risk exposures and provisioning therefor as a distinct risk from counterparty risk, (d) Extension of the ‘ultimate risk’ approach to the exposures of the banks’ branches and group entities that are abroad, (e) introduction of appropriate prudential reporting requirements to monitor the banks’ exposure to these risks, (f) application of the regulatory and supervisory elements pertaining to these risks to the solo banks within the prudential conglomerates and (f) introduction of appropriate corresponding improvements to the supervisory manual. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 22 | Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The main instruments traded by banks in Brazil are government bonds, repos/reverse repos collateralized by government bonds, BRL/USD futures, interest rate (CDI) futures (or DI1 futures, as the official contract denomination) and swaps (fixed vs. CDI, CDI vs. USD + “cupom cambial”). Banks’ trading book portfolios usually comprise instruments held for managing liquidity buffer (e.g. government bonds and reverse repos) or to provide hedge for their clients. The major sources of market risk for trading book operations, considering the absolute market value of the risk factor exposures are, in descending order: interest rate risk (57.8 percent), foreign exchange (28.6 percent), credit risk and other exposures (13.2 percent), equity price (0.6 percent) and commodities (0.04 percent). (As of December 2016, for banking conglomerates). Please see below in Table 6 the segment-wise distribution of banks by the significance of their market risk exposures. Table 6. Relevance of Market Risk in Supervised Institutions Table 6. Relevance of Market Risk in Supervised Institutions
The requirements pertaining to market risk management in supervised institutions as laid down in the regulations (Resolution 3464 of 2007) include the following:
Please see description under EC1, CP15 for details of the requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for the management of market risk. These are applicable to S1 institutions from August 2017 and for the other supervised institutions from February 2018. The revised regulations provide a more specific and clear definition of market risk as the possibility of losses arising from movements in the market values of instruments held by the institution. Market risk comprises:
As per the revised regulations, trading book comprises all positions in instruments not subject to any trading restrictions, including derivatives, held with the intent of trading or as a hedge of other elements of the trading book. Instruments held with intent of trading are those designated by the institution for (a) resale, or (b) benefitting from movements in prices, either effective or expected, or (c) arbitrage (Art. 26, CMN 4557 of 2017). The institution must have clearly defined policies in place to determine which instruments will be included in the trading book, as well as procedures to ensure a consistent compliance with the trading book classification criteria. In case the institution does not maintain a trading book, the policy and procedures mentioned in the heading must ensure that no instrument is held with the intent of trading (Art. 27, CMN 4557 of 2017). Revised regulations also require that the market risk management structure must comprise systems that consider all relevant sources of risk; make use of reliable data on market and liquidity, both internal and external; and adequately document the shifts between the trading and the banking books, and internal risk transfers, according to criteria established by the Central Bank of Brazil. (Art. 29 of Resolution CMN 4,557). In addition, the revised regulations (Resolution CMN 4,557 of 2017) require (in art. 37) that the risk management framework considers the possibility of the institution not being able to trade a position at market price, due to its significant size with respect to the volume normally transacted or to some market discontinuity. Please see the description under EC2 for the supervisory processes pertaining to market risk management in supervised institutions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that bank’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please also see description under EC1 which explains the regulatory framework for market risk management in supervised institutions. The Financial System Monitoring Department (Desig) receives monthly market risk reports (DRM) from supervised institutions. The BCB also receives daily inputs from the exchanges, CCP and trade repositories on the transactions in the financial markets. Using these data, the Desig performs extensive daily routines on market risk and including occasional stress tests, to assess the impact on the banks’ liquidity positions. Please see EC5 for additional details. The Desig triggers warnings to on-site supervisors when there are delays or errors in these reports, on receipt of which, the supervisor can decide to conduct a specific examination of the bank’s market risk management, if warranted. The on-site supervision examines the actual risk assumed versus the risk appetite approved by the Board and evaluates its adequacy given the institution’s capital, processes and technical skills. Supervisory teams evaluate Brazilian banks’ market risk policies and strategies, assess the effective implementation of the Board’s decisions and the Board’s subsequent monitoring when performing either specific examinations on this theme, namely Risks and Controls Assessments (SRC) or Special Verifications (VEs):
The difference between the two on-site inspections is fundamentally the depth necessary to get to a conclusion on market risk management in the supervised institutions. The Department of Banking Supervision performs other Special Verifications that are not specifically devoted to assessing market risk management, but cover some aspects of trading book exposures, such as: Trading Operations; Structured Products, Hedge Accounting, Authorization for Internal Model of Market Risk. Banking supervision teams are required to take the following items into consideration, among others, when verifying market risk processes in banks:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 for an overview of the regulatory requirements pertaining to market risk management and EC2 for an overview of the supervisory processes for reviewing banks’ market risk management frameworks. Offsite Supervision: The Specialized Supervision Team on Market Risk performs off-site examination which aims to identify if the Report on Market Risk (DRM), a monthly standardized report sent to BCB, is consistent with accounting data. DRM is initially analysed by the Financial System Monitoring Department (Desig) in order to identify, among other things, the adequacy of capital requirements to Market Risk exposure and the details of this exposure to major market risk factors, as well as the most used measures for assessing market risk from the trading book exposures (VaR, parametric and historical, with different confidence levels, Expected Shortfall and complementary sensitivity analysis). Additionally, these data allow the determination of assets and liabilities’ durations and the existence of gaps by a monitoring tool known as BRM (Market Risk Balance Sheet) This analysis is useful to detect inaccurate identification, aggregation, monitoring and reporting of market risk exposure. BCB has also developed market risk monitoring tools to support onsite supervision teams and to provide early warnings to bank supervisors. These tools are based on historical behaviour of banks’ exposures, banks’ securities and derivatives portfolios, and bank’s daily market settlements to local Central Counterparts (CCPs). The tools are supported by daily data sent to BCB by domestic clearings and CCPs, and by monthly risk reports sent to BCB by financial institutions. The risk reports include domestic and foreign portfolios, as well the trading book exposure. This set of information allows the monitoring team to track the risk profile and level of banks’ exposure. If a financial institution presents a certain exposure level or operates an unusual kind of financial instrument, the monitoring team alerts the bank supervisor, who can decide to start an on-site examination procedure, if required. Onsite Supervision: Supervisors are required to verify the adequacy of the approved risk appetite, the risk management framework, the adequacy and comprehensiveness of the market risk identification and measurement systems, as well as of the respective exposure limits. Examinations evaluate if the limits set by the Board are consistent with the institution’s capital strength, processes and technical skills. Examinations are also carried out to verify whether the control systems capture all significant sources of risk and whether the assumptions and hypotheses underlying the market risk management tools are sufficient to highlight potential risks. Usually, during these examinations, the capacity and the level of engagement of the senior management in risk management - including the Board, and the reporting effectiveness and timeliness- are also evaluated. Supervisors also examine the risk reporting framework and, where required, require that risk management deficiencies be included in the reports and corrected in a timely manner. The treatment of exceptions by senior management is also evaluated. Examinations also check policies, processes and internal audit actions regarding allocations of financial instruments to the trading book. Usually, banks also measure market risk at the level of banking group (“prudential conglomerate”). Supervisors measure market risk at the level of banking group, or “prudential conglomerate”. The primary metric used by the supervisors to measure market risk is the capital requirement for market risk. Taking into account the standardized approaches, there are several components:
Please see description under EC6 CP15 and EC5 CP16 on the regulatory and supervisory framework relevant for use of models by the supervised institutions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC2 and EC3. Regulation Currently regulations require that (a) derivatives, securities and bonds should be valued according to consistent and verifiable methods by independent sources; (Circulars BCB 3,082 and 3,068) and (b) trading book exposures should be marked-to-market on a daily basis, according to independent references; (Circular BCB 3,354) Resolution CMN 4,277 of 2013 sets minimum standards and prudential adjustments for the valuation framework applicable to financial instruments accounted for at market value. The systems and controls related to the valuation process must comprise minimum features such as the definition of responsibilities of each area involved in the valuation process; the continuous review of the market information sources; guidance on the use of unobservable inputs, reflecting the assumptions used by the institution in the valuation process and independent verification procedures. In addition, the financial institution must prove that the pricing and verification procedures are independent from the trading desks. The valuation processes implemented by the financial institutions can be based on ‘mark-to-market’ or ‘mark-to-model’ methodologies, following criteria of prudence and reliability. Practice Supervisors assert that the Brazilian financial market is less sophisticated than mature markets (although deeper and more liquid than other emerging countries). However, banks differ in their trading book portfolios. The most sophisticated banks are those that trade large volumes of “non-plain vanilla” OTC derivatives. For regulatory purposes, two of the largest institutions use approved internal models for computing market risk regulatory capital. Two other large banks have applied for supervisory approval to use the internal models for capital adequacy purposes, and the requests are under BCB consideration. All banks use internal models for management or accounting purposes. However, regulations require that valuation must be performed in a consistent and verifiable manner. The sophistication of the valuation will be a function of the complexity of the products held by the bank. The more complex and illiquid the products are, the more intense the use of marking to model. Considering the products held in the trading book, the vast majority of the non-derivative instruments are government bonds, liquid and easily priced, and collateralized by repurchase guarantee. The outstanding amount of derivatives are relevant, most of them are standardized and registered in a central counterparty (futures, options and swaps are registered at B3), are liquid (especially interest rate and foreign exchange derivatives) and easily priced, since B3 publishes the values of the positions on a daily basis. Stocks are not relevant in the trading books of banks in Brazil. Other products found in the trading book are private bonds and OTC derivatives. The former are usually more difficult to price, since their market is not deep and most securities are not liquid enough. So, banks must have models that take into account the credit risk spread of the issuer, which are usually large low-risk companies that also borrow funds from the banks. As for the OTC derivatives (forwards, swaps and options), despite not being liquid, the market risk factors are usually liquid and hedgeable; so, the mark to market is not seen as a challenge by the banks and the supervisors. However, banks do have OTC derivatives with illiquid underlying risk factors, mainly those with very long maturities or based on currencies other than the US dollar. Here the banks rely on model based valuation. Offsite Supervision On a daily basis the Monitoring Department receives the granular data on domestic securities and derivatives from each financial institution, from clearing houses/ central counterparties and trade repositories. The bank’s domestic portfolio is automatically full valued by the Market Monitoring System (SMM). This system is maintained by the monitoring team and is able provide market prices for all local traded financial instrument. BCB team is able to individually analyze the banks’ books and reprice each of them using own pricing references as well as from independent sources. Based on this appraisal process, the on-site supervisors can receive early warnings, such as mispriced trades and large accounting changes, as a result of different monitoring processes. The supervisor also has a reliable price reference to support the on-site examination. Onsite Supervision During examinations, Supervision teams check whether the bank has a valuation process that is verifiable and consistent, and that this process is carried out by personnel not involved in trading activities and is properly documented. Duties and responsibilities described in policies regarding valuation process are checked against the effective practice. Supervision teams also evaluate the reliance of market risk management on models and the governance related to its use (development, documentation, validation, technical support from hubs abroad if applied). The Treasury Operations examination carried out by on-site supervision includes review and assessment of valuation methods for less liquid positions. If necessary, the supervisory staff stipulates that the institution take corrective action. Moreover, Desup’s specialized teams on treasury products perform examinations focused on accounting accuracy. When doing this, examiners check the bank’s policies and manuals on valuation procedures and governance and may criticize them if the relevance of less liquid positions is significant. In addition to BCB’s own assessment, supervisors receive external auditors’ reports during the SRC cycle. In the event of an important finding on valuation procedures, immediate communication is established with the bank’s senior management requesting more details or determining corrective accounting procedures (depending on the case). Such occurrence negatively influences the SRC score for the institution. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under EC4. Regulation Regulations lay down the details and requirements of the methodology for the calculation of the capital requirements under the standardized approach for exposures in fixed interest rates, foreign exchange coupon rates, price index coupon rates, interest rate coupon rates, equity exposures in trading book, commodities and foreign exchange rates and gold (Circulars BCB 3,634, 3,635, 3,636, 3,637, 3,638, 3,639 and 3,641). In addition, regulations have also established the requirements related to the calculation of capital requirements for market risks under the internal models’ approach (Circular BCB 3,646) The Brazilian risk based capital standards, for both standardized approach and internal models, were assessed as compliant by the RCAP (Regulatory Consistency Assessment Programme) process, conducted by the BCBS, in December 2013. As far as market risk is concerned, the conclusion of that assessment was: “the BCB has implemented a quasi-modelled approach in place of the Basel standardized approach, to take account of higher spreads and different levels of volatility in Brazil. The approach is conceptually a hybrid between the Basel standardized approach and the Basel modelled approach, where the BCB fixes the parameters. BCB clarifies that this is done largely for fixed interest rates - one of the most relevant market risk exposures in Brazil. For some other risk factors, the Brazilian methodology is closer to the Basel methodology. The approach to market risk was found to be more prudent and more risk-sensitive than the current Basel standardized approach. So, while the Brazilian regulations are tailored to suit local conditions, the Assessment Team has concluded that the Brazilian framework achieves a similar, but generally more conservative, practical effect.” Imposing limits on market risk exposures is not a regular practice in Brazil - although the Resolution CMN 4,019 gives such powers to the BCB and it has already been done in the past. Nonetheless, Resolution CMN 3,488 restricts FX exposure to 30% of Total Capital. This exposure is not restricted to trading activities (but the bank’s overall positions, including overseas transactions), and should be calculated on a consolidated basis (prudential conglomerate concept). Regulations also require that financial institutions establish and maintain procedures for assessing the need for adjustments in the value of the financial instruments, regardless of the valuation methodology adopted, and based on prudent, relevant and reliable criteria. Regulations also stipulate the minimum elements to be included in this assessment. (Resolution CMN 4,277 of 2013) Offsite Supervision The Monitoring Department has developed its own stress testing methodology. For traded securities and derivatives, a simplified market stress test is computed on a daily basis. The market stress test is computed for each banking institution. The department is also able to carry out specific stress test scenarios based on risk factors using a sensitivity-approach considering the local and foreign exposures. Banks and some relevant non-banking financial institutions send monthly to the BCB the risk factor map of their consolidated market risk exposure, in the Report on Market Risk (DRM). Based on this report and on the stress tests conducted by the monitoring team, the on-site supervisors can make comparisons and evaluate the results of banks’ stress tests. The monitoring team can also provide to the supervisors some impact analyses to support examinations on specific institutions. Onsite Supervision The Banking Supervision Department evaluates the capital strength versus risks faced by institutions in the SRC, as well as if there is any relevant uncertainty on assets and liabilities values. This is done mainly through capital strength assessment. Specific examinations focused on market risk RWA are also performed. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor requires banks to include market risk exposure into their stress testing programs for risk management purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Regulations establish the minimum requirements for institutions to conduct stress test programs (Art. 12 to 19, CMN 4,557 of 2017). These requirements include stress testing of banks’ market risk exposures and assessment of the impact of significant risk concentrations. (Please see description under EC1 of this CP and EC13 of CP15 for more details on the stress testing requirements for banks). The institution must ensure that it uses the results in evaluating, controlling and mitigating market risk exposures. It could also use stress testing for assessing the adequacy and robustness of the assumptions and methodologies related to the models used in risk management. During examinations (VEs) supervisors evaluate stress tests performed by the institutions specifically designed for this risk. The methodology and sophistication of the institution’s stress testing process is also assessed, considering whether it is commensurate with the institutional risk profile and whether it addresses all relevant risk factors. The development and approval of scenarios (frequency, officers responsible, risk factors, and granularity) are considered. (EC6) This evaluation includes policies and manuals, governance, use of stress tests results, and adequacy and feasibility of scenarios and assumptions. If deficiencies are found, supervisors require senior management to address these and share the correction plan with the BCB, for follow up. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 22 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | On the basis of the off-site inputs, the Supervisors are able to determine the market risk exposures of banks on almost daily basis and pursue with them as required. They are able to pursue with the banks, both from a market risk perspective and from a funding liquidity perspective (arising from interplay between market and liquidity risks). While market risk is not significant at a system level, it is significant for several S3 and S4 institutions. These gains added significance given the potential challenges to establishing a robust governance framework in these institutions, particularly when they are unlisted. While the regulatory framework has been recently improved with the issue of Resolution 4557 of 2017, which will become fully effective for all institutions from February 2018, they lack explicit and clear articulation of the norms and minimum requirements, including governance elements, pertaining to shifting of instruments from and to the trading book. Two areas for improvement can be: (a) Review market risk management frameworks in relevant S3 and S4 banks, at more frequent intervals than may be determined by their supervisory cycle; (b) Issue explicit norms and guidance for shifting of exposures from and to trading book. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 23 | Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk48 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Prior to 2017, the regulatory framework for risk management was established for the key risks to which the financial institutions in Brazil were exposed. In the absence of an umbrella regulation that laid down the framework and governance requirements for integrated risk management, the banks and the supervisors were guided by the requirements in the regulations issued for the management of individual risks. In this background, the Circular 3365 of 2007 issued by the BCB as part of the Basel II implementation provides the regulatory basis for risk management framework pertaining to identification, measurement, monitoring and management of interest rate risk in the banking book (IRRBB). A synopsis of the requirements under this circular is provided below:
Please see description under EC2, CP15 for details of the requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for the management of IRRBB. The revised regulations became effective for S1 banks in August 2017 and for the other banks it will become effective in February 2018. The revised Regulations define IRRBB as the risk, either current or prospective, from impacts arising from adverse movements in the interest rates, on the institution’s results and capital, for instruments in the banking book. (Art. 28 of Resolution CMN 4,557) The revised Regulations require that IRRBB management in banks must comprise:
Regulations define EVA as assessment of the impact arising from interest rates movements on the current cash flows of instruments in the banking book. (Art. 30 of Resolution CMN 4,557) Regulations define EBA as assessment of the impact arising from interest rates movements on the earnings of instruments in the banking book. (Art. 30 of Resolution CMN 4,557) The BCB is currently working on a draft circular which requires the identification, measurement and control of IRRBB; the evaluation of capital availability to cover IRRBB; information reporting to the BCB; and the disclosure of IRRBB related information. This circular is intended to address the new BCBS standards “Interest rate risk in the banking book”, issued in April 2016 that is required to be implemented by 2018. The BCB is currently concluding an impact study of the new regulation and discussing with the industry potential improvements to the draft regulation. All banks are subject to SRC (the largest ones once a year, the smallest, once in three years). Besides the SRC, there is a Special Verification (VEs) especially devoted to IRRBB. Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to review and assess the strategies and policies for IRRBB management to, among others, determine:
In 2016, the onsite supervision performed two VEs focused on IRRBB. On these examinations, it detected deficiencies that included inadequate metrics used to measure IRRBB, lack of interest income margin approaches, disregard of embedded optionality and short observation periods in contrast with its banking book profile. Both banks were notified about their deficiencies and establish a plan to correct them. On a review of the systems and procedures in the banks that are required to perform ICAAPs, BCB is of the view that the IRRBB management has evolved significantly in recent years. In the past, banks used metrics and controls typical of trading book management, like a Value-at-Risk methodology with short holding periods, neglecting effects characteristic of banking book positions, like the effect of behavioral optionalities. Relevant improvements in IRRBB management in banks have been achieved through a more intense evaluation from supervision teams and significant enhancements in supervisory manuals. Although the process is still improving, several banks have already adapted systems and controls to measure IRRBB taking into consideration the earnings and economic value approaches, the calculation of embedded gains and losses, the effect of behavioral optionalities, non-maturity deposits, and fixed rate loans subject to prepayments. Supervisors assert that the banking industry is implementing a number of improvements in response to the Brazilian supervision’s initiatives to converge the measurement and management of IRRBB to the international best practices. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for details of banks’ risk management frameworks relevant for the management of IRRBB and the supervisory approach to assessing banks’ management of IRRBB. As mentioned in EC1, the regulations for the S2 to S5 banks were more focused on the measurement of IRRBB exposures, and allowed the banks a wide discretion on the risk management framework, including board and senior management oversight. The revised regulations that became effective for S1 banks in August 2017 and will become effective for the other banks in February 2018 requires institutions to submit timely reports to the senior management, the risk committee and the board on the various material risks to which they are exposed, including IRRBB, in adequate detail including:
In addition, the revised regulations require the management reports to include the following aspects specifically related to IRRBB:
Please see description under EC1 regarding the scope and focus of supervision. The supervisors are required to review the role of senior management and the board during VEs of Market Risk (MSU 4.30.10.50.02.03) and IRRBB (MSU 4.30.10.50.02.07). Under Risks and Controls System (SRC) evaluation activities, market risk management reports are requested and examined (MSU 4.30.10.20). In the procedures related to VE on Market Risk, VE on IRRBB and to VE on Corporate Management, the management reports used by the institution as well as the consistency of the data reported to the Supervisor specifically for the calculation of capital requirements (MSU 4.30.10.50.02.02). are evaluated. ICAAP banks’ management of IRRBB is subjected to an independent internal audit process, but usually it is part of a larger review (for example, market risk management as a whole). |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 and EC2 regarding the regulatory requirements for measurement of IRRBB, including reporting to banks’ senior management and Board; and the supervisory approach and methodology for supervision of the risk management systems in banks for IRRBB. Regulations require that
Regulations also establish procedures for measuring IRRBB. The guidance includes the following requirements (Circular BCB 3,365 of2007):
Supervision: Please see description under EC1 and EC2 for details of the supervisory approach to assessment / review of the IRRBB risk management systems in banks. BCB receives two monthly reports from banks that provide data and information on banks’ exposure to IRRBB and capital requirements for IRRBB, namely the Report on Operational Limits (DLO) and the Report on Market Risk (DRM). The financial institutions submit these reports on a monthly basis, and they are initially analysed by the Financial System Monitoring Department (Desig) in order to identify, among other things, the adequacy of capital requirements to IRRBB exposure and the details of this exposure to major market risk factors. Additionally, these data allow the determination of assets and liabilities’ durations and the existence of gaps by a monitoring tool known as BRM (Market Risk Balance Sheet). This tool identifies the main determinants (risk factors, instruments) of the overall IRRBB along with the trading book market risks, with an Asset and Liability Management (ALM) approach. At the individual bank level, supervisors receive IRRBB reports that are used by the banks in the risk management processes. Even though the level of complexity and sophistication can vary from bank to bank, the systemically important banks have tools that are able to simulate different behaviours for interest rate yield curves over time (scenario analysis) and to assess the impact of these behaviours on cash flows, earnings and balance sheets. Supervisors use the above compilation of information for two specific purposes: first, to assess the capital requirements calculated by banks’ internal models; and second, to evaluate the interest rate risk exposures of each bank. Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to review the risk measurement systems in banks including the following:
Supervisory procedures require assessment of the following:
Effective information systems: Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to determine that institutions submit information at periodic intervals to the relevant users/ stakeholders within the institution on the level of their IRRBB exposures through formally established reports. The reports are to be prepared on a regular basis and distributed in a timely manner to the various user levels of IRRBB control units and senior management so that the information they contain is timely for decision making. The reports should allow for the assessment of the degree of consistency of the policies adopted with the established IRRBB appetite. To this end, the reports should include comparative information on the actual results of risk indicators (position, sensitivity analysis and IRRBB control tools) with the respective limits established, highlighting cases of breaches in the same document or in specific reports. The content of the reports may vary according to the users (traders, management body or senior management) and according to the size and risk profile of the institution. When it is intended for senior management, the reports should enable it to assess the following issues: current level and recent evolution of global exposure to IRRBB, current level and recent evolution of exposures to the main risk factors, relationship between the levels of IRRBB and the financial performance of the institution, and capital adequacy for the level of IRRBB assumed. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor requires banks to include appropriate scenarios into their stress testing programs to measure their vulnerability to loss under adverse interest rate movements | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC13 CP15 for details of the overall regulatory and supervisory requirements pertaining to stress testing frameworks in banks. Regulations establish that the risk measurement system of all banks must include “stress tests” related to IRRBB and the following minimum requirements for such stress tests (Circular BCB 3,365):
Supervisory procedures (in SRC - Risks and Controls Assessment) prescribe that the stress tests should use extremely adverse market movements drawn from historical scenarios or from hypothetical scenarios to assess their impact on the institution’s portfolios. Consequently, supervisory procedures establish that the riskier the performance profile of the institution, the greater should be the frequency of its stress testing. It is considered good practice to carry out stress tests at least once a month. For stress scenarios, the assumptions used should be sufficiently severe but plausible for prospective scenarios, to enable the institution to act in a pre-emptive manner for the preservation of its capital. Supervisors consider as good practice when the scenarios are jointly developed by the economic area and the risk control unit, and approved by senior management afterwards. The methodology used to identify and construct the scenarios should be compatible with the institution’s risk profile and should consider all relevant risk factors for the Banking Book. The supervisory procedures also define that the results should be accompanied by qualitative or quantitative analyses that assess the institution’s ability to withstand potentially high losses and should identify the actions that need to be taken to reduce its risk and conserve its capital. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC1 to EC4 for details of the risk measurement and stress testing approaches to be adopted by banks with regard to IRRBB, namely the EVA and EBA, and the reporting of the IRRBB exposures to the banks’ senior management, risk committee and the board, and to BCB. For ICAAP banks, the ICAAP report is also an important source of information, where the measurement techniques, the limits and the controls are detailed. Outlier evaluation tests are also carried out during ICAAP evaluations and in IRRBB horizontal studies. In IRRBB’s Special Verifications (VEs) (MSU 4.30.10.50.02.07) the outlier test is performed in a more detailed way considering not only the changes in economic value informed by the institution itself, but also the estimates of these variations made by Supervision from the cash flows reported by the institutions in the DRM. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC2 | The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC2 | Please see EC5 CP15 and EC1 CP16 regarding the details of the types of banks that are required to implement ICAAP. The other banks are exempted from implementing an ICAAP. Please also see description under EC1 to EC4 for details of the risk measurement and stress testing approaches to be adopted by banks with regard to IRRBB, namely the EVA and EBA. Regulations establish the procedures and parameters to be adopted by banks in relation to the Internal Capital Adequacy Assessment Process (ICAAP). Regulations also require that the process must assess the sufficiency of capital held by the institution, considering its strategic objectives and the risks to which it is exposed in the time horizon of one year, which must cover IRRBB. (Circular BCB 3,547, of July 7, 2011) Regulations require the major banks to describe, in their ICAAP reports, how the IRRBB is measured under the EVA and EBA approaches, including how the bank calculates embedded gains & losses of banking book instruments that are sensitive to interest rates. (BCB Circular 3,774) Supervisory assessment of capital adequacy is made periodically in the ICAAP evaluation process and also in a more detailed manner in the IRRBB special verifications (VE’s). In addition to the managerial information provided by the institutions, the Supervision estimates reference values for the capital relative to the IRRBB using its own valuation methodology. The reference methodology employed uses the earnings approach (Delta NII), the economic value approach (Delta EVE), embedded losses and the characteristics of the going and gone concern scenarios. Though not included as a Pillar 1 capital requirement, all banks are expected to hold capital to cover their exposures to IRRBB. The reference capital requirement estimated by the supervision using the above methodology is used to challenge the capital measured by the institution and any inconsistencies are pointed out so that the institution is able to develop an action plan for readjustment of its IRRBB management framework. When assessing ICAAP reports, supervisors are expected to verify full compliance with the minimum criteria that must be considered in the calculation of management metrics (according to regulations Circular No. 3365, September 12 2007). Since then, the supervisors have noticed significant improvements in banks’ management of IRRBB. Previously, economic value metrics were VaR-based, and the earnings-based approaches practically didn’t exist. The banks have now understood the need to evolve their metrics of EVE and implement metrics of NII. In addition, the management of embedded gains and losses was also implemented, as well as improvements in the treatment of embedded options. In sum, the banking industry is implementing a number of improvements in response to the Brazilian supervision’s initiatives to converge the measurement and management of IRRBB to the international best practices. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 23 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | Gaps can be noticed in the area of regulations relating to risk management framework for IRRBB, including governance and board or senior management oversight requirements. However, these have been adequately addressed from at least three fronts: with the issue of the Resolution 4557 of 2017 which has become effective for S1 banks from August 2017 and will be effective for the other banks by February 2018; with the clear articulation of the framework for measuring and reviewing banks’ exposures to IRRBB and the introduction of conservative requirements for such measurement taking into account the Brazilian interest rate environment; and the requirement for all banks to hold capital for IRRBB exposures. The BCB is already in the process of reviewing and revising the regulatory and supervisory frameworks for IRRBB, to align closer to the Basel norms and expectations (BCBS IRRBB -April 2016). This is expected to be completed in early 2018. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 24 | Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Liquidity Coverage Ratio (LCR): Resolution CMN 4,401 of 2015 and Circular 3,749 of 2015 require that all prudential conglomerates and specified types of banks (multiple, commercial, investment, exchange and savings banks) where total assets are greater than BRL 100 billion must comply with the LCR. Resolution CMN 4,401 of 2015 establishes the LCR minimum requirement, fulfillment conditions, scope of application, permission to use the liquidity buffer in periods of stress and the implementation schedule. The LCR framework introduced by the BCB was recently assessed by the Basel Committee as part of the RCAP framework for its compliance with the requirements established in the LCR standard issued by the Basel Committee and found to be “compliant”. The minimum LCR was implemented according to Basel implementation plan, i.e. starting with 60% of minimum LCR in 2015, 70% in 2016, 80% in 2017, 90% in 2018, and reaching the 100% requirement by January 2019. The LCR is required to be complied with at the level of the prudential conglomerate (consolidated) and is not required to be complied with at the individual entity comprising the prudential conglomerate. For specific periods during the transition, and with the acquiescence of the BCB, financial institutions will be allowed to operate with LCR below the prudential limits. A report on such occurrence must be sent to the BCB including the reasons that caused the breach, the contingency measures to handle it and a recovery plan to remedy it. For the period that the LCR remains below the specified limit, a detailed report for monitoring the recovery plan must be sent daily to the BCB, who can demand additional information. Upon the breaching of the LCR minimum level, the BCB can request (i) improvements in the management of liquidity risk, in the liquidity contingency plan and the liquidity recovery plan; (ii) reduction of the liquidity risk by, among other measures, sale or exchange of assets and liabilities, alteration in the structure of funding, reduction of the disbursements related to the granting of credit; and (iii) reshaping of the LCR value, in a timeframe to be determined by the BCB, to guarantee restoration of compliance with the minimum LCR limit. Circular BCB 3,749 of 2015 details the LCR metrics and requires public disclosure of the LCR according to the Basel standard template. Net Stable Funding Ratio (NSFR): The BCB is currently working towards implementation of the NSFR, which will become a minimum standard by January 2018. They are preparing the draft regulation including public disclosure, and performing impact studies. The financial institutions that are not required to maintain the LCR (those with total assets below BRL 100 billion) are not subject to any formal liquidity risk ratios. However, in these cases, as per regulations (Resolutions CMN 4,019 and 4,557) the BCB can, under discretionary review of circumstances, adopt other preventive prudential measures aiming at soundness, stability and regular operation of the Brazilian Financial System (SFN). Supervision reviews the liquidity risk management frameworks in all financial institutions through activities such as the Risks and Controls Assessment System - SRC (CAMEL-like assessment), Examination, Special Verification (SV) and off-site supervision/ monitoring tools. On these supervisory procedures, the BCB monitoring tools are a main source of quantitative information for supervisors to decide on actions. Since 2001, the BCB has been developing and improving liquidity monitoring tools. Liquidity and Market Monitoring System (SMM) in the BCB provides the supervisors and the Financial Stability Committee (COMEF) with timely and updated information, for evaluating the liquidity risk (short-term and structural) in the supervised institutions and prudential conglomerates. The SMM monitoring includes stress scenarios (idiosyncratic, peer group and systemic) and produces technical reports (early warnings, tailor made scenarios and financial stability analysis). Based on the granular data received from the supervised institutions and the TRs, the SMM is able to provide a wide range of liquidity monitoring tools to the off-site and on-site supervision supervisory functions. In addition, a new range of monitoring tools has been recently developed to aid the off-site monitoring process. These include, LCR by currency and jurisdiction, the Extended Liquidity Ratio (ELR) that takes into account liquidity support to managed funds (step-in), a new report on non-LCR banks by including detailed data including overseas exposures and allowing the BCB to run a proxy for the LCR (on a consolidated basis and also by currency and jurisdiction) on a monthly basis. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 of this CP for the LCR requirement and liquidity monitoring tools deployed by the supervision. The LCR calculation encompasses a wide range of exposures (on- and off-balance sheet risks) and its monitoring is complemented by BCB monitoring framework, which is flexible enough to consider different scenarios and conditions (at micro and macro levels). The LCR has been implemented by the BCB considering the Brazilian market and economic conditions, and the RCAP assessment has found the Brazilian standard as compliant with the Basel standard. The LCR and the wide range of monitoring tools used by the BCB can capture the liquidity risk profile of the supervised institutions. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The regulations on liquidity risk management which were in operation until August 2017 for S1 banks and which are in operation for the other banks till Feb 2018 lay down the following key requirements pertaining to liquidity risk management framework (Res. 4090 of 2012): Liquidity risk is defined as:
Supervised institutions must establish a liquidity risk management framework commensurate with the nature of their operations, the complexity of their products and services and the extent of their exposure to liquidity risk. The key requisites of the liquidity risk management frameworks include:
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for liquidity risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. Furthermore, the revised regulations require that the liquidity management framework must also prescribe risk management systems that include information systems deemed adequate, both under normal circumstances and in periods of stress, to assess, measure and report on the size, composition and quality of the institution’s risk exposures. The revised instructions require that liquidity risk management must be performed by an unit independent from the business unit. The revised regulations (Res 4557 of 2017) require that the risk management structure for continuous and integrated risk management must prescribe policies, strategies and procedures for the purposes of liquidity risk management, which ensure:
Furthermore, the revised regulations (Res. 4557 of 2017) require that the integrated risk management structure must comprise adequate policies, procedures and controls to ensure a prior identification of risks inherent to:
Please also see description under ECs 1 and 2 of CP15 on the details of the stress testing frameworks to be established in banks. The adequacy of the banks’ liquidity risk management framework and the banks’ liquidity levels are assessed by the supervisors using several monitoring tools that are elaborated in EC1. During on-site inspections, supervisors are required to review and assess (a) if senior management formally establishes (and the Board approves) and communicates the bank’s strategy and policies to the area responsible for the daily liquidity management, (b) the existence of specific guidelines for liquidity management of different currencies in different countries, (c) the process of reviewing their goals, policies, objectives and procedures, and (d) whether relevant information on liquidity risk assessment, monitoring and control provide a timely and comprehensive report to the board and senior management. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 |
The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see the description under EC1, EC2 and EC3 for the details of the requirements of banks’ liquidity risk management frameworks, the liquidity requirements for banks and the supervisory approach to assessing the adequacy of the risk management framework and the adequacy of the levels of liquidity held by banks. Among others, regulations also require that the information systems in banks should be able to identify and aggregate liquidity risk exposures and provide comprehensive reports to the board and senior management that reflect the institution’s risk profile and liquidity needs. It must also be provided on a timely basis and in a suitable form to the board and senior management, any deficiencies or limitations in risk estimation and in the assumptions of quantitative models and scenarios. The adequacy and ability of the information systems is tested by the supervisors during the ongoing supervision process when they engage with the banks on this topic, on the basis of the alerts they receive from the off-site supervision. The regulatory framework also establishes the expectations from the institution’s Board, that it must comprehensively understand the risks that may affect the institution’s liquidity and ensure the institution’s compliance with the RAS. In addition, policies and strategies, including the contingency funding plan, for liquidity risk management must be approved and reviewed at least annually by the institution’s Board. Supervisors determine the adequacy and implementation of the liquidity risk management framework as envisioned in the relevant regulations through their regular inspection processes and through the continuous monitoring process. The Supervisor receives extensive information regarding the liquidity positions and prospective positions and risks on an ongoing basis, in part through regulatory reporting received directly from the institution and also through the BCB’s interface with the various trade repositories and depositaries. Through these processes, the Supervisor can proactively monitor the funding and liquidity positions of all institutions. Furthermore, the off-site monitoring conducts stress test of the positions to determine potential periods of stress and the nature of stress therein. The parameters set within the BCB’s ongoing monitoring system, relative to the risk profile of a given bank, generate historical and current liquidity ratio figures, as well as trend figures. Through this process, the supervisor is able to conduct effective and timely continuous monitoring of the funding and liquidity situation of all banks. Although already incorporated in work procedures, in 2016 the BCB’s Supervision updated the MSU regarding the information systems and controls of the financial institutions regarding their liquidity risk exposures and funding needs. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g. credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see the description under EC1 to EC3 for the details of the requirements of banks’ liquidity risk management frameworks, the liquidity requirements in banks and the supervisory approach to assessing the adequacy of the risk management framework and the adequacy of the levels of liquidity held by banks. Some of the key requirements under the regulations (Res. 4090 of 2012) address the requirements under this EC and shape the banks’ funding liquidity strategy and processes. In brief, these are
Further, the regulation on LCR requires financial institutions to have policies and limits in place in order to avoid concentration with respect to asset types, issue and issuer types, and currency within asset classes. Moreover, the high-quality liquid assets (HQLA) must be well diversified within the asset classes themselves. Financial institutions must monitor the concentration of expected inflows across wholesale counterparties in order to ensure that their liquidity position is not overly dependent on expected inflows from a limited number of counterparties. Furthermore, the institution must maintain HQLA consistent with the distribution of their liquidity needs by currency. A representative sample of the assets included in the stock of HQLA must be periodically monetized through repurchase agreements or final sale operations, to test the institution’s access to market, the effectiveness of the process and the liquidity of assets. The institution must actively monitor and control liquidity risk exposures and funding needs at the level of individual legal entities, foreign branches and subsidiaries, and the group as a whole, considering legal, regulatory and operational limitations to the transferability of liquidity. The supervisor reviews the liquidity risk management frameworks through the SRC and the VEs, which includes the banks’ funding strategies, policies and processes. The effectiveness of these in terms of actual outcomes are assessed through the ongoing monitoring by the off-site supervisors, whereby they can alert the on-site supervisors of any impending stress on funding liquidity. On receipt of such alerts, the on-site supervisors are able to engage with the senior management in the bank, or undertake an onsite inspection. Supervisory expectations include that the department responsible for funding and liquidity management (for example, the treasury) must regularly interact with other operational departments of the institution to provide and obtain relevant information for managing the process. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see the description under EC3 for the details pertaining to regulatory requirements for liquidity risk management, which include the stress testing and liquidity contingency funding plans. The contingency plans received from the institutions are required to include a clear framework for communication with the BCB. The presented plan is assessed by the supervisors to assure that it is feasible and adequately addresses liquidity deficiencies taking into account the risk profile and systemic importance of the financial institution. As per SRC 4.30.40.10.02, the supervisor must assess whether the liquidity risk management policies consider, among other things, a contingency plan. The supervisor must verify if the contingency plan is adequate in relation to the profile, volume and complexity of the institution’s operations; the plan includes a cash flow projection and funding alternatives, and foresees both the needs of resources and their sources and costs, considering various market scenarios; and if the plan is applicable in times of crisis and is documented in an approved manual by senior management. The supervisor must also check if the plan establishes procedures that govern the liquidation of assets; ensure that all legal aspects relating to the assignment of claims and assets are fully knowledgeable and are previously streamlined; boost the uptake of stable sources and promote the uptake of alternative sources; governing access to available reserves lines; ensure the reliability and timeliness of information flow; and consider the speed of redemptions of its obligations and any resource requirements to meet the obligations recorded in clearing accounts. The VE of Liquidity Risks, detailed in MSU 4.30.10.50.02 also states that the supervisor must verify the existence of a contingency plan for cash management and continuity of operations in adverse situations, covering the following aspects: liquidation value of assets; stable funding sources and alternatives; deadlines and volumes of redemptions obligations; the need for resources to meet obligations recorded in clearing accounts; reserves lines available; and the sequence of realization of assets. The supervisor must also verify whether the contingency plan contemplates several scenarios, if it defines the actions and those responsible for their implementation and whether the information is available to senior management in a reliable and timely manner. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programs for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Please see the description under EC13 CP15 and EC3 of this CP on the stress testing frameworks required in banks under the regulations and as relevant for liquidity risk management. As per regulations, the stress test program must include stress on liquidity risk, impact of significant risk concentrations, the use of assumptions and parameters that are adequately severe and use, according to risk management needs, any or all of the sensitivity analysis, scenario analysis and reverse stress test methodologies. In developing stress test scenarios, the institution must consider, when relevant, historical and hypothetical elements, short- and long-term idiosyncratic and systemic risks (from a national or an external origin), risk interactions, risks related to the prudential conglomerate as a whole, as well as to its individual components, risk of granting financial support to an entity not belonging to the institution’s conglomerate (step-in risk), asymmetries, non-linearities, feedback effects, breakdown of correlations and other assumptions. Stress test results must be considered by the institutions not only in the assessment of the institution’s liquidity and in the development of contingency plans, but also in the revision of the Risk Appetite Statement (RAS), policies, strategies and limits established for liquidity risk management purposes. If deemed necessary, the BCB may determine adjustments to the stress test program, including the use of scenarios that differ from those originally used, as well as additional stress tests if deficiencies are identified in the original program. Likewise, the BCB can provide specific scenarios to be used by the institution in their stress tests. Currently, BCB does not have integrated top-down stress testing for liquidity and solvency risks. Those risks have been stressed separately and BCB has worked on including feedback effects of fire-sales into the solvency stress testing framework. Regarding the liquidity stress testing, Supervisors assess banks’ liquidity and funding risk exposures by liquidity risk metrics (regulatory and BCB internal ratios), and other monitoring tools, which include ‘stress’ views of the banks’ liquidity positions, some of which are reviewed daily. For instance, the reports or metrics include a report on funding stress, the sensitivity matrix, and a sensitivity analysis that measures the impact on liquid assets arising from increasing degrees of stress scenarios for the Brazilian interest rate and the BRL/USD exchange rate. On the basis of the outcomes of the review of these BCB metrics and the stress tests undertaken by the banks, supervisors pursue with the senior management in the relevant banks, as appropriate. During the ongoing engagement with the senior management as well as during the SRC or the VEs, supervisors are able to assess the adequacy and appropriateness of the stress scenarios used by the banks, and the use of the stress test outcomes in the day-to-day liquidity risk management, revision of contingency plans or liquidity risk strategy. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Banks in Brazil are not allowed to offer foreign currency deposit products to the general public (Circular BCB 3.691, that deals with issues pertaining to the foreign exchange market). The only exception where it is possible for the banks to offer foreign currency accounts in the country includes deposits from travel agencies, tourism services providers, embassies, foreign diplomatic offices and international organizations. Foreign currencies are usually kept in accounts in banks abroad, and the BCB imposes limits on foreign exchange exposures. Consequently, the most common foreign currency exposures for the banks in Brazil are related to funding instruments (e.g. bonds) issued abroad and, on the assets side, to finance trade operations. As regards foreign operations of banks in Brazil, through subsidiaries and branches, regulations require that the institutions manage liquidity risk individually for each country of operation and for the currency of the exposure, acknowledging possible restrictions to the transfer of funds and to currency conversion, such as those caused by operational problems or by decisions imposed by any given country. Additionally, regulations (Circular BCB 3.749 of 2015) establish that banks subjected to the LCR requirement must manage their liquidity needs in each significant foreign currency for which cash outflows are anticipated and must ensure their capacity to satisfy liquidity needs in each currency exposure. Therefore, the LCR must be calculated and monitored by each relevant currency; HQLA must be maintained in a consistent way with the liquidity needs by relevant currency; and potential currency mismatches, between the stock of HQLA and net cash outflows, by currency, must be identified. The BCB’s Financial System Monitoring Department is capable of tracking several exposures in foreign currency, especially those related to trade finance, funding from abroad and government securities. Since most transactions are registered in trade repositories and depositories or are reported directly by the financial institutions through monthly regulatory reports, the supervision is able to identify bank specific and aggregate fluctuations in foreign currencies exposures. In addition, the supervisors gather information on the foreign currency exposure through the liquidity risk report that must be submitted to the BCB. For LCR institutions, the report contains all details of the daily LCR calculation (exposures by type, weight factor, jurisdiction and currency) and other liquidity risk exposures considered relevant to monitor. For non-LCR institutions, the supervisor requires a simplified report, without run-off factors, but also segregated by currency and jurisdictions, that allows supervision to run a ‘LCR proxy’. Based on these reports, since the first half of 2017, the supervision started to monitor the LCR by significant currency, a monitoring tool suggested under the Basel III standards to better capture potential currency mismatches. By monitoring the LCR by significant currency, supervisors have been alerted to currency mismatches, and thus they can evaluate banks’ ability to raise funds in foreign currency markets and the ability to transfer a liquidity surplus from one currency to another and across jurisdictions and legal entities. A similar approach has been developed for supervising non-LCR banks. Supervisors are required (SRC 1.60.60.20) to assess whether the institution has specific guidelines regarding liquidity management strategy, including in different currencies and in different countries, if applicable. They are also required (4.30.40.30.03.02 (SRC - Liquidity Management) of the MSU) to identify the composition of assets and liabilities, noting non-hedged terms and currencies; verify in the liquidity management reports evidence of non-hedged currency and maturities; and verify situations of limit extrapolations, liquidity in foreign currency and irregularities. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC1 regarding implementation of the LCR in Brazil. Regulations have clearly established that (Circular BCB 3.749 of 2015) an asset can be considered HQLA only when unencumbered, or free of any legal, regulatory, statutory or contractual restrictions capable of obstructing its negotiation. With the compliance of the banks with the LCR, they are able to demonstrate that they are able to manage their HQLA stock at acceptable levels. As regards the non-LCR banks, the LR that the BCB has in place serves as a proxy LCR. Supervisors observe that in most cases the LR is more conservative than the LCR, which assures that the non-LCR banks also manage their HQLA stock at acceptable levels. Regulations require banks to make periodical disclosures about their risk management frameworks, including liquidity risk management. These are required both as part of the disclosures under the prevailing accounting standards and as part of the Pillar 3 disclosures. Please see description in CP28 for details. For the institutions subject to LCR regulation, information related to the calculation of the LCR, including qualitative explanations, must be disclosed quarterly according to the standard format defined in the annex of Circular 3.749 of 2015. This information must be available along with the information related to risk management on the institution’s website. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 24 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory requirement (LCR) set by the BCB complies with the Basel standards. The supervisors monitor the liquidity situation in the banks on almost a daily basis, including implications of potential stress from market risk situations. The multiple liquidity monitoring tools and methodologies deployed by supervision provides the supervisors an assurance of the banks’ ability to meet their respective liquidity needs. They are able to draw additional comfort with the qualitative assessment of the banks’ liquidity risk management frameworks undertaken through the ongoing and continuous supervision approach. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 25 | Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk49 on a timely basis. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Operational risk losses in banks in Brazil primarily are arising from legal risk which accounts for about 70 percent of the losses, about 20 percent of the losses arise from external frauds and all other types of operational risk losses account for the remaining 10 percent. The main sources of losses from legal risk arise from different types of litigation against the banks, which include in the order of severity, tax claims, labor claims and customer claims. The regulations on operational risk management which were in operation till August 2017 for S1 banks and which are in operation for the other banks till Feb 2018 lay down the following key requirements pertaining to operational risk management framework in supervised institutions (Res. 3380 of 2007):
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for operational risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. The revised regulations lay down the following additional requirements for operational risk management, which include:
During a supervisory cycle, bank supervisors assess the banks’ operational risk management framework within the SRC (MSU 4.30.40.20.05), which includes an assessment of the major aspects, including the risk management strategies, policies, corporate governance, system evaluation, corresponding control activities, monitoring, management and regulatory reports. These assessments are scaled up and applied proportionately in relation to the size, complexity, risk profile and systemic importance. Similarly, the supervisory expectations from the strategies, policies and processes established by the banks are proportionate to their size, complexity, risk profile and systemic importance. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 and EC2 of CP15 and EC1 of this CP on the requirements established in regulations for the operational risk management frameworks in the supervised institutions, and the role and responsibilities of the board and senior management. Resolution CMN 4,557 of 2017, which became effective for S1 banks in Aug 2017 and will become effective for other banks in February 2018, has introduced the requirement for a RAS. In terms of this requirement, Risk appetite levels must be documented in the RAS, which must reflect (i) the types and levels of risks that the institution is willing to assume; (ii) the institution’s ability to manage its risks in an effective and prudent manner; (iii) the institution’s strategic goals; and (iv) the competitive conditions and the regulatory landscape in which the institution operates. Supervisors assert that, many banks had already developed Operational Risk Appetite and Tolerance Statements as a useful management tool before the regulatory requirements. Art. 45 of Resolution CMN 4,557/17 establishes that the institution must constitute a high-level risk committee, and Art. 48 defines that the board must:
The board and senior management should also express their opinion on corrective actions aimed at addressing findings in control and operational risk management weaknesses. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | During supervision of operational risk management, supervisors rely on the banks’ internal control reports, internal audit reports, the internal annual report to the board and senior management on the operational risk management in the bank, the external audit report, and the bank’s ICAAP report. The main benchmarks used by the supervisors to assess operational risk (including legal risk) and the effectiveness of management and control systems are:
During the supervisory cycle, supervisory assessment of the operational risk management framework (within the SRC (MSU 4.30.40.20.05),) includes an assessment of the main operational risk categories, corporate governance, risk management policies, identification and assessment of operational risk, corresponding control activities, monitoring, and management reports. The supervisors may also resort to special verifications (VE) on operational risk management, which encompasses a thorough analysis of the Operational Risk Management Function in a bank. These reviews, among others, enable the supervisors to assess the effectiveness of the implementation of the operational risk policies and processes and how these contribute to the accomplishment of the strategy approved by the board. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. For small and medium sized banks, the supervisors examine their level of compliance with the qualitative requirements for the Alternative Standardized Approach. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The prevailing regulations on operational risk management cover requirements relating to disaster recovery and business continuity, which include the following:
The revised regulations that have become effective for S1 banks in August 2017 and will become effective for the other banks from February 2018 require that:
Supervisors are required to monitor the quality and comprehensiveness of business resumption and continuity plans based on the following indicators:
During the supervisory cycle, supervisors are required to verify bank’s IT disaster recovery and business continuity plans based on international best practices, namely the Cobit framework to assess their coverage and effectiveness, and whether these plans are tested and updated. Examiners verify the completeness of the tests, covering systems, and inhouse and outsourced staff. Supervisors are also required to assess contingency plans, including information technology aspects, to ensure that the institution is able to operate continuously and to limit losses in case of severe contingencies, including disturbances to payment and settlement systems. The supervisor is able to require the adoption of additional controls, in cases of inadequacy or insufficiency of operational risks’ controls. (Under MSU item 4.30.10.50.11 and MSU 4.30.10.50.06.02) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have established appropriate IT policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound IT infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under EC1 and EC2 for the requirements established in regulations for management of operational risk, which also explicitly includes IT risk, and EC4 for details pertaining to disaster recovery and business continuity plans relevant for IT aspects. Regulations pertaining to operational risk have established events arising from IT and information systems as operational risk events (Article 32 of Res. CMN 4557 of 2017, and Resolution CMN 3,380 of 2006), and require banks to periodically conduct security tests on the institution’s information systems (Resolution CMN 2,554 of 1998). Art 33 of Resolution CMN 4557 of 2017 requires the risk management framework to include, for the purposes of operational risk management, besides other items:
Specialized teams dedicated to specific risks are located within the onsite supervision department, one of which is in charge of IT issues, specializing in risk assessment and control of processes, resources and technological environments based on international best practices. The procedures contained in the Supervision Manual (in item 4.30.10.50.18) are based on the Cobit methodology, which guide evaluation of the institution’s strategic IT plan; the guidelines followed by the institution on technology infrastructure; the investment in technology and the communication of IT policies and guidelines. Supervisors are required to examine the policies and procedures related to information technology from the perspective of operational risk management of the institution. Thus, there is an establishment of principles for identifying, assessing, monitoring, control and mitigation of operational risks, encompassing the risks related to the management and use of information technology. Examiners are also required to assess the existence of policies, rules and corporate procedures, and whether these are appropriately disseminated and implemented in relation to the management of information security. Supervisors are also required to examine whether information technology plans are considered in the definition of strategic plans and corporate budget and whether they are aligned to the overall strategies of the institution. (MSU item 4.30.10.50.11,) During the supervisory cycle, the supervisors are required to evaluate the adequacy of the relevant processes, people, systems, equipment and other resources employed in IT risk management relative to the size, complexity, risk level and dependence on technology of all operational, management and administrative activities of the institution. The evaluation of investments in IT area include evaluation of project management, development processes, maintenance of systems, evaluation of their performance, the safety guarantees, continuity of data processing systems, and adequacy of internal controls constitute part of the examination. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor determines that banks have appropriate and effective information systems to:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC5 regarding the information systems pertaining to operational risk losses established in Resolution CMN 4557 of 2017. Regulations prior to this have also established the requirements pertaining to documentation and storage of information related to operational risk losses; and implementation, maintenance and disclosure of a structured process of communication and information. Circular BCB 3.647 of 2013, sets the minimum requirements for use of the advanced approach based on internal models for the calculation of capital requirements for operational risk. It provides detailed guidance on Internal Loss Data Collection, encompassing operational risk events, near losses, loss data thresholds, provisions for legal risks and timing differences, grouped losses and date of internal events. All DSIBs have since reportedly implemented these requirements in their internal modelling efforts. In addition, the remaining ICAAP banks (prudential segment 2) have been encouraged to comply with the AMA requirements on loss data collection for the sake of comparability. Bank supervisors have encouraged banks in other segments, especially ASA banks, to adopt the AMA requirements as best practices in internal loss data collection, as part of the qualitative requirements (Circular BCB 3.640 of 2013, art. 7-A, item II, e). In its endeavor to ensure implementation by the banks, there are instances where banking supervision has decided not to authorize a bank to adopt ASA while it did not include legal provisions in its loss event database and required another previously authorized ASA bank to include provisions for litigation in its loss database. In the light of the development of the Operational Risk Standardized Measurement Approach the BCB is working on a project for the periodic reporting of internal loss events by banks to the supervisor. Bank supervision assesses the information systems and processes for operational risk loss data collection in the supervision cycle and reports the results in the periodic SRCs. In the large banks and those that are keenly developing the internal loss database, the supervisors are engaging with them to be assured about the adequacy and appropriateness of the information systems and the methodologies for capturing losses. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Circular BCB 3,640 of 2013, which establishes procedures to calculate the component of the risk-weighted assets relative to exposures subject to operational risk, requires the financial institutions to forward to the BCB a report detailing the calculation of the operational risk capital requirement. In addition, institutions must keep available to the BCB, for 5 years, the information used to calculate the capital requirement. Circular-Letter BCB 3,663 of 2014 establishes the procedures for forwarding the monthly Operational Limits Document (DLO), which includes information on operational risk exposure. Regulation (Resolution CMN 3.198, art. 23) imposes a requirement on the external auditors and members of the audit committee to report within three working days a limited number of material operational risk events, such as management fraud, material internal or external fraud, non-compliance with internal and external laws and regulations that poses risk to the financial institution’s continuity and material errors in the financial statements. The scope of this reporting should be extended to other types of OR events for example, cybersecurity incidents, technology risk incidents and process failures and the responsibility for all such reporting can be placed on the banks’ boards/ senior management. The supervisor usually relies on the regulatory annual report on operational risk and internal control weaknesses and the ICAAP report in order to keep up-to-date with developments in operational risks at banks. In addition to that, during the supervisory cycle, supervisors also resort to management reports, interviews with senior management and review of interim financial statements, especially for information about litigation, which is one of the main sources of operational risk for Brazilian banks. The supervisor also holds periodic meetings with the internal audit, external audit, members of the audit committee and the bank’s board in order to obtain additional information about material operational risk events and litigations. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 |
The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management program covers:
Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Please see description under EC1 and EC2, for the regulatory requirements pertaining to operational risk management frameworks, which also include the requirement pertaining to outsourcing by banks. In brief, the relevant requirements are: Resolution CMN 3,380 of 2006 already required some attention to aspects pertaining to outsourcing:
Resolution CMN 4,557 of 2017, that is in effect for S1 banks from August 2017 and that will become effective for the other banks from February 2018 addresses several issues in outsourcing, a summary of which is presented below:
Within the SRC, Supervisors assess the management of operational risk in relevant outsourcing service providers, encompassing reputation, training, controls and contingency plans. Supervisors can resort to more thorough examinations (specialized verifications), where warranted (MSU item 4.30.10.50.11.) One of the supervisory procedures (MSU item 4.30.10.50.12) examines aspects of the domestic correspondent non-bank organizations (NBO), such as the selection process, the contracts and the controls of the correspondent NBOs. According to MSU 4.30.10.50.09.01, Supervisors are required to examine the monitoring carried out by the institution on the quality of care provided by its correspondents to the bank’s customers. The Supervisors’ risk management assessment can also be extended to include the examination of critical service providers. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g. outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | When the supervisor identifies common operational risk exposures in the financial markets, bank supervision resorts to horizontal examinations or surveys, in order to assess the risk exposure for a group of institutions. Usually, risk identification is based upon financial or management information or driven by specific operational risk events (e.g., common class actions, cybersecurity incidents). Recent examinations encompass litigation (large exposures, class actions) and information technology aspects (e.g., cybersecurity events, dependence on common service providers). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 25 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory framework of operational risk management was initially established in 2006 to support the qualitative requirements of the Basel II framework when it was introduced. This was less prescriptive, but this has been largely addressed with the issue of Res. CMN 4557, which is effective for S1 banks from Aug 2017 and will be effective for the other banks from Feb 2018. The main areas of improvement achieved through CMN 4557 include those pertaining to IT risk, outsourcing risk, business continuity planning and compilation of operational risk loss data. While these improvements will help, it may take a while for the new initiatives to bear fruit. The supervisory framework has been evolving over the period. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. Areas for improvement can include:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 26 | Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent50 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 |
Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | All commercial banks and multiple banks in Brazil are established as limited companies, of which 7 are listed entities. The internal control requirements in the supervised entities are guided by the relevant provisions and requirements in the Banking Law (Law 4595 of 1964) and the Company Law (Law 6404 of 1976), and the relevant regulations issued under these laws. In terms of Article 138 of the Company Law, publicly-held companies and authorized capital companies shall have a board of directors and the board of executive officers (senior management). The other companies shall have only the board of executive officers. In terms of Article 161 of the Company Law, all listed companies shall have a Fiscal Council (or Supervisory Board). Regulations (Art1, Res 2554 of 1998) require that financial institutions and other institutions authorized by the Central Bank of Brazil implement internal controls focused on (a) the activities they carry out, (b) their financial information systems, (c) the operational and managerial responsibilities and (d) the compliance with applicable legal and regulatory standards. Internal controls, regardless of the size of the institution, are required to be effective and consistent with the nature, complexity and risk of the operations performed by it. As per laws and regulations, most of the responsibilities for the internal controls framework rest with the senior management and the Board of Directors, who are in fact responsible for the administration of the company (Law 6404 of 1976). The main responsibility for the implementation of internal controls lies with the Board of Directors and, when this board is not required, with the senior management (Resolution 2554 of 1998 and Resolution 4557 of 2017). The Institution’s Board of Directors’ main responsibilities regarding internal controls are:
They must also provide high standards of ethics and integrity and an organizational culture that demonstrates and emphasizes to all employees the importance of internal controls and the role of each one in the process (Art 4, Resolution CMN 2,554, of 1998). In terms of regulations, (Art 2, Res 2554 of 1998), the internal control systems shall be accessible to the entire institution to ensure that the relevant staff at the various levels of the organization are aware of the responsibilities assigned to them. The internal control systems should include:
Regulations require that an annual report on the activities related to the internal controls system must be submitted (Resolution CMN 4,390, of 2014), to the board, the senior management and to the external auditor. The annual report shall include (a) a review of the conclusions of the examinations made, (b) the recommendations to address the possible deficiencies, along with a schedule of remedy, as applicable, (c) details of the areas where deficiencies were observed in the previous examinations and the measures effectively taken to address them. This report shall also be available to the Central Bank of Brazil for a term of five years. As per regulations, in institutions that are required to have an audit committee, the audit committees are required to, among others, (a) evaluate the effectiveness of independent and internal audits, including verification of compliance with legal and normative provisions applicable to the institution, and regulations and internal codes; (b) assess compliance by the institution’s management with the recommendations made by independent or internal auditors; and (c) meet, at least quarterly, with the board of the institution, with the independent audit and internal audit to verify compliance with recommendations or inquiries, including with regard to the planning of the respective audit work. (Resolution CMN 3198 of 2004) The Supervision Manual includes procedures to evaluate the adequacy of the internal controls system. These procedures are established both at a more general level and for more specific activities, such as corporate governance (MSU 4.30.10.50.06.01), audit committee function (MSU 4.30.10.50.13), credit operation controls (MSU 4.30.10.50.01.01), treasury area (MSU 4.30.10.50.02), currency exchange operations (MSU 4.30.10.50.03), IT (MSU 4.30.10.50.18) and application systems (MSU 4.30.10.50.19). The supervisor also assesses whether members of the institution - especially senior management - are committed to and qualified to implement effective internal controls. The procedures established for SRC, VEs (targeted inspections) and continuous monitoring activities are based on definitions established by the Bank for International Settlements (BIS) and, as a reference, by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The verifications use an internal controls system approach that encompasses five components: Control Environment; Risk Assessment; Control Activities; Information and Communication; and Monitoring. The internal control verification (MSU 4.30.10.50.06.02) is required to be carried out at the corporate level and at the level of business units. Internal controls applied to specific activities are also verified and supervisory findings are often compared to internal audit findings and recommendations, to validate and review the auditing process as well. The verifications of the internal control systems and their effectiveness are assessed by the supervisors while assessing the control environment for each type of risks and also during the VEs while looking at specific portfolios, operations, products and functions. These reviews can happen as part of the ongoing supervision (SRC) and also as part of special verifications (VEs). The Supervisor has the legal power to sanction institutions, as provided by Resolution CMN 4019 of 2011, and must do so when violations are identified and confirmed. In less serious cases, the Supervisor may report deficiencies through an inspection letter or summons communication as specified in the Supervision Manual. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for requirements pertaining to internal control systems under the law and regulations and the supervisory processes and approach to review internal controls both as part of ongoing supervision and as part of special verifications. The determination of the balance of skills in both the back office and control functions relative to front office activities is inherent in the requirement for and execution of comprehensive and sound internal controls, internal audit oversight, external audit processes, and supervisory oversight. Also, this element is key to the evaluation of risk controls specified in the specific risk areas. For example, in the case of treasury activities the supervision manual contains a specific section regarding the operational risk in the treasury department (MSU 4.30.10.50.02.04), which emphasizes review of the balance of skills, resources, expertise and authority between the back office and the front office. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have an adequately staffed, permanent and independent compliance function51 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function is suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Financial institutions are not required to have a segregated compliance function or to appoint a compliance officer. Nevertheless, the regulations on internal control system include compliance elements (Article 1 of the Resolution CMN 2554 of 1998) and thus compliance also is the responsibility of the Board of Directors and, when this board is not required, of the Senior Management. (Please also see description under EC1 for details of the expectation of banks’ internal control systems and the board responsibilities). Though not formally required, the supervisors indicate that, in practice, the majority of Brazilian banks have a compliance officer or unit. The large banks segregate compliance units from other control functions. However, other banks combine compliance activities with other functions such as internal control. In 2017, the BCB replaced, among others, Resolution 3380 of 2006 by Resolution CMN 4557 and updated the supervision manual regarding the first and third lines of defense (management and executives in the business areas and internal auditors respectively). A specific rule or guidance to address the risk associated with information technology is also under study. Please see EC1 for the specific VEs undertaken by supervision on the matter. A specific resolution to address the compliance function requirements was issued in August 2017 which becomes effective from 31 December 2017 (Res 4595 of 2017). The new regulation does not require financial institutions to have a segregated compliance organizational unit, but it requires financial institutions to establish a formalized compliance policy. The compliance policy must be appropriate to the nature, size, complexity, structure, risk profile and business model of the institution, to ensure the effective management of its compliance risk. The new regulation also assigns responsibilities to the board of directors, such as approving and overseeing the compliance policy; ensuring the effectiveness and continuous execution of the compliance policy; and providing the necessary means to ensure that compliance activities are carried out properly. In addition, the new regulation will require financial institutions to provide sufficient, suitably qualified and trained staff, with the necessary experience to conduct compliance activities. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have an independent, permanent and effective internal audit function52 charged with:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Regulations require that all financial institutions should have a system of internal controls and that they should establish an internal audit function as part of this system and that the internal audit function should be structured as below (Res 2554 of 1998, as amended by Res 3,056 of 2002; (Para 2 to5, Part VII of Art2 of Res 2554)).
As a part of the ongoing supervisory process, the Supervisor interacts on a regular basis with internal audit functions. During onsite and continuous monitoring, the Supervisor asks for internal audit reports to (i) review the adequacy of audit in the relevant area and (ii) supplement BCB inspection procedures. The internal audit function is periodically assessed by the Supervision in the application of SRC, more specifically in the ARC of Corporate Governance. The CMN has issued Resolution 4,588 of 2017, on 30 June 2017 that comes into effect on 31 December 2017, which has established the revised and comprehensive requirements for internal audit in the financial institutions and other institutions authorized by the Central Bank of Brazil. Please see description under EC5 for details. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor determines that the internal audit function:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Resolution 4588 of 2017, that comes into effect from 31 Dec 2017, establishes detailed and comprehensive requirements related to the internal audit function. In brief these are presented below, which specifically and explicitly address the expectations under this EC.
Article 8 of the resolution states that the supervised entity should ensure that the internal auditors should have authority to evaluate all existing business and support areas, as well as outsourced activities. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 26 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory framework prior to the issue of the Resolutions CMN 4595 and CMN 4588, was focused on the internal controls in the supervised institutions. The regulations place the responsibility of establishing the internal control systems and ensuring their effective functioning on the board of directors and senior management in the banks. Part of the responsibility was also cast on the audit committee in the banks. In Brazil, unlisted banks are not required to establish a board of directors (non-executive), need not establish audit committee when they are small, and shareholders can constitute the senior management. Of the 116 unlisted banks, 41 have established Board of Directors. Of the remaining 75 banks accounting for about R$540 billion in total assets (6.8% market share), 46 are foreign owned banks (5.8% market share). Regulations permit internal audit to be part of the internal control function with the requirement that internal audit will report to the senior management. At the same time, the compliance function is not a requirement and the requirements for the internal audit framework is less sophisticated. Collectively, these features can seriously undermine the effectiveness of the internal control and internal audit functions in these banks. The Resolutions CMN 4595 and 4588 become effective on 31 December 2017. While these can help, it may take a while for the new initiatives to bear fruit. Drawing on the requirements of Resolution 2,554 of 1998, BCB has been supervising financial institutions’ “internal controls system”, which comprises the internal controls, compliance and internal audit functions. BCB’s supervisory practices aim at evaluating the effectiveness of compliance and internal audit functions in supervised institutions, including small ones, observing the supervisory cycle established for each of these institutions. Notwithstanding the above, BCB should devote greater attention to the internal control, compliance and internal audit functions in unlisted banks, to review their effectiveness, and take appropriate corrective measures, where warranted. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 27 | Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor53 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under EC1 of CP26 regarding the board structures in banks in Brazil. Depending on the governance structure in banks, the responsibility for ensuring that the financial statements are prepared in accordance with the widely accepted internationally accepted accounting policies rests with either one or more of the following:
Resolution CMN 3,786 of 2009 requires the supervised institutions that meet the following criteria to prepare financial statements in accordance with the IFRS and disclose these on an annual basis, together with external auditor’s opinion:
The preparation and disclosure of the consolidated financial statements required by Resolution 3786 shall be made by the parent institution of the group of consolidated entities, whose designated director (art. 5 of the Regulation annexed to Resolution No. 3,198, of May 27, 2004,) is responsible for reliability of these statements and the fulfillment of the deadlines. (Circular BCB 3,472 of 2009) Circular BCB 1,273 of 1987, which established the Cosif (financial institution accounting regulatory requirements), sets the local accounting standard and requires financial institutions to publish financial statements and explanatory notes, along with external auditor’s opinion. The aforementioned Circular holds the director in charge of the accounting department responsible for compliance with the required standards, and professional ethics and banking secrecy rules. Consequently, about 58 banks are preparing and publishing financial statements that comply the IFRS. Besides, all banks (including the above 58 banks) are preparing and publishing financial statements that comply with the Cosif. The Supervisor, under the framework of the Economic and Financial Analysis (ANEF), analyses the adequacy of recognition and accounting measurement of the main assets and liabilities in the financial statements, and evaluates the evolution of these items. In such analyses, the focus is on the valuation of assets and the integrity of liabilities. In relation to the valuation of assets, the analyses include: (i) provisions for exposures to credit risk; (ii) fair value measurement of assets; and (iii) valuation of other assets. Regarding the integrity of liabilities, the analyses include recognition and measurement. The Supervisor, under the framework of the SRC (Control Risk Analysis), also evaluates
The Supervision Manual details the execution of Special Verification Supervisory Procedures (VEs) of the Audit Committee and of Corporate Governance, using which the Supervisor evaluates the performance of the Audit Committee and the Fiscal Council (high level council, including minority shareholders) in providing reliable financial statements. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Presented in the table 7 below, is a summary of the requirements for financial institutions regarding the audit and disclosure of financial statements. Please see description under EC1 for the responsibilities placed on the board and senior management of banks regarding the financial statements issued annually to the public.
Table 7. Audit of Financial Statements by Supervised Institutions Table 7. Audit of Financial Statements by Supervised Institutions
Financial institutions are required to disclose semi-annual financial statements under Cosif rules (Prudential Conglomerate). Resolution CMN 4,280 of 2013 establishes that the parent institution is responsible for preparation and submission of these financial statements. The parent institution shall disclose such statements, including explanatory notes, and the auditor’s opinion. Resolution CMN 3,198 of 2004 obliges financial institutions to obtain an external auditor’s opinion on the financial statements published under Cosif rules. Regulations (Resolution CMN 3,198 of 2004) consolidate the rules relating to external auditors which include their requirement to be (i) registered at Brazilian Securities and Exchange Commission (CVM) and (ii) approved in a periodical certification test applied by the Brazilian Federal Council of Accountants (CFC). External Auditors’ practices and procedures must comply with the (i) auditing standards and procedures issued by the National Monetary Council (CMN) and the BCB, and (ii) with regulations issued by CVM, CFC and Brazilian Institute of External Auditors (Ibracon) when not conflicting with CMN or BCB rules (Resolution CMN 3,198 of 2004). Resolutions issued by the CFC establish the professional rules for the work of external auditors. The CFC approves the Brazilian Auditing Norms (NBC), which result from official translations of International Standards on Auditing (ISA) issued by International Auditing and Assurance Standards Board (IAASB). Resolution CMN 3,198 of 2004 also defines the role of the Audit Committee, which includes the evaluation of the effectiveness of the independent audit. The supervisor, by means of the SRC (MSU 4.30.40.20.09), analyses the performance of that committee. Regarding individual financial statements, all financial institutions are obliged to elaborate and disclose semi-annual financial statements under Cosif rules. Circular BCB 2,804 of 1998 presents the procedures for such publications, including periodicity, channels of disclosure, templates and the requirement of an external auditor’s opinion. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Regulatory reporting is presented according to Cosif rules, which prescribe accounting standards for financial institutions and prudential conglomerate. Since 2008, CMN has issued accounting standards in line with IFRS, introducing these standards into Cosif, including the Conceptual Framework for Financial Reporting. With this, the local accounting standard has come closer to IFRS. General rules of asset valuation are described in the General Principles of the Basic Norms of Cosif. Some specific rules are also described in the following regulations:
Supervision evaluates the procedures and criteria adopted by institutions in marking-to-market prices during on-site examinations, while the off-site monitoring assesses the values reported by the institutions on marked-to-market securities. As banks are required to submit regulatory reports that are in compliance with the Cosif and since they also publish audited financial statements that are in compliance with the Cosif, the need for a separate reconciliation of the published financial statement and regulatory reporting does not arise. The BCB has already made public a project with the purpose of aligning the local accounting standard to IFRS 9 Financial Instruments. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | External auditors must follow the standards set forth by International Auditing and Assurance Standards Board (IAASB) as endorsed by the CFC (Brazilian Accounting Council), which includes NBC TA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment (equivalent to ISA 315). Also, please see description under EC2 regarding the applicable auditing standards, and EC5 for the supervisors’ ability to establish the scope of external audits. Law 6,385 of 1976 establishes that BCB should apply penalties for the acts or omissions incurred while undertaking audit activities of financial institutions and other entities licensed to operate by the BCB. In cases where there is no serious breach, supervision can send inspection letters (“Oficio”) to determine the correction and improvement of audits of financial institutions. The regulation annex to the Resolution CMN 3,198 of 2004 defines the responsibility and the process for external auditors, which encompass audit of the financial accounting statements, including explanatory notes. In addition, as per regulations, external auditors are required to provide assurance to the Supervisors in a few additional areas such as internal audit, loan classification, and operational risk management. Art. 13 of Res 3467 of 2009, empowers the Central Bank of Brazil to (i) require additional information and clarification; (ii) determine the accomplishment of complementary examinations; and (iii) determine that the work performed by an independent auditor or by an audit entity is reviewed by another auditor. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see descriptions in the above ECs regarding the applicable accounting and auditing standards. The BCB has the power to determine specific services to be carried out by external audit in the institutions. In addition to the additional areas that the external auditors are expected to cover, as explained in EC4, Circular BCB 3,467 of 2009 grants the BCB the power to request complementary examinations according to findings in the institutions. In addition to the report that are published along with the financial statements, CMN requires the external auditors to elaborate:
The Supervisory Manual requires the Supervisor to check the scope and adequacy of the independent audit on the internal controls system of the institution, especially regarding the processes and procedures involved in the production of financial statements, and verify compliance with the regulations by the independent audit team. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB has the power to require external auditors to be replaced in the course of a Punitive Administrative Process (PAP) according to Law 6,024 of 1974 (intervention and extrajudicial liquidation of financial institutions) and Decree-Law 2,321 of 1987 (temporary special administration regime). In such cases, once the PAP is initiated, the BCB may determine the replacement of the Audit Firm or of the external auditor. Since 2012, Supervision has set up 6 (six) PAPs against 4 (four) audit firms. In cases where there is no serious breach, supervision can send inspection letters (“Oficio”) to seek improvement of the audits of financial institutions. The BCB is awaiting the passage of a new law which will allow the BCB to forbid external auditors from providing services to financial institutions, in cases where serious breaches are verified. Circular BCB 3,467 of 2009 grants the BCB, in specific cases, the power to demand the revision of the work performed by an external auditor by another external auditor. The regulation annex to the Resolution CMN 3,198, of 2004, requires that the financial institutions external auditor be registered at Securities Commissions (CVM) and be approved in a technical certification test. That certification needs to be maintained by means of: approval in new examinations or, cumulatively, performing audits on financial institution and participating in continuing education programs. In addition, the referred regulation provides independence requirements regarding audited entities. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | While law or regulation does not require the mandatory rotation of the audit firm by the financial institutions, they require them to rotate the members of the audit team after five years. Resolution CMN 3,198 of 2004 as amended by Resolution CMN 3,606 of 2008 and Circular-Letter BCB 3,367, of 2008, require that financial institutions replace the in-charge technical person, director, manager, supervisor and any other professional in a managerial position, in the team involved in the relevant institution’s external audit work, after the issuance of five complete annual reports. The Supervision Manual details that the Supervisor is responsible for verifying the rotation of the staff. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The Supervisor meets with the external auditors during the on-going and on-site supervision phases, on an as-required basis, to understand the auditing procedure and discuss matters relevant to the audited financial institution. Such meetings occur at least once a year. In addition, there is a group composed of representatives of the BCB and the audit firms (GT1 Ibracon + BCB), where they can discuss accounting and external audit issues. Usually meetings of this group occur every two months. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Resolution CMN 3,198 of 2004 establishes that the external auditor and the Audit Committee must formally communicate to the BCB, within three working days of identification of error or fraud in the specified situations. The supervision manual (MSU 4.30.10.50.06.02 (Special Verification - Management - Internal Controls in the Administrative Level)) provides that supervision must verify compliance with the regulations by the independent audit team. Resolution CMN 3,198/2004 (Art 21) and Circular BCB 3,467/2009 also establish that the external auditor must, as a result of the financial statement revision procedures, provide the Supervisor on a semi-annual basis with a report of eventual failures to comply with laws and regulations and internal control weaknesses. As these are embedded in the regulations and as the BCB is the supervising authority for the external auditors, the supervisors view such disclosures by the auditors as performance of their duties and compliance with the regulations, and not breach of duty. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor has the power to access external auditors’ working papers, where necessary. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Regulations (annex to Resolution CMN 3,198, of 2004) require that contracts between financial institutions and the respective external auditors must have a specific clause granting access to BCB, at any time, to external auditors’ work papers, as well as to any other document that has been used in the course of issuing bank related reports. When necessary, Supervision has requested the auditor’s working papers in order to understand any specific accounting issue of the audited entity. Some supervision processes require the Supervisor to request the working papers of auditors to assist the analysis to be carried out in such inspections (e.g. MSU 4.30.10.50.02.01 Portfolio Analysis and Treasury Operations; MSU 4.30.10.50.07.01 Contingencies). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 27 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The financial statements prepared and published by the financial institutions are in compliance with the Cosif (Brazil GAAP) and the IFRS. These statements are audited by independent external auditors who are required to perform the audits in compliance with the international auditing standards, and the audited financial statement are published along with the explanatory notes and auditors’ opinion at least at half-yearly intervals, both at solo and consolidated levels. Laws, regulations and the supervisor ensure appropriate governance arrangements are in place in the financial institutions for overseeing the external audit function. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 28 | Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require periodic public disclosures54 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see below in Table 8 the details of disclosure of financial statements by the financial institutions as required under law and regulations, which includes the applicable accounting standards, the frequency of disclosure, the applicable regulation and the basis of disclosure, namely solo or consolidated. It can be seen that the supervised institutions in Brazil are required to publish their financial statements both on solo and consolidated basis at least at half-yearly intervals and these are required to be in compliance with the Cosif or the IFRS.
Table 8. Disclosure of Financial Statements by Supervised Institutions Table 8. Disclosure of Financial Statements by Supervised Institutions
In addition to the above, laws and regulations require the supervised institutions to make additional disclosures as below:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see EC 1 on the periodical disclosures required to be made by the supervised institutions, which include both quantitative and qualitative disclosures. The Pillar 3 disclosures required vide Circular CMN 3,678 of 2013 include disclosure of information on risk management structures and functions, capital requirements and regulatory capital. The set of mandatory information includes: both qualitative and quantitative information of a bank’s financial performance; financial position; risk management strategies and practices; governance; risk exposures; limits; indices; aggregate exposures to related parties; amount of past due loans; total loans written off in the quarter; amount of loss provisions to loans; credit risk mitigation; counterparty credit risk; purchase, sell or transfer of financial assets; securitization; transactions with related parties; total amount of the trading book; equity holding in the banking book; exposure to derivatives and accounting policies. The disclosure must be made in a detailed form commensurate with the scope and complexity of operations and of systems and processes employed in risk management. Relevant restrictions or impediments, existing or potential, to the transfer of resources between consolidated institutions must also be disclosed. Owing to security concerns, Brazil has not introduced any Pillar 3 regulations on disclosure for executive compensation. This fact was not considered to be material and Brazil was considered to be compliant with Pillar 3 disclosure requirements by the Regulatory Capital Assessment Program (RCAP) of the BIS in 2013. Qualitative aspects of each risk management framework must be disclosed, including a description of:
The information must be updated with the following minimum period span: annual, for qualitative information, or in the occurrence of a relevant alteration; quarterly, relative to the dates of March 31, June 30, September 30 and December 31, for quantitative information. Resolution CMN 4.557, which came into effect in August 2017 for S1 institutions requires that:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | Laws, regulations or the supervisor require banks to disclose all material entities in the group structure. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The Cosif (Brazilian accounting standards) requires disclosure of detailed information regarding entities included in consolidated financial statements. Moreover, Circular CMN 3,678 of 2013 requires financial institutions to:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The BCB is the oversight body for enforcing compliance by the supervised institutions with the accounting standards (COSIF) including the related disclosures under the standards. The BCB is also the banking supervisor which has introduced the Pillar 3 disclosures, and hence is responsible for enforcing those disclosures as well. During the SRC on-site examinations and the off-site monitoring, the supervisors are required to evaluate: i) the effectiveness of the Board of Directors’ actions regarding the disclosure of timely and precise information on the relevant issues related to the institution; and ii) the performance of the Audit Committee, in the internal and external audits evaluation. During specialised inspections (VEs), the supervisors are required to evaluate performance and effectiveness of the Audit Committee and the Corporate Governance functions, where the roles of Senior Management and Audit Committee in providing reliable financial statements are assessed. Regulations (Circular BCB 2,804, of 1998) allow the BCB to require the financial institutions to amend and re-publish financial statements which are considered irregular. The BCB also assesses Pillar 3 disclosures required under regulations by the supervised institutions, through specific inspections. Regulations expressly allow the BCB to require the disclosure of supplementary information by the financial institutions, if required. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles). | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The BCB releases every quarter analytical accounting information on its website, aggregated by the type of institution. The BCB also publishes a Financial Stability Report every half-year, which presents aggregate data and analysis of the financial system. In addition to the aggregate information, the BCB also publishes financial statements and other information on individual institutions, financial conglomerates and prudential conglomerates, on its website. Among other accounting items and indices, BCB discloses total assets, total deposits, risk weighted capital ratio, net profits, tier I capital and net worth. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | In addition to disclosure of several quantitative disclosures, Circular BCB 3,678 of 2013 requires the disclosure of the following which reflect flow or movement during a reporting period:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 28 | Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The supervised institutions in Brazil regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The publications are mainly in the form of published audited financial statements along with the accompanying notes, that are in compliance with the IFRS and the BR-GAAP, and the Pillar 3 disclosures that are placed on the respective institution’s websites in an easily accessible place. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 29 | Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.55 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The regulatory framework establishes the responsibilities of the BCB and the Council for Financial Activities Control (COAF) as well as the relevant powers of enforcement in relation to criminal activities. The BCB is responsible for regulating and supervising financial institutions under the Banking Law (4595). AML/CFT is addressed under Law 9613 which provides the BCB, as the competent authority, with the authority to supervise financial institutions’ internal controls, AML/CFT compliance and also to apply administrative sanctions, when appropriate, in respect of AML/CFT (Article 12). Circular 3461 sets out the BCB’s requirements for financial institutions (and other institutions licensed by the BCB) in relation to policies and internal controls in respect of AML/CFT. In addition, the Circular requires financial institutions to inform the BCB and nominate a senior manager to be responsible for implementation and compliance of established measures and reporting of suspicious transactions to COAF. The AML Law (Law 9613) defines money laundering or concealment of assets, rights and values as a crime and sets procedures for the prevention of criminal offences. It also establishes a financial intelligence unit in Brazil: The Council for Financial Activities Control (COAF). COAF is responsible for receiving and analysing communications on suspicious transactions and cash operations, as well as producing and sending Financial Intelligence Reports to the competent authorities (General Attorney, Federal Police and others). Whistle blowing protection is available under the law in that communications made in good faith to COAF, as stated by the Law 9613 (Article 11, paragraph 2), will not result in civil or administrative liability. (See also EC11) Complementary Law 105 requires the BCB to notify the competent authorities of signs of crimes against public order, as well as of evidence of irregularities or illegal administrative offenses it has noted in the course of its supervisory activity. (See also EC4) Resolution 2554 determines the procedures that financial institutions must adopt in implementing their internal control systems. In terms of supervisory activity, the BCB and COAF work in coordination, ranging from the formulation of norms to information exchange and technical support. The BCB has a seat on COAF’s Council, and has access to the reports on suspicious transactions and cash operations made by banks to COAF. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The BCB separates banks into two tiers for more and less intense supervision in relation to supervision of AML/CFT. Also, and as noted in CP8, supervision of AML/CFT risks comes under the department for conduct supervision (DECON). The banks deemed to be more relevant in terms of money laundering risk (including the systemically important financial institutions), are supervised according to the Continuous Conduct Monitoring methodology (ACC). Under the ACC methodology, the BCB ensures there is one supervisor in charge of continuously assessing the corporate governance, risk management and compliance of each maior Brazilian bank in terms of AMI/CFT risk. The ACC methodology is adaptable according to the business model, risk profile and governance of each bank, allowing the BCB to focus on the most relevant issues. The BCB monitors 28 institutions, including all systemic banks under the ACC methodology. For the banks perceived to be less risky, the BCB has developed a “remote monitoring” methodology and IT system, called SisCom. Under this framework, two processes are carried out:
An ICR starts with a documentation request which is tailored to the area of activity being inspected. There is a set of around 300 questions, which is tailored and of which perhaps 100 might be sent to the institution. The bank has to respond and provide documentary evidence for its answers and the responses are reviewed for compliance with the laws and regulations. Both ICR and IDR processes lead to inspection letters and findings issued by the BCB and the requirement for a plan by the firm to remedy and regularise its situation. At the time of the assessment the DECON was planning to amend its processes so that a bank was not required to have its action plan approved before acting. Although the requirement to ensure that the bank understood what was required of it in the plan was seen as helpful to the banks, in practice it was leading to delays in remediation. The risk based methodology was developed by the BCB initially as a response to FATF findings on oversight of the non-bank sector but it was realised that the methodology would be compatible with oversight of the less systemic banking institutions. Foreign exchange transactions carried out by authorized agents, including banks, as well as external lines of credit taken by financial institutions are registered in the BCB, which records and monitors these transactions. Information received is analysed to identify weaknesses, breaches and atypical operations in particular respect for AML/CFT concerns (MSU 4-20-10-30, 4-20-20-60 and 4-20-20-90). In addition, the BCB produces bulletins and reports on this data for internal and external disclosure, as well as internal profiling reports on these agents, supporting studies, monitoring and supervisory decisions. In terms of prevention, detection and reporting, procedures that banks must meet for implementation of their internal control systems and internal audit are found in Resolution 2554. This resolution imposes an obligation on senior management to foster high ethical standards and to promote an organizational culture that demonstrates and emphasizes, to all staff, the importance of internal controls and the role of each member in the process. Duties imposed on banks regarding customer identification, data maintenance and report of suspicious transactions to the financial intelligence unit (COAF) are established in the law on AML (Law 9613) and in performing these duties, the banks must follow instructions of the BCB (see Articles 9 to 11). Circular 3461 require financial institutions to implement policies, procedures and internal controls to prevent the use of the financial system for criminal activities described by Law 9,613 (money laundering or concealment of assets, rights and values). The main aspects of this Circular are: I) Implementation of policies and internal control procedures to prevent the use of financial institutions for the abuses set out in Law 9613. Such policies must:
The procedures must include: explicit measures that determine customer due diligence, validate customers’ information, identify final beneficiaries of transactions and rules for the definition of politically exposed persons (PEPs). II) Identification of all customers: individuals, legal entities and their representatives, including final beneficiaries. Customers files must be kept updated and records of transactions held for at least 5 years; III) Monitoring of transactions to identify unusual situations; special attention to situations that pose higher risk and detection of suspicious situations; IV) Reporting to the COAF: mandatory reporting of cash transactions exceeding R$ 50,000.00, and suspicious transactions related to predicate offenses as specified in Law 9613. Complementary Law 105 provides that the reporting of suspicious criminal transactions to the relevant competent authorities does not constitute a breach of professional secrecy; V) Nomination of a senior manager responsible for the implementation and compliance with established measures, as well as for reporting of suspicious transactions to the COAF; VI) Adoption of rigorous procedures for establishing relationships with financial institutions, representatives or correspondent banks abroad, especially in countries, territories and places that do not adopt registration and control procedures similar to those defined by Circular 3461. These strengthened procedures also apply to establishing relationships with customers contacted via electronic means, through banking agents in the country or by any other indirect means. Financial institutions are required to pay particular attention to transactions with customers from countries that that are not compliant with the recommendations of the Financial Action Task Force (FATF). In cross-border relationships between correspondent banks and other similar relationships, banks should:
In the context of considering branches and subsidiaries of Brazilian financial institutions abroad, attention should be paid also to CPs 5, 6 and 7, where the BCB’s powers to approve or reject a bank’s proposed group structure are considered. VII) Financial institutions should also pay special attention to:
In addition, the MSU requires supervisors to verify that financial institutions have codes of conduct/ethics (MSU 4-30-10-50-06-01) which are disclosed to staff. Items II - VII of Circular 3461 are also applicable to branches and subsidiaries of Brazilian financial institutions abroad, when there is no legal impediment in the host country. The table below, presents the number of reports made by banks and banking conglomerates to COAF: COAF assesses the quality of reports on a sampling basis. Each selected report receives a grade from 1 (worst) to 6 (best). The table below shows the average grade of the selected sample per year: |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness, or reputation of the bank | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The BCB has access to information, but does not receive standard reports from the banks on suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness, or reputation of the bank. The BCB, as part of its supervisory routine, maintains frequent communication with banks, either through in-person meetings, or through conference calls. On such occasions, information on incidents deemed to affect the soundness or reputation of the bank are shared. Also, external auditors must report any incidents of fraud, as defined in Resolution 3198, to the BCB. In addition, the BCB has access to suspicious transaction reports from banks to COAF through SisPLD. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | According to the Complementary Law 105, the BCB must notify the competent authorities—COAF, Federal Prosecution Service (MPF) and Secretariat of the Federal Revenue of Brazil (RFB)—of signs of crimes against public order, as well as of evidence of irregularities or illegal administrative offenses, identified in the exercise of its supervision. Such reporting does not constitute a breach of professional secrecy, under the Complementary Law. The MSU (4-30-30-10-02) also establishes that supervision will report any crimes or abuses defined in Law 9613 to the Public Ministry/District Attorney’s Office. The table below, presents the number of notifications to the respective competent authority per year since 2015: Table 11. Notification to Competent Authorities—Banking Sector As of June 28th Table 11. Notification to Competent Authorities—Banking Sector
As of June 28th |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage, and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries, and regions, as well as to products, services, transactions, and delivery channels on an ongoing basis. The CDD management program, on a group-wide basis, has as its essential elements:
(a) a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks; (b) a customer identification, verification, and due diligence program on an ongoing basis; this encompasses verification of beneficial ownership (as necessary), understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; (c) policies and processes to monitor and recognize unusual or potentially suspicious transactions; (d) enhanced due diligence on high-risk accounts (eg escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk); (e) enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and (f) clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | As mentioned in EC2, regulation establishes the requirements for internal control systems (Resolution 2554), as well as procedures required for AML/CFT (Circular 3461). Circular 3461 establishes that financial institutions must implement AML/CFT policies, procedures and internal controls. It also states that these policies must receive wide dissemination. Policies must cover the timely registration of customer information, which allows for the identification of risks stated in Law 9613. The policies and procedures noted above are required to include explicit measures that determine customer identification, checking customer registry information, keeping customers’ files up to date, identification of the final beneficiaries of transactions, and rules for the definition of politically exposed persons (PEPs). The BCB noted that while identifying beneficial owners is one of the more difficult issues, it was perceived as less of an issue in the banking sector compared with other financial institution sectors. KYC practices in banks are considered to be good and banks are being required to work their way through old portfolios (from the 1990s for example) to carry out checks that were not required at the inception of the transaction or banking relationship. However, the target of AML/CFT inspections over the coming year will move from a focus on documents and establishment of processes within banks to deeper examinations of KYC and detection of suspicious transactions. In addition, Circular 3691 is focused on operations in the FX market, for example, requiring customer due diligence and responsibility to ensure the lawfulness of the operations (Article 18); mechanisms to prevent circumvention of identification and registration of customers (Etc) (Article 135); ensuring that customers are qualified as necessary to participate in the transaction and setting requirements for data to be held and kept updated (Article 139). Not only are information requirements set out, but Article 139 also demands that the BCB should be given immediate access to files, and at no cost. Finally, although implementation is not yet fully in place (see also CP14, for example), Resolution 4577 requires financial institutions to implement a continuous and integrated risk management framework. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include:
(a) Gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and (b) Not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The controls and policies required under Circular 3461 are heightened in respect of relationships with financial institutions, representatives or correspondents located abroad (Article I, para 4). This is particularly reinforced for countries, territories and dependencies that do not adopt registration and control procedures equivalent or similar to those defined in that circular. Banks which are headquartered abroad may hold deposit accounts in Brazilian Real (BRL), only in branches of banks licensed to operate in the FX market. Such accounts must be easy to identify and must also be registered with the BCB (Sisbacen) when the account is opened. (Circular 3691, Article 168). In order for a respondent bank to carry out international transfers in BRL on behalf of third parties, its deposit account must be registered, in accordance with the National Accounting Rules of Financial Institutions (COSIF - “4.1.1.60.30-1 - From Financial Institutions”). Such registrations are limited to accounts owned by foreign banks that maintain a steady and reciprocal correspondent relationship with the Brazilian depositary bank, or when the two institutions have a control relationship. (Circular 3691, articles 169, 177 (paragraph 1)). In respect of their cross-border relationships with correspondent banks and other similar relationships, financial institutions must: I) obtain sufficient information about the correspondent institution as to fully understand the nature of its activity and to know, based on publicly available information, the reputation of the institution and the quality of its supervision, including whether the institution has been the target of investigation or of any action by a supervisory authority, related to money laundering or terrorism financing and ensure that it’s not an institution which:
II) assess controls adopted by the correspondent institution targeting money laundering combat and terrorism financing; III) obtain approval from the senior manager responsible for the operations related to the foreign exchange market before establishing new correspondent relations; IV) document the respective responsibilities of each correspondent institution with respect to combating the money laundering and the financing of terrorism. (Circular 3691, article 170). Requirements surrounding documentary procedures and verifications when international transfers in BRL between domestic and foreign institutions that are equal to or more than than R$ 10,000.00 (BRL ten thousand), as well as requirements to ensure that legitimate documentation supporting international transfers cannot be re-used fraudulently and also to ensure requisite taxes are paid, are also addressed in Circular 3691 (Articles 173 and 174). Although regulatory requirements have been enhanced, with more documentation requirements the BCB noted no reports from banks of accounts being closed. It was observed that international banks were becoming more selective of their clients. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks have sufficient controls and systems to prevent, identify, and report potential abuses of financial services, including money laundering and the financing of terrorism. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | As noted above, Circular 3461 requires financial institutions to implement policies, procedures and internal controls in respect of AML/CFT. See EC2 for an elaboration of the required internal controls that banks have to have in place. The BCB analyses financial institutions’ systems, procedures and controls regarding AML/CFT according to standards set out in the supervisory manual (MSU 4-30-40-20-9-2; 4.30.20.30.01; 4.30.10.60) including:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The BCB has corrective and sanctioning powers. Please see also CP 11. These powers can be used in case of violations of anti-money laundering regulations (MSU 4-50-20). Depending on the specific case and considering the principles of legality, reasonableness and proportionality, the BCB may apply the following administrative instruments:
Resolution 4019 sets out the BCB’s powers in the event that there are situations that jeopardize or could jeopardize the stability and soundness of the National Financial System (SFN) or of financial institutions such as. The Resolution identifies: risk exposure incompatible with the management structures and internal controls of the institution and deficiency in internal controls and empowers the BCB, for example, to limit or suspend operations, new lines of business, acquisitions or new facilities. The BCB (MSU 4-50-40) may call the representatives of the financial institutions, and if necessary their controllers, and require them to sign a Commitment Letter to take corrective measures. With the creation of the Conduct Supervision Department (Decon) in December of 2012, sanctions applied for violations of anti-money laundering regulations were intensified and the timeframe between the detection of the breach until legal action has been decreasing. Table 12. ML Administrative Process—Fines and Ineligibility Sanctions—Banking Sector As of June 28th Table 12. ML Administrative Process—Fines and Ineligibility Sanctions—Banking Sector
As of June 28th Additionally, since the creation of the Punitive Administrative Processes Committee of the Conduct Supervision Department (COPAC) in 2015, the timeframe between the detection of breaches and legal action has been reduced. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 |
The supervisor determines that banks have:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | The BCB sets out requirements through resolutions and circulars as noted below. The requirements are, broadly, high level. Internal audit must be part of the internal controls system. (Resolution 2554) Internal audit must assess the effectiveness and efficiency of internal control systems, management of risks and corporate governance, taking into account current and potential risks. (Resolution 4588) Banks must nominate a senior manager responsible for implementation and compliance with the established measures and report of suspicious transactions to COAF. (Circular 3461) AML policies must define criteria and procedures for selection, training and monitoring of economic and financial situation of employees. (Circular 3461) The BCB’s evaluation is carried out through SRC, ACC and ICR inspections. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilize adequate management information systems to provide the banks’ Boards, management, and the dedicated officers with timely and appropriate information on such activities. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | During the ACC of each bank, the supervision assesses:
In addition, Resolution 4567 determines that banks must make available a channel of communication through which stakeholders (i.e. employees, employees, customers, users, partners or suppliers) may report suspicious transactions on any nature on an anonymous basis. These reports must be available to the BCB. For banks that are not subject to ACC, such determination rests on remote inspection processes—which include documentary evidence that the banks are required to supply. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Under Law 9613, suspicious activity reports made in good faith to COAF will not result in administrative and civil liability. Complementary Law 105 provides the communication of administrative and criminal offenses—including information on transactions involving proceeds from any criminal activity—to the competent authorities, including the COAF, does not constitute a breach of secrecy. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | Under Complementary Law 105, the BCB must notify the competent authorities in the event of signs of crimes against the public order, as well as evidence of irregularities or illegal administrative offenses which are uncovered in the exercise of its legal authority of supervisor. The BCB maintains agreements with domestic and foreign entities that enable cooperation and share of information among them. Some of the possible activities undertaken by these agreements are:
According to Complementary Law 105, the BCB may sign agreements with other supervisory authorities abroad and other central banks, in order to promote supervision of branches and subsidiaries of foreign institutions in Brazil and branches and subsidiaries of Brazilian financial institutions abroad as well as cooperation and information exchange. The BCB has signed agreements with foreign central banks and supervisory bodies, based on the BCBS’ model (“Essential elements of a statement of cooperation between banking supervisors”). The BCB currently has 25 Memorandum of Understanding (MoUs) with 29 foreign supervisory authorities, from 24 countries. The MoUs set out the conditions under which cooperation between the signatory authorities takes place, comprising in general, the exchange of information about supervisory issues of mutual interest, on-site examinations in cross-border establishments and provisions on information confidentiality. The BCB has signed MoUs with the supervisory authorities of the following countries: South Africa, Germany, Argentina, Bahamas, Cayman Islands, China, Chile, Colombia, South Korea, Spain, United States of America (OCC, FDIC, FED, OTS and Department of Financial Services), India, Indonesia, Italy, Luxembourg, Mexico, Panama, Portugal, Paraguay, Peru, the United Kingdom, Switzerland and Uruguay. Within the scope of these memoranda of understanding the BCB cooperates with other supervisory entities and answers around 100 surveys/ information requests a year. Among these requests, an average of five or six are related to AML/CFT issues. The BCB also signed technical cooperation agreements with the following Brazilian authorities: Ministry of Justice - National Consumer Secretariat (SENACON); Brazilian Federal Revenue Office (RFB); National Social Security Institute (INSS); Securities and Exchange Commission of Brazil (CVM); Superintendence of Private Insurance (SUSEP), other civil entities and associations. Further development of the MoU with the RFB is being made to widen the scope of information to include exchange of information on the beneficial owners of legal entities that are on the RFB database. The BCB does not have direct access to the RFB database. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC13 | Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC13 | The Conduct Supervision Department (Decon) was created in December 2012 in order to establish a hybrid approach: two departments dedicated to prudential supervision, banking and non-banking segments, and one for conduct supervision. AML/CFT issues as well as relationship with clients (transparency, disclosure and suitability requirements; products and services fees; credit and wage portability; ombudsman structure; and banking agents) fall to the Conduct Department. Decon has three Divisions (DSUP2, DSUP3 e DSUP4) dealing exclusively with AML/CFT supervision. Table 13. Decon—Human Resources—As of June 28th, 2017 Table 13. Decon—Human Resources—As of June 28th, 2017
Decon’s approach to supervision is outlined in EC2, with the 28 largest banks being subject to ACC (continuous supervision) by DSUP2 and all other banks subject to remote supervision by DSUP3 and DSUP4. The banks seen as most critical in terms of AML/FT risk (including SIFIs) are subject to ACC performed by DSUP2, and the less relevant institutions in terms of AML/FT risk (smaller banks and non-banking institutions) are subject to remote inspections performed by DSUP3 and DSUP4. The ACC and the remote inspections take into account information from the Financial System Monitoring Department (Desig). Table 14. Supervision Actions—Modalities of Inspection—Banking Sector As of June 28th, 2017 ICR - 5 ongoing and 18 scheduled / IDR - 1 ongoing Special Verifications - thorough inspections which used to be performed every supervisory cycle. This kind of inspection, for conduct supervision is being discontinued due to the adoption of the ACC methodology which encompasses most of the procedures of the former VEs. Table 14. Supervision Actions—Modalities of Inspection—Banking Sector
As of June 28th, 2017 ICR - 5 ongoing and 18 scheduled / IDR - 1 ongoing Special Verifications - thorough inspections which used to be performed every supervisory cycle. This kind of inspection, for conduct supervision is being discontinued due to the adoption of the ACC methodology which encompasses most of the procedures of the former VEs. Table 15. ACC and VE—Number of Inspection Letters Table 15. ACC and VE—Number of Inspection Letters
The inspection letter is a document, signed by the Head of the Division and the coordinator responsible for the inspection, used to report the findings related to the inspection to the supervised bank. Table 16. IC—Regularization Plans—Actions Proposed and Approved 8 finished, 5 as of June 28, 2017, and 18 scheduled Table 16. IC—Regularization Plans—Actions Proposed and Approved
8 finished, 5 as of June 28, 2017, and 18 scheduled Table 17. IDR—Regularization Plans—Actions Proposed and Approved As of June 28th, 2017 Table 17. IDR—Regularization Plans—Actions Proposed and Approved
As of June 28th, 2017 Decon does not issue any written report to provide information on risks of ML and the FT to the financial institutions. However, there are some special meetings with a bank or a group of banks in which Decon provides such information. For example, routine meetings within the scope of the ACC; moral suasion meetings (twice a year) with SIFIs’ senior management, in which Decon gives feedback to the banks about the quality and effectiveness of its AML/CFT controls and of ML situations which are posing risk to the financial system; and DSUP3 and DSUP4’s meetings with groups of institutions to report the main findings of the inspections. By the end of 2017, BCB’ Supervision area will release a guidance to banks and banking groups, which will include the disclosure of information about AML/CFT on the BCB’s website. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 29 | Largely Compliant | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has introduced changes and enhancements in its oversight of AML/CFT since the last FSAP. Among these changes, the “twin peaks” approach has facilitated the BCB in ensuring that prudential and conduct supervision (DESUP and DECON) are able to coordinate and provide an integrated view of a financial institution. In addition to enhancing processes and procedures, staffing levels for AML/CFT were increased. Guidance for supervisors on AML/CFT will shortly be published as part of the refreshing and enhancement of the SRC process. The BCB approach to conduct supervision is to subject the most “relevant” banks to “continuous” supervision with the remainder being subject to oversight primarily through remote processes and procedures. This approach was developed largely in response to deficiencies identified by the FATF with respect to non-banking institutions and has been seen as suitable for the treatment of the smaller and less risky. The BCB is responsible for administrative enforcement of the regulatory framework for financial institutions, with the Federal Prosecution Service being responsible for criminal prosecution. Since the creation of the Punitive Administrative Processes Committee (COPAC) in 2015, the BCB has been able to focus more on progressing cases which require sanctioning and the time taken between detection of fault and issuance of a subpoena has reduced. There is scope for further improvement, however, as the BCB is aware. The BCB also indicated that their first cycle of inspections, using the revised approach for the banks under continuous supervision, had focused primarily on adequacy of documentation and processes. The next cycle will probe more deeply into the effectiveness of KYC and the monitoring, analysis, selection and report procedures and tools used by the banks. Other areas that require attention include reporting requirements to the BCB and greater focus on supplementing the remote procedures for the banks that are not subjected to ACC. Because the BCB differentiates between banks subject to ACC and those subject to the remote inspection procedures, it-is the BCB cannot fully determine a number of the elements demanded by this CP in respect of banks subject only to remote procedures. For example, although the standard of policies and documented processes can be considered through a remote process, it is not possible to determine whether the processes are put into effect and whether the systems and controls environment is appropriate. The BCB needs to implement measures, such as additional inspections—even if on a random, sampling basis—to resist the possibility that smaller banks will be soft targets for abuse. It is also recommended that the authorities in Brazil ensure that the BCB has access to the database of the Brazilian Federal Revenue Office to cross check and confirm information on beneficial owners. After the assessment mission, the BCB confirmed that access had recently been obtained and depended only on operational arrangements, which must therefore be concluded quickly. In terms of remedial actions in the field of AML/CFT the BCB is focused on improving the timeliness of action and improvement can already be seen. The assessors agree that taking care over due process is important but with respect to AML/CFT contraventions, follow up action should not take months to launch. Overall slow processes may run the risk of non-domestic authorities (for example, the US) acting first, which would be to the detriment of the BCB and Brazilian authorities. This aspect of supervision is discussed here, but is graded in CP11 which relates to corrective actions. Changes made by the BCB include, for example, the creation of the COPAC. Nonetheless, while the lapse of time between detection and issuance of subpoena has been reducing, there is more progress to be made. The BCB has already indicated that it is in the process of shortening some of its intervention procedures which will be helpful. For example, financial institutions will in future be required to undertake remedial actions without first having to have the BCB approve their plan. The BCB also indicated that use moral suasion on banks formed one part of its approach. It was clear that the BCB places priority is placed on ensuring a more continuous contact with the major institutions and communicating the message that compliance with rules is not enough. Close contact and discipline through moral suasion are valuable components in a supervisory relationship, but in the field of AML/CFT the BCB is advised to consider a more disciplinarian approach. For example, a move towards automatic fines, or more rapid escalation processes to severe measures (suspension of business activity or loss of authorization), could communicate that there is no tolerance for failures that could lead the institution, or the financial system more widely, open to abuse. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 14 | Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,17 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor establish the responsibilities of a bank’s Board an d senior management with respect to corporate governance to ensure there is effective control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Corporate Law (Law 6404) establishes general requirements for the composition and overall responsibilities of the board of directors, which include but are not limited to steering the corporations’ general business. However, some corporate governance requirements differ between financial institutions that are listed and those that are in private ownership. Only a listed company is required to have a board of directors (conselho de administracao). A non-listed company is required to have senior (executive) management (presidente and directores). In the latter case, the duties of the board fall upon the senior management. Audit Committees and Remuneration Committees are required for some financial companies based on criteria of systemic relevance and proportionality. Not all listed financial companies are required to establish the committees and, conversely, an unlisted financial institution that meets the criteria will be required to establish the committees. Nominations Committees are not required but the BCB requires banks to consider succession planning (implement and maintain a policy) and some banks have such committees (notably the systemic banks). A number of resolutions further specify corporate governance requirements. Resolution 4122 which sets out licensing conditions, which also apply at any point of change of control and apply to all banks (listed or otherwise) also establishes the conditions for membership of the statutory or contractual bodies of these entities. Among the licensing requirements is the submission of an operational plan detailing the shareholding structure, the control group, and corporate governance standards, among other items. Boards of directors and senior management are responsible for implementing an effective internal control framework encompassing all business levels of the financial institution, including their objectives and procedures. Internal controls must be consistent with the nature, complexity, and risk of operations conducted, encompassing all financial institutions’ businesses. An annual report to the board on the performance of the internal control framework must cover activities such as examinations’ conclusions, framework deficiencies and corrective measures. (Resolution 2,554) Board of directors must approve and review risk management policies at least annually. Reports allowing the identification and correction of deficiencies in control and management of risks have to be prepared at least annually and submitted to the board for approval and direction. (Resolution 4557) Furthermore, for all banks, a Chief Risk Officer (CRO) must be appointed and key elements for the risk management structure, including a risk management unit independent from the business units and from the internal audit function, and a board-level risk committee, are set out. FIs must establish appropriate conditions for the CRO to exercise its assignment independently and to report directly to the board of directors, the risk committee, and the Chief Executive Officer (CEO). The board must approve the appointment and dismissal of the CRO, and the dismissal of a CRO must be disclosed in a timely manner. (Resolution 4557) It may be noted that although Risk Committees are, or will be, required for banks in segments 1 to 3, banks in segments 4 and 5 are exemd. Banks in segment 3 are also exempted from certain restrictions in terms of eligible persons to sit on the Risk Committee. (Resolution 4557, Article 59 et seq. As noted elsewhere, Resolution 4557 came into force for S1 banks in August 2017 but will only enter into force for the remaining banks in February 2018, permitting the lower segments to have a full year, rather than 6 months to comply). The corporate governance framework for state-owned entities, including FIs, whether wholly or partially owned, is set out in Law 13,303 dating from 2016. It establishes, among other things, overall responsibilities of the board, senior management and audit committee. By end 2017, BCB intended to release Guidance of Supervision Practices (GPS) to further inform banks and banking groups of its expectations for sound corporate governance practices regarding the role of a bank’s board, senior management and board committees, risk governance and the role of control functions. The Guidance was published in March 2018. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | In the monitoring process, the BCB Supervision assesses all regulatory aspects as well as those aspects defined as best practices are assessed. The BCB’s assessment of corporate governance and of internal controls is through a combination of supervisory techniques, including risk and control assessment via the Risks and Controls Evaluation System (SRC) and specific inspections (Special Examinations/ Verifications - VEs). The resolution on consolidated supervision (Resolution 4090) confirms the BCB’s right of access to all information and persons within an FI and the BCB holds frequent meetings with the board of directors, senior management, audit committee, remuneration committee, internal audit, CRO. There is a frequency specified for such meetings depending on the supervisory cycle of the institution. For example, an S1 bank will have 2 meetings of the audit committee, one meeting of the risk committee and one meeting with the Chairman of the bank, on his own, with the BCB. For a bank on a longer supervisory cycle such meetings are also mandatory but the frequency is lower. SRC: Inspired by the BCBS’ Corporate Governance Principles for Banks (2015), the BCB refreshed the corporate governance module, within Risk and Controls Analysis (ARC), to include board-related issues such as composition recruitment and qualification of members; organization and evaluation, overall responsibilities. Other elements included in the evaluation are: corporate culture and values; risk appetite; conflicts of interest; disclosure and transparency; group structure; advisory committees to the board; senior management; risk governance; compliance function; audit function and remuneration structure. The assessment of corporate governance, through the SRC, has a significant weight in the overall internal grading of banks or banking groups. VE (special examinations) - Corporate Governance: The specific inspections, also inspired by Corporate Governance Principles for Banks (BCBS, 2015), are carried out to verify components of the corporate governance structure. Special Verifications of Market, Credit, Operational and Liquidity Risks, also consider aspects of risk governance are also assessed. Risk governance mechanisms are also considered in the context of the supervisory review of the Internal Capital Adequacy Assessment Process (ICAAP) (now Resolution 4557, but formerly Resolution 3988) At the end of its inspections, BCB formally notifies a financial institution on the results and findings, and requires the correction of the issues that have been identified. As discussed in CP11, the BCB has requisite enforcement powers in relation to legal and regulatory provisions stemming from the Banking Law (Law 4,595). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Corporate Law (Law 6404) establishes that corporations’ board of directors must have at least three members and that membership of senior management executives is limited to one third of board positions. Law 13,303 of 2016, which sets a corporate governance framework for state-owned organizations, establishes that these companies board of directors should have between seven and eleven members of whom at least 25 percent are independent. Competence Resolution 4122 establishes the licensing requirements for financial institutions and establishes the requisites for board and senior management membership. Appointment to a managerial position is based on an assessment of technical capacity and unsullied reputation. The BCB’s assessment of adequacy is based on a statement submitted by the institution and on the candidate’s résumé and takes into consideration, previous positions held, the size and nature of the previous employers, and (as appropriate) the amount and type of funds managed or under the responsibility of the appointed person. Succession Policy Banks are required to develop and maintain a succession policy for senior executives and board member that is commensurate with the nature, complexity, structure, risk profile and business model of the FI. Succession policy is a Board responsibility and must cover recruitment, promotion, selection and retention of executives. Board Structures (a) Audit The provision of external audit services and the constitution of an audit committee are governed by Resolution 3198. Banks above a size threshold, systemic relevance and other criteria are required to establish an audit committee (Article 10: banks with equity equal to or greater than 1bn reais; or with deposits and asset management equal to or greater than 5bn reais), which must report to the board of directors. The audit committee of publicly traded financial institutions or state-owned closed institutions must be composed only by non-executive members. At least one member of the audit committee must have a proven background in accounting and auditing. (b) Risk A risk committee with direct access to the Board and composed of at least three members, the majority of whom should be independent, is required by Resolution 4,557. The risk committee must be chaired by an independent member, who is not or has not been in the past 6 months the chairperson of the board or of a board auxiliary committee. Also, the risk committee must coordinate its activities with the audit committee to facilitate information exchange and adjustments to the risk governance structure. Committee members must be experienced and qualified. Please also note EC1 for details on some differences in requirements between segments of banks. (c) Remuneration A remuneration committee is required under Resolution 3921 for a publicly traded FI or one required to constitute an audit committee. As with the Risk Committee, the committee must be accountable to the board and be composed of three members, at least, one of which not in management. Committee members must be experienced and qualified. In both the SRC and the VE analysis, BCB assesses the criteria for board membership, succession plans and board and senior management performance. During the SRC, the BCB also assesses execution of the financial institution’s business strategy. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.18 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC 4 | Corporate Law (Law 6404) establishes that the board of directors and senior management must perform their duties with loyalty and diligence. In terms of suitability of qualification, please see also EC3 above. Inspections directed at corporate governance (SRC and VEs) evaluate ethics rules and standards of conduct contained in regulations. Besides that, BCB assesses qualification and suitability of board members, their effectiveness and their exercise of the “duty of care” and the “duty of loyalty”. All new board members or members of the senior management are assessed by the BCB (licensing department) for fit and proper suitability. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite and strategy, and related policies; establishes and communicates corporate culture and values (eg through a code of conduct), and establishes conflicts of interest policies and a strong control environment. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The Boards’ competences, under the Corporate Law (Law 6404) include the obligations to: set the general orientation of the company’s business; elect, dismiss determine the attributions, and oversee the senior management; examine, at any time, the books and papers of the company and request information on contracts entered into or in the process of execution, and any other acts. The Board has responsibilities for risk management and capital management under Resolution 4557 including: (i) establishing the risk appetite of the FI in the Risk Appetite Statement (RAS) and revising them, with the assistance of the risk committee, the board of directors, and the CRO; (ii) approving and reviewing policies, strategies and risk management limits; capital management policies and strategies; the stress testing program; policies for business continuity management; the liquidity contingency plan; the capital plan; the capital contingency plan. Conflict of interest is partly addressed by the Corporate Law (Law 6,404) which requires Board members or senior management, when facing any conflict of interest, should abstain from voting and that this should be clearly recorded in the minutes of the Board or senior management meetings. Furthermore, Resolution 2554 states that internal controls include the segregation of the duties to prevent conflicts of interest and to minimize and properly monitor areas of potential conflicts of interest that are identified. The resolution also establishes senior management responsibility for the promotion of ethical standards and integrity and of an organizational culture that reinforces the importance of internal controls and the role of employees in this. Circular 3467 requires an evaluation report on the quality and adequacy of the internal control systems and determines that “the description of aspects related to the control environment should address the financial institution’s control culture, including, among others, the commitment to ethics and integrity, including but not limited to establishing a code of ethics and disclosure within the organization.” The description of a financial institution’s risk appetite in line with their strategic objectives is required as part of the ICAAP process (Resolution 4557 - formerly in Resolution 3988), and must be approved by the board of directors (Circular 3547). The SRC analyzes the quality of the strategic planning process of a financial institution. This analysis also includes a verification of the processes and procedures for the implementation of strategic plans and the controls established for their adequate implementation. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The Board is responsible for selecting and dismissing company’s executives, for overseeing senior management’s performance and for defining the strategic objectives of the company under the terms of the Corporate Law (Law 6,404). In addition, Law 4595 (Banking Law) empowers the BCB to establish conditions for the exercise of any executive positions in private financial institutions, as well as for the exercise of any functions in bodies such as the Fiscal Council. Technical capacity and behavioural attributes for executive positions in financial institutions are set out in Resolution 4122. Succession planning and implementation is addressed by Resolution 4,538 which establishes Board responsibility including the criteria used in the recruitment and selection process of senior management. The SRC review and the VE on corporate governance assess the standards in senior management selection, plans for succession and senior management’s performance. The SRC also evaluates the execution of strategic plans. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Remuneration policy is addressed by Resolution 3921 which requires executive remuneration to be commensurate with the Fl’s risk policy, formulated to discourage strategies that would lead to imprudent risk exposure whether over the short or long term. This resolution also determines the constitution of a compensation committee which reports to the Board and which is responsible for proposing the remuneration policy. The remuneration policy is applicable only to Board members and executive officers and must be reviewed yearly by the board. Compensation standards established by Resolution 3,921 include: (i) performance-based compensation at individual, business-unit and firm-wide level, except for directors, whose compensation should be performance-based; (ii) deferral of at least 40% of the variable compensation; (iii) minimum deferral period of three years; (iv) at least 50% of variable compensation in shares or share-linked instruments; and (v) malus clauses. In defining their compensation policy, financial institutions must take into account issues such as the overall compensation amount and its allocation, the current and the potential risks, the overall financial results of the institution, the ability to generate cash flows, the economic environment and financial sustainability in the long term. SRC and VEs on Corporate Governance assess compensation issues. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g. special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Under Resolution 4,557 risk management policies and strategies must be approved and revised annually by the board. Annual performance reports on the risk management structure that allow for identification and timely correction of deficiencies must be submitted to the board. Resolution 4,557 also establishes that the board of directors and the senior management must have a comprehensive and integrated understanding of the risks of the financial institution that may affect capital, including possible impacts on prudential conglomerate’s capital coming from the risks associated with other companies of the prudential conglomerate. Financial institutions must be able to identify, assess, monitor and control risks associated to each institution individually and to the prudential conglomerate, as well as to identify and monitor risks associated with other companies controlled by members of the prudential conglomerate. Financial institutions belonging to a financial or prudential conglomerate must prepare their financial statements on a consolidated basis. For regulatory purposes, the financial statements of a prudential conglomerate must include mutual funds of which it retains substantial risks and benefits, as well as securitization entities and other non-financial institutions over which it has a direct or indirect control, thus bringing the shadow banking system into the scope of consolidation of financial statements under BCB supervision, including capital requirements. Special purpose entities are included in the consolidated statements of the prudential conglomerate in the cases where they operate in the activities listed in Resolution 4280and are directly or indirectly controlled by the parent institution. Additionally, the BCB supervision can determine their inclusion or exclusion in a prudential conglomerate, to avoid distortions on the representation of the equity of the group. The SRC and the VE (targeted inspections) on Corporate Governance the BCB seeks to assess the role of board and senior management in relation to group structure issues, particularly in respect of risks that may arise from complex structures. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Penalties under the Banking Law (Law 4,595) that are applicable to managers of FIs, include the temporary prohibition from occupying a management position in an FI. Once administrative proceedings have been initiated against an FI, its executives, members of its board, its internal or external auditors, the BCB can require the removal of the Fl’s senior management and board of directors, (Law 9,447). Such persons may also be precluded from assuming any management position in financial institutions or act as agents or representatives of members of their board of directors. Under Resolution 4122 the BCB may deny managerial appointments in FIs on the grounds of circumstances that may affect the reputation of the managers, the control group members, the holders of qualified participation, or due to falsehood in the application documents. The BCB may review its decision to approve a director or a senior executive of a financial institution at any time, if pre-existing or post-appointment circumstances are confirmed that could affect the reputation of those elected or appointed to statutory or contractual positions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Obligations under Resolution 3198 provide that the external auditor and the audit committee, when installed, must, individually or collectively, communicate formally to the BCB, within three working days of identifying the existence or evidence of error or fraud represented by: i) failure to comply with laws and regulations, which jeopardize the continuity of the audited entity; ii) fraud, of any amount, perpetrated by the management of the financial institution; iii) material fraud perpetrated by employees or third parties; iv) errors that result in material inaccuracies in the financial statements of the financial institution. Further, any institution licensed by BCB must provide notification of any information that could negatively affect the reputation of its controllers, board members or senior management members within 10 business days (Resolution 4567). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 14 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has a long track record of taking account of governance practices in its supervisory approach and has recently reoriented its supervisory approach (SRC and targeted on-site inspections) to reflect further the weight it places on sound corporate governance within financial institutions. Analytical internal documents in the BCB and discussions with banks were consistent with the emphasis that the BCB places on corporate governance. The BCB’s attitude and work that it has undertaken to date in the field of corporate governance is completely commendable. The corporate governance work is, however, still in progress. Some important components are not yet in place, notably including the fact that the critical Resolution on risk management and governance (Resolution 4557) has only been in force for 6 months for the systemic banks and is not yet in force (until February 2018) for the rest of the banking sector. Moreover, the BCB had, at the time of the assessment, not yet completed and published its guidance on the assessment of corporate governance, although this is targeted for release by end 2017. A full supervisory cycle reflecting the corporate governance assessment under the new regulations had not yet taken place even for the systemic banks. As noted above, the BCB published guidance on corporate governance in March 2018. Nevertheless, and notwithstanding the principle of proportionality, the BCB should ensure that even unlisted banks have a board of directors. In exchanges with the BCB, the assessors understand that the BCB considers that a requirement for Boards of directors to be instituted in all banks may be excessively burdensome to many of non-listed companies, which are small sized institutions. In other words that the financial burden on small sized institutions does not seem justifiable for the risks they represent. There are very few jurisdictions where failures in small banks have not been directly attributable or strongly associated with corporate governance failings. While an evolved committee structure (audit, remuneration, risk, etc) is not required for very small institutions, board oversight to provide checks and balances on management is a basic safeguard. There are a number of ECs that cannot, by definition, be fully met if there is no Board in place in a bank—such as EC6, which seeks to confirm that management functions under Board oversight. While the number and scale of activity of non-listed banks that do not, of their own volition, have a corporate governance structure is also small, it is a deficiency to be addressed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 15 | Risk management process. The supervisor determines that banks19 have a comprehensive risk management process (including effective Board and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate20 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.21 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 |
The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Regulations on risk management include requirements for the implementation of a continuous and integrated risk management structure (Resolution CMN 4,557 of 2017). These requirements are effective from August 2017 for institutions allocated to Segment 1 (S1), and will become effective from February 2018 for institutions allocated to Segments 2 to 5 (S2, S3, S4 and S5). The structure must
The criteria established for inclusion of banks in the five segments are summarized in Table 1 below: Table 1. Criteria for Segmentation of Banks Table 1. Criteria for Segmentation of Banks
Table 1. Criteria for Segmentation of Banks
Financial institutions are required to identify, measure, evaluate, monitor, report, control and mitigate risks. The risk management framework must also be integrated across risks, allowing for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of adverse effects arising from interactions between them. (Art.6, CMN 4557 of 2017). The other requirements of the risk management framework include risk management policies, systems, procedures and routines; establishment of risk limits, and management of risk exposures within limits that are consistent with the risk appetite statement (RAS); processes for tracking and timely reporting of exceptions to the risk management policies, limits and levels of risk appetite set in the RAS; periodic assessment of the adequacy of risk management systems, routines and procedures; need for clear documentation of roles and responsibilities for risk management; stress testing; continuous evaluation of the effectiveness of the risk mitigation strategies; policies and strategies for business continuity management; timely reporting to the senior management, the risk committee and the board are also laid down in regulations (Art.7, CMN 4557 of 2017). Resolution CMN 4,557 requires the implementation of a structure for risk management that covers operational risk, market risk, interest rate risk in the banking book, credit risk, liquidity risk, socio-environmental risk and other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). According to Resolution CMN 4,557, the board’s responsibilities include defining and revising, jointly with the risk committee, the senior management and the Chief Risk Officer (CRO), the risk appetite levels expressed in the institution’s Risk Appetite Statement (RAS). The board’s responsibilities also include:
Prior to Res. CMN 4557, the regulatory framework for risk management was articulated by a set of regulations that were developed to require banks to establish risk management structures for identifying, measuring, monitoring and managing individual risks like credit, market, liquidity, operational risks. This set of regulations dealing with individual risks lays down the regulatory requirements for banks in S2 to S5. With the maturity of the risk management structures and practices in banks, the development of the skills in the banks and in the BCB, through CMN 4557, BCB is requiring the banking system to embrace integrated risk management systems. The set of regulations on management of market risk, credit risk, operational risk and liquidity risk that are in operation for the institutions in S2 to S5, prescribe the adoption of policies and strategies, that were required to be documented, and establish operational limits and procedures consistent with levels of risk deemed acceptable by the institution. Regulations require that risk management policies and strategies must be approved and reviewed, at a minimum on a yearly basis, by senior management and the board, and that the director responsible for managing risks must not perform activities that may give rise to a conflict of interest. Former regulation on operational risk management already prescribed the dissemination of the risk policy to all levels of personnel. The Risks and Controls Assessment (SRC) conducted by the Banking Supervision Department (Desup) evaluates ten types of risk and their associated controls, through a qualitative approach: credit, market, liquidity, contagion, operational, reputational, strategic, information technology (IT), money laundering and consumer relationship. Corporate governance issues are evaluated in relation to each of the mentioned risks, including risk appetite definitions and the risk management framework. A new ARC (a report where SRC’s analysis are formalized, similar to a working paper) on corporate governance is being implemented, adding a broader and updated view of this subject. This ARC will represent 30 percent of the qualitative score accorded, the other 70 percent being a weighted average of the assessment of the ten mentioned risks. The SRC handbook establishes that the analysis of each risk type is conducted according to the size of an institution and the complexity of its operations. This manual requires the supervisory team to evaluate whether the bank has a sound risk management framework in place, whether policies and strategies are approved by the board, whether senior management has implemented adequate tools to monitor and control risk’s exposure vis-à-vis its appetite as defined by the board, etc. Moreover, according to each bank’s supervision cycle (MSU 3.10.40) which is currently defined taking its previous SRC’s overall score (quantitative and qualitative evaluations) along with its systemic relevance, focused examinations on specific themes may also be performed. The decision on whether one or more examinations are needed is made by each supervision team on a regular basis supported by their knowledge of the bank’s main weaknesses and strategic choices, as well as qualitative and quantitative inputs by Desup’s specialized teams. Those focused examinations (mainly Special Verifications - VEs, as defined in Supervision Manual - MSU) are designed to provide a deeper and more detailed view of a specific theme. Examples of VEs are: credit risk (MSU 4.30.10.50.01.01), market risk (MSU 4.30.10.50.02.03), liquidity risk (MSU 4.30.10.50.02.02), IRRBB (MSU 4.30.10.50.02.07), treasury operations (MSU 4.30.10.50.02.01), corporate governance (MSU 4.30.10.50.06.01), operational risk (MSU 4.30.10.50.11), contingencies - legal claims (MSU 4.30.10.50.07.01), review of IT environment (MSU 4.30.10.50.18), review of IT systems (MSU 4.30.10.50.19), data integrity (MSU 4.30.10.50.32), AML procedures and structure (MSU 4.30.10.50.08.02). The scope of VEs include whether senior management and the board have formally set formal strategies and policies, if appropriate limits are established and consistent with the bank’s risk profile and if they are properly monitored and communicated. It is also important to say that the conclusions of examinations are incorporated to the SRC assessment. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 |
The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1. Resolution CMN 4557 establishes requirements for the implementation of a continuous and integrated risk management structure. These requirements are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. A synopsis of these requirements is presented below:
The risk management structure must allow for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of credit risk, market risk, and IRRBB, when they are deemed material by the institution. The same applies to other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). The risk management structure must allow for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of operational risk, liquidity risk and socio-environmental risk, regardless of materiality. The risk management must be integrated across risks, allowing for the identification, measurement, evaluation, monitoring, reporting, control and mitigation of adverse effects arising from interactions between them. For institutions in S2 to S5, as mentioned in the description under EC1, the regulatory requirement for risk management is articulated in a set of regulations that addresses individual risks. A summary of this set of regulations is presented below:
During the supervision cycle, the supervision team evaluates the ten risks mentioned in EC1 on an ongoing basis, as well as quantitative indicators (capital strength, liquidity and results - P&L). The quantitative evaluation considers the macroeconomic environment and its connection to the performance of those three indicators, as well as the qualitative side. The qualitative analysis on the ten risks take into consideration the policies and processes to identify, measure, evaluate, monitor, report, control and mitigate. This can be done through a variety of tools, including regular meetings with the bank’s staff, evaluation of the bank’s managerial reports sent to senior management (also sent to Desup when required by the supervision team), analysis of high level committees’ meeting records, reports and alerts from BCB’s Financial System Monitoring Department (Desig), meetings with other regulators and supervisors, etc. All these procedures provide the supervision team with a comprehensive view of the risk management framework, which is commensurate with the bank’s size, complexity and risk profile. When the supervision cycle comes to a close, the supervision team presents the SRC to a committee at BCB (Risks and Controls Assessment Committee - Corec). Larger and more complex banks are submitted to shorter supervision cycles and endure deeper analysis (all ARCs are evaluated on this cluster of institutions, which may not be case for smaller and simpler banks). On Corecs, the committee members have a broad and comprehensive view of all material risks, in a bank-wide perspective (including non-financial companies connected to the assessed financial firm). This view is considered when the committee approves or proposes a new qualitative or overall score. For more detailed supervisory procedures, please see EC1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that risk management strategies, policies, processes and limits are:
The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorization by, the appropriate level of management and the bank’s Board where necessary. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | According to Resolution CMN 4,557 of 20/17, the risk management structure must comprise clearly documented policies and strategies for risk management, establishing limits and procedures designed to maintain the exposures to risks at levels consistent with the ones set in the RAS. Regulation also requires effective processes for tracking and timely reporting exceptions to the risk management policies, limits and levels of risk appetite set in the RAS. The risk management policies must prescribe necessary authorizations, as well as timely and appropriate actions to be taken by senior management and, when necessary, the board, in case of exceptions to policies, procedures, limits and RAS stipulations. The following information must be disseminated to all levels of the institution’s personnel and to the relevant providers of outsourced services, in a language and a degree of information commensurate with their assignment:
The board’s responsibilities include approving and revising, at least annually, the risk management policies and strategies, establishing limits and procedures designed to maintain the exposures to risks at levels consistent with the ones set in the RAS. Resolution CMN 3,380 of 2006, Resolution CMN 3,464 of 2007, Resolution CMN 3,721 of 2009 and Resolution CMN 4,090 of 2012 already prescribed that policies and strategies for risk management must be clearly documented, establishing operational limits, mechanisms for risk mitigation, and procedures aimed at maintaining exposure to risk within levels deemed acceptable by the institution. Resolution CMN 3,721 of 2009 already prescribed the adoption of practices to ensure that exceptions to the risk policy, to procedures, and to limits were appropriately informed in the periodic reports to senior management. Supervision teams evaluate the following aspects, in order to ensure that the bank adopts appropriate strategies for risk management: if the bank has established formal strategies/policies for risk management duly approved by the senior management and the board; the clarity and quality of documents; the alignment of these strategies and policies with the bank’s objectives and goals for its risk management; the degree of communication of those documents within the institution. SRC ARCs state that policies, limits and procedures should be assessed on each bank’s supervision cycle, according to its size, complexity and risk profile. When performing VEs, the supervision team verifies high level committees’ records (including board meetings) in order to check what was considered when approving or reviewing policies and strategies. Exceptions to limits are also verified by Desup, especially regarding whether risk governance procedures were observed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | According to Resolution 4,557 of 2017, the risk management structure for S1 institutions must provide for timely reports for the senior management, the risk committee and the board on:
Reporting provided by the information systems must:
The board, the risk committee, the CRO and the senior management must comprehensively understand the risks that may affect the institution’s capital and liquidity, as well as the limitations of the available information on risk and capital management. They must also understand the limitations and uncertainties related to the risk evaluation, to the models, even when developed by third parties, and to the methodologies used in risk management. For institutions in S2 to S5, Resolution CMN 3,380 of 2006 prescribes the submission of reports to senior management and the board, at least on a yearly basis, allowing the identification and timely correction of deficiencies in control and management of operational risk. Senior management and the board must expressly approve actions for a timely correction of deficiencies identified. Resolution CMN 3,721 of 2009 prescribes that the structure for credit risk management must stipulate adequate levels of regulatory capital and provisioning that are compatible with credit risk incurred by the institution. Policies and strategies for credit risk management must be approved and revised, at least annually, by senior management and the board, considering the periodic reports on the performance of the managing structure. Especially on VEs, Supervision teams evaluate reports received by the bank’s board and senior management and analyse if they present an adequate level of information, considering the risk appetite defined in policies, clarity, level of data aggregation, size, complexity and risk profile. In addition, Desup’s specialized teams run a horizontal examination that checks a sample of banks’ policies on pricing procedures, including whether the board and senior management are aware of the implied limitations. In the VE on corporate governance requirements (MSU 4.30.10.50.06.01), the supervision team assess the level of understanding of senior management and the nature of the bank’s risk level and its inter-relationship with capital and liquidity levels. Furthermore, it evaluates the understanding and the knowledge of senior management on information systems. The quality of the information produced by the bank is also verified, with special attention to that forwarded to the board and senior management. On SRC, the ARC routine on strategic risk control prescribes an evaluation by the supervision team on the degree of attention by the bank’s board and senior management to internal controls, compliance and risk management matters. The ARC routine on corporate governance, add more precision to this evaluation, comprising the understanding of risk management uncertainties. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | According to Resolution CMN 4,557 of 2017, the risk management structure must prescribe policies, strategies and procedures ensuring the identification, measurement, evaluation, monitoring, reporting, control and mitigation of liquidity risk in different time horizons, including intraday, under normal circumstances and in periods of stress, comprising a daily assessment of operations with a maturity lesser than 90 (ninety) days. Polices, strategies and procedures must also ensure a funding profile that is adequate to the liquidity risk arising from assets and off-balance sheet exposures. The capital management framework must comprise a capital adequacy assessment, considering adequate levels of total Regulatory Capital (PR), Tier 1 and CET1 commensurate with the risks incurred by the institution. For the purposes of risk management and capital management, the board’s responsibilities include assuring that capital and liquidity levels are adequate and sufficient. Resolution CMN 3,988 of 2011 already prescribed the establishment of a capital management structure commensurate with the nature of operations conducted, the complexity of products and services and the level of exposure to risks. The structure must be able to identify and assess relevant risks incurred, including those risks not covered by capital requirements. Such structure must establish policies and strategies clearly documented that adopt mechanisms and procedures aimed at allocating an amount of capital compatible with risks incurred. A capital plan for a minimum three-year horizon was already required, as well as periodic reports to senior management and the board on the adequacy of capital allocated. Resolution CMN 4,090 of 2012 already prescribed the establishment of a liquidity risk management structure commensurate with the nature of operations conducted, the complexity of products and services and the level of exposure to such risk. The structure must be able to identify, assess, monitor and control the exposure to liquidity risk in different time horizons, including the intraday one. Operations with maturity below 90 days must be assessed on a minimum daily basis. Liquidity risk management must consider all financial exposures, including contingent and unexpected ones. The processes for risk identification, assessment, monitoring and control must be revised annually, at minimum. A liquidity contingency plan must be in place establishing responsibilities and procedures for liquidity stress scenarios. Policies and strategies, as well as the liquidity contingency plan, must be approved and revised at least annually by senior management and the board. Resolution CMN 2,554 of 1998 determines that the internal controls must provide for the definition of responsibilities within the institution and the segregation of activities in order to avoid conflicts of interest, as well as to minimize and monitor areas of potential conflicts. The risk management activities must be conducted by a specific unit, segregated from the business unit and from the unit responsible for the execution of the internal auditing activity. In the SRC model, the bank’s process of assessing its capital adequacy is mainly evaluated at the ARC routine on strategic risk control. The supervision team analyses policies and strategies for capital management, capital planning for the next three years, capital contingency plans, commensurate with size, complexity and risk profile of the institution. Items evaluated include: risk appetite defined as a minimum capital required; aimed composition; tools to regularly and timely monitor capital adequacy; adequacy of capital planning regarding economic environment, alignment with strategic objectives, dividends policies; feasibility of capital sources on contingency plans, etc. Liquidity needs are evaluated both on quantitative (inherent risk) and qualitative (risk control) approaches of SRC. For larger banks (total assets above or equal to R$100 billion), an annual ICAAP report is mandatory. Such documents are regularly reviewed by each bank’s supervision team with the support of specialized teams (e.g. credit, operational, IRRBB, market, quantitative assessment, capital). The supervision team’s conclusions on Internal capital adequacy assessment process (ICAAP) reports are also reflected on SRC in specific items of the ARC routine on strategic risk control. For these banks, the additional assessment includes: clarity, aggregation and understating of risk appetite statement (RAS); risk limits and metrics; responsibilities; material risks identification; feasibility of baseline and stress scenarios; impact of new regulatory requirements, etc. Moreover, supervision teams also evaluate the internal process of capital adequacy for banks required to prepare an ICAAP report. Differences between internally calculated capital figures and the ones using standardized models are expected to be monitored and explained by the bank’s management. The governance of the process is included on the SRC scope, concerning the roles of the board and senior management, internal audit and validation. According to Brazilian rules, liquidity, strategic and reputational risks should be assessed, even in the absence of capital impacts. In implementing a VE on corporate governance (MSU 4.30.10.50.06.01), the supervision team must assess the level of understanding of the board and senior management on the risks taken, as well as on the nature of the bank’s risk level and its inter-relationship with capital and liquidity levels. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
Where banks use models to measure components of risk, the supervisor determines that:
The supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | According to Resolution CMN 4,557 of 2017, risk management models, when relevant, must be subject to a periodic evaluation of the adequacy and robustness of assumptions and methodologies and their performance, including backtesting when applicable. The evaluation must not be performed by the unit responsible for the development of the models or by a risk-taking unit, according to segmentation criteria. The Board, the risk committee, the CRO and the senior management must comprehensively understand the limitations of the available information on risk and capital management. These instances must also understand the limitations and uncertainties related to the risk evaluation, to the models, even when developed by third parties, and to the methodologies used in risk management. Regulations have established requisites and procedures for internal models that assess market risk, credit risk and operational risk for regulatory purposes. The banks’ requests for using the internal models are required to be subjected to rigorous testing and approval processes before banks are allowed to use the internal models for regulatory purposes. Supervisors use similar approaches during their on-site visits while reviewing the banks’ internal models that are used for internal risk management purposes. Furthermore, supervision teams constantly monitor the output of the approved models and check whether reasonable figures are resulting. Information is conveyed either by an official standardized document named DLO (operational limits document) on a monthly basis to the BCB or through a request by the supervision team of managerial reports. The conclusion on the models used and their output is expressed through the corresponding ARC routine on risks and controls. On model approval examinations, the roles of the board and the senior management are evaluated, including their knowledge of limitations and uncertainties. Three years after approval, all models must be again submitted to an independent validation process. Supervision teams evaluate this revalidation process when it is concluded. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | According to Resolution CMN 4,557 of 2017, the risk management structure must comprise risk management systems, including information systems deemed adequate, both under normal circumstances and in periods of stress, to assess, measure and report on the size, composition and quality of the institution’s risk exposures. Reporting provided by the information systems must reflect the institution’s risk profile and liquidity needs and be provided, on a timely basis and in a suitable form, to the board and senior management. The reporting must also note any deficiencies or limitations in risk estimation and in the assumptions of quantitative models and scenarios. The supervisory process assesses how information on corporate risks must be captured and reported to the board and senior management on a regular and timely basis. Management reports are expected to provide a comprehensive view (on a solo and consolidated basis) of the bank’s risk profile and allow the identification, prevention and timely correction of risk control and management deficiencies During specific examinations (VEs), supervision teams assess the clarity, quality, timing and regularity of reports of the risks taken (e.g. risk market - MSU 4.30.10.50.02.03 -, liquidity risk - MSU 4.30.10.50.02.02 -, credit risk MSU 4.30.10.50.01.01). This includes the adequacy of the reports for the board and senior management’s. This assessment is also regularly performed in SRC, when the oversight of a specific control of a specific risk is evaluated, in addition to the ARC routine on strategic risk control with a broader approach. Moreover, the ARC routine on corporate governance add additional precision to this evaluation. For more detailed supervisory procedures, please see EC1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,22 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | According to Resolution CMN 4,557 of 2017, the risk management structure must comprise adequate board approved policies, procedures and controls to ensure a prior identification of risks inherent to:
Regulation states that the board must approve relevant changes, induced from these risks in risk management policies and strategies, as well as in systems, routines and procedures. The supervision process takes in consideration the new product approvals when conducting examinations, including policies, processes, authorizations, reviews, testing, etc. In the deeper examinations (VEs - e.g. risk market - MSU 4.30.10.50.02.03 -, liquidity risk - MSU 4.30.10.50.02.02), the supervision teams ask for an inventory of recently approved or reviewed products together with their dossiers. A sample is selected and its documents are compared to the new product approval or review policy in order to check whether the specific risk under evaluation has been considered. The conclusions feed the SRC process. For more detailed supervisory procedures, please see EC1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Resolution CMN 4,557 of 2017 requires the periodical submission of risk and capital management processes to internal auditing. Regulation also requires that risk management must be performed by a specific unit, segregated from business units and from the unit that conducts the internal audit. The unit must be sufficiently staffed by members with certified expertise and qualification in managing risks. The institution must establish adequate conditions for the independence of the CRO and for the CRO’s direct and exclusive access to the risk committee, to the CEO and the board. The CRO access to all information deemed necessary to fulfill the job’s responsibilities must be ensured. VEs focused on the management of specific risks assess if risk management function is independent, equipped with sufficient resources and has the recommended authority to challenge front office decisions up to the highest levels of the bank. Credit risk (MSU 4.30.10.50.01.01), market risk (MSU 4.30.10.50.02.03), liquidity risk (MSU 4.30.10.50.02.02), operational risk (MSU 4.30.10.50.11) and corporate governance (MSU 4.30.10.50.06.01) examinations are examples of such inspections. Moreover, this is also evaluated on SRC, through specific risk control ARCs. Internal audit reviews and findings on risk management are taken into consideration when VEs are performed. In SRC, this issue is evaluated by ARC routines on control of specific risks (e.g. liquidity risk control, market risk control, operation risk control, etc.). A more comprehensive view of the internal audit unit is assessed by the ARC routine on strategic risk control. For more detailed supervisory procedures, please see EC1. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | According to Resolution CMN 4,557 of 2017, institutions must appoint a CRO responsible for the risk management specific unit. The CRO’s responsibilities, which must be stated in the institution’s bylaws, include:
Provided the absence of conflicts of interest, the CRO may perform other functions in the institution, including those related to the capital adequacy assessment. The board must approve both the appointment and the dismissal of the CRO. The dismissal of the CRO must be timely disclosed on the institution’s website, and the reasons for such removal must be communicated to BCB, which may require additional information. Resolution CMN 3,380 of 2006, Resolution CMN 3,464 2007, Resolution CMN 3,721 of 2009 and Resolution CMN 4,090 of 2012 already prescribed the appointment of a member of senior staff to be responsible for risk management. The appointed person must not perform activities that give rise to a conflict of interest with risk management activities. Most of the larger and more complex banks already had a dedicated risk management unit overseen by a CRO before such a requirement by Resolution CMN 4,557 of 2017. Although the previous regulation on specific risks (i.e. operational risk, market risk -including IRRBB, credit risk and liquidity risk) required the appointment of a senior management member to be responsible for that specific risk, the appointment of a single person was a common practice. VEs on specific risks and on corporate governance (MSU 4.30.10.50.06.01) conducted deeper analyses and more robust conclusions on the role of members in charge of risk management functions, including the CRO. This is also seen on specific risks and on strategic risk controls by ARC routines in SRC. An ARC routine on corporate governance currently under implementation will add a strengthened focus on that assessment. Even though the public disclosure of a dismissal of the CRO and the communication of such event to BCB were not required until Resolution CMN 4,557 of 2017, supervision teams have been receiving information on the reasons for changes in the risk management function. Supervision teams regularly meet members of the boards and high-level committees’ (e.g. audit committee, compensation committee) of supervised entities and are able to get their perspectives on risk management members and functions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Regulation on risk management comprises requirements for the implementation of a structure for continuous and integrated risk management according to Resolution CMN 4,557 of 2017, effective from August 2017 for institutions allocated to S1, and from February 2018 for institutions allocated to S2, S3, S4 or S5. Resolution CMN 4,557 of 2017 requires the implementation of a structure for risk management that covers operational risk (formerly addressed by Resolution CMN 3,380 of 2006), market risk and interest rate risk in the banking book (formerly addressed by Resolution CMN 3,464 of 2007), credit risk (formerly addressed by Resolution CMN 3,721 of 2009), liquidity risk (formerly addressed by Resolution CMN 4,090 of 2012), socio-environmental risk (addressed by Resolution CMN 4,327 of 2014) and other risks deemed material according to criteria defined by the institution, including those risks not considered in the calculation of the risk-weighted assets (RWA). Banking Supervision Department is working along with other departments to make its standards public, in a summarized version of SRC guidelines. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | According to Resolution CMN 4,557 of 2017, the integrated risk management structure must comprise clearly documented policies and strategies for business continuity management. The policies for the business continuity management must establish:
Institutions are also required to have in place liquidity and capital contingency plans. Such plans must be regularly reviewed and establish clearly defined and documented responsibilities, strategies and procedures to face stress conditions. The board is responsible for approving and reviewing, at least annually, the business continuity policies, the liquidity contingency plan and the capital contingency plan. Resolution CMN 4,557 of 2017 also requires the implementation of a stress test program, and the use of its results in identifying, measuring, evaluating, monitoring, controlling and mitigating risks. Stress test results must be considered in strategic decisions, revision of risk appetite levels, revision of policies, strategies and limits established for risk and capital management purposes. Such results must also be considered in the assessment of the institution’s capital and liquidity, as well as in the development of contingency plans and recovery plans, as established by Resolution CMN 4,502 of 2016. Information on corporate risks must result in consistent and concise management reports that meet the needs of the board and the board of directors, and must be regularly and timely delivered. Management reports should provide a comprehensive view of the bank’s risk profile and allow the identification, prevention and timely correction of risk control and management deficiencies. Resolution CMN 2,554 of 1998 generally addresses the monitoring reports, while other Resolutions explicitly state the need to issue reports to the senior management. All banks must have specific contingency plans related to liquidity, capital and operational issues. Those plans are assessed during examinations (VEs) regarding liquidity risk (MSU 4.30.10.50.02.02), capital management (MSU 4.30.10.50.30) and operational risk (MSU 4.30.10.50.11) with a deeper and more focused view. Aspects like feasibility of actions or sources, timing of decisions, dedicated governance and regular tests (if that is the case, like operational risk contingency plans) are examined. In the SRC, these plans are also evaluated by ARCs routines on liquidity risk control, operational risk control and strategic risk control. According to Resolution CMN 4,502 of 2016 financial institutions with a critical role23 or significant level of exposures in the Brazilian Financial System24, must prepare a recovery plan with the objective of restoring appropriate levels of capital and liquidity and preserving their viability, in response to stress situations. The recovery plan should contain, at a minimum, a detailed description of the following items:
The BCB may determine the inclusion, in the recovery plan, of other activities, operations or services performed by an entity, other indicators and additional information in the monitoring program and of additional stress scenarios and the execution of stress tests that consider such scenarios. BCB may also determine the total or partial execution of the recovery plan. Despite the fact that Resolution CMN 4,502 of 2016 established a phased-in schedule for submiting recovery plans to BCB ending on December 31st, 2017, supervision teams have already started evaluating documents prepared so far (e.g. on definition of senior management member in charge of recovery plan, definition of critical roles, etc.). In addition, in cases where a financial institution has prepared a recovery plan following a parent company model or a home supervisor decision, BCB supervision team has been examining those documents. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC13 |
The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisor regularly assesses a bank’s stress testing program and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing program:
The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing program or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC13 | Resolution CMN 4,577 of 2017, requires the risk management structure in banks must include a stress test program that complies with the following requisites:
Regulations require banks to use the stress test results in:
Regulation also states that the complementary use of the stress test program in assessing the adequacy and robustness of the assumptions and methodologies related to models must be ensured. The senior management and the board must be actively involved in the stress test program, indicating guidelines and approving scenarios when the scenario analysis methodology is required. The board is responsible for approving and reviewing, at least annually, the stress test program. Desup performs regular evaluation of stress test processes performed by banks on specific risks when VEs are conducted. Consideration of stress test results by senior management and the board is also assessed (e.g. market risk - MSU 4.30.10.50.02.03, liquidity risk - MSU 4.30.10.50.02.02, credit risk - MSU 4.30.10.50.01.03). Supervision teams’ findings are communicated to the bank’s staff, who must come up with a working plan to correct identified shortcomings. The assessment of stress tests is included on the SRC, at the corresponding ARC routines on risk control (e.g. market risk control, liquidity risk control, etc.). During the review of ICAAP reports, deficiencies on stress tests’ concepts, tools, scenarios and model outputs are gathered in a comprehensive evaluation of the process. Those findings are then informed to the bank’s staff, which must adjust identified deficiencies until the following report. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC14 | The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC14 | Regulations require the risk management structure must comprise adequate policies, procedures and controls to ensure prior identification of risks inherent to:
Regulation states that the board must approve relevant changes, induced from these risks in risk management policies and strategies, as well as in systems, routines and procedures. When a special examination (VE) is performed, supervision teams are required to verify if the new products are assessed from a risk perspective. The process includes requesting the list of all products approved in previous years and dossiers of their approval process. A sample is selected allowing examiners to evaluate if the internal new product approval policy has been followed and if risk management areas have assessed its impacts. Lack of evidence of this assessment is reported to bank’s staff and a correction plan must be designed. In the SRC quantitative evaluation, supervisory teams analyze the results obtained vis-à-vis the risk taken. In a financial and economic assessment (ANEF) of results - specifically P&L -, the supervision team measures the performance of the bank in diverse ways, including a RORWA (return on risk weighted assets). This metric considers the bank P&L based on the amount of risk the bank has assumed, on a standardized calculation. This allows the supervisors to assess the extent to which risk has been priced into the products and business activities. The RORWA is also compared with the return of the bank’s cluster, which provides for a comparison among peers to supervision teams. In addition, managerial figures are also considered when the ANEF results are being completed. In this case, RAROC figures are also assessed to grant the bank an overall grade. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Resolution CMN 4,557 of 2017 requires the implementation of a risk management structure that covers operational risk (formerly addressed by Resolution CMN 3,380 of 2006), market risk and interest rate risk in the banking book (formerly addressed by Resolution CMN 3,464 of 2007), credit risk (formerly addressed by Resolution CMN 3,721 of 2009), liquidity risk (formerly addressed by Resolution CMN 4,090 of 2012), socio-environmental risk (addressed by Resolution CMN 4,327 of 2017) and other risks deemed material according to criteria defined by the institution itself, including those risks not considered in the calculation of the risk-weighted assets (RWA). Regulations require banks’ ICAAP reports to include their strategies and procedures to manage other risks not addressed in the Supervisory expectations report, with explicit reference to reputational, strategic and contagion risks. The supervision team is required to confirm the adequacy of the procedures established by the board and conducted by the risk management unit for a continuous monitoring of the effectiveness of the strategic risk control. The SRC handbook also provides guidance to the supervisors for the evaluation of contagion risk, reputational risk, strategic risk, IT risk, money laundering risk and consumer relations’ risk. Additionally, the SRC requires supervisors to consider the interaction between different types of risk. The ANEF states that “Pilar 2 risks” should impact the evaluation on the adequacy of capital held by the bank. Also, the ARC routine on strategic risk control assesses banks’ processes for identifying material risks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 15 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory and supervisory frameworks come together collectively to promote a comprehensive risk management culture and frameworks in the banks operating in Brazil. The frameworks are required to be compliant with the key elements of risk management (identify, measure, monitor and manage) and also are required to be comprehensive in scope to cover all material risks, in proportion to their materiality, and the risk profile and systemic relevance of the institutions. This is achieved in some degree with the adoption of the segment approach. The regulations are comprehensive and explicitly establish detailed expectations for credit, market, operational and liquidity risk management frameworks and the related governance frameworks. While the work on recovery and resolution planning is progressing for the large banks, the stress testing and contingency planning requirements help in assessing the resilience and preparedness in the other banks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 16 | Capital adequacy.25 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC 1 | Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The BCB implemented Basel II in Brazil in 2007. The regulations established a minimum total regulatory capital ratio of 11 percent, i.e., 3 percentage points above the 8 percent minimum set out in the Basel II framework. The regulations covered all financial institutions, including all deposit-taking banks operating in Brazil. The BCB introduced its regulations that implemented Basel 2.5 with effect from 1 January 2012, in line with the globally agreed timeline. BCB implemented Basel III with effect from 1 October 2013. The regulations cover the revised definition of capital, capital requirements, capital buffers, credit valuation adjustments (CVA), exposures to central counterparties (CCPs), securitizations, and Pillar 3 (Market Discipline). Regulations issued in 2015 define the computation methodology of th Systemic buffer (effective 2017), the Countercyclical Basel III Buffers (currently at zero percent) and the Basel III leverage ratio (effective 2018). The timeline for implementation was slightly later than the globally agreed start date of January 1, 2013 but includes accelerated transitional arrangements such that Common Equity Tier 1 (CET1) of 4.5 percent is the minimum from 1 October 2013 (compared with Basel III phase-in arrangements that require a CET1 minimum of 3.5 percent in 2013). At the same time, there is also a corresponding reduction in Brazil’s current 11 % total minimum capital requirement to bring it into line with the Basel minimum of 8 percent by 2019. Please see Table 2 below for the minimum capital requirements established under the regulations. Table 2. Minimum Risk-Based Capital Requirements During the Implementation Period Table 2. Minimum Risk-Based Capital Requirements During the Implementation Period
Table 2. Minimum Risk-Based Capital Requirements During the Implementation Period
In February 2017, BCB issued regulations on capital management that are applied in a graded manner to institutions belonging to the segments S1 to S5. While the definitions of capital, Pillar 1 capital requirements and the SREP under Pillar 2 apply to all segments, the Pillar 2 ICAAP applies only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. The current definition of regulatory capital is established by Resolution CMN 4,192 of 2013 and the minimum required amount in each category of regulatory capital (PR), according to Basel III definitions, is defined by Resolution CMN 4,193 of 2013. Besides, Resolution CMN 4,193 requires explicitly the computation and maintenance of an amount of capital to face the interest rate risk in the banking book (IRRBB), while Resolution CMN 4,557 of 2017 (issue formerly addressed by Resolution CMN 3,988 of 2011) requires banks to assess and maintain capital to face all relevant risks to which a bank is subject. Circular BCB 3,768 and Circular BCB 3,769, both of 2015, define respectively the computation methodology of the Systemic and the Countercyclical Basel III Buffers. This set of regulations is compliant with Basel III criteria, both in terms of composition requisites and loss-absorbing characteristics. These regulations apply to all banks operating in Brazil. With effect from August 2017, the capital adequacy requirements for prudential conglomerates apply at the level of the prudential conglomerate (consolidated) and are not required for the solo banks that may be included in the prudential conglomerate. In addition to the financial institutions, the scope of prudential consolidation includes all financial-related entities and vehicles that can bring risks to the economic group. Such entities include payment institutions, private equities, securitization companies, factorings and funds with material retention of risks and benefits. Five banks in Brazil have been determined as D-SIBs, and are required to establish a systemic capital buffer, which is in transition stage. (See Table 2) While the BCB is yet to establish hard-wired thresholds by reference to which an institution might be subject to supervisory action, with reference to the minimum capital requirement, the regulations do provide for dividend pay-out restrictions and compensation limits when the institution breaches the capital conservation buffer and the countercyclical buffer. The supervisors do not see a need for additional hard-wired threshold, a breach of which would trigger a supervisory response. They are comfortable with the current framework as it allows them to engage with the bank even before there is a breach of a formal threshold, if it were to be in place. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | At least for internationally active banks,26 the definition of capital, the risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | As mentioned under EC1, the capital thresholds, risk coverage, capital definition and the methodology to calculate the minimum capital required are in alignment with the Basel III norms and are applied to all licensed banks or the prudential conglomerates to which they belong. Brazil underwent an assessment under the Regulatory Consistency Assessment Program (RCAP) of the Basel Committee in 2013 and the Brazilian capital framework was considered “Compliant” with the Basel Committee minimum requirements. In Brazil, institutions with total exposure equal to or greater than 10% (ten percent) of the nominal Gross Domestic Product (GDP) of Brazil or total consolidated foreign assets equal to or greater than USD10 billion (considered as relevant international activity) are included in S1 segment. The capital regime applies in its entirety (Pillars 1, 2 and 3) to the S1 institutions. Some elements of the capital adequacy framework in Brazil can be seen to be more conservative than the Basel requirements. A few examples of the more conservative approach are:
Deferred Tax Assets As a result of the differences between the timing when a provision is established by the bank and when it is actually allowed as an expenditure for tax purposes, the banks recognize (in compliance with accounting standards) a ‘deferred tax asset’ (DTA). DTAs arise in Brazilian banks primarily because of loan loss provisions (about 55 percent of total DTAs out of aggregate gross DTAs of around R$280 billion). Instead of a full deduction, DTAs that arise from temporary differences (such as loan loss provisions), are allowed to be included in CET1 capital, up to 10 percent of the bank’s common equity. In Brazil, a law (No. 12,838 of July 2013), was introduced to allow banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. It is understood that about 3 banks that are under resolution have claimed compensation in lieu of DTCs for about R$ 450 million and are awaiting issue of the government securities. The claim of one bank (for R$ 36 million) has been recently approved by the Government. The Basel Committee’s Regulatory Consistency Assessment Program (RCAP) has assessed the prudential capital adequacy regulations in Brazil as Basel III compliant. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are therefore included in CET1 capital and constitute about 25 percent of CET1 capital. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)27 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | As per regulations, all banks are required to maintain capital for credit risk, market risk and operational risk. Though institutions were allowed the option of using the advanced approaches for credit risk and the AMA approach for operational risk, all are using the ‘standardised’ approach for credit risk, and either Basic Indicator Approach (BIA) or Alternative Standardised Approach (ASA) for operational risk. For market risk, only two institutions have been permitted to use the internal models approach, and the requests from two other institutions are under consideration by the BCB. In addition to the above, the BCB has advised all banks to maintain capital for interest rate risk in the banking book (IRRBB). While this is not a formal Pillar 1 (and therefore binding) requirement, the BCB assesses banks’ capital adequacy for supervisory purposes after taking into consideration the capital that may be required to support the institution’s exposure to IRRBB. Regulations require inclusion of on-balance sheet and off-balance sheet risks in the calculation of prescribed capital requirements (Resolution CMN 4,193 of 2013). BCB has the authority to impose, when required, preventive prudential measures like a reduction in the degree of risk of exposures, or an add-on to the minimum required regulatory capital, or more restrictive operational limits (Resolution CMN 4,019 of 2011). Since 2013, ten institutions that met the stipulated criteria were required to implement an ICAAP. The criteria were (a) have total assets over one hundred billion Reais, and (b) have been authorized to use internal models of market risk, credit risk or operational risk or are part of a financial conglomerate with total assets over one hundred billion Reais and composed of at least one multiple bank, commercial bank, investment bank, development bank, exchange bank or savings bank. With the introduction of the segmentation concept for banks (S1 to S5), 6 of these institutions are currently included in Segment 1 and hence are required to implement ICAAP. The ICAAP reports are reviewed annually by the supervisors when analyzing the banks’ capital adequacy. Based on the ICAAP analyses performed by the supervisor, the results of a quantitative analysis, opinion of capital expert teams and inputs from banks, the BCB has developed risks benchmark models for use in their Pillar 2 process. Very recently (September 2017), the BCB has established a Board of Governors approved process to assess and require a capital add-on under the Basel Pillar 2 principles. Under this process, two categories of quantitative Pillar 2 capital add-on are envisaged:
The add-on notification process would consist of two steps. At first, a bank will be informed about its weaknesses, either related to category 1 or 2 above. In case such weaknesses persist at the end of the next SRC cycle, the Pillar 2 capital add-on will be required. This process is expected to be initiated during the second semester of 2017. A breach of Pillar 2 add-on requirement is subject to the supervisory action prescribed in Resolution CMN 4,019 of 2012, which can include (a) more stringent controls or operational limits, (b) reduction of risk exposures, (c) limitation or cessation of (i) increase in managers’ compensation, (ii) payment of variable compensation to senior managers, (iii) dividends distribution, (iv) selected types of transactions, (v) deployment of new business lines, (vi) acquisition of financial or nonfinancial companies, and (vii) opening of new branches or subsidiaries. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The prescribed capital requirements reflect the risk profile and systemic importance of banks28 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | In Brazil, the risk based capital adequacy requirements and the leverage ratio requirements have been extended to all licensed banks. The modulation of the capital requirements according to the bank’s risk profile and systemic relevance is achieved through the extension of the SIB buffer and the Pillar 2 SREP process. However, the BCB is yet to feel a need to establish a higher minimum Pillar 1 capital requirement for any bank. Circular BCB 3,768 of 2015 sets the methodology for calculating the D-SIBs higher loss absorbance capital buffer established in Resolution CMN 4,193 of 2013. Circular BCB 3,769 of 2015 sets the procedures for calculating the Countercyclical Capital Buffer, established in Resolution 4,193, of 2013, and is designed to reflect the geographical location of a bank’s exposures. Please see description under EC1 and EC2 which lay out the adoption of a proportionate approach to implementation of the capital adequacy requirements. For all banks, capital adequacy is assessed in every supervision cycle through the Risk and Control Assessment System (SRC). The supervisor evaluates whether the institution’s capital is adequate to support the risks associated with current and foreseen levels of business activities. The SRC work is composed of two parts, which are spread over two parts across the whole supervision cycle of a bank.
Institutions failing to meet Pillar 2 requirements may be subject to regulatory action, including balance sheet deleverage and requirements to strengthen risk management as detailed in the description under EC3. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use:
if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Regulations allow banks to use, upon approval by the BCB, internal models for credit, market and operational risk assessment (Resolution CMN 4,193 of 2013). Methodologies for internal models (Circular BCB 3,646 of 2013 for market risk, Circular BCB 3,647 of 2013 for operational risk and Circular BCB 3,648 of 2013 for credit risk) are based on the qualifying standards set by the Basel Committee. The internal guidance issued by the BCB for the validation of models is conservative and requires that the standards be followed on an ongoing basis. After approval, the model evolution is followed-up by supervision regularly. In case a bank ceases to meet the qualifying standards or conditions imposed, the model authorization may be withdrawn, though that has not happened so far. As on date, two banks are adopting internal models for market risk assessment, and the requests from two other banks to use internal models for capital adequacy purposes are under processing. No bank has been authorised to use internal models for computing capital requirements for credit risk (IRB) and operational risk (AMA), though some banks at relatively early stages of planning and development of models for use in calculating regulatory capital. No formal applications have yet been received by the BCB for IRB and AMA. The supervisory approval process of a risk model is divided in four phases:
Supervisory capacity: The assessment of internal models by the BCB began in June 2010 -although the BCB experts began to study the subject and helped in regulation-making years before. Besides the team directly responsible for supervising a bank, the assessment is performed by three specialized teams:
Regulations have laid down clear and comprehensive requirements for banks’ validation processes. At the minimum, it includes an evaluation of methodologies, assumptions and theoretical foundations of the model, including the mapping of the positions and the pricing methods; accuracy and appropriateness of the assumptions of volatility and correlation; inclusion of all relevant risk factors; comprehensiveness, consistency, integrity and reliability of the input data of the model as well as the independence of their sources; ability to adequately consider the characteristics of new products that could impact the market risk of the institution; adequacy of compliance tests and stress tests, including the suitability of the reports and their use in the prediction of the measurement process, monitoring and managing market risk; adequacy of internal controls related to the model; adequacy of the technological infrastructure and the operation of the systems used in the model, including testing, approvals and certifications; compatibility of the calculations performed by the operating systems and the logic of the assumptions and methodologies used; integrity, completeness and adequacy of the documentation of the model, and content and scope of the risk measurement reports. Besides the above, there are additional requirements which establish the institution’s responsibility for the validation process, requires validation at least once in three years, test should include hypothetical portfolios, independence, insulation from pressures, documentation and reporting to the board. The requirements mentioned above are broadly presented in regulation (Circular BCB 3,646 of 2013), and are detailed in the supervisory guideline “Internal Validation”. Regulations also establish several requirements for the internal audit review, (also defined in Circular BCB 3,646) that must include, at least, checks on the effectiveness of the validation process; checks on process validation in the case of relevant changes in the risk model or the risk profile of the institution; organization of the management structure of market risk; integration of the internal model to the daily management of activities subject to market risk, including stress testing; backtests and their effective use in reviewing the performance and improvement of the model; compliance with risk management policies, including structural limits and related policies; sufficient and technically qualified professionals in the areas of business, operational, risk management, information technology, as well as any others involved in the development, validation and use of the internal model; integrity and adequacy of management information systems; involvement of the senior administration in the market risk management process and timeliness and quality of information provided to the board. Moreover, the internal audit must be independent from the teams responsible for development, use and validation of the risk model. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).29 The supervisor has the power to require banks:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Regulations require that banks must implement a capital management framework commensurate with the nature of their operations, the complexity of their products and services, and the dimension of their risk exposure. Capital management is defined as the continuous process of monitoring and controlling the capital held by the institution, evaluating the capital necessary to face the risks that the institution is subjected to; and planning of capital target and necessity, considering the strategic objectives of the institution. While managing its capital, the institution must embrace a prospective behavior, forecasting capital needs due to possible changes in market conditions. The capital management framework must, at the minimum, include (a) mechanisms which enable the identification and evaluation of the relevant risks faced by the institution, including those not covered under regulations, (b) clearly documented policies and strategies for capital management, establishing mechanisms and procedures aimed at maintaining the capital compatible with the risks faced by the institution, (c) capital plan comprising a minimum three-year horizon; (d) stress testing and the assessment of its impacts on capital; (e) periodic reports to the senior management and the board on capital adequacy; and (f) Internal Capital Adequacy Assessment Process (ICAAP). The capital plan, mentioned above, must be consistent with strategic planning and include, at least, (a) capital target and capital projections, (b) main capital sources of the institution; and (c) a capital contingency plan. (Res 3988 of 2011, Art 3 to 5) With the issue of the revised regulations on capital management (Res 4557 of 2017) institutions allocated to segments S1, S2, S3 and S4 must implement a structure for the management of capital that aims at (a) monitoring and controlling the capital held by the institution; (b) assessing the capital deemed necessary to face the risks incurred by the institution; and (c) planning capital targets and needs, considering the institution’s strategic goals. The revised requirements for capital management frameworks include (a) clearly documented policies and strategies for capital management, establishing procedures aimed at maintaining total regulatory capital, Tier 1 and the CET1 compatible with the risks faced by the institution; (b) systems, routines and procedures for capital management; (c) assessment of the impacts on the institution’s capital as indicated by the stress tests results; (d) a capital plan; (e) a capital contingency plan, establishing responsibilities, strategies and procedures; to be periodically revised, clearly defined and well documented; to face stress conditions; (f) a capital adequacy assessment; (g) timely reports for the senior management, the risk committee and the board on deficiencies in the capital management framework and actions to address them and adequacy of the levels of PR, Tier I and CET1 considering the risks incurred by the institution. Regulations require that banks’ risk management structure must include a stress test program that complies with the following requisites, among others (Resolution 4,577 of 2017) (a) encompass all material risks, including risk concentrations, (b) use of assumptions and parameters that are adequately severe, (c) for institutions allocated to S1, S2 and S3 (i) be performed in an integrated manner across risks and business areas, (ii) consider different levels of aggregation of exposures and the prudential conglomerate as a whole, and (iii) consider adverse effects arising from interactions between risks. Regulations also require that the stress test results must be considered, among others, in (a) the revision of risk appetite levels, (b) the revision of the policies, strategies and limits established for risk and capital management purposes, (c) the assessment of the institution’s capital and liquidity, as well as in the development of contingency plans, (d) the capital adequacy assessment and (e) the preparation of recovery plans. Supervisors review institutions’ capital adequacy and capital management framework during the supervisory cycle through periodical on-site visits and by engaging with their senior management and board of directors. The banks’ capital management plans are reviewed as part of the SREP and review of the ICAAP, with reference to the institutions’ business plans and stress testing results, as well as with reference to the results of the stress testing undertaken by the BCB. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | In terms of regulations, the capital definition, risk coverage and the methodology to calculate the minimum capital requirements according to Basel recommendations apply to all institutions licensed by the BCB. With respect to non-banking institutions, only credit cooperatives may adopt a simplified methodology for the assessment of required regulatory capital, as long as they meet the following conditions (Resolution 4,194 of 2013):
Currently, Resolution 4,194 of 2013 is under review. The scope of institutions allowed to use a simplified methodology for the assessment of Regulatory Capital is likely to be extended. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC2 | The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.30 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC2 | Regulations and supervision do not explicitly require distribution of capital among the different entities belonging to the prudential conglomerate. Compliance with the regulatory capital requirements is verified on a consolidated basis, for institutions in the same prudential conglomerate (Resolution CMN 4,280 of 2013). As per the supervisory processes adopted by the BCB, the supervisors perform contagion analyses to assess the risks to the supervised institution arising from their group entities that form part of the prudential conglomerate and not necessarily focused on the adequacy of the capital at the entity level with reference to the level of it risk exposures. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 16 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | Banks in Brazil are implementing the Basel III capital requirements and the capital rules have been assessed as compliant by the Basel Committee. Instead of a full deduction, Basel III allows DTAs that arise from temporary differences (such as loan loss provisions to be included in CET1 capital, up to 10% of the bank’s common equity. In Brazil, law (No. 12,838 of July 2013), allows banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are included in CET1 capital and constitute about 25 percent of CET1 capital. Banks are on the transition path and expect to fully transition by 1 January 2019. While the definitions of capital, Pillar 1 capital requirements, and the SREP under Pillar 2 apply to banks in all segments, the Pillar 2 ICAAP applies only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. All banks are required to maintain capital for interest rate risk in the banking book, but not as a binding requirement. At present the prudential capital requirements apply only at the consolidated level, at the level of the prudential conglomerate. BCB is yet to establish thresholds with reference to which it might trigger a supervisory action. Areas for improvement can be: (a) require the individual banks within the prudential conglomerate to also comply with the capital requirement at the solo level; (b) require the prudential conglomerates to ensure adequate distribution of capital within the different entities in the conglomerate according to the allocation of risks; (c) establish thresholds by reference to which supervisory action might be triggered, preferably before breach of the minimum requirements. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 17 | Credit risk.31 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk32 (including counterparty credit risk)33 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration and monitoring. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The requirements for risk management functions and activities are prescribed by both the Banking Law (Law 4,595 of 1964) and Resolutions of the National Monetary Council (CMN). The Banking Law grants CMN the legal powers for establishing rules on governance structures in addition to the general rules in corporate legislation (Law 6,404 of 1976). Relevant CMN regulation includes:
Regulations (Res CMN 3721) define credit risk as the possibility of losses associated to a failure of a borrower or counterparty to meet financial obligations in the contracted terms, to a devaluation of a credit contract resulting from a deterioration in the risk rating of the borrower, to a reduction in earnings or remuneration, to advantages granted in a renegotiation and to recovery costs. The definition of credit risk comprises, among others, counterparty credit risk, country risk, the possibility of disbursements to honor guarantors, bails, co-obligations, credit commitments or other operations of a similar nature, and the possibility of losses associated with the non-compliance of financial obligations under the terms contracted by an intermediary or convening party in credit operations. The credit risk management framework must allow the identification, measurement, control and mitigation of the risks associated to each individual institution and to the financial conglomerate, in the scope of the Accounting Plan for Financial Institutions (Cosif), as well as the identification and monitoring of the risks associated with other companies of the wider group. Regulation CMN 3721 of 2009 lays down the requirements of a credit risk management framework in the supervised institutions that include the following:
Resolution CMN 4,019 of 2011, which empowers BCB for imposing prudential preventive measures in face of misconduct, inadequate risk management, insufficient internal controls or capital and solvency problems. Supervisory procedures guide the assessment of the framework for credit risk management and require supervisors to take into consideration the size and the complexity of the institution, as well as the nature and the dimension of its credit risk exposures. Supervision of credit risk also entails the review of the institution’s risk appetite and business strategy through a series of interviews with senior management, audit committee members, and the risk management and internal controls staff. Supervisors also assess whether the credit granting process and credit growth plans are commensurate with the policies, procedures, controls and risk appetite of the institution. Please see description under EC2 for more details on the approach to supervision of the credit risk management frameworks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,34 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1. Regulations (Res. CMN 3721 of 2009) also require that:
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for credit risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. Supervisory procedures guide the assessment of the framework for credit risk management and require supervisors to take into consideration the size and the complexity of the institution, as well as the nature and dimension of its credit risk exposures. Supervision of credit risk management also entails the review of the institution’s risk appetite and business strategy through a series of interviews with senior management, audit committees, and the risk management and internal controls staff. Supervisors also assess whether the credit granting process and credit growth plans are commensurate with the policies, procedures, controls and risk appetite of the institution. Examination procedures include assessment of credit risk management from the perspectives of control framework; identification, evaluation and assessment; specific controls; monitoring; and communication and information. Examination procedures aim at assessing whether risk management can effectively identify and measure credit risk and establish strategies to control and mitigate such risk. The assessment targets routines and procedures which aim at identifying, measuring, managing and mitigating credit risk exposures, including the following aspects, among others, (a) credit risk management structure, (b) credit committees, (c) policies, strategies and risk appetite, (d) credit lifecycle, (e) estimation of expected credit losses and provisions, (f) credit portfolio management and (g) models and IT systems. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 and EC2 for details of the regulatory framework for credit risk management and for the approach to its supervision. In addition to the above, supervisors also regularly conduct continuous off-site monitoring, which includes at least the following sources of information:
The database and information used by the BCB Monitoring Department is drawn from (a) the periodical accounting data and the regulatory capital reports received from the supervised institutions, (b) the data from the custody agents, clearings and settlement systems and trade repositories, and (c) BCB Credit Information System (SCR). For the supervision of the credit risk management systems, the SCR is an extremely important source of information. It has historical data on loans and other credit exposures, including credit risk ratings, collateral and expected credit loss ECL provisions. Data is available on a per-operation basis for counterparties with a total exposure larger than BRL200. Otherwise, data is consolidated on a per-type basis. Based on all this information, BCB Monitoring Department is able to generate credit risk metrics at the level of individual exposures, individual financial institutions and comparative data for peer group clusters, which are then monitored for detecting credit risk events such as (a) underperformance in credit portfolios, (b) overexposure or deterioration in credit risk profile, (c) insufficient provision, (d) capital inadequacy, and (e) regulatory arbitrage or misconduct in face of laws and regulations. Supervisors have full access to credit risk metrics as well as to risk monitoring tools and reports, which can be either automatic (e.g., the MRC report) or produced by analysts of the BCB Monitoring Department. The specific concerns and key risk indicators are reported to on-site supervisors and periodically reported to the heads of the supervision and the monitoring departments at BCB. Through the above monitoring and supervisory processes, the supervisors are able to challenge and verify the adequacy and efficacy of the systems and processes, including information and control systems, in establishing an appropriate and controlled credit risk environment in the supervised institutions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC1 and EC2 for details of the regulatory and supervisory approaches and practices with regard to credit risk management in the supervised institutions. Resolution CMN 4,557 of 2017 and Resolution CMN 3,721 of 2009 constitute the specific regulatory framework for this EC. These resolutions require:
Besides the financial capacity of the borrower, the credit risk assessment must take into consideration key risk factors that may lead to underperformance of the credit exposure. The factors that need to be considered by the financial institutions are presented in the above regulations. In addition, Resolution CMN 2,682 of 1999 also establishes the minimum set of risk factors that shall be considered for assessing credit risk of loans, leasing operations and other receivables with loan characteristics. Resolution CMN 4,007 of 2011 requires the financial institutions to reckon the same set of risk factors for assessing credit risk exposure in other financial instruments. Resolution CMN 4,557 of 2017 includes an explicit requirement regarding unhedged foreign exchange risk as a credit risk factor. The financial institutions are able to source a significant level of credit risk background information on the counterparties from the BCB credit registry, but these are supplemented by the information available in the counterparty’s financial statements and relevant notes that support them. Examination procedures require supervisors to review and assess compliance with the regulatory requirements and internal policies, procedures and limits. (MSU 04-30-10-50-01-01) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under CP20 regarding the transactions with related parties and CP26 regarding the internal controls and internal audit, which deal with conflict of interest issues and the framework to address these. Regulations (Resolutions CMN 4,557 of 2017, 3,721 of 2009 and CMN 2,554 of 1998) forbid the CRO, risk management directors and senior risk management staff to engage in or supervise activities that may involve conflicts of interest, for example, being part of credit risk management or internal audit, while engaging in granting of loans. The conflict of interest element with particular reference to transacting with related parties or overseeing transactions with related parties is, however, less explicit. Supervisory procedures (MSU 04-30-10-50-01-01) require supervisors to verify and satisfy themselves that the credit origination and the credit risk management activities are adequately segregated. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | While the regulation Res. CMN 3721 is not explicit about the requirement pertaining to the deciding authority for large or risky exposures, Res. CMN 4557 that became effective for S1 banks in August 2017 and will become effective for the other banks from February 2018 requires the board or senior management to decide on exposures that:
However, even prior to Resolution 4557, the examination procedures (MSU 04-30-10-50-01 -01, Section 3.1 (Control Framework)) require the supervisors to verify that policies and strategies for credit risk management establish that the board of directors or, in its inexistence, the senior management, deliberate on the assumption of exposure to credit risk: a) the value of which exceeds previously established quantitative limits, both in absolute values and in percentages of shareholders’ equity; or (b) incompatible with the institution’s risk profile or with the products and services it offers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Banking Law (Law 4,595 of 1964) also grants BCB access to all data kept by financial institutions deemed necessary for supervisory activities. In addition, Complementary Law 105 of 2001 establishes that bank secrecy provisions do not apply to BCB while carrying out supervisory duties. Supervisors have extensive access to information through both on- and off-site supervisory processes. Such information is used in the continuous assessment of risk exposure and risk management capacity. Documentation regarding the implementation of the framework for credit risk management must be available to BCB by force of Resolution CMN 3,721 of 2009, Resolution CMN 4,557 of 2017, and Resolution CMN 2,682 of 1999. Institutions must also periodically send information to BCB, including accounting and regulatory capital reports, as well as data on credit risk exposures to the SCR (Resolution CMN 3,658, of 2008). BCB has full access to data from the Brazilian settlement system, the major part of which is also administered by the BCB itself, as well as from custody and clearing systems and other settlement systems. BCB may request information on cross-border operations that are carried out by subsidiaries and business units in foreign countries (Resolution CMN 2,723 of 2000). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor requires banks to include their credit risk exposures into their stress testing programs for risk management purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Resolution CMN 4,557 of 2017 and Resolution CMN 3,721 of 2009 constitute the specific regulatory framework for stress testing in banks. Please see description under EC1 of this CP and EC13 of CP15 regarding the stress testing frameworks required under regulations. The supervisory procedures also require supervisors to review the stress testing frameworks and the use of the stress testing outcomes by the banks. (MSU 04-30-10-50-01-01, Section 3.3.4 (Monitoring), item 3.3.4.3, also hold). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 17 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment | The regulatory and supervisory requirements for credit risk management frameworks combine well to assure adequate and well-functioning frameworks in the supervised institutions. These requirements are well supported by periodical monitoring and analyses of banks’ credit risk exposures that equips the supervisors to challenge the banks’ systems and verify the outputs or outcomes of the banks’ risk management systems. At the same time, as can be seen in this CP and the other credit risk related CPs, there are a few areas that can be improved, and these have been specified in the relevant credit risk related CPs. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 18 | Problem assets, provisions and reserves.35 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.36 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under CP17 for details pertaining to the requirements under laws and regulations regarding the credit risk management frameworks in supervised institutions. Regulations require that the credit risk management frameworks in financial institutions must prescribe, among other things, the following that are relevant for the identification and management of problem assets (i) estimation, according to consistent and prudent criteria, of losses associated with credit risk, as well as comparisons of their estimated values with the losses actually incurred, (ii) procedures for debt recovery, (iii) the adequacy of the provisioning compatible with the credit risk assumed by the institution; (iv) evaluation of operations subject to credit risk, taking into account market conditions, macroeconomic prospects, changes in markets and products and the effects of sector and geographical concentration, among other factors, (v) establishment of clearly defined and documented criteria and procedures, accessible to those involved in the process of granting and managing credit, for, among others, (a) credit risk appraisal prior to granting, (b) granting of credit facilities or assumption of credit risk exposures, (c) renegotiation of transactions subject to credit risk, (d) periodic evaluation of the degree of sufficiency of the collateral, and (e) the detection of signs and prevention of deterioration in the quality of operations based on credit risk; (vi) classification of operations subject to credit risk, based on consistent and verifiable criteria, according to the following aspects (a) economic and financial situation, as well as other updated personal information on the borrower or counterparty; (b) use of instruments that provide effective credit risk mitigation associated with the operation; and (c) period of delinquency in meeting the financial obligations under the contracted terms, (vii) documentation and storage of information related to losses associated with credit risk, including those related to credit recovery (Res 3721 of 2009). The requirements in this regard have been revised with the issue of the regulations on integrated risk and capital management in February 2017 (Resolution CMN 4,557 of 2017), which have become effective for S1 banks in August 2017 and will become effective for other banks in February 2018. In terms of these regulations:
Regulations (Resolution CMN 2,682 of 1999) also require institutions to rate their exposures as per prudential norms, which in brief require institutions to:
Specific asset rating requirements established by Resolution CMN 2,682/1999 applies only to loans, lease operations and other operations with characteristics of credit risk. For the remaining credit risk exposures, however, supervisors may apply the same requirements whenever they consider appropriate (based on Resolution CMN 4,007/2011). The prudential rating and related provisioning requirements are summarized in Table 3 below: Table 3. Minimum Provisioning Requirements National Monetary Council Resolution n. 2,697 of 2.24.2000. Until 3.31.2000 applies to borrowers with balances above R$500 thousand, and until 7.31.2000 also to borrowers with credit balances between R$50 and R$500 thousand. Exceptions for certain types of credits apply. Credit operations classified in level H have to be transferred to Compensation Account—debit in the loan-loss account—six months after being assigned this risk level. Table 3. Minimum Provisioning Requirements
National Monetary Council Resolution n. 2,697 of 2.24.2000. Until 3.31.2000 applies to borrowers with balances above R$500 thousand, and until 7.31.2000 also to borrowers with credit balances between R$50 and R$500 thousand. Exceptions for certain types of credits apply. Credit operations classified in level H have to be transferred to Compensation Account—debit in the loan-loss account—six months after being assigned this risk level. Table 3. Minimum Provisioning Requirements
National Monetary Council Resolution n. 2,697 of 2.24.2000. Until 3.31.2000 applies to borrowers with balances above R$500 thousand, and until 7.31.2000 also to borrowers with credit balances between R$50 and R$500 thousand. Exceptions for certain types of credits apply. Credit operations classified in level H have to be transferred to Compensation Account—debit in the loan-loss account—six months after being assigned this risk level. hile the above table seems to suggest a strict application of those norms for classification, there is room for flexibility, as presented below:
As per the revised regulations that became effective in August 2017 for S1 institutions, they are required to treat restructured exposures as problem assets (Resolution CMN 4,557 of 2017). These regulations have introduced a distinction between renegotiation and restructuring, whereby restructuring is one type of renegotiation.
These regulations will become effective for other institutions in S2 to S5, from February 2018. Until then, for renegotiated exposures, which includes forborne exposures, regulations establish that they cannot be assigned a better risk classification until there is significant amortization or when new relevant facts are presented, such as new, liquid and sufficient collateralization (Resolution CMN 2,682/1999). As per regulations, institutions cannot recognize through Profit & Loss account interest on loans that are past-due for 60 days or longer (Resolution CMN 2,682/1999). However, banks can accrue interest on non-performing loan if they do not meet the 60-days past-due criteria. In such cases, the corresponding “accrued, though unpaid” interest can enter the income statement. Nonetheless, such interest shall be taken into account when estimating the expected credit losses for provisioning purposes. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for regulatory requirements on grading and classifying assets, for establishing appropriate and robust provisioning levels and banks’ policies and processes in this regard. The revised regulations (4557 of 2017), which have become effective for S1 banks from August 201 and will become effective from February 2018 for the other banks, explicitly require banks to have a framework for estimating the expected losses, which must consider:
The revised regulations also require that the expected loss estimate must be revised
These requirements are an improvement over the previous regulations, which were silent on these aspects. BCB’s on-site inspections have two major goals: (i) compliance with regulation and assessment of adequacy and efficacy of the risk management frameworks in the supervised institutions in order to ensure that they hold sufficient provisioning to face expected credit losses; and (ii) avoid overexposure to credit risk. During on-site inspections, supervisors verify whether a comprehensive set of credit risk factors is considered by the institution when assigning and reviewing risk ratings. A sample of exposures is selected for examination, and supervisors assess the compliance with regulation, the borrowers’ creditworthiness and the adequacy and sufficiency of guarantees and collateral. Their conclusions are compared with the analysis carried out by the bank’s risk management framework, which includes the credit classification. Samples are selected randomly or based on evidence found in the Credit Information System (SCR). Information from public sources (press, rating agencies, etc.) may also be employed. Selected samples generally include borrowers whose exposures are not performing or face relevant credit deterioration in other financial institutions, which have not yet been observed in or by the financial institution under inspection. On an aggregate level, supervisors are expected to assess the magnitude of credit risk exposure in terms of non-performance risk, concentration risk, mitigation risk, settlement risk and counterparty credit risk. They are also required to evaluate whether the risk management framework (including provisioning levels) is adequate, sufficient and effective. Supervisors use compliance tests, cash flow tests and information from the Financial System Monitoring Department (Desig) while determining the adequacy of the credit classification and provisioning levels. On the basis of the finding of the supervisory assessments or reviews, they may require the banks to make modifications and improvements to their risk management frameworks or activities. They can also impose specific credit classification and provisioning levels for the sampled exposures, which may be extended to other similar exposures. (Resolutions CMN 3,721 of 2009, CMN 4,557 of 2017, CMN 2,682 of 1999 and CMN 4,019 of 2011.) Assessment of the rating assignment and provisioning processes are also part of the continuous (off-site) monitoring process carried out by both supervisors of the Supervision Department and analysts of Desig. In addition, the external auditors are also required to provide a detailed report twice a year (June and December) that reviews the criteria for credit ratings and the adequacy of provision levels. This report is an additional source of information for supervisors, both during on-site inspections and throughout the continuous off-site monitoring process. However, auditors’ reports do not substitute supervisors’ own opinion of the risk assessment and classification procedures. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures. 37 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Law or regulations do not have a clear definition of “exposure” for management of credit risk. Supervisors assert that the methodology adopted for measuring credit risk for capital adequacy purposes apply for other prudential purposes also, including for management of problem assets and provisioning requirement. Please see description under EC1 where it is mentioned that the scope of classification system as per regulations includes loans, lease operations and other operations with characteristics of credit risk, and that the supervisors may apply the same requirements to other exposures as they consider appropriate. The accounting framework introduced by Regulations (Resolutions CMN 3,823 of 2009 and 4,512 of 2016) requires provisions for certain off-balance sheet exposures such as loan commitments and financial guarantee contracts. Regulations are apparently not consistent about the treatment of OBS exposures for provisioning purposes for accounting purposes and prudential purposes. According to Technical Note 170/2017-BCB/Desup, financial guarantees shall generally be considered at the nominal value, but CCFs are accepted for some specific guarantees, e.g., bid and performance bonds, as long as they have not been classified as non-performing exposures. Yet, as per requirements, while reporting on non-performing exposures, banks only report the full transaction on-balance amount as delinquent. Though the off-balance sheet exposures are not reported as delinquent, supervisors expect banks to block the undrawn portion of the loan until overdue payments are made or the loan is restructured. Regulations and practice seem to be at variance from the requirements under this EC. In the absence of a consistent definition of ‘exposure’ that includes all types of on-balance sheet exposures (for example investment in debt securities, and other amounts payable by the counterparty) and off-balance sheet exposures, and in the absence of clarity in terms of how these exposures should be treated while compiling supervisory reporting and while computing the provisioning requirements, quality and consistency of verification of compliance with the regulations and enforcement of uniform approach to measurement and provisioning is unclear. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | While banks are required to comply with IFRS while preparing their consolidated annual financial statement for complying with the listing requirements, they are required to comply with COSIF and BCB regulations while preparing their financial statements at half-yearly intervals and while compiling their prudential reporting. Consequently, Regulations (Resolution CMN 2,682/1999) require the supervised institutions to make minimum provision based on the credit rating assigned as per regulations. In order to assess the overall sufficiency of loan provisions and loan classification system usually the following two methodologies are applied by the supervisors:
While accounting regulation requires provisions only for the following cases, supervisors may require expected loss provisioning for any credit risk exposure (Resolution 4,557/2017):
As an example, supervisors shall follow specific supervisory guidance concerning the ECL provisioning for securities (Technical Note 357/2016-BCB/Desup) and financial guarantees (Technical Note 170/2017-BCB/Desup). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under the previous ECs for details of the regulatory and supervisory frameworks for identifying deterioration in asset quality, assessing the adequacy of banks’ rating/ classification and provisioning, and assessing the banks’ policies and procedures for identification and management of problem assets. The Financial System Monitoring Department (Desig) has developed many reports based on BCB’s credit register system in order to identify and analyze credit risk situations and indicators that can raise flags on credit risk deterioration, including evergreening. After analysis, the warnings are reported to On-Site Supervision to be evaluated by the Supervisors. Based on these reports, supervisors could determine circumvention, if any, by a simple verification either during their continuous off-site supervisory process, or by on-site inspection, as required. To verify evergreening practices, supervisors usually plan an on-site inspection applying cash-flow analysis. If identified, supervisors require corrective actions, which includes risk reclassification, increased provisioning and modification in policies and procedures. In some cases, specific sanctions may also be applied. Uniform classification: One approach to ensure early identification of deteriorating assets is to assess the counterparty’s “unlikely to pay” to mark an exposure as a problem asset. This is required by regulations (Resolution CMN 4,557/2017 and Res 2623 of 1999). At times, the same principle can be used to extend the most adverse rating/ classification to all the exposures of the same counterparty when any of them becomes non-performing. Another approach to ensure early identification of deteriorating assets is to require banks to mandatorily apply the most adverse asset rating/ classification assigned to any of the exposures to a counterparty to all exposures to that counterparty. This is required from banks by regulations (Resolution CMN 4,557/2017, item XIV, and Resolution CMN 2,682/1999, article 3). Supervisors, however, permit exceptions on a case-by-case basis for collateralized and nature-specific exposures (e.g., project finance and payroll guaranteed loans). During inspections, supervisors verify whether such classification requirements are actually satisfied, e.g., by applying the massive analysis technique. Monitoring department also uses the SCR for checking whether different exposures to the same counterparty receive distinct risk ratings. A third approach to ensure early identification of deteriorating assets can be when banks apply the adverse asset rating/ classification in other institutions to the exposures to the common counterparties. As banks in Brazil do not have access to credit assessments carried out by their peers, they are not able to ensure a similar classification for clients across the system. However, the supervisors have access to client data in the SCR and use that information to enforce a minimum classification across the system when they consider appropriate. Regulations require banks to identify connected counterparties, which shall be regarded as a single counterparty for the purposes of credit risk management, including for risk assessment and provisioning (Resolution CMN 4,557/2017, article 22). Regulations allow banks to establish their own criteria for assessing the connection among counterparties, but they must consider at least a minimum set of related-parties criteria provided by the same regulation. In turn, supervisors review banks’ criteria during either on-site inspections or off-site supervision activities, and require corrections and improvements, as appropriate. Additionally, whenever appropriate, supervisors may require banks to consider specific counterparties as they were connected to one another, regardless whether they satisfy banks’ own criteria. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | While there is no specific requirement for reporting details on non-performing exposures to the BCB, banks are required to submit periodical reports to the Credit Register System (SCR). The reports include elaborate details of individual exposure to all counterparties that have availed credit facilities from the supervised institutions. The individual exposure level details include, among others, the contract number, date of granting, amounts drawn, date of repayment, days past due, cash flows, asset rating/ classification, available collateral, collateral value, provisions held there against. The granular details in the SRC allows the supervisors to perform analyses to draw several reports that allow them to undertake comprehensive reviews of the asset quality of banks’ credit portfolio, and also challenge banks’ classification and provisioning, where discrepancies are observed. This database also allows the supervisors to compare classification and provisioning levels for any given counterparty across the banking system. The database is also used by the supervisors to review the renegotiated and restructured exposures, with reference to their classification and provisioning levels in comparison with the prudential requirements. Also, please see description under EC5. Regulations require that banks’ policies, processes and procedures for credit risk management must be completely and adequately documented (Resolutions CMN 4,557 of 2017, 3,721 of 2009 and CMN 2,682 of 1999). Documentation must include all policies and procedures concerning the assessment of credit risk; estimation of the expected credit losses, which includes classification and provisioning of credit exposures, identification of problem assets and management of forborne exposures. According to the on-site examination procedures, supervisors are expected to assess whether the documentation that supports the activities of the risk management framework is comprehensive, technically sound and accessible to all professionals involved in the credit lifecycle. Supervisors have the authority to request additional information or to require improvements whenever necessary. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Please see description under ECs 4, 5 and 6 for the methodologies adopted by the supervisors to determine the overall sufficiency of loan provisions and loan classification system. Under the regulations, supervisors have the authority to:
In case of misconduct in face of legal or regulatory requirements, penalties apply to both a financial institution and its board or senior management. (Resolutions CMN 3,721 of 2009, 4,557 of 2017, 2,682 of 1999 and 4,019 of 2011) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Regulations require that the credit risk management framework must prescribe establishment of clearly defined and documented criteria and procedures, accessible to those involved in the process of granting and managing credit, for periodic evaluation of the degree of sufficiency of the collateral. (Art. 4, Res 3721 of 2009) The regulations, however, do not lay down the norms or requirements that will govern the periodical collateral valuation to be performed by banks, for example, frequency of valuation, assessment of net realizable value, and the reliance on in-house or independent expert valuers. In the absence of substantive guidance or requirements, banks adopt their own methods, norms and practices for valuation of collateral for determining provisioning for problem exposures. Supervisory guidelines expect supervisors to evaluate the adequacy of management reports to the board of directors with regard to the disclosure of the measures of expected loss due to credit risk, comparison with the amounts provisioned and with the valuation of assets subject to marking to market. Supervisors are also expected to evaluate these management reports for quality and comprehensiveness of the information, periodicity and timeliness of the document. Further, since banks have to review their risk rating at least annually and as the value of collateral is an important part of this process, the supervisors expect the banks to reassess the value of collaterals at least annually. Banks are required to report the details of the collateral while submitting their reports to SCR. For auto loans, such information includes the serial number of the vehicle, which allows supervisors to validate the reported value against the public registry (Sistema Nacional de Gravames - SNG) and estimation of the realizable value of the collateral at market values. (car prices indexes provided by Fundação Instituto de Pesquisas Econômicas - FIPE). Similarly, while the SNG started to receive data on new real estate financings at the beginning of 2017, BCB is tracking historical prices of real estate collaterals embedded in mortgage transactions that are reported to SCR. In addition, an ongoing strategic project (ASup/Perda Esperada) of the Supervision Department (Desup) focuses on the use of SCR data for estimating recovery values and backtesting the loss-given default parameters that banks use for establishing their expected credit loss provisions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 |
Laws, regulations or the supervisor establish criteria for assets to be:
identified as a problem asset (e.g., a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and reclassified as performing (e.g., a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Regulation 2682 of 1999 that is currently the operating regulation for the institutions included in S2 to S5 segments, does not provide a definition of a problem or a non-performing asset. However, as explained in the description under EC1, the regulation requires classification of all credit exposures under 9 categories from AA to H based on the ‘days past due’ and the ‘ability to pay’ criteria. Regulations have also not established quantitative criteria for upgrading assets, in terms of either probation period or minimum amortization. However, regulations require that renegotiated loans are held in the same classification category and that the re-classification for a lower risk category is permitted, when there is a significant amortization of the operation or when new relevant facts justify the risk level change. Banks are, therefore, allowed to establish their proprietary criteria based on their own credit experience. For S1 institutions, regulation 4557 issued in February 2017 became effective in August 2017. This regulation establishes the definition of a problem asset as one that is classified as ‘E’ or worse. The supervisors understand the ‘problem assets’ to mean ‘non-performing’. While this is the interpretation and understanding amongst the supervisors this is not articulated in laws or regulations. Resolution 4557 explicitly provides that exposures identified as problem assets may only have this condition changed in face of evidences that the counterparty’s ability to meet obligations under the contracted terms is recovered. Criteria for identifying the counterparty’s ability to pay must be established by the institution and clearly documented. These regulations become effective for the institutions included in S2 to S5 in February 2018. The regulations are unclear about the norms that guide the reclassification of borrowers among the various grades, allowing scope for individual practices amongst banks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | Regulations require banks’ credit risk management frameworks to regularly provide reports to senior management and the board (Resolutions CMN 4,557 of 2017 and 3,721 of 2009). As per the Specific examination procedures, (MSU 04-30-10-50-01-01, Section 3.5 (“Communication and Information”)), supervisors must verify whether such reports are regular, comprehensive and complete, and whether they are provided on a timely basis to support the decision about corrective actions. However, regulations do not explicitly require the supervised institution’s boards to periodically obtain and review the information on the quality of banks’ asset portfolio, major problem assets and levels of provisioning, and their trends. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Regulations require banks to subject all credit exposures to rating/ classification and provisioning on an individual basis. Regulations also require banks to assess expected credit losses both on individual and aggregated basis for determining the adequate level of provisioning, allowing a simpler framework for classification and provisioning for exposures below BRL 50,000. For counterparties with exposures below BRL 50,000, the classification can be determined based on the number of days past due, but the rating cannot be better than ‘A’ implying that banks should hold provisions of at least 0.5 percent for these exposures. (Art 5, (Resolution CMN 2,682 of 1999) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor regularly assesses any trends and concentrations in risk and risk buildup across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | The BCB reviews and assesses the quality of credit risk portfolios of individual banks. While undertaking such reviews based on off-site and on-site inputs, the supervisors are able to review the asset quality of the supervised entity with reference to the peer groups and the banking system. Also at individual counterparty levels, the supervisors are able to review the classification of one counterparty in the supervised institution in comparison with the classification of the same counterparty in the other banks by using the SCR database. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 18 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The supervisory framework for determining that the supervised institutions have adequate policies and processes for early identification and management of problem assets and the maintenance of adequate provisions is largely in place. In the absence of explicit definition of exposure for classification and provisioning purposes, in the absence of explicit prudential reporting by banks, BCB can be seen as estimating the size of NPLs from exposure perspective and from ‘renegotiation’ perspective. Absence of explicit requirement to adopt expected loss approach for all types of exposures, combined with absence of explicit guidance or norms on eligible collateral and valuation thereof for determining provisioning for problem exposures can pose challenges to assessing adequacy of provisions held by banks. The regulatory framework that lays out the minimum requirements for the identification, measurement and provisioning for problem assets is in transition and needs to stabilize. Resolution 4557 of 2017 addresses some of the regulatory gaps. Yet, a few areas where there is scope for further improvement include:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 19 | Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.38 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.39 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under relevant ECs of CP15 and CP17 for the regulatory regime pertaining to credit risk management that is applicable to S1 institutions till August 2017 and to all other institutions. Regulations further require that the credit risk management frameworks in financial institutions must include, among other things, the following that are relevant for the identification and management of concentration risk and large exposures: (i) systems, routines and procedures to identify, measure, control and mitigate credit risk exposures, both at individual and aggregate level of operations with similar characteristics, capturing at least the material sources of credit risk, the identification of the borrower or counterparty, the risk concentration and the form of aggregating operations; (ii) establishment of limits for operations subject to credit risk, both at the individual level and at the aggregate level of groups with a common economic interest and of borrowers or counterparties with similar characteristics; and (iii) evaluation of operations subject to credit risk, taking into account market conditions, macroeconomic prospects, changes in markets and products and the effects of sector and geographical concentration, among other factors. (Res. 3721 of 2009) The revised regulations (Resolution CMN 4,557) that are applicable to S1 banks from Aug 2017 and to the other banks from Feb 2018, has made several improvements over prevailing regulations for banks (Res. 3721 of 2009) regarding identification, measurement and management of concentration risk. The improvements achieved by the revised regulation, include
Regulations that deal with credit risk management, including concentration risk, do not explicitly define exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective. However, supervisors assert that banks and the BCB adopt the same definition and approach as applicable for measuring the exposure under the capital adequacy regulations. The definition of exposure under the capital adequacy regulations applies to both on-balance sheet exposures and off-balance sheet exposures. Exposure, as defined for the purposes of capital adequacy, allows set-offs such as netting of exposures to the same counterparty and for credit risk mitigants. However, from a concentration risk perspective, Basel guidance requires assessment of exposures from a ‘maximum exposure to loss’ perspective for which set-offs will need to be disallowed and exposures that are economically interdependent will have to be aggregated. These elements are absent in the current approach. For credit risk in general (including concentration risk), the supervisors are required to include the evaluation of the risk management policies and processes with reference to the FI’s strategic objectives and their risk appetite. The supervisor is expected to assess the concentration risk limits, in relation to the diversification parameters defined by the Board (MSU 4-30-40-20-01-02 - section 4.2.2.3). According to Continuous Monitoring procedures (AC), which provides information for the SRC, the supervisor must periodically review for each institution, among other documents, credit risk reports sent to senior management (this review must be commensurate with the risk profile and systemic importance of the FIs), including the reports on concentration risk. The on-site examinations carried out by Desup seek to verify whether (a) the concentration limits of portfolio distribution by product type and economic sector are in line with credit policies defined by the institution, (b) those limits are aligned with the risk appetite, as defined by the Board (MSU 4-30-10-50-01-01 - section 3.2.3.2) and (c) supervised institutions comply with the internal and regulatory limits for concentration. During these verifications, supervisors are expected to also check if senior management work within the parameters for the treatment of exceptions to the defined limits (MSU 4-30-10-50-01-01 - section 3.2.3.3). Finally, in the SRC the supervisor is required to include the evaluation of the adequacy of the communication process of credit risk exposures (including concentration risk) to the Board. (MSU 4-30-40-20-01-02 - section 4.1.3.1). Select banks to which the ICAAP process is applicable, are also required to measure concentration risk in that exercise. Accordingly, internal limits for concentration risk must be established and monitored. Failure to comply with such requirements may result in capital add-ons. Supervision reviews management of concentration risk by verifying the existence of and compliance with internal concentration limits and the treatment of exceptions to defined limits (MSU 4-30-10-50-01-01 - sections 3.2.3.2 and 3.2.3.3). The on-site supervision (Desup) verifies the general adherence of the FIs to the regulation in two ways. First, through on-site examinations, Desup ensures that banks identify correctly credit risk and, within credit risk, concentration risk (MSU 4-30-10-50-01-01 -sections 3.2 and 3.7.2). All exposures, including off-balance exposures, must be considered (MSU 4-30-10-50-01-01 - section 3.2.1.2). BCB’s supervision area incorporated in 2016 in the MSU an explicit provision to capture concentration risk exposures including off-balance exposures, although they were already considered in the analysis Secondly, Desup analyses FI internal reports regarding exposure to concentration risk and compliance with limits (MSU 4-30-10-50-01-01 - sections 3.2.3.2 and 3.4.1). The analysis by Desup is complemented with the offsite supervision’s (Desig) monitoring of regulatory limits, as described below. Off-site: The BCB’s Continuous Monitoring (AC) process, includes a periodical review of Credit Risk, that is proportionate to the Fl’s systemic importance and risk profile. Formally, excessive levels of concentration risk are those established by Regulations. However, SRC prescribes the assessment of the level of concentration risk. High exposure to this risk may prompt the supervisors to require the development of a plan for reducing concentration, implementation of which will be monitored. In addition to the information received from banks, Desig uses the information from clearinghouses, which provides information about banks’ operations in certain financial instruments that are traded in the market. This allows it to evaluate concentrations to single counterparties taking into account banks’ exposures through traded securities, and at times to connected counterparties. If a maximum limit established by regulation is surpassed, Desig informs the onsite supervision of the situation. Whenever Desig identifies an out-of-limit exposure the supervisors check the actual level of concentration and demand correction, where required. Compliance with the foreign exchange exposure limit established by Resolution 3,488 and the credit limit to the public sector instituted by Resolution 2,827 are also monitored by Desig via SIM. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure40 to single counterparties or groups of connected counterparties. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 with regard to the regulatory requirements for banks with regard to the management of concentration risk, including the definition of concentration risk. Regulations that are applicable to S1 banks from Aug 2017 and to the other banks from Feb 2018, require supervised institutions to have information systems that identify and aggregate, on a timely basis, the exposures to concentration risk (Article 23, Para 17 of CMN 4557 of 2017). The regulations (4557 of 2017) allow the institution, in exceptional cases, waiver from considering counterparties connected by control as a single counterparty, as long as it can be demonstrated that such counterparties do not share the credit risk incurred by the institution. The BCB has the discretion to consider two or more counterparties as connected, in case they verifiably share the credit risk incurred by the institution. As per regulations, connected counterparties must constitute a single counterparty for the purpose of credit risk management. Such counterparties are those that share the credit risk incurred by the institution, including through a control relationship. For the purposes of Resolution 4,557, the control relationship must be substantiated through the occurrence of at least one of the following criteria:
The institution must document the criteria that uphold the identification of each group of connected counterparties. Reports for the senior management, the risk committee and the board must also include information regarding exposures resulting in risk concentrations. (Art 23, para 3(III), Res 4557) In 2016, the guidelines to supervisors incorporated in the MSU an explicit requirement for verification of the systems in FIs for the identification and aggregation of information regarding large exposures and risk concentration (MSU 4-30-10-50-01-01 - section 3.2.3.4). Supervision Desig reviews the timeliness and accuracy of the bank’s systems by reviewing the data on the credit registry and the bank’s internal reporting. Overall, Desup checks the efficiency of the systems used by the institution to manage, classify and monitor risks, as well as to store the data history of credit transactions, joint obligations and other operations with credit characteristics. (MSU 4-30-10-50-01-01 - section 2.1). On-site examinations seek to analyze the capacity and reliability of information systems in the generation and timely availability of information related to the credit process (MSU 4-30-10-50-01 -01 - section 3.5.2). The SRC also specifically provides that the supervisor must include the assessment of the IT systems that are used by the FI for monitoring and managing concentration risk (MSU 4-30-40-20-01-02 - section 4.2.2.3). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 for requirements in regulations that pertain to the risk management policies and processes pertaining to credit risk in general and concentration risk in particular. In general, banks manage credit concentration risk by setting internal limits by client (including connected counterparties) and by economic sector. Some banks also fix limits for country risk, foreign exchange risk and foreign business units adhering to the Institution’s Risk Appetite Statement. The limits are usually set with reference to regulatory capital. They also monitor clients with the largest exposures. During on-site examinations, supervisors seek to verify or evaluate
During the off-site processes the supervisor is required to periodically review for each institution, among other documents, credit risk reports sent to senior management. This review must be commensurate with the risk profile and systemic importance of the FIs. This review includes the banks’ reporting of information on risk concentration submitted to the senior management. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The regulatory and supervisory framework in Brazil does not require the supervised institutions to periodically submit regulatory reports on their exposure to concentration risks. Instead, the supervisors make extensive use of the data and information to which they have access, to identify the concentrations to which the supervised institutions are exposed. On the basis of the analyses and signals received from the monitoring department, the supervisors may pursue as appropriate with the supervised institutions. The off-site information database that the supervisors can use for reviewing banks’ exposure to concentration risks comprise information and data reported by the banks to the credit registry; daily data received from clearing houses, CCPs and trade repositories; data received from the government agencies, including revenue authorities. Automatic routines (SQL) are used to process information from the various sources. Relying on the above database, the supervisors are able to monitor banks’ exposures to credit concentration risk from different perspectives. Supervision monitors and reviews banks’ exposure to concentration risk and compliance with the prudential limits by relying on inputs from various sources, as below:
Routinely, the supervisory focus is on the exposure to single counterparties, connected counterparties, and large exposures to review banks’ compliance with prudential limits for these exposures. The review of the other types of concentrations is to equip the supervisor to assess compliance with internal concentration limits, if any, or to engage the banks in an informed discussion on their concentration risk management policies and approach. The off-site monitoring process registers limit exceptions in the Integrated Monitoring System (SIM) system, which will prompt supervisors to take action. In addition, cases of exceeded limits are referred to the on-site supervision department for corrective action. A system called “Profile of Operational Limits” provides search and reporting services (SQL and Microsoft Reporting Services) to supervisory teams on occurrences of noncompliance with prudential limits by the supervised institutions. Supervisors of Brazil’s largest banks also receive regular internal reports from banks on their risk profile and risk measurements. These reports usually cover risk concentrations and the largest exposures. Credit concentration and credit risk management are also assessed in SRC and in on-site examinations. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The prevailing regulations on concentration risk management for banks in S2 to S5 do not have clear definitions or guidance on ‘connectedness’ of counterparties. As per current definition (Res 2844 of 2001) a client is defined as a single person, either natural or legal, or a group of persons acting singly or jointly and representing a common economic interest. Economic dependency is situations when difficulties in raising funds or liquidating liabilities faced by one entity entail similar difficulties in another entity. The revised regulations that are in force for S1 banks from August 2017 have provided clarity in this regard. These regulations become effective for all banks from February 2018. (Please see description under ECs1 and 2 for details). The revised regulations require the institution to document the criteria that uphold the identification of each group of connected counterparties. However, in exceptional cases, the institution can be waived from considering counterparties connected by control as a single counterparty, as long as it can be demonstrated that such counterparties do not share the credit risk incurred by the institution. The BCB has the discretion to consider two or more counterparties as connected, in case they verifiably share the credit risk incurred by the institution. The BCB has two sources of information for verifying inter-connectedness:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | Laws, regulations or the supervisor set prudent and appropriate41 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off-balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC 1 regarding absence of definition of ‘exposure’ for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective. Regulations establish the following prudential limits to address concentration risk (CMN 2844 and CMN 2827, both of 2001): Table 4: Prudential Exposure Limits-Summary Note: * as percent of regulatory capital; ** excludes exposure to the federal government; *** A large exposure is defined as one that is equal to, or exceeds, 10% of Regulatory Capital.Table 4: Prudential Exposure Limits-Summary
Table 4: Prudential Exposure Limits-Summary
These limits apply on a consolidated basis to the prudential conglomerate, as defined by regulations (Resolution CMN 4,280 of 2013) and to the solo bank for other institutions. Regulations permit the following exemptions while computing compliance with the above prudential limits:
Concentration risk is also addressed by regulations (Resolution CMN 3,488 of 2007), which impose a limit on the net exposure of a financial institution to foreign currencies or gold. The limit is set at 30% of Regulatory Capital (PR) and compliance is verified on a daily basis by the off-site supervision team. Laws or regulations are silent about the treatment of credit risk mitigants, in the computation of exposure and in the computation of compliance with the prudential exposure limits, other than those mentioned above under exemptions. However, it is understood that during on-site examinations and monitoring of large exposures in large banks, supervisors assess the quality of the collateral associated with such exposures on a case-by-case basis. Please see description under EC4 for the supervisory approach to monitoring of compliance by the banks with the prudential limits prescribed for large exposures and foreign currency exposure risk. Please see description under EC3 for the requirements about senior management and board monitoring of banks’ exposure to concentration risk and their compliance with the prudential as well as internal limits for risk concentrations. In addition, supervisors examine the limits for connected counterparties established by the bank’s policy and require banks to monitor the adherence to those limits. (MSU 4-30-10-50-01-01 -sections 3.2.3.2 and 3.2.3.4). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programs for risk management purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Prevailing regulation on the management of credit risk for banks in S2 to S5 segments, had prescribed the implementation of a management structure that assesses credit risk in operations, taking into account simulations of extreme conditions (stress tests), encompassing economic cycles, market conditions, macroeconomic perspectives, changes in markets and products, and the effects of sectoral and geographic concentration, among others. (Resolution CMN 3,721 of 2009) The revised regulations that will become effective for all banks from February 2018 require banks to include in their stress test programs all material risks, including credit risk and the impact of significant risk concentrations. (Resolution CMN 4,557 of 2017) Supervision is required to analyze stress tests of banks as part of the evaluation process of banks’ ICAAPs. While evaluating banks’ stress test programs, supervision is also required to verify whether concentration risk is taken into account (MSU 4.30.10.50.01.03 - section 2.1.10). In practice, relevant concentration risks, especially by client (including connected counterparties), must be incorporated in integrated stress tests conducted by banks. This is explicitly required by Resolution CMN 4,557 of 2017 (as mentioned above), as well as by Circular BCB 3,547 of 2011 and Carta-Circular BCB 3,774 of 2016. The BCB conducts stress testing at periodical intervals, which address concentration risks in the banking system. The focus of these stress tests is to primarily verify the concentration risk in the banking system rather than at individual banks and to assess the contagion risk among the banks. Brief details of the elements of concentration risks addressed in these stress tests are below:
Concentration of credit risk in terms of exposures to a single counterparty is not subjected to specific stress tests as this specific concentration risk is monitored every month based on the supervisory reporting received from the financial institutions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 |
In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following:
Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialized banks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC6 for the details of the prudential limits established under regulations. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 19 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulations for concentration risk for most banks (S2 to S5) have a few gaps, which can give rise to variations and bank level discretion while implementing the risk management framework to address concentration risk. The key gaps have been addressed in the Resolution 4557 of 2017, that has already become effective for S1 banks from August 2017 and will become effective for the other banks from February 2018. While some banks may be already in compliance with the revised requirements, system-wide implementation will, understandably, take some more time. There are a few additional areas where the lack of clarity may be introducing distortions in implementation. In the absence of (a) an explicit definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective, (b) explicit reporting from banks on their exposures to single or connected counterparties, (c) comprehensive database of all connected parties - through control and through economic interconnectedness, and since the assessment of name concentration is undertaken by the BCB, it is unclear how comprehensive or effective this monitoring can be. Also, in the absence of (a) an explicit reporting from banks on their exposures to economic sectors, geographic regions, and credit risk mitigants; (b) guidance or database on inter-sector correlations or correlations among geographic regions or credit risk mitigants; the supervisors are not able to challenge the assessment of concentration risks and their management by the banks. Areas for improvement can include:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 20 | Transactions with related parties. In order to prevent abuses arising in transactions with related parties42 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties43 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Definition of related party Law and regulations issued by the BCB have not explicitly articulated a definition or list of related parties for regulatory and prudential purposes. However, Article 34 of Law 4595 of 1964 (Banking Law) provide a list of related parties which include the following:
The above list of related parties in law and regulations that is relevant for the prudential application excludes the following related parties that are included in the Basel definition:
The above Article of Law 4595 was amended with effect from 13 Nov 2017 by Article 69 of Law 13506 of 2017, but the gap between the definition in the Brazilian law and the Basel definition remains. The list of related parties after the amendment remained more or less the same, except for the inclusion of the following two:
For the purposes of public disclosure of transactions with related parties, “Related party” is defined in the accounting standards44 as below: Related party is the person or entity that is related to the entity that is preparing its financial statements (in this Technical Pronouncement, treated as “Reporting entity”).
The definition of related parties for the purposes of disclosures as laid down in the accounting standards is more closely aligned to the Basel definition, and the supervisors have found this pronouncement to be helpful in identifying the related parties that were often used by financial institutions to transfer their risks (securitizations, credit transfers etc.). Related party exposures and transactions with related parties Several provisions in laws and regulations prohibited the financial institutions from undertaking certain types of related party transactions. With the amendment to Article 34 of the Banking Law (effected through Law 13,506 of Nov 2017), banks are now allowed to undertake credit transactions with the related parties. In brief, the prohibitions prior to the amendment are as below:
However, the above prohibitions in the Banking Law were revoked on June 7, 2017. Pursuant to art. 3°, §2° of Provisional Measure 784 of 2017, the CMN was empowered to establish which transactions will be prohibited. The CMN issued a new resolution (No. 4596 of 2017) which reinstated the prohibitions enumerated in the law 4595. The restoration of the prohibitions became effective from September 06, 2017, leaving a window where banks could have, hypothetically, extended loans and advances to the related parties listed in the law 4595. The above prohibitions in the law and regulations applied to transactions in the form of loans, advances, and investments and underwriting of debt securities issued by the related parties specified in the law. The restrictions did not explicitly apply to other forms of exposures such as placing deposits with or investing in the equity of the related parties, sale and purchase of assets, acceptance of deposits or borrowing, entering into service contracts, lease agreements, derivative transactions etc. As per Basel norms, related party transactions include dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. Basel recommends that the term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party. The law 4595 also allowed institutions to assume related party exposures with BCB approval, on a case by case basis. The amended provisions of Article 34 of Law 4595 allow financial institutions to extend loans and undertake other credit transactions with the related parties named therein with effect from 13 Nov 2017, provided:
In order to allow a prompt identification of transactions in violation of the prohibition on lending to related parties, the BCB is implementing procedures to compare Credit Risk System (SCR) information with the BCB Interested Entities data base information (Unicad). Since 2012, seven Punitive Administrative Processes (PAP) have been initiated against financial institutions for violating the prohibition of lending to related parties. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties. 45 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see the description under EC1 regarding the prohibition on lending to or investing in related parties, the exemptions to the prohibition and the permitted transactions. BCB regulations are yet to explicitly define ‘related party transaction’ and have not explicitly articulated the governance framework that will be applicable to the transactions with the related parties. The Technical Pronouncement CPC-05 of the Accounting Pronouncement Committee of the CPC, however, defines transactions with related parties for the purposes of public disclosure requirements. Here, related party transactions are defined as ones where there is transfer of resources, services or obligations between an entity that reports the information and a related party, regardless of whether it is charged in return. Regulations or laws have not explicitly required financial institutions to ensure that transactions with other related parties (that are not covered under the definition in the law) are undertaken at arms’ length. While the amended Article 34 of the Banking Law (Nov 2017), requires banks to ensure certain arm’s length norms, these do not explicitly specify that the transactions with the related parties should not entail more favorable tenor, fees, and amortization schedules. However, as part of SRC supervision of Corporate Governance in the entities required to constitute a board of directors (MSU 4.30.40.20.09), the supervisors are required to verify whether boards ensure that transactions with related parties (including transactions among the group entities) are reviewed to ensure that the institution’s resources are properly applied to the benefit of the conglomerate. Supervision also evaluates the disclosures pertaining to related party transactions made by the relevant institutions in compliance with the accounting standards. BCB has recently (2017) developed a methodology to assess contagion risk. In addition to previous analyses, under this approach, the Supervisors are required to perform the following procedures:
To facilitate the above, BCB requires supervised entities to report detailed accounting information for monitoring purposes, and BCB receives daily information from clearings that allow the identification of atypical transactions on securities markets. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor requires that transactions with related parties and the write-off of related-party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see the description under EC1 and EC 2 regarding the transactions with related parties that are permitted under laws and regulations. The conflict of interest requirements are not articulated explicitly in the context of related party transactions, these have been articulated in the regulatory requirements pertaining to internal control and corporate governance in banks. Regulations or laws have not explicitly required from financial institutions that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risks be subjected to prior board approval. Law and regulations have also not explicitly required that Board members with conflict of interest be excluded from the approval process of granting and managing related party transaction. Please see description under EC2 regarding supervision of corporate governance under the SRC. One focus of the Special Verification of Corporate Governance (VE) is the identification of board members who are at the same time shareholder or have relationships with other related or not related companies, to evaluate influences and conflict of interests (MSU 4.30.10.50.06.01). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Regulations require that the institution’s internal controls must ensure the segregation of the activities assigned to members of the institution in a way that avoids conflicts of interests, as well as to mitigate and properly monitor areas identified as potential conflicts. (Resolution CMN 2,554 of 1998). At the same time, there are no explicit requirements in law or regulations that address specifically the requirement articulated in this EC with reference to related party exposures and transactions. While assessing the Internal Controls, supervisors are required to verify the existence of a formal segregation of duties policy, and how conflicts of interest are dealt by the Board of the financial institution (MSU 4.30.10.50.06.02). Supervisors also assess the adequacy of the segregation of potentially conflicting functions, such as trading and controls functions while analyzing Risk and Controls regarding Credit Risk (MSU 4.30.40.20.01.02) and Market Risk (4.30.40.20.02.02). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | As mentioned in the description under EC1 and EC2, law and regulations initially prohibited lending to and investing in some related parties, but now they allow banks to assume exposures on all related parties and enter into other types of transactions with all related parties. While there are no explicit prudential limits for related party exposures, the effective prudential limits are those prescribed for a single counterparty or group of connected counterparties. The details of these limits are explained in the description under EC6 CP19. A reference is also invited to description under EC1 of CP 19 where it is mentioned that law or regulations have not explicitly articulated a definition for ‘exposure’ for assessing compliance with the prudential exposure limits. Under the current prudential framework, banks can assume several sets of related party and connected related party exposures, each up to the level of 25 percent for private sector connected counterparties (or 45 percent for public sector connected counterparties) of regulatory capital. The related party exposures in banks are not subject to an aggregate prudential cap. The supervisory approach to prudential limits is to supervise and enforce these at the level of the prudential conglomerate, and not necessarily at the level of the individual entity within the prudential conglomerate. The prudential framework for limiting exposures to related parties is at variance with the Basel framework, where the expectation is that these limits are at least as strict as the single and group exposure limits articulated under the Basel framework, which is 25 percent of bank’s capital (EC5 of this CP read with AC1 of CP19). Regulations or law do not explicitly provide for deduction of related party exposures from capital. However, according to Resolution 4,019 of 2001, the supervisor can require, among other supervisory measures, additional capital in financial institutions with excessive risk exposures, which includes contagion risk posed by transactions with related parties. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under ECs 1 to 5 regarding (a) the legal and regulatory requirements for related party exposures and related party transactions, (b) the supervisory approach to reviewing and assessing risks arising from related party exposures and transactions and (c) the scope for aligning these better with the Basel requirements. Laws or regulations do not explicitly require banks to establish the policies and procedures envisioned in this EC. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor obtains and reviews information on aggregate exposures to related parties | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | The Supervisor receives prudential conglomerates accounting data on a monthly basis as well as from each of the consolidated entities (financial institutions and other consolidated entities) On the Prudential Conglomerate Financial Statements Special Verification (VE) procedure (MSU 4.30.10.50.31) Supervision carries out analysis of, among other aspects: (i) transactions between consolidated entities; (ii) elimination procedures of intra group transactions, and (iii) adequacy of explanatory notes, including that relating to transactions with related parties. For the related party transactions, the BCB Monitoring Department is implementing procedures to compare Credit Risk System (SCR) information (detailed credit information provided by the financial institutions) with the BCB’s Interested Entities data base information (Unicad), which can allow it to identify the transactions with and exposures to related parties and assess these with regard to the ongoing market prices, market rate of interest and so on. In addition, BCB receives daily information from clearings that allow the identification of atypical transactions on securities markets. The Publicly-Held Companies must notify the CVM within seven days of the occurrence of transactions with related parties that meet the materiality criteria defined in CVM Instruction 480/2009. The BCB does not obtain an exclusive periodical report from the supervised institutions on their transactions with the related parties, exceptions and write-offs. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 20 | Materially Non-Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The key variances from the Basel norms are non-inclusion of all types of related parties within the prudential purview, absence of an explicit and complete definition of related party transactions for prudential purposes, the absence of a prudential limit on banks’ aggregate exposure to related parties, the gaps in the governance requirements, absence of explicit requirement for policies and processes for related party transactions, the absence of explicit and focused supervisory (prudential) reporting requirement for transactions with and exposure to related parties and application of the prudential requirements at the level of the prudential conglomerates and not at the level of the solo bank(s) within the conglomerates. These collectively result in significant gaps in the prudential regime for transactions with related parties. The BCB strives to monitor related party transaction by reviewing extensively the periodical accounting information received from the supervised entities, SCR database, the database on market transactions received from the TRs and the Unicad database. Given the gaps in the definition of related party and the definition of related party transactions, and the absence of a dedicated off-site supervisory (prudential) report on related party exposures, it is unclear that the universe of the database that is reviewed by the BCB is complete. For example, some transactions that may not be reflected in the above databases are transactions with related parties that are outside the list specified in law or regulations; sale and purchase of assets that are outside the scope of the TRs, and the service contracts with related parties. The contagion risk analyses undertaken by the BCB focus on the risks to the supervised institution arising from the activities or risks in the entities belonging to the wider group to which the bank belongs but which are outside the direct supervision of the BCB. While this oversight may be able to identify the risks that could transmit to the supervised institution, the focus of this oversight is not fully aligned to the conflict of interest perspective that is the focus of this CP. The supervisory routines prescribed in the supervisory manual, with reference to assessment of inherent risks and control risks pertaining to credit risk do not explicitly articulate a focus on related party exposures and related party transactions and the governance requirements that are relevant for such exposures and transactions. Areas for improvement can include: (a) Enhanced and explicit requirements for Board oversight of related party exposures and transactions; (b) An explicit definition or articulation of list of “related parties”, to include at least those mentioned in the footnote to the CP; (c) An explicit definition or articulation of the list of “related party transactions” for prudential purposes, to include at least those mentioned in the footnote 69 to the CP; (d) Introduction of prudential limit for aggregate exposures to related parties that are at least as conservative as the limits for connected counterparties; (e) Introduction of periodical focused reporting by the supervised institutions on the exposures, transactions, exceptions and write-offs; (f) Application of the prudential framework for related party exposures and related party transactions to the solo bank(s) within the prudential conglomerate; and (g) Appropriate corresponding improvements to the supervisory manual. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 21 | Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk46 and transfer risk47 in their international lending and investment activities on a timely basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see the description under EC1 and EC2 of CP15 for the details of the requirements under the regulatory framework regarding risk management systems in banks. In the BCB’s view, the banking system exposure to country and transfer risks are not perceived to pose a significant risk to the Brazilian banking system because (a) assets held abroad by the banking system are less than 15% of the total assets of the financial system; (b) most of these assets are invested in G20 countries, and (c) after considering intercompany eliminations, foreign exposures of the supervised entities reportedly account for 6% of the total portfolio. In addition, Brazilian banks reportedly hold small, if any, positions in foreign sovereign bonds. The prevailing regulations that are applicable to country and transfer risks until August 2017 for all banks and until February 2018 for S2 to S5 banks is Resolution CMN 3721 of 2009 that deals with credit risk. The revised regulation on this topic is Resolution CMN 4,557 of 2017 that deals with integrated risk management and capital management, which has come into effect for S1 banks in August 2017 and will come into effect for other banks in February 2018. As per regulations (Resolutions CMN 4,557 of 2017 and 3,721 of 2009), credit risk definition encompasses country and transfer risks. The requirements under the regulations do not explicitly require banks to establish policies and processes for identification, measurement, evaluation, monitoring, reporting and control or mitigation of country and transfer risks. However, the supervisors expect that the credit risk management framework required by regulations also extends to the identification, measurement, control, and mitigation of country and transfer risks. Consequently, they expect that the financial institutions must be able to identify, monitor and manage exposures both on a regional and an individual country basis. (Please see CP17 for details on the regulatory requirements that apply to the credit risk management framework.) Country and transfer risks are described as components of credit risk as below, in regulations: Table 5: Description of Country and Transfer Risks Table 5: Description of Country and Transfer Risks
Table 5: Description of Country and Transfer Risks
The Supervision practices guide explains country risk as a risk corresponding to the possibility of losses related to non-compliance with obligations associated with a counterparty or mitigating instrument located outside the Country, including sovereign risk. The description of country risk established in the regulations and in the supervision practices guide are at variance from the Basel definition (please see the footnote 45 above - “Country risk is the risk of exposure to loss caused by events in a foreign country.”), which is wider than the default of the counterparty. This EC requires that exposures are identified, monitored and managed on a regional and an individual country basis in addition to the end-borrower/end-counterparty basis. The BCB approach to supervision of country and transfer risk reflects immediate risk or direct exposure perspective. It does not take into consideration the ultimate risk or indirect exposure perspective. As both country and transfer risks are described and regarded as components of credit risk, the regulatory framework for these risks is not always explicit and is limited. Supervisors also assess the risk management framework for these risks and its adequacy using the same examination and supervisory procedures (MSU 04-30-10-50-01-01), which aim at assessing the counterparty credit risk. Supervisors apply specific assessment procedures for assessing settlement risk (MSU 04-30-10-50-01-01, items 3.2 and 3.9.1), settlement risk management ((MSU 04-30-10-50-01-02), and for assessing branches and subsidiaries abroad (MSU 4.30.10.50.15). These supervisory procedures are primarily oriented towards credit risk management and do not fully address the requirements specific to country and transfer risks as envisioned in this EC and this core principle. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that bank’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see the description under EC1 for the design of the regulatory and supervisory approach towards the management of country and transfer risks by the financial institutions in Brazil. Banks are not explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The BCB is yet to issue specific guidance or establish specific requirements for the measurement or grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. During on-site inspections, the BCB assesses and reviews the information system, the internal control system and risk management systems for credit risks. However, as the BCB does not consider the country and transfer risks as significant for the banks in Brazil, the supervisory focus on the assessment of the adequacy and appropriateness of these systems for the management of country and transfer risks is less evident. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 |
There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC3. There are no explicit requirements for establishing provisions for country and transfer risk exposures. The prudential provisioning framework for problem assets prescribes standardized provisioning rates for credit risk exposures that are related to the prudential rating assigned to the exposure and linked to expected losses. The regulations do not require any provisions for exposures that are rated AA as per the prudential scale. These provisioning rates are applicable to all credit risk exposures irrespective of the level and quality of country or transfer risks inherent in the exposure. However, as regulations define credit risk to include country and transfer risks, supervisory expectation is that the financial institutions must take such risks into consideration when developing their models for estimating the expected credit loss and when assessing the adequacy of provisioning. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor requires banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis for risk management purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see CP 15, EC13. The regulations (Res 3721 of 2009) require credit risk management frameworks to include stress testing, encompassing economic cycles, change in market conditions and liquidity, including the breakdown of key assumptions, and consideration of their results when establishing or reviewing policies and limits. These regulations are not explicitly requiring the supervised institutions to undertake stress testing of their country and transfer risk exposures. Resolution CMN 4.557 of 2017, which became effective in August 2017 for S1 institutions and which will become effective in February 2018 for the other institutions require institutions to consider country and transfer risks in their stress tests, when relevant. In the top down stress tests conducted by the BCB country and transfer risk are not included. (Please see description under EC13 CP 15 for a broad overview of the stress testing frameworks, in general, as required by the BCB.) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC3 pertaining to the BCB guidance on the measurement and reporting of the exposures to these risks. As the supervisor does not obtain information on a regular basis, they are constrained from effectively monitoring the financial institution exposures to these risks or their management. However, they have the power under laws and regulations to obtain information or data on banks’ risk exposures on ad hoc basis, if and when required. (Please see description under EC7 of CP17, for details) Supervisors can assess these risks during the credit risk analysis that they undertake as part of their Risks and Controls Assessment System (SRC) process. For systemically important institutions, the supervisors can also review these risks as part of either the ICAAP or Recovery Plan assessment. Circular BCB 3,678 of 2013 requires the public disclosure of credit risk exposures by countries and geographical regions when significant exposures exist. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 21 | Materially Non Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The requirements under laws and regulations on management of country and transfer risks by financial institutions is not explicit. It is subsumed under the regulations for risk management and under credit risk management. The description of country risk established in the regulations is at variance from the Basel definition, which is wider than the default of the counterparty. The current description and the supervisory approach are adopting an ‘immediate risk’ perspective (direct exposures), and do not take into consideration the “ultimate” risk perspective (direct and indirect exposures). Banks are yet to be explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. The BCB is yet to issue specific guidance or establish specific requirements for the measurement and grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. There are no explicit requirements for establishing provisions for country and transfer risk exposures, and for stress testing country and transfer risk exposures. These need to be viewed along with the absence of supervisory information system that tracks and monitors the exposures from an ultimate risk perspective, the risk grading of these exposures and the provisions held by the banks for these risks. Areas for improvement include (a) revision to the definition of country risk to fully align with the Basel definition, (b) explicit adoption the ‘ultimate risk’ approach to these risks, (c) issue of explicit regulations on identification, measurement, monitoring and management of these risks, including guidance on grading these risk exposures and provisioning therefor as a distinct risk from counterparty risk, (d) Extension of the ‘ultimate risk’ approach to the exposures of the banks’ branches and group entities that are abroad, (e) introduction of appropriate prudential reporting requirements to monitor the banks’ exposure to these risks, (f) application of the regulatory and supervisory elements pertaining to these risks to the solo banks within the prudential conglomerates and (f) introduction of appropriate corresponding improvements to the supervisory manual. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 22 | Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The main instruments traded by banks in Brazil are government bonds, repos/reverse repos collateralized by government bonds, BRL/USD futures, interest rate (CDI) futures (or DI1 futures, as the official contract denomination) and swaps (fixed vs. CDI, CDI vs. USD + “cupom cambial”). Banks’ trading book portfolios usually comprise instruments held for managing liquidity buffer (e.g. government bonds and reverse repos) or to provide hedge for their clients. The major sources of market risk for trading book operations, considering the absolute market value of the risk factor exposures are, in descending order: interest rate risk (57.8 percent), foreign exchange (28.6 percent), credit risk and other exposures (13.2 percent), equity price (0.6 percent) and commodities (0.04 percent). (As of December 2016, for banking conglomerates). Please see below in Table 6 the segment-wise distribution of banks by the significance of their market risk exposures. Table 6. Relevance of Market Risk in Supervised Institutions Table 6. Relevance of Market Risk in Supervised Institutions
Table 6. Relevance of Market Risk in Supervised Institutions
The requirements pertaining to market risk management in supervised institutions as laid down in the regulations (Resolution 3464 of 2007) include the following:
Please see description under EC1, CP15 for details of the requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for the management of market risk. These are applicable to S1 institutions from August 2017 and for the other supervised institutions from February 2018. The revised regulations provide a more specific and clear definition of market risk as the possibility of losses arising from movements in the market values of instruments held by the institution. Market risk comprises:
As per the revised regulations, trading book comprises all positions in instruments not subject to any trading restrictions, including derivatives, held with the intent of trading or as a hedge of other elements of the trading book. Instruments held with intent of trading are those designated by the institution for (a) resale, or (b) benefitting from movements in prices, either effective or expected, or (c) arbitrage (Art. 26, CMN 4557 of 2017). The institution must have clearly defined policies in place to determine which instruments will be included in the trading book, as well as procedures to ensure a consistent compliance with the trading book classification criteria. In case the institution does not maintain a trading book, the policy and procedures mentioned in the heading must ensure that no instrument is held with the intent of trading (Art. 27, CMN 4557 of 2017). Revised regulations also require that the market risk management structure must comprise systems that consider all relevant sources of risk; make use of reliable data on market and liquidity, both internal and external; and adequately document the shifts between the trading and the banking books, and internal risk transfers, according to criteria established by the Central Bank of Brazil. (Art. 29 of Resolution CMN 4,557). In addition, the revised regulations (Resolution CMN 4,557 of 2017) require (in art. 37) that the risk management framework considers the possibility of the institution not being able to trade a position at market price, due to its significant size with respect to the volume normally transacted or to some market discontinuity. Please see the description under EC2 for the supervisory processes pertaining to market risk management in supervised institutions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that bank’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please also see description under EC1 which explains the regulatory framework for market risk management in supervised institutions. The Financial System Monitoring Department (Desig) receives monthly market risk reports (DRM) from supervised institutions. The BCB also receives daily inputs from the exchanges, CCP and trade repositories on the transactions in the financial markets. Using these data, the Desig performs extensive daily routines on market risk and including occasional stress tests, to assess the impact on the banks’ liquidity positions. Please see EC5 for additional details. The Desig triggers warnings to on-site supervisors when there are delays or errors in these reports, on receipt of which, the supervisor can decide to conduct a specific examination of the bank’s market risk management, if warranted. The on-site supervision examines the actual risk assumed versus the risk appetite approved by the Board and evaluates its adequacy given the institution’s capital, processes and technical skills. Supervisory teams evaluate Brazilian banks’ market risk policies and strategies, assess the effective implementation of the Board’s decisions and the Board’s subsequent monitoring when performing either specific examinations on this theme, namely Risks and Controls Assessments (SRC) or Special Verifications (VEs):
The difference between the two on-site inspections is fundamentally the depth necessary to get to a conclusion on market risk management in the supervised institutions. The Department of Banking Supervision performs other Special Verifications that are not specifically devoted to assessing market risk management, but cover some aspects of trading book exposures, such as: Trading Operations; Structured Products, Hedge Accounting, Authorization for Internal Model of Market Risk. Banking supervision teams are required to take the following items into consideration, among others, when verifying market risk processes in banks:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 for an overview of the regulatory requirements pertaining to market risk management and EC2 for an overview of the supervisory processes for reviewing banks’ market risk management frameworks. Offsite Supervision: The Specialized Supervision Team on Market Risk performs off-site examination which aims to identify if the Report on Market Risk (DRM), a monthly standardized report sent to BCB, is consistent with accounting data. DRM is initially analysed by the Financial System Monitoring Department (Desig) in order to identify, among other things, the adequacy of capital requirements to Market Risk exposure and the details of this exposure to major market risk factors, as well as the most used measures for assessing market risk from the trading book exposures (VaR, parametric and historical, with different confidence levels, Expected Shortfall and complementary sensitivity analysis). Additionally, these data allow the determination of assets and liabilities’ durations and the existence of gaps by a monitoring tool known as BRM (Market Risk Balance Sheet) This analysis is useful to detect inaccurate identification, aggregation, monitoring and reporting of market risk exposure. BCB has also developed market risk monitoring tools to support onsite supervision teams and to provide early warnings to bank supervisors. These tools are based on historical behaviour of banks’ exposures, banks’ securities and derivatives portfolios, and bank’s daily market settlements to local Central Counterparts (CCPs). The tools are supported by daily data sent to BCB by domestic clearings and CCPs, and by monthly risk reports sent to BCB by financial institutions. The risk reports include domestic and foreign portfolios, as well the trading book exposure. This set of information allows the monitoring team to track the risk profile and level of banks’ exposure. If a financial institution presents a certain exposure level or operates an unusual kind of financial instrument, the monitoring team alerts the bank supervisor, who can decide to start an on-site examination procedure, if required. Onsite Supervision: Supervisors are required to verify the adequacy of the approved risk appetite, the risk management framework, the adequacy and comprehensiveness of the market risk identification and measurement systems, as well as of the respective exposure limits. Examinations evaluate if the limits set by the Board are consistent with the institution’s capital strength, processes and technical skills. Examinations are also carried out to verify whether the control systems capture all significant sources of risk and whether the assumptions and hypotheses underlying the market risk management tools are sufficient to highlight potential risks. Usually, during these examinations, the capacity and the level of engagement of the senior management in risk management - including the Board, and the reporting effectiveness and timeliness- are also evaluated. Supervisors also examine the risk reporting framework and, where required, require that risk management deficiencies be included in the reports and corrected in a timely manner. The treatment of exceptions by senior management is also evaluated. Examinations also check policies, processes and internal audit actions regarding allocations of financial instruments to the trading book. Usually, banks also measure market risk at the level of banking group (“prudential conglomerate”). Supervisors measure market risk at the level of banking group, or “prudential conglomerate”. The primary metric used by the supervisors to measure market risk is the capital requirement for market risk. Taking into account the standardized approaches, there are several components:
Please see description under EC6 CP15 and EC5 CP16 on the regulatory and supervisory framework relevant for use of models by the supervised institutions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that there are systems and controls to ensure that banks’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC2 and EC3. Regulation Currently regulations require that (a) derivatives, securities and bonds should be valued according to consistent and verifiable methods by independent sources; (Circulars BCB 3,082 and 3,068) and (b) trading book exposures should be marked-to-market on a daily basis, according to independent references; (Circular BCB 3,354) Resolution CMN 4,277 of 2013 sets minimum standards and prudential adjustments for the valuation framework applicable to financial instruments accounted for at market value. The systems and controls related to the valuation process must comprise minimum features such as the definition of responsibilities of each area involved in the valuation process; the continuous review of the market information sources; guidance on the use of unobservable inputs, reflecting the assumptions used by the institution in the valuation process and independent verification procedures. In addition, the financial institution must prove that the pricing and verification procedures are independent from the trading desks. The valuation processes implemented by the financial institutions can be based on ‘mark-to-market’ or ‘mark-to-model’ methodologies, following criteria of prudence and reliability. Practice Supervisors assert that the Brazilian financial market is less sophisticated than mature markets (although deeper and more liquid than other emerging countries). However, banks differ in their trading book portfolios. The most sophisticated banks are those that trade large volumes of “non-plain vanilla” OTC derivatives. For regulatory purposes, two of the largest institutions use approved internal models for computing market risk regulatory capital. Two other large banks have applied for supervisory approval to use the internal models for capital adequacy purposes, and the requests are under BCB consideration. All banks use internal models for management or accounting purposes. However, regulations require that valuation must be performed in a consistent and verifiable manner. The sophistication of the valuation will be a function of the complexity of the products held by the bank. The more complex and illiquid the products are, the more intense the use of marking to model. Considering the products held in the trading book, the vast majority of the non-derivative instruments are government bonds, liquid and easily priced, and collateralized by repurchase guarantee. The outstanding amount of derivatives are relevant, most of them are standardized and registered in a central counterparty (futures, options and swaps are registered at B3), are liquid (especially interest rate and foreign exchange derivatives) and easily priced, since B3 publishes the values of the positions on a daily basis. Stocks are not relevant in the trading books of banks in Brazil. Other products found in the trading book are private bonds and OTC derivatives. The former are usually more difficult to price, since their market is not deep and most securities are not liquid enough. So, banks must have models that take into account the credit risk spread of the issuer, which are usually large low-risk companies that also borrow funds from the banks. As for the OTC derivatives (forwards, swaps and options), despite not being liquid, the market risk factors are usually liquid and hedgeable; so, the mark to market is not seen as a challenge by the banks and the supervisors. However, banks do have OTC derivatives with illiquid underlying risk factors, mainly those with very long maturities or based on currencies other than the US dollar. Here the banks rely on model based valuation. Offsite Supervision On a daily basis the Monitoring Department receives the granular data on domestic securities and derivatives from each financial institution, from clearing houses/ central counterparties and trade repositories. The bank’s domestic portfolio is automatically full valued by the Market Monitoring System (SMM). This system is maintained by the monitoring team and is able provide market prices for all local traded financial instrument. BCB team is able to individually analyze the banks’ books and reprice each of them using own pricing references as well as from independent sources. Based on this appraisal process, the on-site supervisors can receive early warnings, such as mispriced trades and large accounting changes, as a result of different monitoring processes. The supervisor also has a reliable price reference to support the on-site examination. Onsite Supervision During examinations, Supervision teams check whether the bank has a valuation process that is verifiable and consistent, and that this process is carried out by personnel not involved in trading activities and is properly documented. Duties and responsibilities described in policies regarding valuation process are checked against the effective practice. Supervision teams also evaluate the reliance of market risk management on models and the governance related to its use (development, documentation, validation, technical support from hubs abroad if applied). The Treasury Operations examination carried out by on-site supervision includes review and assessment of valuation methods for less liquid positions. If necessary, the supervisory staff stipulates that the institution take corrective action. Moreover, Desup’s specialized teams on treasury products perform examinations focused on accounting accuracy. When doing this, examiners check the bank’s policies and manuals on valuation procedures and governance and may criticize them if the relevance of less liquid positions is significant. In addition to BCB’s own assessment, supervisors receive external auditors’ reports during the SRC cycle. In the event of an important finding on valuation procedures, immediate communication is established with the bank’s senior management requesting more details or determining corrective accounting procedures (depending on the case). Such occurrence negatively influences the SRC score for the institution. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under EC4. Regulation Regulations lay down the details and requirements of the methodology for the calculation of the capital requirements under the standardized approach for exposures in fixed interest rates, foreign exchange coupon rates, price index coupon rates, interest rate coupon rates, equity exposures in trading book, commodities and foreign exchange rates and gold (Circulars BCB 3,634, 3,635, 3,636, 3,637, 3,638, 3,639 and 3,641). In addition, regulations have also established the requirements related to the calculation of capital requirements for market risks under the internal models’ approach (Circular BCB 3,646) The Brazilian risk based capital standards, for both standardized approach and internal models, were assessed as compliant by the RCAP (Regulatory Consistency Assessment Programme) process, conducted by the BCBS, in December 2013. As far as market risk is concerned, the conclusion of that assessment was: “the BCB has implemented a quasi-modelled approach in place of the Basel standardized approach, to take account of higher spreads and different levels of volatility in Brazil. The approach is conceptually a hybrid between the Basel standardized approach and the Basel modelled approach, where the BCB fixes the parameters. BCB clarifies that this is done largely for fixed interest rates - one of the most relevant market risk exposures in Brazil. For some other risk factors, the Brazilian methodology is closer to the Basel methodology. The approach to market risk was found to be more prudent and more risk-sensitive than the current Basel standardized approach. So, while the Brazilian regulations are tailored to suit local conditions, the Assessment Team has concluded that the Brazilian framework achieves a similar, but generally more conservative, practical effect.” Imposing limits on market risk exposures is not a regular practice in Brazil - although the Resolution CMN 4,019 gives such powers to the BCB and it has already been done in the past. Nonetheless, Resolution CMN 3,488 restricts FX exposure to 30% of Total Capital. This exposure is not restricted to trading activities (but the bank’s overall positions, including overseas transactions), and should be calculated on a consolidated basis (prudential conglomerate concept). Regulations also require that financial institutions establish and maintain procedures for assessing the need for adjustments in the value of the financial instruments, regardless of the valuation methodology adopted, and based on prudent, relevant and reliable criteria. Regulations also stipulate the minimum elements to be included in this assessment. (Resolution CMN 4,277 of 2013) Offsite Supervision The Monitoring Department has developed its own stress testing methodology. For traded securities and derivatives, a simplified market stress test is computed on a daily basis. The market stress test is computed for each banking institution. The department is also able to carry out specific stress test scenarios based on risk factors using a sensitivity-approach considering the local and foreign exposures. Banks and some relevant non-banking financial institutions send monthly to the BCB the risk factor map of their consolidated market risk exposure, in the Report on Market Risk (DRM). Based on this report and on the stress tests conducted by the monitoring team, the on-site supervisors can make comparisons and evaluate the results of banks’ stress tests. The monitoring team can also provide to the supervisors some impact analyses to support examinations on specific institutions. Onsite Supervision The Banking Supervision Department evaluates the capital strength versus risks faced by institutions in the SRC, as well as if there is any relevant uncertainty on assets and liabilities values. This is done mainly through capital strength assessment. Specific examinations focused on market risk RWA are also performed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor requires banks to include market risk exposure into their stress testing programs for risk management purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Regulations establish the minimum requirements for institutions to conduct stress test programs (Art. 12 to 19, CMN 4,557 of 2017). These requirements include stress testing of banks’ market risk exposures and assessment of the impact of significant risk concentrations. (Please see description under EC1 of this CP and EC13 of CP15 for more details on the stress testing requirements for banks). The institution must ensure that it uses the results in evaluating, controlling and mitigating market risk exposures. It could also use stress testing for assessing the adequacy and robustness of the assumptions and methodologies related to the models used in risk management. During examinations (VEs) supervisors evaluate stress tests performed by the institutions specifically designed for this risk. The methodology and sophistication of the institution’s stress testing process is also assessed, considering whether it is commensurate with the institutional risk profile and whether it addresses all relevant risk factors. The development and approval of scenarios (frequency, officers responsible, risk factors, and granularity) are considered. (EC6) This evaluation includes policies and manuals, governance, use of stress tests results, and adequacy and feasibility of scenarios and assumptions. If deficiencies are found, supervisors require senior management to address these and share the correction plan with the BCB, for follow up. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 22 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | On the basis of the off-site inputs, the Supervisors are able to determine the market risk exposures of banks on almost daily basis and pursue with them as required. They are able to pursue with the banks, both from a market risk perspective and from a funding liquidity perspective (arising from interplay between market and liquidity risks). While market risk is not significant at a system level, it is significant for several S3 and S4 institutions. These gains added significance given the potential challenges to establishing a robust governance framework in these institutions, particularly when they are unlisted. While the regulatory framework has been recently improved with the issue of Resolution 4557 of 2017, which will become fully effective for all institutions from February 2018, they lack explicit and clear articulation of the norms and minimum requirements, including governance elements, pertaining to shifting of instruments from and to the trading book. Two areas for improvement can be: (a) Review market risk management frameworks in relevant S3 and S4 banks, at more frequent intervals than may be determined by their supervisory cycle; (b) Issue explicit norms and guidance for shifting of exposures from and to trading book. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 23 | Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk48 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Prior to 2017, the regulatory framework for risk management was established for the key risks to which the financial institutions in Brazil were exposed. In the absence of an umbrella regulation that laid down the framework and governance requirements for integrated risk management, the banks and the supervisors were guided by the requirements in the regulations issued for the management of individual risks. In this background, the Circular 3365 of 2007 issued by the BCB as part of the Basel II implementation provides the regulatory basis for risk management framework pertaining to identification, measurement, monitoring and management of interest rate risk in the banking book (IRRBB). A synopsis of the requirements under this circular is provided below:
Please see description under EC2, CP15 for details of the requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for the management of IRRBB. The revised regulations became effective for S1 banks in August 2017 and for the other banks it will become effective in February 2018. The revised Regulations define IRRBB as the risk, either current or prospective, from impacts arising from adverse movements in the interest rates, on the institution’s results and capital, for instruments in the banking book. (Art. 28 of Resolution CMN 4,557) The revised Regulations require that IRRBB management in banks must comprise:
Regulations define EVA as assessment of the impact arising from interest rates movements on the current cash flows of instruments in the banking book. (Art. 30 of Resolution CMN 4,557) Regulations define EBA as assessment of the impact arising from interest rates movements on the earnings of instruments in the banking book. (Art. 30 of Resolution CMN 4,557) The BCB is currently working on a draft circular which requires the identification, measurement and control of IRRBB; the evaluation of capital availability to cover IRRBB; information reporting to the BCB; and the disclosure of IRRBB related information. This circular is intended to address the new BCBS standards “Interest rate risk in the banking book”, issued in April 2016 that is required to be implemented by 2018. The BCB is currently concluding an impact study of the new regulation and discussing with the industry potential improvements to the draft regulation. All banks are subject to SRC (the largest ones once a year, the smallest, once in three years). Besides the SRC, there is a Special Verification (VEs) especially devoted to IRRBB. Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to review and assess the strategies and policies for IRRBB management to, among others, determine:
In 2016, the onsite supervision performed two VEs focused on IRRBB. On these examinations, it detected deficiencies that included inadequate metrics used to measure IRRBB, lack of interest income margin approaches, disregard of embedded optionality and short observation periods in contrast with its banking book profile. Both banks were notified about their deficiencies and establish a plan to correct them. On a review of the systems and procedures in the banks that are required to perform ICAAPs, BCB is of the view that the IRRBB management has evolved significantly in recent years. In the past, banks used metrics and controls typical of trading book management, like a Value-at-Risk methodology with short holding periods, neglecting effects characteristic of banking book positions, like the effect of behavioral optionalities. Relevant improvements in IRRBB management in banks have been achieved through a more intense evaluation from supervision teams and significant enhancements in supervisory manuals. Although the process is still improving, several banks have already adapted systems and controls to measure IRRBB taking into consideration the earnings and economic value approaches, the calculation of embedded gains and losses, the effect of behavioral optionalities, non-maturity deposits, and fixed rate loans subject to prepayments. Supervisors assert that the banking industry is implementing a number of improvements in response to the Brazilian supervision’s initiatives to converge the measurement and management of IRRBB to the international best practices. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for details of banks’ risk management frameworks relevant for the management of IRRBB and the supervisory approach to assessing banks’ management of IRRBB. As mentioned in EC1, the regulations for the S2 to S5 banks were more focused on the measurement of IRRBB exposures, and allowed the banks a wide discretion on the risk management framework, including board and senior management oversight. The revised regulations that became effective for S1 banks in August 2017 and will become effective for the other banks in February 2018 requires institutions to submit timely reports to the senior management, the risk committee and the board on the various material risks to which they are exposed, including IRRBB, in adequate detail including:
In addition, the revised regulations require the management reports to include the following aspects specifically related to IRRBB:
Please see description under EC1 regarding the scope and focus of supervision. The supervisors are required to review the role of senior management and the board during VEs of Market Risk (MSU 4.30.10.50.02.03) and IRRBB (MSU 4.30.10.50.02.07). Under Risks and Controls System (SRC) evaluation activities, market risk management reports are requested and examined (MSU 4.30.10.20). In the procedures related to VE on Market Risk, VE on IRRBB and to VE on Corporate Management, the management reports used by the institution as well as the consistency of the data reported to the Supervisor specifically for the calculation of capital requirements (MSU 4.30.10.50.02.02). are evaluated. ICAAP banks’ management of IRRBB is subjected to an independent internal audit process, but usually it is part of a larger review (for example, market risk management as a whole). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 |
The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Please see description under EC1 and EC2 regarding the regulatory requirements for measurement of IRRBB, including reporting to banks’ senior management and Board; and the supervisory approach and methodology for supervision of the risk management systems in banks for IRRBB. Regulations require that
Regulations also establish procedures for measuring IRRBB. The guidance includes the following requirements (Circular BCB 3,365 of2007):
Supervision: Please see description under EC1 and EC2 for details of the supervisory approach to assessment / review of the IRRBB risk management systems in banks. BCB receives two monthly reports from banks that provide data and information on banks’ exposure to IRRBB and capital requirements for IRRBB, namely the Report on Operational Limits (DLO) and the Report on Market Risk (DRM). The financial institutions submit these reports on a monthly basis, and they are initially analysed by the Financial System Monitoring Department (Desig) in order to identify, among other things, the adequacy of capital requirements to IRRBB exposure and the details of this exposure to major market risk factors. Additionally, these data allow the determination of assets and liabilities’ durations and the existence of gaps by a monitoring tool known as BRM (Market Risk Balance Sheet). This tool identifies the main determinants (risk factors, instruments) of the overall IRRBB along with the trading book market risks, with an Asset and Liability Management (ALM) approach. At the individual bank level, supervisors receive IRRBB reports that are used by the banks in the risk management processes. Even though the level of complexity and sophistication can vary from bank to bank, the systemically important banks have tools that are able to simulate different behaviours for interest rate yield curves over time (scenario analysis) and to assess the impact of these behaviours on cash flows, earnings and balance sheets. Supervisors use the above compilation of information for two specific purposes: first, to assess the capital requirements calculated by banks’ internal models; and second, to evaluate the interest rate risk exposures of each bank. Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to review the risk measurement systems in banks including the following:
Supervisory procedures require assessment of the following:
Effective information systems: Supervisory procedures (in SRC - Risks and Controls Assessment) require supervisors to determine that institutions submit information at periodic intervals to the relevant users/ stakeholders within the institution on the level of their IRRBB exposures through formally established reports. The reports are to be prepared on a regular basis and distributed in a timely manner to the various user levels of IRRBB control units and senior management so that the information they contain is timely for decision making. The reports should allow for the assessment of the degree of consistency of the policies adopted with the established IRRBB appetite. To this end, the reports should include comparative information on the actual results of risk indicators (position, sensitivity analysis and IRRBB control tools) with the respective limits established, highlighting cases of breaches in the same document or in specific reports. The content of the reports may vary according to the users (traders, management body or senior management) and according to the size and risk profile of the institution. When it is intended for senior management, the reports should enable it to assess the following issues: current level and recent evolution of global exposure to IRRBB, current level and recent evolution of exposures to the main risk factors, relationship between the levels of IRRBB and the financial performance of the institution, and capital adequacy for the level of IRRBB assumed. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor requires banks to include appropriate scenarios into their stress testing programs to measure their vulnerability to loss under adverse interest rate movements | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see description under EC13 CP15 for details of the overall regulatory and supervisory requirements pertaining to stress testing frameworks in banks. Regulations establish that the risk measurement system of all banks must include “stress tests” related to IRRBB and the following minimum requirements for such stress tests (Circular BCB 3,365):
Supervisory procedures (in SRC - Risks and Controls Assessment) prescribe that the stress tests should use extremely adverse market movements drawn from historical scenarios or from hypothetical scenarios to assess their impact on the institution’s portfolios. Consequently, supervisory procedures establish that the riskier the performance profile of the institution, the greater should be the frequency of its stress testing. It is considered good practice to carry out stress tests at least once a month. For stress scenarios, the assumptions used should be sufficiently severe but plausible for prospective scenarios, to enable the institution to act in a pre-emptive manner for the preservation of its capital. Supervisors consider as good practice when the scenarios are jointly developed by the economic area and the risk control unit, and approved by senior management afterwards. The methodology used to identify and construct the scenarios should be compatible with the institution’s risk profile and should consider all relevant risk factors for the Banking Book. The supervisory procedures also define that the results should be accompanied by qualitative or quantitative analyses that assess the institution’s ability to withstand potentially high losses and should identify the actions that need to be taken to reduce its risk and conserve its capital. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC1 to EC4 for details of the risk measurement and stress testing approaches to be adopted by banks with regard to IRRBB, namely the EVA and EBA, and the reporting of the IRRBB exposures to the banks’ senior management, risk committee and the board, and to BCB. For ICAAP banks, the ICAAP report is also an important source of information, where the measurement techniques, the limits and the controls are detailed. Outlier evaluation tests are also carried out during ICAAP evaluations and in IRRBB horizontal studies. In IRRBB’s Special Verifications (VEs) (MSU 4.30.10.50.02.07) the outlier test is performed in a more detailed way considering not only the changes in economic value informed by the institution itself, but also the estimates of these variations made by Supervision from the cash flows reported by the institutions in the DRM. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC2 | The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC2 | Please see EC5 CP15 and EC1 CP16 regarding the details of the types of banks that are required to implement ICAAP. The other banks are exempted from implementing an ICAAP. Please also see description under EC1 to EC4 for details of the risk measurement and stress testing approaches to be adopted by banks with regard to IRRBB, namely the EVA and EBA. Regulations establish the procedures and parameters to be adopted by banks in relation to the Internal Capital Adequacy Assessment Process (ICAAP). Regulations also require that the process must assess the sufficiency of capital held by the institution, considering its strategic objectives and the risks to which it is exposed in the time horizon of one year, which must cover IRRBB. (Circular BCB 3,547, of July 7, 2011) Regulations require the major banks to describe, in their ICAAP reports, how the IRRBB is measured under the EVA and EBA approaches, including how the bank calculates embedded gains & losses of banking book instruments that are sensitive to interest rates. (BCB Circular 3,774) Supervisory assessment of capital adequacy is made periodically in the ICAAP evaluation process and also in a more detailed manner in the IRRBB special verifications (VE’s). In addition to the managerial information provided by the institutions, the Supervision estimates reference values for the capital relative to the IRRBB using its own valuation methodology. The reference methodology employed uses the earnings approach (Delta NII), the economic value approach (Delta EVE), embedded losses and the characteristics of the going and gone concern scenarios. Though not included as a Pillar 1 capital requirement, all banks are expected to hold capital to cover their exposures to IRRBB. The reference capital requirement estimated by the supervision using the above methodology is used to challenge the capital measured by the institution and any inconsistencies are pointed out so that the institution is able to develop an action plan for readjustment of its IRRBB management framework. When assessing ICAAP reports, supervisors are expected to verify full compliance with the minimum criteria that must be considered in the calculation of management metrics (according to regulations Circular No. 3365, September 12 2007). Since then, the supervisors have noticed significant improvements in banks’ management of IRRBB. Previously, economic value metrics were VaR-based, and the earnings-based approaches practically didn’t exist. The banks have now understood the need to evolve their metrics of EVE and implement metrics of NII. In addition, the management of embedded gains and losses was also implemented, as well as improvements in the treatment of embedded options. In sum, the banking industry is implementing a number of improvements in response to the Brazilian supervision’s initiatives to converge the measurement and management of IRRBB to the international best practices. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 23 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | Gaps can be noticed in the area of regulations relating to risk management framework for IRRBB, including governance and board or senior management oversight requirements. However, these have been adequately addressed from at least three fronts: with the issue of the Resolution 4557 of 2017 which has become effective for S1 banks from August 2017 and will be effective for the other banks by February 2018; with the clear articulation of the framework for measuring and reviewing banks’ exposures to IRRBB and the introduction of conservative requirements for such measurement taking into account the Brazilian interest rate environment; and the requirement for all banks to hold capital for IRRBB exposures. The BCB is already in the process of reviewing and revising the regulatory and supervisory frameworks for IRRBB, to align closer to the Basel norms and expectations (BCBS IRRBB -April 2016). This is expected to be completed in early 2018. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 24 | Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Liquidity Coverage Ratio (LCR): Resolution CMN 4,401 of 2015 and Circular 3,749 of 2015 require that all prudential conglomerates and specified types of banks (multiple, commercial, investment, exchange and savings banks) where total assets are greater than BRL 100 billion must comply with the LCR. Resolution CMN 4,401 of 2015 establishes the LCR minimum requirement, fulfillment conditions, scope of application, permission to use the liquidity buffer in periods of stress and the implementation schedule. The LCR framework introduced by the BCB was recently assessed by the Basel Committee as part of the RCAP framework for its compliance with the requirements established in the LCR standard issued by the Basel Committee and found to be “compliant”. The minimum LCR was implemented according to Basel implementation plan, i.e. starting with 60% of minimum LCR in 2015, 70% in 2016, 80% in 2017, 90% in 2018, and reaching the 100% requirement by January 2019. The LCR is required to be complied with at the level of the prudential conglomerate (consolidated) and is not required to be complied with at the individual entity comprising the prudential conglomerate. For specific periods during the transition, and with the acquiescence of the BCB, financial institutions will be allowed to operate with LCR below the prudential limits. A report on such occurrence must be sent to the BCB including the reasons that caused the breach, the contingency measures to handle it and a recovery plan to remedy it. For the period that the LCR remains below the specified limit, a detailed report for monitoring the recovery plan must be sent daily to the BCB, who can demand additional information. Upon the breaching of the LCR minimum level, the BCB can request (i) improvements in the management of liquidity risk, in the liquidity contingency plan and the liquidity recovery plan; (ii) reduction of the liquidity risk by, among other measures, sale or exchange of assets and liabilities, alteration in the structure of funding, reduction of the disbursements related to the granting of credit; and (iii) reshaping of the LCR value, in a timeframe to be determined by the BCB, to guarantee restoration of compliance with the minimum LCR limit. Circular BCB 3,749 of 2015 details the LCR metrics and requires public disclosure of the LCR according to the Basel standard template. Net Stable Funding Ratio (NSFR): The BCB is currently working towards implementation of the NSFR, which will become a minimum standard by January 2018. They are preparing the draft regulation including public disclosure, and performing impact studies. The financial institutions that are not required to maintain the LCR (those with total assets below BRL 100 billion) are not subject to any formal liquidity risk ratios. However, in these cases, as per regulations (Resolutions CMN 4,019 and 4,557) the BCB can, under discretionary review of circumstances, adopt other preventive prudential measures aiming at soundness, stability and regular operation of the Brazilian Financial System (SFN). Supervision reviews the liquidity risk management frameworks in all financial institutions through activities such as the Risks and Controls Assessment System - SRC (CAMEL-like assessment), Examination, Special Verification (SV) and off-site supervision/ monitoring tools. On these supervisory procedures, the BCB monitoring tools are a main source of quantitative information for supervisors to decide on actions. Since 2001, the BCB has been developing and improving liquidity monitoring tools. Liquidity and Market Monitoring System (SMM) in the BCB provides the supervisors and the Financial Stability Committee (COMEF) with timely and updated information, for evaluating the liquidity risk (short-term and structural) in the supervised institutions and prudential conglomerates. The SMM monitoring includes stress scenarios (idiosyncratic, peer group and systemic) and produces technical reports (early warnings, tailor made scenarios and financial stability analysis). Based on the granular data received from the supervised institutions and the TRs, the SMM is able to provide a wide range of liquidity monitoring tools to the off-site and on-site supervision supervisory functions. In addition, a new range of monitoring tools has been recently developed to aid the off-site monitoring process. These include, LCR by currency and jurisdiction, the Extended Liquidity Ratio (ELR) that takes into account liquidity support to managed funds (step-in), a new report on non-LCR banks by including detailed data including overseas exposures and allowing the BCB to run a proxy for the LCR (on a consolidated basis and also by currency and jurisdiction) on a monthly basis. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 of this CP for the LCR requirement and liquidity monitoring tools deployed by the supervision. The LCR calculation encompasses a wide range of exposures (on- and off-balance sheet risks) and its monitoring is complemented by BCB monitoring framework, which is flexible enough to consider different scenarios and conditions (at micro and macro levels). The LCR has been implemented by the BCB considering the Brazilian market and economic conditions, and the RCAP assessment has found the Brazilian standard as compliant with the Basel standard. The LCR and the wide range of monitoring tools used by the BCB can capture the liquidity risk profile of the supervised institutions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The regulations on liquidity risk management which were in operation until August 2017 for S1 banks and which are in operation for the other banks till Feb 2018 lay down the following key requirements pertaining to liquidity risk management framework (Res. 4090 of 2012): Liquidity risk is defined as:
Supervised institutions must establish a liquidity risk management framework commensurate with the nature of their operations, the complexity of their products and services and the extent of their exposure to liquidity risk. The key requisites of the liquidity risk management frameworks include:
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for liquidity risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. Furthermore, the revised regulations require that the liquidity management framework must also prescribe risk management systems that include information systems deemed adequate, both under normal circumstances and in periods of stress, to assess, measure and report on the size, composition and quality of the institution’s risk exposures. The revised instructions require that liquidity risk management must be performed by an unit independent from the business unit. The revised regulations (Res 4557 of 2017) require that the risk management structure for continuous and integrated risk management must prescribe policies, strategies and procedures for the purposes of liquidity risk management, which ensure:
Furthermore, the revised regulations (Res. 4557 of 2017) require that the integrated risk management structure must comprise adequate policies, procedures and controls to ensure a prior identification of risks inherent to:
Please also see description under ECs 1 and 2 of CP15 on the details of the stress testing frameworks to be established in banks. The adequacy of the banks’ liquidity risk management framework and the banks’ liquidity levels are assessed by the supervisors using several monitoring tools that are elaborated in EC1. During on-site inspections, supervisors are required to review and assess (a) if senior management formally establishes (and the Board approves) and communicates the bank’s strategy and policies to the area responsible for the daily liquidity management, (b) the existence of specific guidelines for liquidity management of different currencies in different countries, (c) the process of reviewing their goals, policies, objectives and procedures, and (d) whether relevant information on liquidity risk assessment, monitoring and control provide a timely and comprehensive report to the board and senior management. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 |
The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Please see the description under EC1, EC2 and EC3 for the details of the requirements of banks’ liquidity risk management frameworks, the liquidity requirements for banks and the supervisory approach to assessing the adequacy of the risk management framework and the adequacy of the levels of liquidity held by banks. Among others, regulations also require that the information systems in banks should be able to identify and aggregate liquidity risk exposures and provide comprehensive reports to the board and senior management that reflect the institution’s risk profile and liquidity needs. It must also be provided on a timely basis and in a suitable form to the board and senior management, any deficiencies or limitations in risk estimation and in the assumptions of quantitative models and scenarios. The adequacy and ability of the information systems is tested by the supervisors during the ongoing supervision process when they engage with the banks on this topic, on the basis of the alerts they receive from the off-site supervision. The regulatory framework also establishes the expectations from the institution’s Board, that it must comprehensively understand the risks that may affect the institution’s liquidity and ensure the institution’s compliance with the RAS. In addition, policies and strategies, including the contingency funding plan, for liquidity risk management must be approved and reviewed at least annually by the institution’s Board. Supervisors determine the adequacy and implementation of the liquidity risk management framework as envisioned in the relevant regulations through their regular inspection processes and through the continuous monitoring process. The Supervisor receives extensive information regarding the liquidity positions and prospective positions and risks on an ongoing basis, in part through regulatory reporting received directly from the institution and also through the BCB’s interface with the various trade repositories and depositaries. Through these processes, the Supervisor can proactively monitor the funding and liquidity positions of all institutions. Furthermore, the off-site monitoring conducts stress test of the positions to determine potential periods of stress and the nature of stress therein. The parameters set within the BCB’s ongoing monitoring system, relative to the risk profile of a given bank, generate historical and current liquidity ratio figures, as well as trend figures. Through this process, the supervisor is able to conduct effective and timely continuous monitoring of the funding and liquidity situation of all banks. Although already incorporated in work procedures, in 2016 the BCB’s Supervision updated the MSU regarding the information systems and controls of the financial institutions regarding their liquidity risk exposures and funding needs. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g. credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see the description under EC1 to EC3 for the details of the requirements of banks’ liquidity risk management frameworks, the liquidity requirements in banks and the supervisory approach to assessing the adequacy of the risk management framework and the adequacy of the levels of liquidity held by banks. Some of the key requirements under the regulations (Res. 4090 of 2012) address the requirements under this EC and shape the banks’ funding liquidity strategy and processes. In brief, these are
Further, the regulation on LCR requires financial institutions to have policies and limits in place in order to avoid concentration with respect to asset types, issue and issuer types, and currency within asset classes. Moreover, the high-quality liquid assets (HQLA) must be well diversified within the asset classes themselves. Financial institutions must monitor the concentration of expected inflows across wholesale counterparties in order to ensure that their liquidity position is not overly dependent on expected inflows from a limited number of counterparties. Furthermore, the institution must maintain HQLA consistent with the distribution of their liquidity needs by currency. A representative sample of the assets included in the stock of HQLA must be periodically monetized through repurchase agreements or final sale operations, to test the institution’s access to market, the effectiveness of the process and the liquidity of assets. The institution must actively monitor and control liquidity risk exposures and funding needs at the level of individual legal entities, foreign branches and subsidiaries, and the group as a whole, considering legal, regulatory and operational limitations to the transferability of liquidity. The supervisor reviews the liquidity risk management frameworks through the SRC and the VEs, which includes the banks’ funding strategies, policies and processes. The effectiveness of these in terms of actual outcomes are assessed through the ongoing monitoring by the off-site supervisors, whereby they can alert the on-site supervisors of any impending stress on funding liquidity. On receipt of such alerts, the on-site supervisors are able to engage with the senior management in the bank, or undertake an onsite inspection. Supervisory expectations include that the department responsible for funding and liquidity management (for example, the treasury) must regularly interact with other operational departments of the institution to provide and obtain relevant information for managing the process. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see the description under EC3 for the details pertaining to regulatory requirements for liquidity risk management, which include the stress testing and liquidity contingency funding plans. The contingency plans received from the institutions are required to include a clear framework for communication with the BCB. The presented plan is assessed by the supervisors to assure that it is feasible and adequately addresses liquidity deficiencies taking into account the risk profile and systemic importance of the financial institution. As per SRC 4.30.40.10.02, the supervisor must assess whether the liquidity risk management policies consider, among other things, a contingency plan. The supervisor must verify if the contingency plan is adequate in relation to the profile, volume and complexity of the institution’s operations; the plan includes a cash flow projection and funding alternatives, and foresees both the needs of resources and their sources and costs, considering various market scenarios; and if the plan is applicable in times of crisis and is documented in an approved manual by senior management. The supervisor must also check if the plan establishes procedures that govern the liquidation of assets; ensure that all legal aspects relating to the assignment of claims and assets are fully knowledgeable and are previously streamlined; boost the uptake of stable sources and promote the uptake of alternative sources; governing access to available reserves lines; ensure the reliability and timeliness of information flow; and consider the speed of redemptions of its obligations and any resource requirements to meet the obligations recorded in clearing accounts. The VE of Liquidity Risks, detailed in MSU 4.30.10.50.02 also states that the supervisor must verify the existence of a contingency plan for cash management and continuity of operations in adverse situations, covering the following aspects: liquidation value of assets; stable funding sources and alternatives; deadlines and volumes of redemptions obligations; the need for resources to meet obligations recorded in clearing accounts; reserves lines available; and the sequence of realization of assets. The supervisor must also verify whether the contingency plan contemplates several scenarios, if it defines the actions and those responsible for their implementation and whether the information is available to senior management in a reliable and timely manner. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires banks to include a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programs for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Please see the description under EC13 CP15 and EC3 of this CP on the stress testing frameworks required in banks under the regulations and as relevant for liquidity risk management. As per regulations, the stress test program must include stress on liquidity risk, impact of significant risk concentrations, the use of assumptions and parameters that are adequately severe and use, according to risk management needs, any or all of the sensitivity analysis, scenario analysis and reverse stress test methodologies. In developing stress test scenarios, the institution must consider, when relevant, historical and hypothetical elements, short- and long-term idiosyncratic and systemic risks (from a national or an external origin), risk interactions, risks related to the prudential conglomerate as a whole, as well as to its individual components, risk of granting financial support to an entity not belonging to the institution’s conglomerate (step-in risk), asymmetries, non-linearities, feedback effects, breakdown of correlations and other assumptions. Stress test results must be considered by the institutions not only in the assessment of the institution’s liquidity and in the development of contingency plans, but also in the revision of the Risk Appetite Statement (RAS), policies, strategies and limits established for liquidity risk management purposes. If deemed necessary, the BCB may determine adjustments to the stress test program, including the use of scenarios that differ from those originally used, as well as additional stress tests if deficiencies are identified in the original program. Likewise, the BCB can provide specific scenarios to be used by the institution in their stress tests. Currently, BCB does not have integrated top-down stress testing for liquidity and solvency risks. Those risks have been stressed separately and BCB has worked on including feedback effects of fire-sales into the solvency stress testing framework. Regarding the liquidity stress testing, Supervisors assess banks’ liquidity and funding risk exposures by liquidity risk metrics (regulatory and BCB internal ratios), and other monitoring tools, which include ‘stress’ views of the banks’ liquidity positions, some of which are reviewed daily. For instance, the reports or metrics include a report on funding stress, the sensitivity matrix, and a sensitivity analysis that measures the impact on liquid assets arising from increasing degrees of stress scenarios for the Brazilian interest rate and the BRL/USD exchange rate. On the basis of the outcomes of the review of these BCB metrics and the stress tests undertaken by the banks, supervisors pursue with the senior management in the relevant banks, as appropriate. During the ongoing engagement with the senior management as well as during the SRC or the VEs, supervisors are able to assess the adequacy and appropriateness of the stress scenarios used by the banks, and the use of the stress test outcomes in the day-to-day liquidity risk management, revision of contingency plans or liquidity risk strategy. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Banks in Brazil are not allowed to offer foreign currency deposit products to the general public (Circular BCB 3.691, that deals with issues pertaining to the foreign exchange market). The only exception where it is possible for the banks to offer foreign currency accounts in the country includes deposits from travel agencies, tourism services providers, embassies, foreign diplomatic offices and international organizations. Foreign currencies are usually kept in accounts in banks abroad, and the BCB imposes limits on foreign exchange exposures. Consequently, the most common foreign currency exposures for the banks in Brazil are related to funding instruments (e.g. bonds) issued abroad and, on the assets side, to finance trade operations. As regards foreign operations of banks in Brazil, through subsidiaries and branches, regulations require that the institutions manage liquidity risk individually for each country of operation and for the currency of the exposure, acknowledging possible restrictions to the transfer of funds and to currency conversion, such as those caused by operational problems or by decisions imposed by any given country. Additionally, regulations (Circular BCB 3.749 of 2015) establish that banks subjected to the LCR requirement must manage their liquidity needs in each significant foreign currency for which cash outflows are anticipated and must ensure their capacity to satisfy liquidity needs in each currency exposure. Therefore, the LCR must be calculated and monitored by each relevant currency; HQLA must be maintained in a consistent way with the liquidity needs by relevant currency; and potential currency mismatches, between the stock of HQLA and net cash outflows, by currency, must be identified. The BCB’s Financial System Monitoring Department is capable of tracking several exposures in foreign currency, especially those related to trade finance, funding from abroad and government securities. Since most transactions are registered in trade repositories and depositories or are reported directly by the financial institutions through monthly regulatory reports, the supervision is able to identify bank specific and aggregate fluctuations in foreign currencies exposures. In addition, the supervisors gather information on the foreign currency exposure through the liquidity risk report that must be submitted to the BCB. For LCR institutions, the report contains all details of the daily LCR calculation (exposures by type, weight factor, jurisdiction and currency) and other liquidity risk exposures considered relevant to monitor. For non-LCR institutions, the supervisor requires a simplified report, without run-off factors, but also segregated by currency and jurisdictions, that allows supervision to run a ‘LCR proxy’. Based on these reports, since the first half of 2017, the supervision started to monitor the LCR by significant currency, a monitoring tool suggested under the Basel III standards to better capture potential currency mismatches. By monitoring the LCR by significant currency, supervisors have been alerted to currency mismatches, and thus they can evaluate banks’ ability to raise funds in foreign currency markets and the ability to transfer a liquidity surplus from one currency to another and across jurisdictions and legal entities. A similar approach has been developed for supervising non-LCR banks. Supervisors are required (SRC 1.60.60.20) to assess whether the institution has specific guidelines regarding liquidity management strategy, including in different currencies and in different countries, if applicable. They are also required (4.30.40.30.03.02 (SRC - Liquidity Management) of the MSU) to identify the composition of assets and liabilities, noting non-hedged terms and currencies; verify in the liquidity management reports evidence of non-hedged currency and maturities; and verify situations of limit extrapolations, liquidity in foreign currency and irregularities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Please see description under EC1 regarding implementation of the LCR in Brazil. Regulations have clearly established that (Circular BCB 3.749 of 2015) an asset can be considered HQLA only when unencumbered, or free of any legal, regulatory, statutory or contractual restrictions capable of obstructing its negotiation. With the compliance of the banks with the LCR, they are able to demonstrate that they are able to manage their HQLA stock at acceptable levels. As regards the non-LCR banks, the LR that the BCB has in place serves as a proxy LCR. Supervisors observe that in most cases the LR is more conservative than the LCR, which assures that the non-LCR banks also manage their HQLA stock at acceptable levels. Regulations require banks to make periodical disclosures about their risk management frameworks, including liquidity risk management. These are required both as part of the disclosures under the prevailing accounting standards and as part of the Pillar 3 disclosures. Please see description in CP28 for details. For the institutions subject to LCR regulation, information related to the calculation of the LCR, including qualitative explanations, must be disclosed quarterly according to the standard format defined in the annex of Circular 3.749 of 2015. This information must be available along with the information related to risk management on the institution’s website. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 24 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory requirement (LCR) set by the BCB complies with the Basel standards. The supervisors monitor the liquidity situation in the banks on almost a daily basis, including implications of potential stress from market risk situations. The multiple liquidity monitoring tools and methodologies deployed by supervision provides the supervisors an assurance of the banks’ ability to meet their respective liquidity needs. They are able to draw additional comfort with the qualitative assessment of the banks’ liquidity risk management frameworks undertaken through the ongoing and continuous supervision approach. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 25 | Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk49 on a timely basis. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Operational risk losses in banks in Brazil primarily are arising from legal risk which accounts for about 70 percent of the losses, about 20 percent of the losses arise from external frauds and all other types of operational risk losses account for the remaining 10 percent. The main sources of losses from legal risk arise from different types of litigation against the banks, which include in the order of severity, tax claims, labor claims and customer claims. The regulations on operational risk management which were in operation till August 2017 for S1 banks and which are in operation for the other banks till Feb 2018 lay down the following key requirements pertaining to operational risk management framework in supervised institutions (Res. 3380 of 2007):
Please see description under EC2, CP15 for details of the revised requirements established in regulations for the implementation of a continuous and integrated risk management structure, that are also required to be applied for operational risk management. The revised regulations are applicable to the S1 banks from August 2017 and will be applicable to the other banks from February 2018. The revised regulations lay down the following additional requirements for operational risk management, which include:
During a supervisory cycle, bank supervisors assess the banks’ operational risk management framework within the SRC (MSU 4.30.40.20.05), which includes an assessment of the major aspects, including the risk management strategies, policies, corporate governance, system evaluation, corresponding control activities, monitoring, management and regulatory reports. These assessments are scaled up and applied proportionately in relation to the size, complexity, risk profile and systemic importance. Similarly, the supervisory expectations from the strategies, policies and processes established by the banks are proportionate to their size, complexity, risk profile and systemic importance. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 and EC2 of CP15 and EC1 of this CP on the requirements established in regulations for the operational risk management frameworks in the supervised institutions, and the role and responsibilities of the board and senior management. Resolution CMN 4,557 of 2017, which became effective for S1 banks in Aug 2017 and will become effective for other banks in February 2018, has introduced the requirement for a RAS. In terms of this requirement, Risk appetite levels must be documented in the RAS, which must reflect (i) the types and levels of risks that the institution is willing to assume; (ii) the institution’s ability to manage its risks in an effective and prudent manner; (iii) the institution’s strategic goals; and (iv) the competitive conditions and the regulatory landscape in which the institution operates. Supervisors assert that, many banks had already developed Operational Risk Appetite and Tolerance Statements as a useful management tool before the regulatory requirements. Art. 45 of Resolution CMN 4,557/17 establishes that the institution must constitute a high-level risk committee, and Art. 48 defines that the board must:
The board and senior management should also express their opinion on corrective actions aimed at addressing findings in control and operational risk management weaknesses. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | During supervision of operational risk management, supervisors rely on the banks’ internal control reports, internal audit reports, the internal annual report to the board and senior management on the operational risk management in the bank, the external audit report, and the bank’s ICAAP report. The main benchmarks used by the supervisors to assess operational risk (including legal risk) and the effectiveness of management and control systems are:
During the supervisory cycle, supervisory assessment of the operational risk management framework (within the SRC (MSU 4.30.40.20.05),) includes an assessment of the main operational risk categories, corporate governance, risk management policies, identification and assessment of operational risk, corresponding control activities, monitoring, and management reports. The supervisors may also resort to special verifications (VE) on operational risk management, which encompasses a thorough analysis of the Operational Risk Management Function in a bank. These reviews, among others, enable the supervisors to assess the effectiveness of the implementation of the operational risk policies and processes and how these contribute to the accomplishment of the strategy approved by the board. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. For small and medium sized banks, the supervisors examine their level of compliance with the qualitative requirements for the Alternative Standardized Approach. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The prevailing regulations on operational risk management cover requirements relating to disaster recovery and business continuity, which include the following:
The revised regulations that have become effective for S1 banks in August 2017 and will become effective for the other banks from February 2018 require that:
Supervisors are required to monitor the quality and comprehensiveness of business resumption and continuity plans based on the following indicators:
During the supervisory cycle, supervisors are required to verify bank’s IT disaster recovery and business continuity plans based on international best practices, namely the Cobit framework to assess their coverage and effectiveness, and whether these plans are tested and updated. Examiners verify the completeness of the tests, covering systems, and inhouse and outsourced staff. Supervisors are also required to assess contingency plans, including information technology aspects, to ensure that the institution is able to operate continuously and to limit losses in case of severe contingencies, including disturbances to payment and settlement systems. The supervisor is able to require the adoption of additional controls, in cases of inadequacy or insufficiency of operational risks’ controls. (Under MSU item 4.30.10.50.11 and MSU 4.30.10.50.06.02) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor determines that banks have established appropriate IT policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound IT infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see description under EC1 and EC2 for the requirements established in regulations for management of operational risk, which also explicitly includes IT risk, and EC4 for details pertaining to disaster recovery and business continuity plans relevant for IT aspects. Regulations pertaining to operational risk have established events arising from IT and information systems as operational risk events (Article 32 of Res. CMN 4557 of 2017, and Resolution CMN 3,380 of 2006), and require banks to periodically conduct security tests on the institution’s information systems (Resolution CMN 2,554 of 1998). Art 33 of Resolution CMN 4557 of 2017 requires the risk management framework to include, for the purposes of operational risk management, besides other items:
Specialized teams dedicated to specific risks are located within the onsite supervision department, one of which is in charge of IT issues, specializing in risk assessment and control of processes, resources and technological environments based on international best practices. The procedures contained in the Supervision Manual (in item 4.30.10.50.18) are based on the Cobit methodology, which guide evaluation of the institution’s strategic IT plan; the guidelines followed by the institution on technology infrastructure; the investment in technology and the communication of IT policies and guidelines. Supervisors are required to examine the policies and procedures related to information technology from the perspective of operational risk management of the institution. Thus, there is an establishment of principles for identifying, assessing, monitoring, control and mitigation of operational risks, encompassing the risks related to the management and use of information technology. Examiners are also required to assess the existence of policies, rules and corporate procedures, and whether these are appropriately disseminated and implemented in relation to the management of information security. Supervisors are also required to examine whether information technology plans are considered in the definition of strategic plans and corporate budget and whether they are aligned to the overall strategies of the institution. (MSU item 4.30.10.50.11,) During the supervisory cycle, the supervisors are required to evaluate the adequacy of the relevant processes, people, systems, equipment and other resources employed in IT risk management relative to the size, complexity, risk level and dependence on technology of all operational, management and administrative activities of the institution. The evaluation of investments in IT area include evaluation of project management, development processes, maintenance of systems, evaluation of their performance, the safety guarantees, continuity of data processing systems, and adequacy of internal controls constitute part of the examination. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor determines that banks have appropriate and effective information systems to:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | Please see description under EC5 regarding the information systems pertaining to operational risk losses established in Resolution CMN 4557 of 2017. Regulations prior to this have also established the requirements pertaining to documentation and storage of information related to operational risk losses; and implementation, maintenance and disclosure of a structured process of communication and information. Circular BCB 3.647 of 2013, sets the minimum requirements for use of the advanced approach based on internal models for the calculation of capital requirements for operational risk. It provides detailed guidance on Internal Loss Data Collection, encompassing operational risk events, near losses, loss data thresholds, provisions for legal risks and timing differences, grouped losses and date of internal events. All DSIBs have since reportedly implemented these requirements in their internal modelling efforts. In addition, the remaining ICAAP banks (prudential segment 2) have been encouraged to comply with the AMA requirements on loss data collection for the sake of comparability. Bank supervisors have encouraged banks in other segments, especially ASA banks, to adopt the AMA requirements as best practices in internal loss data collection, as part of the qualitative requirements (Circular BCB 3.640 of 2013, art. 7-A, item II, e). In its endeavor to ensure implementation by the banks, there are instances where banking supervision has decided not to authorize a bank to adopt ASA while it did not include legal provisions in its loss event database and required another previously authorized ASA bank to include provisions for litigation in its loss database. In the light of the development of the Operational Risk Standardized Measurement Approach the BCB is working on a project for the periodic reporting of internal loss events by banks to the supervisor. Bank supervision assesses the information systems and processes for operational risk loss data collection in the supervision cycle and reports the results in the periodic SRCs. In the large banks and those that are keenly developing the internal loss database, the supervisors are engaging with them to be assured about the adequacy and appropriateness of the information systems and the methodologies for capturing losses. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | Circular BCB 3,640 of 2013, which establishes procedures to calculate the component of the risk-weighted assets relative to exposures subject to operational risk, requires the financial institutions to forward to the BCB a report detailing the calculation of the operational risk capital requirement. In addition, institutions must keep available to the BCB, for 5 years, the information used to calculate the capital requirement. Circular-Letter BCB 3,663 of 2014 establishes the procedures for forwarding the monthly Operational Limits Document (DLO), which includes information on operational risk exposure. Regulation (Resolution CMN 3.198, art. 23) imposes a requirement on the external auditors and members of the audit committee to report within three working days a limited number of material operational risk events, such as management fraud, material internal or external fraud, non-compliance with internal and external laws and regulations that poses risk to the financial institution’s continuity and material errors in the financial statements. The scope of this reporting should be extended to other types of OR events for example, cybersecurity incidents, technology risk incidents and process failures and the responsibility for all such reporting can be placed on the banks’ boards/ senior management. The supervisor usually relies on the regulatory annual report on operational risk and internal control weaknesses and the ICAAP report in order to keep up-to-date with developments in operational risks at banks. In addition to that, during the supervisory cycle, supervisors also resort to management reports, interviews with senior management and review of interim financial statements, especially for information about litigation, which is one of the main sources of operational risk for Brazilian banks. The supervisor also holds periodic meetings with the internal audit, external audit, members of the audit committee and the bank’s board in order to obtain additional information about material operational risk events and litigations. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 |
The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management program covers:
Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | Please see description under EC1 and EC2, for the regulatory requirements pertaining to operational risk management frameworks, which also include the requirement pertaining to outsourcing by banks. In brief, the relevant requirements are: Resolution CMN 3,380 of 2006 already required some attention to aspects pertaining to outsourcing:
Resolution CMN 4,557 of 2017, that is in effect for S1 banks from August 2017 and that will become effective for the other banks from February 2018 addresses several issues in outsourcing, a summary of which is presented below:
Within the SRC, Supervisors assess the management of operational risk in relevant outsourcing service providers, encompassing reputation, training, controls and contingency plans. Supervisors can resort to more thorough examinations (specialized verifications), where warranted (MSU item 4.30.10.50.11.) One of the supervisory procedures (MSU item 4.30.10.50.12) examines aspects of the domestic correspondent non-bank organizations (NBO), such as the selection process, the contracts and the controls of the correspondent NBOs. According to MSU 4.30.10.50.09.01, Supervisors are required to examine the monitoring carried out by the institution on the quality of care provided by its correspondents to the bank’s customers. The Supervisors’ risk management assessment can also be extended to include the examination of critical service providers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g. outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | When the supervisor identifies common operational risk exposures in the financial markets, bank supervision resorts to horizontal examinations or surveys, in order to assess the risk exposure for a group of institutions. Usually, risk identification is based upon financial or management information or driven by specific operational risk events (e.g., common class actions, cybersecurity incidents). Recent examinations encompass litigation (large exposures, class actions) and information technology aspects (e.g., cybersecurity events, dependence on common service providers). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 25 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory framework of operational risk management was initially established in 2006 to support the qualitative requirements of the Basel II framework when it was introduced. This was less prescriptive, but this has been largely addressed with the issue of Res. CMN 4557, which is effective for S1 banks from Aug 2017 and will be effective for the other banks from Feb 2018. The main areas of improvement achieved through CMN 4557 include those pertaining to IT risk, outsourcing risk, business continuity planning and compilation of operational risk loss data. While these improvements will help, it may take a while for the new initiatives to bear fruit. The supervisory framework has been evolving over the period. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. Areas for improvement can include:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 26 | Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent50 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 |
Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | All commercial banks and multiple banks in Brazil are established as limited companies, of which 7 are listed entities. The internal control requirements in the supervised entities are guided by the relevant provisions and requirements in the Banking Law (Law 4595 of 1964) and the Company Law (Law 6404 of 1976), and the relevant regulations issued under these laws. In terms of Article 138 of the Company Law, publicly-held companies and authorized capital companies shall have a board of directors and the board of executive officers (senior management). The other companies shall have only the board of executive officers. In terms of Article 161 of the Company Law, all listed companies shall have a Fiscal Council (or Supervisory Board). Regulations (Art1, Res 2554 of 1998) require that financial institutions and other institutions authorized by the Central Bank of Brazil implement internal controls focused on (a) the activities they carry out, (b) their financial information systems, (c) the operational and managerial responsibilities and (d) the compliance with applicable legal and regulatory standards. Internal controls, regardless of the size of the institution, are required to be effective and consistent with the nature, complexity and risk of the operations performed by it. As per laws and regulations, most of the responsibilities for the internal controls framework rest with the senior management and the Board of Directors, who are in fact responsible for the administration of the company (Law 6404 of 1976). The main responsibility for the implementation of internal controls lies with the Board of Directors and, when this board is not required, with the senior management (Resolution 2554 of 1998 and Resolution 4557 of 2017). The Institution’s Board of Directors’ main responsibilities regarding internal controls are:
They must also provide high standards of ethics and integrity and an organizational culture that demonstrates and emphasizes to all employees the importance of internal controls and the role of each one in the process (Art 4, Resolution CMN 2,554, of 1998). In terms of regulations, (Art 2, Res 2554 of 1998), the internal control systems shall be accessible to the entire institution to ensure that the relevant staff at the various levels of the organization are aware of the responsibilities assigned to them. The internal control systems should include:
Regulations require that an annual report on the activities related to the internal controls system must be submitted (Resolution CMN 4,390, of 2014), to the board, the senior management and to the external auditor. The annual report shall include (a) a review of the conclusions of the examinations made, (b) the recommendations to address the possible deficiencies, along with a schedule of remedy, as applicable, (c) details of the areas where deficiencies were observed in the previous examinations and the measures effectively taken to address them. This report shall also be available to the Central Bank of Brazil for a term of five years. As per regulations, in institutions that are required to have an audit committee, the audit committees are required to, among others, (a) evaluate the effectiveness of independent and internal audits, including verification of compliance with legal and normative provisions applicable to the institution, and regulations and internal codes; (b) assess compliance by the institution’s management with the recommendations made by independent or internal auditors; and (c) meet, at least quarterly, with the board of the institution, with the independent audit and internal audit to verify compliance with recommendations or inquiries, including with regard to the planning of the respective audit work. (Resolution CMN 3198 of 2004) The Supervision Manual includes procedures to evaluate the adequacy of the internal controls system. These procedures are established both at a more general level and for more specific activities, such as corporate governance (MSU 4.30.10.50.06.01), audit committee function (MSU 4.30.10.50.13), credit operation controls (MSU 4.30.10.50.01.01), treasury area (MSU 4.30.10.50.02), currency exchange operations (MSU 4.30.10.50.03), IT (MSU 4.30.10.50.18) and application systems (MSU 4.30.10.50.19). The supervisor also assesses whether members of the institution - especially senior management - are committed to and qualified to implement effective internal controls. The procedures established for SRC, VEs (targeted inspections) and continuous monitoring activities are based on definitions established by the Bank for International Settlements (BIS) and, as a reference, by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The verifications use an internal controls system approach that encompasses five components: Control Environment; Risk Assessment; Control Activities; Information and Communication; and Monitoring. The internal control verification (MSU 4.30.10.50.06.02) is required to be carried out at the corporate level and at the level of business units. Internal controls applied to specific activities are also verified and supervisory findings are often compared to internal audit findings and recommendations, to validate and review the auditing process as well. The verifications of the internal control systems and their effectiveness are assessed by the supervisors while assessing the control environment for each type of risks and also during the VEs while looking at specific portfolios, operations, products and functions. These reviews can happen as part of the ongoing supervision (SRC) and also as part of special verifications (VEs). The Supervisor has the legal power to sanction institutions, as provided by Resolution CMN 4019 of 2011, and must do so when violations are identified and confirmed. In less serious cases, the Supervisor may report deficiencies through an inspection letter or summons communication as specified in the Supervision Manual. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see description under EC1 for requirements pertaining to internal control systems under the law and regulations and the supervisory processes and approach to review internal controls both as part of ongoing supervision and as part of special verifications. The determination of the balance of skills in both the back office and control functions relative to front office activities is inherent in the requirement for and execution of comprehensive and sound internal controls, internal audit oversight, external audit processes, and supervisory oversight. Also, this element is key to the evaluation of risk controls specified in the specific risk areas. For example, in the case of treasury activities the supervision manual contains a specific section regarding the operational risk in the treasury department (MSU 4.30.10.50.02.04), which emphasizes review of the balance of skills, resources, expertise and authority between the back office and the front office. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks have an adequately staffed, permanent and independent compliance function51 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function is suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Financial institutions are not required to have a segregated compliance function or to appoint a compliance officer. Nevertheless, the regulations on internal control system include compliance elements (Article 1 of the Resolution CMN 2554 of 1998) and thus compliance also is the responsibility of the Board of Directors and, when this board is not required, of the Senior Management. (Please also see description under EC1 for details of the expectation of banks’ internal control systems and the board responsibilities). Though not formally required, the supervisors indicate that, in practice, the majority of Brazilian banks have a compliance officer or unit. The large banks segregate compliance units from other control functions. However, other banks combine compliance activities with other functions such as internal control. In 2017, the BCB replaced, among others, Resolution 3380 of 2006 by Resolution CMN 4557 and updated the supervision manual regarding the first and third lines of defense (management and executives in the business areas and internal auditors respectively). A specific rule or guidance to address the risk associated with information technology is also under study. Please see EC1 for the specific VEs undertaken by supervision on the matter. A specific resolution to address the compliance function requirements was issued in August 2017 which becomes effective from 31 December 2017 (Res 4595 of 2017). The new regulation does not require financial institutions to have a segregated compliance organizational unit, but it requires financial institutions to establish a formalized compliance policy. The compliance policy must be appropriate to the nature, size, complexity, structure, risk profile and business model of the institution, to ensure the effective management of its compliance risk. The new regulation also assigns responsibilities to the board of directors, such as approving and overseeing the compliance policy; ensuring the effectiveness and continuous execution of the compliance policy; and providing the necessary means to ensure that compliance activities are carried out properly. In addition, the new regulation will require financial institutions to provide sufficient, suitably qualified and trained staff, with the necessary experience to conduct compliance activities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor determines that banks have an independent, permanent and effective internal audit function52 charged with:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | Regulations require that all financial institutions should have a system of internal controls and that they should establish an internal audit function as part of this system and that the internal audit function should be structured as below (Res 2554 of 1998, as amended by Res 3,056 of 2002; (Para 2 to5, Part VII of Art2 of Res 2554)).
As a part of the ongoing supervisory process, the Supervisor interacts on a regular basis with internal audit functions. During onsite and continuous monitoring, the Supervisor asks for internal audit reports to (i) review the adequacy of audit in the relevant area and (ii) supplement BCB inspection procedures. The internal audit function is periodically assessed by the Supervision in the application of SRC, more specifically in the ARC of Corporate Governance. The CMN has issued Resolution 4,588 of 2017, on 30 June 2017 that comes into effect on 31 December 2017, which has established the revised and comprehensive requirements for internal audit in the financial institutions and other institutions authorized by the Central Bank of Brazil. Please see description under EC5 for details. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor determines that the internal audit function:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Resolution 4588 of 2017, that comes into effect from 31 Dec 2017, establishes detailed and comprehensive requirements related to the internal audit function. In brief these are presented below, which specifically and explicitly address the expectations under this EC.
Article 8 of the resolution states that the supervised entity should ensure that the internal auditors should have authority to evaluate all existing business and support areas, as well as outsourced activities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 26 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The regulatory framework prior to the issue of the Resolutions CMN 4595 and CMN 4588, was focused on the internal controls in the supervised institutions. The regulations place the responsibility of establishing the internal control systems and ensuring their effective functioning on the board of directors and senior management in the banks. Part of the responsibility was also cast on the audit committee in the banks. In Brazil, unlisted banks are not required to establish a board of directors (non-executive), need not establish audit committee when they are small, and shareholders can constitute the senior management. Of the 116 unlisted banks, 41 have established Board of Directors. Of the remaining 75 banks accounting for about R$540 billion in total assets (6.8% market share), 46 are foreign owned banks (5.8% market share). Regulations permit internal audit to be part of the internal control function with the requirement that internal audit will report to the senior management. At the same time, the compliance function is not a requirement and the requirements for the internal audit framework is less sophisticated. Collectively, these features can seriously undermine the effectiveness of the internal control and internal audit functions in these banks. The Resolutions CMN 4595 and 4588 become effective on 31 December 2017. While these can help, it may take a while for the new initiatives to bear fruit. Drawing on the requirements of Resolution 2,554 of 1998, BCB has been supervising financial institutions’ “internal controls system”, which comprises the internal controls, compliance and internal audit functions. BCB’s supervisory practices aim at evaluating the effectiveness of compliance and internal audit functions in supervised institutions, including small ones, observing the supervisory cycle established for each of these institutions. Notwithstanding the above, BCB should devote greater attention to the internal control, compliance and internal audit functions in unlisted banks, to review their effectiveness, and take appropriate corrective measures, where warranted. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 27 | Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | The supervisor53 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see description under EC1 of CP26 regarding the board structures in banks in Brazil. Depending on the governance structure in banks, the responsibility for ensuring that the financial statements are prepared in accordance with the widely accepted internationally accepted accounting policies rests with either one or more of the following:
Resolution CMN 3,786 of 2009 requires the supervised institutions that meet the following criteria to prepare financial statements in accordance with the IFRS and disclose these on an annual basis, together with external auditor’s opinion:
The preparation and disclosure of the consolidated financial statements required by Resolution 3786 shall be made by the parent institution of the group of consolidated entities, whose designated director (art. 5 of the Regulation annexed to Resolution No. 3,198, of May 27, 2004,) is responsible for reliability of these statements and the fulfillment of the deadlines. (Circular BCB 3,472 of 2009) Circular BCB 1,273 of 1987, which established the Cosif (financial institution accounting regulatory requirements), sets the local accounting standard and requires financial institutions to publish financial statements and explanatory notes, along with external auditor’s opinion. The aforementioned Circular holds the director in charge of the accounting department responsible for compliance with the required standards, and professional ethics and banking secrecy rules. Consequently, about 58 banks are preparing and publishing financial statements that comply the IFRS. Besides, all banks (including the above 58 banks) are preparing and publishing financial statements that comply with the Cosif. The Supervisor, under the framework of the Economic and Financial Analysis (ANEF), analyses the adequacy of recognition and accounting measurement of the main assets and liabilities in the financial statements, and evaluates the evolution of these items. In such analyses, the focus is on the valuation of assets and the integrity of liabilities. In relation to the valuation of assets, the analyses include: (i) provisions for exposures to credit risk; (ii) fair value measurement of assets; and (iii) valuation of other assets. Regarding the integrity of liabilities, the analyses include recognition and measurement. The Supervisor, under the framework of the SRC (Control Risk Analysis), also evaluates
The Supervision Manual details the execution of Special Verification Supervisory Procedures (VEs) of the Audit Committee and of Corporate Governance, using which the Supervisor evaluates the performance of the Audit Committee and the Fiscal Council (high level council, including minority shareholders) in providing reliable financial statements. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Presented in the table 7 below, is a summary of the requirements for financial institutions regarding the audit and disclosure of financial statements. Please see description under EC1 for the responsibilities placed on the board and senior management of banks regarding the financial statements issued annually to the public.
Table 7. Audit of Financial Statements by Supervised Institutions Table 7. Audit of Financial Statements by Supervised Institutions
Table 7. Audit of Financial Statements by Supervised Institutions
Financial institutions are required to disclose semi-annual financial statements under Cosif rules (Prudential Conglomerate). Resolution CMN 4,280 of 2013 establishes that the parent institution is responsible for preparation and submission of these financial statements. The parent institution shall disclose such statements, including explanatory notes, and the auditor’s opinion. Resolution CMN 3,198 of 2004 obliges financial institutions to obtain an external auditor’s opinion on the financial statements published under Cosif rules. Regulations (Resolution CMN 3,198 of 2004) consolidate the rules relating to external auditors which include their requirement to be (i) registered at Brazilian Securities and Exchange Commission (CVM) and (ii) approved in a periodical certification test applied by the Brazilian Federal Council of Accountants (CFC). External Auditors’ practices and procedures must comply with the (i) auditing standards and procedures issued by the National Monetary Council (CMN) and the BCB, and (ii) with regulations issued by CVM, CFC and Brazilian Institute of External Auditors (Ibracon) when not conflicting with CMN or BCB rules (Resolution CMN 3,198 of 2004). Resolutions issued by the CFC establish the professional rules for the work of external auditors. The CFC approves the Brazilian Auditing Norms (NBC), which result from official translations of International Standards on Auditing (ISA) issued by International Auditing and Assurance Standards Board (IAASB). Resolution CMN 3,198 of 2004 also defines the role of the Audit Committee, which includes the evaluation of the effectiveness of the independent audit. The supervisor, by means of the SRC (MSU 4.30.40.20.09), analyses the performance of that committee. Regarding individual financial statements, all financial institutions are obliged to elaborate and disclose semi-annual financial statements under Cosif rules. Circular BCB 2,804 of 1998 presents the procedures for such publications, including periodicity, channels of disclosure, templates and the requirement of an external auditor’s opinion. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | Regulatory reporting is presented according to Cosif rules, which prescribe accounting standards for financial institutions and prudential conglomerate. Since 2008, CMN has issued accounting standards in line with IFRS, introducing these standards into Cosif, including the Conceptual Framework for Financial Reporting. With this, the local accounting standard has come closer to IFRS. General rules of asset valuation are described in the General Principles of the Basic Norms of Cosif. Some specific rules are also described in the following regulations:
Supervision evaluates the procedures and criteria adopted by institutions in marking-to-market prices during on-site examinations, while the off-site monitoring assesses the values reported by the institutions on marked-to-market securities. As banks are required to submit regulatory reports that are in compliance with the Cosif and since they also publish audited financial statements that are in compliance with the Cosif, the need for a separate reconciliation of the published financial statement and regulatory reporting does not arise. The BCB has already made public a project with the purpose of aligning the local accounting standard to IFRS 9 Financial Instruments. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | External auditors must follow the standards set forth by International Auditing and Assurance Standards Board (IAASB) as endorsed by the CFC (Brazilian Accounting Council), which includes NBC TA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment (equivalent to ISA 315). Also, please see description under EC2 regarding the applicable auditing standards, and EC5 for the supervisors’ ability to establish the scope of external audits. Law 6,385 of 1976 establishes that BCB should apply penalties for the acts or omissions incurred while undertaking audit activities of financial institutions and other entities licensed to operate by the BCB. In cases where there is no serious breach, supervision can send inspection letters (“Oficio”) to determine the correction and improvement of audits of financial institutions. The regulation annex to the Resolution CMN 3,198 of 2004 defines the responsibility and the process for external auditors, which encompass audit of the financial accounting statements, including explanatory notes. In addition, as per regulations, external auditors are required to provide assurance to the Supervisors in a few additional areas such as internal audit, loan classification, and operational risk management. Art. 13 of Res 3467 of 2009, empowers the Central Bank of Brazil to (i) require additional information and clarification; (ii) determine the accomplishment of complementary examinations; and (iii) determine that the work performed by an independent auditor or by an audit entity is reviewed by another auditor. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | Please see descriptions in the above ECs regarding the applicable accounting and auditing standards. The BCB has the power to determine specific services to be carried out by external audit in the institutions. In addition to the additional areas that the external auditors are expected to cover, as explained in EC4, Circular BCB 3,467 of 2009 grants the BCB the power to request complementary examinations according to findings in the institutions. In addition to the report that are published along with the financial statements, CMN requires the external auditors to elaborate:
The Supervisory Manual requires the Supervisor to check the scope and adequacy of the independent audit on the internal controls system of the institution, especially regarding the processes and procedures involved in the production of financial statements, and verify compliance with the regulations by the independent audit team. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 | The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The BCB has the power to require external auditors to be replaced in the course of a Punitive Administrative Process (PAP) according to Law 6,024 of 1974 (intervention and extrajudicial liquidation of financial institutions) and Decree-Law 2,321 of 1987 (temporary special administration regime). In such cases, once the PAP is initiated, the BCB may determine the replacement of the Audit Firm or of the external auditor. Since 2012, Supervision has set up 6 (six) PAPs against 4 (four) audit firms. In cases where there is no serious breach, supervision can send inspection letters (“Oficio”) to seek improvement of the audits of financial institutions. The BCB is awaiting the passage of a new law which will allow the BCB to forbid external auditors from providing services to financial institutions, in cases where serious breaches are verified. Circular BCB 3,467 of 2009 grants the BCB, in specific cases, the power to demand the revision of the work performed by an external auditor by another external auditor. The regulation annex to the Resolution CMN 3,198, of 2004, requires that the financial institutions external auditor be registered at Securities Commissions (CVM) and be approved in a technical certification test. That certification needs to be maintained by means of: approval in new examinations or, cumulatively, performing audits on financial institution and participating in continuing education programs. In addition, the referred regulation provides independence requirements regarding audited entities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | While law or regulation does not require the mandatory rotation of the audit firm by the financial institutions, they require them to rotate the members of the audit team after five years. Resolution CMN 3,198 of 2004 as amended by Resolution CMN 3,606 of 2008 and Circular-Letter BCB 3,367, of 2008, require that financial institutions replace the in-charge technical person, director, manager, supervisor and any other professional in a managerial position, in the team involved in the relevant institution’s external audit work, after the issuance of five complete annual reports. The Supervision Manual details that the Supervisor is responsible for verifying the rotation of the staff. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The Supervisor meets with the external auditors during the on-going and on-site supervision phases, on an as-required basis, to understand the auditing procedure and discuss matters relevant to the audited financial institution. Such meetings occur at least once a year. In addition, there is a group composed of representatives of the BCB and the audit firms (GT1 Ibracon + BCB), where they can discuss accounting and external audit issues. Usually meetings of this group occur every two months. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 | The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | Resolution CMN 3,198 of 2004 establishes that the external auditor and the Audit Committee must formally communicate to the BCB, within three working days of identification of error or fraud in the specified situations. The supervision manual (MSU 4.30.10.50.06.02 (Special Verification - Management - Internal Controls in the Administrative Level)) provides that supervision must verify compliance with the regulations by the independent audit team. Resolution CMN 3,198/2004 (Art 21) and Circular BCB 3,467/2009 also establish that the external auditor must, as a result of the financial statement revision procedures, provide the Supervisor on a semi-annual basis with a report of eventual failures to comply with laws and regulations and internal control weaknesses. As these are embedded in the regulations and as the BCB is the supervising authority for the external auditors, the supervisors view such disclosures by the auditors as performance of their duties and compliance with the regulations, and not breach of duty. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The supervisor has the power to access external auditors’ working papers, where necessary. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | Regulations (annex to Resolution CMN 3,198, of 2004) require that contracts between financial institutions and the respective external auditors must have a specific clause granting access to BCB, at any time, to external auditors’ work papers, as well as to any other document that has been used in the course of issuing bank related reports. When necessary, Supervision has requested the auditor’s working papers in order to understand any specific accounting issue of the audited entity. Some supervision processes require the Supervisor to request the working papers of auditors to assist the analysis to be carried out in such inspections (e.g. MSU 4.30.10.50.02.01 Portfolio Analysis and Treasury Operations; MSU 4.30.10.50.07.01 Contingencies). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 27 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The financial statements prepared and published by the financial institutions are in compliance with the Cosif (Brazil GAAP) and the IFRS. These statements are audited by independent external auditors who are required to perform the audits in compliance with the international auditing standards, and the audited financial statement are published along with the explanatory notes and auditors’ opinion at least at half-yearly intervals, both at solo and consolidated levels. Laws, regulations and the supervisor ensure appropriate governance arrangements are in place in the financial institutions for overseeing the external audit function. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 28 | Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws, regulations or the supervisor require periodic public disclosures54 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | Please see below in Table 8 the details of disclosure of financial statements by the financial institutions as required under law and regulations, which includes the applicable accounting standards, the frequency of disclosure, the applicable regulation and the basis of disclosure, namely solo or consolidated. It can be seen that the supervised institutions in Brazil are required to publish their financial statements both on solo and consolidated basis at least at half-yearly intervals and these are required to be in compliance with the Cosif or the IFRS.
Table 8. Disclosure of Financial Statements by Supervised Institutions Table 8. Disclosure of Financial Statements by Supervised Institutions
Table 8. Disclosure of Financial Statements by Supervised Institutions
In addition to the above, laws and regulations require the supervised institutions to make additional disclosures as below:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | Please see EC 1 on the periodical disclosures required to be made by the supervised institutions, which include both quantitative and qualitative disclosures. The Pillar 3 disclosures required vide Circular CMN 3,678 of 2013 include disclosure of information on risk management structures and functions, capital requirements and regulatory capital. The set of mandatory information includes: both qualitative and quantitative information of a bank’s financial performance; financial position; risk management strategies and practices; governance; risk exposures; limits; indices; aggregate exposures to related parties; amount of past due loans; total loans written off in the quarter; amount of loss provisions to loans; credit risk mitigation; counterparty credit risk; purchase, sell or transfer of financial assets; securitization; transactions with related parties; total amount of the trading book; equity holding in the banking book; exposure to derivatives and accounting policies. The disclosure must be made in a detailed form commensurate with the scope and complexity of operations and of systems and processes employed in risk management. Relevant restrictions or impediments, existing or potential, to the transfer of resources between consolidated institutions must also be disclosed. Owing to security concerns, Brazil has not introduced any Pillar 3 regulations on disclosure for executive compensation. This fact was not considered to be material and Brazil was considered to be compliant with Pillar 3 disclosure requirements by the Regulatory Capital Assessment Program (RCAP) of the BIS in 2013. Qualitative aspects of each risk management framework must be disclosed, including a description of:
The information must be updated with the following minimum period span: annual, for qualitative information, or in the occurrence of a relevant alteration; quarterly, relative to the dates of March 31, June 30, September 30 and December 31, for quantitative information. Resolution CMN 4.557, which came into effect in August 2017 for S1 institutions requires that:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | Laws, regulations or the supervisor require banks to disclose all material entities in the group structure. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The Cosif (Brazilian accounting standards) requires disclosure of detailed information regarding entities included in consolidated financial statements. Moreover, Circular CMN 3,678 of 2013 requires financial institutions to:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | The BCB is the oversight body for enforcing compliance by the supervised institutions with the accounting standards (COSIF) including the related disclosures under the standards. The BCB is also the banking supervisor which has introduced the Pillar 3 disclosures, and hence is responsible for enforcing those disclosures as well. During the SRC on-site examinations and the off-site monitoring, the supervisors are required to evaluate: i) the effectiveness of the Board of Directors’ actions regarding the disclosure of timely and precise information on the relevant issues related to the institution; and ii) the performance of the Audit Committee, in the internal and external audits evaluation. During specialised inspections (VEs), the supervisors are required to evaluate performance and effectiveness of the Audit Committee and the Corporate Governance functions, where the roles of Senior Management and Audit Committee in providing reliable financial statements are assessed. Regulations (Circular BCB 2,804, of 1998) allow the BCB to require the financial institutions to amend and re-publish financial statements which are considered irregular. The BCB also assesses Pillar 3 disclosures required under regulations by the supervised institutions, through specific inspections. Regulations expressly allow the BCB to require the disclosure of supplementary information by the financial institutions, if required. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 | The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | The BCB releases every quarter analytical accounting information on its website, aggregated by the type of institution. The BCB also publishes a Financial Stability Report every half-year, which presents aggregate data and analysis of the financial system. In addition to the aggregate information, the BCB also publishes financial statements and other information on individual institutions, financial conglomerates and prudential conglomerates, on its website. Among other accounting items and indices, BCB discloses total assets, total deposits, risk weighted capital ratio, net profits, tier I capital and net worth. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Additional criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| AC1 | The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re AC1 | In addition to disclosure of several quantitative disclosures, Circular BCB 3,678 of 2013 requires the disclosure of the following which reflect flow or movement during a reporting period:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 28 | Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The supervised institutions in Brazil regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The publications are mainly in the form of published audited financial statements along with the accompanying notes, that are in compliance with the IFRS and the BR-GAAP, and the Pillar 3 disclosures that are placed on the respective institution’s websites in an easily accessible place. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Principle 29 | Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.55 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Essential criteria | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC1 | Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC1 | The regulatory framework establishes the responsibilities of the BCB and the Council for Financial Activities Control (COAF) as well as the relevant powers of enforcement in relation to criminal activities. The BCB is responsible for regulating and supervising financial institutions under the Banking Law (4595). AML/CFT is addressed under Law 9613 which provides the BCB, as the competent authority, with the authority to supervise financial institutions’ internal controls, AML/CFT compliance and also to apply administrative sanctions, when appropriate, in respect of AML/CFT (Article 12). Circular 3461 sets out the BCB’s requirements for financial institutions (and other institutions licensed by the BCB) in relation to policies and internal controls in respect of AML/CFT. In addition, the Circular requires financial institutions to inform the BCB and nominate a senior manager to be responsible for implementation and compliance of established measures and reporting of suspicious transactions to COAF. The AML Law (Law 9613) defines money laundering or concealment of assets, rights and values as a crime and sets procedures for the prevention of criminal offences. It also establishes a financial intelligence unit in Brazil: The Council for Financial Activities Control (COAF). COAF is responsible for receiving and analysing communications on suspicious transactions and cash operations, as well as producing and sending Financial Intelligence Reports to the competent authorities (General Attorney, Federal Police and others). Whistle blowing protection is available under the law in that communications made in good faith to COAF, as stated by the Law 9613 (Article 11, paragraph 2), will not result in civil or administrative liability. (See also EC11) Complementary Law 105 requires the BCB to notify the competent authorities of signs of crimes against public order, as well as of evidence of irregularities or illegal administrative offenses it has noted in the course of its supervisory activity. (See also EC4) Resolution 2554 determines the procedures that financial institutions must adopt in implementing their internal control systems. In terms of supervisory activity, the BCB and COAF work in coordination, ranging from the formulation of norms to information exchange and technical support. The BCB has a seat on COAF’s Council, and has access to the reports on suspicious transactions and cash operations made by banks to COAF. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC2 | The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC2 | The BCB separates banks into two tiers for more and less intense supervision in relation to supervision of AML/CFT. Also, and as noted in CP8, supervision of AML/CFT risks comes under the department for conduct supervision (DECON). The banks deemed to be more relevant in terms of money laundering risk (including the systemically important financial institutions), are supervised according to the Continuous Conduct Monitoring methodology (ACC). Under the ACC methodology, the BCB ensures there is one supervisor in charge of continuously assessing the corporate governance, risk management and compliance of each maior Brazilian bank in terms of AMI/CFT risk. The ACC methodology is adaptable according to the business model, risk profile and governance of each bank, allowing the BCB to focus on the most relevant issues. The BCB monitors 28 institutions, including all systemic banks under the ACC methodology. For the banks perceived to be less risky, the BCB has developed a “remote monitoring” methodology and IT system, called SisCom. Under this framework, two processes are carried out:
An ICR starts with a documentation request which is tailored to the area of activity being inspected. There is a set of around 300 questions, which is tailored and of which perhaps 100 might be sent to the institution. The bank has to respond and provide documentary evidence for its answers and the responses are reviewed for compliance with the laws and regulations. Both ICR and IDR processes lead to inspection letters and findings issued by the BCB and the requirement for a plan by the firm to remedy and regularise its situation. At the time of the assessment the DECON was planning to amend its processes so that a bank was not required to have its action plan approved before acting. Although the requirement to ensure that the bank understood what was required of it in the plan was seen as helpful to the banks, in practice it was leading to delays in remediation. The risk based methodology was developed by the BCB initially as a response to FATF findings on oversight of the non-bank sector but it was realised that the methodology would be compatible with oversight of the less systemic banking institutions. Foreign exchange transactions carried out by authorized agents, including banks, as well as external lines of credit taken by financial institutions are registered in the BCB, which records and monitors these transactions. Information received is analysed to identify weaknesses, breaches and atypical operations in particular respect for AML/CFT concerns (MSU 4-20-10-30, 4-20-20-60 and 4-20-20-90). In addition, the BCB produces bulletins and reports on this data for internal and external disclosure, as well as internal profiling reports on these agents, supporting studies, monitoring and supervisory decisions. In terms of prevention, detection and reporting, procedures that banks must meet for implementation of their internal control systems and internal audit are found in Resolution 2554. This resolution imposes an obligation on senior management to foster high ethical standards and to promote an organizational culture that demonstrates and emphasizes, to all staff, the importance of internal controls and the role of each member in the process. Duties imposed on banks regarding customer identification, data maintenance and report of suspicious transactions to the financial intelligence unit (COAF) are established in the law on AML (Law 9613) and in performing these duties, the banks must follow instructions of the BCB (see Articles 9 to 11). Circular 3461 require financial institutions to implement policies, procedures and internal controls to prevent the use of the financial system for criminal activities described by Law 9,613 (money laundering or concealment of assets, rights and values). The main aspects of this Circular are: I) Implementation of policies and internal control procedures to prevent the use of financial institutions for the abuses set out in Law 9613. Such policies must:
The procedures must include: explicit measures that determine customer due diligence, validate customers’ information, identify final beneficiaries of transactions and rules for the definition of politically exposed persons (PEPs). II) Identification of all customers: individuals, legal entities and their representatives, including final beneficiaries. Customers files must be kept updated and records of transactions held for at least 5 years; III) Monitoring of transactions to identify unusual situations; special attention to situations that pose higher risk and detection of suspicious situations; IV) Reporting to the COAF: mandatory reporting of cash transactions exceeding R$ 50,000.00, and suspicious transactions related to predicate offenses as specified in Law 9613. Complementary Law 105 provides that the reporting of suspicious criminal transactions to the relevant competent authorities does not constitute a breach of professional secrecy; V) Nomination of a senior manager responsible for the implementation and compliance with established measures, as well as for reporting of suspicious transactions to the COAF; VI) Adoption of rigorous procedures for establishing relationships with financial institutions, representatives or correspondent banks abroad, especially in countries, territories and places that do not adopt registration and control procedures similar to those defined by Circular 3461. These strengthened procedures also apply to establishing relationships with customers contacted via electronic means, through banking agents in the country or by any other indirect means. Financial institutions are required to pay particular attention to transactions with customers from countries that that are not compliant with the recommendations of the Financial Action Task Force (FATF). In cross-border relationships between correspondent banks and other similar relationships, banks should:
In the context of considering branches and subsidiaries of Brazilian financial institutions abroad, attention should be paid also to CPs 5, 6 and 7, where the BCB’s powers to approve or reject a bank’s proposed group structure are considered. VII) Financial institutions should also pay special attention to:
In addition, the MSU requires supervisors to verify that financial institutions have codes of conduct/ethics (MSU 4-30-10-50-06-01) which are disclosed to staff. Items II - VII of Circular 3461 are also applicable to branches and subsidiaries of Brazilian financial institutions abroad, when there is no legal impediment in the host country. The table below, presents the number of reports made by banks and banking conglomerates to COAF: Table 9. Total of Reports To COAF Includes reports from banks and banking conglomerates As of June 28th COAF assesses the quality of reports on a sampling basis. Each selected report receives a grade from 1 (worst) to 6 (best). The table below shows the average grade of the selected sample per year: Table 10. Average Grade of Reports To COAF Includes reports from banks and banking conglomerates As of June 28th |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC3 | In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness, or reputation of the bank | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC3 | The BCB has access to information, but does not receive standard reports from the banks on suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness, or reputation of the bank. The BCB, as part of its supervisory routine, maintains frequent communication with banks, either through in-person meetings, or through conference calls. On such occasions, information on incidents deemed to affect the soundness or reputation of the bank are shared. Also, external auditors must report any incidents of fraud, as defined in Resolution 3198, to the BCB. In addition, the BCB has access to suspicious transaction reports from banks to COAF through SisPLD. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC4 | If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC4 | According to the Complementary Law 105, the BCB must notify the competent authorities—COAF, Federal Prosecution Service (MPF) and Secretariat of the Federal Revenue of Brazil (RFB)—of signs of crimes against public order, as well as of evidence of irregularities or illegal administrative offenses, identified in the exercise of its supervision. Such reporting does not constitute a breach of professional secrecy, under the Complementary Law. The MSU (4-30-30-10-02) also establishes that supervision will report any crimes or abuses defined in Law 9613 to the Public Ministry/District Attorney’s Office. The table below, presents the number of notifications to the respective competent authority per year since 2015: Table 11. Notification to Competent Authorities—Banking Sector As of June 28th Table 11. Notification to Competent Authorities—Banking Sector
As of June 28th Table 11. Notification to Competent Authorities—Banking Sector
As of June 28th |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC5 |
The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage, and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries, and regions, as well as to products, services, transactions, and delivery channels on an ongoing basis. The CDD management program, on a group-wide basis, has as its essential elements:
(a) a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks; (b) a customer identification, verification, and due diligence program on an ongoing basis; this encompasses verification of beneficial ownership (as necessary), understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; (c) policies and processes to monitor and recognize unusual or potentially suspicious transactions; (d) enhanced due diligence on high-risk accounts (eg escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk); (e) enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and (f) clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five year retention period. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC5 | As mentioned in EC2, regulation establishes the requirements for internal control systems (Resolution 2554), as well as procedures required for AML/CFT (Circular 3461). Circular 3461 establishes that financial institutions must implement AML/CFT policies, procedures and internal controls. It also states that these policies must receive wide dissemination. Policies must cover the timely registration of customer information, which allows for the identification of risks stated in Law 9613. The policies and procedures noted above are required to include explicit measures that determine customer identification, checking customer registry information, keeping customers’ files up to date, identification of the final beneficiaries of transactions, and rules for the definition of politically exposed persons (PEPs). The BCB noted that while identifying beneficial owners is one of the more difficult issues, it was perceived as less of an issue in the banking sector compared with other financial institution sectors. KYC practices in banks are considered to be good and banks are being required to work their way through old portfolios (from the 1990s for example) to carry out checks that were not required at the inception of the transaction or banking relationship. However, the target of AML/CFT inspections over the coming year will move from a focus on documents and establishment of processes within banks to deeper examinations of KYC and detection of suspicious transactions. In addition, Circular 3691 is focused on operations in the FX market, for example, requiring customer due diligence and responsibility to ensure the lawfulness of the operations (Article 18); mechanisms to prevent circumvention of identification and registration of customers (Etc) (Article 135); ensuring that customers are qualified as necessary to participate in the transaction and setting requirements for data to be held and kept updated (Article 139). Not only are information requirements set out, but Article 139 also demands that the BCB should be given immediate access to files, and at no cost. Finally, although implementation is not yet fully in place (see also CP14, for example), Resolution 4577 requires financial institutions to implement a continuous and integrated risk management framework. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC6 |
The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include:
(a) Gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and (b) Not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC6 | The controls and policies required under Circular 3461 are heightened in respect of relationships with financial institutions, representatives or correspondents located abroad (Article I, para 4). This is particularly reinforced for countries, territories and dependencies that do not adopt registration and control procedures equivalent or similar to those defined in that circular. Banks which are headquartered abroad may hold deposit accounts in Brazilian Real (BRL), only in branches of banks licensed to operate in the FX market. Such accounts must be easy to identify and must also be registered with the BCB (Sisbacen) when the account is opened. (Circular 3691, Article 168). In order for a respondent bank to carry out international transfers in BRL on behalf of third parties, its deposit account must be registered, in accordance with the National Accounting Rules of Financial Institutions (COSIF - “4.1.1.60.30-1 - From Financial Institutions”). Such registrations are limited to accounts owned by foreign banks that maintain a steady and reciprocal correspondent relationship with the Brazilian depositary bank, or when the two institutions have a control relationship. (Circular 3691, articles 169, 177 (paragraph 1)). In respect of their cross-border relationships with correspondent banks and other similar relationships, financial institutions must: I) obtain sufficient information about the correspondent institution as to fully understand the nature of its activity and to know, based on publicly available information, the reputation of the institution and the quality of its supervision, including whether the institution has been the target of investigation or of any action by a supervisory authority, related to money laundering or terrorism financing and ensure that it’s not an institution which:
II) assess controls adopted by the correspondent institution targeting money laundering combat and terrorism financing; III) obtain approval from the senior manager responsible for the operations related to the foreign exchange market before establishing new correspondent relations; IV) document the respective responsibilities of each correspondent institution with respect to combating the money laundering and the financing of terrorism. (Circular 3691, article 170). Requirements surrounding documentary procedures and verifications when international transfers in BRL between domestic and foreign institutions that are equal to or more than than R$ 10,000.00 (BRL ten thousand), as well as requirements to ensure that legitimate documentation supporting international transfers cannot be re-used fraudulently and also to ensure requisite taxes are paid, are also addressed in Circular 3691 (Articles 173 and 174). Although regulatory requirements have been enhanced, with more documentation requirements the BCB noted no reports from banks of accounts being closed. It was observed that international banks were becoming more selective of their clients. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC7 | The supervisor determines that banks have sufficient controls and systems to prevent, identify, and report potential abuses of financial services, including money laundering and the financing of terrorism. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC7 | As noted above, Circular 3461 requires financial institutions to implement policies, procedures and internal controls in respect of AML/CFT. See EC2 for an elaboration of the required internal controls that banks have to have in place. The BCB analyses financial institutions’ systems, procedures and controls regarding AML/CFT according to standards set out in the supervisory manual (MSU 4-30-40-20-9-2; 4.30.20.30.01; 4.30.10.60) including:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC8 | The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC8 | The BCB has corrective and sanctioning powers. Please see also CP 11. These powers can be used in case of violations of anti-money laundering regulations (MSU 4-50-20). Depending on the specific case and considering the principles of legality, reasonableness and proportionality, the BCB may apply the following administrative instruments:
Resolution 4019 sets out the BCB’s powers in the event that there are situations that jeopardize or could jeopardize the stability and soundness of the National Financial System (SFN) or of financial institutions such as. The Resolution identifies: risk exposure incompatible with the management structures and internal controls of the institution and deficiency in internal controls and empowers the BCB, for example, to limit or suspend operations, new lines of business, acquisitions or new facilities. The BCB (MSU 4-50-40) may call the representatives of the financial institutions, and if necessary their controllers, and require them to sign a Commitment Letter to take corrective measures. With the creation of the Conduct Supervision Department (Decon) in December of 2012, sanctions applied for violations of anti-money laundering regulations were intensified and the timeframe between the detection of the breach until legal action has been decreasing. Table 12. ML Administrative Process—Fines and Ineligibility Sanctions—Banking Sector As of June 28th Table 12. ML Administrative Process—Fines and Ineligibility Sanctions—Banking Sector
As of June 28th Table 12. ML Administrative Process—Fines and Ineligibility Sanctions—Banking Sector
As of June 28th Additionally, since the creation of the Punitive Administrative Processes Committee of the Conduct Supervision Department (COPAC) in 2015, the timeframe between the detection of breaches and legal action has been reduced. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC9 |
The supervisor determines that banks have:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC9 | The BCB sets out requirements through resolutions and circulars as noted below. The requirements are, broadly, high level. Internal audit must be part of the internal controls system. (Resolution 2554) Internal audit must assess the effectiveness and efficiency of internal control systems, management of risks and corporate governance, taking into account current and potential risks. (Resolution 4588) Banks must nominate a senior manager responsible for implementation and compliance with the established measures and report of suspicious transactions to COAF. (Circular 3461) AML policies must define criteria and procedures for selection, training and monitoring of economic and financial situation of employees. (Circular 3461) The BCB’s evaluation is carried out through SRC, ACC and ICR inspections. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC10 | The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilize adequate management information systems to provide the banks’ Boards, management, and the dedicated officers with timely and appropriate information on such activities. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC10 | During the ACC of each bank, the supervision assesses:
In addition, Resolution 4567 determines that banks must make available a channel of communication through which stakeholders (i.e. employees, employees, customers, users, partners or suppliers) may report suspicious transactions on any nature on an anonymous basis. These reports must be available to the BCB. For banks that are not subject to ACC, such determination rests on remote inspection processes—which include documentary evidence that the banks are required to supply. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC11 | Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC11 | Under Law 9613, suspicious activity reports made in good faith to COAF will not result in administrative and civil liability. Complementary Law 105 provides the communication of administrative and criminal offenses—including information on transactions involving proceeds from any criminal activity—to the competent authorities, including the COAF, does not constitute a breach of secrecy. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC12 | The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC12 | Under Complementary Law 105, the BCB must notify the competent authorities in the event of signs of crimes against the public order, as well as evidence of irregularities or illegal administrative offenses which are uncovered in the exercise of its legal authority of supervisor. The BCB maintains agreements with domestic and foreign entities that enable cooperation and share of information among them. Some of the possible activities undertaken by these agreements are:
According to Complementary Law 105, the BCB may sign agreements with other supervisory authorities abroad and other central banks, in order to promote supervision of branches and subsidiaries of foreign institutions in Brazil and branches and subsidiaries of Brazilian financial institutions abroad as well as cooperation and information exchange. The BCB has signed agreements with foreign central banks and supervisory bodies, based on the BCBS’ model (“Essential elements of a statement of cooperation between banking supervisors”). The BCB currently has 25 Memorandum of Understanding (MoUs) with 29 foreign supervisory authorities, from 24 countries. The MoUs set out the conditions under which cooperation between the signatory authorities takes place, comprising in general, the exchange of information about supervisory issues of mutual interest, on-site examinations in cross-border establishments and provisions on information confidentiality. The BCB has signed MoUs with the supervisory authorities of the following countries: South Africa, Germany, Argentina, Bahamas, Cayman Islands, China, Chile, Colombia, South Korea, Spain, United States of America (OCC, FDIC, FED, OTS and Department of Financial Services), India, Indonesia, Italy, Luxembourg, Mexico, Panama, Portugal, Paraguay, Peru, the United Kingdom, Switzerland and Uruguay. Within the scope of these memoranda of understanding the BCB cooperates with other supervisory entities and answers around 100 surveys/ information requests a year. Among these requests, an average of five or six are related to AML/CFT issues. The BCB also signed technical cooperation agreements with the following Brazilian authorities: Ministry of Justice - National Consumer Secretariat (SENACON); Brazilian Federal Revenue Office (RFB); National Social Security Institute (INSS); Securities and Exchange Commission of Brazil (CVM); Superintendence of Private Insurance (SUSEP), other civil entities and associations. Further development of the MoU with the RFB is being made to widen the scope of information to include exchange of information on the beneficial owners of legal entities that are on the RFB database. The BCB does not have direct access to the RFB database. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| EC13 | Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description and findings re EC13 | The Conduct Supervision Department (Decon) was created in December 2012 in order to establish a hybrid approach: two departments dedicated to prudential supervision, banking and non-banking segments, and one for conduct supervision. AML/CFT issues as well as relationship with clients (transparency, disclosure and suitability requirements; products and services fees; credit and wage portability; ombudsman structure; and banking agents) fall to the Conduct Department. Decon has three Divisions (DSUP2, DSUP3 e DSUP4) dealing exclusively with AML/CFT supervision. Table 13. Decon—Human Resources—As of June 28th, 2017 Table 13. Decon—Human Resources—As of June 28th, 2017
Table 13. Decon—Human Resources—As of June 28th, 2017
Decon’s approach to supervision is outlined in EC2, with the 28 largest banks being subject to ACC (continuous supervision) by DSUP2 and all other banks subject to remote supervision by DSUP3 and DSUP4. The banks seen as most critical in terms of AML/FT risk (including SIFIs) are subject to ACC performed by DSUP2, and the less relevant institutions in terms of AML/FT risk (smaller banks and non-banking institutions) are subject to remote inspections performed by DSUP3 and DSUP4. The ACC and the remote inspections take into account information from the Financial System Monitoring Department (Desig). Table 14. Supervision Actions—Modalities of Inspection—Banking Sector As of June 28th, 2017 ICR - 5 ongoing and 18 scheduled / IDR - 1 ongoing Special Verifications - thorough inspections which used to be performed every supervisory cycle. This kind of inspection, for conduct supervision is being discontinued due to the adoption of the ACC methodology which encompasses most of the procedures of the former VEs. Table 14. Supervision Actions—Modalities of Inspection—Banking Sector
As of June 28th, 2017 ICR - 5 ongoing and 18 scheduled / IDR - 1 ongoing Special Verifications - thorough inspections which used to be performed every supervisory cycle. This kind of inspection, for conduct supervision is being discontinued due to the adoption of the ACC methodology which encompasses most of the procedures of the former VEs. Table 14. Supervision Actions—Modalities of Inspection—Banking Sector
As of June 28th, 2017 ICR - 5 ongoing and 18 scheduled / IDR - 1 ongoing Special Verifications - thorough inspections which used to be performed every supervisory cycle. This kind of inspection, for conduct supervision is being discontinued due to the adoption of the ACC methodology which encompasses most of the procedures of the former VEs. Table 15. ACC and VE—Number of Inspection Letters Table 15. ACC and VE—Number of Inspection Letters
Table 15. ACC and VE—Number of Inspection Letters
The inspection letter is a document, signed by the Head of the Division and the coordinator responsible for the inspection, used to report the findings related to the inspection to the supervised bank. Table 16. IC—Regularization Plans—Actions Proposed and Approved 8 finished, 5 as of June 28, 2017, and 18 scheduled Table 16. IC—Regularization Plans—Actions Proposed and Approved
8 finished, 5 as of June 28, 2017, and 18 scheduled Table 16. IC—Regularization Plans—Actions Proposed and Approved
8 finished, 5 as of June 28, 2017, and 18 scheduled Table 17. IDR—Regularization Plans—Actions Proposed and Approved As of June 28th, 2017 Table 17. IDR—Regularization Plans—Actions Proposed and Approved
As of June 28th, 2017 Table 17. IDR—Regularization Plans—Actions Proposed and Approved
As of June 28th, 2017 Decon does not issue any written report to provide information on risks of ML and the FT to the financial institutions. However, there are some special meetings with a bank or a group of banks in which Decon provides such information. For example, routine meetings within the scope of the ACC; moral suasion meetings (twice a year) with SIFIs’ senior management, in which Decon gives feedback to the banks about the quality and effectiveness of its AML/CFT controls and of ML situations which are posing risk to the financial system; and DSUP3 and DSUP4’s meetings with groups of institutions to report the main findings of the inspections. By the end of 2017, BCB’ Supervision area will release a guidance to banks and banking groups, which will include the disclosure of information about AML/CFT on the BCB’s website. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assessment of Principle 29 | Largely Compliant | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comments | The BCB has introduced changes and enhancements in its oversight of AML/CFT since the last FSAP. Among these changes, the “twin peaks” approach has facilitated the BCB in ensuring that prudential and conduct supervision (DESUP and DECON) are able to coordinate and provide an integrated view of a financial institution. In addition to enhancing processes and procedures, staffing levels for AML/CFT were increased. Guidance for supervisors on AML/CFT will shortly be published as part of the refreshing and enhancement of the SRC process. The BCB approach to conduct supervision is to subject the most “relevant” banks to “continuous” supervision with the remainder being subject to oversight primarily through remote processes and procedures. This approach was developed largely in response to deficiencies identified by the FATF with respect to non-banking institutions and has been seen as suitable for the treatment of the smaller and less risky. The BCB is responsible for administrative enforcement of the regulatory framework for financial institutions, with the Federal Prosecution Service being responsible for criminal prosecution. Since the creation of the Punitive Administrative Processes Committee (COPAC) in 2015, the BCB has been able to focus more on progressing cases which require sanctioning and the time taken between detection of fault and issuance of a subpoena has reduced. There is scope for further improvement, however, as the BCB is aware. The BCB also indicated that their first cycle of inspections, using the revised approach for the banks under continuous supervision, had focused primarily on adequacy of documentation and processes. The next cycle will probe more deeply into the effectiveness of KYC and the monitoring, analysis, selection and report procedures and tools used by the banks. Other areas that require attention include reporting requirements to the BCB and greater focus on supplementing the remote procedures for the banks that are not subjected to ACC. Because the BCB differentiates between banks subject to ACC and those subject to the remote inspection procedures, it-is the BCB cannot fully determine a number of the elements demanded by this CP in respect of banks subject only to remote procedures. For example, although the standard of policies and documented processes can be considered through a remote process, it is not possible to determine whether the processes are put into effect and whether the systems and controls environment is appropriate. The BCB needs to implement measures, such as additional inspections—even if on a random, sampling basis—to resist the possibility that smaller banks will be soft targets for abuse. It is also recommended that the authorities in Brazil ensure that the BCB has access to the database of the Brazilian Federal Revenue Office to cross check and confirm information on beneficial owners. After the assessment mission, the BCB confirmed that access had recently been obtained and depended only on operational arrangements, which must therefore be concluded quickly. In terms of remedial actions in the field of AML/CFT the BCB is focused on improving the timeliness of action and improvement can already be seen. The assessors agree that taking care over due process is important but with respect to AML/CFT contraventions, follow up action should not take months to launch. Overall slow processes may run the risk of non-domestic authorities (for example, the US) acting first, which would be to the detriment of the BCB and Brazilian authorities. This aspect of supervision is discussed here, but is graded in CP11 which relates to corrective actions. Changes made by the BCB include, for example, the creation of the COPAC. Nonetheless, while the lapse of time between detection and issuance of subpoena has been reducing, there is more progress to be made. The BCB has already indicated that it is in the process of shortening some of its intervention procedures which will be helpful. For example, financial institutions will in future be required to undertake remedial actions without first having to have the BCB approve their plan. The BCB also indicated that use moral suasion on banks formed one part of its approach. It was clear that the BCB places priority is placed on ensuring a more continuous contact with the major institutions and communicating the message that compliance with rules is not enough. Close contact and discipline through moral suasion are valuable components in a supervisory relationship, but in the field of AML/CFT the BCB is advised to consider a more disciplinarian approach. For example, a move towards automatic fines, or more rapid escalation processes to severe measures (suspension of business activity or loss of authorization), could communicate that there is no tolerance for failures that could lead the institution, or the financial system more widely, open to abuse. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
SUMMARY COMPLIANCE WITH THE BASEL CORE PRINCIPLES
| Core Principle | Grade | Comments |
|---|---|---|
| 1. Responsibilities, objectives and powers | C | The Banking law clearly establishes the BCB as the supervisory responsibility with a suite of tasks and powers. Further, the BCB’s corrective powers are triggered (Resolution 4019) with the aim of ensuring the solidity, stability and regular operation of the National Financial System. All laws and regulations are published in the Federal Official Gazette of Brazil. Updated Federal legislation is accessible to the public through a variety of means, among which the site of the Presidency of the Republic of Brazil: www.planalto.gov.br. Regulations issued by the CMN and the BCB are accessible to the public through the BCB site: www.bcb.gov.br. While the BCB does not have the power to issue regulations independently, it sits on the body (the CMN) that issues the regulations and has the right of initiative for any new regulation in its sphere of responsibility and no practical impediment to regulatory development was identified. |
| 2. Independence, accountability, resourcing and legal protection for supervisors | MNC | The BCB does not have full, de jure independence from the government to conduct its activities, and there are important deficiencies in relation to the assessment of this principle. The legal protection for staff of the BCB is lacking. Brazil also falls behind good practice in that there is no fixed mandate for the term of the Governor, or for Board members. Also the Governor can be dismissed from his/her position at the will of the President and there are no formal reasons for which dismissal can be made and no requirement for there to be a public disclosure of the reasons for dismissal. While the BCB appears to enjoy de facto operational independence, this is not a full substitute for independence that is confirmed in and backed by law, and is subject to due process of accountability. Ancillary points that should fall within the BCB’s own discretion include budget and personnel decisions. |
| 3. Cooperation and collaboration | C | The BCB has clear powers to exchange information with relevant authorities both domestically and abroad. Relevant MoUs are in place or are in the process of being agreed, in order to adapt to new elements of recovery and resolution, and the BCB places an emphasis on proactive and timely information sharing and of assistance when requested. |
| 4. Permissible activities | C | Information on the identity and permitted activities of all entities operating under a banking authorization is clearly available on the BCB website. Furthermore, no institution in Brazil may accept deposits, of any form, without an authorization from the BCB. There is no direct prohibition on use of the word “bank,” except in some particular cases (e.g. credit cooperatives), though trade boards are responsible for registering corporate entities and assessing the “truthfulness” or veracity of the name. No authority actively monitors whether there are institutions presenting themselves as banks without the necessary authorisations. |
| 5. Licensing criteria | C | The BCB operates a comprehensive and careful licensing process and ensures that there is scrutiny of new board members or senior executives who join the institution even after the initial license has been granted. |
| 6. Transfer of significant ownership | C | The powers of the BCB are very similar in respect of both initial authorisation and change of control. Similarly, the BCB’s practices are also careful and attention is paid to determination of ultimate control of a banking entity or group. |
| 7. Major acquisitions | C | The BCB operates under a at tight legal regime which requires it to authorize all acquisitions, significant or otherwise that are made by financial institutions. While trading activities are exempted from these requirements, the BCB is subject to an excessive number of filings that it needs to consider, not all of which have relevance to the safety and soundness of the individual institution or the financial system more broadly. |
| 8. Supervisory approach | LC | The BCB has continued to developed its high quality SRC methodology for assessing banks and has made some significant and valuable changes since the last assessment. One is through the introduction of its twin peak model so that the perspective of the prudential and conduct supervisory processes can be integrated into the overall view of the financial institution. Another is through the recent decision to place a central emphasis on the role and execution of corporate governance in financial institutions. Thirdly, the BCB has formally segmented the banking sector into categories ranging from the DSIBs (segment 1) to the micro credits and cooperatives at segment 5. This has facilitated policy reflection on the appropriate application of proportionate supervisory action, while ensuring that all institutions are assessed over a reasonable time horizon as well as ensuring that the system has flexibility to respond to emerging stress at individual institution level or at the system level. No formal distinction of process is made between publicly owned banks and privately-owned banks. The BCB has begun work on recovery and resolvability, a component in the revised 2012 BCP methodology that affects several CPs (including CPs 3, 8 and 13). This work is not yet complete and is reflected in the grade of this CP only. Because the new resolution bill had not been passed at the time of the assessment, a number of the BCB’s new internal regulations and procedures were still pending. The BCB is, however, recommended to ensure that it designs a clear decision-making process to avoid any undue delay in moving to recovery or resolution if needed. |
| 9. Supervisory techniques and tools | C | As the FSB has noted “Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring” (April 2017). This monitoring has been used in support of financial stability at system level and also at individual institution level. The BCB has very clearly expended considerable efforts in mobilizing an extremely wide range of primary transaction data—credit register and trade repositories for example–to support the activity of the on and offsite supervisors in the area of contagion risk most particularly. The BCB has a well thought out supervisory strategy to enable it to target, manage and monitor its supervisory processes. Supervisory planning is a proactive process, taking into account a range of sources, from the idiosyncratic needs of a conglomerate to wider macro concerns, identified through COMEF or COREMEC. The supervisory manual provides a clear guide to support both quantitative and qualitative tasks. |
| 10. Supervisory reporting | C | The BCB obtains a very wide range of data from the supervised entities and both the on-site (DESUP) and offsite (DESIG) departments have access to a suite of analytical tools and resources to scrutinize the data and carry out comparative studies and investigations. The assessors were able to see a number of these tools in operation. Although this principle is marked compliant, there are some gaps in the BCB approach as the principle asks the supervisor to obtain and analyze information from banks on both a solo and a consolidated basis. While the BCB obtains some data on an individual bank level, it does not require a full range of prudential information on a solo basis. This specific topic is graded in CP12 on consolidated supervision so please see also comments there. In any case, without clear knowledge of the solo bank it is not possible to determine, for example, if it continues to meet its conditions for authorization on an ongoing basis, or may be unduly reliant on other parts of the conglomerate for support. It is clear that the in view of the extensive data bases, such as the credit registry, and analytic capability of the BCB, the supervisors are able to cross check returns submitted by conglomerates and even to recreate prudential returns that are not submitted, such as large exposures for the conglomerates by aggregating the exposures of the entities within the conglomerate from the registries and repositories. At the time of the FSAP, the assessors were not aware of any other supervisory authority with such capability. Nevertheless, although the BCB is encouraged strongly to maintain its existing data requirements it is equally strongly recommended to add to them by ensuring all banks also submit solo prudential returns covering all the standard prudential data such as large exposures, related party exposure, problem assets. This requirement would signal an important onus on the financial institutions that they are responsible for monitoring and managing these prudential and risk dimensions. The financial institutions must be under the discipline and obligation to bring information proactively to the BCB rather than rely on the BCB to cross check and, by any other name, act as a supplementary risk management function for the bank. |
| 11. Corrective and sanctioning powers of supervisors | LC | The BCB has a wide range of powers and tools to impose corrective and remedial measures. During the assessment, Provisional Measure 784 which provided the BCB with greater flexibility to tailor the supervisory action to the specific concern as well as to expedite its processes had lapsed and was replaced by a new Ordinary Law (13,506). In the period between the lapse of the Provisional Measure and the enforcement of the new law, the BCB retained its core powers to act but lacked important flexibility, which is critical for supervisory authorities. Based on the assessors’ review of materials, the BCB is attentive to real or potential deterioration in the condition and governance of an institution and is ready to use available tools to act at an early stage as well as to escalate its actions. While careful due process is essential, the overall timescales observed are a concern. One possible source of the lengthy timelines was the lack of graduated, escalation in instruments that has now been remedied by the new Ordinary Law 13, 506. |
| 12. Consolidated supervision | LC | The BCB methodology that ensures a prudential conglomerate includes all entities that are relevant to the understanding of the banking group and the use of Contagion Risk analysis in the supervisory approach yield valuable insights into group risk. The BCB does not, however, systematically obtain or assess an individual banking entity within a prudential conglomerate against prudential standards. In practical terms it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. The system, as currently designed and organized, means that the BCB has not communicated the expectation or established the requirement that an individual bank within the conglomerate is continuing to meet the prudential standards that were required of it for authorization. In undertaking resolvability assessment and planning, the BCB will need to understand any obstacles to the transfer of liquidity and capital across the entities of a group, and to require changes to group structure if impediments are identified. Although the Brazilian banking system is largely domestic, it has some cross-border features in respect of some of the DSIB, and even within a purely domestic context, past experience in other jurisdictions has demonstrated that a banking entity cannot necessarily rely on prompt access to group capital or liquidity resources in time of stress, which puts a premium on solo supervision and the provision of information for any individual bank within a prudential conglomerate. As argued in other principles it is necessary for financial institutions with banking authorizations to recognize the onus is on them to provide the BCB with information and not rely on the BCB to gather and assess such information independently. Equally, as this CP indicates, it is appropriate for the BCB to make its expectations clear that prudential standards should be met and monitored at all times on a solo basis for any individual bank within a prudential conglomerate. |
| 13. Home-host relationships | C | The BCB has made efforts to establish effective communication with its peer authorities in the context of both home and host supervision. The banks with whom the assessors met spoke highly of their experience of international coordination by the BCB. Some aspects of the BCB’s supervisory approach could be enhanced, in terms of formal communication with the supervised banks and frequency of cross border supervisory college meetings where the Brazilian bank has systemic subsidiaries in the host jurisdiction. Although the BCB’s work on recovery and resolution planning with its banks is not yet fully completed, this component of CP13 is graded in CP8. |
| 14. Corporate governance | LC | The BCB has reoriented its supervisory approach (SRC and targeted on-site inspections) to reflect the weight it places on sound corporate governance within financial institutions. Analytical internal documents in the BCB and discussions with banks were consistent with the emphasis that the BCB places on corporate governance. The BCB’s attitude and work that it has undertaken to date is highly commendable. The corporate governance work is, however, still in progress. Some important components are not yet in place, notably including the fact that the critical Resolution on risk management and governance (Resolution 4557) has only been in force for 6 months for the systemic banks and is not yet in force (until February 2018) for the rest of the banking sector. |
| 15. Risk management process | C | The regulatory and supervisory frameworks come together collectively to promote a comprehensive risk management culture and frameworks in the banks operating in Brazil. The frameworks are required to be compliant with the key elements of risk management (identify, measure, monitor and manage) and also are required to be comprehensive in scope to cover all material risks, in proportion to their materiality, and the risk profile and systemic relevance of the institutions. This is achieved in some degree with the adoption of the segment approach. The regulations are comprehensive and explicitly establish detailed expectations for credit, market, operational and liquidity risk management frameworks and the related governance frameworks. While the work on recovery and resolution planning is progressing for the large banks, the stress testing and contingency planning requirements help in assessing the resilience and preparedness in the other banks. |
| 16. Capital adequacy | C | Banks in Brazil are implementing the Basel III capital requirements and the capital rules have been assessed as compliant by the Basel Committee. Instead of a full deduction, Basel III allows DTAs that arise from temporary differences (such as loan loss provisions to be included in CET1 capital, up to 10% of the bank’s common equity. In Brazil, law (No. 12,838 of July 2013), allows banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are included in CET1 capital and constitute about 25 percent of CET1 capital. Banks are on the transition path and expect to fully implement Basel III by 1 January 2019. While the definitions of capital, Pillar 1 capital requirements, and the SREP under Pillar 2 apply to banks in all segments, the Pillar 2 ICAAP apply only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. All banks are required to maintain capital for interest rate risk in the banking book, but not as a binding requirement. At present the prudential capital requirements apply only at the consolidated level (at the level of the prudential conglomerate). BCB is yet to establish thresholds with reference to which it might trigger a supervisory action. |
| 17. Credit risk | C | The regulatory and supervisory requirements for credit risk management frameworks combine well to assure adequate and well-functioning frameworks in the supervised institutions. These requirements are well supported by periodical monitoring and analyses of banks’ credit risk exposures that equips the supervisors to challenge the banks’ systems and verify the outputs or outcomes of the banks’ risk management systems. At the same time, as can be seen in this CP and the other credit risk related CPs, there are a few areas that can be improved, and these have been specified in the relevant credit risk related CPs. |
| 18. Problem assets, provisions, and reserves | LC | The supervisory framework for determining that the supervised institutions have adequate policies and processes for early identification and management of problem assets and the maintenance of adequate provisions is largely in place. In the absence of explicit reporting by banks, BCB can be seen as estimating the size of NPLs from exposure perspective and from ‘renegotiation’ perspective. Absence of explicit requirement to adopt expected loss approach for all types of exposures, combined with absence of explicit guidance on eligible collateral and valuation thereof for provisioning for problem exposures can pose challenges to assessing adequacy of provisions held by banks. The regulatory framework that lays out the minimum requirements for the identification, measurement and provisioning for problem assets is in transition and needs to stabilize. Resolution 4557 of 2017 addresses some of the regulatory gaps. In addition, there is a need for comprehensive definition of exposure for classification and provisioning purposes, clear norms for reclassification of assets to lower risk categories, explicit adoption of expected loss approach for all types of exposures, harmonization of norms for classification and provisioning irrespective of maturity, norms for collateral eligibility and valuation for determining provisioning for problem exposures. |
| 19. Concentration risk and large exposure limits | LC | The operating regulations for concentration risk for most banks (S2 to S5) have a few gaps, which can give rise to variations and bank level discretion while implementing the risk management framework to address concentration risk. The key gaps have been addressed in the Resolution 4557 of 2017, that has already become effective for S1 banks from August 2017 and will become effective for the other banks from February 2018. While some banks may be already in compliance with the revised requirements, system-wide implementation will, understandably take some more time. There are a few additional areas where the lack of clarity may be introducing distortions in implementation. In the absence of (a) an explicit definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective, (b) explicit reporting from banks on their exposures to single or connected counterparties, (c) comprehensive database of all connected parties - through control and through economic interconnectedness, and since the assessment of name concentration is undertaken by the BCB, it is unclear how comprehensive or effective this monitoring can be. Also, in the absence of (a) an explicit reporting from banks on their exposures to economic sectors, geographic regions, and credit risk mitigants; (b) guidance or database on inter-sector correlations or correlations among geographic regions or credit risk mitigants; the supervisors are not able to challenge the assessment of concentration risks and their management by the banks. |
| 20. Transactions with related parties | MNC | The key variances from the Basel norms are non-inclusion of all types of related parties within the prudential purview, absence of an explicit and complete definition of related party transactions for prudential purposes, the absence of a prudential limit on banks’ aggregate exposure to related parties, the gaps in the governance requirements, absence of explicit requirement for policies and processes for related party transactions, the absence of explicit and focused supervisory (prudential) reporting requirement for transactions with and exposure to related parties and application of the prudential requirements at the level of the prudential conglomerates and not at the level of the solo bank(s) within the conglomerates. These collectively result in significant gaps in the prudential regime for transactions with related parties. The BCB strives to monitor related party transaction by reviewing extensively the periodical accounting information received from the supervised entities, SCR database, the database on market transactions received from the TRs and the Unicad database. Given the gaps in the definition of related party and the definition of related party transactions, and the absence of a dedicated off-site supervisory (prudential) report on related party exposures, it is unclear that the universe of the database that is reviewed by the BCB is complete. For example, some transactions that may not be reflected in the above databases are transactions with related parties that are outside the list specified in law or regulations; sale and purchase of assets that are outside the scope of the TRs, and the service contracts with related parties. The supervisory routines prescribed in the supervisory manual, with reference to assessment of inherent risks and control risks pertaining to credit risk do not explicitly articulate a focus on related party exposures and related party transactions and the governance requirements that are relevant for such exposures and transactions. |
| 21. Country and transfer risks | MNC | The requirements under laws and regulations on management of country and transfer risks by financial institutions is not explicit. It is subsumed under the regulations for risk management and under credit risk management. The description of country risk established in the regulations is at variance from the Basel definition, which is wider than the default of the counterparty. The current description and the supervisory approach are adopting an ‘immediate risk’ perspective (direct exposures), and do not take into consideration the “ultimate” risk perspective (direct and indirect exposures). Banks are yet to be explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. The BCB is yet to issue specific guidance or establish specific requirements for the measurement and grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. There are no explicit requirements for establishing provisions for country and transfer risk exposures, and for stress testing country and transfer risk exposures. These need to be viewed along with the absence of supervisory information system that tracks and monitors the exposures from an ultimate risk perspective, the risk grading of these exposures and the provisions held by the banks for these risks. |
| 22. Market risk | C | On the basis of the off-site inputs, the Supervisors are able to determine the market risk exposures of banks on almost daily basis and pursue with them as required, both from a market risk perspective and from a funding liquidity perspective (arising from interplay between market and liquidity risks). While market risk is not significant at a system level, it is significant for several S3 and S4 institutions. These gains added significance given the potential challenges to establishing a robust governance framework in these institutions, particularly when they are unlisted. While the regulatory framework has been recently improved with the issue of Resolution 4557 of 2017, which will become fully effective for all institutions from February 2018, they lack explicit and clear articulation of the norms and minimum requirements, including governance elements, pertaining to shifting of instruments from and to the trading book. |
| 23. Interest rate risk in the banking book | C | Gaps can be noticed in the area of regulations relating to risk management framework for IRRBB, including governance and board or senior management oversight requirements. However, these have been adequately addressed from at least three fronts: with the clear articulation of the framework for measuring and reviewing banks’ exposures to IRRBB and the introduction of conservative requirements for such measurement taking into account the Brazilian interest rate environment; the requirement for all banks to hold capital for IRRBB exposures; and with the issue of the Resolution 4557 of 2017 which has become effective for S1 banks from August 2017 and will be effective for the other banks by February 2018; The BCB is already in the process of reviewing and revising the regulatory and supervisory frameworks for IRRBB, to align closer to the Basel norms and expectations (BCBS IRRBB - April 2016). This is expected to be completed in early 2018. |
| 24. Liquidity risk | C | The regulatory requirement (LCR) set by the BCB complies with the Basel standards. The supervisors monitor the liquidity situation in the banks on almost a daily basis, including implications of potential stress from market risk situations. The multiple liquidity monitoring tools and methodologies deployed by supervision provides the supervisors an assurance of the banks’ ability to meet their respective liquidity needs. They are able to draw additional comfort with the qualitative assessment of the banks’ liquidity risk management frameworks undertaken through the ongoing and continuous supervision approach. |
| 25. Operational risk | LC | The regulatory framework of operational risk management was initially established in 2007 to support the qualitative requirements of the Basel II framework when it was introduced. This was less prescriptive, but this has been largely addressed with the issue of Res. CMN 4557, which is effective for S1 banks from Aug 2017 and will be effective for the other banks from Feb 2018. The main areas of improvement achieved through CMN 4557 include those pertaining to IT risk, outsourcing, business continuity planning and compilation of operational risk loss data. While these can help, it may take a while for the new initiatives to bear fruit. The supervisory framework has been evolving over the period. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. |
| 26. Internal control and audit | LC | The regulatory framework prior to the issue of the Resolutions CMN 4595 and CMN 4588, was focused on the internal controls in the supervised institutions. The regulations place the responsibility of establishing the internal control systems and ensuring their effective functioning on the board of directors and senior management in the banks. Part of the responsibility was also cast on the audit committee in the banks. In Brazil, unlisted banks are not required to establish a board of directors (non-executive), need not establish audit committee when they are small, and shareholders can constitute the senior management. Of the 116 unlisted banks, 41 have established Board of Directors. Of the remaining 75 banks accounting for about R$540 billion in total assets (6.8% market share), 46 are foreign owned banks (5.8% market share). Regulations permit internal audit to be part of the internal control function with the requirement that internal audit will report to the senior management. At the same time, the compliance function is not a requirement and the requirements for the internal audit framework is less sophisticated. Collectively, these features can seriously undermine the effectiveness of the internal control and internal audit functions in these banks. The Resolutions CMN 4595 and 4588 become effective on 31 December 2017. While these can help, it may take a while for the new initiatives to bear fruit. Drawing on the requirements of Resolution 2,554 of 1998, BCB has been supervising financial institutions’ “internal controls system”, which comprises the internal controls, compliance and internal audit functions. BCB’s supervisory practices aim at evaluating the effectiveness of compliance and internal audit functions in supervised institutions, including small ones, observing the supervisory cycle established for each of these institutions. |
| 27. Financial reporting and external audit | C | The financial statements prepared and published by the financial institutions are in compliance with the Cosif (Brazil GAAP) and the IFRS. These statements are audited by independent external auditors who are required to perform the audits in compliance with the international auditing standards, and the audited financial statement are published along with the explanatory notes and auditors’ opinion at least at half-yearly intervals, both at solo and consolidated levels. Laws, regulations and the supervisor ensure appropriate governance arrangements are in place in the financial institutions for overseeing the external audit function. |
| 28. Disclosure and transparency | C | The supervised institutions in Brazil regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The publications are mainly in the form of published audited financial statements along with the accompanying notes, that are in compliance with the IFRS and the BR-GAAP, and the Pillar 3 disclosures that are placed on the respective institution’s websites in an easily accessible place. |
| 29. Abuse of financial services | LC | The BCB has introduced changes and enhancements in its oversight of AML/CFT since the last FSAP. Among these changes, the “twin peaks” approach has facilitated coordination between prudential and conduct supervision; a new committee on punitive administrative processes has been created and staffing levels for AML/CFT have been increased. The BCB differentiates between banks subject to continuous oversight and those, perceived to be less risky, to which it applies a remote inspection process. Enhancement to supervisory processes are not yet complete. More efforts are required to reduce time between detection of deficiencies and punitive action. The BCB is aware of this and has certain administrative changes in hand. Also, the next cycle of onsite inspections will move beyond examining the overall adequacy of documentation and processes into the effectiveness of KYC and the monitoring, analysis, selection and report procedures and tools used by the banks. Supervisory guidance on AML/CFT is expected to be issued by end 2018. |
| Core Principle | Grade | Comments |
|---|---|---|
| 1. Responsibilities, objectives and powers | C | The Banking law clearly establishes the BCB as the supervisory responsibility with a suite of tasks and powers. Further, the BCB’s corrective powers are triggered (Resolution 4019) with the aim of ensuring the solidity, stability and regular operation of the National Financial System. All laws and regulations are published in the Federal Official Gazette of Brazil. Updated Federal legislation is accessible to the public through a variety of means, among which the site of the Presidency of the Republic of Brazil: www.planalto.gov.br. Regulations issued by the CMN and the BCB are accessible to the public through the BCB site: www.bcb.gov.br. While the BCB does not have the power to issue regulations independently, it sits on the body (the CMN) that issues the regulations and has the right of initiative for any new regulation in its sphere of responsibility and no practical impediment to regulatory development was identified. |
| 2. Independence, accountability, resourcing and legal protection for supervisors | MNC | The BCB does not have full, de jure independence from the government to conduct its activities, and there are important deficiencies in relation to the assessment of this principle. The legal protection for staff of the BCB is lacking. Brazil also falls behind good practice in that there is no fixed mandate for the term of the Governor, or for Board members. Also the Governor can be dismissed from his/her position at the will of the President and there are no formal reasons for which dismissal can be made and no requirement for there to be a public disclosure of the reasons for dismissal. While the BCB appears to enjoy de facto operational independence, this is not a full substitute for independence that is confirmed in and backed by law, and is subject to due process of accountability. Ancillary points that should fall within the BCB’s own discretion include budget and personnel decisions. |
| 3. Cooperation and collaboration | C | The BCB has clear powers to exchange information with relevant authorities both domestically and abroad. Relevant MoUs are in place or are in the process of being agreed, in order to adapt to new elements of recovery and resolution, and the BCB places an emphasis on proactive and timely information sharing and of assistance when requested. |
| 4. Permissible activities | C | Information on the identity and permitted activities of all entities operating under a banking authorization is clearly available on the BCB website. Furthermore, no institution in Brazil may accept deposits, of any form, without an authorization from the BCB. There is no direct prohibition on use of the word “bank,” except in some particular cases (e.g. credit cooperatives), though trade boards are responsible for registering corporate entities and assessing the “truthfulness” or veracity of the name. No authority actively monitors whether there are institutions presenting themselves as banks without the necessary authorisations. |
| 5. Licensing criteria | C | The BCB operates a comprehensive and careful licensing process and ensures that there is scrutiny of new board members or senior executives who join the institution even after the initial license has been granted. |
| 6. Transfer of significant ownership | C | The powers of the BCB are very similar in respect of both initial authorisation and change of control. Similarly, the BCB’s practices are also careful and attention is paid to determination of ultimate control of a banking entity or group. |
| 7. Major acquisitions | C | The BCB operates under a at tight legal regime which requires it to authorize all acquisitions, significant or otherwise that are made by financial institutions. While trading activities are exempted from these requirements, the BCB is subject to an excessive number of filings that it needs to consider, not all of which have relevance to the safety and soundness of the individual institution or the financial system more broadly. |
| 8. Supervisory approach | LC | The BCB has continued to developed its high quality SRC methodology for assessing banks and has made some significant and valuable changes since the last assessment. One is through the introduction of its twin peak model so that the perspective of the prudential and conduct supervisory processes can be integrated into the overall view of the financial institution. Another is through the recent decision to place a central emphasis on the role and execution of corporate governance in financial institutions. Thirdly, the BCB has formally segmented the banking sector into categories ranging from the DSIBs (segment 1) to the micro credits and cooperatives at segment 5. This has facilitated policy reflection on the appropriate application of proportionate supervisory action, while ensuring that all institutions are assessed over a reasonable time horizon as well as ensuring that the system has flexibility to respond to emerging stress at individual institution level or at the system level. No formal distinction of process is made between publicly owned banks and privately-owned banks. The BCB has begun work on recovery and resolvability, a component in the revised 2012 BCP methodology that affects several CPs (including CPs 3, 8 and 13). This work is not yet complete and is reflected in the grade of this CP only. Because the new resolution bill had not been passed at the time of the assessment, a number of the BCB’s new internal regulations and procedures were still pending. The BCB is, however, recommended to ensure that it designs a clear decision-making process to avoid any undue delay in moving to recovery or resolution if needed. |
| 9. Supervisory techniques and tools | C | As the FSB has noted “Brazil stands out among its FSB peers for the pioneering work it has carried out on trade reporting and its use in systemic risk monitoring” (April 2017). This monitoring has been used in support of financial stability at system level and also at individual institution level. The BCB has very clearly expended considerable efforts in mobilizing an extremely wide range of primary transaction data—credit register and trade repositories for example–to support the activity of the on and offsite supervisors in the area of contagion risk most particularly. The BCB has a well thought out supervisory strategy to enable it to target, manage and monitor its supervisory processes. Supervisory planning is a proactive process, taking into account a range of sources, from the idiosyncratic needs of a conglomerate to wider macro concerns, identified through COMEF or COREMEC. The supervisory manual provides a clear guide to support both quantitative and qualitative tasks. |
| 10. Supervisory reporting | C | The BCB obtains a very wide range of data from the supervised entities and both the on-site (DESUP) and offsite (DESIG) departments have access to a suite of analytical tools and resources to scrutinize the data and carry out comparative studies and investigations. The assessors were able to see a number of these tools in operation. Although this principle is marked compliant, there are some gaps in the BCB approach as the principle asks the supervisor to obtain and analyze information from banks on both a solo and a consolidated basis. While the BCB obtains some data on an individual bank level, it does not require a full range of prudential information on a solo basis. This specific topic is graded in CP12 on consolidated supervision so please see also comments there. In any case, without clear knowledge of the solo bank it is not possible to determine, for example, if it continues to meet its conditions for authorization on an ongoing basis, or may be unduly reliant on other parts of the conglomerate for support. It is clear that the in view of the extensive data bases, such as the credit registry, and analytic capability of the BCB, the supervisors are able to cross check returns submitted by conglomerates and even to recreate prudential returns that are not submitted, such as large exposures for the conglomerates by aggregating the exposures of the entities within the conglomerate from the registries and repositories. At the time of the FSAP, the assessors were not aware of any other supervisory authority with such capability. Nevertheless, although the BCB is encouraged strongly to maintain its existing data requirements it is equally strongly recommended to add to them by ensuring all banks also submit solo prudential returns covering all the standard prudential data such as large exposures, related party exposure, problem assets. This requirement would signal an important onus on the financial institutions that they are responsible for monitoring and managing these prudential and risk dimensions. The financial institutions must be under the discipline and obligation to bring information proactively to the BCB rather than rely on the BCB to cross check and, by any other name, act as a supplementary risk management function for the bank. |
| 11. Corrective and sanctioning powers of supervisors | LC | The BCB has a wide range of powers and tools to impose corrective and remedial measures. During the assessment, Provisional Measure 784 which provided the BCB with greater flexibility to tailor the supervisory action to the specific concern as well as to expedite its processes had lapsed and was replaced by a new Ordinary Law (13,506). In the period between the lapse of the Provisional Measure and the enforcement of the new law, the BCB retained its core powers to act but lacked important flexibility, which is critical for supervisory authorities. Based on the assessors’ review of materials, the BCB is attentive to real or potential deterioration in the condition and governance of an institution and is ready to use available tools to act at an early stage as well as to escalate its actions. While careful due process is essential, the overall timescales observed are a concern. One possible source of the lengthy timelines was the lack of graduated, escalation in instruments that has now been remedied by the new Ordinary Law 13, 506. |
| 12. Consolidated supervision | LC | The BCB methodology that ensures a prudential conglomerate includes all entities that are relevant to the understanding of the banking group and the use of Contagion Risk analysis in the supervisory approach yield valuable insights into group risk. The BCB does not, however, systematically obtain or assess an individual banking entity within a prudential conglomerate against prudential standards. In practical terms it is unlikely that a solo bank would be likely to experience extensive deterioration before the multiple monitoring tools of the BCB detected a concern, but responsive as the BCB is, this is a reactive and not a proactive stance. The system, as currently designed and organized, means that the BCB has not communicated the expectation or established the requirement that an individual bank within the conglomerate is continuing to meet the prudential standards that were required of it for authorization. In undertaking resolvability assessment and planning, the BCB will need to understand any obstacles to the transfer of liquidity and capital across the entities of a group, and to require changes to group structure if impediments are identified. Although the Brazilian banking system is largely domestic, it has some cross-border features in respect of some of the DSIB, and even within a purely domestic context, past experience in other jurisdictions has demonstrated that a banking entity cannot necessarily rely on prompt access to group capital or liquidity resources in time of stress, which puts a premium on solo supervision and the provision of information for any individual bank within a prudential conglomerate. As argued in other principles it is necessary for financial institutions with banking authorizations to recognize the onus is on them to provide the BCB with information and not rely on the BCB to gather and assess such information independently. Equally, as this CP indicates, it is appropriate for the BCB to make its expectations clear that prudential standards should be met and monitored at all times on a solo basis for any individual bank within a prudential conglomerate. |
| 13. Home-host relationships | C | The BCB has made efforts to establish effective communication with its peer authorities in the context of both home and host supervision. The banks with whom the assessors met spoke highly of their experience of international coordination by the BCB. Some aspects of the BCB’s supervisory approach could be enhanced, in terms of formal communication with the supervised banks and frequency of cross border supervisory college meetings where the Brazilian bank has systemic subsidiaries in the host jurisdiction. Although the BCB’s work on recovery and resolution planning with its banks is not yet fully completed, this component of CP13 is graded in CP8. |
| 14. Corporate governance | LC | The BCB has reoriented its supervisory approach (SRC and targeted on-site inspections) to reflect the weight it places on sound corporate governance within financial institutions. Analytical internal documents in the BCB and discussions with banks were consistent with the emphasis that the BCB places on corporate governance. The BCB’s attitude and work that it has undertaken to date is highly commendable. The corporate governance work is, however, still in progress. Some important components are not yet in place, notably including the fact that the critical Resolution on risk management and governance (Resolution 4557) has only been in force for 6 months for the systemic banks and is not yet in force (until February 2018) for the rest of the banking sector. |
| 15. Risk management process | C | The regulatory and supervisory frameworks come together collectively to promote a comprehensive risk management culture and frameworks in the banks operating in Brazil. The frameworks are required to be compliant with the key elements of risk management (identify, measure, monitor and manage) and also are required to be comprehensive in scope to cover all material risks, in proportion to their materiality, and the risk profile and systemic relevance of the institutions. This is achieved in some degree with the adoption of the segment approach. The regulations are comprehensive and explicitly establish detailed expectations for credit, market, operational and liquidity risk management frameworks and the related governance frameworks. While the work on recovery and resolution planning is progressing for the large banks, the stress testing and contingency planning requirements help in assessing the resilience and preparedness in the other banks. |
| 16. Capital adequacy | C | Banks in Brazil are implementing the Basel III capital requirements and the capital rules have been assessed as compliant by the Basel Committee. Instead of a full deduction, Basel III allows DTAs that arise from temporary differences (such as loan loss provisions to be included in CET1 capital, up to 10% of the bank’s common equity. In Brazil, law (No. 12,838 of July 2013), allows banks to convert DTAs arising from loan loss provisions into eligible tax credits (DTCs) when the bank’s taxable income in any year is negative (loss) or when the bank is bankrupt or subject to extra-judicial liquidation. The DTAs arising from other causes are not eligible for such conversion. The law allows banks that have eligible tax credits to claim compensation in the form of cash or securities issued by the central government. As confirmed in the RCAP work on Brazil’s capital framework, the Basel Committee recognizes such DTCs as capital in cases where the law supports this treatment. In Brazil, the DTCs arising from loan loss provisions amounting to R$146 billion are included in CET1 capital and constitute about 25 percent of CET1 capital. Banks are on the transition path and expect to fully implement Basel III by 1 January 2019. While the definitions of capital, Pillar 1 capital requirements, and the SREP under Pillar 2 apply to banks in all segments, the Pillar 2 ICAAP apply only to S1 institutions, and a simplified ICAAP is planned to be introduced from 2018 for S2 institutions. All banks are required to maintain capital for interest rate risk in the banking book, but not as a binding requirement. At present the prudential capital requirements apply only at the consolidated level (at the level of the prudential conglomerate). BCB is yet to establish thresholds with reference to which it might trigger a supervisory action. |
| 17. Credit risk | C | The regulatory and supervisory requirements for credit risk management frameworks combine well to assure adequate and well-functioning frameworks in the supervised institutions. These requirements are well supported by periodical monitoring and analyses of banks’ credit risk exposures that equips the supervisors to challenge the banks’ systems and verify the outputs or outcomes of the banks’ risk management systems. At the same time, as can be seen in this CP and the other credit risk related CPs, there are a few areas that can be improved, and these have been specified in the relevant credit risk related CPs. |
| 18. Problem assets, provisions, and reserves | LC | The supervisory framework for determining that the supervised institutions have adequate policies and processes for early identification and management of problem assets and the maintenance of adequate provisions is largely in place. In the absence of explicit reporting by banks, BCB can be seen as estimating the size of NPLs from exposure perspective and from ‘renegotiation’ perspective. Absence of explicit requirement to adopt expected loss approach for all types of exposures, combined with absence of explicit guidance on eligible collateral and valuation thereof for provisioning for problem exposures can pose challenges to assessing adequacy of provisions held by banks. The regulatory framework that lays out the minimum requirements for the identification, measurement and provisioning for problem assets is in transition and needs to stabilize. Resolution 4557 of 2017 addresses some of the regulatory gaps. In addition, there is a need for comprehensive definition of exposure for classification and provisioning purposes, clear norms for reclassification of assets to lower risk categories, explicit adoption of expected loss approach for all types of exposures, harmonization of norms for classification and provisioning irrespective of maturity, norms for collateral eligibility and valuation for determining provisioning for problem exposures. |
| 19. Concentration risk and large exposure limits | LC | The operating regulations for concentration risk for most banks (S2 to S5) have a few gaps, which can give rise to variations and bank level discretion while implementing the risk management framework to address concentration risk. The key gaps have been addressed in the Resolution 4557 of 2017, that has already become effective for S1 banks from August 2017 and will become effective for the other banks from February 2018. While some banks may be already in compliance with the revised requirements, system-wide implementation will, understandably take some more time. There are a few additional areas where the lack of clarity may be introducing distortions in implementation. In the absence of (a) an explicit definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective, (b) explicit reporting from banks on their exposures to single or connected counterparties, (c) comprehensive database of all connected parties - through control and through economic interconnectedness, and since the assessment of name concentration is undertaken by the BCB, it is unclear how comprehensive or effective this monitoring can be. Also, in the absence of (a) an explicit reporting from banks on their exposures to economic sectors, geographic regions, and credit risk mitigants; (b) guidance or database on inter-sector correlations or correlations among geographic regions or credit risk mitigants; the supervisors are not able to challenge the assessment of concentration risks and their management by the banks. |
| 20. Transactions with related parties | MNC | The key variances from the Basel norms are non-inclusion of all types of related parties within the prudential purview, absence of an explicit and complete definition of related party transactions for prudential purposes, the absence of a prudential limit on banks’ aggregate exposure to related parties, the gaps in the governance requirements, absence of explicit requirement for policies and processes for related party transactions, the absence of explicit and focused supervisory (prudential) reporting requirement for transactions with and exposure to related parties and application of the prudential requirements at the level of the prudential conglomerates and not at the level of the solo bank(s) within the conglomerates. These collectively result in significant gaps in the prudential regime for transactions with related parties. The BCB strives to monitor related party transaction by reviewing extensively the periodical accounting information received from the supervised entities, SCR database, the database on market transactions received from the TRs and the Unicad database. Given the gaps in the definition of related party and the definition of related party transactions, and the absence of a dedicated off-site supervisory (prudential) report on related party exposures, it is unclear that the universe of the database that is reviewed by the BCB is complete. For example, some transactions that may not be reflected in the above databases are transactions with related parties that are outside the list specified in law or regulations; sale and purchase of assets that are outside the scope of the TRs, and the service contracts with related parties. The supervisory routines prescribed in the supervisory manual, with reference to assessment of inherent risks and control risks pertaining to credit risk do not explicitly articulate a focus on related party exposures and related party transactions and the governance requirements that are relevant for such exposures and transactions. |
| 21. Country and transfer risks | MNC | The requirements under laws and regulations on management of country and transfer risks by financial institutions is not explicit. It is subsumed under the regulations for risk management and under credit risk management. The description of country risk established in the regulations is at variance from the Basel definition, which is wider than the default of the counterparty. The current description and the supervisory approach are adopting an ‘immediate risk’ perspective (direct exposures), and do not take into consideration the “ultimate” risk perspective (direct and indirect exposures). Banks are yet to be explicitly required to establish policies and procedures for identifying, measuring, monitoring and managing country and transfer risks. The BCB is yet to issue specific guidance or establish specific requirements for the measurement and grading of exposure to country and transfer risks and for the periodical reporting of these exposures to the BCB. There are no explicit requirements for establishing provisions for country and transfer risk exposures, and for stress testing country and transfer risk exposures. These need to be viewed along with the absence of supervisory information system that tracks and monitors the exposures from an ultimate risk perspective, the risk grading of these exposures and the provisions held by the banks for these risks. |
| 22. Market risk | C | On the basis of the off-site inputs, the Supervisors are able to determine the market risk exposures of banks on almost daily basis and pursue with them as required, both from a market risk perspective and from a funding liquidity perspective (arising from interplay between market and liquidity risks). While market risk is not significant at a system level, it is significant for several S3 and S4 institutions. These gains added significance given the potential challenges to establishing a robust governance framework in these institutions, particularly when they are unlisted. While the regulatory framework has been recently improved with the issue of Resolution 4557 of 2017, which will become fully effective for all institutions from February 2018, they lack explicit and clear articulation of the norms and minimum requirements, including governance elements, pertaining to shifting of instruments from and to the trading book. |
| 23. Interest rate risk in the banking book | C | Gaps can be noticed in the area of regulations relating to risk management framework for IRRBB, including governance and board or senior management oversight requirements. However, these have been adequately addressed from at least three fronts: with the clear articulation of the framework for measuring and reviewing banks’ exposures to IRRBB and the introduction of conservative requirements for such measurement taking into account the Brazilian interest rate environment; the requirement for all banks to hold capital for IRRBB exposures; and with the issue of the Resolution 4557 of 2017 which has become effective for S1 banks from August 2017 and will be effective for the other banks by February 2018; The BCB is already in the process of reviewing and revising the regulatory and supervisory frameworks for IRRBB, to align closer to the Basel norms and expectations (BCBS IRRBB - April 2016). This is expected to be completed in early 2018. |
| 24. Liquidity risk | C | The regulatory requirement (LCR) set by the BCB complies with the Basel standards. The supervisors monitor the liquidity situation in the banks on almost a daily basis, including implications of potential stress from market risk situations. The multiple liquidity monitoring tools and methodologies deployed by supervision provides the supervisors an assurance of the banks’ ability to meet their respective liquidity needs. They are able to draw additional comfort with the qualitative assessment of the banks’ liquidity risk management frameworks undertaken through the ongoing and continuous supervision approach. |
| 25. Operational risk | LC | The regulatory framework of operational risk management was initially established in 2007 to support the qualitative requirements of the Basel II framework when it was introduced. This was less prescriptive, but this has been largely addressed with the issue of Res. CMN 4557, which is effective for S1 banks from Aug 2017 and will be effective for the other banks from Feb 2018. The main areas of improvement achieved through CMN 4557 include those pertaining to IT risk, outsourcing, business continuity planning and compilation of operational risk loss data. While these can help, it may take a while for the new initiatives to bear fruit. The supervisory framework has been evolving over the period. As most banks had implemented the framework before 2010, recent examinations focused on the development of operational risk models in DSIBs or on important elements of the framework, such as the internal loss data collection, scenario analysis and management and regulatory reports, in order to assess incremental changes in the framework and developments in quantification. While the BCB has been pursuing with the banks to improve their operational risk loss information systems and databases, it is yet to establish periodical regulatory reporting by the banks on their internal loss data and operational risk events. |
| 26. Internal control and audit | LC | The regulatory framework prior to the issue of the Resolutions CMN 4595 and CMN 4588, was focused on the internal controls in the supervised institutions. The regulations place the responsibility of establishing the internal control systems and ensuring their effective functioning on the board of directors and senior management in the banks. Part of the responsibility was also cast on the audit committee in the banks. In Brazil, unlisted banks are not required to establish a board of directors (non-executive), need not establish audit committee when they are small, and shareholders can constitute the senior management. Of the 116 unlisted banks, 41 have established Board of Directors. Of the remaining 75 banks accounting for about R$540 billion in total assets (6.8% market share), 46 are foreign owned banks (5.8% market share). Regulations permit internal audit to be part of the internal control function with the requirement that internal audit will report to the senior management. At the same time, the compliance function is not a requirement and the requirements for the internal audit framework is less sophisticated. Collectively, these features can seriously undermine the effectiveness of the internal control and internal audit functions in these banks. The Resolutions CMN 4595 and 4588 become effective on 31 December 2017. While these can help, it may take a while for the new initiatives to bear fruit. Drawing on the requirements of Resolution 2,554 of 1998, BCB has been supervising financial institutions’ “internal controls system”, which comprises the internal controls, compliance and internal audit functions. BCB’s supervisory practices aim at evaluating the effectiveness of compliance and internal audit functions in supervised institutions, including small ones, observing the supervisory cycle established for each of these institutions. |
| 27. Financial reporting and external audit | C | The financial statements prepared and published by the financial institutions are in compliance with the Cosif (Brazil GAAP) and the IFRS. These statements are audited by independent external auditors who are required to perform the audits in compliance with the international auditing standards, and the audited financial statement are published along with the explanatory notes and auditors’ opinion at least at half-yearly intervals, both at solo and consolidated levels. Laws, regulations and the supervisor ensure appropriate governance arrangements are in place in the financial institutions for overseeing the external audit function. |
| 28. Disclosure and transparency | C | The supervised institutions in Brazil regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The publications are mainly in the form of published audited financial statements along with the accompanying notes, that are in compliance with the IFRS and the BR-GAAP, and the Pillar 3 disclosures that are placed on the respective institution’s websites in an easily accessible place. |
| 29. Abuse of financial services | LC | The BCB has introduced changes and enhancements in its oversight of AML/CFT since the last FSAP. Among these changes, the “twin peaks” approach has facilitated coordination between prudential and conduct supervision; a new committee on punitive administrative processes has been created and staffing levels for AML/CFT have been increased. The BCB differentiates between banks subject to continuous oversight and those, perceived to be less risky, to which it applies a remote inspection process. Enhancement to supervisory processes are not yet complete. More efforts are required to reduce time between detection of deficiencies and punitive action. The BCB is aware of this and has certain administrative changes in hand. Also, the next cycle of onsite inspections will move beyond examining the overall adequacy of documentation and processes into the effectiveness of KYC and the monitoring, analysis, selection and report procedures and tools used by the banks. Supervisory guidance on AML/CFT is expected to be issued by end 2018. |
RECOMMENDED ACTIONS AND AUTHORITIES’ COMMENTS
A. Recommended Actions
| Recommended Actions to Improve Compliance with the Basel Core Principles and the Effectiveness of Regulatory and Supervisory Frameworks | |
|---|---|
| Reference Principle | Recommended Action |
| Principle 2 | Confirm the legal independence of the BCB. Confirm the legal protection for staff of the BCB when acting in good faith. Institute a fixed mandate for the term of the Governor, and for Board members, ensuring also that there is a timing overlap of appointments to avoid a wholesale change whenever a new president is elected. Ensure that the reasons for the dismissal of the Governor and member of the BCB Board are enshrined in law and, if there is a case of dismissal, that the reasons must be made public. |
| Principle 4 | Introduce active monitoring of whether there are institutions presenting themselves as banks without the necessary authorizations, in order to reduce any opportunity a fraudulent entity may have to mislead customers. |
| Principle 7 | Introduce a de minimis threshold for acquisitions by financial institutions in the Banking Law. Further, it would be valuable if such an amendment ensured the BCB held continuing discretionary powers to examine an acquisition below the threshold if deemed necessary. |
| Principle 8 | Ensure that forthcoming supervisory manuals, to be finalized after new legislation on resolution, deliver a clear approach that avoids any undue delay in taking decisions on recovery or resolution. |
| Principle 10 | Introduce and monitor prudential requirements for all banks on both solo and consolidated basis, amending its reporting requirements as needed to cover all prudential risk areas, including, for example, submissions on large exposures, related party transactions and exposures, and performance of problem assets. |
| Principle 11 | Revise supervisory manuals and implement practices, when legislation is passed to provide the more nuanced corrective action and sanctioning powers (which were in the Provisional Measure 784) to ensure a timely and assertive application of supervisory measures, and escalation, when deficiencies are identified in financial institutions. |
| Principle 12 | Introduce supervision of all authorized banks on both a solo and consolidated basis. |
| Principle 13 | Ensure a formal feedback to the banks following any meeting of a supervisory college. Consider annual supervisory colleges for any domestic bank which has a cross border establishment that is systemic to the host jurisdiction. |
| Principle 14 | Grant the BCB the clear power to require an institution that is authorized as a bank to create a board of directors, even when this institution is not a listed entity. |
| Principle 16 | BCB should require the individual banks within the prudential conglomerate to also comply with the capital requirement at the solo level. BCB can also consider requiring the prudential conglomerates to ensure adequate distribution of capital within the different entities in the conglomerate according to the allocation of risks. BCB should consider establishing thresholds by reference to which it might trigger supervisory action, preferably before breach of the minimum requirements. |
| Principle 18 | A few areas where there is scope for further improvement include: (a) a clear definition of exposure that explicitly includes treatment of off-balance sheet exposures, investment in securities, and other amounts due from counterparties, including guidance on how each type of exposure should be treated for measuring and reporting of problem assets or non-performing exposures, and how they should be treated for provisioning purposes; (Ref. BCBS D403, April 2017); (b) issue clear norms for reclassification of problem assets and restructured assets as performing and reclassification (upgrading) of assets from one level to the other; (Ref. BCBS D403, April 2017); (c) explicit requirement to adopt an expected loss approach to all types of exposures while assessing provisioning requirement; (d) harmonize norms for classification and provisioning irrespective of maturity period of the exposures; (e) establish explicit norms for collateral eligibility and valuation for determining provisioning for problem exposures; (f) clearly articulate board responsibilities for oversight of the identification, measurement and management of problem assets; (g) introduce periodical reporting on asset classification and provisioning; |
| Principle 19 | Introduction of explicit and clear definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective; Review/revision of the exemptions and eligible collaterals that off-set exposure; Review/ revise the prudential exposure limits for (a) federal public sector entities; (b) state and state public sector entities and (c) municipality and municipal public sector entities; Revise the reference for the prudential limits from total regulatory capital to Tier 1 capital; Apply the prudential limits to the solo bank within the prudential conglomerates; Enhance currently available supervisory guidance and/or establish benchmark(s) for other types of concentrations (sector, geographic region, credit risk mitigant, etc.), introduce explicit periodical reporting by banks on concentration risk exposures. |
| Principle 20 | Introduce enhanced and explicit requirements for Board oversight of related party exposures and transactions; An explicit definition or articulation of list of “related parties”, to include at least those mentioned in the footnote to the CP; An explicit definition or articulation of the “related party transactions” for prudential purposes, to include at least those mentioned in the footnote 69 to the CP; Introduction of prudential limit for aggregate exposures to related parties that are at least as conservative as the limits for connected counterparties; Introduction of periodical focused reporting by the supervised institutions on the exposures, transactions, exceptions and write-offs; Application of the prudential framework for related party exposures and related party transactions to the solo bank(s) within the prudential conglomerate; and Appropriate corresponding improvements to the supervisory manual; |
| Principle 21 | BCB should revise the definition of country risk to fully align with the Basel definition, explicitly adopt the ‘ultimate risk’ approach to these risks, consider issuing explicit regulations on identification, measurement, monitoring and management of these risks, including guidance on grading these risk exposures and provisioning therefor as a distinct risk from counterparty risk, extend the ultimate risk approach to the risk exposures of the bank’s branches and group entities abroad, introduce appropriate prudential reporting requirements to monitor the banks’ exposure to these risks; make appropriate corresponding improvements to the supervisory manual and apply the regulatory and supervisory elements pertaining to these risks to the solo banks within the prudential conglomerates. |
| Principle 22 | Review market risk management frameworks in relevant S3 and S4 banks, at more frequent intervals than may be determined by their supervisory cycle; Issue explicit norms and guidance for shifting of exposures from and to trading book. |
| Principle 25 | Areas for improvement can include: issue of clear guidance to banks for standardized compilation of internal loss database, including data on operational risk events, and their periodical reporting to the BCB; Issue regulations focused on cybersecurity, including prompt reporting on significant cyber threats; advise banks to report significant OR events of all types with minimum loss of time; |
| Principle 26 | BCB should devote greater attention to the internal control, compliance and internal audit functions in unlisted banks, to review their effectiveness, and take appropriate corrective measures, where warranted. |
| Principle 29 | Consider proactive measures, such as additional inspections in the non-priority bank segment, which may be seen as a potentially softer target for abuses, to signal that all sectors of the market are under scrutiny. Consider a more disciplinarian approach in corrective actions. The timeliness of action following the detection of a deficiency should be targeted as a priority area for improvement. Also, a move towards automatic fines, or more rapid escalation processes to severe measures (suspension of business activity or loss of authorization), could communicate that there is no tolerance for failures that could lead the institution, or the financial system more widely, open to abuse. Complete operational processes to ensure that the BCB has access to the database of the Brazilian Federal Revenue Office to cross check and confirm information on beneficial owners. Access to this information was granted, following the assessment mission, and the BCP team were informed that some operational arrangements needed to be concluded. |
| Recommended Actions to Improve Compliance with the Basel Core Principles and the Effectiveness of Regulatory and Supervisory Frameworks | |
|---|---|
| Reference Principle | Recommended Action |
| Principle 2 | Confirm the legal independence of the BCB. Confirm the legal protection for staff of the BCB when acting in good faith. Institute a fixed mandate for the term of the Governor, and for Board members, ensuring also that there is a timing overlap of appointments to avoid a wholesale change whenever a new president is elected. Ensure that the reasons for the dismissal of the Governor and member of the BCB Board are enshrined in law and, if there is a case of dismissal, that the reasons must be made public. |
| Principle 4 | Introduce active monitoring of whether there are institutions presenting themselves as banks without the necessary authorizations, in order to reduce any opportunity a fraudulent entity may have to mislead customers. |
| Principle 7 | Introduce a de minimis threshold for acquisitions by financial institutions in the Banking Law. Further, it would be valuable if such an amendment ensured the BCB held continuing discretionary powers to examine an acquisition below the threshold if deemed necessary. |
| Principle 8 | Ensure that forthcoming supervisory manuals, to be finalized after new legislation on resolution, deliver a clear approach that avoids any undue delay in taking decisions on recovery or resolution. |
| Principle 10 | Introduce and monitor prudential requirements for all banks on both solo and consolidated basis, amending its reporting requirements as needed to cover all prudential risk areas, including, for example, submissions on large exposures, related party transactions and exposures, and performance of problem assets. |
| Principle 11 | Revise supervisory manuals and implement practices, when legislation is passed to provide the more nuanced corrective action and sanctioning powers (which were in the Provisional Measure 784) to ensure a timely and assertive application of supervisory measures, and escalation, when deficiencies are identified in financial institutions. |
| Principle 12 | Introduce supervision of all authorized banks on both a solo and consolidated basis. |
| Principle 13 | Ensure a formal feedback to the banks following any meeting of a supervisory college. Consider annual supervisory colleges for any domestic bank which has a cross border establishment that is systemic to the host jurisdiction. |
| Principle 14 | Grant the BCB the clear power to require an institution that is authorized as a bank to create a board of directors, even when this institution is not a listed entity. |
| Principle 16 | BCB should require the individual banks within the prudential conglomerate to also comply with the capital requirement at the solo level. BCB can also consider requiring the prudential conglomerates to ensure adequate distribution of capital within the different entities in the conglomerate according to the allocation of risks. BCB should consider establishing thresholds by reference to which it might trigger supervisory action, preferably before breach of the minimum requirements. |
| Principle 18 | A few areas where there is scope for further improvement include: (a) a clear definition of exposure that explicitly includes treatment of off-balance sheet exposures, investment in securities, and other amounts due from counterparties, including guidance on how each type of exposure should be treated for measuring and reporting of problem assets or non-performing exposures, and how they should be treated for provisioning purposes; (Ref. BCBS D403, April 2017); (b) issue clear norms for reclassification of problem assets and restructured assets as performing and reclassification (upgrading) of assets from one level to the other; (Ref. BCBS D403, April 2017); (c) explicit requirement to adopt an expected loss approach to all types of exposures while assessing provisioning requirement; (d) harmonize norms for classification and provisioning irrespective of maturity period of the exposures; (e) establish explicit norms for collateral eligibility and valuation for determining provisioning for problem exposures; (f) clearly articulate board responsibilities for oversight of the identification, measurement and management of problem assets; (g) introduce periodical reporting on asset classification and provisioning; |
| Principle 19 | Introduction of explicit and clear definition of exposure for assessing compliance with prudential exposure limits and how exposures should be aggregated from concentration risk perspective; Review/revision of the exemptions and eligible collaterals that off-set exposure; Review/ revise the prudential exposure limits for (a) federal public sector entities; (b) state and state public sector entities and (c) municipality and municipal public sector entities; Revise the reference for the prudential limits from total regulatory capital to Tier 1 capital; Apply the prudential limits to the solo bank within the prudential conglomerates; Enhance currently available supervisory guidance and/or establish benchmark(s) for other types of concentrations (sector, geographic region, credit risk mitigant, etc.), introduce explicit periodical reporting by banks on concentration risk exposures. |
| Principle 20 | Introduce enhanced and explicit requirements for Board oversight of related party exposures and transactions; An explicit definition or articulation of list of “related parties”, to include at least those mentioned in the footnote to the CP; An explicit definition or articulation of the “related party transactions” for prudential purposes, to include at least those mentioned in the footnote 69 to the CP; Introduction of prudential limit for aggregate exposures to related parties that are at least as conservative as the limits for connected counterparties; Introduction of periodical focused reporting by the supervised institutions on the exposures, transactions, exceptions and write-offs; Application of the prudential framework for related party exposures and related party transactions to the solo bank(s) within the prudential conglomerate; and Appropriate corresponding improvements to the supervisory manual; |
| Principle 21 | BCB should revise the definition of country risk to fully align with the Basel definition, explicitly adopt the ‘ultimate risk’ approach to these risks, consider issuing explicit regulations on identification, measurement, monitoring and management of these risks, including guidance on grading these risk exposures and provisioning therefor as a distinct risk from counterparty risk, extend the ultimate risk approach to the risk exposures of the bank’s branches and group entities abroad, introduce appropriate prudential reporting requirements to monitor the banks’ exposure to these risks; make appropriate corresponding improvements to the supervisory manual and apply the regulatory and supervisory elements pertaining to these risks to the solo banks within the prudential conglomerates. |
| Principle 22 | Review market risk management frameworks in relevant S3 and S4 banks, at more frequent intervals than may be determined by their supervisory cycle; Issue explicit norms and guidance for shifting of exposures from and to trading book. |
| Principle 25 | Areas for improvement can include: issue of clear guidance to banks for standardized compilation of internal loss database, including data on operational risk events, and their periodical reporting to the BCB; Issue regulations focused on cybersecurity, including prompt reporting on significant cyber threats; advise banks to report significant OR events of all types with minimum loss of time; |
| Principle 26 | BCB should devote greater attention to the internal control, compliance and internal audit functions in unlisted banks, to review their effectiveness, and take appropriate corrective measures, where warranted. |
| Principle 29 | Consider proactive measures, such as additional inspections in the non-priority bank segment, which may be seen as a potentially softer target for abuses, to signal that all sectors of the market are under scrutiny. Consider a more disciplinarian approach in corrective actions. The timeliness of action following the detection of a deficiency should be targeted as a priority area for improvement. Also, a move towards automatic fines, or more rapid escalation processes to severe measures (suspension of business activity or loss of authorization), could communicate that there is no tolerance for failures that could lead the institution, or the financial system more widely, open to abuse. Complete operational processes to ensure that the BCB has access to the database of the Brazilian Federal Revenue Office to cross check and confirm information on beneficial owners. Access to this information was granted, following the assessment mission, and the BCP team were informed that some operational arrangements needed to be concluded. |
B. Authorities’ Response to the Assessment56
43. The Brazilian authorities wish to express their support for the Financial Sector Assessment Program (FSAP), which is a valuable contribution to the enhancement of supervisory practices in the many jurisdictions assessed. The case of Brazil is no different. Brazil appreciates the effort that the FSAP staff have invested in this task, as well as the insights gained during the discussions.
44. The authorities also wish to express their entire agreement with the staffs’ views on the necessity of improvements in the Brazilian framework. Two good examples of such instances regard CP 2 (Independence, accountability, resourcing and legal protection for supervisor) and the recommendations concerning resolution practices and regulation (as mentioned in the assessment of CP 8 - Supervisory approach), and, in these cases, authorities express their full commitment in adopting the necessary steps in the directions suggested by the FSAP.
45. While the authorities acknowledge the excellent quality of the inputs provided by the assessors, and our full commitment in adopting the necessary steps in most of the recommendations suggested by the FSAP, we would like to provide some different views held by those involved with supervision in Brazil regarding some of the comments (and respective grades).
46. One example is regarding, CP 10 (that was graded Compliant). The FSAP pointed out the necessity to put the onus and responsibility for monitoring and managing the prudential and risk dimensions squarely on financial institutions. But in fact, the onus and responsibility to measure, monitor and manage risks is already fully on banks, as stated by the extensive regulation issued by the CMN and the BCB. They are subject to: (i) a continuous supervision cycle aimed at identifying vulnerabilities in their risk management, and (ii) to supervisory actions and sanctions in case they fail to comply with the regulatory requirements. From the on-site supervision perspective, the Risk and Controls Assessment System (SRC) dedicates extensive analyses on the assessment of the inherent risks and their related controls. The main focus is to evaluate how the banks measure, monitor and manage risks. Our supervisory actions have stated this very clear message, over the years. From the off-site perspective, several monitoring tools and significant amount of information at disposal of the BCB allows supervision to keep a close watch on regular banks’ activities while providing an independent view about the figures of the banks. This understanding is corroborated by the positive findings in the last FSB Peer Review of Brazil57, which praises the “pioneering work carried out on trade reporting and its use in systemic risk monitoring”.
47. The Brazilian authorities are committed to further improve the policies and practices of supervision. Nonetheless, please find below comments on the recommendations by the FSAP staff.
Corrective and sanctioning powers and Abuse of financial services (CPs 11 and 29)
48. The authorities have a different view from the staff on the following points.
First, according to the staff, the BCB should implement measures, such as additional inspections to the continuous cycle of supervision to improve supervision on smaller banks.
However, the BCB believes that its remote inspection methodology has been designed for addressing all the steps required in a full inspection. It includes collecting evidence of the appropriate functioning of systems and controls. During the assessment, the examiner may interact with the institution’s management in order to require additional reports, databases or any other information deemed necessary.
In the last few years, this methodology has allowed the BCB to liquidate some FX brokers without conducting any additional supervisory activity. Those liquidations were decided based only on information obtained in remote inspections, through which serious violations were detected and sufficient evidence was collected.
Furthermore, the overall design of the process (continuous supervision for higher risk and remote inspections for lower risk institutions), is aligned with the FATF/GAFI’s risk based approach.
Second, staff believe that the BCB should consider a more disciplinarian approach than moral suasion.
It is important to highlight that moral suasion is used in Brazil as a complementary measure and does not prevent the use of corrective and/or sanctioning measures whenever deemed appropriate.
Third, the authorities highlight that the recent legislation on sanctioning and corrective powers has provided supervisors with new tools that will increase the speed of execution of supervisory actions. Law 13,506, passed on November 13, 2017, introduced changes in the procedures required for sanctioning administrative processes, which shall contribute to improving the timeliness of sanctioning procedures.
These timelines are, in fact, being reduced, but corrective actions are already taken in a reasonable timeframe, even before the initiation of sanctioning processes. We consider that priority given for corrective action is appropriate because of its proven efficiency in ceasing irregular conducts.
Consolidated supervision (CP 12)
49. The determinant for Brazil not to be considered “compliant” with this Core Principle was the fact that prudential regulations in Brazil do not reflect the expectation that the individual institutions within a Prudential Conglomerate should also observe individually the prudential requirements.
50. In this regard, it is important to highlight that the staff concluded that it is unlikely that a solo bank would experience extensive deterioration before the multiple monitoring tools of the BCB could detect a problem. In addition, the staff recognized that the Brazilian banking system is largely domestic and that the BCB receives and monitors a significant amount of information on a sub-consolidated and on a standalone basis, acting if necessary.
51. Moreover, it is worth mentioning that the BCB supervisory work also includes the analysis of each group’s structure, their business models and relevant functional activities and business lines. Consequently, areas within individual institutions of the conglomerate are thoroughly examined under a risk-based approach.
52. Nonetheless, in light of this FSAP recommendation, the BCB will review the application of its prudential regulatory framework and make changes as deemed necessary. This review will be based on a risk-based and cost-effective approach, taking into account the proportionality criteria.
Corporate governance (CP 14)
53. The authorities generally agree with the assessment of the framework of corporate governance, but highlight that several recent improvements in this field were not entirely taken into account by the FSAP staff. The staff have not taken into account these new measures, arguing that they have not been in effect long enough to produce verifiable results. The authorities, on the other hand, believe that the examples that follow present sufficient evidence to the contrary.
54. Resolution 4,557, of 2017, for instance, established risk management requirements for financial institutions following a proportionality approach, whereby requirements vary in accordance with the segmentation introduced by the Resolution 4,553 of 2017. Compliance with the new framework has been required for internationally active and systemic banks since August 2017. For other institutions, compliance has been required since February 2018.
55. Resolution 4,557, in addition, consolidated and improved requirements already in place for risk management in previous regulations concerning operational risk (Resolution 3,380 of 2006), market risk (Resolution 3,464 of 2007), credit risk (Resolution 3,721 of 2009) and liquidity risk (Resolution 3,988 of 2011). Requirements regarding the audit committee were established in Resolution 3,198 of 2004, while the remuneration policy, including the requirement of a Remuneration Committee, were introduced by Resolution 3,921 of 2010. In fact, many features of Resolution 4,557 were already part of supervision manuals and were therefore required by supervisors before the regulation came into force.
56. The supervisory process incorporates not only current local standards, but also international best practices and recommendations. Prior to the publication of the supervisory guidelines in March 2018, in accordance with the regulatory requirements, institutions were informed of supervisory expectations concerning corporate governance through the supervision cycle.
57. With respect to the constitution of a board of directors, according to the Brazilian corporate law (Law 6, 404 of 1976,) only publicly held companies are required to constitute boards. However, 41 non-listed banks constituted boards of directors responding to recommendations of supervision. In the absence of a board of directors, senior management must assume the board’s responsibilities relative to risk management and capital management, as established by Resolution 4,557.
58. Listed and unlisted banks that have a board of directors hold 93 percent of the total assets and 95 percent of total deposits of the Brazilian financial system as of September 2017.
59. Of the 75 banks that do not possess a board of directors, 46 (6 percent of system assets and 4 percent of system deposits) are foreign-owned institutions whose governance structures are monitored by their parent companies. The remainder (1 percent of system assets and 1 percent of system deposits) consists of very small institutions, the largest one being a cooperative bank.
Problem assets, provisions and reserves (CP 18)
60. The authorities share most of the views of the FSAP staff in this matter. Nonetheless, there are some points that deserve more clarification.
61. According to Brazilian regulations, financial institutions are required to adopt an expected loss approach for assessing the amount of provisions.
62. Resolution 2,682 of 1999 establishes minimum provisioning levels according to the number of days past-due, clearly establishing that provisions shall be sufficient to cover the expected credit losses in any situation, i.e., even when a financial institution opts to use the number of days past-due as the sole criterion for risk classification of loans below fifty thousand of Brazilian reais.
63. In this sense, the Brazilian provisioning framework is substantially different from IAS39, which requires provisions only for defaulted or almost-defaulted exposures, thus being closer to the IFRS9 standard.
64. The expected credit loss (ECL) framework has been continuously reinforced since Resolution 2,682 of 1999. Resolution 3,721 of 2011 established that the credit risk management structure must ensure provisioning levels compatible with the incurred credit risk. Taken together, these regulations allowed supervision to require provisioning for all on- and off-balance sheet credit risk exposures. Resolution 4,557 clearly establishes that, concerning credit risk, the integrated risk management structure must guarantee that provisions are sufficient to cover all expected credit losses.
65. Draft versions of regulation intended to replace Resolution 2,682 of 1999 have been submitted to public consultation. The proposed rules aim to reduce asymmetries between local accounting regulation and IFRS9. Final rules are expected to be published in 2018 and will also clarify how concepts of Resolution 4,557 of 2017 and IFRS9 harmonize with each other. FSAP recommendations regarding collateral eligibility and valuation and reclassification of problem assets will be taken into consideration in the final version of the regulation.
66. Regarding the definition of exposure, Resolution 4,557 adopts a comprehensive approach, according to which management requirements for credit risk (including the assessment of provisions) apply to any exposure that meets the risk definition, irrespective of its legal form or accounting denomination.
67. With respect to the lack of an explicit definition for credit risk exposure as well as the lack of an explicit command for provisioning exposures other than those mentioned in Resolutions 2,682 and 4,512, these gaps will be addressed by the regulation that will implement IFRS9 in Brazil.
68. Regarding credit risk governance, responsibilities of the board of directors were addressed in Resolution 3,721 of 2009 and in Resolution 4,557. These regulations establish, as responsibilities of the board, the approval and review of risk management policies and strategies and the implementation of the prompt correction of any deficiencies in the risk and the capital management structures. The board of directors periodically receives management reports that must comprise, among other aspects, the evaluation and estimation of the performance of the assets exposed to credit risk, including their classification and provisions, as well as information on material exposures characterized as problem assets, including their characteristics, track record and recovery expectations.
69. Regarding the FSAP recommendation of introducing periodical reporting on asset classification and provisioning, the authorities believe that reporting requirements on supervision tasks have been addressed. As a matter of fact, the credit bureau’s instructions demand that each operation’s record informs the adoption of restructuring practices as defined in Resolution 4,557 and Circular Letter 3,819 of 2018. This information is already received from systemically important institutions since April 2018 and for the others, it will be received starting in September 2018.
Concentration risk and large exposure limits (CP 19)
70. The Brazilian authorities generally agree with this assessment, only pointing out that the comprehensiveness or effectiveness of the supervisory monitoring of large exposures is sufficiently clear. The supervisor receives, on a monthly basis, reports from the largest banks, taking into account the concept of connected counterparties. The BCB is also able to monitor large exposures using connected counterparties through its wide-range supervisory tools and procedures.
71. Nevertheless, the authorities agree that the definition of exposure, the definition of connected counterparties, and the calculation method to aggregate exposures should be improved. The gaps will be fully addressed by a new regulation that will replace Resolution 2,844 of 2001, in order to comply with the recommendations established in BCBS 283 document (“Supervisory framework for measuring and controlling large exposures”). For the purpose of the large exposures limit, all exposures used in the calculation of capital requirement will be considered. This regulation is expected to be fully implemented according to the Basel timeline.
72. On February 9, 2018, a consultative document on this regulation was published on the website of the Central Bank of Brazil. The proposal was available for comments by March 20, 2018. Meanwhile, the Financial System Monitoring Department has conducted a detailed study on the impacts of the new framework. One of the conclusions of the study was that the information on large exposures already gathered by the BCB does not significantly differ from data to be collected and reported by banks under the new approach.
73. Supervisors, therefore, do have enough information to challenge banks on their management of concentration risk and large exposures limits. Banks are currently seeking to improve their systems in order to be prepared for the BCB’s scrutiny and to enhance their capacity to measure concentration risk and adopt remedial action in case of breaches of the prudential requirement.
74. Compliance with regulatory limits is monitored, on a monthly basis, by the Financial System Monitoring Department. Furthermore, the BCB is updating the Report on Operational Limits (DLO), received from banks, to follow the latest BCBS recommendations for large exposures, by including additional requirements for financial institutions. This measure will meet the FSAP recommendation of introducing explicit periodical reporting by banks on concentration risk exposures.
75. The BCB is also committed to continuously improving its supervisory guidance or databases that enhance the assessment of concentration risk. Information on correlations among economic sectors or geographic regions will be broadened and produced regularly through automatic procedures. However, the authorities underscore that they have enough data on credit risk mitigants, as well as a comprehensive database of almost all connected parties. For the latter, authorities are confident that the upcoming enhancements from the new regulation will solve the gaps pointed out by the FSAP.
Transactions with related parties (CP 20)
76. The authorities in general concur with the assessment related to Core Principle 20, but believe that it is important to highlight some points that moderate significantly the judgment on this topic.
77. Granting of loans to related parties was prohibited until Law 13,506 of 2017 came into force. In that context, supervisors assessed other exposures and risks arising from transactions with related parties by means of various mechanisms, among which:
Regular information gathering of detailed accounting information for monitoring purposes, allowing the identification of significant changes and atypical transactions (including transactions with related parties) and
On-site examinations to verify the existence of a formal segregation of duties (for mitigation and appropriate handling of conflicts of interest) and to assess potential conflicts of interest regarding related parties.
It is important to highlight new supervisory procedures, related to risk monitoring and to exposures with related parties, under implementation by the BCB, among which:
Requirement for the Board of Directors to ensure that transactions with related parties are properly reviewed, regarding the risks and restrictions involved;
Evaluation of the contagion risk arising from transactions with related parties that are out of the prudential conglomerate, as well as the policies adopted to control these transactions.
78. The aforementioned Law 13,506, of 2017, amended the existing legislation, permitting loans to related parties, provided they are carried out under market conditions. The law includes a significant portion of those parties listed in the footnote to CP 20 in its definition of “related party”. Resolution 4,636 of 2018 (and, before that, Resolution 3,750 of 2009), which establishes procedures for disclosing information about transactions with related parties, uses a definition of related parties closely aligned with the definition used in CP 20.
79. In spite of the fact that the existing treatment is adequate for the evaluation of risks arising from transactions with related parties, we recognize the need for adjustments in regulation and supervision in order to comply with the recommendations presented by the FSAP. In this sense, the improvements will encompass prudential limits to be applied to a broader range of transactions with a wider set of counterparties. These requirements will focus not only on prudential conglomerates, but also on the relevant individual entities.
80. With respect to the introduction of periodical focused reporting by supervised institutions on the exposures, transactions, exceptions and write-offs, Brazil intends to follow the recommendation.
Country and transfer risks (CP 21)
81. The authorities concur with some points raised in the assessment, however, strongly disagree with the relevance that staff assigned to country and transfer risks. Brazil FX exposure is very low in the financial institutions’ balance sheets. Therefore, the Brazilian authorities are of the view that the concerns pointed out by the FSAP are overstated.
82. Since 2009, Brazilian laws and regulations include country and transfer risks as elements of credit risk, and, thus, require financial institutions to establish policies and procedures for identifying, measuring, monitoring and managing them accordingly. In this sense, these risks must be considered in the framework and, when relevant, in the stress testing process.
83. Although the authorities understand that the financial system could benefit from specific guidance or requirements regarding country and transfer risks, it is important to consider that these risks are not deemed relevant in the Brazilian financial system. The majority of financial institutions exhibit very low levels of exposure to such risks. The regulatory choice was to formally define country and transfer risks as components of credit risk, as well as to establish broad risk management requirements that would apply to all financial institutions. Supervisors assess the sufficiency and adequacy of the risk management in the Risk and Controls Assessment System (SRC), which includes a specific evaluation of elements for country and transfer risks.
84. Country and transfer risks are established as components of credit risk by Resolution 4,557 and, therefore, such risks are subject to all applicable requirements, including the ECL framework and stress testing process. Notwithstanding the aforementioned low exposure to those risks, the authorities concurs with the recommendation to introduce more explicit requirements. These issues will also be addressed in the regulation that will replace Resolution 2,682 and implement IFRS9 requirements for Brazilian banks.
85. Regarding the definition of country and transfer risks, he BCB supervisory process includes indirect exposures in default risk by considering that a local debtor may face financial difficulties due to events abroad. Nonetheless, the BCB intends to review Resolution 4,557 of 2017 in order to make it clearer.
86. The authorities also agree with the recommendation of introducing prudential reporting requirements to monitor the banks’ exposure to these risks and will adopt the necessary measures to implement these requirements.
Operational risk (CP 25)
87. The authorities are of the view that current supervisory practices are in line with the guidelines of BCP 25.
88. Due to the nature of operational risk, supervisory requirements on operational risk management in Brazil are constantly evolving and very frequently incorporate items not explicitly required in the regulations. For example, the BCB has IT expert supervisory teams since 1996 and has required banks’ compliance with features of the ISACA’s COBIT framework since 2000. In addition, supervisors closely monitor the risk exposure of banks, specially of those systemically important, and all operational risk management requirements are commensurate with the nature and the complexity of products, services, activities, processes and systems of institutions.
89. Regarding the internal loss database of operational risk events, supervision has specifically focused on this important feature of operational risk management and has demanded banks, mainly the D-SIBs and ASA banks, to collect data and adequately react to it. In addition, the BCB is currently working, along with the industry, on a project imposing periodical regulatory reporting by the banks on their internal loss data and operational risk events.
90. Resolution 4,557, of February 23, 2017, which provides for the implementation of the structure for risk management, consolidated the different risk management requirements that had been in place since 2006 and updated the operational risk management requirements for banks in Brazil. The regulation takes into account the post-crisis new principles and many of the supervisory practices already in place. Therefore, from the authorities’ perspective, this regulation is complemented by the described Brazilian supervisory practices, adequately covering the criteria of this Core Principle, including those related to operational risk data and reporting mechanisms to supervisors.
91. In addition, it is worth noting that the National Monetary Council issued, on April 26, 2018, Resolution 4,658, which establishes the requirements for cybersecurity policy, including minimum requirements on outsourcing storage and data processing and on outsourcing cloud computing. This regulation, therefore, already covers the recommended improvements related to cyber risks and prompt reporting of cyber threats.
Internal control and audit (CP 26)
92. The assessment points out that not all banks are required to establish a board of directors or an audit committee. In this regard, we have to consider that, as of November 2017, from a total of 135 banks, 107 either have a board of directors or are foreign-owned banks. The remaining 28 banks comprise only 1 percent of the market share, as measured by assets.
93. The assessment states that regulations permit internal audit to be part of the internal control function. It also states that the compliance function is not a requirement and the requirements for the internal audit framework are not sophisticated enough.
94. However, it also acknowledges that Resolutions 4,588 and 4,595, which respectively updated requirements for the internal audit function and regulated the compliance function, are helpful in this respect and will bear fruit in due time. These Resolutions, which came into force on December 31, 2017, introduced more prescriptive requirements, in line with the documents “Compliance and the Compliance Function in Banks”, issued by the BCBS in 2005, and “The Internal Audit Function in Banks”, issued by the BCBS in 2012. Furthermore, many features of these regulations were already part of supervision manuals and were therefore required by supervisors and observed by banks. In fact, they represent a consolidation of rules and practices already in place.
1
This Detailed Assessment Report has been prepared by Katharine Seal, IMF and Damodaran Krishnamurti, World Bank.
2
Source: BCB Financial Stability Report, data as at June 2016.
3
The individual responsibilities of the CMN and the BCB are defined in Law 4,595.
4
In this document, “banking group” includes the holding company, the bank and its offices, subsidiaries, affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group, for example non-bank (including non-financial) entities, may also be relevant. This group-wide approach to supervision goes beyond accounting consolidation.
5
The activities of authorising banks, ongoing supervision and corrective actions are elaborated in the subsequent Principles.
6
Such authority is called “the supervisor” throughout this paper, except where the longer form “the banking supervisor” has been necessary for clarification.
7
Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host relationships” (13) and “Abuse of financial services” (29).
8
This document refers to a governance structure composed of a board and senior management. The Committee recognizes that there are significant differences in the legislative and regulatory frameworks across countries regarding these functions. Some countries use a two-tier board structure, where the supervisory function of the board is performed by a separate entity known as a supervisory board, which has no executive functions. Other countries, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these differences, this document does not advocate a specific board structure. Consequently, in this document, the terms “board” and “senior management” are only used as a way to refer to the oversight function and the management function in general and should be interpreted throughout the document in accordance with the applicable law within each jurisdiction.
9
While the term “supervisor” is used throughout Principle 6, the Committee recognizes that in a few countries these issues might be addressed by a separate licensing authority.
10
On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on supervisory concerns, etc.
11
Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of further off-site and on-site work, etc.
12
In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to required accounting reports. The former is addressed by this Principle, and the latter are addressed in Principle 27.
13
Please refer to Principle 2.
14
Term of Commitment: instrument of negotiated solution in order to promote: (i) the cessation of practices under investigation or their harmful effects; (ii) correction of identified irregularities; and (iii) compensation for any losses. The Term of Commitment shall be made between the BCB and the financial institution.
15
Please refer to footnote 19 under Principle 1.
16
Circular 3,748requires banks to compute, submit to the BCB, and disclose to the public their Leverage Ratio in accordance with Basel III metric.
17
Please refer to footnote 27 under Principle 5.
18
The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to approach the affairs of the company in the same way that a ‘prudent man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.”
19
For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure, encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group.
20
To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by the underlying reference documents.
21
It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a bank’s Board and senior management.
22
New products include those developed by the bank or by a third party and purchased or distributed by the bank.
23
Critical roles are activities, operations or services which discontinuity may endanger the financial stability and functioning of the economy, as determined by the BCB.
24
Significant level of exposures was established as superior to 10 percent of the ratio Exposures/GDP.
25
The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.
26
The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test that banks are adequately capitalized on a stand-alone basis.
27
Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital measurement and capital standards: a revised framework, comprehensive version, June 2006.
28
In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focuses, among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the appropriate level of capital to support the risks it is running and the risks it poses.
29
“Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverses stress testing.
30
Please refer to Principle 12, Essential Criterion 7.
31
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
32
Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities.
33
Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.
34
“Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments.
35
Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets.
36
Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).
37
It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.
38
Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof.
39
This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.
40
The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e., it should encompass actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).
41
Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of September 2012, a new Basel standard on large exposures is still under consideration.
42
Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related interests, and their close family members as well as corresponding persons in affiliated companies.
43
Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.
44
COSIF - Technical Pronouncement CPC-05 of the Accounting Pronouncement Committee of the CPC (Accounting Standards setter in Brazil)
45
An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g., staff receiving credit at favorable rates).
46
Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with individuals, corporate, banks or governments are covered.
47
Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics – Guide for compilers and users, 2003.)
48
Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book. Interest rate risk in the trading book is covered under Principle 22.
49
The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.
50
In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.
51
The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines.
52
The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small banks to implement a system of independent reviews, e.g. conducted by external experts, of key internal controls as an alternative.
53
In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisors.
54
For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.
55
The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the criteria mentioned in this Principle.
56
If no such response is provided within a reasonable time frame, the assessors should note this explicitly and provide a brief summary of the authorities’ initial response provided during the discussion between the authorities and the assessors at the end of the assessment mission (“wrap-up meeting”).
57
FSB Review Report, April 19, 2017, available at www.fsb.org/2017/04/peer-review-of-brazil/.
