The 2017 Joint Review of the Standards and Codes Initiative


The 2017 Joint Review of the Standards and Codes Initiative


1. The World Bank and the International Monetary Fund jointly launched the standards and codes initiative (“the initiative”) in 1999 in the wake of the Asian crisis. The initiative is intended to enhance economic and financial stability by strengthening domestic economic and financial institutions by encouraging the implementation of internationally agreed standards. The initiative has undergone changes, in response to revisions and enhancements to the underlying standards and codes (S&C), as well as Board guidance on the application and scope of the initiative. Currently, the initiative covers the application of internationally recognized S&C in twelve policy areas assessed by the IMF/World Bank.

2. The initiative has promoted the dissemination, adoption, and implementation of internationally agreed S&C by member countries, mainly through World Bank and IMF assessments of the status of countries’ progress in each area. A key element of the initiative has been the publication of the findings of assessments in the form of Detailed Assessment Reports (DARs) and Reports on the Observance of Standards and Codes (ROSCs). The ROSCs and DARs have served the Bank and Fund as important tools to detect potential weaknesses that could pose risks to the economy and to provide a focused and prioritized list of recommendations for country action. The findings are used in the surveillance work by the IMF and have served as benchmarks for follow up technical assistance work by the IMF, the World Bank, and other providers. IMF and World Bank staff also use the S&C as a benchmark for focused reviews on specific topics. The focused reviews result in technical notes (TNs) or provide input into the Financial System Stability Assessment (FSSA).

3. The main objective of this study is to identify cross cutting issues since the last review in 2011. Specifically, this background paper focuses on: (i) revisions to the 12 S&C and their assessment methodologies (AM) since the 2011 review, and (ii) approaches to assessment and review of the individual S&C, based on examination of an extensive sample of published assessments and reviews conducted since 2011. The paper does not assess the quality of assessments or their use by the IMF & World Bank, national authorities, or the private sector.

4. The S&C are grouped into three broad categories. These relate to transparency, financial sector, and institutional and market infrastructure. Table 1 below lists the areas currently covered, the different bodies that set standards, hyperlinks to the latest standards, and the institutions acting as assessors.

Table 1.

Standards and Codes Relevant for Bank and Fund Work

article image

Revisions to the Standards and Codes

5. This section reviews the changes to the S&C taking a thematic approach. There are five broad categories of revisions to the S&C since the last review: (1) the lessons from the GFC; (2) experience with and approaches to the assessments; (3) changes in best practices; (4) consistency across the S&C; and (5) other changes, mainly in structure and organization. The review includes both the changes to the S&C themselves and to the related AM that determine how the assessments are to be conducted in practice.

A. Revisions to Reflect Lessons from the GFC

6. Many of the S&C have been revised to reflect lessons from the GFC; others, such as the CRDI, were adopted directly as a result. Incorporating these lessons has enhanced the relevance of the S&C as tools for identifying and mitigating risks. The approaches taken to incorporate the lessons of the GFC have varied across the standards. The first eight lessons listed in Table 2 are discussed below.

Table 2.

Lessons from the Global Financial Crisis

article image

7. Attention to mitigating systemic risk and the risks posed by Systemically Important Financial Institutions (SIFIs) are new elements in the regulatory standards. These elements are incorporated in the BCP as part of the existing Core Principles (CPs) as topics requiring enhanced supervision rather than as new supervisory standards. The BCPs now require that supervisors take account not only of the risk profile of individual institutions but also the systemic risks they pose to the financial system and the economy. IOSCO addresses systemic risk by including a new CP (CP 6) that identifies the role of the securities regulator in contributing to the regulatory process to identify and mitigate systemic risk, recognizing that this process will involve multiple agencies. IAIS includes a new CP (CP 24) on macro-prudential surveillance requiring the insurance supervisor to take account of systemic factors in insurance supervision. The KA identify an effective framework for systemic risk identification and mitigation as one of the preconditions for effective resolution regimes. Addressing the risks posed by SIFIs is a central reason for the creation and adoption of the KA as a new S&C. The new Principles for FMIs includes a section on systemic risks in the introductory chapter and Principle 2 stresses that an FMI should have objectives that “explicitly support financial stability.” The focus on SIFIs is strengthened by requiring separate assessments for Central Securities Depositories and by providing additional guidance for over the counter CCPs and trade repositories.

8. The enhanced importance given to contingency planning and crisis management arrangements in preventing serious disruptions to financial systems is reflected in the revisions to several of the standards. This is also rationale for the development and adoption of the KA as a new S&C, which is specifically designed to address the legal and institutional framework necessary for the orderly resolution of financial institutions, as well as the revisions to the IADI CPs.1 Among the individual regulatory standards, IAIS introduced a new CP (CP 26) on cross border cooperation and collaboration on crisis management to ensure that a cross border crisis involving a specific insurer can be handled effectively. The BCP introduced new criteria specifically discussing crisis arrangements and resolvability. PFMI stresses the importance of arrangements for the recovery or orderly wind down if an FMI becomes non-viable. Winding down is addressed explicitly in principle 3 and implicitly in several principles dealing with the handling of risk.

9. The risks posed by regulatory arbitrage and the growth of financial activities in unregulated financial institutions and shadow banks are reflected in the standards by the increased attention to the perimeter of regulation. These risks are addressed by IOSCO by incorporating a new CP (CP 7) that requires a regular review of the perimeter of regulation, noting that the review will need to address the risk of regulatory arbitrage arising from changes to the intensity of regulation across the financial sector. In the BCP the perimeter of regulation is addressed as an essential criterion in CP 8 (Supervisory Approach) which requires that if supervisors become aware of shadow banking they are to draw it to the attention of the responsible authority. If the supervisors become aware of banks restructuring their activities to avoid regulation, they are required to address this, and generally note the importance of non-banking entities in any assessment of the risks run by a bank or banking group, and the financial system. IAIS also introduced a new CP (ICP23) that requires comprehensive group wide supervision, including group wide reporting, inspections, capital adequacy, investment and market conduct. This would address regulatory arbitrage activities undertaken by insurers, as in the case of credit derivatives trading conducted by AIG during the GFC.

10. The problems that perverse incentives can cause excessive risk taking are addressed in several of the standards. IOSCO has added a new CP (CP 8) to ensure that conflicts of interest and misaligned incentives are avoided. Conflicts of interest are covered in the BCP (CP 20) dealing with transactions with related parties and stricter requirements for the risk and control functions were introduced in various CPs (CP 14, CP 15, CP 26, CP 27). Stricter rules on related party transactions are also included in CG (Chapter III). The KA seek to address the moral hazard created by the problem of “too-big-to-fail” by providing a framework for resolution of SIFIs without the use of public funds while maintaining their critical functions. The IADI CPs elevate the attention to moral hazard concerns, which are now addressed within all relevant CPs. ISA recognizes the importance of that incentives play in the role of auditors in presenting their findings to Directors. IAIS also introduced a new risk management CP (ICP 16 enterprise risk management), including risk appetite and own risk solvency frameworks.

11. The need for enhanced disclosures to strengthen market discipline is highlighted across the financial regulatory standards. The BCPs include a new CP (CP 28) on disclosure and transparency on bank reporting and publications. Disclosure requirements are highlighted by IOSCO CPs 16 and 18 on the quality of accounts. IAIS includes a new CP (CP 20) on Public Disclosure that requires insurers to disclose information to give policy holders and market participants a clear view of their business, performance and financial position. IADI CPs include a new principle (CP 10) on public awareness that notes that to protect depositors and contribute to financial stability, it is essential that the public be informed of the benefits and limitations of deposit insurance. To enhance the value of external audits, ISA now requires auditors to report to shareholders and boards on key audit matters (ISA 701). Enhanced regulation for loan loss provisioning (IFRS 9) also reflects a response to shortcomings in underlying conditions. Finally, transparency provisions were strengthened in the PFMI (principles 23 and 24).

12. The role of strong corporate governance arrangement in mitigating risk has been reflected in several S&C. The CG code was strengthened significantly in 2015, including an enhanced attention to the role of the Board in risk management. The BCP included a new principle (CP 14) enhancing the requirements for robust corporate governance policies and processes. IAIS (CP 7) introduced a similar requirement for the insurance supervisor in its oversight of the insurance industry. The importance of cooperate governance is also reflected in revisions to IADI (CP 3), requiring the deposit insurer be operationally independent, well governed, transparent, accountable and insulted form external influence. Corporate governance provisions were also strengthened in the PFMI (principle 2).

13. The importance of domestic and cross border collaboration and cooperation is elevated as part of the revisions to the S&C. These revisions are usually accompanied with more specific guidance in the CPs on information exchange with domestic and foreign authorities. For example, the BCPs enhanced its requirements for cooperation and collaboration with domestic and foreign supervisors in a revised CP 3. IAIS revised its CP on supervisory cooperation and coordination (CP 25) to help ensure effective entity and group wide supervision, and adopted a new CP (CP 26) on cross border cooperation in crisis management. The KA outline the standards that should apply for collaboration and cooperation in the recovery and resolution of G-SIFIs with an international presence in several jurisdictions, including the need to establish cross border crisis management groups (CMGs) and cooperation and information sharing arrangements (COAGs) for all G-SIFIs. Cooperation and coordination among supervisors and overseers of FMIs were explicitly addressed in Responsibility E of the PFMI. Also, the revised ICR includes a new principle dealing with the insolvency of international enterprise groups.

B. Revisions to Reflect Lessons from and Approaches to Assessments

14. Revisions to the S&C and the related assessment methodologies (AM) have taken account of the experience with assessments. Two issues have received greater attention: (1) How to ensure that assessments are proportionate to the country circumstances and the risks posed by the sector? and (2) What role should an assessment of the effectiveness of the application of the S&C in achieving their objectives play in evaluating compliance with the S&C? These issues are important for the role of S&C assessments in supporting national policies as well as IMF surveillance and World Bank development objectives. The greater the attention to “proportionality” and to “effectiveness”, the greater the policy relevance of the assessments.

Proportionality of assessments

15. An ongoing challenge in designing the S&C and the related AM highlighted in assessments of the standards is how to take account of different country circumstances. While the S&C are often presented as the minimum standards that all countries should comply with, assessments find that that the country circumstances vary greatly in terms of the stage of development, complexity, sophistication and national and international importance of the sector under review. The risks posed by individual sectors to the financial system and the economy can vary greatly between countries at the same stage of development. The challenge is how to reflect the differences in the country circumstances in the S&C and/or the approach taken in the assessments, while maintaining the S&C as a benchmark that is applicable across countries.

16. The standard setters have adopted different approaches to introducing proportionality into the assessments. Historically, the IOSCO CPs, recognizing the diversity among securities markets, have taken the approach that there is “often no single correct approach to a regulatory issue.” The CPs explicitly acknowledge that legislative and regulatory structures vary across jurisdictions, reflecting local market conditions and historical development. To assess IOSCO CPs, assessors must have a complete and clear description of the jurisdiction’s capital markets to identify the topics to be addressed. A jurisdiction could satisfy an assessor that its approach, while not explicitly described in the AM, nonetheless meets the objectives of a principle, or could explain why that principle is not applicable.

17. The revisions to the AML/CFT standard and AM represent a significant increase in focus on the “risk-based approach” and country circumstances. The assessment of a country’s ML/TF risks are now to be at the center of the countries’ efforts, and of AML/CFT assessments. A new CP, Recommendation 1, requires countries to identify, assess, understand and mitigate their ML/TF risks. It requires country to apply a risk-based approach to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with identified risks. It allows countries to apply simplified measures under some of the Recommendations, and in certain circumstances, to exempt certain sectors or activities where there is a proven low risk of ML/TF. The AM notes that the starting point for every assessment is an understanding of the country’s risks and context and that this understanding is critical to evaluating technical compliance with Recommendation 1 and the risk-based elements of other recommendations, as well as the effectiveness of the AML/CFT system (see below).

18. BCPs are the minimum to be applied in all jurisdictions, but assessments must consider the context in which supervisory practices are applied. Proportionality is to be considered in terms of the risks posed by banks, the banking system, and the stage of development of the financial system. All CPs are assessed and rated in all countries (except for an exceptional use of a not applicable (NA) designation) but the concept of proportionality is to permeate all principles. Higher risks and complexity are reflected both in the supervisor’s expectations regarding banks— such as on risk management, prudential requirements, transparency, resolvability—and in what is required of supervisors—higher intensity of supervision, and more advanced supervisory approaches and techniques. The country circumstances are also considered in the assessment when assessing the materiality of the findings. The principle may be non-applicable, or deficiencies even in essential criteria can be considered non-material given the country and financial system characteristics.

19. IAIS adopts a similar approach to BCPs. The IAIS CPs are to apply to insurance supervision in all jurisdictions regardless of the level of development and sophistication of the insurance market. Nevertheless, individual CPs gives supervisors flexibility to tailor certain supervisory requirements to be commensurate with the complexity and risks posed by individual insurers. It also emphasizes the importance of considering the domestic context, industry structure, and stage of development of the financial system.

20. The KA are intended to be minimum requirements that apply to systemic financial institutions in all jurisdictions, though the AM recognizes that the resolution regime should be proportionate to the complexity and systemic importance of the firms. Certain of the KAs are aimed specifically at G-SIFIs and jurisdictions that are home or hosts to G-SIFIs.2 Grading of the KAs should consider the structure and complexity of the financial system. Jurisdictions may also seek to demonstrate that certain KAs or essential criteria are not applicable but as with BCP assessments, the use is strictly limited.3

21. The revisions to the World Bank-led codes (CG, ICR, and A&A) have not changed the basic approach that the principles are minimum criteria intended to apply to all jurisdictions. IASB, however in 2007 took the approach of developing a new set of IFRS for small and medium sized enterprises. Also, methodology documents for CG and ICR point out that the focus is on outcomes, and that outcomes can be achieved in different ways in different jurisdictions, e.g., protection of minority shareholders. The CG code only applies to listed companies, which in many jurisdictions is a limited number. To reflect this, the World Bank has divided countries into three tiers depending on the size of their capital markets. Tier 3, which has poorly developed equity markets and regulatory frameworks will no longer be subject to full detailed assessments. Conditioned by the availability of resources, in Tier 1 countries will always receive full assessments, and tier 2 will do so under certain circumstances.

22. The PFMI, MFPT and DQAF use the minimum required approach, in that all countries should comply with the minimum standards. For PFMI the minimum approach is consistent with the nature of the risks in FMIs that are uniform across jurisdictions. The approach to data quality takes account of country circumstances in the SDDS and GDDS initiatives. The MFPT has not been updated.

23. In contrast to the standards discussed above, the revised FTC explicitly differentiates based on different levels of country capacity and development. Whereas the old 2007 code provided a single best practice standard for each principle, the new code distinguishes between basic, good, and advanced practice in recognition of the need to differentiate to take account of country circumstances. Basic practice is viewed as a minimum standard that should be achievable by all countries, good practice provides an intermediate goal post, and advanced practice reflects best international standards and is the standard that should be achieved in advanced economies. Moreover, in assessing compliance the FTC now benchmarks against peer groups as an indicator of relative performance.

Assessing Effectiveness

24. Another issue highlighted in assessments is how the S&C should consider the effectiveness in the application of the S&C in terms of outcomes. Historically, most of the S&C focused on the institutional, organizational, and legal and regulatory arrangements that form the framework for the application of the S&C. Less attention was paid to examining outcomes, i.e., do the S&C achieve their intended objectives, for example of mitigating risk in the financial system? In part this is because the latter is more difficult to assess than, for example, the legal and regulatory framework, and involves a greater exercise of expert judgment and potentially different assessment skills. Nevertheless, it is the capacity of the S&C to deliver the actual outcomes that matters from the perspective of assessing the adequacy of the policy framework.

25. Experience with the relevance of S&C increasingly points to the importance of assessing not only the institutional, organizational and legal and regulatory framework (or the de jure elements) but also the effectiveness of the arrangements in achieving actual outcomes (the de facto performance). An assessment of the de jure elements may not provide a good indicator of how the regime performs in practice and assessments of compliance based on the de jure elements may provide unwarranted confidence in the risk mitigation framework. The focus of assessments on the de jure elements may explain why compliance ratings against S&C are poor predictors of financial crises as the compliance ratings may over-estimate the extent to which risks are mitigated by the regulatory regime.4

26. The importance of properly assessing risk and outputs was a major factor behind the complete reworking of the FTC. Focusing on the information required for effective fiscal management and surveillance, the Code was redrawn into four pillars, with the third pillar focusing on fiscal risk analysis and management. Its 12 principles are grouped under three categories, risk disclosure and analysis, risk management, and fiscal coordination. The code was changed to address quality and adequacy of output, rather than procedures. It now puts greater emphasis on the quality of published information as a more objective basis for evaluating the degree of effective fiscal transparency.

27. The AML/CFT AM has been fundamentally revised so that assessors must assess the effectiveness of the AML/CFT regime as well as technical compliance. Under the revised approach, assessments include two sets of ratings, one for technical compliance and another for effectiveness. The AML/CFT AM sets out detailed criteria for assessing technical compliance under the 40 recommendations, specifies the core issues for conducting assessments of effectiveness under eleven immediate outcomes, and emphasizes the use of both quantitative indicators and qualitative factors in the evaluation. The AM focuses on both the authorities’ and the industry’s results in achieving the desired outcomes.

28. For A&A, assessors review a sample (20-30) of financial statements to assess the extent to which official standards are being implemented. Also, the new assessment methodology contains a dedicated section that takes an in-depth analysis of the robustness of the institutional framework for corporate reporting. Indeed, actual implementation of accounting standards is frequently found to fall short of official regulations, in part because of the complexity of IFRS and the lack of experienced accountants. Similarly, other internal methodology documents of the World Bank stress the need to assess effectiveness (CG, ICR).

29. Assessments of the BCPs are expected to assess effectiveness of regulators/supervisors in supervising banks. Assessments are not intended to audit the banks’ portfolios and practices, but examine the quality of the supervisor’s assessments of these practices and their capacity to challenge banks, assess risks, prevent unsound practices and enforce corrections. Assessors interview banks, review banks reports, supervisory files, and discuss in detail the supervisory risk assessment of banks, including the risks to the banking sector, the effects of macroeconomic developments, and cross border spillovers. The assessment examines how banks factor these elements into their risk management and how supervisors challenge banks’ risk management. In addition, there is a heightened focus on the actual use of the supervisory powers, in a forward looking approach through early intervention. The new BCP are divided in two parts: requirements on supervisors, and requirements on banks.

30. IAIS requires the implementation of the standards to achieve the objectives of insurance regulation and supervision. The AM notes that the possession of legal authority is not sufficient to demonstrate compliance with the CPs; the supervisor has also to demonstrate that the powers can be exercised in practice and that it can ensure that supervisory requirements are implemented. Assessments, therefore, review the resources and capacity of the supervisor to exercise its authority.

C. Revisions to Incorporate Emerging Best Practices

31. The updates to the S&C have also incorporated changes to best practices in their sector. In most cases, the updates expand the scope and length of the S&C and the number of criteria to be assessed. The section below describes how the various S&C have been modified in this regard.

32. In the BCP, emerging best practices are reflected in additional criteria, allowing for more flexibility in the proportional approach to assessments. In earlier versions of the BCP, ratings were based only on the essential criteria. Under the revised BCP, countries can elect to be assessed and rated using the additional criteria as well as the essential criteria. In addition, in revising the BCP, 34 additional criteria in the earlier standard were upgraded to essential criteria and 34 new assessment criteria were added reflecting the changes international standards. The 16 additional criteria reflect best practices and be aspirational for most supervisors. The BCBS expects that over time the additional criteria will become standards, and that grading against the additional criteria will provide incentives to countries, especially the most sophisticated financial centers, to “lead the way in the adoption of the highest supervisory standards”. In addition, the BCPs reference the Basel capital regime (Basel I, Basel II and Basel III), but assessments against the CP do not require countries to comply with specific capital standards except where they have voluntarily agreed to do so (CP 16). The BCP includes references to standards, best practices, and guidance documents issued by the BCBS. The revised BCP also merged the AM and the CPs into a single document.

33. The other regulatory S&C vary in terms of how they have incorporated best practices. For example, the IAIS CPs have been grouped into three levels, statements, standards and guidance material. The guidance material provides best practice on what is meant by the statements and standards and where possible examples of how to implement them. The AML/CFT Recommendations have been updated, notably to include a greater focus on ML/TF risks, strengthen certain parts of the standard (e.g. on transparency of legal persons and arrangements), and to incorporate tax crimes as predicate offenses to ML. In addition, the FATF issues Guidance and Best Practices Papers to provide additional background information on country practices. IOSCO’s AM builds on their set of reports and resolutions that that underlie effective securities regulation and the tools and techniques necessary to give effect to IOSCO CPs. Finally, the IADI CPs have been updated to reflect emerging best practices including governance, depositor reimbursements, use of insurance funds in resolution, role in crisis preparedness and incorporating considerations related to the operation of Islamic deposit insurance systems. The IADI CPs also now include the role of deposit insurance in promoting financial inclusion in the preamble.

34. The revised FTC incorporates several advances in best practice for fiscal management. Some examples are the publication on fiscal activities of the entire public sector, full balance sheets, monthly fiscal reporting of general government, and publication of audited financial statements. Risks addressed include macroeconomic shocks, guarantees and other contingent liabilities, financial sector vulnerabilities, natural resources and environmental factors, and public corporations, among many others.

35. The World Bank-led S&C have also been revised in this regard. ICR revisions incorporate updates of best practice in insolvency law reflected in the continued work of UNCITRAL published as Columns 3 and 4 of their model law. A&A are adapted by ongoing work to refine individual IFRS and to add new ones. International audit standards are also kept under continued review to reflect best practice; a good example was the new ISA on the responsibilities of Auditor’s in their reporting to the Executive Boards of companies. Revisions to the CG also mainly reflect changed best practice in response to increased complexity in the investment chain, the changing roles of stock markets, investment strategies and business practices which have been addressed in the new Chapter III.

D. Cross Referencing Different S&C

36. Some of the revisions to the S&C and AM are intended to improve cross referencing within the various policy areas. In some cases, the rationale for such revisions is to take account of developments in other S&C and to reduce duplication in the assessments. However, for specific CPs the use of cross referencing to overlapping S&C is mixed. There are several reasons for this, including the frequency with which the different S&C are assessed and the objectives and scope of the different assessments. Examples of cross referencing are noted below.

  • The BCP AM recognizes that where a recent AML/CFT assessment has been conducted, assessors may rely on that evaluation in assessing CP 29 on abuse of financial services. The new CP 14 on Corporate Governance draws from principles of corporate governance published by the OECD, and CP 13 on home-host relationships references the KA on group wide resolution plans. Another area of potential overlap with the KA is in CP 11 Corrective and Sanctioning Powers.

  • IAIS AM makes extensive reference to FATF documents as part of the assessment of CP 22, on AML/CFT, but does not specifically state that assessors can rely on recent AML/CFT assessments. Some other areas where there is potential overlap with other S&C are IAIS CP 7, Corporate Governance (with CG), IAIS CP 12, Winding-up and Exit from the Market (with the KA where SIFIs may be involved), and IAIS CP 20, Public Disclosure (with A&A).

  • IOSCO includes a number of principles dealing with accounting and auditing (CP 19 on auditor oversight, CP 20 on auditor independence, and CP 21 on audit standards) and where there is a potential for cross reference assessments against A&A.

  • When assessing a resolution regime for FMI the KAs requires assessors to have regard to any assessments against the CPSS-IOSCO FMI and the explanatory note on use of deposit insurance funds in resolution cross references the IADI CPs.

  • The IADI CPs has been updated to ensure consistency with the KAs. In the KA AM for the banking sector, assessors can rely on the BCP and IOSCO assessments when reviewing supervisory approvals to support cross-border resolutions (explanatory note to KA 7). Another area for cross referencing is in KA 11 (Recover and Resolution Planning), to BCP assessments (or visa-versa).

  • AML/CFT Recommendation 26 on Regulation and Supervision of Financial Institutions explicitly mentions that, for financial institutions subject to the BCPs, the regulatory and supervisory measures that apply to prudential supervision and are relevant to money laundering and terrorist financing should also apply for AML/CFT purposes. The CG code also includes references to accounting standards, which are to be “high quality standards” and notes that most countries mandate “internationally recognized standards” (Chapter V). No specific reference to the codes for accounting and auditing are made, however.

  • The PFMI does cross-reference the KA, but does not contain explicit cross referencing to other S&C. The revised AM for A&A also draws on best practice from other S&C with respect to financial reporting (BCP, IAIS, IOSCO).

E. Other Revisions—Reorganization

37. Several of the S&C have been reorganized:

  • The BCP were given a more logical structure: the first 13 CPs deal with the powers, responsibilities and functions of the supervisors, while the remaining 26 CPs deal with the supervisor’s expectations for banks. The CPs and AM were merged into a single document.

  • The IAIS was revamped: the CPs have been reorganized into a more logical structure, and the assessment criteria grouped into three levels: statements, standards and guidance.

  • The CRDI was expanded by combining the KA with the IADI CPs. IADI was revamped: the CPs and AM were merged into a single document and the CPs reorganized into a more logical structure.

  • The FATF 40 Recommendations on AML +9 Special Recommendations on CFT have been merged into 40 Recommendations on AML/CFT.

  • PFMI was merging, harmonizing and expanding three earlier codes

  • FTC was significantly reorganized to reflect increased emphasis on risks and to focus on outcomes rather than procedures.

  • CG was reorganized and strengthened in line with the observed need for stronger corporate governance.

F. Implications of the Changes to the S&C

38. Revisions to content have strengthened the relevance of S&C to member countries, for IMF surveillance and for identifying critical areas for follow up technical assistance. Changes to the S&C that reflected the lessons of the GFC introduced important new elements into the standards assessments that enhance their relevance for risk identification and mitigation. Key changes include the new attention to:

  • Identifying the main risks (fiscal, financial, ML/TF) and the adequacy of measures to address the risks;

  • Systemic risk (and SIFIs) in the regulatory standards. These changes complement the heightened attention to systemic risk analysis and macro-prudential policy by national authorities and in FSAPs and Article IVs;

  • Crisis resolution is an important new area that fills a gap in the regulatory architecture and provides a benchmark for reviews of crisis preparedness and crisis management in FSAPs and for identifying areas for follow up assistance;

  • Cross border collaboration and cooperation, which supports the multilateral surveillance of the Fund;

  • Public disclosure and transparency in the regulatory standards, and the revisions to the World Bank-led standards, that enhance market discipline;

  • Perverse incentives that are sources of underlying vulnerabilities in economies and financial systems, and to identifying risks in shadow banks.

39. Revisions to the approaches to assessments make them more relevant to countries’ policy discussions and complement IMF surveillance and WB development objectives. Some of the AM for the S&C have been revised to give greater attention to (i) jurisdictions’ circumstances and risks when preparing the assessment; and (ii) the effectiveness of the S&C in achieving their objectives. These revisions complement the IMF surveillance and the WB developmental objectives by making the assessments more targeted by highlighting risks and by identifying the effectiveness of the policies. Recommendations can then be prioritized toward addressing significant shortcomings of direct policy relevance. These advances in the S&C are relatively recent and it will take time to assess their effectiveness.

40. The new approaches to assessments have not been the same across the standards. Some of the S&C have not been updated (monetary and overall statistical framework). Different standards take different approaches to treating country circumstances and assessing effectiveness. BCPs and IAIS, are the minimum that should apply in all countries, while the revisions adopted to the FTC have sought to differentiate the standards applied depending on the stage of country development.

41. The above improvements to the S&C come with a resource cost. The addition of new assessment areas has increased the number of CPs and essential criteria that must be reviewed. Tailoring an assessment to specific country circumstances and risks requires in depth knowledge of the country and sector to be reviewed. Assessing effectiveness requires a review of statistical and other information and assessment of actions by the industry as well as the authorities. All of these increase the resource cost of an assessment, potentially significantly, and aspects require new assessment skills.

Experience With S&C Assessments

42. The structure and content of reports vary greatly across the S&C, reflecting the degree of complexity of the issue being addressed and the nature of the assessment/review. Also, outputs may take several forms, including formal assessments resulting in ROSCs or detailed assessment reports (DAR) or focused reviews resulting in technical notes (TNs) or inputs to the FSSA reports. The Fund and the Bank also use the S&C heavily in their broader financial stability work. For example, in surveillance and in technical assistance reports frequently draw extensively on the S&C without doing a formal assessment.

43. There is no official definition of the term ROSC. For regulatory standards (BCP, IOSCO, IAIS, PFMI) and MFPT, the ROSC is a summary of the detailed assessment (DAR) and includes a summary of key findings and recommendations and a prioritized action plan to enhance compliance. In the case of AML/CFT, a peer review by the FATF and FSRBs is presented as Mutual Evaluation Report (MER) —which, like IMF or WB DARs, can then generate an AML/CFT ROSC. Some regulatory ROSCs include ratings of compliance, but not all. The DARs and ROSCs offer the possibility of a response by the authorities to the assessments. For several other S&C, including those assessed by the World Bank (CG, ICR, A&A), and the Data ROSC, the ROSC includes the DAR. In the case of one code (the Fiscal Code), the title ROSC has explicitly been eliminated, and the published assessment is now called a fiscal transparency evaluation. The A&A assessments are the only ones that do not include ratings for compliance as part of the ROSCs or DARs.

44. In most cases, assessments were published as ROSCs attached to FSSAs, standalone ROSCs, or standalone DARs. Most assessments of regulatory standards and codes were prepared in the context of FSAPs and the resulting ROSCs were included as attachments to the FSSA reports. Overall, significantly more assessments were published as standalone DARs than as standalone ROSCs. Besides formal assessments, a significant number of reviews of standards that were published as technical notes.

45. TNs have increased relative to ROSCs and DARs. A total of 380 DARs, ROSCs, and TNs were produced during 2011-16. Of the total, 295 (or 78 percent) were published. The publication ratio varied significantly among standards, with very few ICR ROSCs published.

46. The number of assessments has declined somewhat over the last six years, and for some S&C quite significantly, particularly for data, monetary, and corporate governance (Table 3). While this is partly explained by the completion of initial assessments for many countries, factors also include increased resource costs. In the case of those standards assessed by the World Bank, the absence of a dedicated budget allocation appears to have played a role in limiting the number of assessments. Changes to the AML/CFT standard and AM caused a temporary slowdown in the assessment cycle. Revisions to the AML/CFT AM have significantly increased the resource costs of assessments, reducing the number of assessments that can be conducted by the IMF/WB within the same budget envelope. As a result, most AML/CFT assessments are conducted by the FATF and the FSRBs.

47. The fact that the monetary standards and the overall data framework have not been updated may have also contributed to the low number of assessments, as these standards may have become less relevant to members and the work of the IMF/World Bank. In the case of the data standard, other data initiatives—notably the SDDS, SDDS Plus, and GDDS/e-GDDS—have taken on an increased importance. The monetary standard does not account for revisions to lender of last resort, monetary, and financial policy practices that followed the GFC and this may have limited the interest in reassessments under the standard. Contrast the number of assessments of data and monetary standards with those of the FTC, where assessments received a new lease on life following revisions to the fiscal code.

48. The bulk of assessments have been conducted in the context of FSAPs.5 There is no central direction regarding which standards and codes should be assessed for a given country. But an implicit prioritization of financial regulation, supervision, and market infrastructure is evident. As these standards become more complex, more relevant, and require more resources to assess, their prioritization may crowd out the assessment of S&C assigned a lower priority.

Table 3.

Number of ROSCS and TNs by Standard and Code1/

article image

Includes IMF S&C outputs published or shared with the Board.

Evaluation of Assessments and Reviews

A. Resource Impact of Revisions to S&C Assessments6

49. It appears the revisions to the regulatory standard and codes generally increased the resource costs of the assessments. The experts did not have access to the direct budgetary costs of conducting assessments. However, the resource costs can be partly inferred from (i) the staff assigned to conduct detailed assessments; and (ii) the length and complexity of the DARs. These measures are, nevertheless, imperfect as they do not account for preparatory or review time or the resources assigned by the authorities to support the assessment missions (e.g., preparing self-assessments in advance of the missions).

50. The revisions to the BCPs have significantly increased the length of DARs. For example, comparing the 2016 and 2011 assessments of the UK, the 2016 detailed assessment report that used the updated BCPs is more than double the length of the 2011 detailed assessment that used the earlier methodology (293 pages versus 131). The difference in length can be attributed directly to the 2012 changes to the BCP (i.e. adding new CPs and essential criteria, enhancing the focus on implementation and enforcement of powers, and including the option to assess additional criteria). In addition, steps by the assessors (as well as by the Fund and Bank through the review process) to improve quality has added detail to reports. The length of the UK detailed assessment report using the 2012 methodology is not out of line with other assessments. For example, the 2014 detailed BCP assessment report for Georgia, a country with a much less sophisticated banking system is 216 pages, the 2014 BCP detailed assessment report for Canada is 240 pages, and the 2013 BCP assessment of Hong Kong (SAR) 361 pages. For IAIS, the revised AM is 397 pages and DARs have increased to up to 150 pages in length. The DARs prepared for IOSCO were 187 pages in Malaysia and 175 pages for Switzerland.

51. Other revisions to the regulatory S&C that appear to require significant additional resources are the use of the KA in reviews and the assessment under the revised AML/CFT AM. Reviews of the KA that have piloted the detailed AM involve 5-6 assessors (though this may partly reflect the newness of the code and the number of sectors covered.)

52. As some of the standards and codes have become more comprehensive and complex, resource implications have also dictated the need for a change in the approach to assessments. For example, the 2012 issued PFMI significantly increased the scope and complexity of the code. While earlier a decision typically was made to assess either a systemically important payments system or a systemically important securities settlement system, the standard now includes Systemically Important payments systems, central securities depositories, securities settlement systems and central counter parties. In developed markets there may be 6-8 such systems. And unlike the supervisory and regulatory codes, a comprehensive FMI assessment should include not only the regulatory and supervisory structure, but also the risk management frameworks and governance of individual FMIs.

53. The World Bank assessed S&C are very resource intensive. While the evolutionary nature of changes to the codes may not have added significantly to that burden, changes to budgetary procedures within the bank has highlighted this resource cost and have contributed to the observed slowdown in assessments.

54. The quality of the assessments reflects the background and experience of the assessors. Assessment criteria are only one element in evaluating regulatory and supervisory arrangements. The experience and expertise of the assessors in evaluating the arrangements against the criteria is also critical. Changes to the S&C have made the expertise of the assessors even more important.

  • The increased emphasis on assessing not only the adequacy of the legal and regulatory framework but how it is implemented, requires practical operational experience with the regulation and supervision;

  • New skills may be needed to assess the underlying effectiveness of the S&C in achieving their objectives, e.g., capacity to assess statistical indicators of performance;

  • Where a decision is made to prepare a review in the form of TN rather than a DAR, the assessor’s expertise is critical in designing the topics to be covered in the TN.

55. The need to have experienced assessors may introduce an additional resource constraint for assessments. The IMF/WB need to ensure that experts they have the skills to assess the new elements of the S&C. This is not a trivial exercise as the total pool of experts with the requisite skill set to assess the more complex standards is quite limited.

B. Focused Reviews

56. How to decide between formal assessments resulting in ROSCs and DARs and focused reviews resulting in technical notes or inputs to FSAPs varies between standards.

  • For the financial standards, there has been agreement that standards will be used in one of two ways: (i) formal, graded assessments that assess all the principles under a standard, provide ratings, and result in a detailed assessment report and (ii) focused reviews that benchmark against a standard but do not provide ratings and result in a technical note or input into an FSAP. The IMF has also reached agreement with standard setters on sets of base principles that can serve as starting points for focused reviews.

  • For non-financial standards, assessors are considering how to streamline assessments. For example, under corporate governance the World Bank has proposed streamlining detailed assessments, including by focusing on a subset of questions (115 versus the full set of 727) and making benchmarking optional. Similarly, under the accounting and auditing standards the World Bank is considering how to learn from the experience with “quick ROSCs” and both the A&A and FTE allow a modular approach.

57. Both these two types S&C work are voluntary for the country authorities and should be based on a joint decision with Bank/Fund staff based on several factors. This would help to avoid issues that arose in adjusting for country circumstances and which hampered assessments in some cases including in A&A. Such factors could include the importance of the sector, the magnitude of vulnerabilities, the country’s priorities, and the extent of changes in the standards or country circumstances since the last assessment. For non-financial standards, which allow assessments of a subset of principles, the choice of coverage could reflect similar considerations as well as other factors such as a country’s level of development.

C. Accessibility of Findings

58. On balance, the revisions to the S&C have made the DARs longer and more complex. Analysis of compliance with a single principle in a DAR can run to several pages and involve highly technical and nuanced discussion of the practices that are applied. In a few recent cases, DARs have been published without an accompanying summary ROSCs. Where financial regulatory DARs are prepared, the accompanying ROSC provides a summary of the findings and prioritized recommendations in a relatively short document. As S&C have become more complex, the preparation of ROSCs becomes even more important. In addition, when a TN is prepared, there is no separate summary of the findings. Financial regulatory TNs are usually prepared in the context of an FSAP and the FSAP can summarize the findings as part of the overall assessment of the financial system. Despite being the result of focused reviews, some TNs can be nearly as complex as DARs, increasing the importance of presenting a clear and effective summary. Moreover, for some standards (e.g. ICR) many TNs are not published.

59. Going forward, greater attention could be given to accessibility of results for policy makers and market participants. In particular, non-technical summaries could improve traction. Where DARs are prepared, the accompanying ROSC provides a summary. The preparation of a summary ROSC becomes even more important when the standards become more complex. Attention should also be given to the accessibility of results when TNs are prepared.


60. There have been significant revisions to the S&C and standards assessments since last review. The main changes include (i) greater attention to identifying risks; (ii) incorporation of lessons from the GFC, notably a focus on systemic risk, transparency, corporate governance, crisis management and incentives; and, (iii) increased attention to country circumstances and an emphasis on assessing effectiveness in the application of the S&C. These revisions have significantly enhanced their richness value for country authorities and the Fund and the Bank.

61. However, this analysis has also found that the growing complexity of S&C have resource implications for members and assessors. Post-crisis assessments tend to require more staff to assess the revised standards, often with more in-depth experience, which may be in short supply. Also, the assessments have become much longer and complex. As stand-alone assessments, this outcome may also have costs in terms of clarity and uptake for policy makers and other market participants. In general, the increased complexity of many S&C and increased document length, places a premium on ensuring that DARs and/or TNs contain a high-quality summary of findings and key recommendations.

62. This may have created tensions within the initiative. To address this tension the IMF and World Bank could consider how costs can be accounted for in the design of the standards for which they are standard setters. Resource costs are especially important for low and middle income countries. One approach would be to follow the lead of the Fiscal Transparency Code which allows for basic, good, and advanced practices and benchmarking against peers to reflect a country’s stage of development. Another possibility is to consider a modular approach the IMF and World Bank’s standards.

63. As the approach is still developing, it is still unclear whether focused reviews will help alleviate some of the tensions more generally. As formal assessments and focused reviews are voluntary for country authorities, the approach will continue to be decided by agreement between staff and the authorities. As experience develops, the IMF and the World Bank could draw lessons regarding their use and resource implications.

Annex I. Sample of DARs, ROSCs, and Technical Notes

article image

IADI CPs include a new principle (CP 6) on deposit insurer’s role in contingency planning and crisis management, CP 13 discusses the deposit insurer’s role as part of the framework for the early detection and timely intervention in troubled banks, and other CPs (CPs 9, 14) elaborate on the deposit insurer’s role in resolution.


KAs 8 and 9 on Crisis Management Groups and institutions specific cooperation arrangements, and KA 10 which requires resolvability assessments for at a minimum G-SIFIs.


The rational is that even if a criterion is not applicable at the time of the assessment, it may become so in the future as the system evolves. This rational is somewhat at odds with the general approach in the assessments which is to assess the system as it exists at the time of the assessment.


This role of S&C compliance as predictors of financial crises was discussed in the last review of the initiative.


Except for AML/CFT where most assessments are now conducted outside the FSAP (owing to the difficulty in synchronizing the FSAP and AML/CFT assessment schedules—there are fewer FSAPs per year than AML/CFT mutual evaluations, and the Fund and FATF/FSRBs have different planning horizons).


Experts evaluated a broad sample of including 15 DARs, 7 ROSCs, 2 FTEs and 21 TNs. Annex I lists the documents reviewed.