LogoRegulatory Alerts
2016-09-08

Compliance with Principles for Effective Risk Data Aggregation and Risk Reporting

The South African Reserve Bank directs banks to engage internal or combined internal and external auditors in conducting granular verification of evidence regarding compliance with the Basel Committee’s Principles for Effective Risk Data Aggregation and Risk Reporting. Domestically systemically important banks must submit their auditor-validated compliance reports by 30 September 2017, while non-systemically important banks will receive individually confirmed submission dates. This directive operationalizes Principle 12 by mandating periodic, auditor-led reviews to validate risk management processes and ensure robust corporate governance aligned with each institution’s operational complexity.

South African Reserve Bank logo

South Africa

South African Reserve Bank

Click to view thumbnail

South African Reserve Bank From the Office of the Registrar of Banks

Ref.: 15/8/3

D5/2016

2016-09-01

To: All banks, controlling companies, branches of foreign institutions, eligible institutions and auditors of banks or controlling companies

Directive 5/2016 issued in terms of section 6(6) of the Banks Act, 1990:

Compliance with principles for effective risk data aggregation and risk reporting

Executive summary

Regulation 39 of the Regulations relating to Banks (the Regulations) requires banks, controlling companies and branches of foreign institutions (hereinafter collectively referred to as ‘banks’) to establish and maintain a robust process of corporate governance that is consistent with the nature, complexity and risk inherent in the bank’s on-balance sheet and off-balance sheet activities and that responds to changes in the bank’s environment and conditions. This process includes the maintenance of effective risk management and capital management by the bank. In order to achieve the objective relating to the maintenance of effective risk management and capital management, every bank is required to have in place comprehensive risk management processes, practices and procedures, and board-approved policies.

On 13 February 2014, this Office issued Guidance Note 3 of 2014 informing banks that the Basel Committee on Banking Supervision issued the Principles for Effective Risk Data Aggregation and Risk Reporting (the Principles) and required banks to complete a self-assessment to determine banks’ readiness to comply with the Principles.

In order to further inform this Office’s assessment of banks’ compliance with the Principles and the completeness of banks’ responses related to compliance with the Principles, as required by principle 12 of the Principles, this Directive directs banks’ internal auditors, or a combination of banks’ internal and external auditors, to conduct a granular verification and validation of the evidence related to the extent of the bank’s compliance with the Principles and their related requirements.

1. Introduction

1.1 As previously communicated, this Office adopted the Principles as an integral part of its regulatory and supervisory framework.

2

1.2 Following the issuance of Guidance Note 3 of 2014 and the completion of the self-assessment against the Principles by banks, this Office wishes to further inform its assessment of banks’ compliance with the Principles.

1.3 Domestically systemically important banks (D-SIBs) are required to comply with the Principles from 1 January 2017 as set out in Directive 2 of 2015. Non D-SIBs will also be required to comply with the Principles, however the effective due date for compliance and any specified requirements shall be considered on a case-by-case basis and shall be agreed and confirmed in writing by this Office with each relevant non-D-SIB individually.

1.4 Principle 12 of the Principles states that Supervisors should periodically review and evaluate banks’ compliance with the eleven Principles and should draw on reviews conducted by the internal or external auditors.

2. Directive

2.1 Based on the aforesaid and in accordance with the provisions of section 6(6) of the Banks Act, 1990, banks’ internal auditors, or, at the discretion of the bank, a combination of the bank’s internal and external auditors, are hereby directed to conduct a granular verification and validation of the evidence related to the extent of the bank’s compliance with the Principles and their related requirements.

2.2 D-SIBs are required to furnish this Office with the related report on or before 30 September 2017.

2.3 Non D-SIBs will be required to furnish this Office with a report related to the matter in question upon a date that will be communicated in future with each relevant non-D-SIB individually.

2.4 As noted hereinbefore, this requirement will form part of this Office’s initial review and this Office is likely in future to require specified verification or validation work to be conducted by banks’ external auditors.

3. Acknowledgement of receipt

3.1 Two additional copies of this directive are enclosed for the use of your institution’s independent auditors. The attached acknowledgement of receipt, duly completed and signed by both the chief executive officer of the institution and the said auditors, should be returned to this Office at the earliest convenience of the aforementioned signatories.

[Signature]

Kuben Naidoo Deputy Governor and Registrar of Banks

Date: 5/09/2016

The previous directive issued was Directive 4/2016, dated 10 August 2016.

Share