LogoRegulatory Alerts
2007-10-01

Consolidated Supervision Guideline

The Reserve Bank of Zimbabwe mandates consolidated supervision for banking institutions, bank holding companies, financial conglomerates, and mixed activity groups to evaluate their collective financial strength and risk exposure. The framework establishes minimum corporate governance standards, including board composition and principal officer approvals, while defining qualitative and quantitative consolidation techniques for capital adequacy, risk concentration, and intra-group transactions. It designates lead supervisors to coordinate regulatory oversight, requires comprehensive financial reporting from all group entities, and mitigates contagion risk through standardized capital measurement and risk management processes.

Reserve Bank of Zimbabwe logo

Zimbabwe

Reserve Bank of Zimbabwe

Click to view thumbnail

1 TABLE OF CONTENTS PREAMBLE ......................................................................................................................... 2

  1. INTRODUCTION ................................................................................................................ 5 The Rationale for Consolidated Supervision … ......................................................................... 5 Objectives of the Guideline… ................................................................................................... 5 Types and Layers of Consolidated Supervision … .................................................................... 6
  2. MINIMUM STRUCTURAL AND CORPORATE GOVERNANCE REQUIREMENTS ............................................................................................................... 7 Board of Directors… ............................................................................................................... 7 Disqualification from Appointment to Board of Banking Group .................................................. 7 Principal Officers….................................................................................................................. 8 Responsibilities and Powers of External Auditors…................................................................... 8 Corporate Structure... .............................................................................................................. 8 Group Functions… .................................................................................................................. 9
  3. SUPERVISION ON A CONSOLIDATED BASIS ............................................................ 10 Solo Supervision of Banking Institutions… .............................................................................. 10 Examination of Banking Groups / Financial Conglomerates… .................................................. 11
  4. SCOPE OF CONSOLIDATED SUPERVISION ............................................................... 13
  5. CONSOLIDATION TECHNIQUES ................................................................................. 14
  6. QUANTITATIVE CONSOLIDATED SUPERVISION .................................................... 15 Consolidated Financial Reporting…........................................................................................ 15 Capital Adequacy Assessment… ............................................................................................ 16 Capital Measurement Techniques............................................................................................ 18 Banking Groups Not to Engage Double, Multiple or Excessive Gearing Practices... ................. 19 Risk Concentration…............................................................................................................. 20 Risk Management Processes… .............................................................................................. 20 Intra-Group Transactions….................................................................................................... 20 Large Exposures… ................................................................................................................ 21 Liquidity Management… ........................................................................................................ 21 Focus on Core Banking Activities ........................................................................................... 21 Exemptions from Quantitative Consolidated Supervision…...................................................... 22
  7. QUALITATIVE CONSOLIDATED SUPERVISION ....................................................... 23 Reporting on the Composition of a Consolidated Group… ...................................................... 23
  8. OVERALL RATING: RFI/(C)D ASSESSMENT ............................................................. 24 Risk Management (R) … ....................................................................................................... 24 Financial Condition (F)… ....................................................................................................... 25 Impact (I)… .......................................................................................................................... 25 Depository Institutions (D)...................................................................................................... 25 Composite Rating (C) ............................................................................................................ 25
  9. REGULATORY COOPERATION ..................................................................................... 26 Appointment of a Lead Supervisor… ..................................................................................... 26 Functions of the Lead Supervisor…........................................................................................ 26 Mutual Recognition / Equivalency… ....................................................................................... 27 Cooperation with other Supervisory Authorities....................................................................... 27 CONSOLIDATED SUPERVISION QUESTIONNAIRE ................................................ 29

2 PREAMBLE Short Title

  1. This Guideline may be cited as Guideline No. 02-2007/BSD: Consolidated Supervision Policy Framework. Application
  2. The Banking Act [Chapter 24:20], in particular Section 45(1)(c), empowers the Reserve Bank of Zimbabwe to monitor, supervise and investigate associates of banking institutions, hence facilitate supervision of banking institutions on a consolidated basis.
  3. This Guideline shall apply to every banking institution, bank holding company, financial conglomerate, mixed activity group, and their associates as defined in section 2 of the Banking Act [Chapter 24:20].
  4. For purposes of Consolidated Supervision, insurance companies shall be included in the consolidation to the extend of providing a qualitative assessment only but excluded with respect to Quantitative Consolidation of the banking group.
  5. Except where specifically provided in this Guideline, reference to banking groups shall be construed to mean reference to financial conglomerates, bank holding companies and mixed activity groups.
  6. Entities belonging to a banking group, whether they are regulated or not, must satisfy all requests for information issued by the Reserve Bank through the lead bank required for the purposes of consolidated supervision. Interpretation
  7. For the purposes of this Guideline the following definitions shall apply: “bank” shall mean ‘bank’ as defined in section 2 of the Banking Act [Chapter 24:20] and shall include a building society. “bank holding company” means any company, including a banking institution, that has direct or indirect control over any banking institution, in the manner defined in section 143of the Companies Act [Chapter 24:03]. (a) in addition, a person is deemed to have control over a banking institution, where the person directly or indirectly exercises a controlling influence over the management or policies of the banking institution. (b) no company is a bank holding company by virtue of its ownership or control of shares acquired by it in connection with its underwriting of securities if such shares are held only for such period of time as will permit the sale thereof, which period shall not exceed twelve months or any period as advised in writing by the Registrar.

3 “banking group” means a group of financial entities headed by a licensed banking institution or bank holding company one of whose subsidiaries is engaged in banking business; and the remainder of the subsidiary companies are engaged in financial activities. “connected counterparty” means parties connected to a banking institution and comprise; (i) group undertakings and related undertakings (i.e. fellow subsidiaries or subsidiaries of the same ultimate parent within different group structures); (ii) associates as defined in section 2 of the Banking Act [Chapter 24:20]; (iii) directors, shareholders and their associates; (iv) non-group companies with which the banking group’s directors and shareholders are associated; (v) companies linked directly or indirectly to a bank or financial institution through a management contract or any arrangement granting power to a bank or financial institution to direct or cause the direction of the management and policies of another company; and (vi) significant commercial interdependency. “consolidated supervision’’ refers to a prudential supervision approach used to evaluate the financial condition of individual banking institutions within a group and the strength of an entire group, taking into account the risks which may affect entities within the group, regardless of whether these risks are carried in the books of the bank or related entities. “control” has the meaning ascribed in the Companies Act [Chapter 24:03] and International Accounting Standards / International Financial Reporting Standards and includes the power to govern the financial and operating policies of an entity to obtain benefits from its activities. The existence of control is generally evidenced by one of the following: (a) Ownership: direct or indirect ownership of more than 50 percent of the voting power; (b) Voting Rights: Power over more than 50 percent of the voting rights or power to cast the majority of votes at meetings of the board of directors or shareholders; (c) Policies: Power to govern the financial and operating policies of the entity; and (d) Board of Directors: Power to appoint or remove the majority of the members of the board of directors. “de-facto bank holding company” means an institution which has less than 20% of the shareholding of a banking institution but has control over the management or policies of the banking institution. “financial entity” means a financial entity as defined in section 2 of the Banking Regulations Statutory Instrument 205 of 2000.

4 “financial conglomerate” means any group of companies under common control whose exclusive or predominant activities consist of providing significant services in at least two financial services sectors. “financial sector / financial services sector” means the banking, insurance and securities sectors, including asset management companies and microfinance institutions. “horizontal group” refers to a group of entities not connected through direct or indirect capital links, but which are considered to belong to the same group due to a contract or provisions in their memorandum or articles of association which provides for their management on an amalgamated basis or because the majority of their shareholders consist of the same persons or because the entities have adopted the same policies and procedures. ‘‘intra group transactions’’ means transactions by which entities within a bank holding company rely either directly or indirectly upon other entities within the same group, or upon any natural or legal person linked to the undertakings within that group for the fulfilment of an obligation, whether or not contractual and whether or not for payment. “large exposure” means any outstanding loan or advance, including off-balance sheet commitments, or aggregate of outstanding loans or advances and off-balance sheet commitments to any single person, common enterprise or corporate equalling or exceeding 10% of the banking group’s capital base. “lead bank” means one of the banking institutions in a group which is designated with the reporting obligations to the Reserve Bank for the entire group. “lead supervisor” means one of the supervisory authorities of the entities in a group which is designated as the coordinator to facilitate consolidated supervision of the group and information-sharing efforts in a timely and efficient manner. ‘‘mixed activity group’’ means a group which controls at least one banking institution as well as commercial and industrial companies. ‘‘parallel banks’’ means banks licensed in different jurisdictions that, while not being part of the same financial group for regulatory consolidation purposes, have the same beneficial owner(s), and consequently, often share common management and interlinked businesses. “shell bank” means a banking institution which— (a) does not carry on banking business and has no effective management or physical presence in the country in which it is registered or established; and (b) is not an associate of another banking or financial institution which is subject to effective consolidated supervision. 8. Any word or expression used but not defined in this Guideline, but used and defined in the Banking Act [Chapter 24:20] or Building Societies Act [Chapter 24:02] shall have the same meaning assigned to it as in those Acts.

5

  1. INTRODUCTION 1.1 The proliferation of financial conglomerates has motivated a worldwide endorsement of Consolidated Supervision as an international regulatory best practice for effective supervision of financial conglomerates operating domestically, regionally and internationally. 1.2 Consolidated Supervision promotes the overall evaluation, both qualitatively and quantitatively, of the strength of a banking group to which a banking institution belongs, in order to understand the relationship among the entities and to assess the potential impact of other entities in the group on the operations of the banking institution. 1.3 Several factors explain the increasing tendency towards conglomeration. The main ones are deregulation of financial markets; advances in computing and informational technologies; evolution of advanced risk management methodologies; increasing competition and innovation; disintermediation; globalisation; prospects for cost and revenue synergies; and diversification. 1.4 The primary objective of Consolidated Supervision is not to supervise each and every entity in the group but to supervise the regulated entity as part of the group so as to take into account the potential impact of the various group entities on the banking institution. The Rationale for Consolidated Supervision … 1.5 Financial conglomerates bring with them a number of regulatory and supervisory concerns, including but not limited to abuse of economic power; agency problems; imprudent intra-group transactions and exposures; reputation risk; moral hazard; regulatory arbitrage; conflicts of interest; complex corporate structures; and potential for risk management difficulties. 1.6 In addition, the complexity in structure and size of many conglomerates heightens supervisory concerns in respect of contagion risk (within and between groups), and double / multiple gearing through intra￾group holding of capital. 1.7 Consolidated Supervision, therefore, provides a methodology to assess and monitor how effectively a banking group identifies, measures, monitors and controls risk; to recognise incipient problems; and to keep abreast with global trend and current best practice in supervision. Objectives of the Guideline… 1.8 The objectives of this Guideline are to provide for:- a) the scope and manner of supervision of banking institutons on a consolidated basis; b) the prudential rules, terms and procedures for exercising consolidated supervision on a banking group; c) methods used to calculate capital adequacy requirements on a consolidated basis; and d) content, manner and frequency of submission of consolidated financial reports and other information to the Reserve Bank of Zimbabwe.

6 Types and Layers of Consolidated Supervision … 1.9 The Reserve Bank shall use two broad approaches to conduct Consolidated Supervision namely, Qualitative Consolidated Supervision and Quantitative Consolidated Supervision. 1.10 Qualitative Consolidated Supervision will be employed to assess the overall strength of the whole group to which a regulated financial institution belongs based on the information provided relating to corporate structure, risk management, board and management oversight, internal control enviroment among others. The non-financial entities shall be monitored largely through the evaluation of qualitative information. 1.11 Quantitative Consolidated Supervision shall be extended to all relevant financial entities within a consolidated group including the parent, subsidiary, associate and entities in which the group has at least 20% participation. This shall encompass capital adequacy, exposures, earnings, liquidity, risk concentration, etc. 1.12 Insurance entities and activities shall not be included in financial consolidation in view of the differences in banking and insurance risks. These activities shall largely be evaluated on a qualitative basis. 1.13 The determination of what constitutes a “group” is the primary step in supervision on a consolidated basis. Banking groups are generally categorised, and consequently supervised, based on the two criteria of “control” and “nature of activity”. 1.14 Five (5) broad categories of corporate groups can be identified for Consolidated Supervision purposes, namely: banking groups, financial conglomerates, mixed-activity groups, de-facto holding companies, and horizontal groups. 1.15 In general the following four (4) layers of consolidated supervision may be applied: a) Level One – the regulated entity, supervised on a stand alone basis or Solo Supervision basis; b) Level Two – deals with homogenous financial groups e.g. banking groups; c) Level Three – financial conglomerate group; deals with mixed or heterogeneous groups predominantly active in at least two financial services sectors; and d) Level Four – mixed activity group; deals with mixed or heterogeneous groups that control commercial and industrial companies, as well as banking institutions. 1.16 Except where specifically provided, in this guideline, reference to bank groups shall be construed to mean reference to financial conglomerates and mixed activity groups.

7 2. MINIMUM STRUCTURAL AND CORPORATE GOVERNANCE REQUIREMENTS 2.1 A banking group is expected to establish appropriate corporate governance, management, internal control and risk-management systems that are commensurate with its risk profile and strategy. 2.2 At a minimum, a banking group should have a Chief Executive Officer, Chief Accounting Officer, and the internal audit, risk and compliance functions. Board of Directors… 2.3 The board of every banking group shall be responsible for policy formulation relating to the institution’s businesses and subsidiaries and supervising all activities engaged in by the bank holding company and its subsidiaries. 2.4 The board of directors should establish clear organisational structures, management reporting lines, internal information systems and controls appropriate to its size, complexity and risk profile. 2.5 The operations of every banking group shall be directed by a board consisting of at least five members. 2.6 Not more than two fifths of the total membership of the board of any bank holding company shall be executive officers of the banking group. 2.7 The Chairman of the board of a banking group shall be an independent non-executive director. The quorum of any meeting of the board of any banking group shall be three fifths, provided that the officers of the bank holding company shall not form the majority of any such quorum. 2.8 All banking groups are required to seek prior written approval from the Registrar before appointing a director. Disqualification from Appointment to Board of Banking Group… 2.9 No person shall be appointed, or hold office, as a director of a banking group, if he would be disqualified from being appointed as a director of a banking institution in terms of Banking Act [Chapter 24:20] and the Corporate Governance Guideline. 2.10 A banking group shall take all reasonably practicable steps to ensure that the persons who are concerned in the direction or management of the company: – (a) are suitably qualified, and (b) are of suitable good repute, and (c) have sufficient experience to be able to perform their duties in that capacity.

8 Principal Officers… 2.11 No person shall be appointed as a Chief Executive Officer, Executive Director, manager or head of function, by whatever name called, of a banking group without obtaining prior written approval from the Registrar. 2.12 The Registrar shall grant his approval of an application for appointment to the post of Chief Executive Officer; Executive Director, manager or head of function of a banking group where he is satisfied that the applicant is suitably qualified and fit and proper to be able to perform duties in that capacity. 2.13 Every principal officer of a banking group shall be required to be fit and proper on an on -going basis. 2.14 The Reserve Bank may direct a banking group to provide it with such information concerning the qualifications, reputation and experience of the persons who are involved in the direction or management of the bank holding company as is specified in the notice. 2.15 If the Reserve Bank is satisfied on reasonable grounds that a person who is involved in the direction or management of a bank holding company:- (a) is not suitably qualified, or (b) is no longer fit and proper, it may, by notice in writing, direct the company to take such action as is specified in the notice. Responsibilities and Powers of External Auditors… 2.16 Every banking group shall appoint an external auditor, who should be registered as a public auditor in terms of the Public Accountants and Auditors Act [Chapter 27:12], selected by the audit committee and approved for appointment by the Registrar. 2.17 External auditors of banking groups shall have the same responsibilities and powers of auditors of banking institutions, prescribed in the Banking Act [Chapter 24:20]. Corporate Structure... 2.18 All banking groups shall be required to establish corporate structures that are transparent and which promote good corporate governance. Banking groups should seek prior approval from the Reserve Bank to effect significant or material changes to their organisational structures. 2.19 The Registrar may require any banking group to amend its existing organisational structure if it is deemed that the structure may hinder effective consolidated supervision. Group Functions… 2.20 Every banking group shall have an enterprise-wide risk management function whose duties shall at a minimum include aligning the group’s risk appetite and strategy, enhancing risk response decisions,

9 reducing operational losses, identifying and managing all types of risks and improving deployment of capital. 2.21 An enterprise-wide risk management process should entail the following: a) a systematic approach to risk identification; b) a common language for describing risks; c) a consistent reporting framework; d) prioritisation of risks for allocation of resources and /or capital; e) recognition of opportunities to offset or pool risks in a portfolio; f) a disciplined and structured approach to risk appetite; g) sharing of risk information across functions or business lines; and h) adequate reporting of risk disclosures to stakeholders. 2.22 Further, every banking group shall have a compliance officer who shall be responsible for assisting senior management in effectively managing compliance risks faced by the group, advising senior management on compliance with respect to laws, regulations, rules and standards and assisting senior management in educating staff within the group on compliance issues. 2.23 In addition, every banking group shall have an internal audit function whose functions shall include but not limited to reviewing the reliability and integrity of financial and operating information; reviewing the systems established to ensure compliance with those polices, plans, procedures, laws and regulations which could have a significant impact on the group’s operations; reviewing the means of safeguarding assets; and appraising the economics and efficient management of the company’s financial, human and other resources. 2.24 Every consolidated group is required to put in place an appropriate management information system to support its compliance with consolidated accounting and reporting requirements. 2.25 All group functions at head office level shall be required to be in full compliance with the provisions of the Banking Act and other prudential guidlines issued by the Reserve Bank. 2.26 The Reserve Bank may, by regulations, guidelines or directives, instruct banking groups, regarding any issues related but not limited to their management, financial condition, risk management and capital adequacy.

10 3. SUPERVISION ON A CONSOLIDATED BASIS 3.1 Supervision on a consolidated basis shall supplement rather than substitute the Solo Supervision of banking institutions. As such, the supervision of banking groups taps into the Risk-Based Supervision of banking institutions on a solo basis. 3.2 The Reserve Bank’s approach to supervision on a consolidated basis encompasses Qualitative Consolidated Supervision, Quantitative Consolidated Supervision; as well as On-site Examination and Off-site Monitoring and Surveillance of the financial entities. Solo Supervision of Banking Institutions… 3.3 The supervision of banking institutions under the regulatory and supervisory jurisdiction of the Reserve Bank is based on the Guideline No. 2 - 2006/BSD: Risk-Based Supervision Policy Framework. 3.4 The Risk-Based Supervision Policy Framework has six steps as detailed in the said guideline, namely: Step 1 - Understanding the Institution Step 2 - Assessing the Institution’s Risk Step 3 - Planning / Scheduling Supervisory Work Step 4 - Defining Examination Activities Step 5 - Performing On-site Examination Step 6 - On going Off-site Supervision 3.5 Risk-Based Supervision is a dynamic, structured and risk-oriented prudential supervision framework with key outputs at each stage, illustrated hereunder:

11 The Risk Based Supervision Framework Examination of Banking Groups / Financial Conglomerates… 3.6 The risk-based supervision of consolidated groups shall be based on Quantitative Consolidated Supervision and Qualitative Consolidated Supervision. 3.7 As with Risk-based Supervision, effective Consolidated Supervision may take place in a number of steps or phases which occur on a continuous basis to form a supervisory cycle. 3.8 The main steps in Consolidated Supervision involve: a) Determining the group structure (identifies participation levels, considers concept of control and type of business activity of each group member, i.e. uses criteria of control and activity); b) Determining the scope of consolidation (involves identifying the relevant units for regulatory as opposed to accounting consolidation);

12 c) Identifying the consolidation technique to be used. (full, pro-rata, deduction, etc for any relevant unit); d) Conducting qualitative and quantitative assessment group-wide risk (this assessment parallels the risk matrix approach used in Risk-Based Supervision (RBS). The process may derive significant input out of RBS risk ratings of the individual financial institutions.); e) ‘Updating the supervisory plan and defining the scope of additional procedures required as a result of the assessment of group-wide risk (incorporates additional measures required to provide for the required level of consolidation such as liaison with other regulatory authorities, prudential meetings, or completion of Consolidated Supervision Questionnaire, etc. may require unprecedented level of coordination and periodic meetings with other regulators to facilitate comparison of notes.) f) Determining the overall condition of the group and its entities as follows: i. Calculate the capital base (by adding capital positions in sequence Tier 1, less Tier 1 deductions; Tier II, and Tier III; ii. Bring in the risk weighted assets (credit, market and operational risks); iii. Calculate the prudential ratios; iv. Assign ratings where applicable; v. Apply corrective action, if any; and vi. Plan for next supervisory activity.

13 4. SCOPE OF CONSOLIDATED SUPERVISION 4.1 The scope of consolidated supervision shall apply to:- a) every group where the parent (i.e. the holding / controlling entity) is an institution which falls within the regulatory / supervisory jurisdiction of the RBZ; b) every subsidiary or associate of a Zimbabwean bank having cross boarder operations; c) every bank which is part of a foreign group, but operating in Zimbabwe. Provided that the extent of Quantitative Consolidation may be limited to Zimbabwean based subsidiaries and associates where the global operations are subject to effective consolidated supervision by a competent Home Country supervisory authority to the satisfaction of the Reserve Bank; d) every foreign bank of Zimbabwean origin, provided:- i. it is not subject to consolidated supervision by a competent Home Country supervisory authority to the satisfaction of the Reserve Bank; or ii. on a latest three years average test, the bulk of the assets are still in Zimbabwe; or iii. no significant amount of business, as measured by the average proportion of assets to total group assets for at least three years, and the bulk of senior management the (soul and matter of the business) is based in the new Home Country, while the local operations in Zimbabwe remain of systemic importance. 4.2 The scope of application is determined using the two criteria of “control” and “nature of activity” provided in determining the scope of consolidation, regard shall be paid to regulatory as opposed to accounting consolidation. 4.3 The scope of Quantitative Consolidated Supervision shall cover only those related entities which carry on activities of a banking or financial services nature while risks inherent in non￾financial service group companies, such as commercial and industrial activities in a mixed activity group should be assessed qualitatively. 4.4 Insurance companies that have a financial activity but are, however, not subject to financial consolidation into banking groups. De-facto Holding Companies and Horizontal groups may on the contrary be included, even if they are headed by a natural person or a group of natural persons acting in concert. 4.5 Qualitative Consolidated Supervision shall be employed to assess the strength of the whole group (including non-financial entities) to which a regulated financial institution belongs.

14 5. CONSOLIDATION TECHNIQUES 5.1 The methods of consolidation to be adopted depend on the different types of ownership that arise in a group. 5.2 Consolidated Financial Reports should be drawn up using the following methods: (a) the Full Consolidation Method - applied in the case of a subsidiary, that is, where direct and indirect equity held is at least 50%; provided the full consolidation method is also applicable in cases where participation is less than 50% where control is evidenced by power as prescribed by IAS 27. The Full Consolidation method shall mean a method of reporting assets, liabilities, income and expenses of subsidiaries controlled by the parent entity by combining and adding to each the corresponding parent entity’s item. (b) the Equity Method / Net Capital Value method – applied in the case of an associate, that is where direct and indirect equity held is between 20% and 50%. The Equity Method shall mean a method of accounting by which an equity investment is initially recorded at its cost value (the cost of acquisition) and subsequently adjusted to reflect the investor’s share of the net profit or loss of the investee (enterprise in which the investment was made). The investor’s share in the results of economic activity of thesaid enterprise shall be reported in the income statement. (c) the Fair Value Method applied in accordance with IAS 39 for investments, that is, shareholdings below 20%. In the balance sheet, the aggregate amounts of the bank holding company’s investments must be shown under separate headings as either (i) listed investments; and/or (2) unlisted investments. Shareholding below 20% is also considered minority investment and is deducted from capital. (d) Pro-rata / Proportionate Consolidation Method – applied in respect of a member of the banking group that is jointly controlled by the supervised bank and one or more banks or non-bank financial institutions as partners provided that there are no constraints on any one part to inject additional capital. Pro-rata consolidation method shall mean a reporting method under which a partner’s percentage share in each of the assets, liabilities, incomes and expenses of a jointly controlled economic unit is individually combined with the corresponding items, or reported as individual items in the partner’s financial reports. (e) If a banking institution invests in an insurance company within the same conglomerate that amount shall be deducted from capital. 5.3 The accounting consolidation shall however, exclude the results of the following entities: (a) Companies providing non-financial services; (b) Insurance companies; and (c) Companies in which the interest or holding of the supervised bank is less than 20%. 5.4 The Registrar may direct a banking group or lead bank that has subordinated non-financial parties to use the full consolidation method in preparing consolidated financial statements, where this is necessary for the purposes of full and fair presentation of the bank holding company’s financial condition. 5.5 Special prescribed modifications including use of proxies may be required when dealing with unregulated financial entities and non-financial companies.

15 6. QUANTITATIVE CONSOLIDATED SUPERVISION 6.1 Quantitative Consolidated Supervision is based on consolidated financial reports (CFRs), consolidated prudential returns (CPRs), and prudential ratios. The CFR reflects an accounting consolidation of the supervised entity with parts or the whole of the group to which the entity belongs. 6.2 The accounting consolidation shall include financial operations of subsidiaries, associates, and joint ventures and exclude non-financial services, insurance companies, companies in which the interest or holding of the bank holding company is less than 20%. 6.3 For prudential reasons the supervisory authorities may require consolidation of entities that are exempted by the accounting standard, and may also exempt the consolidation of entities that are not exempted by the accounting standard. The resultant CPR allows the supervisors to monitor several aspects of the financial condition of banking groups on a quantitative basis. 6.4 The major components of Quantitative Consolidated Supervision are as follows: (a) Consolidated Financial Reporting (b) Capital Adequacy Assessment (c) Risk Concentration (d) Risk Management (e) Intra-group Transactions (f) Large Exposures and Connected Lending Review (g) Liquidity Management Consolidated Financial Reporting… 6.5 Consolidated financial reports shall be prepared on the basis of International Accounting Standards or International Financial Reporting Standards and consistent with the provisions of the Companies Act [Chapter 24:03] and the Banking Act [Chapter 24:20]. 6.6 Every bank holding company or lead bank shall submit to the Reserve Bank, a return whose form and content is prescribed by the Reserve Bank in the Form CS 1, within 28 days from the end of each quarter, reflecting the bank holding company’s financial condition on the last day of the quarter. 6.7 The Reserve Bank may from time to time specify to each group those entities to be included in the bank’s consolidated reports. 6.8 The Reserve Bank may prescribe from time to time requirements to be complied with by every bank holding company, in regard to its financial condition. 6.9 Consolidated Financial Statements (CFS) shall be prepared as of the same reporting date, unless it is impracticable to do so, provided the difference in reporting dates shall in no case be more that three months.

16 6.10 The CFS must be prepared using uniform accounting policies for like transactions and other events in similar circumstances, across all subsidiaries. 6.11 The CFS shall include both local and foreign subsidiaries. 6.12 The lead bank shall put in place mechanisms to gather all the required information to facilitate consolidated supervision. 6.13 Within ninety days after the end of its financial year, every banking group shall submit to the Registrar audited consolidated financial reports of the bank holding company, prepared in the prescribed manner, including the following: (i) consolidated balance sheet; (ii) consolidated income statement; (iii) consolidated cash flow statement; (iv) consolidated statement of changes in equity; (v) disclosures as required by IAS 27; (vi) report on intra-group transactions; (vii) report on large exposures; (viii) appropriate notes to the financial statements, including accounting policies in the group; and (ix) a report on corporate governance in the group, and risk management reports. 6.14 Every banking group shall seek prior approval of the Reserve Bank before publication of the financial reports. 6.15 A banking group or lead bank shall notify the Reserve Bank of any intention to exclude certain entities from consolidated financial reports, stating the reasons for their exclusion, no less than 30 days prior to the reporting date and no such exclusion shall be permissible unless the bank holding company has obtained prior written approval from the Reserve Bank. Capital Adequacy Assessment… 6.16 Every banking group shall have in place capital adequacy policies and internal capital assessment techniques. 6.17 Every banking group shall maintain, on a group-wide basis, an ongoing minimum Capital to Risk Weighted Assets Ratio or Capital Adequacy Ratio (CAR) of 10%, or as shall be prescribed. Provided that the minimum capital level of a banking group shall not be below the minimum regulatory capital amount prescribed for covering credit, market and other risks to which it is exposed. 6.18 For consolidated supervision purposes, a banking group headquartered in Zimbabwe or where the Reserve Bank of Zimbabwe is the lead supervisor, should comply with the minimum capital adequacy requirement of 10%.

17 6.19 The individual banking subsidiaries with cross border operations are required to meet the stricter of the capital adequacy requirements in the jurisdictions they operate from. 6.20 The assessment of group-wide capital adequacy on a consolidated basis is required to obviate the phenomenon of double / multiple gearing of capital within a group – that is, the deployment of the same capital of the parent in several other legal entiies / subsidiaries (down streaming of capital). 6.21 The regulatory capital and risk weighted assets for regulated entities shall be as defined by the sectoral regulators and should be recognised in computation of group-wide CAR. 6.22 Where a member of the group is an unregulated entity, a proxy capital requirement shall be applied. The qualifying capital for unregulated entities comprises only of Tier 1 capital elements and is calculated as outlined below: Required capital: ((Total assets of unregulated entity + off-balance sheet activities) - exposures to group entities) x10 100 6.23 The group-wide risk-weighted assets (RWA) should be arrived at by adding the parent RWA to those of related entities. 6.24 The risk weighted on balance sheet and off-balance sheet items of the banking group shall be the sum total of the risk weighted on balance sheet and off-balance sheet items of the companies included in the group in respect of which risk weighting is applicable after deducting intra group items. 6.25 The solvency requirements for each different financial sector represented in a banking group shall be covered under capital elements in accordance with the corresponding sectoral rules. 6.26 The consolidated capital of a banking group shall be the sum total of the capital of individual companies included in the group adjusted in a manner determined by the Reserve Bank. 6.27 From the group wide regulatory capital arrived at, as per (6.26) above, the following deduction should be made, in equal proportion from the consolidated Tier 1 and Tier 2 capital of the group: • the parent financial institution (FI’s) investments in insurance subsidiaries (as consolidation of insurance subsidiaries in the CPR is not mandated); • accumulated losses and intangible assets, if any, of the parent FI as well as for subsidiaries; • the shortfall, if any, in the regulatory capital, as prescribed by the solo regulators, of the subsidiaries engaged in ‘financial activities’, (so as to address the risk of the parent FI being called upon to meet such capital shortfall); • shortfall, if any, in the regulatory capital in the unconsolidated entities (i.e. the entities which are not consolidated in the CPR but are engaged in the ‘financial activities’). The amount of shortfall to be deducted from group capital should be proportionate to the parent’s/group’s equity stake in such unconsolidated entity (ies);

18 • investments of the parent FI in entities engaged in ‘financial activities’ not exceeding 20% (as such investments are considered insignificant). 6.28 Capital for market and operational risks: in computation of consolidated group capital, the capital charge for market and operational risk prescribed for the banking institutions should also be taken into account. In case of unregulated entities in the group or where the sectoral supervisor has not prescribed any capital charge for market and operational risk for a related entity, the norms for capital charge for market and operational risk as applicable to the banking institutions shall be used as proxy for such related entities. 6.29 A banking group shall be responsible for monitoring the risks to which the group is exposed, as well as for maintaining the adequate level of capital, and ensure that the risks do not exceed the limits determined by the Banking Act, Banking Regulations, and Guidelines issued by the Reserve Bank. 6.30 To be considered adequate, the capital must: (a) support the volume and risk characteristics of all parent and subsidiary activities; (b) provide a sufficient cushion to absorb unanticipated losses arising from holding company and subsidiary activities; (c) support the level and composition of corporate and subsidiary borrowing; and (d) serve as a source of strength by providing an adequate base for the growth of risk assets and permitting entry into the capital markets as the need arises. Capital Measurement Techniques… 6.31 The Reserve Bank shall employ the techniques recommended by the Joint Forum for the assessment of capital adequacy of financial conglomerates and banking groups. The Joint Forum techniques, while analyzing capital from different perspectives, largely provide a similar conclusion regarding capital adequacy. 6.32 The Reserve Bank shall use, any one or a combination of these techniques, to identify and assess the nature of the risks assumed by the financial conglomerate and the potential weaknesses relevant to the structure of a particular financial conglomerate. The techniques are discussed hereunder. (a) Building Block Prudential Approach 6.33 The approach compares the fully consolidated capital of the financial conglomerate to the sum of the regulatory capital requirements for each group member. The regulatory capital requirements are based on those required by each group member’s supervisor or, in the case of unregulated entities, a comparable or notional capital proxy. (b) Risk-Based Aggregation 6.34 The approach is comparable to the building block approach but differs by tailoring its methodology to situations in which either fully consolidated financial statements are unavailable or intra-group exposures may not readily be netted out. This methodology is also suitable for circumstances in which the calculation

19 of regulatory capital is more easily derived from unconsolidated statements and where the exclusion of intra-group exposures may not be appropriate. 6.35 Risk-based aggregation involves the summation of solo capital requirements of the regulated group and surrogate capital amounts of unregulated companies and comparing the result with group capital. (c) Risk-Based Deduction Method 6.36 The method is similar to the risk-based aggregation method but focuses on the amount and transferability of capital available to the parent or elsewhere in the group. Essentially, this approach takes the balance sheet of each company within the group and looks through to the net assets of each related company, making use of unconsolidated regulatory data. 6.37 Under this method, the book value of each participation in a dependant company is replaced in the participating company’s balance sheet by the difference between the relevant share of the dependant’s capital surplus or deficit. Any holdings of the dependant company in other group companies are also treated in a similar manner. 6.38 However, any reciprocal interest, whether direct or indirect, of a dependant company in a participating company is assumed to have zero value and is therefore to be eliminated from the calculation. (d) Total Deduction method 6.39 The technique is based on the full deduction of the book value of all investments made by the parent in dependants. The Reserve Bank may also wish to deduct any capital shortfalls in those dependants from the parent’s own capital and may attribute a zero value, or in some cases a negative value, to the parent’s investments. The parent’s adjusted capital level is then compared with the parent’s solo regulatory capital requirement, assuming that the parent is a regulated entity. 6.40 The total deduction method implicitly assumes that no regulatory capital surpluses within dependants of the group would be available to support the parent’s capital or debt service and that there is no regulatory capital deficit. Again, this procedure is designed to evaluate the extent that double gearing might impair the capital adequacy of the parent and is not designed to evaluate the group-wide capital adequacy of the financial conglomerate. Banking Groups Not to Engage Double, Multiple or Excessive Gearing Practices... 6.41 No bank holding company shall engage in double or multiple gearing practices. 6.42 No bank holding company shall issue debt and downstream the proceeds in the form of equity or other elements of regulatory capital. 6.43 No bank holding company shall engage in double, multiple or excessive gearing through unregulated intermediate holding companies with participations in associates engaged in financial activities.

20 Risk Concentration… 6.44 Banking groups shall report at least quarterly, to the Reserve Bank any significant concentration risk. 6.45 In identifying risk concentrations, the Reserve Bank shall consider exposures against; (a) a client or groups of related clients (b) clients in a certain economic sector (c) directors, managers, shareholders of the group and their related parties. 6.46 Every banking group shall report to the Reserve Bank any exposures in relation to a client, group of clients, or group of related entities where the exposure to these entities is at least equal to 10% of the group’s capital base. Risk Management Processes… 6.47 Every banking group shall have in place adequate risk management processes and internal control mechanisms including sound administrative and accounting procedures. 6.48 The risk management processes shall at a minimum include: (a) sound governance and management; (b) adequate capital adequacy policies which take into account the impact of the business strategy on the risk profile of the group; and (c) adequate procedures to ensure that risk monitoring systems are well integrated into the organisation. 6.49 The internal control mechanisms shall at a minimum include: (a) adequate mechanisms as regards capital adequacy to identify and measure all material risks and to relate capital to the risk profile; (b) sound reporting systems and accounting procedures; (c) sound policies and procedures to identify, measure, monitor and control intra-group transactions and risk concentration; and (d) adequate liquidity management policies to ensure adequate liquidity in all entities within the group. Intra-Group Transactions… 6.50 Intra-group transactions, unless they have a commercial basis, shall be limited to exceptional situations, and the interest rates applied shall be on a market basis.

21 6.51 Every banking group shall report to the Reserve Bank, at least quarterly, all significant intra group transactions of regulated entities within the group. 6.52 An intra-group transaction shall be deemed to be significant if it exceeds 5% of the total amount of capital of the bank holding company. 6.53 The following types of transactions carried between entities within a group shall be deemed to be intra￾group transactions; (a) financial transactions such as credits, guarantees, sales of assets, commissions, investments in entities within the group; (b) commercial transactions such as cross sales (c) risk transfers such as reinsurance, securitisations (d) exchange of services and provision of support functions. Large Exposures… 6.54 The maximum amount of exposure which a banking group may incur towards a single counterparty shall be 25% of the group’s capital. 6.55 Every banking group shall report to the Reserve Bank, at least quarterly, all large exposures of 10% or more of the group’s capital. 6.56 In addition, the limit on large exposures in relation to the net capital base shall be limited to a maximum of 800%. Liquidity Management… 6.57 The existing liquidity requirements applicable to banks on a solo basis are also extended to consolidated supervision as well. 6.58 A banking group shall design an adequate contingency plan for its consolidated position in the currency in which it operates. Each banking subsidiary shall have a system that continuously measures its own liquidity, with appropriate mechanisms to meet ordinary and extraordinary needs for funds. 6.59 Each subsidiary of a Zimbabwean banking group operating across borders must be financially independent (financial autonomy) of the parent institution and of the other institutions in the group and, therefore, shall manage its own financing and liquidity autonomously. Focus on Core Banking Activities… 6.60 A banking group is required to concentrate on core banking business as stipulated in section 7 of the Banking Act. Where any banking group undertakes permissible ancillary activities with the prior approval of the Reserve Bank, the proportion in terms of balance sheet size of financial activities to the total

22 group balance sheet shall at all times be at least 70%. Similarly, the proportion of regulated financial activities to the balance sheet total of a mixed activity group shall be at least 70%. Exemptions from Quantitative Consolidated Supervision… 6.61 A bank, bank holding company, financial conglomerate, mixed activity group, or de-facto bank holding company may exclude an entity from Consolidated Supervision, subject to prior approval of the Registrar:- a) If the entity is situated in a jurisdiction where there are legal impediments regarding the transfer of necessary information; b) If the entity is of negligible interest with respect to the objectives of consolidated supervision, that is, for the purpose of this sub clause, assets of a subsidiary in which a bank has a participation which is below 1% of the parent or lead’s bank’s balance sheet; c) If several entities fulfil the condition for the exemption from consolidated supervision, that is 1% exclusion criteria, the sum of their balance sheets should not significantly influence the condition of the banking group; d) If the inclusion of the entity would be inappropriate or result in misleading conclusions regarding the financial position of that group; e) Insurance businesses and insurance brokers; f) Commercial, industrial and other non-financial entities and activities of mixed activity groups, and g) in cases defined by the International Financial Reporting Standards. 6.62 Provided that the Reserve Bank may order a bank that has subordinated non-financial parties to consolidate individual operations, groups of operations or perform consolidation of the financial condition and operations of these parties, regardless of their business, if it is necessary for the purpose of full and fair presentation of the financial condition and operations of the group.

23 7. QUALITATIVE CONSOLIDATED SUPERVISION 7.1 Qualitative Consolidated Approach would entail the collection, review and analysis of information for the purpose of assessing the financial position and strength of the group to which a bank belongs. This shall be carried out by liaising with the relevant industry supervisors. The major components of qualitative consolidation supervision include: a) Structure of the group and inherent risks; b) Fit and proper principles; c) Corporate Governance/Management oversight; d) Control Environment; e) Risk Management; and f) Information Sharing. Reporting on the Composition of a Consolidated Group… 7.2 Every consolidated group shall submit to the Reserve Bank, information about the composition of the group, with data on all its members and descriptions of relations among the members for the purpose of establishing whether a group is subject to consolidated financial reporting and to what extent. 7.3 Information on each member shall contain, at a minimum, (i) The group corporate structure (ii) Business line organisational chart (iii) Senior management / divisional heads (iv) Shareholder’s profile (v) Principal board and board committees (vi) Strategic plans (vii) Risk management structures (viii) Group capitalisation (ix) Group policies and procedures (x) Information Systems (xi) External Auditors

24 7.4 The information referred to above shall be submitted to the Reserve Bank on an annual basis by March 31 of each year, with information updated as at 31 December of the previous year, or more frequently upon the request of the Reserve Bank. 7.5 Provided that the leading bank is obliged to notify the Reserve Bank on any change in the composition of and/ or relations among the group members that are relevant for consolidated supervision, within 30 days of the occurrence of such change. 7.6 The Reserve Bank may require a bank holding company to prepare written information on the composition of the entire group in a form and within the time limits specified. 7.7 Some of the information required for Qualitative Consolidated Supervision is usually gathered by way of a Consolidated Supervision Questionnaire. A sample Consolidated Supervision Questionnaire is attached as an annexure to this Framework. 8. OVERALL RATING : RFI/(C)D ASSESSMENT 8.1 In terms of Consolidated Supervision, the RBZ uses, the RFI/C(D) rating system to assess the condition of the group. Each BHC is assigned a composite rating on the basis of the RFI/(C)D rating system; where; R is Risk Management, F stands for Financial Condition, I represents Impact of non-banking entities on the depository subsidiaries institutions, C is the Composite Rating, and D denotes a summary rating of banking institutions in the group. A suffix P is added to the rating of D to indicate the presence and number of problem banks, e.g. 2P. 8.2 The rating of each of the above-mentioned components, is based on a numerical or descriptive scale of “1” to “5”. Risk Management (R) … 8.3 The evaluation of risk management assesses the ability of a Bank Holding Company’s board and senior management’s to identify, monitor and control risk. 8.4 In line with the Risk-Based Supervision Framework, the following categories of risk shall be evaluated: strategic risk, credit risk, liquidity risk, interest rate risk, foreign exchange risk, operational risk, legal and compliance risk as well as reputation risk. The Risk Assessment System (RAS) shall apply. 8.5 The “R” rating underscores the importance of the control environment, taking into account the complexity of the organization and the risks inherent in its activities. 8.6 The rating is supported by four subcomponents, namely: a) board and senior management oversight; b) policies, procedures and limits; c) risk monitoring and Management Information Systems; and d) internal controls.

25 Financial Condition (F)… 8.7 The evaluation of the “F” component entails the consolidated organization’s financial strength. 8.8 It focuses on the ability of the BHC’s resources to support the level of risk associated with the BHC’s activities. 8.9 The subcomponents of “F” are: Capital Adequacy, Asset Quality, Earnings and Liquidity, or “CAEL” for short. The subcomponents may be evaluated on a sectoral basis, prior to consolidation, to take into account sectoral differences in standards. Impact (I)… 8.10 The Impact Component (I) denotes the potential impact of non-bank entities on banking entities. The evaluation of Impact includes an assessment of the degree to which current or potential issues within the non-banking entities present a threat to the safety and soundness of the subsidiary banking institution(s). 8.11 The evaluation also covers both the risk management practices and financial condition of the non￾banking entities; an analysis that will borrow heavily from the analysis of R and F components. The rating focuses on the aggregate not individual impact. 8.12 The descriptive definitions of the numerical ratings for “I” are different from those of the other components, and are as follows:

  1. low likelihood of significant negative impact;
  2. limited likelihood of significant negative impact;
  3. moderate likelihood of significant negative impact;
  4. considerable likelihood of significant negative impact; and
  5. high likelihood of significant negative impact. Depository Institutions (D)... 8.13 The Depository Institutions, (D) Component, is based on the weighted average CAMELS composite ratings of banking institutions. It stands outside the composite rating although risk management and financial factors are included in composite R and F ratings, which are then factored into the composite rating. A problem bank identifier is added, denoted by P, to identify the number of problem banks in a group (e g. 2P) Composite Rating (C)... 8.14 This represents the overall rating of the group taking into account the condition and perfomance on the other components.

26 9. REGULATORY COOPERATION 9.1 The Reserve Bank shall cooperate with other local and foreign regulatory authorities in order to facilitate effective consolidated supervision of financial institutions operating across sectors and across national borders. 9.2 The scope for regional cooperation shall be guided by international best practices including Basel Committee on Banking Supervision guidance on supervision of cross border operations. 9.3 Memoranda of Understanding (MoUs) may be entered into to formalise the information sharing and cooperation arrangements. 9.4 Information-sharing shall include contact during the authorisation and licensing process, in the supervision of the ongoing activities of such entities and in the handling of problem institutions. 9.5 The complexity of bank holding companies and their wide sectoral and/or geographic spread necessitate a coordinated approach to their supervision, by a lead supervisor. Appointment of a Lead Supervisor… 9.6 In order to ensure proper consolidated supervision of a bank holding company registered in Zimbabwe, there shall be a lead supervisor in or outside Zimbabwe, responsible for the coordination and exercise of consolidated supervision. 9.7 Where a bank holding company’s head office is situated in Zimbabwe, the lead supervisor shall be the Reserve Bank of Zimbabwe. 9.8 Where at least 50% of the operations of a bank holding company are in Zimbabwe, the lead supervisor shall be the Reserve Bank of Zimbabwe. 9.9 Where less than 50% of the bank holding company’s operations are in Zimbabwe and there are no significant operations of at least 10 % in any one country and by mutual consent the regulatory authorities agree that the Reserve Bank of Zimbabwe shall be the lead supervisor, the Reserve Bank shall be the lead supervisor. 9.10 Where the regulatory authority of the country in which a bank holding company’s head office is situate has no capacity to conduct consolidated supervision, the Reserve Bank may, by consent of the regulatory authorities involved, be the lead supervisor. Functions of the Lead Supervisor… 9.11 The functions of a lead supervisor shall include: (a) the coordination, gathering and dissemination of information to enable effective consolidated supervision of the bank holding company; (b) supervisory assessment of the financial condition of the bank holding company;

27 (c) assessment of compliance with minimum capital adequacy requirements, risk concentration limits and intra group transaction limits; (d) assessment of the bank holding company’s, organisational structure and internal control systems; (e) planning and coordination of supervisory activities including on-site and off-site examinations; and (f) any other supervisory activities the supervisory authority may deem necessary. Mutual Recognition / Equivalence … 9.12 Where there is mutual cooperation across boarders, the Reserve Bank shall assess the nature and extent of the supervision conducted by the other party so as to determine the extent of reliance that can be placed on that supervision. 9.13 An assessment of this nature would consider the other party’s legal and regulatory framework; powers to exercise global oversight; the scope and exercise of consolidated supervision. 9.14 It is noted that mutual equivalence is not about telling third country authorities that they must supervise in the same way as one jurisdiction does. The focus is on results. Thus, it should be recognized that different approaches can produce mutually satisfactory outcomes. Cooperation with other Supervisory Authorities …. 9.15 The Reserve Bank shall, as part of the consolidated supervision of banking groups, cooperate with, exchange and provide other supervisory authorities with information essential or relevant for the purposes of consolidated supervision. 9.16 Generally, areas of regional cooperation in conglomerate supervision may be spelt out in Memoranda of Understanding (MoUs). 9.17 Key issues covered in such MoUs are outlined hereunder. a. Identification of Lead Supervisor • Agree on Lead Supervisor for each financial conglomerate; • Agree on Lead Supervisor selection criteria for future use; • Determine responsibilities of Home or Lead Supervisor; • In some cases Home Supervisor may not necessarily be the Lead Supervisor. Issues of supervisory capacity and business concentration come into play; • Determine responsibilities of Host Supervisor; and • Disputes resolved on the basis of Home / Lead Supervisor laws or through arbitration. b. Capital adequacy • Different capital adequacy requirements in the respective countries; • Agree on qualifying capital components; • Group as a whole should meet the home supervisor’s requirements; • Subsidiaries abroad should at least meet host country’s requirements; and • As a general rule, financial conglomerates usually adopt the stricter standard if there are differences between home and host country requirements.

28 c. Management Information Systems • Reporting requirements; and • Adequate IT and Risk Management resources required to service all entities. d. Nature of non-banking business activities • Agree standards on nature of non-banking activities to be undertaken; • Specify acceptable and unacceptable non-bank activities; and • Need to have bank holding company legislation which limits non-banking operations. e. Information sharing • Same financial year for all subsidiaries of the group required; • Use one reputable auditing firm for all subsidiaries; • Financial results should be finalized in time; • Facilitate the synchronization of on-site inspections; • Material supervisory concerns should be shared; • Home-host country consultation at registration; • Consult on material changes in shareholding and business plans; • National secrecy laws should not hinder sharing of information; and • Need appropriate use of confidential information. f. Language • Agree on reporting language, in regions where there is more than one official language. g. Reporting currency and Exchange rate • Agree on reporting currency for consolidated report; and • Agree on exchange rate to be used for translation purposes, especially where the official rate may not reflect the fair value of assets. h. Anti-Money laundering • Active anti-money laundering policy to curtail improper cross-border transactions; and • Know Your Customer issues should be enforced across the region.

29 BANKING LICENSING, SUPERVISION & SURVEILLANCE CONSOLIDATED SUPERVISION QUESTIONNAIRE

30 INTRODUCTION The Reserve Bank of Zimbabwe has designed this questionnaire in order to evaluate, analyse and understand the groups to which banks and financial institutions belong. The responses to the questionnaire will provide the Reserve Bank with background information on the functioning of your group including the organisational and management structure and internal controls, and the unique risks facing the subsidiaries that are part of the group. In addition this will help identify conditions or issues that might require supervisory attention. Responses to the questionnaire will be considered in conjunction with a quantitative assessment of: • the overall importance of the various entities to the group; • overall capital levels in the group, and capital adequacy of individual institutions within the group; and • large exposures and related party transactions on a group and individual entity basis The qualitative and quantitative assessments will provide an indication of the overall level of risk and quality of risk management within the group, which will be used in determining the supervisory strategy for the group. The questionnaire covers: Organisational Structure, Corporate Governance, Risk Management and Management Oversight. Please provide us with copies of the relevant documents to support your responses, where appropriate. A. Historical background and general information Provide a brief history of the group, detailing incorporation dates, earlier names, mergers, and major events (e.g. listing of on stock exchanges). B. Shareholding

31 2). Please provide a list of all your shareholders and their % holdings, indicating the ultimate beneficiaries. C. Organisational Structure, Corporate Governance and Management Oversight

  1. Provide the group’s organisational chart, showing the holding company’s associates and subsidiaries (identifying % shareholding).
  2. Provide the group’s management structure.
  3. Provide the group’s business activities structure.
  4. Which legal entities are regulated and by whom? Which entities are unregulated? Who is responsible for coordinating regulatory relationships in the group and in each legal entity? Information on regulators of subsidiary institutions may be presented as follows:
  5. What roles and responsibilities does the group’s board of directors have? Outline the composition of the board indicating whether they are executive, non-executive or independent. Information on directors may be presented as follows:

32 6. Provide a list of all senior management and their responsibilities for the group and all the subsidiaries. This information may be presented as follows: 7. How is the group managed and controlled - on a global basis, on a regional, country or business line basis, or some combination of these? Provide details. 8. Which functions are undertaken centrally at group level? 9. What responsibilities do different types of managers (e.g. legal entity, corporate, business line, etc.) have within the holding company and how do these managers interact? Provide details relating to their reporting lines. 10. Provide an organisational chart(s) of the banking subsidiaries (both local and foreign) in the group showing all departments and divisions. Provide a list of all branches of your subsidiaries. Provide the geographic spread and size in terms of assets of the subsidiaries.

33 D. Capital Resources

  1. What is the group’s capital?
  2. What is the group’s capital allocation strategy?
  3. Where is capital held within the group (group level or subsidiary level)?
  4. What factors influence the allocation of capital across the group (e.g. regulatory factors, risk factors, etc.)?
  5. Indicate who is responsible for capitalizing the subsidiaries and associates.
  6. Describe and/or provide the capital retention, capital growth and dividend policies of the group.
  7. What management information reports are produced on capital-related issues?
  8. What are the restrictions to the movements of capital among your subsidiaries between domestic and/ or international establishments? E. Intra-group and Related Entity Transactions and Financial Exposures
  9. What is the nature of intra-group/related entity transactions or other arrangements used within the group (e.g. servicing agreements, back-to-back transactions, etc.)?
  10. What is the volume of intra-group/related entity transactions?
  11. What is the group’s overall strategy with respect to intra-group transactions and exposures? How are intra-group and related entity exposures and transactions monitored?
  12. What is the group’s policy on intra-group exposures? What is the group’s overall strategy with respect to intra-group transactions and exposures? How are intra-group and related entity exposures and transactions monitored?
  13. What types of management information reports are produced on intra-group and related entity transactions and exposures? How frequently are these reports produced? F. Risk Management Profile
  14. Provide the bank/group’s risk management policy.
  15. What are the group’s principal risks?
  16. How does the group identify, measure, monitor and control each type of risk (if applicable, indicate types of models, etc.)?
  17. Which risk management reports are available to senior management and the board of directors? How frequently are these reports produced (e.g. global reports, business line reports)?
  18. Are there elements of risk management that are implemented on a centralised or decentralised basis (e.g. centralisation of information capture, decentralisation of limit setting process)? Which risks are managed centrally by one legal entity? Indicate the entities concerned. What role do regional or geographic managers play in risk management?
  19. What risk control mechanisms does the group have in place? Who monitors the limits or other mechanisms?
  20. What are management’s plans with respect to stress testing, contingency planning and back testing? G. Liquidity Management
  21. Provide the group’s liquidity policy.
  22. Who is responsible for liquidity management at group and subsidiary level? Which elements of liquidity management are centralised (at head office) and which elements are conducted at the local or legal entity level?

34 3. Who is responsible for crisis and contingency funding planning? 4. Which reports are produced on liquidity risk and how frequently are these reports produced? H. Accounting systems and management information

  1. Provide the group’s accounting policy.
  2. What area(s) of the group is/are responsible for accounting issues?
  3. What are the responsibilities and reporting lines of this area?
  4. How are the results of using the accounting policies of different jurisdictions reconciled at group level?
  5. What types of management information reports are produced by the financial control function? What is the frequency of these reports?
  6. How is the financial control function managed (centrally, along geographic lines, business lines)?
  7. What mechanisms are in place to identify and correct internal control breaches, violations, and other issues of non-compliance?
  8. What is the financial year-end of your institution and/or group?
  9. Provide audited financial statements for the past three years, together with copies of the auditor’s management letters for your group.
  10. Provide audited financial statements for the previous year for your organisation/ group. I. Internal Audit
  11. Provide the group’s Internal Audit policy.
  12. What types of information, summaries and other reports (e.g., Board reports, senior management reports) are available on internal audits (e.g., performance reports, unresolved issues, etc.)?
  13. How is the internal audit function structured (centralized or decentralized)? What roles and responsibilities belong to the centralised element of the audit function, if there is one? What roles belong to decentralised units of the internal audit function, if any?
  14. To whom does the internal audit function report?
  15. Are there any aspects of the internal audit function that are outsourced? If so, from who are they outsourced?
  16. Please attach the latest internal audit reports for the group and its subsidiaries. J. External Audit
  17. Who are the external auditors for the whole group? Also indicate the external auditors of subsidiaries if they are different. Who is responsible for selecting the external auditor? What is the group’s selection criterion and how does the group ensure external auditor’s independence?
  18. What is the role of non-executive board members with respect to external audit?
  19. What are the responsibilities of the external auditors? Information on the external auditors may be presented as outlined in the table below:

35 K. Information Systems

  1. Provide ICT architecture currently supporting business operations showing, in schematic view, the application systems deployed and their interfaces. Give details of the current versions of all major systems.
  2. Provide the details of internal controls and security management systems in place to secure both hardware and software systems.
  3. Does the group have board/ management committees overseeing ICT issues? Attach the relevant committees’ terms of reference.
  4. Provide the group’s policies for General ICT Management, Information Security and Business Continuity Management.
  5. Does the group/ or any of its subsidiaries carry out formalised ICT risk assessments? Attach the latest ICT risk assessment report.
  6. Provide the group’s procedures for systems development, acquisitions and deployment and change management.
  7. Provide details of all major system vendors as well as contracts and service level agreements between the group/ subsidiary and the vendor.
  8. Does the group’s Internal Audit cover ICT activities? Attach the latest audit report.
  9. Provide the latest external audit report.

36

Share