Regulatory Alerts2024-04-16
Additional Note to Circular 89-2
The Bank of the Republic of Haiti issued an additional note to Circular 89-2 mandating that financial institutions submit their Annual Internal Control Report using the newly amended Annex II. This directive requires institutions to detail significant organizational changes, risk governance updates, and the operational status of internal control functions such as risk management, compliance, and internal audit. The regulation further specifies detailed reporting requirements for credit risk, concentration risk, and interest rate risk to ensure effective assessment of the institution's overall risk exposure.
Bank of the Republic of Haiti
The Governor
ADDITIONAL NOTE
CIRCULAR 89-2
To Financial Institutions
In the context of the application of Circular 89-2 on minimum internal control standards, the Bank of the Republic of Haiti (BRH) requests that subject financial institutions henceforth refer to the directives attached to this Note for the transmission of the Annual Internal Control Report (Circular 89-2: Amended Annex II).
This additional note forms an integral part of Circular 89-2 and enters into force upon its publication.
Port-au-Prince, March 27, 2024.
Ronald Gabriel
Circular 89-2: AMENDED ANNEX II
ANNUAL INTERNAL CONTROL REPORT
Financial institutions are required to submit an annual internal control report.
- The report must be prepared according to the plan defined below.
- The plan must be adapted as necessary to take into account any specificities related to the activities carried out or to the structure and organization of the institution.
- The report must be drafted synthetically, highlighting significant changes that occurred during the fiscal year, prioritizing descriptions in the form of diagrams and tables where possible, and avoiding the inclusion of information of purely internal interest.
- It is the responsibility of each institution to supplement the elements mentioned with any other information that allows for an assessment of the functioning of its internal control system and an evaluation of the risks to which it is exposed.
- Sections that the institution considers not applicable to it must be indicated as "not applicable."
- Institutions subject to consolidated supervision must report in the appropriate sections the conditions under which internal control is ensured at the group level and the main risks to which the group is globally exposed.
The report complements and contextualizes the responses to the internal control and risk management questionnaire, which must also be transmitted by financial institutions, supporting them with precise information to assess effective compliance with the regulatory requirements defined by the BRH, and, beyond that, to evaluate the importance of the overall risk incurred by each institution and which it may expose the financial system to.
TABLE OF CONTENTS
1. Operational Framework of the Institution
Indicate, if applicable, significant changes that occurred in the organization and operating conditions of the institution during the fiscal year under review.
1.1. Organization and Staffing
1.1.1. Significant changes made to the institution's organization
1.1.2. Replacement of members of the management committee and heads of internal control and compliance functions
1.1.3. Evolution of the institution's staffing
To be presented according to the following model:
| Number, in full-time equivalents | 09/30/n-2 | 09/30/n-1 | 09/30/n |
|---|---|---|---|
| Senior Management | |||
| Middle Management | |||
| Employees | |||
| Contractual Staff | |||
| Service Staff | |||
| TOTAL |
1.2. Activities Carried Out
1.2.1. Exercise of new activities
1.2.2. Changes made to the conditions for carrying out previous activities
1.2.3. Operational modes (logistical infrastructure, product and service distribution channels, communication channels, IT systems, operational processes, etc.)
1.2.4. Revision of operational modes in operation
1.2.5. Implementation of new operational modes
1.2.6. Significant projects currently underway
1.3. Remuneration Policy
1.3.1. Changes made to the remuneration policy
1.3.2. Modification of criteria used to measure performance and adjust remuneration to risk
1.4. Risk Governance and Internal Control System
Presentation, if applicable, of changes made to the risk governance framework and internal control system:
1.4.1. At the Board of Directors level:
Definition and monitoring of risk appetite policy
Steering and supervision of the institution's risks and internal control system, and if applicable, the group's
1.4.2. At the General Management and Management Committee level
Methods for risk monitoring and management by General Management
Methods for informing executives of significant incidents and anomalies identified by the heads of the various internal control functions.
1.4.3. Specialized Control Committees
| Designation | Chairmanship (name and status) | Number of members | External Members to the Institution | Number of meetings |
|---|---|---|---|---|
| Audit Committee or Single Committee | ||||
| Risk Management Committee | ||||
| Nomination Committee | ||||
| Remuneration Committee |
1.5. Risk Mapping
1.5.1. Revision or update of the risk mapping during the fiscal year
1.5.2. Summary table of risk mapping results
To be presented on the following model (in number of processes identified in the mapping):
| Domain | Number of processes mapped | Inherent Risk Level | Residual Risk Level |
|---|---|---|---|
| Low | Moderate | ||
| ... |
2. Organization, Resources, and Evolution of the Internal Control System
2.1. Organization of the Internal Control System, Missions, and Scope of Intervention of Dedicated Units
2.1.1. Presentation/recall of the general organization of the internal control system
2.1.2. Organizational chart of units in charge of the various internal control functions
2.2. Identity and Contact Details of Heads
To be presented according to the following model:
| Function | Head | Reporting Line | Telephone Coordinates | |
|---|---|---|---|---|
| Risk Management | ||||
| Compliance | ||||
| Internal Audit |
2.3. Staff Dedicated to Various Functions (Evolution and Situation):
To be presented according to the following model:
| Number, in full-time equivalents | 09/30/n-2 | 09/30/n-1 | 09/30/n |
|---|---|---|---|
| Risk Management | |||
| Compliance | |||
| Internal Audit | |||
| TOTAL |
2.4. Changes Made to the Internal Control Device During the Fiscal Year
2.4.1. Changes made to the risk management function
2.4.2. Changes made to the compliance function
2.4.3. Changes made to the periodic control device
2.5. Internal Control Device Within the Institution's Group of Affiliation (if applicable)
2.5.1. Schematic description of the institution's control of risk management and compliance functions of its subsidiaries
2.5.2. Dates, duration, and objects of missions carried out by internal audit
of the institution on its subsidiaries;
of the parent institution of the institution on itself.
3. Synthetic Presentation of the Activity and Results of Internal Control Functions
3.1. Activity Report of the Risk Management Function
Controls performed, main findings, significant dysfunctions identified
3.2. Activity Report of the Compliance and AML/CFT Function
3.3. Activity Report of Internal Audit
3.3.1. Assessment of the implementation of the annual audit plan
Rate of plan implementation
Explanation of the implementation rate
3.3.2. List of missions carried out
To be presented according to the following model:
| Object | Affected Units | Dates of Implementation | Report Date | Main Deficiencies Identified |
|---|---|---|---|---|
3.3.3. Follow-up on internal audit and external audit recommendations
To be presented according to the following model (in number):
| Status of Implementation of Audit Recommendations | Recommendations pending as of 09/30/n-1 | New Recommendations of the Fiscal Year | Recommendations Settled During the Fiscal Year | Recommendations Pending as of 09/30/n |
|---|---|---|---|---|
| Total | ||||
| Of which High Risk |
4. Credit Risk
4.1. Changes Made to Credit Risk Management During the Fiscal Year
4.2. Credit Granting Device
4.2.1. Table of powers of delegation in matters of credit
Commitment limits based on amount, object, characteristics of the credit, guarantees, identity of the applicant, etc.
4.2.2. Effective Respect of Control Procedures for Decision-Making Rules
Indicate if any significant incidents or breaches of instruction and decision rules regarding credits were recorded during the fiscal year.
4.3. Credit Portfolio Management
4.3.1. Assessment of portfolio management conditions
4.3.2. Existence and Respect of Rules for Evaluation and Periodic Re-evaluation of Guarantees and Collateral
4.4. Process for Handling Credit Incidents
4.4.1. Exceeding Authorized Limits
Indicate if any exceedances of authorized limits were observed, and, if so, present the main recorded exceedances in a table according to the following model:
| Date of Occurrence | Counterparty | Related or Not | Amount of Commitments at Date | Amount of Exceedance | Causes of Exceedance | Date of Regularization |
|---|---|---|---|---|---|---|
4.4.2. Credit Restructurings
Describe schematically the decision-making process
4.4.3. Downgrading and Provisioning of Defaulted Claims
Describe schematically the decision-making process
4.5. Audits Conducted on Credit Activities
4.5.1. Author, object, and dates of audits conducted during the fiscal year concerning credit risk
4.5.2. Main Deficiencies Identified
5. Concentration Risk
5.1. Risk Concentration by Counterparty
5.1.1. Changes made to processes and tools for determining and monitoring counterparty risk concentration
5.1.2. Internal Limits for Risk Concentration
Non-related
Related
5.1.3. Respect of Concentration Limits
Indicate if any exceedances of concentration limits were observed, and, if so, present the main recorded exceedances in a table according to the following model:
| Date of Occurrence | Counterparty | Related or Not | Amount of Commitments at Date | Amount of Exceedance | Causes of Exceedance | Date of Regularization |
|---|---|---|---|---|---|---|
5.2. Sectoral Risk Concentration
5.2.1. Changes made to processes and tools for determining and monitoring risk concentration by business sector
5.2.2. Internal Limits for Sectoral Risk Concentration
5.2.3. Respect of Sectoral Risk Concentration Limits
Indicate if any exceedances of sectoral concentration limits were observed, and, if so, present the main recorded exceedances in a table according to the following model:
| Date of Occurrence | Business Sector | Amount of Commitments at Date | Amount of Exceedance | Causes of Exceedance | Date of Regularization |
|---|---|---|---|---|---|
6. Interest Rate Risk
6.1. General Framework for Interest Rate Risk Management
Presentation of the interest rate risk management strategy and the bodies responsible for its definition and monitoring of its execution (composition, frequency of review)
6.2. Changes Made to Interest Rate Risk Management During the Fiscal Year
6.3. Device for Measuring and Monitoring Overall Interest Rate Risk
Description of tools and methodologies for measuring and controlling overall interest rate risk
Presentation of the content of reporting on interest rate risk to governance bodies and the committee responsible for risk management