New Zealand: Detailed Assessment of Observance of Basel Core Principles for Effective Banking Supervision

© 2017 International Monetary Fund IMF Country Report No. 17/120 NEW ZEALAND FINANCIAL SECTOR ASSESSMENT PROGRAM DETAILED ASSESSMENT OF OBSERVANCE— BASEL CORE PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION This Detailed Assessment of Observance of the Basel Core Principles for Effective Banking Supervision on New Zealand was prepared by a staff team of the International Monetary Fund as background documentation for the periodic consultation with the member country. It is based on the information available at the time it was completed in May 2017. Copies of this report are available to the public from International Monetary Fund  Publication Services PO Box 92780  Washington, D.C. 20090 Telephone: (202) 623-7430  Fax: (202) 623-7201 E-mail: publications@imf.org Web: http://www.imf.org Price: $18.00 per printed copy International Monetary Fund Washington, D.C. May 2017

NEW ZEALAND FINANCIAL SECTOR ASSESSMENT PROGRAM DETAILED ASSESSMENT OF OBSERVANCE BASEL CORE PRINCIPLES FOR EFFECTIVE BANKING SUPERVISION Prepared by Monetary and Capital Markets Department This Detailed Assessment Report was prepared by Antonio Pancorbo (IMF staff) and Jose Tuya (IMF external expert) in the context of an IMF Financial Sector Assessment Program (FSAP) mission in New Zealand during August and September 2016, led by Alejandro López Mejía, IMF and overseen by the Monetary and Capital Markets Department, IMF. Further information on the FSAP program can be found at http://www.imf.org/external/np/fsap/fssa.aspx May 2017

NEW ZEALAND 2 INTERNATIONAL MONETARY FUND CONTENTS Glossary ____________________________________________________________________________________________ 3 SUMMARY ASSESSMENT_________________________________________________________________________ 5 INTRODUCTION __________________________________________________________________________________ 7 INSTITUTIONAL AND MARKET STRUCTURE ____________________________________________________ 9 PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION __________________________________ 10 A. Sound and Sustainable Macroeconomic Policies ______________________________________________ 10 B. Framework for Financial Stability Policy Formulation __________________________________________ 10 C. A Well-Developed Public Infrastructure _______________________________________________________ 11 D. Framework for Crisis Management, Recovery, and Resolution ________________________________ 12 E. Public Safety Net ______________________________________________________________________________ 13 F. Effective Market Discipline _____________________________________________________________________ 14 MAIN FINDINGS ________________________________________________________________________________ 15 A. Responsibilities, Objectives, Powers, Independence, and Cooperation (CPs 1–3, and 13) _____ 15 B. Methods of Ongoing Supervision (CPs 8–10, and 12) _________________________________________ 16 C. Corrective and Sanctioning Powers of Supervisors (CP11) ____________________________________ 18 D. Corporate Governance (CP14) ________________________________________________________________ 19 E. Prudential Requirements, Regulatory Framework, Accounting, and Disclosure (CPs 15–29) __ 19 DETAILED ASSESSMENT ________________________________________________________________________ 21 SUMMARY COMPLIANCE WITH THE BASEL CORE PRINCIPLES _____________________________ 211 RECOMMENDED ACTIONS AND AUTHORITIES COMMENTS _______________________________ 216 A. Recommended Actions _______________________________________________________________________ 216 B. Authorities’ Response to the Assessment ____________________________________________________ 219 TABLES

1. Detailed Assessment __________________________________________________________________________ 22
2. Summary Compliance with the Basel Core Principles_________________________________________ 211
3. Recommended Actions _______________________________________________________________________ 216

NEW ZEALAND INTERNATIONAL MONETARY FUND 3 Glossary AML/CFT Anti-money laundering and countering the financing of terrorism APRA Australian Prudential Regulation Authority AR Act Auditor Regulation Act 2011 AT1 Additional Tier 1 (capital) BNE Banks, NBDT, and Enforcement BPO Banks, Payments, and AML Oversight BS1 Statement of principles – bank registration and supervision BS10 Review of suitability of bank directors and senior managers BS11 Outsourcing policy BS12 Guidelines on a bank’s internal capital adequacy assessment (ICAAP) BS13 Liquidity policy BS13A Liquidity policy annex: liquid assets BS14 Corporate governance BS15 Significant acquisitions policy BS16 Application requirements for capital recognition or repayment and notification requirements in respect of capital BS17 Open Bank Resolution (OBR) pre-positioning requirements policy BS18 Registration of covered bonds: process and information requirements BS19 Framework for restrictions on high-LVR residential mortgage lending BS2A Capital adequacy framework (standardized approach) BS2B Capital adequacy framework (internal models based approach) BS3 Application for status as a registered bank: material to be provided to the RBNZ BS4 Audit obligations BS5 Guidelines on AML/CFT BS6 Market risk guidance notes BS7 Registered bank disclosure regime – overview of Orders-in-Council BS7A Registered bank disclosure regime – explanatory information on Orders-in-Council BS8 Connected exposures policy BS9 Application for consent to acquire or increase significant influence over a registered bank; material to be provided to the RBNZ BSG Banking steering group CET1 Common Equity Tier 1 CFR Core funding ratio CoFR Council of Financial Regulators EMEAP Executives’ Meeting of East Asia-Pacific (central banks) FMA Financial Markets Authority FMD Financial Markets Department FMI Financial market infrastructure(s) FSG Financial Services Group FSIS Financial Sector Information System

NEW ZEALAND 4 INTERNATIONAL MONETARY FUND FSO Financial System Oversight (Committee) (RBNZ) FSR Financial Stability Report GFC Global Financial Crisis IPSA Insurance (Prudential Supervision) Act 2010 IRD Inland Revenue Department ISA (NZ) New Zealand equivalent of international standards on auditing LVR Loan-to-value ratio MBIE Ministry of Business, Innovation, and Employment MBOR Monthly banking oversight report MFC Macro Financial Committee (RBNZ) MFD Macro Financial Department (RBNZ) MoF Minister of Finance MoU Memorandum of Understanding NBDT Nonbank deposit-taker NZ IAS New Zealand equivalent of international accounting standards NZ IFRS New Zealand equivalent of international financial reporting standards OBR Open Bank Resolution OiC Orders-in-Council PRESS Proportionate Risk Evaluation Surveillance System PSD Prudential Supervision Department (RBNZ) RBNZ Act Reserve Bank of New Zealand Act 1989 RIA Regulatory impact assessment RRP Recovery and resolution plans TTBC Trans-Tasman Banking Council UBO Ultimate beneficial owners XRB External Reporting Board (accounting and auditing, and assurance standards in New Zealand)

NEW ZEALAND INTERNATIONAL MONETARY FUND 5 SUMMARY ASSESSMENT

1. The supervisory approach of the Reserve Bank of New Zealand (RBNZ) reflects the characteristics of the local banking industry and the authorities’ goal to limit moral hazard by relying on market discipline and not offering deposit insurance. Banks offer traditional products, in a highly concentrated market, dominated by four subsidiaries of the four largest Australian banking groups. The RBNZ approach relies on three pillars: market discipline, based on public disclosure; self-discipline, based on bank directors’ attestations of public information; and regulatory discipline, based on a simple and conservative regulatory framework, off-site monitoring, and disciplinary actions. It also relies on synergies with the Australian Prudential Regulation Authority (APRA) home-country supervision of Australian banks’ operations in New Zealand. In practice, though, the RBNZ approach is in conflict with the Basel Core Principles for Effective Supervision (BCP) requirements, which expect granular regulatory guidance and on-site independent verification work by the supervisor.1 The RBNZ aims to strengthen supervision while retaining its current approach.
2. Since the last FSAP, the RBNZ has increased attention to strengthening regulatory discipline. For example, the RBNZ has adopted the new Basel capital framework, issued supervisory guidance and increased regulatory reporting. In 2016, the RBNZ began the final stage of a multi￾year upgrade of its supervisory non-public statistical and prudential reporting from banks. The supervisory policies published are, for the most part, related to “conditions of registration” and, thus, enforceable. The RBNZ has performed off-site thematic reviews to profile banks’ risk management in areas of concern, such as dairy and real estate. An off-site process (PRESS) is in place that rates banks based on their risk profile and their systemic impact. An AML/CFT supervision process has been implemented.
3. The effectiveness of the current approach to supervision is limited by the heavy weight placed by RBNZ on market discipline as compared to regulatory discipline (and to intensive supervision in particular). A defining feature of RBNZ’s approach is the absence of independent testing of prudential returns and risk management practices for prudential purposes. In particular, the RBNZ avoids detailed on-site inspections, either by its own staff or external experts, concerned that this would weaken bankers’ incentives to ensure robust controls.2 The RBNZ needs to re-evaluate whether the lack of a more intensive approach, including an increased on-site program, may undermine market and self-discipline. In addition, the current approach makes it difficult for supervisors to develop expertise on bank operations, hampering the effectiveness of their analysis and policy development.

1 “On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on supervisory concerns, etc.” (BCBS: BCP standard, page 30). 2 The only exception is in the case of AML/CFT supervision, where an on-site program is in place.

NEW ZEALAND 6 INTERNATIONAL MONETARY FUND 4. The assessors were very impressed with the quality and competence of the RBNZ staff; however, insufficient resources are a serious impediment to achieve compliance in-substance with the BCP. RBNZ staff’s competence and professionalism is recognized by the banking industry and facilitated this assessment. The quality of their self-assessment was testament to this. However, the RBNZ’s staff operate under resource constraints and a mere reallocation would not be enough, even if the current low-intensity approach is retained. Strengthening the regulatory discipline pillar will require a reassessment of resources and technical capacity. To continue enhancing the supervisory process, an increase in staffing is required to a level that would at least enable the RBNZ to develop an on-site program that tests the foundation of the three pillar approach, to deepen the analysis that supports the PRESS ratings, and to issue supervisory guidelines that promote preventive actions. In addition, the remaining recommendations in Table 3 should be considered when reassessing supervisory resources reflecting a balance between risk and efficiency costs. 5. The self-discipline pillar relies on directors’ attestations to the fact that the bank has adequate risk management systems in place. However, the RBNZ has issued limited guidance as to what constitutes adequate risk management. The vacuum created by the RBNZ not stating its expectations on adequate risk management is likely filled by foreign banks basing their attestations on home-country supervisors’ standards. For domestic-owned banks, it is likely that each may be following standards adopted from different sources. The RBNZ is very familiar with the Australian standards, but for the next tier of foreign-owned banks (as well as for the tier of domestic-owned banks) it would need to review standards on-site. Not issuing standards may result in an uneven playing field as some banks may be following stricter standards than others, thus diminishing the value of disclosures as directors are attesting to different standards. 6. An effective self-discipline regime needs to be supported by a well-developed regulatory framework and swift enforcement when banks violate the rules. The RBNZ has broad enforcement powers, but the lack of regulatory benchmarks mentioned before and the high legal threshold for issuing directions (orders) make swift enforcement less likely. To issue directions under section 113(1)(e) of the RBNZ Act when a bank is conducting business in a non-prudent manner the consent of the Minister of Finance (MoF) is required. Demonstrating imprudent behavior based on, for example, inadequate risk management or insufficiently developed risk appetite statements, is made difficult by the lack of supervisory standards. As a result, the RBNZ’s enforcement is currently based primarily on breaches that have already occurred and is not preventive. 7. Recommended actions in this report seek to improve compliance with the BCP, and enhance the effectiveness of the RBNZ three-pillar approach. Key recommended actions as developed in this report, include: (i) amending section 78 of the RBNZ Act to make compliance with RBNZ-issued supervisory policy evidence of prudent banking; (ii) issuing supervisory policy documents as warranted (for example on credit risk); (iii) carrying out targeted on-site programs (directly or through external experts) to verify regulatory reports, risk management, and the quality of credit exposures; (iv) enhancing proactive cooperation within the trans-Tasman agreements to support cross-border synergies in supervision; (v) considering options to facilitate the taking of

NEW ZEALAND INTERNATIONAL MONETARY FUND 7 enforcement action based on supervisory judgment; and (vi) improving analysis to support PRESS ratings by retaining work papers to document determinations on adequacy of risk mitigants. 8. While the New Zealand banking sector was relatively unscathed during the global financial crisis (GFC), several factors not necessarily related to bank supervision contributed to the maintenance of financial stability. Among other factors, banking business models in New Zealand are simple and the parent banks of the large subsidiaries were in a position to support their New Zealand operations and were subjected to an effective and intensive home-country supervision.3 While some of these factors still pertain, it is important to implement effective supervision proportionate to national circumstances as a line of defense against systemic risk. INTRODUCTION 9. This assessment of the implementation of the BCP by the RBNZ is part of the Financial Sector Assessment Program (FSAP) undertaken by the International Monetary Fund (IMF) in 2016. The assessment team visited the cities of Wellington and Auckland in New Zealand, as well as Sydney and Melbourne in Australia. The assessment is based on the regulatory and supervisory framework in place at the time of this visit. 10. The current assessment was against the standard issued by the Basel Committee on Banking Supervision (BCBS) in 2012.4 Since the previous assessment, conducted in 2003, the BCP standard has been revised twice, and reflects the international consensus for minimum standards based on global experience. The view is that supervision should be based on a process involving well-defined requirements, supervisory on-site and off-site determination of compliance with requirements and risk assessments, and a strong program of enforcement and corrective action and sanctions. The 2012 revision placed increased emphasis on corporate governance, on supervisors conducting sufficient reviews to determine compliance with regulatory requirements, and on thoroughly understanding the risk profile of banks and the banking system. 11. The primary goal of a BCP assessment is not to apply “grades,” but rather to focus authorities on areas needing attention. The assessment is expected to help the authorities plan a strategy to enhance the banking supervisory system, within the parameters of their approach. 12. The scope of the assessment is RBNZ supervision of the registered banks. Other financial industries supervised by the RBNZ are not covered in this assessment. In addition, the assessment is not intended either to represent an analysis of the state of the banking sector, the macroprudential policy framework, or crisis management framework, which are addressed in dedicated technical notes of this FSAP.

3 In addition, unexpected funding-liquidity risks that materialized for the New Zealand banking system, given a relative reliance on wholesale funding, were contained by unprecedented emergency liquidity facilities and support provided by the RBNZ. 4 Basel Committee on Banking Supervision: Basel Core Principles for Effective Banking Supervision, May 2012: http://www.bis.org/publ/bcbs230.pdf.

NEW ZEALAND 8 INTERNATIONAL MONETARY FUND 13. Since the last FSAP and the GFC, the RBNZ has increased attention to regulatory discipline, following international standards in substance:  Banking Supervision (BS) policy documents have been issued stating supervisory expectations for a number of risks.  Basel III capital standards have been adopted subject to certain qualifications, and are continuously under revision within a solid conceptual framework.  Theme days and thematic reviews5 are employed for horizontal reviews of emerging risks.  The off-site analytical process (PRESS) was implemented producing risk ratings for the banks.  RBNZ’s supervisory responsibilities under the AML/CFT Act are effectively implemented. 14. The assessment was conducted taking into account the unique characteristics of the New Zealand banking industry. The banking market is highly concentrated and dominated by large Australian subsidiaries. Enhanced formal and informal cooperation arrangements with APRA reflect the unique codependence of the two banking systems and are aimed at providing substantial synergies in support of the RBNZ fulfilling its prudential responsibilities. There is one large state-owned bank and the rest are small banks, both foreign and domestic-owned. The supervisory approach for those institutions differs from that for the larger banks, but although small, they can still pose reputation risk for the RBNZ. 15. The assessment was conducted taking into account the RBNZ approach to supervision which rests on three disciplinary pillars: market, self, and regulatory discipline.6 In addition, the RBNZ’s supervisory strategy does not explicitly aim to achieve full compliance with the BCPs – the RBNZ implements international standards where they deemed appropriate for New Zealand conditions. Against this backdrop, the purpose of the exercise was to assess the effectiveness of New Zealand’s banking supervisory systems and practices against the 29 Principles. The Core Principles are neutral with regard to different approaches to supervision, so long as the overriding goals set by each Principle are achieved. The Core Principles are also a framework of minimum standards for sound supervisory practices which are considered universally applicable, and are mainly intended as a common benchmark to assess the quality of supervisory systems and to provide input into a country’s reform agenda. Normally a country is considered compliant with a Principle when all the assessment criteria are met without any significant deficiencies. However, a country can also demonstrate that the Principle has been achieved by other means.

5 Thematic (horizontal) reviews and theme days (deep dive) involve requesting additional information to analyze the “theme” risks. 6 For a historical overview of the RBNZ’s approach to prudential supervision, including the evolution of the three pillars, see: Chris Hunt (2016) “A short history of prudential regulation and supervision at the Reserve Bank”, Reserve Bank of New Zealand Bulletin, 79(14), August.

NEW ZEALAND INTERNATIONAL MONETARY FUND 9 16. The mission held extensive meetings with RBNZ officials, as well as the Treasury, the Financial Markets Authority (FMA), APRA, the industry, and relevant third parties who generously shared their views. The assessors would like to acknowledge the very high quality of cooperation received from the authorities. In particular, the team extends its thanks to RBNZ staff who provided a very comprehensive, high-quality self-assessment, and who responded promptly and comprehensively during the mission to the extensive information requests from the team. INSTITUTIONAL AND MARKET STRUCTURE 17. The RBNZ is responsible for the prudential regulation and supervision of registered banks and insurers, regulation of NBDTs, the oversight of the payment system (and settlement systems jointly with the FMA), and AML/CFT supervision for banks, NBDTs and life insurers. The RBNZ is responsible under the RBNZ Act for promoting the maintenance of a sound and efficient financial system, formulating monetary policy, providing settlement services and issuing currency. The RBNZ is also responsible under the Insurance (Prudential Supervision) Act 2010 for the supervision of insurers carrying on business in New Zealand. In 2013, the legal framework for RBNZ’s licensing and regulation of NBDT institutions (deposit-taking finance companies, building societies, and credit unions) was completed. The RBNZ acts as lender of last resort and exercises crisis management powers. Some crisis management powers and the power to make regulations are exercised together with the MoF and the Governor-General acting on recommendation from the RBNZ. In 2013 the RBNZ introduced a framework for macroprudential policy vis-à-vis the banking sector under its existing objectives and powers. 18. The financial sector in New Zealand is dominated by banks, which own about 77 percent of total financial assets. While the importance of nonbank lending institutions has declined since 2006 and now represents 2 percent of financial assets, managed funds are growing. The GFC had a mild negative impact on the New Zealand banking sector, but a significant number of finance companies had difficulties over 2006-2010 and were put into receivership. While liquidity pressures arising from the GFC were the trigger for closures in some cases, failures were caused well before then, mainly by problems with asset quality, connected lending, and credit management. 19. The banking sector, which focuses its activities on lending to the domestic private sector, appears to be sound, is highly concentrated, and dominated by four Australian subsidiaries. The sector seems to be well capitalized and to have sufficient liquid assets, the quality of assets is high, and profitability has remained stable over the last 10 years. Nevertheless, while foreign funding has declined since the GFC, it still accounts for 19 percent of banks’ liabilities. As of October 2015, over 80 percent of banks’ liabilities (including deposits and minus equity) had a maturity of below one year, and 65 percent was on demand or with maturity of less than 3 months. The system is concentrated on the four large Australian subsidiaries, whose share of total banking sector assets was 83 percent as at June 2016. The four subsidiaries are significant to their parents as well (about 15 percent of group earnings and total assets on average). The “Big Four” have increased their profitability indicators over recent years.

NEW ZEALAND 10 INTERNATIONAL MONETARY FUND 20. The financial sector is relatively dependent on wholesale funding, including foreign currency funding sourced from offshore markets. The main liquidity risk facing New Zealand banks has traditionally been a reliance on offshore wholesale market funding relative to domestic deposits. Rollover liquidity risk from a reliance on short-term funding has been partly mitigated by the introduction of the minimum core funding ratio (CFR) in 2010. Banks have also reduced their reliance on non-NZD funding to below 20 percent of total liabilities. As New Zealand’s banks looking for offshore funding use mostly the primary market, funding liquidity on global markets is relatively more important than market liquidity. Yet, heightened volatility in global financial markets may contribute to a pick-up in wholesale funding spreads, raising banks’ funding cost. PRECONDITIONS FOR EFFECTIVE BANKING SUPERVISION A. Sound and Sustainable Macroeconomic Policies7 21. New Zealand is a small open economy, underpinned by strong policy frameworks. New Zealand’s modern economy benefits from a strong commitment to open-market policies that facilitate vibrant flows of trade and investment. Transparent and efficient regulations are applied evenly in most cases, encouraging dynamic entrepreneurial activity in the private sector. 22. The fiscal and monetary policy authorities are independently responsible for their respective areas of policy. The Treasury is responsible for maintaining a stable and sustainable macroeconomic environment, and fiscal policy is one of its main tools. It includes reducing total debt to prudent levels so as to provide a buffer against future shocks, and prudently managing fiscal risks.8 The government is required to present each year a short-term Budget Policy Statement and a longer-term Fiscal Strategy Report. In addition, the Treasury is required to publish, at least every 4 years, a Statement of the Long Term Fiscal Position—identifying how structural changes may impact the fiscal position over a 40-year horizon. The RBNZ, for its part, is responsible for ensuring price stability as defined by the Policy Targets Agreement signed between the MoF and the Governor. The RBNZ is operationally independent regarding monetary policy formulation and implementation through the Official Cash Rate. The RBNZ Act also enables the Governor-General, on the advice of the MoF, to direct the RBNZ to formulate and implement monetary policy for any economic objective, other than ensuring price stability, for a period not exceeding 12 months. B. Framework for Financial Stability Policy Formulation 23. The RBNZ has independent decision-making power vis-à-vis macroprudential policies empowered by the RBNZ Act. A MoU signed in May 2013 outlines the governance arrangements

7 Further information can be found in IMF’s macroeconomic surveillance reports. For example, Article IV consultations: http://www.imf.org/external/pubs/cat/longres.aspx?sk=43678.0. 8 See: http://www.Treasury.govt.nz/government/fiscalstrategy.

NEW ZEALAND INTERNATIONAL MONETARY FUND 11 for the use of macroprudential tools. The RBNZ is required to keep the MoF and the Treasury regularly informed of its views on emerging risks to the financial system. The RBNZ must also consult with both parties at the point where macroprudential intervention is being considered. Under the RBNZ Act (section 165A), the RBNZ is required to report in the semi-annual FSR on the soundness and efficiency of the financial system and on the policies and activities the RBNZ has taken to achieve its statutory purposes, including that of promoting a sound financial system. This includes an assessment of the key judgements that led to decisions on whether or not to adjust policy settings to achieve the objective of a sound financial system. 24. During the 2008–09 crisis a new committee was established, the Macro-Financial Committee (MFC), to focus explicitly on macrofinancial stability issues. In addition, the RBNZ has dedicated more resources to macrofinancial surveillance and to the new area of macroprudential policy. In 2013 a new department was established—the Macro-Financial Department (MFD)—comprising teams tasked with financial system monitoring and risk assessment, and macroprudential policy development and implementation. 25. The New Zealand Council of Financial Regulators (CoFR) comprises agencies involved in financial system regulation and supervision. The members are the RBNZ, FMA, Ministry of Business, Innovation, and Employment (MBIE), and the Treasury. It meets quarterly and discusses important issues and trends in the financial system and shares information among member agencies in order to achieve a coordinated response to issues that may require cross-agency involvement. The committee is alternately chaired by the RBNZ Governor and CEO of FMA. There is a subcommittee of CoFR – the Banking Forum – which meets to discuss ongoing and upcoming regulatory matters pertaining to registered banks. The Banking Forum includes the four CoFR members and other relevant government agencies such as the Inland Revenue Department and the Ministry of Justice. C. A Well-Developed Public Infrastructure 26. New Zealand ranks in the 97–100th percentile of all countries for the World Bank key indicators of governance.9 They are Voice and Accountability, Political Stability and Lack of Violence, Government Effectiveness, Regulatory Quality, Rule of Law, and Control of Corruption. While all six indicators are important settings for financial stability and other regulatory purposes, government effectiveness, regulatory quality and the rule of law are particularly important. In this regard New Zealand has:  An adaptable and responsive legislature able to maintain ongoing law reform.  Quality laws relating to business organization, business and personal insolvency, personal and real property registration and transfer, and consumer protection.  An independent judiciary of high standing.

9 See http://info.worldbank.org/governance/wgi/pdf/c168.pdf

NEW ZEALAND 12 INTERNATIONAL MONETARY FUND  Institutions responsible for and able to administer and enforce market conduct and competition law (FMA and the Commerce Commission).  Strong independent professions (legal, accounting and actuarial) and adherence to international and professional standards (IFRS, actuarial standards etc.).  Support for freedom of contract, property rights and the rights of the individual and protection from arbitrary action by the government, consistent with a developed economy.  A well-developed corporate and commercial law. 27. An important precondition for effective banking supervision is the willingness to act. As is well-established IMF policy,10 a positive assessment of the supervisor’s ability to act—based on its resources, authority, organization, constructive working relationships, and as evidenced by actions taken to impose corrective action—is not sufficient to ensure effective supervision. This must be complemented by the “will” to act in order to take timely and effective preventive actions in normal times, and corrective actions in times of stress. Developing this “will to act” requires a clear and unambiguous supervisory mandate, operational independence coupled with supervisory accountability and transparency, skilled staff, and an arm’s-length relationship with the industry that avoids “regulatory capture.” The Principle by Principle assessment reflects on the supervisor’s “ability to act” and the conditions needed for their “will to act.” However, effective supervision also requires as a catalyst a political will that cannot be measured nor evaluated externally. D. Framework for Crisis Management, Recovery, and Resolution11 28. The prudential regime provides a number of triggers under which the RBNZ may apply failure resolution or crisis management powers. The RBNZ, for example, can issue a direction to a bank (following consent from the MoF) to take action to address a breach of prudential regulations. The RBNZ may also recommend to the MoF that a failing bank be placed under statutory management if the affairs of the bank are being conducted in a manner prejudicial to the soundness of the financial system. To the extent that the motivation for recommending statutory management is linked to an expectation that the bank in question is about to fail, then this recommendation may be tied to an explicit stabilization option – Open Bank Resolution (OBR) as discussed below. 29. OBR presents an option for the MoF between liquidation and bail-out of the failing bank. Under OBR, a failing bank is closed overnight, placed into statutory management, and subsequently reopened with a proportion of creditor funds frozen to cover anticipated losses remaining once shareholders’ interests have been extinguished, and with a government guarantee covering all current and future liabilities of the bank, save in respect of those liabilities that remain frozen. It ensures ongoing provision of liquidity to the financial system and continuity of critical

10 Jose Viñals, et al., (2010) The Making of Good Supervision: Learning to Say No, IMF Staff Position Note 10/08: http://www.imf.org/external/pubs/ft/spn/2010/spn1008.pdf. 11 See further the accompanying Technical Note on Contingency Planning and Crisis Management Framework.

NEW ZEALAND INTERNATIONAL MONETARY FUND 13 services, while imposing losses on shareholders and creditors. The intent is to apply losses in line with the legal ranking of claims, and a public guarantee would be provided to prevent against bank runs. The public guarantee would cover all unfrozen balances and future obligations entered into by the statutory manager against further loss. Technical implementation of the policy was achieved in 2013. Banks have now pre-positioned their IT and other systems to enable them to effect the freezing of a portion of the transaction accounts of their customers and to then reopen and carry on business on the following business day. E. Public Safety Net 30. The RBNZ has a statutory lender-of-last-resort role. The RBNZ may also lend to individual banks, given that it has the rights and powers of a natural person (section 5 of the RBNZ Act). To mitigate liquidity risks, the RBNZ introduced a prudential liquidity policy in 2010 designed to encourage banks to self-insure against funding-liquidity risks. The Australian parents could previously provide contingent funding to the New Zealand subsidiaries (under APRA’s APS 222) up to 50 percent of the parent’s Tier 1 capital. APRA has since tightened its prudential requirements relating to related party exposures to the New Zealand subsidiary banks. The Australian banks are required to reduce their non-equity exposures to 5 percent of Tier 1 parent capital. In addition, New Zealand banks are required to set up contingent funding arrangements that are secured by instruments that are exempt from resolution actions in New Zealand (such as covered bonds). Covered bonds (which may be issued up to 10 percent of the banking group’s total assets) were introduced to help manage and diversify funding liquidity in difficult financial market conditions. Banks started issuing covered bonds in 2010 due to difficult market conditions. 31. There is no ex ante depositor protection scheme (insurance) in New Zealand. This reflects both current government policy and the RBNZ’s long-standing view that the emphasis should be on reducing the moral hazard attached to regulation and any public perception of the government backstopping all or part of the financial system (implicit guarantee). The prudential framework employed by the RBNZ emphasizes the role of self and market discipline in supporting financial system outcomes and also provides for regulation in areas where self and market discipline are inadequate. In addition, the RBNZ considers that deposit insurance is challenging in a highly concentrated system. It is also not well suited to dealing with systemic failures. 32. However, a temporary opt-in retail deposit scheme was introduced in 2008 in order to give assurance to New Zealand depositors (of registered banks and nonbank deposit-taking entities (NBDT)) in light of global financial market instability. Initially for two years, the scheme was subsequently extended until December 2011. At the scheme’s conclusion, the government considered the costs and benefits of a more permanent form of depositor protection. On balance, the government concluded that a permanent scheme would have modest benefits, at best, which would be outweighed by the costs given the institutional settings in place (notably the introduction of OBR). The government plans on considering again the merits of an explicit depositor protection scheme (in conjunction with crisis governance) in due course.

NEW ZEALAND 14 INTERNATIONAL MONETARY FUND F. Effective Market Discipline 33. The regulatory and commercial environment in New Zealand supports market discipline in a number of ways. The shareholders of New Zealand corporations are listed on the Register of Companies. There is a framework for mergers, takeovers and acquisitions that provides measures to protect shareholder interests and provide legal certainty around the effect of these transactions. Shareholders’ interests are also protected by a variety of other mechanisms. Corporate governance arrangements for companies are set out in the Companies Act 1993. These include the role and responsibility of the Board, the rights of shareholders, a solvency test for making distributions to shareholders and incurring debts, and the conduct of annual and special general meetings. The Companies Act also requires that the number of staff being paid over NZD 100,000 p.a. is disclosed in bands of NZD 10,000 in companies’ annual reports. 34. The RBNZ is committed to bank disclosure, and there are no restrictions on the ability to move deposits and other investments from bank to bank. Disclosure contributes to market discipline. However, there is more to market discipline than bank public disclosure.12 Public disclosure is a necessary condition for market discipline, but not sufficient to ensure it. Efforts for public disclose are to little avail if the “costs” of becoming financially educated and analyzing public disclosure outweigh the “benefits” of internalizing such information. Depositors and creditors can use general expectations of government intervention to protect them from losses as “decision￾making shortcuts” for their investment relations with banks, instead of undergoing the “costs” of understanding banks’ public disclosure and becoming financially educated. The 2004 BCP assessment already mentioned that “disclosure statements do not appear to be widely used at the retail level.” Anecdotal evidence suggests that this might also be the case today. 35. The effectiveness of market discipline in the New Zealand banking sector is similar to that in the other advanced economies. Large maturity mismatches make banks’ financial structures extremely fragile worldwide, threatening massive losses and the disruption of financial services to the broad economy. To protect the economy from systemic risks, governments provide public safety nets. To break a systemic crisis, there is commonly no other option than to call on public resources. This is more so in the context of welfare state systems. Recent experience in New Zealand with the public policy response to the GFC and the crisis of the finance companies may well illustrate the case.13 For free-market processes to operate in an unfettered way in the banking industry and play a beneficial disciplinary role, all sorts of implicit and explicit public safety nets would need to be dismantled, and socially and economically critical payments and settlement systems should be able to continue their operations despite a bank failure. Otherwise, market discipline in the banking industry has to be complemented by, and often replaced by, effective regulatory discipline.

12 Market discipline in general can be understood as the disciplinary force exercised by market participants and geared towards providing a competitive environment, removing bad performers, and promoting good ones. The main driver of effective market discipline is the personal assumption of profits and losses as a consequence of free exchanges. 13 To learn more about the finance companies crisis, see, for example: House of Representatives. New Zealand Parliament: “Inquiry into finance company failures.” October 11, 2011.

NEW ZEALAND INTERNATIONAL MONETARY FUND 15 36. The RBNZ is committed to provide regulatory discipline as part of its three-pillar approach to support and complement market and self-discipline, recognizing the inherent limits of these two pillars to promote the maintenance of a sound and efficient financial system. The RBNZ has been endowed with legal powers and public resources to deliver the public service of “regulatory discipline” to promote a sound and efficient financial system and avoid significant damage to the financial system that could result from the failure of a financial institution under its supervision. The delivery of effective regulatory discipline requires the identification of bank-specific and system-wide vulnerabilities through verification work and forward-looking analysis; the enforcement of the legal and regulatory framework; timely preventive and corrective actions; and the trigger of the resolution process and contribution to it where so established.14 MAIN FINDINGS A. Responsibilities, Objectives, Powers, Independence, and Cooperation (CPs 1–3, and 13) 37. While the responsibilities of RBNZ as banking supervisor are defined in law, there are ambiguities at an operational level. The statutory objectives of the RBNZ are broadly defined as “promoting the maintenance of a sound and efficient financial system; or avoiding significant damage to the financial system that could result from the failure of a registered bank.” Broad definitions of concepts such as “sound and efficient financial system,” “significant damage,” or a focus on “systemic implications” only, have allowed the RBNZ to develop over time a particular hands-off supervisory philosophy that departs from conventional, more resource-intensive supervisory practices.15 For example, the current approach has limited appetite for independent verification of supervisory returns and first-hand knowledge of the soundness and risk management of individual banks. The supervisory objectives have to be clarified at an operational level. Towards this end, the RBNZ is currently defining its risk appetite framework, which will reinforce the RBNZ’s statutory objectives by translating them into practical outcomes, and clarify how supervision has to be conducted in practice. 38. RBNZ staff are highly qualified, but numbers are clearly insufficient to conduct effective supervision, even if on-site work was conducted by external experts under RBNZ prudential mandates and guidance. Insufficient resources are a serious impediment to developing an effective and intrusive supervisory approach carefully tailored to the characteristics of New Zealand’s banking industry and bearing in mind potential synergies stemming from the trans-Tasman agreements. The RBNZ should reassess the adequacy of the resources assigned to its banking supervisory function. This will make it possible to address the recommendations of this assessment that are oriented toward strengthening the supervisory process, enhancing knowledge

14 Cfr. BCBS (2015), Report on the impact and accountability of banking supervision, page 12. 15 The MoF’s letter of expectations for the RBNZ Board, of April 22, 2016, will help clarify how the objectives of soundness and efficiency are promoted and balanced, and to judge performance with respect to RBNZ’s functions. See https://www.beehive.govt.nz/release/english-releases-rb-board-letter-expectations.

NEW ZEALAND 16 INTERNATIONAL MONETARY FUND and risk assessment of supervised entities, facilitating early action and preparedness for crisis management, and allowing staff to analyze broader themes relevant for financial stability. 39. While coordination and collaboration with the government is defined in law and supported by a memorandum of understanding (MoU), boundaries between areas of responsibility may need to be further clarified in practice. The Act provides the RBNZ with powers to operate at arm’s length from the government and MoF, subject to control functions and checks and balances embedded in the legislation. However, the role of the Treasury as adviser to the Minister in relation to the RBNZ’s primary responsibility for prudential supervision, as governed by an MoU signed in 2012, creates ambiguities in practice with regard to the respective roles of the RBNZ and Treasury that need to be clarified. In addition, the authorities may wish to consider aligning the RBNZ Act with the Insurance (Prudential Supervision) Act (IPSA) and NBDT Act by removing the role of the Minister in issuing directions (as discussed below regarding CP11). At the moment, lack of clarity on roles and attributions have mostly manifested in deficiencies in effective coordination on policy advice. However, ambiguities have the potential to lead to undue delays in issuing prudential regulations or government interference in prudential issues, if RBNZ technical expertise on prudential matters is not clearly recognized. 40. Strengthening the collaboration with APRA will support the reliance of the RBNZ on synergies from home-country supervision. The RBNZ has a unique and close home-host relationship with APRA, which reflects the heightened co-dependence between the financial systems of Australia and New Zealand. This is underpinned in legislation and further given effect through bilateral MoUs and the Trans-Tasman Banking Council (TTBC), set up in 2005.16 That said, arrangements for cooperation and collaboration could be used proactively to further serve RBNZ’s and APRA’s joint interests as well as helping each to achieve their own objectives in a cost-effective manner for the supervisors and the industry. For example, RBNZ could seek proactive engagement during the on-site visits conducted by APRA, in order to gain knowledge of, and confidence in, the home supervisory approach and the techniques that are central to APRA’s supervisory model.17 Building sound cross-border relationships takes time and will prepare both supervisors for an effective coordination in times of stress. The need for a more coordinated approach by the two supervisors was a widely-held view among the stakeholders who met with the assessors. B. Methods of Ongoing Supervision (CPs 8–10, and 12) 41. The New Zealand banking system has some unique characteristics which have influenced the supervisory process followed by the RBNZ. The largest four banks are subsidiaries of Australian banks and individually represent a significant investment and earnings source to the parents. As a result, the home-country supervisor (APRA) maintains robust monitoring of the subsidiaries as part of their consolidated supervision. Accordingly, a strong home-host relationship

16 See “Terms of reference for the TTBC”: http://www.rbnz.govt.nz/regulation-and￾supervision/banks/relationships/terms-of-reference-for-the-trans-tasman-council-on-banking-supervision. 17 Specific areas where collaborative work can be explored may include governance, risk assessments, underwriting standards, execution of common tasks, and crisis preparedness.

NEW ZEALAND INTERNATIONAL MONETARY FUND 17 has been established between APRA and the RBNZ, providing the RBNZ with sufficient information to develop a high level of comfort on the regulatory standards met by the Australian banks and their financial condition. In this context, the RBNZ is able to tailor their supervision-by-risk to reflect their higher risk tolerance, and not incorporate some supervisory standards considered essential in the BCPs. 42. Ongoing supervision by the RBNZ is based on the three pillars of market, self and regulatory discipline. Market discipline is accomplished through public disclosure and publication of financial information. The main elements of self-discipline are corporate governance, particularly the RBNZ requirement that bank directors attest in the published financial statements that risk management systems “are in place to monitor and control adequately all material risks of the banking group.” Regulatory discipline has increased since the 2004 BCP assessment with the issuance of supervisory rules and guidelines in areas viewed as significant by the RBNZ. These areas include but are not limited to: capital (Basel II and III), liquidity, outsourcing, related party lending, and corporate governance. In addition, to support regulatory discipline, an off-site financial analysis system (PRESS) has been put in place to identify, measure, and monitor risk areas and arrive at a risk rating for registered banks. 43. The RBNZ follows a non-intrusive approach to supervision. In particular, guidelines and regulations avoid establishing hard limits or prescriptiveness in most areas, and detailed on-site inspections are not conducted. It is the supervisory philosophy of the RBNZ that the banks’ management and directors are in the best position to design risk management systems and establish limits based on the risk appetite and capital available to support those risks. Through off-site reviews of risk appetite statements, financial information, reports submitted to bank management, and on-site visits to meet with bank management and directors, conclusions are drawn about the reliability of directors’ attestations and compliance with RBNZ guidelines. 44. The guidance issued by the RBNZ does not sufficiently communicate its expectations on the elements it considers necessary in management systems to monitor and adequately control material risks. Therefore, directors’ attestations may be based on differing benchmarks and expectations. It is likely that foreign-owned banks are filling the vacuum left by the lack of RBNZ guidelines with their home country supervisors’ guidelines and requirements. For the locally-owned and incorporated banks, the vacuum may be filled from various sources. Without its own detailed review of individual banks’ operations, the RBNZ is, in essence, relying on the adequacy of home country standards for the foreign-owned banks. For the locally-owned banks, testing of attestations through bank-specific reviews is required to determine the adequacy of standards being followed. 45. The RBNZ does not conduct inspections, and on-site interaction with banks takes the form of prudential meetings and primarily focus on the 10 largest banks. The meetings provide an opportunity to discuss results of supervisory analyses and other issues that may have been identified by the RBNZ. Thematic visits have also been conducted to review systemic issues in deeper detail. The scope of the thematic visits does not include direct access by supervisors to bank records or files, with the review relying on increased information requests and questionnaires. The RBNZ participates as an observer during on-site inspections by APRA. Overall, the lack of first-hand

NEW ZEALAND 18 INTERNATIONAL MONETARY FUND independent verification of prudential returns and assessment of banks’ risk management practices prevents the RBNZ from having a thorough understanding of the banks. 46. The Proportionate Risk Evaluation Surveillance System (PRESS) serves as the risk assessment tool for measuring and monitoring risks. The PRESS process incorporates 10 risk areas and adds a systemic impact factor to arrive at an aggregate numerical rating for the bank, reflecting its risk profile and systemic impact. Macroeconomic factors and stress testing results (conducted by RBNZ or individual banks) add a forward looking aspect to PRESS. Information reviewed includes bank internal reports and, increasingly, information from regulatory reports. Although some forward looking elements may be included, the ratings are primarily results-oriented. The analysis conducted to support the ratings is not well documented and is based primarily on banks’ internal risk reporting. 47. The RBNZ does not conduct effective consolidated supervision. The supervisory approach, risk and prudential reporting requirements, and monitoring and analysis are based on the registered bank’s banking group as defined in conditions of registration. The conditions of registration allow supervision to be conducted on a subconsolidated basis, i.e., to focus on the registered bank and its subsidiaries. The wider banking group or conglomerate would not be supervised. Nevertheless, the corporate structures of New Zealand banking groups are simple and there are no material foreign operations of New Zealand incorporated banks. The four banking groups with more complex structures are large Australian banking groups supervised by APRA. Attention to consolidated supervision is focused on the assessment of “parent support” as a PRESS risk factor, as well as maintaining good communication with the insurance supervisory function of the RBNZ and FMA. The RBNZ has the ability to change its approach to consolidated supervision if the risk profile of the banking groups changes. 48. Ownership, licensing, and structure (CPs 4–7) are not areas of particular concern at the time of this assessment. Registration by the RBNZ is what constitutes a bank, and not what business an entity carries on. This situation may have created lack of clarity in the past as many other entities were carrying on bank-like activities such as accepting deposits. But since 2013, all NBDTs are licensed by the RBNZ. Their supervision is entrusted to their private sector trustee companies based on RBNZ sectoral regulations. Transfer of significant ownership happens very infrequently in New Zealand, because ownership of most of the registered banks is concentrated in single banking groups, and because of the small number of institutions. Major acquisitions were not a significant activity at the time of the assessment. C. Corrective and Sanctioning Powers of Supervisors (CP11) 49. The RBNZ has broad powers for imposing corrective action or sanctions, but issuance of directions requires the prior consent of the MoF. Under section 113 of the RBNZ Act, with the consent of the MoF, the RBNZ may issue directions requiring banks to take corrective action, remove or replace directors, auditors, or management and cease any unsafe business activity. Directions may be imposed to correct violations, but also to address actions not considered prudent

NEW ZEALAND INTERNATIONAL MONETARY FUND 19 by the RBNZ. Enforcement powers have been recently used to require disclosure re-publication, impose additional conditions of registration or to require additional reporting. 50. The RBNZ has issued limited guidance establishing a framework for identifying banking activities and practices considered unsound and not prudent. The lack of a detailed regulatory framework supporting supervisory judgment makes issuance of preventive directions more difficult. Directions may be issued when the bank or associated persons are conducting business in a manner prejudicial to the soundness of the financial system, or the business of the bank is not being conducted in a prudent manner. The threshold to issue a direction is high and the lack of supervisory guidance on what constitutes prudent banking (other than the broad description in section 78) makes use of supervisory judgment more difficult. Additionally, even bank-specific directions not having systemic implications require the prior consent of the MoF. 51. Although largely untested, the enforcement (directions) process may result in the RBNZ being reactive with its corrective action. Use of supervisory judgment is enhanced when the supervisor has issued enforceable guidelines on risk management processes. Also, the requirement that the Minister consent to bank-specific directions (section 113(1)(e)) may impose additional burdens and reduce the timeliness of enforcement actions. D. Corporate Governance (CP14) 52. Although not enforceable by the RBNZ, the Companies Act of 1993 establishes requirements on corporate governance and the RBNZ has issued prudential requirements (Document BS14) providing additional guidance to banks. BS14 incorporates fit-and-proper principles from the Basel Committee’s 2010 paper: Principles for enhancing corporate governance. BS14 also addresses Board composition and the inclusion of independent directors. Although BS14 refers to the Basel paper, only areas directly linked to conditions of registration are enforceable. 53. The RBNZ monitors compliance through off-site reviews, but the scope is not sufficiently detailed to meet the BCP standard. Supervisory activities do not include determining the level of engagement by boards and their oversight of senior management, nor does it include a review of governance structures, management selection, remuneration decisions and whether the Board adequately communicates corporate culture or establishes a strong control environment. E. Prudential Requirements, Regulatory Framework, Accounting, and Disclosure (CPs 15–29) 54. The RBNZ does not impose direct requirements on banks to have comprehensive risk management policies and processes, except in the areas of capital adequacy and liquidity. The RBNZ relies on the required attestation provided by directors with every financial statement disclosure that: “the bank had systems in place to monitor and control adequately the material risks of the banking group, including credit risk, interest risk, currency risk, equity risk, liquidity risk, operational risk, and other business risk, and that those systems are being properly applied.”

NEW ZEALAND 20 INTERNATIONAL MONETARY FUND Accuracy of the disclosure is tested off-site by the RBNZ through report analysis and by on-site interviews with bank management. 55. Liquidity policy (BS13) requires banks to comply with a number of quantitative and qualitative standards. The policy establishes a number of quantitative measures based on balance sheet ratios and cash flows to arrive at one-week and one-month percentages of liquidity outflow to total funding. Also computed is a one-year CFR, required to be not less than 75 percent. The results of the liquidity requirements yield broadly similar results as application of Basel III. 56. Connected (Related) Party Exposures Policy (Document BS8) establishes requirements on related party transactions, including limits and transactions being on market terms. The policy establishes an aggregate limit on all related party exposures of 125 percent of Tier-one capital and 15 percent on aggregate nonbank related party exposures, by condition of registration. The aggregate limit on net exposures (under robust bilateral netting agreements) is set according to the bank’s rating, with a maximum of 75 percent of Tier 1 capital. The policy does not require that transactions with related parties and their write-off receive prior Board approval, and the definitions do not cover all types of related party that are required by Principle 20. Compliance is monitored off-site, but information is aggregated and is not adequate to monitor related party lending risk. 57. The RBNZ seeks to follow the Basel guidance for capital adequacy to the extent that the guidance is appropriate for New Zealand (BS2 A and B). The RBNZ has implemented the Basel II Internal Models Based Approach (BS2B: four banks are accredited to use the IRB approach) and Standardized approaches (BS2A). The RBNZ takes a simple and conservative approach to capital adequacy. The main conceptual divergence from the Basel framework is the implementation of the leverage ratio, which the RBNZ has not considered at this stage, and is kept under review in light of other countries’ experiences. Other departures from the Basel framework (such as, Pillar 2, Pillar 3, SIFI surcharges) can be considered examples of regulatory policy decisions tailored to national circumstances. The capital framework is currently under review. 58. New Zealand’s legal framework ensures that the financial statements of every bank are prepared in accordance with New Zealand equivalents to internationally recognized accounting standards (NZ IFRSs). The financial statements are audited by a qualified external auditor in accordance with auditing standards applicable in New Zealand that are equivalent to internationally recognized auditing standards (ISAs).18 The RBNZ relies on the external auditing process and director attestations to determine for prudential reasons whether banks use valuation practices consistent with IFRSs. The RBNZ routinely meets with the external auditor of the 10 largest locally incorporated banks. However, these meetings do not cover valuation practices, an area specifically trusted to external auditors. Other areas of supervisory responsibility delegated to external auditors are normally not covered in these meetings either.

18 Please see IFRS country profile in the IASB website: http://www.ifrs.org/Use-around-the￾world/Documents/Jurisdiction-profiles/New-Zealand-IFRS-Profile.pdf

NEW ZEALAND INTERNATIONAL MONETARY FUND 21 DETAILED ASSESSMENT 59. The assessment has made use of five categories to determine compliance: compliant, largely compliant, materially noncompliant, noncompliant, and non-applicable. An assessment of “compliant” is given when all the essential and additional criteria are met without any significant deficiencies, including instances where the principle has been achieved by other means. A “largely compliant” assessment is given when only minor shortcomings are observed that do not raise any concerns about the authority’s ability and clear intent to achieve full compliance with the principle within a prescribed period of time. The assessment “largely compliant” can be used when the system does not meet all essential criteria, but the overall effectiveness is sufficiently good, and no material risks are left unaddressed. A principle is considered to be “materially noncompliant” if there are severe shortcomings, despite the existence of formal rules and procedures, and there is evidence that supervision has clearly been ineffective or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. A principle is assessed “noncompliant” if it is not substantially implemented, several essential criteria are not complied with, or supervision is manifestly ineffective. Finally, a category of “non-applicable” is reserved for those cases that the criteria would not relate the country’s circumstances. 60. The RBNZ has opted to be assessed and graded against both essential and additional criteria. Nonetheless, grading is not an exact science and the Core Principles can be met in different ways. The assessment criteria should not be seen as a checklist approach to compliance but as a qualitative exercise. Compliance with some criteria may be more critical for effectiveness of supervision, depending on the situation and circumstances in a given jurisdiction. Hence, the number of criteria complied with is not always an indication of the overall compliance rating for any given Principle. Emphasis should be placed on the commentary that should accompany each Principle grading, rather than on the grading itself. 61. Table 1 below provides a detailed principle-by-principle assessment of the BCP. The Table is structured as follows:  The “description and findings” sections provide information on the legal and regulatory framework, and evidence of implementation and enforcement.  The “assessment” sections contain only one line, stating whether the system is “compliant,” “largely compliant,” “materially non-compliant,” “non-compliant” or “not applicable” as described above.  The “comments” sections explain why a particular grading is given. These sections are judgmental and also reflect the assessment team’s views regarding strengths and areas for further improvement in each principle. Since, the primary goal of the exercise is to identify areas that would benefit from additional attention, emphasis should be placed on the comments that accompany each principle, rather than on the individual grades mentioned before.

NEW ZEALAND 22 INTERNATIONAL MONETARY FUND Table 1. New Zealand—Detailed Assessment A. Supervisory Powers, Responsibilities, and Functions Principle 1 Responsibilities, objectives, and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorize banks, conduct ongoing supervision, address compliance with laws, and undertake timely corrective actions to address safety and soundness concerns. Essential criteria EC1 The responsibilities and objectives of each of the authorities involved in banking supervision are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. Description and findings re EC1 The RBNZ is the single prudential regulator in New Zealand, as established by the RBNZ Act. Specifically, section 1A establishes that the RBNZ has amongst its responsibilities “promoting the maintenance of a sound and efficient financial system.” This overarching purpose encapsulates responsibility for banking supervision, for which the specific objectives and functions are defined in Part 5 of the Act. The Treasury provides advice to the MoF on the effects of prudential regulation and supervision where this impacts on the wider economy or the fiscal budget. The Treasury’s roles were defined through the 2007 Review of Financial Products and Providers Cabinet paper and the 2012 MoU between the RBNZ and Treasury. These roles have not been included in legislation at this point and the MoU and 2007 Cabinet paper have not been made public. In addition, the 2012 MoU has the potential to produce areas of ambiguity as discussed in CP2 and CP3. Authorities clarified that where the RBNZ is the independent decision-maker on an issue, Treasury’s role means providing advice on the impact of decisions taken by the RBNZ on broader government objectives, to inform the Minister’s views on the RBNZ’s performance and the potential use of the Minister’s powers under the RBNZ Act. This is the case for all supervisory decisions, and decisions to impose, amend, or revoke prudential requirements (with the exception of public disclosure requirements). In addition, where the MoF has a decision-making role (either by being responsible for making the decision, or being required to consent to or approve a decision of the RBNZ before it can proceed), most actions, such as the use of statutory management, must first be triggered by the RBNZ, normally under the RBNZ Act. In these situations, the two organizations would provide advice in line with their respective mandates. The two organizations will seek to provide consistent advice on a best endeavors basis, but conflicting advice is possible in the event of a divergence of views.

NEW ZEALAND INTERNATIONAL MONETARY FUND 23 The FMA supervises the market conduct of banks for certain purposes, in particular: disclosure for offers of ‘complex’ financial products to retail investors; and licensing for the purposes of providing certain types of financial services (for example, providing financial advice and acting as a derivatives dealer). There is no legislative framework in place to avoid regulatory and supervisory gaps between the RBNZ and FMA. However, the two agencies have entered into a formal memorandum of understanding (MoU) which is published on their respective websites. The CoFR meets quarterly and is attended by senior representatives of the RBNZ, FMA, Treasury, and MBIE. The CoFR is intended for information sharing and has no decision-making powers. The Banking Forum is a subcommittee of CoFR that deals with banking related matters. The four members of CoFR are full members of the banking forum, and the Ministry of Justice and Inland Revenue Department (IRD) are associated members. EC2 The primary objective of banking supervision is to promote the safety and soundness of banks and the banking system. If the banking supervisor is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. Description and findings re EC2 The objectives of the RBNZ as the prudential regulator of banks, reflected in the purposes for which it must exercise its powers under Part 5 of the RBNZ Act, are “to promote the maintenance of a sound and efficient financial system, or avoiding significant damage to the financial system that could result from the failure of a registered bank.” There are no operational definitions of the terms: “efficient financial system” or “significant damage to the financial system.” In all, the RBNZ’s primary objective is aligned with the general objective of banking supervision set up in EC2. However, there is in practice some lack of clarity at an operational level, even if it can be concluded that the RBNZ aims at conventional outcomes from its supervisory activities—i.e., identification of bank-specific and system-wide vulnerabilities through verification work and forward-looking analysis; escalation of findings to the supervisory decision-making bodies; enforcement of the legal and regulatory framework; timely preventive and corrective actions; and contributing to resolution processes when needed. The Prudential Supervision Department (PSD) has recently initiated work on a risk appetite framework to focus its prudential supervisory activities across the sectors it regulates, i.e., banking, insurance, NBDTs, and financial market infrastructures (FMIs). The risk appetite framework will be a key internal document to help translate the RBNZ’s overall supervisory philosophy in a more rigorous way into practical supervisory behaviors and outcomes. It will also clarify how PSD conducts supervision in practice. The framework is intended to be an extension of the RBNZ’s existing Enterprise Risk Management framework. The framework will inform RBNZ’s supervisory strategy in each situation and illustrate the degree of tolerance/intolerance it is expected to have for each key risk; both in terms of external institutional/system outcomes and internal supervisory

NEW ZEALAND 24 INTERNATIONAL MONETARY FUND behaviors. The risk appetite framework will also help refresh the RBNZ’s approach to enforcement, on which it intends to produce a strategy by the end of the year. In addition to prudential regulation, the RBNZ is responsible for macroprudential policy, the objective of which is to increase the resilience of the domestic financial system and counter instability in the domestic financial system arising from credit, asset price, or liquidity shocks. Macroprudential policy is implemented through the same legal framework as prudential policy (i.e., Part 5 of the RBNZ Act), and individual banks’ compliance with specific macroprudential policy requirements is monitored by prudential supervisors. Macroprudential requirements generally overlay existing prudential requirements. While the RBNZ does also have a broader range of functions (e.g., formulation and implementation of monetary policy, market operations, lender of last resort, and issuing currency) these do not seem to conflict with the RBNZ’s objectives as prudential regulator. EC3 Laws and regulations provide a framework for the supervisor to set and enforce minimum prudential standards for banks and banking groups. The supervisor has the power to increase the prudential requirements for individual banks and banking groups based on their risk profile19 and systemic importance.20 Description and findings re EC3 The RBNZ Act provides two main ways of setting minimum prudential standards for banks and banking groups: conditions of registration, imposed under section 74 of the RBNZ Act; and for requirements to publicly disclose financial information, Orders-in-Council (OiCs) made under section 81 of the RBNZ Act. These mechanisms apply equally whether the registered bank is a subsidiary or a branch of an overseas entity. The RBNZ Act gives the RBNZ the power to impose, vary, add to, or substitute, a bank’s conditions of registration. The conditions of registration actually operate as binding regulatory requirements and can be modified as indicated in the RBNZ Act. The procedural requirement for imposing conditions of registration is that the RBNZ consults with the affected bank (section 74(3)). No government approvals or consent are needed to set conditions of registration. The RBNZ has to have regard to any feedback from the consultation process. Section 81 of the RBNZ Act provides that the Governor-General may, by an OiC made on the advice of the Minister given in accordance with a recommendation of the RBNZ, prescribe information or data that must be published by all banks, or any class of banks.

19 In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by a bank. 20 In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or cross-jurisdictional activity (if any), and complexity of the bank, as set out in the BCBS paper on Global systemically important banks: assessment methodology and the additional loss absorbency requirement, November 2011.

NEW ZEALAND INTERNATIONAL MONETARY FUND 25 EC4 Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. Description and findings re EC4 The RBNZ has a policy to periodically review prudential requirements to ensure that they remain effective and relevant to changing industry practice. While there is no formal structured process for reviewing the entire stock of prudential regulations, the RBNZ indicates that they typically review larger policies every 5–10 years and minor policies on an ad hoc, ‘as required’ basis. For example, at the time of the assessment the RBNZ is reviewing capital and liquidity requirements, as well as the outsourcing policy and implementing changes to bank’s public disclosure requirements. Also, the RBNZ has recently completed its stocktake of the prudential requirements for banks and NBDTs. The objective of the stocktake was to identify ways to improve the efficiency, clarity, and consistency of the regulatory requirements in those sectors. This has led to several strands of work to implement improvements identified in the stocktake (see http://www.rbnz.govt.nz/regulation-and￾supervision/regulatory-stocktake). EC5 The supervisor has the power to: (a) have full access to banks’ and banking groups’ Boards, management, staff, and records in order to review compliance with internal rules and limits as well as external laws and regulations; (b) review the overall activities of a banking group, both domestic and cross-border; and (c) supervise the activities of foreign banks incorporated in its jurisdiction. Description and findings re EC5 Section 93 of the RBNZ Act 1989, on the supply of information by registered banks for purposes of prudential supervision, enables the RBNZ to require individual banks or classes of banks to provide any information, data or forecasts to review compliance with internal rules and limits as well as external laws and regulations. As discussed in CP12, this power provides the RBNZ with the ability to fully access the records of registered banks in New Zealand and the rest of their banking group on a subconsolidated based (whether based in New Zealand or in another jurisdiction). There is no difference in the RBNZ’s powers or approach in respect of a foreign bank incorporated in New Zealand. The RBNZ does not have the power to compel bank directors or senior staff to orally provide information, except in limited circumstances relating to an investigation into the affairs of a bank (sections 101 and 102(1)(c)). However, as a matter of supervisory practice the RBNZ expects to have access to a registered bank’s Board and management. The absence of a power to compel bank directors or senior staff to orally provide information also reflects the fact that the RBNZ does not carry out on-site inspections.

NEW ZEALAND 26 INTERNATIONAL MONETARY FUND EC6 When, in a supervisor’s judgement, a bank is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardize the bank or the banking system, the supervisor has the power to: (a) take (and/or require a bank to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the bank’s license; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the bank, including triggering resolution where appropriate. Description and findings re EC6 The RBNZ Act empowers the RBNZ to impose additional conditions of registration on banks (section 74). In addition, the RBNZ can issue, with the consent of the MoF, a direction to a registered bank in specified circumstances (generally serious circumstances relating to the position of the bank) (section 113). Failure to comply with requirements of the RBNZ Act is, in most cases, a criminal offence, carrying different penalties depending on the nature of the requirement that has been breached (see section 156AA, section 156AB, and section 156AC). The range of formal sanctions that can be imposed is slightly limited, in that financial penalties can only be imposed by taking criminal proceedings in the courts (for a further elaboration of this see CP11). The Minister may, by notice in writing to the RBNZ given in accordance with a recommendation of the RBNZ, direct the RBNZ to cancel the registration of a bank in specified circumstances (section 77). Nonetheless, the RBNZ indicates that they usually use moral suasion to induce corrective action. Finally, in the event of a bank failure or potential default, and in certain other circumstances set out in section 118, the RBNZ also has the power to recommend that the bank in question be placed into statutory management under section 117. A bank may be placed into statutory management by an OiC made by the Governor-General on the advice of the MoF given in accordance with this recommendation. In the conduct of a resolution, the RBNZ expects to cooperate and collaborate with relevant agencies. Relevant agencies will include the Treasury (where public funds may be at risk) and APRA where the failure relates to a bank or banking group that operates in Australia and New Zealand. Section 68A of the RBNZ Act also sets out a high level framework for cooperation with Australian authorities (including an obligation to consult with them, and take into account their advice, to the extent practicable in the circumstances). Cooperation and coordination in relation to resolution policy for banks

NEW ZEALAND INTERNATIONAL MONETARY FUND 27 with a trans-Tasman presence is carried out in part through the TTBC, and in part through bilateral interactions with APRA (see also section 68A, on trans-Tasman co-operation). EC7 The supervisor has the power to review the activities of parent companies and of companies affiliated with parent companies to determine their impact on the safety and soundness of the bank and the banking group. Description and findings re EC7 As discussed under EC5, the RBNZ has the power to require any associated person of a registered bank (including its parent company) to provide information, data, or forecasts relating to that associated person. However, the definition of associated person in section 2(2), does not cover affiliates that are sister companies of the parent or the bank itself, with the result that how the activities of those affiliates may affect the safety and soundness of the bank cannot be fully assessed. This also reflect the approach to consolidated supervision discussed in CP12. Assessment of Principle 1 Largely Compliant Comments The responsibilities of the RBNZ as banking supervisor are defined in the RBNZ Act. The role of the FMA (from a conduct perspective) and Treasury (from a “second opinion” advice perspective) are also defined, and mechanisms such as the CoFR are in place to identify regulatory gaps. However, there is a concern that responsibilities regarding banking supervision are not clearly defined at an operational level and understood by all authorities involved, in a way that may affect RBNZ operational independence (as discussed in CP2), and act as a hindrance to effective domestic cooperation (as discussed in CP3). This may detract from the clear roles expected in EC1. In addition, coordination and collaboration arrangements could follow the principles of transparency and traceability as further discussed in CP2. The primary objective of the RBNZ is broadly in line with CP1 EC2; however, there are ambiguities at an operational level. The statutory objectives of the RBNZ are broadly defined as “promoting the maintenance of a sound and efficient financial system; or avoiding significant damage to the financial system that could result from the failure of a registered bank.” Broad definitions of concepts such as “sound and efficient financial system,” “significant damage,” or a focus on systemic implications only, has resulted in the RBNZ developing over time a particular hands-off supervisory philosophy that departs from conventional, more resource-intensive supervisory practices. For example, the current approach does not involve independent verification of supervisory returns on a business-as-usual basis, or place particular weight on first-hand knowledge of the soundness and risk management of individual banks, as further discussed in CP9 and CP10. The RBNZ is encouraged to revisit its banking supervisory approach, as was fundamentally set up in 1996 with the formal introduction of the disclosure regime, and to rebalance the interplay of the three fundamental pillars based on what has changed in New Zealand and lessons learned since then. In this sense, it is worth mentioning that the RBNZ is currently defining its risk appetite framework, which will translate and reinforce

NEW ZEALAND 28 INTERNATIONAL MONETARY FUND the RBNZ’s supervisory objectives into practical outcomes, and clarify how supervision has to be conducted in practice. Finally, following the sub-consolidated approach of the RBNZ, as discussed in CP12, the definition of associated person does not include all affiliates of the bank. As a result, the way in which the activities of those affiliates may affect the safety and soundness of the bank cannot be fully assessed (EC7). Principle 2 Independence, accountability, resourcing, and legal protection for supervisors. The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor. Essential criteria EC1 The operational independence, accountability, and governance of the supervisor are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisor. The supervisor has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. Description and findings re EC1 The legal framework for the operational independence, accountability and governance of the RBNZ, and the RBNZ’s governance arrangements through its internal committees are detailed in EC2 and EC3 below. At the time of the assessment, there was no perception of government or industry interference that compromises the operational independence of the RBNZ. The RBNZ is funded from its own income (largely derived from its investments and from seigniorage) rather than by industry, and maintains conflict of interest policies for staff (see EC6). In addition, funding arrangements are intended to minimize the scope for political influence, while still maintaining appropriate disciplines around the RBNZ’s use of public resources. Specifically, the MoF and Governor agree on a Funding Agreement for five years that specifies the amount of the RBNZ’s income that may be paid or applied in meeting the operating expenses of the RBNZ in carrying out its functions and exercising its powers (section 159). The current funding agreement runs until June 30, 2020. The MoF and Governor may, by agreement, vary the provisions of a funding agreement or terminate an existing funding agreement and replace it with a new funding agreement (section 159). Funding agreements (and variations of funding agreements) must be ratified by Parliament before coming into effect. The RBNZ indicates that there are no powers for the government to intervene in supervisory actions or decisions taken by the RBNZ, except the requirement for the MoF to consent to the use of certain powers, specifically the power to direct banks, and certain aspects of statutory management (such as placing a bank into statutory management

NEW ZEALAND INTERNATIONAL MONETARY FUND 29 and agreeing to the sale of a substantial part of the business of the bank in statutory management). Subject to the requirement to obtain the consent of the MoF before using the crisis management powers noted above, the RBNZ has full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision. The MoF’s role in crisis management decisions, most notably with respect to how fiscal risks are managed in the context of a systemic bank failure, is currently under discussion. The MoF also has two specific mechanisms to influence how the RBNZ operates that enhance accountability arrangements; however, they do not require the RBNZ to take specific actions:  An annual letter of expectations, a new mechanism set up in 2010 with no formal legal status, which sets out how the Minister expects their engagement with the RBNZ to operate over the coming year, and provides the Minister with the opportunity to make comments on the government’s views to help inform the RBNZ’s Statement of Intent (see EC3 below).  The power under section 68B, a new section inserted into the RBNZ Act in 2008, to require the RBNZ to have regard (rather than being required to comply with the direction) to government policies relating to its functions in certain areas (including the registration and prudential supervision of banks). No directions have been issued under section 68B since the power was provided for in 2008. EC2 The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her term only for reasons specified in law or if he/she is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. Description and findings re EC2 The Governor as Head of Supervision: The RBNZ’s governance structure means that technically the Governor is responsible for all decisions conferred on the RBNZ by law, including prudential decisions. The RBNZ Act requires the RBNZ to have a Governor, who is the Chief Executive of the RBNZ (section 40), and has total authority. The RBNZ has up to two Deputy Governors, who shall perform such duties and functions as are determined by the Governor (section 43). The RBNZ’s Board (section 52) has no executive authority. The duties of the Board (in so far as they relate to the RBNZ’s role as the regulator and supervisor of registered banks) are to: (i) keep under constant review the performance of the RBNZ in carrying out its functions relating to the promotion of a sound and efficient financial system (section 53(1)(a)(ii)); (ii) keep under constant review the performance of the Governor in

NEW ZEALAND 30 INTERNATIONAL MONETARY FUND discharging the responsibilities of that office (section 53(1)(b); and (iii) keep under constant review the use of the RBNZ’s resources (section 53(1)(e)). The RBNZ Board, therefore, maintains a “watchdog” function over the decisions and responsibilities of the Governor on behalf of the MoF. For example, on April 22, 2016, the MoF released publicly a letter of expectations to the members of the RBNZ Board, where they are expected to advise the MoF, among other things, on RBNZ’s performance regarding:  The maintenance of a sound and efficient financial system, and how to judge performance with respect to this statutory objective.  The regulatory policy processes, and how to judge performance with respect to this function. In particular, whether the RBNZ has reasonably addressed any alternative perspectives from other relevant parties (e.g., the government, the Treasury, the CoFR, Australian stakeholders, the financial sector, and the wider public through consultation).  The relationships and how they are operating in practice. (See: https://www.beehive.govt.nz/release/english-releases-rb-board-letter-expectations) Outside of the RBNZ Act, the RBNZ maintains a Governing Committee comprised of the Governor, two current Deputy Governors, and the Assistant Governor. This Governing Committee is responsible for all major economic and final policy decisions made by the RBNZ, although as the single decision maker under the Act, the Governor is ultimately responsible for all decisions made by the Governing Committee. Appointments: The Governor of the RBNZ is appointed by the MoF on the recommendation of the RBNZ Board (section 40(1)). While the appointment is made by the MoF it is discussed at Cabinet. Governors are appointed for five year terms and there is no limit on the number of terms that can be served (section 42(1)). Deputy Governors are appointed by the RBNZ Board on the recommendation of the Governor (section 43(1)). Deputy Governors are appointed for five year terms and there is no limit on the number of terms that can be served (section 44(1)). Non-executive Board members are appointed by the MoF (section 54(1)(a)) for terms of up to five years (section 55(1)). The Minister has regard to the person’s knowledge, skills and experience, and the likelihood of a conflict between the interests of the RBNZ and the person being appointed (section 56) when making the appointment. There is no limit on the number of terms that a non-executive director may serve.

NEW ZEALAND INTERNATIONAL MONETARY FUND 31 Removal: The Governor of the RBNZ, or a Deputy Governor of the RBNZ, is disqualified from being appointed, or continuing in office, where any of the circumstances in section 46 of the RBNZ Act arise, such as being an employee of a supervised institution, convicted of certain offenses, or prohibited from being a director or manager of an incorporated or unincorporated body. A non-executive director is disqualified from being appointed in similar circumstances which are set out in section 58. In addition, and as a legal counterbalance to his or her personal authority in all matters conferred on the RBNZ, the Governor may be removed from office under section 49 of the RBNZ Act by an OiC made by the Governor-General on the advice of the MoF, where the MoF is satisfied that certain circumstances have arisen. These include that (i) the RBNZ is not adequately carrying out its functions; (ii) the Governor has not adequately discharged the responsibilities of that office; (iii) the Governor has obstructed, hindered, or prevented the Board from discharging its responsibilities under the Act; (iv) that the resources of the Bank have not been properly or effectively managed; (v) that the Governor, except as provided for in his or her conditions of employment, has held any other office of profit or an interest in a supervised institution or in a bank carrying on business outside of New Zealand; or (vi) the Governor is unable to carry out the responsibilities of office, or has been guilty of serious neglect of duty or misconduct. A Deputy Governor may be removed from office under section 50 of the RBNZ Act by an OiC made by the Governor-General on the advice of the MoF, where the MoF is satisfied that the Deputy Governor has been engaged in certain misconducts. Also, a non-executive Board member may be removed from office under section 59 of the RBNZ Act by an OiC made by the Governor-General on the advice of the MoF. As the instrument removing the Governor, a Deputy Governor or a non-executive director, is an OiC, it is a legislative instrument, and is automatically publically available. No Governor, Deputy Governor or non-executive director has ever been removed from office under these provisions. While there is no legislative requirement to disclose the reasons for removing the Governor, a Deputy Governor, or a non-executive director under these provisions, in practice it would be necessary to publically state these reasons if these powers were ever exercised. EC3 The supervisor publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives. Description and findings re EC3 The RBNZ publishes its objectives and is accountable for the discharge of its duties in relation to those objectives through its Statement of Intent, Annual Report, Financial Stability Report, and obligation to assess the regulatory impact of actual or proposed regulatory requirements.

NEW ZEALAND 32 INTERNATIONAL MONETARY FUND The RBNZ Act requires the RBNZ to prepare three separate types of accountability documents: Statement of Intent each year (section 162A), Annual Report (section 163), and Financial Stability Report twice a year (section 165A). The Statement of Intent (see http://www.rbnz.govt.nz/about-us/statements-of-intent), must include, amongst other things: the specific impacts, outcomes or objectives that the RBNZ seeks to achieve or contribute to; and how the RBNZ intends to perform its functions and conduct its operations to achieve those impacts, outcomes, and objectives. The Statement of Intent enables the Crown to participate in the process of setting the RBNZ’s medium-term intentions and undertakings, and provides a base against which the RBNZ’s actual performance can be later assessed. A draft of the Statement of Intent must be provided to the MoF not later than 30 days before the start of the financial year and the RBNZ must consider any comments the Minister may have on the Statement of Intent. When the comments relate to financial sector regulatory outcomes, the RBNZ must also provide a response to the comments to the Minister which demonstrates how the RBNZ has taken them into account in formulating its objectives. When the final version of the Statement of Intent is provided to the Minister, it stands referred to Parliament (and becomes publically available). The Annual Report (see http://www.rbnz.govt.nz/about-us/annual-reports) includes, amongst other things, an assessment against the intentions, measures, and standards set out in the statement of intent prepared at the beginning of the financial year. The FSR reports on matters associated with the RBNZ’s statutory prudential purposes; and contain the information necessary to allow an assessment to be made of the activities undertaken by the RBNZ to achieve its statutory prudential purposes under the RBNZ Act and any other enactment. Performance audit: The Minister may appoint a person to carry out an assessment of the performance by the bank of its functions and the exercise by the bank, of its powers under the Act. That person must present a report on the results of the audit to the MoF. The report stands referred to the Parliament once this is done (section 167). Regulatory impact assessments (RIA): The RBNZ is also required under section 162AB to assess the expected regulatory impacts of policies it proposes to adopt and of the policies that have been adopted under the prudential regime for banks (at intervals appropriate to the nature of the policy being assessed). They are published on the RBNZ’s website. However, this obligation does not apply when the policy is of a minor or technical nature. Publication of principles: Section 75 of the RBNZ Act requires the RBNZ to publish principles on which it acts, or proposes to act in determining applications to register a bank; and in imposing, varying, removing, or adding to conditions of registration. These

NEW ZEALAND INTERNATIONAL MONETARY FUND 33 principles are reflected (along with various other matters) in the Statement of Principles (BS1). EC4 The supervisor has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. Description and findings re EC4 The Governor, who is responsible for all decisions (including supervisory decisions), formally delegates a variety of decisions to: the Deputy Governor and Head of Financial Stability; the Head of the PSD; and the Senior Manager Supervision who reports to the Head of PSD and has oversight of the supervisory teams in PSD (each of the supervisory teams also has their own individual manager). Whether a matter is delegated, and if so, who it is delegated to, depends upon its significance. The most significant matters (e.g., whether to register a new bank, or whether to take enforcement action) are taken to the level of Governors, and less significant matters are taken at lower levels (e.g., a decision on requiring a bank to provide additional information for supervisory purposes is taken by the Senior Manager Supervision). Alongside this formal allocation of decision-making responsibility, the RBNZ also maintains two internal committees that meet on average every two weeks (but which can meet more frequently when required). These are the Banking Steering Group (BSG), and the Financial System Oversight (FSO) Committee. FSO comprises the Governor, both Deputy Governors, the Assistant Governor, the Head of Prudential Supervision, the Senior Manager Supervision, the Head of the Macrofinancial Department (MFD), the Head of Financial Markets, the General Counsel, all Managers within the PSD, and one of the RBNZ’s Senior Advisers. Where material supervisory decisions are made by the relevant decision-maker without formal discussion at BSG or FSO, that decision-maker will usually inform BSG or FSO members of that decision as part of the information sharing functions of those committees. The RBNZ relies on this decision-making structure to address actual or potential conflicts of interest via: the statutory provisions around matters that disqualify the Governor and Deputy Governors from continuing in office, or provide grounds for their removal from office (see EC2); and the RBNZ’s conflict of interest policy for all staff (see EC5). EC5 The supervisor and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. Description and findings re EC5 The RBNZ and its staff have credibility and act with professionalism and integrity, with statutory rules and/or internal policies in place to address or avoid conflicts of interest, ensure the appropriate use of information obtained through work, and ensure that

NEW ZEALAND 34 INTERNATIONAL MONETARY FUND sanctions are in place in the event of non-compliance with these statutory rules and internal policies. The RBNZ has a Code of Conduct, a conflict of interest policy, and a policy around disclosure of information that apply to all staff. Breaches of the conflict of interest policy can trigger action under the RBNZ’s disciplinary policy for staff. None of these documents are publically available, a situation which is currently under consideration with the conflict of interest policy likely to be published soon. EC6 The supervisor has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and program for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation, and participation in domestic and international meetings of significant relevance (e.g., supervisory colleges). Description and findings re EC6 The RBNZ is aware that the number of staff and size of the budget allocated to the regulation and supervision of banks would clearly be insufficient if an intrusive supervisory approach, including the use of on-site supervision, were in place. However, in light of the low-intensity supervisory approach, at the time of discussing the current five-year funding agreement with the MoF, the RBNZ considered that the budget would allow for sufficient resources and supervisory staff with appropriate skill sets to monitor and proactively identify emerging risks, take all reasonable steps to keep financial stability risks low, and respond to any future crises and, thereby, deliver effective supervisory discipline. The RBNZ’s general funding arrangements are described under EC1. The headcount of the PSD was 54 in 2015/16. In addition to the prudential supervision of banks, the department is also responsible for prudential policy, the supervision of licensed insurers, oversight of the NBDTs and FMI sectors, and AML supervision of banks, life insurers, and NBDTs. There are 10 staff allocated to the supervision of banks structured into four “pods.” Each pod is comprised of a senior supervisor and 1–3 more junior staff, and is responsible for

NEW ZEALAND INTERNATIONAL MONETARY FUND 35 one of the four largest banks (i.e., ANZ, BNZ, ASB, and Westpac) and a number of smaller banks. The RBNZ maintains a formal remuneration policy for all staff. This policy reflects the RBNZ’s objective of attracting and retaining employees with the appropriate skills and experience to enable it to achieve its goals. The RBNZ carries out an annual review of the remuneration pay ranges in each job family. In general, the PSD does not formally outsource supervisory functions. However, in the 2015/16 year the PSD had a budget for professional services, including consultants, which PSD considers sufficient. The RBNZ Act provides for three areas where the PSD can delegate supervisory activities to external experts: the appointment of a person to carry out independent reports on a bank under section 95; the appointment of a person to enter and search premises as part of an investigation under section 99(2)(b) and the appointment of an investigator under section 101; and the appointment of a statutory manager under section 117. With the exception of a person appointed under section 95, all of these persons are subject to the confidentiality requirements in section 105. In 2015/16 the PSD had a training budget that was considered to have been sufficient to ensure the ongoing training of staff. It was mentioned that on an FTE basis the department training budget is roughly equivalent to broad public sector benchmarks and exceeds private sector benchmarks. In 2015/16 the PSD also had an infrastructure budget that included workstation and network costs. The PSD considers that this budget was sufficient to provide the tools necessary to carry out the RBNZ’s supervisory functions. Finally, in 2015/16 the PSD had a travel budget, including overseas travel. The PSD considers that this has been sufficient to ensure the right level of interactions with industry domestically and an effective level of representation internationally. EC7 As part of their annual resource planning exercise, supervisors regularly take stock of existing skills and projected requirements over the short- and medium-term, taking into account relevant emerging supervisory practices. Supervisors review and implement measures to bridge any gaps in numbers and/or skill-sets identified. Description and findings re EC7 When annual planning identifies emerging supervisory practices, or projected requirements, which necessitate skills that are not present in the Banking Oversight teams, the PSD addresses this in two ways (both of which reflect the resource constraints that Banking Oversight operates under). Firstly, through training opportunities existing resources are able to meet emerging requirements. For example, the PSD is currently working to identify suitable cyber-security courses to send staff on. Alternatively, by collaboratively utilizing appropriate resources from other parts of the PSD, or the wider Reserve Bank. For example, Banking Oversight is currently working to expand its private data collection to place additional focus on large exposures. Resource to help design this reporting system and template has until recently been provided by the department’s

NEW ZEALAND 36 INTERNATIONAL MONETARY FUND Operational Policy team. (The Operational Policy team member in question is now continuing to provide this support on secondment to the Bank’s Statistics Unit.) The RBNZ acknowledges that there may be scope for greater formality around the annual supervisory planning process and filling identified gaps in numbers and skill sets. EC8 In determining supervisory programs and allocating resources, supervisors take into account the risk profile and systemic importance of individual banks and banking groups, and the different mitigation approaches available. Description and findings re EC8 Banking Oversight follows its “PRESS analysis” (discussed in detail in CP8) that determines the risk profile of each bank and, thereby, helps influence supervisory work programs and how resources are allocated. Due to the nature of the New Zealand banking system, the findings automatically calibrate additional oversight for the five systemically important banks. At a system level PRESS findings are used to influence thematic work. For example, in 2013 it was becoming apparent that banks were materially increasing their exposures to Auckland residential property, due to a number of factors including rapid house price inflation. Banking Oversight therefore undertook a thematic review of the systemically important banks, and selected smaller entities to look at their credit approval processes for residential lending. In 2015/16, given the impact on rural borrowers’ income from lower dairy prices, Banking Oversight has begun focusing its efforts on reviewing bank classification of watch-list through to nonperforming loans, as well as provisioning practices. Nonetheless, the RBNZ considers some additional mitigating factors in the level of oversight, such as the simple business model of the local banking industry, and the trans-Tasman coordination arrangements to deal with the heavy presence of significant subsidiaries of systemically important banking groups in Australia, also supervised by APRA. EC9 Laws provide protection to the supervisor and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisor and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. Description and findings re EC9 The RBNZ Act provides that officers, employees, and directors of the RBNZ are not liable for actions or omissions in the exercise or performance in good faith of their functions, powers and duties the Act. It also provides that they (and the RBNZ itself) are indemnified by the government for any liability arising out of the exercise (or failure to exercise) a power under the Act unless they acted (or failed to act) in bad faith. This indemnity expressly extends to the cost of defending legal proceedings. Section 179 of the RBNZ Act provides that a number of persons (including officers, employees and directors of the RBNZ, although not the RBNZ itself) shall not be liable for an act done or omitted to be done in the exercise or performance in good faith of their

NEW ZEALAND INTERNATIONAL MONETARY FUND 37 functions, powers, or duties under the Act (which includes functions, powers, and duties relating to the regulation and supervision of registered banks). In addition, section 179A provides that the Crown indemnifies listed persons for any liability that arises from the exercise or purported exercise of, or omission to exercise, any power conference by the RBNZ Act unless it is shown that the exercise or purported exercise of, or omission to exercise, the power was in bad faith. The listed persons for these purposes include: (i) every officer or employee of the RBNZ; (ii) every director of the RBNZ; and (iii) the RBNZ itself. Assessment of Principle 2 Materially non-compliant Comments Regarding compliance with CP2, the number of staff and size of the budget allocated to the regulation and supervision of banks is the critical deficiency (EC6) to comply with this Principle and to develop an effective supervisory approach. The RBNZ has noted that the current focus on public disclosure and bank directors’ attestation arguably reduces the need for more resource-intensive supervisory activities. However, there is an urgent need to reassess the adequacy of resources to ensure the effectiveness of banking supervision, even if the current low-intensity supervisory approach were maintained. It might be desirable that the long-term funding agreements between the MoF and the Governor provide for some flexibility, such as a routine process for annual reviews and updates. The operational independence, accountability, and governance of the RBNZ are prescribed in legislation, and the RBNZ’s governance is elaborated through the terms of reference for its internal committees. The RBNZ Board monitors, on the MoF’s behalf, the performance of the Governor, who has full authority and responsibility for all the RBNZ’s statutory objectives, including prudential supervision. As a means to make this effective, the MoF has recently released publicly a letter of expectations to provide advice on the RBNZ’s performance against its main statutory objectives, including the maintenance of a sound and efficient financial system, and the regulatory policy processes (EC2). This will help further define the conceptual framework against which the RBNZ is accountable. The powers of the government to influence operational decisions of the RBNZ are circumscribed so that they cannot be used to require specific decisions be made or outcomes achieved. The RBNZ and its staff have credibility and act with professionalism and integrity. Nonetheless, the authorities may wish to align the RBNZ Act with the Insurance (Prudential Supervision) Act (IPSA) and the NBDT Act by removing the role of the Minister in issuing directions (as discussed in CP11). The RBNZ Act provides powers to operate at arm’s length from the government and MoF, subject to those checks and balances embedded in the legislation. Opportunities for the Minister to proactively engage on government policy objectives (e.g., the ability of the MoF to issue a direction requiring the RBNZ to have regard to a government policy) are mainly governed by the RBNZ Act and an MoU signed with the Treasury in 2012. This MoU, however, creates ambiguities in the role of the RBNZ and Treasury. At the moment

NEW ZEALAND 38 INTERNATIONAL MONETARY FUND lack of clarity on roles and attributions from an operational point of view have been mostly manifest in some aspects of the coordination of policy advice. However, ambiguities, if not addressed decisively, may lead to undue government interference in the prudential responsibilities of the RBNZ (EC1). Procedural clarity, and transparency and traceability of coordination processes, are important to further strengthen the operational independence of the RBNZ. The authorities should reassess the need to clearly delineate the roles and responsibilities of the Treasury as adviser to the MoF vis-à-vis the RBNZ’s statutory objectives in banking supervision to ensure that control functions and check-and-balances do not unduly interfere in supervisory operations to the extent of eventually jeopardizing the RBNZ’s operational independence. Arrangements and procedures for interaction between the Treasury and RBNZ have to be established clearly and formalized. A narrow understanding of those sections in the RBNZ Act where the Minister may have the faculty to intervene in RBNZ operations, such as section 68B, and the current MoU mentioned before, can be considered. Principle 3 Cooperation and collaboration. Laws, regulations, or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.21 Essential criteria EC1 Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. Description and findings re EC1 The RBNZ operates as an integrated prudential supervisor, resolution authority, macroprudential authority and central bank. This facilitates the timely sharing of information and collaborative across the different RBNZ statutory functions. Formal arrangements for cooperation with other domestic authorities with responsibility for the safety and soundness of banks, other financial institutions and/or the stability of the financial system, include:  The CoFR, set up in 2011, comprises agencies involved in financial system regulation and supervision: The RBNZ, FMA, Treasury, and the MBIE. It is not a decision-making body but a forum to share information. CoFR members still retain ultimate responsibility over their respective policy areas and mandates. It is not a committee for crisis management. Housing and dairy are normal topics of discussion. The committee is alternately chaired by the RBNZ Governor and CEO of FMA.

21 Principle 3 is developed further in the Principles dealing with “Consolidated supervision” (12), “Home-host relationships” (13) and “Abuse of financial services” (29).

NEW ZEALAND INTERNATIONAL MONETARY FUND 39 A sub-committee of the CoFR is the Banking Forum for the member agencies of the CoFR to update each other on their regulatory initiatives and priorities, and to identify gaps or overlaps in financial sector regulation and supervision. It discusses, for example, the Forward Calendar, which lists the current and upcoming regulatory initiatives of each of the Banking Forum’s members, indicating the level of engagement from the banking industry that each of the initiatives is expected to require. More detailed information on the CoFR and the Banking Forum, including terms of reference and MoU, can be found at: www.rbnz.govt.nz/regulation-and￾supervision/banks/relationships.  MoU with FMA: in 2011, the RBNZ and FMA signed an MoU on information sharing, mutual assistance and coordination. See: www.rbnz.govt.nz/- /media/ReserveBank/Files/regulation-and￾supervision/banks/relationships/4525498.pdf. FMA and the RBNZ are currently exploring collaboration and data-sharing opportunities on the managed fund industry data. The FMA and the RBNZ continue to engage each other in respect of entities that are considered at the boundary or perimeter of being formally regulated, such as website-based entities. Finally, the RBNZ and FMA also entered into an agreement that sets out how they will exercise the joint powers provided under Part 5C of the RBNZ Act. See: www.rbnz.govt.nz/- /media/ReserveBank/Files/regulation-and-supervision/financial-market￾infrastructure-oversight/4621382.pdf?la=en.  Macroprudential policy and MoU with the Treasury: in May 2013 a new policy area (macroprudential policy) was formalized with the signing of a MoU between the MoF and Governor (see: www.rbnz.govt.nz/financial-stability/macro-prudential￾policy/mou-between-Minister-of-finance-and-Governor-of-rbnz). It was set up as an additional accountability mechanism recognizing the RBNZ as the primary decision-maker on developing and implementing macroprudential policy. In addition, there is an MoU on information exchange and collaboration between the RBNZ and Treasury, recognizing that they have a common interest in matters relating to financial stability and to coordinate advice given to the MoF in a period of actual or potential financial distress. After the crisis of the finance companies sector, which had a final fiscal cost of approximately NZ$2bn, the Treasury has increased its interest in prudential policy making, particularly in the area of crisis management where prudential policy decisions may have fiscal ramifications. The Treasury and RBNZ have a common interest in matters relating to financial stability. Both have roles in the event of financial distress and need to ensure the government has appropriate crisis resolution tools that meet each agencies’ objectives. Both need to

NEW ZEALAND 40 INTERNATIONAL MONETARY FUND coordinate advice to the Minister in a period of actual or potential financial distress. Both have a joint role in providing advice on whether the overall financial stability framework is fit for purpose. Consistent with this, the Treasury will provide second opinion advice to the Minister on prudential regulation and supervision where this impacts on the wider economy and may create fiscal contingencies. These advisory roles of both the RBNZ and Treasury on prudential policies may have created grey areas similar to those discussed in relation to section 68B, which eventually could affect financial stability outcomes. EC2 Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisors of banks and banking groups. There is evidence that these arrangements work in practice, where necessary. Description and findings re EC2 Australia: The Ministers agreed in 2005 to establish the Trans-Tasman Council on Banking Supervision (TTBC) as a major step towards the development of a single economic market in banking services. The Council set the bar high in response to the interdependence between New Zealand and Australia in banking supervision, and aims at promoting a joint approach to trans-Tasman banking supervision that delivers a seamless regulatory environment, including crisis management preparedness (see ToR for TTBC: http://www.rbnz.govt.nz/regulation-and-supervision/banks/relationships/terms-of￾reference-for-the-trans-tasman-council-on-banking-supervision). These high expectations are considered as an ideal that its members strive to achieve. The TTBC is jointly chaired by the Australian and New Zealand Treasuries, and is comprised of senior officials from Australian authorities namely APRA, the RBA, and ASIC; and New Zealand authorities namely the RBNZ and FMA. Its tasks include: (i) enhance cooperation on the supervision of trans-Tasman banks as well as information sharing between the respective supervisors; (ii) promote and review regularly trans-Tasman crisis response preparedness involving banks that operate in both countries; and (iii) guide the development of policy advice to both governments, underpinned by principles of policy harmonization, mutual recognition and trans-Tasman coordination. A key recommendation of the Council led to amendments in the RBNZ Act as well as in reciprocal Australian legislation. These recommendations are now embodied in section 68A of the Act. This legislation now requires that the RBNZ, when performing its prudential supervision functions or duties under the RBNZ Act or IPSA, support Australian authorities in meeting their statutory responsibilities for prudential regulation and financial system stability in Australia and to the extent reasonably practicable, for the RBNZ to avoid any action that is likely to have a detrimental effect on financial stability in Australia. Equivalent legislation was passed in Australia. Under section 98A of the RBNZ Act, subject to authorization by the RBNZ, home country supervisors have access to information and may conduct an inspection of banks

NEW ZEALAND INTERNATIONAL MONETARY FUND 41 represented in New Zealand subject to confidentiality requirements. The information or data required should be for the purpose of exercising supervisory functions by the home country supervisor. To further enhance cooperation and collaboration, the RBNZ has required that all information sent by the New Zealand subsidiary bank to APRA is also provided to the RBNZ. In 2005 the RBNZ and APRA signed a MoU that set out cooperation arrangements for the implementation of Basel II. Although there is no such MoU for Basel III implementation, the RBNZ has worked closely with APRA on Basel III policy, especially on the alignment of non-viability loss absorbency requirements so that the capital of banks that are subsidiaries of Australian-incorporated banks could be recognized by both regulators. In 2012 the RBNZ and APRA signed a MoU concerning cooperation in banking and insurance supervision. Informal bilateral relationships are maintained between the RBNZ and APRA. The RBNZ also participates as observers in APRA's on-site inspections to Australian-owned banks in New Zealand and in APRA supervisory colleges for those banks. The RBNZ and APRA have cooperated on planning and testing crisis management scenarios, and regularly coordinate stress testing exercises. The RBNZ has undertaken to engage with APRA in the course of pursuing regulatory initiatives affecting the New Zealand subsidiaries of Australian banks (e.g., when the OBR policy was being developed). In the event that a trans-Tasman bank is placed under “statutory management,” actions of the appointed statutory manager shall be notified to all relevant Australian authorities if these actions are likely to have a detrimental effect on Australian financial system stability (section 121A of the Act). There are matching obligations on the administrator of an Australian parent bank and APRA under section 14DA of the Australian Banking Act 1959). Other arrangements with foreign supervisors: The RBNZ and the U.K.'s supervisory authority (the Prudential Regulation Authority, formerly Financial Services Authority) have entered into an MoU, that establishes an arrangement for sharing supervisory information, to assist with the supervision of banking and insurance organizations that operate both in New Zealand and the U.K. The Netherlands: the RBNZ is a member of the General Supervisory College on Rabobank and participated in meetings hosted by De Nederlandsche Bank (DNB) in Amsterdam in 2011 and also in 2013. The RBNZ also requested the lead supervisor for Rabobank in the ECB to share the outcomes of the recent supervisory college meeting held in 2015. The RBNZ is a member of EMEAP, the Executives' Meeting of East Asia-Pacific Central Banks (see www.emeap.org). In line with the RBNZ’s obligations under EMEAP and the agreed framework for crisis management and resolution, the RBNZ will share information

NEW ZEALAND 42 INTERNATIONAL MONETARY FUND and alert foreign supervisory authorities in the event that conditions increase the likelihood of failure of a bank domiciled in New Zealand, and that could potentially have adverse consequences in an EMEAP jurisdiction or the region as a whole. The procedure to alert other EMEAP authorities is not intended to be applied mechanistically, and discretion in assessing the severity of the problem is expected. The RBNZ is aware that they need to advance arrangements with China and India. EC3 The supervisor may provide confidential information to another domestic authority or foreign supervisor but must take reasonable steps to determine that any confidential information so released will be used only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. Description and findings re EC3 Section 105(2) of the RBNZ Act, on confidentiality of information, empowers the RBNZ to share information with other central banks/authorities that exercise similar functions; to any person whom the RBNZ is satisfied has a proper interest in receiving the information; or with the consent of the person to whom the information relates. There is a confidentiality provision for the protection of information supplied to the RBNZ for purposes of the exercise of its bank registration, supervision, and crisis management powers. The RBNZ must be satisfied that the recipient is able to protect the confidentiality of the information shared (s105(3)). The RBNZ may specify conditions in sharing said information (s105(5)(b)). Other safeguards in the handling of confidential information are discussed in EC4 below. EC4 The supervisor receiving confidential information from other supervisors uses the confidential information for bank-specific or system-wide supervisory purposes only. The supervisor does not disclose confidential information received to third parties without the permission of the supervisor providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisor is legally compelled to disclose confidential information it has received from another supervisor, the supervisor promptly notifies the originating supervisor, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to passing on confidential information is not given, the supervisor uses all reasonable means to resist such a demand or protect the confidentiality of the information. Description and findings re EC4 Refer also to the response to EC3 above. Safeguards instituted to preserve confidential treatment of information received are:  Under section 105(7) it is an offence for any officer or employee of the RBNZ or a person appointed to obtain information on behalf of the RBNZ or for a member of an Advisory Committee of a bank that is in statutory management to contravene the confidentiality provision in the Act.

NEW ZEALAND INTERNATIONAL MONETARY FUND 43  Authority to request information is subject to the review/approval of the Head of Prudential Supervision or the appointed principal contact person specified in the bilateral MoUs.  The RBNZ’s code of conduct requires all staff to be cautious about disclosing information. Failure to meet the standards could result in dismissal.  Penalties for misuse of confidential information are set in sections 105 and 156AA. Under paragraph 13 and 14 of the MoU with APRA, when an authority is legally compelled to disclose information in accordance with the MoU to a third party, the authority is expected to promptly notify the other authority indicating what information it is compelled to release and the circumstances surrounding the release. The authorities expect each other, if requested to do so, to use their best endeavors to preserve the confidentiality of the information to the extent permitted by law. When an authority wishes to disclose information received under the MoU to a third party but is not compelled to do so, the authority is expected to notify the other authority and shall consider imposing conditions such as ensuring that the information be kept confidential and not be further released without the relevant authority’s consent. The MoU with U.K. FSA, today PRA, provides, under paragraph 5, that the party receiving a request from third parties for any confidential supervisory information, shall notify the providing party prior to releasing such information, and shall solicit the latter’s views as to the propriety of providing such information to the third party. EC5 Processes are in place for the supervisor to support resolution authorities (e.g., central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. Description and findings re EC5 The RBNZ and Treasury have roles within resolution and would expect to coordinate advice in times of distress. Practical arrangements are at an early stage of development. OBR is just one tool in the toolkit—not tested as yet—and powers relevant to resolution are spread through the RBNZ Act and the Public Finance Act 1989. The RBNZ Act gives the RBNZ the ability to provide directions (s113), recommend statutory management (s117), and direct the statutory manager where necessary. The Public Finance Act provides the authority for the MoF (on behalf of the Crown) to give a guarantee if this is in the public interest (s65ZD), and allows the Minister to extend a guarantee on whatever terms they may decide. The MoU with the Treasury provides that the RBNZ and Treasury have a joint lead given the regime’s reliance on powers within the respective Acts. In the event of financial distress, the RBNZ will inform the Treasury and the Minister of any risk to financial institutions that may require the Minister exercising any of their powers under the Act. In

NEW ZEALAND 44 INTERNATIONAL MONETARY FUND practice, one agency or the other would act as the lead authority, in close collaboration with the other on particular matters depending on the tool used:  Powers such as the ability to give directions and to recommend statutory management are exercised by the RBNZ under the Act.  The MoU provides that “in anticipation of and following any government intervention in the financial system the Treasury will lead on operational matters arising from financial distress where these have fiscal implications.” The government is currently considering how the agencies would coordinate within OBR in light of the fiscal risks associated with the Crown guarantee. The Treasury has not been involved in resolution and recovery planning with respect to individual New Zealand banks, but is discussing the development of OBR with the RBNZ. The Treasury is working with the Australian Treasury to explore opportunities for joint resolution. The RBNZ and other TTBC agencies are contributing to this work. Recovery and resolution plans (RRPs): the RBNZ’s supervisory and regulatory work does not include requirements for banks to submit institution-specific recovery and resolution plans. The RBNZ is maintaining a watching brief on the implications for the four Australian-owned registered bank groups of APRA’s living will proposals for their parent banks. The RBNZ has developed policies to promote effective failure resolution like local incorporation, outsourcing and bank capital policy, e.g., in regard to the issuance of bail-in instruments. The OBR functionality has been pre-positioned in banks with retail deposits over $1 billion. Annual testing of this functionality is required under banks’ conditions of registration. Work continues on the OBR staff manual covering the processes that the RBNZ and other agencies are expected to undertake when confronted with a failure and OBR is applied. The outsourcing policy is currently under review. The revised policy, as proposed, will encourage banks to complete separation planning to ensure that banks can be separated from their parent banks and stabilized within OBR without severe adverse consequences to the financial system. Prior to public consultation, the RBNZ shared its outsourcing policy consultation documents with Treasury and the MoF for comments. The Treasury indicated strong support for separation planning and considered it an essential component of the resolution of a major bank. The review of the outsourcing policy follows a stocktake undertaken by the RBNZ in 2014 on banks’ outsourcing arrangements. The stocktake found that banks had inconsistently interpreted and applied the existing policy.

NEW ZEALAND INTERNATIONAL MONETARY FUND 45 Dealing with payment systems, the RBNZ has also supported the efforts of Payments NZ, the authority on payment systems in New Zealand, together with the banks and payment switches, to agree on a set of ‘failure to settle’ rules consistent with the RBNZ’s policy goals. Trans-Tasman arrangements: following the GFC in 2008, the TTBC member agencies stepped up discussions on crisis coordination. A publically available memorandum of cooperation (MoC) was signed in 2010 followed by the conduct of a trans-Tasman crisis simulation exercise. The purpose of the MoC is to assist in achieving a coordinated response to financial distress of a trans-Tasman bank (see: http://www.rbnz.govt.nz/- /media/ReserveBank/Files/regulation-and-supervision/banks/relationships/5181778.pdf). In 2011, TTBC carried out a crisis simulation exercise to test elements of the MoC. The outcome of the crisis exercise formed the basis for the future work program of the Council. Another crisis simulation exercise is expected to be run in September/October 2017. The two Treasuries have been leading the work in the TTBC in studying the advantages and disadvantages of a joint resolution strategy and contagion risks from the failure of a trans-Tasman bank. The OBR mechanism is an example of a multiple point of entry approach in resolution, should resolution at the parent bank or group level (i.e., single point of entry approach) fail. Assessment of Principle 3 Largely compliant Comments With regards to domestic authorities, the RBNZ is the prudential supervisor, macroprudential authority and resolution authority. This facilitates sharing information across these different functions. Assessments of the banking sector will be shared with the MoF, Treasury, and other relevant authorities for managing a financial crisis. Under the Act, the RBNZ and MoF are authorized to deal with bank failure and resolution having regard to financial stability objectives. The MoF also takes into account the fiscal implications of various resolution options and considers the impact of regulatory policy on the Crown’s balance sheet. However, as discussed in CP2, the RBNZ and Treasury have both advisory roles and responsibilities within resolution and prudential policy-making that have the potential to hinder effective collaboration (see EC1 and EC5). Sound practical arrangements for cooperation and collaboration are in place, but the respective roles of the RBNZ and Treasury have to be clarified further. With regards to foreign supervisors (particularly APRA), the RBNZ maintains excellent relationships and communication with the Australian authorities, as discussed in CP13. The framework for cross-border collaboration between Australia and New Zealand is now rooted in relevant legislation in both countries. These legislative provisions are intended to ensure that Australian and New Zealand authorities support each other in the

NEW ZEALAND 46 INTERNATIONAL MONETARY FUND performance of their respective regulatory responsibilities, thereby promoting a consistent approach to trans-Tasman banking supervision. At an operational level, the TTBC was set up to provide a road-map for trans-Tasman cooperation and distress management with cross border implications. The arrangements for cooperation and collaboration with the Australian authorities can be considered unique, and attest to the high quality of the relationships. However, given the unique interdependence between the RBNZ and APRA, enhanced collaborative work between the two supervisors to fulfill their own statutory objectives is expected in EC2 and EC5. Recommendations to address deficiencies in CP2 and CP13, as they relate to cooperation and collaboration with national and trans-Tasman authorities, address also deficiencies to achieve compliance with CP3. Principle 4 Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. Essential criteria EC1 The term “bank” is clearly defined in laws or regulations. Description and findings re EC1 The term “bank” is legally defined and reserved to those financial institutions licensed or registered as a “bank” by the RBNZ. However, it is important to note that in New Zealand what constitutes a “bank” has not been traditionally defined by what business an entity carries on, but by whether the institution is registered as a “bank” by the RBNZ (i.e., until 2014, “nonbank deposit takers”: finance companies, building societies, and credit unions could take public deposits without being licensed and under a very lenient or non-existent regulatory environment). EC2 The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations. Description and findings re EC2 Section 73 (1) of the RBNZ Act establishes that the RBNZ “shall not register any person as a registered bank unless it is satisfied that the business carried on…consists of the borrowing and lending of money, or the provision of other financial services, or both.” Through conditions of registration, the RBNZ limits non-financial activities and insurance business to immaterial amounts (in the case of insurance business explicitly not greater than 1 percent of the registered bank’s consolidated assets). The RBNZ, in its Statement of Principles (BS1), comments what business an applicant for bank registration may, and may not, undertake. (BS1 see: www.rbnz.govt.nz/-/media/ReserveBank/Files/regulation-and￾supervision/banks/banking-supervision-handbook/3272066.pdf?la=en). EC3 The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled.

NEW ZEALAND INTERNATIONAL MONETARY FUND 47 Description and findings re EC3 Registered banks are the only type of financial institution that are permitted to call themselves banks, including derivatives of that word, as part of their name (and the RBNZ itself). Part 4 of the RBNZ Act 1989 restricts the use of the words “bank,” “banker,” and “banking” in a name or title to banks registered under Part 5 of the Act. Thus, the RBNZ Act prevents any financial institution from being legally established or from carrying on any activity in New Zealand while calling itself a bank, unless it is a “registered bank.” The RBNZ maintains on its website a list of notices and cautions of institutions that use the word “bank” but are not registered as banks (see: http://www.rbnz.govt.nz/regulation-and-supervision/cautions-and-notices). Specified persons (i.e., financial institutions that are not registered banks, such as NBDTs), may not use a restricted word in any advertisement unless that advertisement contains a statement that the specified person is not a registered bank (see sections 64, 66B, and the RBNZ website). EC4 The taking of deposits from the public is reserved for institutions that are licensed and subject to supervision as banks. Description and findings re EC4 By law, the taking of deposits is limited to registered banks, and licensed NBDTs as discussed in EC1. See the RBNZ Act—section 64, and NBDT Act 2013—sections 2, 5, 11. The RBNZ took on responsibility for regulating the NBDT sector in 2008 with an amendment to the RBNZ Act. Subsequently a licensing regime was introduced with the passage of the NBDT Act in 2013 (the new Act also carved out the relevant sections of the RBNZ Act that pertained to NBDTs). As a result, from 2014 NBDTs (finance companies that raise funds from the public, most building societies, and credit unions) must be licensed in order to carry on NBDT business in New Zealand. NBDTs are regulated by the RBNZ and supervised by their private sector trustee companies. In terms of total deposits, the NBDT sector is less than 1 percent of the size of the bank sector at the time of the assessment. They had a significant presence prior to the GFC, but the collapse of the finance company industry between 2006–2010 has reduced the size of the sector significantly. Failures in this sector have\had an estimated fiscal cost of approximately NZ$2 billion. A caution issued by the RBNZ on March 28, 2011, indicates that there are a number of New Zealand incorporated entities whose business consists of providing financial services solely outside of New Zealand. These entities usually operate over the internet and have no (or limited) physical presence in New Zealand. These New Zealand entities do not have to be licensed in New Zealand. New Zealand incorporated entities that provide financial services only outside New Zealand are not supervised by the RBNZ, FMA, or any other New Zealand regulatory authority.

NEW ZEALAND 48 INTERNATIONAL MONETARY FUND EC5 The supervisor or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. Description and findings re EC5 The RBNZ must, as required by the RBNZ Act, publish a register of registered banks. This includes branches of overseas incorporated (foreign) banks (see the RBNZ Act – section 69). It does so by publishing an informative list of registered banks on its website: http://www.rbnz.govt.nz/regulation-and-supervision/banks/register. Assessment of Principle 4 Largely compliant Comments The term “bank” is legally reserved to those financial entities that are registered by the RBNZ. Registration by the RBNZ is what constitutes a bank, and not what business an entity carries on. This situation may have created lack of clarity in the past, but this has been subsequently clarified when the Reserve Bank assumed responsibility for licensing and regulating NBDTs. Their supervision is entrusted to their private sector trustee companies. A registered bank must be carrying on the business of borrowing and lending money or providing other financial services (or both). The activities it may undertake are restricted through the conditions of registration imposed on banks. The taking of deposits is restricted to registered banks (and licensed NBDTs). Insurance activities and nonfinancial activities carried on by registered banks are limited to non-material amounts. The authorities need to assess the risks posed by companies registering in New Zealand and offering bank-like or other financial services solely outside New Zealand (see EC4). Principle 5 Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management, and projected financial condition (including capital base). Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained. Essential criteria EC1 The law identifies the authority responsible for granting and withdrawing a banking license. The licensing authority could be the banking supervisor or another competent authority. If the licensing authority and the supervisor are not the same, the supervisor has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisor with any information that may be material to the supervision of the licensed bank. The supervisor imposes prudential conditions or limitations on the newly licensed bank, where appropriate.

NEW ZEALAND INTERNATIONAL MONETARY FUND 49 Description and findings re EC1 The RBNZ Act empowers the RBNZ as both the licensing authority and the supervisor of registered banks (section 67). The RBNZ Act empowers the RBNZ to recommend to the MoF that a bank’s registration be cancelled if specific circumstances arise (section 77). The Act allows the RBNZ to impose conditions of registration on licensed banks (section 74). In practice all banks are given conditions of registration at the time of registration. The standard conditions are set out in the Statement of Principles (BS1–Appendix 1), and individual conditions can also be imposed where appropriate. These conditions have the legal status of regulatory requirements. EC2 Laws or regulations give the licensing authority the power to set criteria for licensing banks. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisor determines that the license was based on false information, the license can be revoked. Description and findings re EC2 The RBNZ Act sets out the criteria the RBNZ must use when assessing a registration application (sections 73 and 78). The Act requires that the manner in which these criteria are applied by the RBNZ must be published in a statement of principles (section 75). The principles on which the RBNZ will act when determining an application for registration are contained in the policy document Statement of Principles (BS1). The RBNZ publishes a list and description of the information that must be provided by an applicant when making an application (see Application for status as a registered bank: Material to be provided to the RBNZ (BS3)). In relation to this and subsequent ECs, the RBNZ’s practice with registrations was checked by looking at two recent examples provided of the analysis and documentation involved in assessing an application. The RBNZ has the power to reject any application that does not fulfil the legislative criteria. For example, shell banks will not be registered because they do not meet the registration criteria. In fact, the registration process and criteria are highly demanding and for the past several years only a small number of foreign banks with no systemic importance have been registered, as well as several former NBDTs which applied and were considered fit to be registered as a bank. The New Zealand banking system continues to be one of the most concentrated banking systems among developed economies. The RBNZ may recommend to the MoF that a registration be revoked on a number of grounds, including if the registration was granted on information that was materially false or misleading (section 77(1)). This scenario has not yet taken place. EC3 The criteria for issuing licenses are consistent with those applied in ongoing supervision. Description and findings re EC3 The RBNZs Statement of Principles sets out how the RBNZ supervises registered banks. The RBNZ’s supervision methodology is consistent with the registration criteria and

NEW ZEALAND 50 INTERNATIONAL MONETARY FUND practice set out in the RBNZ Act and the Statement of Principles. In addition, the RBNZ can use its legislative disciplinary powers when the registered bank fails to maintain compliance with the licensing criteria. EC4 The licensing authority determines that the proposed legal, managerial, operational, and ownership structures of the bank and its wider group will not hinder effective supervision on both a solo and a consolidated basis.22 The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. Description and findings re EC4 The RBNZ Act sets out the matters the RBNZ must have regard to when assessing a registration application. Section 73(2) includes the incorporation and ownership structure of the applicant; the size and nature of the applicant’s business; and the ability of the applicant to carry on its business in a prudent manner. This applies at both a solo and consolidated level. The Statement of Principles (sections C(II)-C(IV)) outlines how these requirements are implemented. In respect of ownership structure, the RBNZ looks at whether the owners have proper incentives to monitor the activities of the proposed bank and act in a manner that will maintain its soundness, and also the degree of separation between the Board of the proposed bank and its owners. In respect of the size and nature of the business and the ability to operate prudently, the RBNZ looks at whether the level of capital is adequate for the proposed business, loan concentrations and risk exposures, separation of the bank from the other interests of the owners, internal controls and accounting systems, risk management systems and policies, and outsourcing. Any characteristic of an applicant’s proposed legal, managerial, operational, and ownership structures that appeared likely to hinder effective supervision would need to be addressed by the applicant before the RBNZ would register the applicant. The RBNZ launched a consultation process that ended in August 2016 on its approach to the registration of foreign-owned banks that have a small, non-systemic, locally incorporated presence in New Zealand. The consultation proposes a way to assess whether these banks may be permitted to ‘dual-register,’ simultaneously operating a local branch alongside a subsidiary. EC5 The licensing authority identifies and determines the suitability of the bank’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. Description and findings re EC5 The RBNZ Act requires that RBNZ take into account the standing of the owners of the applicant in the financial market (see section 73(2): In determining an application under section 70, the bank must have regard to all of the following: … (f) the standing of the owner of the applicant in the financial markets). This requirement is interpreted as

22 Therefore, shell banks shall not be licensed. (Reference document: BCBS paper on shell banks, January 2003).

NEW ZEALAND INTERNATIONAL MONETARY FUND 51 covering a wide range of matters in respect of the identity and nature of the owners, including the UBOs (ultimate beneficial owners) and others that may exert significant influence. The Statement of Principles states that the RBNZ will take into consideration any impediments to the raising of further capital which arise as a result of the identity and nature of the owners. EC6 A minimum initial capital amount is stipulated for all banks. Description and findings re EC6 Standard conditions of registration imposed on every newly registered bank require that the bank must have a minimum capital amount of NZ$30 million (see Statement of Principles (BS1) – Appendix 1). EC7 The licensing authority, at authorization, evaluates the bank’s proposed Board members and senior management as to expertise and integrity (fit-and-proper test), and any potential for conflicts of interest. The fit-and-proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgements that make a person unfit to uphold important positions in a bank.23 The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks. Description and findings re EC7 The RBNZ Act requires the RBNZ to assess the suitability for their positions of the directors and senior managers of applicants (see section 73 – In determining an application under section 70, the bank must have regard to all of the following: … (e) the suitability for their positions of the directors and senior managers of the applicant). The Handbook Document Review of Suitability of Bank Directors and Senior Managers (BS10) makes publically available the supervisory expectations, which include criteria (i) and (ii) mentioned in EC7. The RBNZ uses a template form for doing this assessment. Practice of the assessment of suitability was illustrated with a recent example. EC8 The licensing authority reviews the proposed strategic and operating plans of the bank. This includes determining that an appropriate system of corporate governance, risk management, and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the bank.24 Description and findings re EC8 Section 78(1) of the RBNZ Act, on carrying on business in a prudent manner, requires the RBNZ to consider an applicant’s: internal controls and accounting systems or proposed internal controls and accounting systems; risk management systems and policies or proposed risk management systems and policies; and, arrangements for any business, or functions relating to any business, of the applicant or registered bank to be carried on by any person other than the applicant or the registered bank. Internal controls related to

23 Please refer to Principle 14, Essential Criterion 8. 24 Please refer to Principle 29.

NEW ZEALAND 52 INTERNATIONAL MONETARY FUND the detection and prevention of criminal activities are not explicitly included in the Act. Current supervisory practice is discussed in CP29 below. Registration applicants are required to supply the RBNZ with their proposed strategic and operating plans, which are reviewed by the RBNZ to assess whether they are appropriate given the size and nature of the applicant’s proposed activities. (See Application for status as a registered bank: Material to be provided to the RBNZ (BS3).) EC9 The licensing authority reviews pro forma financial statements and projections of the proposed bank. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan as well as financial information on the principal shareholders of the bank. Description and findings re EC9 Registration applicants are required to provide pro-forma financial statements and 3-year financial projections of the proposed bank. These are assessed by the RBNZ to determine whether they are realistic and if the proposed bank is expected to have sufficient financial and other resources available to carry out its strategic plan. The RBNZ Act, section 73(2), requires the RBNZ to have regard to the standing of the owner of the applicant in the financial markets. Financial information in respect of the applicant’s shareholder is required to be supplied and is assessed by the RBNZ, see: Application for status as a registered bank: Material to be provided to the RBNZ (BS3), Statement of Principles – section C(I), bank registration, business of the applicant. EC10 In the case of foreign banks establishing a branch or subsidiary, before issuing a license, the host supervisor establishes that no objection (or a statement of no objection) from the home supervisor has been received. For cross-border banking operations in its country, the host supervisor determines whether the home supervisor practices global consolidated supervision. Description and findings re EC10 The RBNZ always seeks the views of the home supervisor, confirming the home supervisor is aware of the application and has no objection, before granting a registration. When an applicant is either an overseas bank or a subsidiary of an overseas bank, the licensing criteria set out in the RBNZ Act, sections 73A and 73B, require the RBNZ to have regard to the licensing and supervision of the overseas bank. Global consolidated supervision is expected to be applied by the home supervisor. Standard conditions of registration applied to branches of overseas banks require that the parent bank complies with the capital adequacy requirements as administered by the supervisory authority in the bank’s home jurisdiction. See Statement of Principles (BS1) – section C(VII) and Appendix 1: “Where the applicant is a subsidiary or branch of an overseas bank, the RBNZ will seek the views of the parent supervisor before determining the application for registration.” EC11 The licensing authority or supervisor has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the license approval are being met.

NEW ZEALAND INTERNATIONAL MONETARY FUND 53 Description and findings re EC11 Following registration, banks immediately become subject to full ongoing supervision, disclosure, and prudential reporting requirements. This supervision includes monitoring of banks’ performance, and compliance with conditions of registration and all regulatory requirements. Recent new entrants into the industry have been of no systemic importance, which has simplified the initial monitoring by the RBNZ. Based on this, there are no policies and processes to monitor the progress of new entrants in meeting their business and strategic goals. Assessment of Principle 5 Compliant Comments The RBNZ Act identifies the RBNZ as the bank licensing (or “registration”) authority and sets out the criteria the RBNZ must use when determining an application for registration. The RBNZ has published the principles it uses in applying those criteria. The RBNZ can reject applications for establishments that do not meet the criteria. The criteria the RBNZ must use in making registration decisions are set out in the RBNZ Act. These criteria are consistent with those applied in ongoing supervision. Where the proposed owner or parent organization is a foreign bank, the prior consent of its home supervisor is obtained. Subject to the above, the RBNZ has the policy to keep, to a minimum, impediments to the entry of new registered banks in order to encourage competition in the banking system. In practice, the registration process is highly demanding, as is common practice in most jurisdictions, and prudential safeguards disincentivize the number of new players. Principle 6 Transfer of significant ownership. The supervisor has the power to review, reject, and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. Essential criteria EC1 Laws or regulations contain clear definitions of “significant ownership” and “controlling interest.” Description and findings re EC1 The RBNZ Act defines the term “significant influence” which covers significant ownership and controlling interest. Section 2 (1) of the RBNZ Act defines “significant influence” as “the ability to directly or indirectly appoint 25 percent or more of the Board of directors… of the registered bank; or a direct or indirect qualifying interest in 10 percent or more of the voting securities…” (“Qualifying interest” and “voting securities” are separately defined in section 2.) EC2 There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. Description and findings re EC2 The RBNZ Act—section 77A, on changes of ownership—requires a person to obtain the written consent of the RBNZ if that person wishes to acquire or increase a significant influence. RBNZ staff provided to the assessors one illustrative example of such a consent.

NEW ZEALAND 54 INTERNATIONAL MONETARY FUND The RBNZ sets out in a policy document, Application for consent to acquire or increase significant influence over a registered bank: Material to be provided to the RBNZ (BS9), the material that must be provided with an application for consent to acquire or increase a significant influence. See, Application for consent to acquire or increase significant influence over a registered bank: Material to be provided to the RBNZ (BS9). EC3 The supervisor has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing banks. If the supervisor determines that the change in significant ownership was based on false information, the supervisor has the power to reject, modify or reverse the change in significant ownership. Description and findings re EC3 The RBNZ Act allows the RBNZ to reject an application for a change in, or acquisition of, a significant influence, as no such change may occur without the consent of RBNZ. The RBNZ may vary or revoke any previous consent given (see Section 77A – Change of ownership: (3) The Bank may, at any time, by notice in writing, vary or revoke, (a) a consent given under this section…). The RBNZ policy document, Application for consent to acquire or increase significant influence over a registered bank: Material to be provided to the RBNZ (BS9), states that the RBNZ’s assessment of any application to change or acquire a significant influence in respect of a registered bank will be assessed having regard to the matters specified in the RBNZ Act for the purposes of assessing registration applications. In particular, BS9 requires that applications for a change or acquisition of a significant influence be assessed having regard to: (i) incorporation and ownership structure; (ii) size of business; (iii) ability to carry on business in a prudent manner; (iv) standing of the licensed bank; (v) suitability of the directors and senior managers; and (vi) overseas banking laws and regulatory requirements (if appropriate). EC4 The supervisor obtains from banks, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. Description and findings re EC4 The ownership of all New Zealand incorporated registered banks is public information. Ownership information on New Zealand registered companies is included in the Companies Register website maintained by the MBIE (see: https://www.business.govt.nz/companies/). Currently, ownership structures of New Zealand incorporated banks are simple. In addition, the RBNZ has the power to obtain ownership information under section 93(1)(a) of the RBNZ Act, on the supply of information by registered banks for purposes of prudential supervision. This power is used at times to obtain more detailed information than that included on the Companies Register; e.g., in the case of publically-listed registered banks.

NEW ZEALAND INTERNATIONAL MONETARY FUND 55 EC5 The supervisor has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisor. Description and findings re EC5 The RBNZ Act explicitly states that any contract or transfer of ownership made without the written consent of the RBNZ is not invalidated, hence there is no direct power to reverse an acquisition (Section 77B – Effect of section 77A on contracts, etc.: “Nothing in section 77A invalidates any contract, or transfer of ownership, made without the consent of the Bank”). However, it is an offence by the person acquiring or increasing a significant influence not to comply with section 77A, and that person could be prosecuted for non-compliance. In addition, the RBNZ could deal with any negative impacts of an acquisition made without consent by imposing on the bank conditions of registration. The RBNZ could also, with the MoF’s consent, give directions to the bank if the criteria set out in section 113 are met. These powers give the RBNZ the ability to mitigate or eliminate any negative impacts of an acquisition that did not receive previous consent. EC6 Laws or regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. Description and findings re EC6 No such requirement formally exists. However, the RBNZ expects to be so notified, and understands that banks are aware of this. Assessment of principle 6 Compliant Comments The RBNZ Act defines the term “significant influence” which covers significant ownership and controlling interest. It requires that the RBNZ’s approval must be obtained prior to any change of significant influence. When assessing an application for approval of a change of significant influence the RBNZ applies the same criteria as those used for registration. New Zealand law and regulation diverge in some elements from the requirements of EC5 and EC6. It does not provide that unauthorized changes in ownership may be reversed or that banks must notify the RBNZ when they become aware of adverse information concerning major shareholders. However, in practice, the nature of the New Zealand banking system means that the risks of EC5 or EC6 events occurring without the knowledge of the RBNZ are not material. This is because the number of registered banks is small and ownership structures in general are very simple and publically disclosed. It is unlikely that any proposed change of ownership, or change in the circumstances of the owners, would be unknown to the RBNZ. The powers available to the RBNZ would be sufficient to deal with any attempt to change a bank’s ownership without consent, which should dissuade any such attempt. In any case, these are theoretical scenarios that the RBNZ indicates have never happened by the time of this assessment.

NEW ZEALAND 56 INTERNATIONAL MONETARY FUND Transfer of significant ownership happens very infrequently in New Zealand, both because of the ownership concentration of most of the registered banks in single banking groups and the limited number of institutions. Full compliance with this Principle is based on the conditions at the time of this assessment and will need to be revised in future assessments. Principle 7 Major acquisitions. The supervisor has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. Essential criteria EC1 Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the bank’s capital. Description and findings re EC1 Standard conditions of registration (which have the status of a regulation) imposed on registered banks by the RBNZ require that banks obtain the consent for any “qualifying acquisition or business combination,” defined in the policy document Significant Acquisitions Policy (BS15) as being where the consideration is 25 percent or more of the banking group’s Tier 1 capital or the value of assets acquired is 25 percent or more of the banking group’s total assets. Acquisitions between 15 percent and 25 percent of these thresholds must be notified to the RBNZ. See Statement of Principles (BS1) – Appendix 1, and Significant Acquisitions Policy (BS15) – section C. EC2 Laws or regulations provide criteria by which to judge individual proposals. Description and findings re EC2 The Handbook document: Significant Acquisitions Policy (BS15) sets out the criteria which are to be used to judge individual proposals (see Significant Acquisitions Policy (BS15) – section E). It refers to topics such as capital adequacy, risk management, internal controls, etc., after acquisition. The RBNZ provided an example of notification that illustrates staff analysis and conclusions re raising any material prudential supervisory concerns in terms of BS15. EC3 Consistent with the licensing requirements, among the objective criteria that the supervisor uses are that any new acquisitions and investments do not expose the bank to undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.25 The supervisor can prohibit banks from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows

25 In the case of major acquisitions, this determination may take into account whether the acquisition or investment creates obstacles to the orderly resolution of the bank.

NEW ZEALAND INTERNATIONAL MONETARY FUND 57 deemed necessary for adequate consolidated supervision. The supervisor takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. Description and findings re EC3 The RBNZ, in assessing any new acquisition or investment that meets the non-objection threshold, can take into account any of the criteria that apply to registration decisions (see the RBNZ Act – sections 73, 73A, 73B, and 78, Significant Acquisitions Policy (BS15) – section E). Where cross-border acquisitions are proposed the RBNZ can also take into account the laws and regulations, disclosure, accounting and auditing standards, and supervision in host countries. However, banks incorporated and registered in New Zealand are either subsidiaries of major international banks, or small entities focused on operating in New Zealand. No bank incorporated and registered in New Zealand has any cross-border operations (other than wholly-owned funding subsidiaries borrowing in international capital markets). EC4 The supervisor determines that the bank has, from the outset, adequate financial, managerial, and organizational resources to handle the acquisition/investment. Description and findings re EC4 In assessing an application for an acquisition or investment that meets the non-objection threshold, the RBNZ seeks to assess whether the acquiring bank has adequate financial management and organizational resources to handle the acquisition/investment. EC5 The supervisor is aware of the risks that nonbanking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisor considers the ability of the bank to manage these risks prior to permitting investment in nonbanking activities. Description and findings re EC5 As discussed in CP4, on licensing criteria, banks are not permitted to have any material non-financial activities. Materiality would follow general accounting principles. This condition of registration would apply to any post-acquisition situation, so prevents a bank making an acquisition or investment that would introduce any material non￾financial activities (see the Statement of Principles (BS1) – Appendix 1: “Conditions of registration:…(2) That the banking group does not conduct any nonfinancial activities that in aggregate are material relative to its total activities…”. On nonbank financial activities, in general, consolidated supervision of financial conglomerates by the RBNZ would need to be further strengthened, as discussed in CP12. However, at the moment of the assessment, major acquisition of nonbank financial activities is very limited. AC1 The supervisor reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the bank to any undue risks or hinder effective supervision. The supervisor also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future. Where necessary, the supervisor is able to effectively address the risks to the bank arising from such acquisitions or investments. Description and findings re AC1 Under the Significant Acquisitions Policy (BS15), all New Zealand-incorporated banks are subject to a standard condition of registration that applies to any qualifying acquisition

NEW ZEALAND 58 INTERNATIONAL MONETARY FUND or business combination that is intended to be carried out by a “member of the banking group”—i.e., the registered bank itself and all of its subsidiaries (i.e., downward subconsolidation, see CP12). This does not include nonbank sister companies, which may for instance be subsidiaries incorporated in New Zealand of the ultimate holding company of the registered bank. Nevertheless, the RBNZ is not aware of any examples of significant acquisitions that have been carried out by sister companies of registered banks since the policy was implemented (December 2011), although this cannot be ascertained since the notification requirement does not apply. In the case of a dual-registered bank, any business acquired in this way would become part of the New Zealand branch of the overseas bank (i.e., the whole New Zealand geography). Similarly, the RBNZ has not received any applications for non-objection (or even a notification) from a subsidiary member of a registered bank. If they were to receive a request for non-objection from a subsidiary, the process described in this Principle and supported by BS15 would still apply. Assessment of Principle 7 Compliant Comments The RBNZ has the power to approve and impose prudential conditions on major acquisitions or investments by a bank, against the prescribed criteria publically available in the Handbook. This also includes the establishment of cross-border operations. The RBNZ indicates that the New Zealand banking industry is not active in the kind of activities covered by this principle, which is also limited by legislation and supervisory approach. The RBNZ is confident that it would be able to reject or impose prudential conditions on major acquisitions that expose banks to undue risks or hinder effective supervision. Limitations in the RBNZ’s approach to consolidated supervision (as discussed in CP12) would also affect compliance with AC1, but the type of activity covered by AC1 is also immaterial at present. Full compliance with this Principle is based on the actual situation at the time of this assessment, and would need to be revised in future assessments if conditions changed. Principle 8 Supervisory approach. An effective system of banking supervision requires the supervisor to develop and maintain a forward-looking assessment of the risk profile of individual banks and banking groups, proportionate to their systemic importance; identify, assess, and address risks emanating from banks and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve banks in an orderly manner if they become non-viable. Essential criteria EC1 The supervisor uses a methodology for determining and assessing on an ongoing basis the nature, impact, and scope of the risks:

NEW ZEALAND INTERNATIONAL MONETARY FUND 59 (a) which banks or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which banks or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of banks, and permits relevant comparisons between banks. The frequency and intensity of supervision of banks and banking groups reflect the outcome of this analysis. Description and findings re EC1 The RBNZ uses a methodology for determining and assessing on an ongoing basis the nature, impact, and scope of banking risks. PRESS is the RBNZ’s risk-based supervision tool to identify the 10 key current and potential areas of risk. In the PRESS assessment process, supervisory concerns regarding weaknesses evident under each risk category, after consideration of the effectiveness of mitigants in place, are combined into a net risk score using a scale of 1 (low) to 5 (high) probability for each risk category. The agreed timeframe for forward-looking probability assessments is six months from the date of the report, although analysts will also note medium- to long-term risk factors in the PRESS reports. The 10 key risk categories in the PRESS probability score process fall into three groups: Business and strategic risks  Credit risk: assessment of current asset quality metrics, assessment of current credit risk policies.  Liquidity risk: review of current liquidity returns; current funding position.  Operational risk: arising from execution of bank’s business functions (e.g., legal, physical, and environmental); monitoring of Basel II accreditation terms and conditions, operational risks emerging from breakdowns in internal controls, and weaknesses in AML/CFT processes.  Market risks: currency risk, interest rate risk, and equity risk positions.  Strategic risks: business model risk, other material, and reputational risks that the bank may be exposed to in terms of overall risks to NZ financial stability. Financial soundness risks  Capital position: capital adequacy, levels of regulatory capital, capital ratios, assessment of capital management policies.  Profitability: current profitability and potential outlook going forward.  Parent position: including parent’s credit rating; likely level of parental support/any parental guarantee.

NEW ZEALAND 60 INTERNATIONAL MONETARY FUND Controls  Internal controls: internal policies and controls, procedures and processes; risk management (e.g., three lines of defense), audit and compliance (including with respect to Outsourcing, OBR and other RBNZ policies).  Corporate governance: corporate organization and management, reporting lines, relationship with Group, Board composition, ‘mind and management’ in New Zealand, cultural attitude, relationship with regulators. PRESS incorporates both probability (the likelihood of the particular event occurring) and impact (the potential harm that an individual bank could cause to the financial system). Probability and impact are both measured on a scale of 1 to 5, with 5 being the highest available probability and impact score respectively. The impact assessment scale includes consideration of relative size of the bank’s business (measured by market share of assets), with judgemental overlays to factor in regional or sectoral risk concentrations and other other systemic considerations such as payments system activity. The large, systemically important banking groups have an impact score of 5 while at the other end of the scale, small branches and subsidiaries of foreign banks have an impact score of 1. An overall average risk probability score is generated for the bank from the probability scores in the 10 key risk areas. For each bank, the overall average risk probability score is multiplied by the impact score (product is a maximum of 25) to determine the supervisory respone, ranging from ‘business as usual’ (score of 1 to 9); ‘increased surveillance’ (score of 10 to 14); to ‘regulatory response’ (score of 15 to 20); or ‘crisis management’ (score of 21 to 25). Escalation to ‘regulatory response,’ for example may be to target supervisory action in respect of a particular risk or subset of risks, or at the upper end of the risk score, at more broad-based formal corrective actions. The banking system is currently sound and profitability has beens stable for the past 10 years. Supervisory action due to deteriorating PRESS scores has been taken where deemed appropriate (as shown in case studies provided to assessors) In addition to the PRESS process, the Banking Oversight team produces a Monthly Banking Oversight Report (MBOR) which brings together key risk indicators and compliance measures focusing primarily on the 10 largest locally incorporated banks. MBOR reports were reviewed by the assessors. The PRESS process does not have a separate risk assessment (probability) component to reflect the risk implications in relation to the resolvability of individual banks. The systemic implications of the resolvability of an individual bank are broadly incorporated into the impact assessment rating for that bank. Resolvability prepositioning

NEW ZEALAND INTERNATIONAL MONETARY FUND 61 requirements are in place through the RBNZ’s OBR Prepositioning Policy which applies to all New Zealand incorporated banks with retail deposits of $1 billion or more. Any compliance issues in relation to OBR prepositioning requirements would be incorporated into a bank’s PRESS review in respect of the Internal controls probability assessment, and in the conditions of registration compliance section. EC2 The supervisor has processes to understand the risk profile of banks and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each bank is based on the results of this analysis. Description and findings re EC2 Supervisory analysis, assessment, and reporting to RBNZ management on risks and controls in banks is primarily conducted through the PRESS review process on a risk-based frequency and intensity of analysis reflecting each bank’s impact score. The two bank-specific outputs are a full PRESS, and a PRESS summary report. A six-month full PRESS and PRESS summary for each quarter is required for the five largest (High impact) locally incorporated banks; an annual full PRESS and PRESS summary for each quarter is required for the five next largest (currently medium-impact) locally incorporated banks, and annual full PRESS only for the remaining (medium-low and low-impact) cross-border owned subsidiary and branch banks. The full PRESS reports for all banks include recommendations to the Banking Oversight management on future monitoring and engagement with each bank and key areas of supervisory focus for the coming year. In addition to the quarterly and annual PRESS report process, changes in individual banks’ risks and regulatory compliance are identified by supervisors between reporting dates and escalated to supervision management for decision and action in terms of immediate regulatory action. A review of completed annual PRESS reports was conducted by the assessors. The PRESS process includes a supervisor-level peer review and process each quarter for all supervision analysts to be informed of, and to compare and contrast emerging risk factors across the 10 largest locally incorporated banks; e.g., that may have wider implications either for other banks or systemic. The comparisons of individual bank risk probability scores ensure relative consistency of ratings across the banks. The PRESS summaries for these banks are reported to supervision functional management each quarter, and to Governors as a six-month summary report and for regular briefings. The PRESS probability risk ranking criteria and impact scale are reviewed approximately every two years or earlier if new entities or new emerging risks need to be factored into the criteria. A consolidated summary of bank issues is prepared outlining material issues, regulatory breaches in the past 12 months and key areas of concern/monitoring for the next 12 months. EC3 The supervisor assesses banks’ and banking groups’ compliance with prudential regulations and other legal requirements.

NEW ZEALAND 62 INTERNATIONAL MONETARY FUND Description and findings re EC3 The RBNZ places significant emphasis on disclosure and governance. Directors are required to publicly attest in signed disclosure statements every quarter that:  the bank has complied with all conditions of registration that applied during the period covered by the disclosure statement; and  the bank had systems in place to monitor and control adequately the banking group’s material risks, including credit risk, concentration of credit risk, interest rate risk, currency risk, equity risk, liquidity risk, operational risk, and other business risks, and that those systems were being properly applied. Bank directors are personally liable under s89A of the RBNZ Act (as well as the corporate liability of the bank itself) if a bank publishes a disclosure statement required under s81 of the Act that is false or misleading (other than if the information was immaterial). The framework places strong incentives on bank directors and management to ensure there are effective systems in place to ensure regulatory compliance. The bank supervision analyst in turn provides a compliance attestation to the supervision team manager following a review of the quarterly bank disclosure statements following the Compliance check template form. The attestation follows the supervisory review of each bank’s disclosure quarterly statement and includes a positive assurance with respect to the specified information required to be disclosed by banks, that the bank’s disclosure statement:  materially contains the information required;  does not have any material errors or omissions; and  is materially in the form required by the relevant disclosure regulations, with exceptions and recommended actions, if any, noted for management attention. The specified information is: Directors’ statement; Auditor’s report; Credit rating; Conditions of registration; Financial statements; Notes or supplemental information pertaining to loans and advances; Deposits; Asset quality; Capital adequacy; Liquidity; Related party exposures; Concentration of credit risk; and Guarantee of liabilities. In addition, the bank supervisor provides a negative assurance each quarter, following review of the bank’s disclosure statement, that nothing has come to the supervisor’s attention that indicates that in relation to the disclosures in respect of all other information, they do not materially comply with requirements; with exceptions and recommended actions, if any, noted for management attention. Compliance with regulatory requirements which are the subject of prudential reporting to the RBNZ (e.g., monthly liquidity, LVR, and capital adequacy reports) will be monitored by analysts and reported in the PRESS process, the MBOR, and the prudential supervisor dashboard reports. Supervisors will also monitor regulatory compliance through review of

NEW ZEALAND INTERNATIONAL MONETARY FUND 63 internal bank reporting to Boards and Board Audit and Risk committees. The supervisor also includes a statement in the PRESS summary as to whether conditions of registration have been complied with during the quarter. EC4 The supervisor takes the macroeconomic environment into account in its risk assessment of banks and banking groups. The supervisor also takes into account cross-sectoral developments, for example in nonbank financial institutions, through frequent contact with their regulators. Description and findings re EC4 The two Banking Oversight teams in the RBNZ’s PSD are responsible for licensing and supervising banks, licensing, and regulation of NBDTs, and AML/CFT supervision of all reporting entities in those sub-sectors. Daily interaction between these teams and with the Insurance Oversight team (at both manager and supervisor level) and regular formal and informal meetings facilitate cross-team information flows on developments in each of those sectors and discussion of implications for other sub-sectors. The Banking Oversight teams have close working relationships with other departments of the RBNZ engaging with the financial sector:  Financial Markets Department (FMD) on domestic and foreign markets developments;  the Financial Services Group (FSG) on payments operations and incidents;  the Economics Department on broader developments in the monetary conditions domestic and global economy; and  the MFD on macroprudential issues and developments including participating in the senior management-level Macro Financial Committee (MFC), macroprudential policy initiatives, bank stress testing, financial institution and system data, and banking sector issues and developments, including in the context of reporting to RBNZ Board and senior management. PSD staff also contribute to aspects of the six-monthly FSR, which is produced out of MFD. A RBNZ (semi-formal) ‘supervisory college’ process has commenced for each of the large banking groups in New Zealand to bring together representatives from each of the PSD supervisory teams and the other relevant departments of the RBNZ to exchange information on supervisory, policy, and operational engagement with the respective banking groups. PSD meets regularly with representatives of supervisory and regulatory teams in the FMA on recent/emerging issues of common interest impacting on individual (bank and nonbank) financial institutions. A joint supervisory forum has been established at management level to exchange sector-wide and bank-specific information on a quarterly basis. Bank supervisors at the RBNZ and the FMA exchange information on an ad hoc basis and the supervisors ‘round-table’ process has been established to share information on individual banks taking retail deposits.

NEW ZEALAND 64 INTERNATIONAL MONETARY FUND Bank supervisors incorporate information from these sources into the risk-assessment in the PRESS process, the MBOR, and relevant briefings for senior management. Supervisors also draw on a range of public information sources from domestic and international media; subscription-based reports and daily updates from the three key bank rating agencies on individual banks, their parent groups and developments impacting on the home sovereign and banking system rating assessments. EC5 The supervisor, in conjunction with other relevant authorities, identifies, monitors, and assesses the build-up of risks, trends, and concentrations within and across the banking system as a whole. This includes, among other things, banks’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisor incorporates this analysis into its assessment of banks and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisor communicates any significant trends or emerging risks identified to banks and to other relevant authorities with responsibilities for financial system stability. Description and findings re EC5 The RBNZ is the single agency responsible for both bank licensing (registration) and supervision, and financial system stability. The key mechanisms for identifying, monitoring and assessing the system-wide build-up of risks, trends and concentrations are:  quarterly supervision team PRESS assessment review and discussions;  the MBOR to the FSO Committee (produced in Banking Oversight and shared with all supervisors, and with Governors and PSD management and other departments’ representatives on the committee);  the monthly ‘Financial Stability’ page of the Balanced Scorecard reported to the RBNZ’s Board and senior management; and  the work on emerging domestic and international financial sector risks (led by MFD) that also feeds into the six-monthly FSR. The MBOR reviews latest prudential statistical and compliance information, and emerging risks, providing a system-wide perspective as well as trends in the 10 largest locally incorporated banks. Developments in the following areas are reported by bank (and by industry sector where relevant):  impaired and past due assets, loan loss provisioning, and bank non-household loan watch lists;  loan portfolio growth;  high loan-to-value ratio (LVR) housing lending;  capital adequacy;  leverage ratio;  capital and senior debt issuance;

NEW ZEALAND INTERNATIONAL MONETARY FUND 65  liquidity mismatch and CFRs;  new debt issuance costs; and  profitability performance measures. MBOR reports were reviewed by the assessors. EC6 Drawing on information provided by the bank and other national supervisors, the supervisor, in conjunction with the resolution authority, assesses the bank’s resolvability where appropriate, having regard to the bank’s risk profile and systemic importance. When bank-specific barriers to orderly resolution are identified, the supervisor requires, where necessary, banks to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business. Description and findings re EC6 The RBNZ and Treasury have roles in resolution, and coordinate advice to the MoF in times of distress. The RBNZ Act (s113 to s156) provides the formal legislative framework for handling banks in the event of financial stress or failure. These crisis management powers are summarized in Part O of BS1. A hierarchy of supervisory responses is established to assist in timely resolution of bank distress including:  Where sufficient time is available, a corrective action plan is developed with the affected bank (an example was discussed with assessors with respect to a breach of capital ratio requirements, in Part H of BS1). Corrective action may be enforced by a variation to an existing condition of registration or by imposition of a new condition.  Activate the legislative powers (s101 to 104) of the RBNZ Act to carry out an investigation of a bank which meets the criteria in s113 of the Act, if appropriate, in order to make a recommendation to the MoF for consent to issue a direction from the RBNZ to a bank. The scope of direction powers may require the bank or associated person to take certain actions, or cease taking certain actions as directed, or to remove, replace, or appoint a director of the bank under s113B.  If the RBNZ concludes that is necessary to, having regard for with the purposes of s68, and the obligations in s68A of the RBNZ Act on trans-Tasman cooperation, the RBNZ may recommend to the MoF that they advise the Governor-General to declare that a bank, and/or any associated person of a bank, be placed in statutory management under a statutory manager.  The RBNZ OBR policy (BS17) provides a specific prepositioning requirement to assist the orderly resolution of locally incorporated banks with total retail deposits (i.e., deposits of less than $250,000) in excess of $1 billion. Those banks are required by condition of registration to have an up-to-date implementation plan that demonstrates the bank’s prepositioning for OBR to meet the requirements of BS17; to have a compendium of liabilities showing those which are to be prepositioned, or

NEW ZEALAND 66 INTERNATIONAL MONETARY FUND not, which is agreed to by the RBNZ; and to test the effectiveness of all parts of the bank’s OBR solution on an annual basis. The RBNZ has established policy requirements in circumstances where there are potential bank-specific barriers to orderly resolution. For example, the outsourcing policy (set out in policy document BS11) requires locally incorporated registered banks whose net external liabilities (other than to related parties) exceed $10 billion, to comply with the requirement to have legal and practical ability to control and execute core bank business functions that are carried on by another party, in the event of stress or the failure of the registered bank or the service provider. The intended effect is to enable clearing and settlement obligations to be met on the day of failure and thereafter; financial risk positions to be monitored and managed, and existing customers to be given access to payments facilities on the day following failure and subsequently. The outsourcing policy requirements are enforceable through conditions of registration, and will facilitate the effective operationalization of a statutory management of a large bank (of which there are currently five banks subject to the policy), whether or not OBR is used as part of the resolution process. Another example is the power under s123 of the RBNZ Act to ensure the effectiveness of the statutory management powers over a registered bank operating in New Zealand as a branch of a cross-border incorporated bank. This section provides a statutory manager with the power to incorporate (in New Zealand) the New Zealand (branch) operations and apply the full statutory management process as if the registered bank was previously a New Zealand incorporated entity. In a broader context, the RBNZ has set in train over a number of years, other policy initiatives to reinforce the effectiveness of bank resolution mechanisms, including: the local incorporation policy; and domestic payments pipeline initiatives, including increasing the proportion of ‘settlement before interchange’ payments processed early in the banking day, and enabling same-day cleared payments. EC7 The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner. Description and findings re EC7 The RBNZ has a range of powers and tools to deal with bank distress and failure. These can range from the power to give directions, placing a bank under statutory management, facilitating the bank’s re-capitalization or alternatively, its liquidation. However, the ability to take timely action may be affected by the following:  Monitoring of banks and corrective action are mainly based on results of bank operations or breach of requirements. The ability to take preventive action is affected by the lack of supervisory standards to support the use of supervisory judgment.  The issuance of directions on bank-specific issues requires MoF consent and this may delay the process or unintentionally discourage the use of the tool.

NEW ZEALAND INTERNATIONAL MONETARY FUND 67 The first stage in the process of addressing a material financial stress in a bank is to determine the extent and gravity of the problem by conducting a thorough and independent valuation of the bank’s assets and liabilities and to ascertain whether the problem is one of liquidity or solvency. Where applicable, the majority shareholders or parent financial institution would be approached to provide additional liquidity or capital if necessary; undertake financial and/or operational restructuring of the bank; e.g., by selling parts of the business; carving out impaired assets; disposing non-core and/or unviable parts of the business; replacing management; undertaking a rights offer; selling the bank to a third party investor; participating in a merger with other entities; and other possible courses of action which do not require explicit assistance from the RBNZ or the Crown. The triggers for putting a bank under statutory management are similar to the basis for issuing directions to a bank. However, when a bank is put under statutory management, control transfers from the owners and directors of the bank to the statutory manager. The initial impact of placing a bank under statutory management is the suspension of creditors’ claims against the failed bank. This moratorium is tantamount to the termination, of the business of the bank, albeit temporarily in certain situations such as when the RBNZ’s OBR policy framework is applied. The pre-positioning of the OBR functionality for New Zealand incorporated banks with retail deposits in excess of $1 billion would make it possible for a failed bank to re-open the next business day after closure. The OBR policy supports the objective of avoiding significant damage to the financial system arising from a bank failure. OBR achieves this by providing the government with options to help manage fiscal risks and minimize spill-over effects to the rest of the economy by maintaining depositors/creditors’ access to a portion of their funds. In the process, OBR strengthens the incentives faced by depositors/creditors and parent groups. Under the OBR, a distressed bank is closed overnight and placed into statutory management. This decision is made by the MoF on a recommendation from the RBNZ. Upon reopening the following day, a portion of the bank’s creditors' (including depositors’) funds are frozen to cover anticipated losses. Access to the remaining funds and other critical banking services would be made available from the next business day, and the government would provide an explicit guarantee on the unfrozen portion of creditors’ funds to minimize the risk of a mass withdrawal of funds by depositors (a bank run). The government also guarantees all subsequent obligations entered into by the statutory manager. This process would allow the bank to continue playing its role in the financial system and thereby minimize disruption to critical functions such as the payment and settlement system. The full assessment of the condition of the bank and the identification of an appropriate long-term solution are likely to take weeks or months to work through.

NEW ZEALAND 68 INTERNATIONAL MONETARY FUND Additional frozen funds may be periodically released to depositors during this time, to the extent that it becomes clear that they will not be required to cover the estimated losses of the bank. EC8 Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisor becomes aware of banks restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. Description and findings re EC8 The RBNZ PSD is the licensing authority and regulator for NBDTs under the NBDT Act 2013, and licensing authority, regulator, and supervisor of insurance entities under the Insurance (Prudential Supervision) Act 2010. Information is exchanged with the other teams in PSD on any boundary issues that may be identified across these sectors. The RBNZ monitors publicly-available information sources regarding potential new NBDTs, and liaises with the trustee companies designated as prudential supervisors under the NBDT Act, and with the FMA, with respect to deposit-taking entities that may be changing the nature of their business. The RBNZ notifies the FMA of entities that may fall within the ambit of the Financial Markets Conduct Act 2013 (e.g., potential issuers of debt securities) or may otherwise be providing financial services in New Zealand and be required to register on the Financial Service Providers Register under the Financial Service Providers (Registration and Dispute Resolution) Act 2008. The RBNZ actively pursues any entities that it becomes aware of that may be breaching the requirements of Part 4 of the RBNZ Act in respect of the use of the word ‘bank’ or any of its derivatives in its name or title, and will place public warnings about such entities on its website where appropriate. Assessment of Principle 8 Materially Noncompliant Comments The RBNZ has an off-site risk assessment framework (PRESS) which assists supervisors in identifying and assessing existing and emerging risks in banks, and establishing supervisory action plans in response to material concerns. The RBNZ places significant emphasis on directors attesting in their disclosure statements that the bank is in compliance with registration conditions and that the bank had systems in place to monitor and control adequately the banking group’s material risks. The RBNZ has issued limited guidance to outline its supervisory expectations as to what constitutes an adequate system to monitor and control risk. Not having issued these standards may result in directors attesting based on systems that may not meet best practices, and may raise concerns about whether banks are following prudent practices. Establishing a supervisory baseline would facilitate imposing corrective action for inadequate or misleading attestations and would also enhance supervisory comfort on the comparability of attestations across banks. The RBNZ wants banks to tailor their systems to reflect their individual profiles and that objective need not conflict with establishing a baseline for supervisory expectations.

NEW ZEALAND INTERNATIONAL MONETARY FUND 69 The RBNZ has developed high level internal guidance for performing the PRESS analysis. The guidance includes a listing of issues to consider in analyzing risks and also factors that may mitigate the risk. Guidance on how to analyze the risk or how to factor in the mitigants is limited. In producing the risk report the analyst is not required to document in work papers the analysis of the risk or the mitigants. In a supervisor’s PRESS report, the operating assumption is that if it is silent on an issue it is because the bank has met all requirements. The RBNZ has a broad range of authority to effect corrective action. However, issues are addressed early on, and there has not been any need to issue directions to require correction. The ability to issue directions on a forward-looking basis to address possible future issues would be enhanced by issuing enforceable guidelines establishing supervisory expectations for “prudent” banking business in support of s78 of the RBNZ Act. As currently implemented, most corrective actions are reactive to identified breaches of requirements. The RBNZ has implemented an off-site system of analysis to review and rate individual bank risk, based primarily on bank provided reports. Prudential reports have been increasingly used since 2008 and have been expanded in 2016. Although the process is adequate, the analysis to support the ratings and conclusions is not well documented and the information on which it is based is not tested on-site. Additionally, the lack of regulatory standards raises concerns about comparability across banks and the adequacy of the risk management to which directors are attesting. Increasingly, thematic reviews are being used, which will enhance horizontal analysis and risk identification. The PRESS reports provided to RBNZ management contain summary charts and graphs and highlight balance sheet changes. Results of the PRESS report are not communicated to the banks. But significant findings are discussed at the annual bank visitation. Principle 9 Supervisory techniques and tools. The supervisor uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of banks. Essential criteria EC1 The supervisor employs an appropriate mix of on-site26 and off-site27 supervision to evaluate the condition of banks and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular

26 On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at banks, determine that information reported by banks is reliable, obtain additional information on the bank and its related companies needed for the assessment of the condition of the bank, monitor the bank’s follow-up on supervisory concerns, etc. 27 Off-site work is used as a tool to regularly review and analyze the financial condition of banks, follow up on matters requiring further attention, identify and evaluate developing risks and help identify the priorities, scope of further off-site and on-site work, etc.

NEW ZEALAND 70 INTERNATIONAL MONETARY FUND conditions and circumstances of the country and the bank. The supervisor regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach, as needed. Description and findings re EC1 The supervisory regime relies on three pillars: market discipline, self-discipline and regulatory discipline. The regime emphasizes self-discipline (including effective risk-based governance) and market discipline (including the public disclosure framework). Regulatory discipline (intrusion and guidance) is limited compared to the BCP requirements. The RBNZ has increased its emphasis on regulatory discipline in recent years. The supervision activity is mainly off-site with limited on-site testing and verification. Testing is limited to requiring additional information but does not routinely involve review of source documents and files. The RBNZ’s supervisory approach includes regular prudential meetings with banks’ senior management, independent directors and Board chairpersons, prioritized on the basis of risk, and primarily focused on the 10 largest banks. Much of the supervisory engagement with banks is on-site, including thematic reviews and detailed discussions in the course of prudential thematic reviews. The RBNZ does not conduct on-site inspections for the purpose of validating banks' risk-management systems and regulatory compliance, and in general avoids imposing detailed, prescriptive rules regarding banks' risk-management practices. If the RBNZ considers on-site verification is necessary it may, based on s95 of the RBNZ Act, require a report by a suitably qualified person (such as an auditor or other technical expert) approved by the RBNZ on a bank’s corporate, financial, or prudential matters or on any other matters relating to the business, operation, or management of the bank. The S95 option has not been utilized in the past three years but has been used in the past. The RBNZ also participates as an observer in on-site review visits that APRA conducts on the four Australian-owned subsidiary banks as part of its supervision of the consolidated operations of the parent banking groups. As an observer, the RBNZ participates in all meetings conducted by APRA with the New Zealand bank, has access to all the information obtained by APRA; receives copies of APRA’s correspondence, report findings and recommended/required actions; and monitors the outcomes through the follow-up responses from the New Zealand bank or parent group to APRA. The review visits may be narrowly focused or cover a wide scope of the respective bank’s operations. APRA may for example routinely conduct a review focused on Credit risk; Operational risk; Information Technology; Capital models or Market Risk, or on some combination of these areas. APRA tends to conduct an on-site review on each of these banks roughly every two years on average, targeting the most relevant risk areas for the bank concerned at that time. In most cases, APRA provides the RBNZ an opportunity to propose additions or modifications to the scope/agenda of the on-site review before finalization, having regard for any RBNZ supervisory concerns. Participating in APRA’s review process enables RBNZ supervisors of the four largest banks in the system to extend their knowledge and understanding of the respective New Zealand banks and their risk profiles, and benefit

NEW ZEALAND INTERNATIONAL MONETARY FUND 71 from a third-party perspective in the assessment of the key risks in the banks. APRA conducts targeted on-site reviews in New Zealand on a 12- to 24-month cycle based on risk. The RBNZ adopts a risk-based approach to the scope and intensity of its off-site supervision consistent with the outcomes of the PRESS assessments. The highest intensity of base-line supervision effort is dedicated to the five largest banks (which have High scores for Impact on financial system stability in the event of failure), with progressively reducing levels of supervision intensity for the remaining four categories (i.e., medium￾high-, medium-, medium-low, and low-impact) of banks. Each bank’s probability score is then factored in, to adjust the supervisory scope compared with peer banks. Annually, the RBNZ reviews and updates the supervisory focus, bank risk reporting requirements, and bank engagement program for the coming year. Thematic review priorities are set, based on emerging risks, or aspects of banks’ operations and compliance for which the RBNZ considers further review and analysis is warranted. Priorities for increased supervisory focus may be reviewed and revised during the course of the year depending on trends in risks or areas of supervisory concern, and made the subject of ad hoc information requests, monitoring and analysis, and supervisory response. EC2 The supervisor has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives, and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. Description and findings re EC2 The frequency and intensity of off-site bank supervision engagement, reporting of information requested for prudential purposes, PRESS-risk assessments and compliance checks is predetermined based on a risk assessment of each bank. The supervisory scope of responsibilities and procedures are set out in the Banking Oversight Procedures Manual. Supervisory teams work side by side; and hold meetings on common issues; regular joint supervisor team meetings; and quarterly PRESS discussion and peer review sessions assist in coordination, consistency and information sharing among supervisors. On-site activities are primarily visits to discuss issues identified through off-site analysis and do not involve testing and verification. Thematic reviews are conducted when systemic risks are identified, and involve the use of questionnaires and increased information requests to get a horizontal view. The RBNZ also utilizes Theme Days which focus on developing a baseline across banks on compliance with RBNZ requirements in specific risk areas. EC3 The supervisor uses a variety of information to regularly review and assess the safety and soundness of banks, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information, such as prudential reports, statistical returns, information on a bank’s related entities, and publicly available

NEW ZEALAND 72 INTERNATIONAL MONETARY FUND information. The supervisor determines that information provided by banks is reliable28 and obtains, as necessary, additional information on the banks and their related entities. Description and findings re EC3 The RBNZ obtains a wide range of information for prudential monitoring and analysis of banks’ financial condition and risks:  a standard set of confidential monthly returns on capital adequacy, balance sheet and sectoral lending information;  income statements, asset quality, and liquidity;  other returns such as LVR commitments data for compliance and risk monitoring purposes;  copies of selected regular reports to the Board, Board Audit and Risk Committees and senior executive management meetings of the 10 largest locally incorporated banks;  external credit rating agency assessments and reports;  structured information requests to inform the RBNZ thematic reviews of bank risks; copies of information requested by foreign banking supervisory authorities; and  ad hoc reports and information requests from all registered banks on other prudential matters as necessary. The RBNZ also uses quarterly published disclosure information published by each bank, with more detailed disclosure requirements applying for semi-annual and annual balance dates. Disclosure statements are required to include a wide range of financial and prudential information, including information related to on and off-balance sheet assets and liabilities, income statement (profit and loss), capital adequacy, liquidity, large exposures (by number of exposures in defined categories, in bands of 5 percent of equity), risk concentrations (including by economic sector and geography), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk. The RBNZ requires external audit review of six-month and annual financial statements and of specified prudential disclosure statement information. Additional publicly available information on prudential matters and on the financial condition of parent banks is also reviewed by supervisors for cross-border owned banks and cross-border incorporated (branch) banks as part of the PRESS assessment process. Reflecting the RBNZ’s relationship-based approach to engagement with banks, there is a significant flow of information from banks in the course of, or following formal meetings with banks, and likewise through informal or one-off meetings; e.g., on new business developments or emerging risks, plus ad hoc queries initiated by the supervisors. EC4 The supervisor uses a variety of tools to regularly review and assess the safety and soundness of banks and the banking system, such as:

28 Please refer to Principle 10.

NEW ZEALAND INTERNATIONAL MONETARY FUND 73 (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the bank; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisor communicates its findings to the bank as appropriate and requires the bank to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisor uses its analysis to determine follow-up work required, if any. Description and findings re EC4 Supervisory tools in regular use by the RBNZ include:  Financial analysis and reporting based on published disclosure statements. Supporting resources include bank monthly prudential dashboards of key indicators and standard graph packs.  Review of bank strategy for New Zealand operations, and key risks from management and Board reports of the 10 largest locally incorporated banks.  Monthly reporting of key risk and financial performance metrics across the 10 largest locally incorporated banks in the MBOR.  Obtaining and reviewing results of bank in-house stress tests (including those required under the ICAAP requirements and those required by APRA in respect of New Zealand subsidiaries of Australian banks), and commissioning RBNZ specified stress tests for the 10 largest locally incorporated banks.  PRESS risk evaluation and assessment incorporating all available risk information categories and assessment of each bank’s strategy, governance/management, internal controls, and parent support. The above processes form the primary source of regular information and analysis to determine the supervisory stance and supervisory response for each bank, which is in addition to any actions required in relation to a compliance event or new or emerging risk not identified from the above processes. EC5 The supervisor, in conjunction with other relevant authorities, seeks to identify, assess, and mitigate any emerging risks across banks and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual banks or system-wide). The supervisor communicates its findings as appropriate to either banks or the industry and requires banks to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisor uses its analysis to determine follow-up work required, if any. Description and findings re EC5 The RBNZ develops stress testing policy, designs stress scenarios, conducts exercises with banks, and undertakes analysis of outcomes. Stress-testing exercises are closely

NEW ZEALAND 74 INTERNATIONAL MONETARY FUND coordinated between the MFD and PSD, and monitored by the RBNZ’s senior-level committees. Banks are required to undertake rigorous, forward-looking stress-testing exercises using scenarios that identify plausible severe loss events or adverse changes in market conditions, and assess their impact on the bank’s capital adequacy as part of their ICAAP. The ICAAP is reviewed and updated regularly (for example annually or in response to changes in the bank’s business environment or other factors that materially affect its assumptions or methodology). The ICAAP is also required to be subject to periodic independent review to ensure its integrity, accuracy, and reasonableness, including the stress-testing process and analysis of assumptions and inputs. In conjunction with the 2014/15 bank supervision thematic review of ICAAP policies and practices, the RBNZ gathered information on the locally incorporated banks’ latest ICAAPs including details of the current techniques used by the major banks when producing stress-test results. Follow-up discussions with banks as part of the thematic review helped understand banks’ stress-testing approaches and capabilities. In 2014, in conjunction with APRA stress tests of the four major Australian banks, the RBNZ conducted stress tests of the four Australian-owned subsidiary banks. In addition to setting the New Zealand scenario and analyzing the New Zealand results, the RBNZ was the lead agency dealing with the New Zealand subsidiary banks. The RBNZ’s involvement in this joint stress test was greater than in the previous similar APRA/RBNZ exercise in 2011/12, where there were varying levels of engagement in the exercise by banks in New Zealand, with some banks electing to run the majority of the test out of their Australian head office. For the 2014 test, the RBNZ required banks to ensure greater local involvement in the exercise, including New Zealand bank board sign-off on the results. Supervisory engagement with banks followed the RBNZ’s analysis of the stress-test results. A separate stress-testing exercise was conducted with the five domestic (New Zealand owned banks) in April 2014, involving a scenario and template prepared by the RBNZ, which stressed the asset side of their balance sheet. The macroeconomic foundations of the test were modelled on an earlier APRA stress-testing exercise. For the domestically owned banks, a simplified version of the APRA test was employed. Information on default and loss rates was specified by the RBNZ, to ensure consistency in results, rather than banks having to calculate their losses independently. Feedback from banks on the process has provided valuable information that will be included in future iterations of domestic bank stress-testing, to improve the quality and increase the complexity of future tests. Feedback was provided by the RBNZ to each bank on key observations and learnings for the future. During the second half of 2015, the four major Australian-owned banks were required to conduct an APRA/RBNZ common downturn scenario ICAAP stress test. The banks were

NEW ZEALAND INTERNATIONAL MONETARY FUND 75 provided with a common scenario to use in that process for the current financial year as part of its regular ICAAP cycle. The use of a common scenario meant that results were more comparable across participating banks than other ICAAP stress tests. Also in the second half of 2015, the RBNZ requested that the five largest dairy sector lenders undertake stress tests of their dairy loan portfolios, providing an institutional level view of potential losses under similar scenarios. Commentary and analysis on the results of the 2015 dairy stress-testing exercise was published in March 2016. The RBNZ views stress-testing as an important component of a bank’s sound risk management framework, as well as a key input into the RBNZ’s identification of vulnerabilities in the financial system. As the agency responsible for both financial stability and bank prudential supervision, cross-department cooperation on stress-testing policy development, scenario design, conduct of exercises with banks, and analysis of outcomes and learnings is closely coordinated, and monitored by and reported to the RBNZ’s senior-level MFC. EC6 The supervisor evaluates the work of the bank’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk. Description and findings re EC6 The RBNZ does not issue formal guidance or requirements on the scope and effectiveness of a bank’s internal audit function. The primary obligation is on bank’s senior management and directors, with bank directors being required to publicly attest in quarterly disclosure statements as to whether each director believes, after due enquiry, that the registered bank had systems in place to monitor and control the material risks of the bank, and that those systems are being properly applied. The RBNZ receives and reviews copies of internal audit work programs/plans and progress reports and summaries of material adverse findings from the 10 largest locally incorporated banks, to gauge the scope and quality of the work of the internal auditors. Bank supervisors meet annually with these banks’ internal auditors to review and discuss the internal audit program and findings regarding first and second lines of defense. Bank supervisors also meet annually with the banks’ external auditors which includes a discussion of the resourcing, capability and independence of the bank’s internal audit function and the extent to which the external auditors are relying on the work of internal auditors. Annual prudential consultation meetings with bank CEOs, and meetings with bank chief risk officers also include internal audit issues and in cases where supervisory concerns are identified the RBNZ will refer those concerns back to the bank concerned to be addressed. EC7 The supervisor maintains sufficiently frequent contacts as appropriate with the bank’s Board, non-executive Board members, and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and assess matters such as strategy, group structure, corporate governance, performance,

NEW ZEALAND 76 INTERNATIONAL MONETARY FUND capital adequacy, liquidity, asset quality, risk management systems, and internal controls. Where necessary, the supervisor challenges the bank’s Board and senior management on the assumptions made in setting strategies and business models. Description and findings re EC7 The RBNZ has an annual formal engagement plan for New Zealand incorporated banks’ Boards and senior management representatives, which is communicated to the banks before the beginning of each calendar year. For the five largest New Zealand incorporated banks, that involves at least two meetings per annum held with each bank’s Board chairperson and (separately) with the CEO, plus a separate meeting with the independent directors on the Board (excluding the Board Chairman), joint meetings with the chief financial and chief risk officers, and annually, a more in-depth prudential consultation meeting with the CEO and key senior management team members. For smaller New Zealand incorporated banks, the number of these engagement meetings each year may be reduced on the basis of relative risk. Such meetings review the bank’s strategic plans, risk governance, and prudential indicators/risk metrics, etc. and inform the bank concerned about any supervisory issues the RBNZ has identified requiring management action. Additionally, meetings with business unit, Treasury, finance and risk divisional heads, and operations/IT senior management of the large banks are held as part of more detailed scrutiny of aspects of those banks’ business risks depending on the current areas of supervisory focus and the nature of thematic reviews and themed risk meetings during the year. Where appropriate, the RBNZ will follow-up in writing on management actions required. EC8 The supervisor communicates to the bank the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the bank’s management. The supervisor meets with the bank’s senior management and the Board to discuss the results of supervisory examinations and the external audits, as appropriate. The supervisor also meets separately with the bank’s independent Board members, as necessary. Description and findings re EC8 The RBNZ uses its regular engagement meetings (as described in EC7 above) to provide routine feedback on findings from its off-site monitoring and issues for supervisory attention. More material or urgent matters will be handled though one-off engagements, usually commencing with a teleconference, then followed up with face-to-face meeting and letter to ensure appropriate action is taken by a bank to address the RBNZ’s concerns. Feedback on findings from material supervisory reviews, or on emerging risks, will be provided to banks in writing in respect of individual institutions as well as in a systemic context. Examples include the housing and rural lending thematic reviews, the ICAAP review, the outsourcing stocktake, the stress-testing exercises conducted separately with large- and medium-sized New Zealand incorporated banks, and the 2015 dairy portfolio stress tests. EC9 The supervisor undertakes appropriate and timely follow-up to check that banks have addressed supervisory concerns or implemented requirements communicated to them.

NEW ZEALAND INTERNATIONAL MONETARY FUND 77 This includes early escalation to the appropriate level of the supervisory authority and to the bank’s Board if action points are not addressed in an adequate or timely manner. Description and findings re EC9 The RBNZ follows up to ensure effective resolution of matters of supervisory concern. In circumstances where a breach of regulatory requirements such as conditions of registration or disclosure obligations is involved, the Compliance Issues Register is used to record the concern, and action required, and is only closed out once there is formal confirmation of resolution of the issue. Such matters get escalated to the appropriate levels in bank senior management or the Board level (and to the parent bank and parent bank supervisor) as appropriate. Follow-up is also carried out in the subsequent engagement meetings with the bank’s senior management and directors, which may also cover findings from thematic reviews and emerging bank-specific or systemic risks. Based on cases reviewed by assessors, the process is timely and banks are prompt in their responses. EC10 The supervisor requires banks to notify it in advance of any substantive changes in their activities, structure and overall condition, or as soon as they become aware of any material adverse developments, including breach of legal or prudential requirements. Description and findings re EC10 Banks are expected to inform the RBNZ of any material events as soon as they become aware of them, including changes in business, structure, or financial condition, and about any breaches of legal or prudential requirements. However, there are no mandatory requirements to report such information at the present time. As part of the RBNZ’s 2015/2016 Regulatory Stocktake review, proposals are being consulted on, with banks, to make immediate reporting of identified regulatory breaches a mandatory requirement. EC11 The supervisor may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisor cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisor assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties. Description and findings re EC11 The RBNZ has powers available under s95 of the RBNZ Act to require reports to be prepared by suitably qualified experts on matters set out in terms of reference determined by the RBNZ and notified to a registered bank. The cost of such reports is borne by the bank concerned. This power has been used, for example, where the RBNZ is concerned about the potential implications of material and ongoing compliance failures by a bank, and could also be employed if there were concerns that some aspects of the business and affairs of the bank might not be being conducted in prudent manner, for example, where expert advice on remediation options was considered desirable. The findings of the s95 review would be presented to the bank’s Board and may be required to be published, under s95A, at the RBNZ’s discretion. The initial selection of a suitably qualified person or persons proposed to be engaged to prepare report would normally be made by the subject bank, but requires the approval of the RBNZ before the expert’s appointment takes effect. Use of this power is rare.

NEW ZEALAND 78 INTERNATIONAL MONETARY FUND EC12 The supervisor has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action. Description and findings re EC12 The RBNZ has a secure central Financial Sector Information System (FSIS) database for storing time series data including monthly prudential supervision returns, balance sheet, and income statement information and quarterly disclosure statement information from all registered banks. Reports available to bank supervisors include: a monthly-updated A3 size bank prudential dashboard which feeds into the PRESS process each quarter, and a summarized A4 version used for prudential briefings, etc.; the MBOR covering the 10 largest locally incorporated banks and system-wide data; and a quarterly tabular array of key comparative prudential data and graphs for the 10 largest locally incorporated banks to assist the quarterly PRESS ranking moderation discussions for those banks. Each of these reports includes ‘traffic light’ indicators for key prudential risk indicators and regulatory compliance requirements, to assist supervisors in identifying areas of prudential supervisory concern requiring follow-up. The quarterly disclosure compliance attestation to supervision managers in respect of each bank also identifies areas of compliance failures for follow-up. Additional criteria AC1 The supervisor has a framework for periodic independent review, for example by an internal audit function or third party assessor, of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. Description and findings re AC1 The RBNZ’s Risk Assessment and Assurance (Internal Audit) function performs independent audits of the bank supervision function approximately every two years. This assists the RBNZ to establish whether the bank supervision tools, techniques, and processes used are performing as intended and being consistently applied. Recommendations for additions or enhancements to bank supervision processes and controls are discussed with the bank supervision management and then provided to PSD senior management and Governors. Post-review implementation of audit review findings is monitored by senior management. Assessment of Principle 9 Materially Noncompliant Comments The RBNZ has established a broad range of supervisory tools and techniques to assess each bank’s financial condition, risk profile, and internal controls. It makes extensive use of market discipline, and self-discipline mechanisms to support the banking regulatory arrangements. The primary focus of supervisory review is through off-site supervision, but alternative tools are available to identify or verify issues of supervisory concern through the appointment of an external expert to prepare a report using a terms of reference determined by the RBNZ (under s95of the RBNZ Act). Bank supervisors also participate as observers in APRA on-site reviews for the four Australian owned subsidiary banks.

NEW ZEALAND INTERNATIONAL MONETARY FUND 79 The RBNZ has broad information gathering powers, and has access to quarterly public disclosure statements, monthly and quarterly prudential reporting, external sourced data including rating agency reports and banks’ internal management, and governance level risk reporting. Key regular prudential data and disclosure statement information are loaded into the secure central (FSIS) database, from which standard reports and ad hoc queries can be generated by bank supervisors. Supervisory expectations regarding robust self-discipline (risk-based governance) being exercised within banks are reinforced by regular engagement meetings that are held across the spectrum of banks’ Board and senior management, plus internal and external auditors, with the frequency and intensity proportionate to the relative risk of the respective banks (i.e., predominantly with the 10 largest New Zealand incorporated banks). Findings from supervisory analysis and review processes, bank stress-testing results, and thematic reviews all feed into supervisory action plans agreed with banking oversight management. Supervisory actions may be bank-specific or addressed to all affected banks as appropriate. The RBNZ uses external auditors to validate published disclosure statements including the prudential information they contain, and discusses the effectiveness of internal controls and management information reporting systems, etc., with both external and internal auditors. Any weaknesses identified are taken up with the bank concerned. More generally, there is an established escalation process within the RBNZ to ensure supervisory concerns are addressed at the appropriate level internally and with equivalent counterparts at the bank concerned. The RBNZ also uses its own internal audit function to review the banking oversight function from time to time. There are some aspects of the essential criteria for CP9 that are not fully consistent with New Zealand’s prudential supervisory framework which stresses the importance of self-discipline (effective risk-based governance) and market discipline (including quarterly disclosure and directors’ attestation requirements), in addition to regulatory requirements. For example:  The RBNZ does not conduct its own on-site inspections and only occasionally mandates the use of third party experts to review or validate bank’s compliance arrangements. In some instances, the RBNZ will encourage banks to voluntarily undertake third party expert reviews without requiring the use of formal legislative powers.  Discussions with banks’ senior management, Board chairs and independent directors will include supervisory feedback on bank strategies and business models, and on the results of thematic reviews or supervisor-mandated external expert reports where there are supervisory concerns, but there are no regular supervisory examinations to discuss or provide feedback on.

NEW ZEALAND 80 INTERNATIONAL MONETARY FUND  Banks are expected to, but are not formally required to notify the RBNZ of substantive changes in their activities, structure, or overall condition in a timely manner, including in relation to regulatory breaches.  RBNZ Internal audit reviews of banking oversight do not usually explicitly focus on the adequacy and effectiveness of the range of supervisory tools and their use, leading to the supervisor making changes as appropriate. As currently performed, the on-site activities of the RBNZ are limited, given the RBNZ’s supervisory approach that does not rely on reviewing credit files, or verifying that adequate policies and procedures are in place and that management implements and complies with Board-adopted policies and processes. The depth and quality control of the off-site analysis to produce the PRESS reports may be variable as analysts are not required to retain work papers on their analysis of risks and risk mitigants, and the lack of on-site work to test and verify prudential reports and loan quality all add-up to potential assessment of bank risk on a weak foundation. Principle 10 Supervisory reporting. The supervisor collects, reviews, and analyses prudential reports and statistical returns29 from banks on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. Essential criteria EC1 The supervisor has the power30 to require banks to submit information, on both a solo and a consolidated basis, on their financial condition, performance, and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, loan loss provisioning, related party transactions, interest rate risk, and market risk. Description and findings re EC1 The RBNZ has extensive powers to require a registered bank to supply it with any information, data or forecasts about the corporate matters, financial matters, prudential matters, or any other matters relating to the business, operation, or management of the registered bank, by notice to the bank under section 93 of the RBNZ Act. The RBNZ also has the power (under section 94 of the RBNZ Act) to require the information required under section 93 to be audited. This power is used by the banking oversight function to request a standard set of confidential monthly prudential returns on: capital adequacy, asset quality, and liquidity; copies of selected regular reports to the Board, Board Audit and Risk Committees and senior executive management meetings of the 10 largest locally incorporated banks; structured information requests to inform the RBNZ thematic reviews of bank risks; copies of information requested by foreign banking supervisory authorities under section

29 In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle 27. 30 Please refer to Principle 2.

NEW ZEALAND INTERNATIONAL MONETARY FUND 81 98A of the RBNZ Act; and ad hoc reports and information requests of all registered banks on other prudential matters as necessary. Examples of these ad-hoc request were presented to the assessors. Given the limited geographical diversity of New Zealand banks’ operations at present, only high-level information is collected on banks business by geography or currency at present, which is not reported in a fully consistent manner across banks. Prudential reporting collected by the RBNZ was increased in 2008, in the context of the lessons learned from the GFC. A new set of prudential reporting to complement and rationalize current prudential reporting, also in preparation for the launch of the “dashboard” public disclosure initiative in 2017, will be implemented during 2016 and 2017. The prudential information requested in this assessment criteria are all included, although some of them are still in trial, such as large exposures, and revised asset quality, and loan provisioning reporting. EC2 The supervisor provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally. Description and findings re EC2 Information reported in the registered bank disclosure statements is to be reported in accordance with the relevant disclosure OiC for that bank. New Zealand equivalents of International Accounting Standards (NZIAS) that guide both supervisory reporting and public disclosure are discussed in CP27, and can be considered consistent with international accounting standards for the purpose of this EC. EC3 The supervisor requires banks to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximizes the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisor assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisor determines that valuations are not sufficiently prudent, the supervisor requires the bank to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. Description and findings re EC3 Bank reporting in published disclosure statements is required to adopt valuation techniques consistent with GAAP. The RBNZ expects that the penalties for misreporting under section 89A of the RBNZ Act places the right set of incentives on bank directors to carry out effective governance and ensure management have in place effective procedures and controls, including compliance with the NZIAS in respect of valuation and reporting of assets and liabilities. Fair value is defined in the OiCs to have the same meaning as in NZIAS 32, i.e., the amount for which an asset could be exchanged, or a liability settled, between knowledgeable, willing parties in an arm’s length transaction.

NEW ZEALAND 82 INTERNATIONAL MONETARY FUND Financial reporting information contained in the bank disclosure statements is required to be subject to an external audit review (negative assurance) opinion for the six monthly balance date, and a full external audit opinion on the annual financial reporting information. In addition, the external auditors are required to provide a review opinion at the six monthly balance date on defined additional financial and prudential information; and at annual balance date, an opinion whether or not the information is in accordance with the books and records of the banking group in all material respects and is fairly stated in accordance with the relevant schedules of the OiCs. From time to time, bank supervisors identify from the regular review and analysis of prudential returns, published disclosure statements, audit reports, and Management/Board reports or from the Banking Oversight thematic review projects that there are issues regarding valuation methodologies adopted by individual banks (e.g., in relation to the basis of valuations used for assessing recoverability of stressed or nonperforming loans). In these cases, the RBNZ will obtain further information from the bank concerned and set out in writing its expectations for corrective action in respect of prudential reporting, which may also result in specific requirements for changing the capital adequacy treatment for the affected loans/portfolio. The matter is drawn to bank officials’ attention who should take steps to correct the matter and report back to the RBNZ, which may impose a capital overlay requirement if there were supervisory concerns regarding the broad range of deficiencies identified in the review. EC4 The supervisor collects and analyses information from banks at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the bank. Description and findings re EC4 Annual, semi-annual, quarterly, and monthly prudential reporting requirements vary to some extent consistent with the size and incorporation of registered banks, as proxies to risk profiles and systemic importance. In practice the four large Australian owned banks are subject to the most intensive information reporting requirements, with the very small New Zealand incorporated and overseas incorporated (branch) banks at the other end of the spectrum. The RBNZ’s section 93 (private) reporting requirements for copies of key Board, Board Risk and Audit committee, and executive management committee reports of locally incorporated banks is variable according to the level of risk in the respective banks. Analysis of information comes from PRESS assessments and monthly MBOR summary assessments as discussed in CP8. EC5 In order to make meaningful comparisons between banks and banking groups, the supervisor collects data from all banks and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). Description and findings re EC5 Prudential (stock and flow) data collected from registered banks is primarily reported on a consolidated New Zealand banking group basis at the end of each reporting period (or

NEW ZEALAND INTERNATIONAL MONETARY FUND 83 over each reporting period in the case of flow data). Quarterly published disclosure statements are reported on the same basis (for March, June, September, and December each year). The banking group coverage for each registered bank is defined in its conditions of registration, for example: a) a locally incorporated bank’s banking group is the registered bank (as reporting entity) and all other entities included in the group as defined in section 6(1) of the Financial Markets Conduct Act 2013 for the purposes of Part 7 of that Act. (i.e., the registered bank and all its subsidiaries); and b) an overseas incorporated (branch) bank’s banking group is the New Zealand business of the registered bank and its subsidiaries as required to be reported in group financial statements for the group’s New Zealand business under section 461B(2) of the Financial Markets Conduct Act 2013; (i.e., the group’s New Zealand business as if the members of the group were all companies formed and registered in New Zealand); however, there are exceptions which narrow the consolidated banking group scope for two branch banks, to exclude nonbank entities which are not managed as part of the New Zealand banking operations. Monthly and quarterly flow data (e.g., income statements) is available to bank supervisors for internal analysis on a current period, year-to-date and 12-month running total basis, as banks have differing quarter-ends for their financial years, which was one the purpose of introducing the reporting templates discussed before to report consistent data sets in the future. Liquidity (BS13) flow daily data for locally incorporated banks is reported on a calendar month basis, as well as measurement of minimum daily 1-week and 1-month mismatch ratios during the month. Other regulatory requirements such as connected exposures limits are required to be monitored daily and reported with a peak end of day, quarter-end, and end of financial year position. EC6 The supervisor has the power to request and receive any relevant information from banks, as well as any entities in the wider group, irrespective of their activities, where the supervisor believes that it is material to the condition of the bank or banking group, or to the assessment of the risks of the bank or banking group or is needed to support resolution planning. This includes internal management information. Description and findings re EC6 EC1 noted the RBNZ’s powers to require a registered bank to supply it with information. Section 93A of the RBNZ Act provides powers to request similar information from registered banks in relation to its associated persons (e.g., its subsidiaries and associated companies, and holding companies including New Zealand branches of the overseas parent bank), and section 93B requires those persons to provide the required information to the registered bank to enable that bank to comply. Section 93C permits the RBNZ to request relevant information that it could require a registered bank to provide, by notice, from any other person whom it has reasonable grounds to believe has such information, for example, an external auditor.

NEW ZEALAND 84 INTERNATIONAL MONETARY FUND The RBNZ has sole discretion to determine the nature and scope of information obtained from banks, either through regular reporting; Board and Management reports or targeted ad-hoc information requests. Other monetary, credit and financial (nonprudential) statistical information is collected from banks under section 36. The information gathering powers can also be used to obtain information the RBNZ considers is necessary to plan and prepare for bank resolution (including in respect of banks’ arrangements for, and testing of OBR prepositioning implementation plans), and to operationalize processes involved in invoking statutory management and OBR where appropriate. Banks, for example, would provide a copy of their OBR implementation plan annually. EC7 The supervisor has the power to access31 all bank records for the furtherance of supervisory work. The supervisor also has similar access to the bank’s Board, management and staff, when required. Description and findings re EC7 In addition to the information gathering powers in EC6 above, the RBNZ meets separately with banks’ senior management and with Board chairpersons and independent directors of locally incorporated banks as part of its annual bank engagement program. In the RBNZ’s business-as-usual supervisory activities, access to these banks’ Board, management and staff is effected without resorting to formal legislative powers. In the event of a material compliance failure or other supervisory concern regarding the accuracy or quality of information provided to the RBNZ (e.g., if the RBNZ has reasonable cause to believe information provided is false or misleading) section 99 and section 100 of the RBNZ Act provide powers for the RBNZ to issue a formal notice to supply specified information, or appoint a suitably qualified person to enter and search any premises and inspect. Sections 101 to 104 of the RBNZ Act provide powers for investigation of the affairs of a registered bank where the RBNZ considers it needs to determine whether or not to exercise its regarding direction to, or statutory management of as registered bank, including by notice requiring supply of information, production of documents for inspection, copying, etc. or to require any officer or employee of that registered bank to answer any question relating to the business, operation, or management of that bank. In addition, section 106 provides for a High Court warrant to be issued in defined circumstances if the person who occupies the premises or has possession of the documents does not agree to provide the specified information. The RBNZ indicates there are no legislative impediments to conducting on-site inspections. However, this is not the current practice, nor the intention. RBNZ supervisory

31 Please refer to Principle 1, Essential Criterion 5.

NEW ZEALAND INTERNATIONAL MONETARY FUND 85 approach is oriented more towards across the Board thematic reviews than single institutions inspections plan. EC8 The supervisor has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisor determines the appropriate level of the bank’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended. Description and findings re EC8 The RBNZ takes action to maintain banks’ compliance with requirements for timely and accurate information (primarily through re-publication and stating material changes), but the available sanctions for misreporting and persistent errors are limited to summary conviction (or directions to a bank or deregistration) and have not been imposed in that form to date. The mechanism for enforcement that the RBNZ uses primarily is the public disclosure of breaches of compliance of conditions of registration. The RBNZ has not found the need to exercise powers beyond naming and shaming that is involved in public disclosure in mass media and specialized journalists’ scrutiny. Enforcing actions on compliance with purely private prudential reporting has not been exercised as yet. Section 83 of the RBNZ Act provides for the RBNZ, by notice, to require a registered bank to correct and republish a disclosure statement published as required under section 81 of the Act that the RBNZ considers contains information that is false or misleading. The RBNZ ensures that material errors or omissions in disclosure statements are corrected and republished promptly. It records such events in its compliance issues register, and pursues with bank senior management remedial action, including through the use of external expert advisers to identify process improvements required, where recurring problems are found. Practice was illustrated with examples of recent notice letters to banks regarding disclosure compliance failures under section 83. Section 89 provides an offence for failing to publish required information in a disclosure statement and section 89A provides an offence for publishing false or misleading disclosure statements. Sections 93, 93A, 93B, and 93C provide for offences for failure to comply with notices issued under those sections, which in each instance require the notice to specify the time and place in New Zealand at which the information must be supplied. Penalties are available for such offences, on summary conviction, under section 156AB of the Act, however the RBNZ has not yet pursued prosecution in such instances with appropriate remedial action being taken by banks at the RBNZ’s request. EC9 The supervisor utilizes policies and procedures to determine the validity and integrity of supervisory information. This includes a program for the periodic verification of supervisory returns by means either of the supervisor’s own staff or of external experts. Description and findings re EC9 The RBNZ does cross checking between disclosure statements and the prudential returns. This cross checking is supplemented by the Statistical team. RBNZ staff attest to Banking Oversight managers regarding the comprehensiveness of banks’ quarterly public disclosure according to regulations. Banks’ external audit process provide to the RBNZ

NEW ZEALAND 86 INTERNATIONAL MONETARY FUND additional assurance. However, the RBNZ does not directly conduct periodic verification of banks’ prudential returns by any means and in any scope. The RBNZ has power under section 94 of the RBNZ Act to require an audit (by an auditor approved by the RBNZ) of any information, data, or forecasts that has been requested under section 93 or section 93C of the Act. EC10 The supervisor clearly defines and documents the roles and responsibilities of external experts,32 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisor assesses the suitability of experts for the designated task(s) and the quality of the work and takes into consideration conflicts of interest that could influence the output/recommendations by external experts. External experts may be utilized for routine validation or to examine specific aspects of banks’ operations. Description and findings re EC10 The regular external audit review obligations in relation to bank disclosure statements under the OiCs (as summarized above) are set out in the PSD Banking Supervision policy document BS4 on Audit Obligations. Additional powers are available to the RBNZ under section 95 of the RBNZ Act for reports to be required to be prepared by suitably qualified experts on matters set out in terms of reference determined by the RBNZ and notified to a registered bank. This power has been used for example where the RBNZ is concerned about the potential implications of material and ongoing compliance failures by a bank, and could also be employed if there were concerns that some aspects of the business and affairs of the bank might not be being conducted in prudent manner and expert advice on remediation options was considered desirable. The initial selection of a suitably qualified person or persons proposed to be engaged to prepare an s95 report would normally be made by the subject bank, but requires the approval of the RBNZ before the expert’s appointment takes effect. In giving its approval, the RBNZ would have regard for, and may make further inquiries into, the appointee’s skills and experience and any potential conflicts of interest. The RBNZ also makes use of professional consultants and industry experts from time to time to support its supervisory work program. EC11 The supervisor requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes. Description and findings re EC11 There is no explicit requirement for external experts to bring material shortcomings identified in the course of work undertaken for supervisory purposes to the RBNZ’s attention, unless it meets the severity threshold in section 96 of the RBNZ Act for

32 Maybe external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisor, yet it is ultimately the supervisor that must be satisfied with the results of the reviews conducted by such external experts.

NEW ZEALAND INTERNATIONAL MONETARY FUND 87 reporting by the bank’s external auditor, i.e., if the bank or an associated person is insolvent, likely to become insolvent, or is in serious financial difficulties, and the disclosure of that information is likely to assist or be relevant to the exercise by the RBNZ of its powers under Part 5 of the Act. The auditor is required, in such circumstances, to take all reasonable steps to inform the bank (or its associated person) concerned of its intention to disclose and the nature of the information to be disclosed to the RBNZ. Protection from civil or criminal liability, or professional censure, is provided to an auditor in such circumstances if the disclosure to the RBNZ is made in good faith. The RBNZ encourages a free and frank exchange of information in its meetings with New Zealand incorporated banks’ external auditors, and the auditors are expected, with the knowledge of the bank’s audit committee, to be able to discuss key audit findings on a confidential basis. EC12 The supervisor has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. Description and findings re EC12 The RBNZ conducts an annual review of the scope and prudential relevance of its private risk reporting by the 10 largest locally incorporated banks, before formalizing the information request for each bank for the current year. The regular reviews of OiC disclosure requirements endeavor to find an appropriate balance between maintaining effective market disciplines on banks and providing the supervisors with access to timely key prudential and financial reporting information through mechanisms other than published disclosure statements where that can be more cost-effective for both banks and the RBNZ. In 2016, the RBNZ is refining monthly reporting requirements with respect to banks’ balance sheet composition and structure, and bank asset quality data. As part of the same project, enhanced quarterly prudential reporting for banks is being developed in respect of large exposures; related parties; and detailed capital adequacy data including capital composition, risk weighted assets by risk bucket, and reporting of advanced model (IRB) banks’ key parameters across each asset class; in order to meet identified gaps in the provision of regular and consistent supervisory information. Assessment of Principle 10 Materially Noncompliant Comments The RBNZ has developed a framework of prudential reporting requirements for registered banks, including quarterly published disclosure statements (with a higher level of detailed required for six month and annual reporting respectively); regular private statistical and prudential reporting; and for large- and medium-sized New Zealand incorporated banks, copies of key bank risk and financial management reports to senior Management and Board committees. Information is reported consistent with international accounting standards applicable in New Zealand (see CP27). In all, the prudential reporting framework, as discussed in EC1, is in place and (in a recent

NEW ZEALAND 88 INTERNATIONAL MONETARY FUND development) is under revision for further enhancements, compared to the RBNZ’s previous approach of basing prudential reporting on public disclosure. The RBNZ collects, reviews and analyses prudential reports and statistical returns from banks on both a solo and a subconsolidated basis as discussed in CP12 (see EC1). However, the RBNZ does not conduct any independent verification of the prudential returns (EC9). The RBNZ supervisory model, based on public disclosure and director attestation, is an impediment to reaching compliance with CP10. Verification consists of cross-checking of different reporting outcomes for consistency. The RBNZ, however, indicates that nothing prevents it, for example, from doing on-site inspections or commissioning external experts with a prudential mandate. It is worth mentioning that current resources would not allow the RBNZ to do its own on-site inspections. The RBNZ expects banks to have sound governance structures and control processes for methodologies that produce valuations. The RBNZ does not independently verify that the valuation framework and control procedures are subject to adequate independent validation and verification. Validation is delegated to the regular external audit process, which should be attested by the registered banks directors. The RBNZ does not have a systematic practice to determine that valuations are sufficiently prudent, which does not mean that prudential valuation is not one of its supervisory concerns (see EC3). The RBNZ is encouraged to develop processes for strong first-hand independent verification of banks’ prudential returns, especially in the areas of earnings and credit asset quality given the credit profile of the banking industry. This will allow the RBNZ to identify effectively prudential concerns through an independent assessment of risks, while ensuring that these risks are mitigated in a timely manner. The RBNZ should also have an explicit requirement for external experts to bring material shortcomings identified in the course of work undertaken for supervisory purposes to its attention (EC11). Principle 11 Corrective and sanctioning powers of supervisors. The supervisor acts at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system. The supervisor has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking license or to recommend its revocation. Essential criteria EC1 The supervisor raises supervisory concerns with the bank’s management or, where appropriate, the bank’s Board, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisor requires the bank to take significant corrective actions, these are addressed in a written document to the bank’s Board. The supervisor requires the bank to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisor follows through conclusively and in a timely manner on matters that are identified.

NEW ZEALAND INTERNATIONAL MONETARY FUND 89 Description and findings re EC1 The RBNZ proactively addresses supervisory concerns with banks to ensure remedial action is taken in a timely manner. Engagement within the affected bank is escalated according to the materiality of the identified concern. Material issues are addressed in writing to the bank’s chief executive officer, but in more significant cases, the RBNZ will write to the Board chair, and may also call in the CEO and/or Board chair in to be informed of the RBNZ’s concerns and required actions. Written reports to the RBNZ on progress in remediation actions are required on a regular basis, and will normally form the basis of regular formal meetings with the supervision team to review progress. EC2 The supervisor has available33 an appropriate range of supervisory tools for use when, in the supervisor’s judgment, a bank is not complying with laws, regulations, or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the bank or the banking system, or when the interests of depositors are otherwise threatened. Description and findings re EC2 A hierarchy of supervisory responses is established when the RBNZ identifies noncompliance with prudential requirement in laws, regulations, or supervisory obligations such as conditions of registration, or is engaged in unsafe or unsound practices or in activities that could pose risks to the soundness of the financial system. The graduated supervisory response framework includes:  Where there is no evidence of immediate risk to the soundness of the financial system, if there has been a breach of requirements or potentially unsound practices have been identified, the RBNZ will formally advise the bank of its findings and concerns, and agree with the bank on a corrective action plan. In material circumstances, the RBNZ’s remediation requirements may be enforced by way of a variation to an existing condition of registration or by imposition of a new condition of registration under s74 of the RBNZ Act. Breaches of requirements are recorded and follow-actions monitored through the Compliance Issues Register.  Use of s95 of the RBNZ Act enabling the RBNZ to require a report to be prepared by suitably qualified experts on matters set out in terms of reference determined by the RBNZ and notified to a bank; for example, where the RBNZ is concerned about the potential implications of material and ongoing compliance failures by a bank, or if there were concerns that some aspects of the business and affairs of the bank are not be being conducted in prudent manner. The scope of s95 reports may include the corporate, financial, prudential, or any other matters relating to the business, operation or management of a registered bank; or of any of those matters in relation to any associated person of the bank or any New Zealand incorporated company or branch of a cross-border company in which any holding company of the bank has a substantial interest. The findings of the s95 review are to be presented to the bank’s Board and copied to the RBNZ, a remediation action plan and monitoring process is mandated, and the review may be required to be published.

33 Please refer to Principle 1.

NEW ZEALAND 90 INTERNATIONAL MONETARY FUND  Activate the powers in s101 to 104 of the RBNZ Act to carry out an investigation of a bank which meets the criteria in s113 of the Act, if it is deemed necessary to identify the relevant facts. This may be followed by the RBNZ making a recommendation to the MoF for consent to issue a direction (order) to a bank under s113 to take certain actions, or cease taking certain actions as directed, or to remove, replace, or appoint a director of the bank under s114. Section 117 to 156 of the RBNZ Act (statutory management) provides the formal legislative framework for handling registered banks in the event of imminent financial stress or failure, through the appointment of a statutory manager by the Governor-General, on the advice of the MoF given in accordance with a recommendation of the RBNZ. EC3 The supervisor has the power to act where a bank falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisor also has the power to intervene at an early stage to require a bank to take action to prevent it from reaching its regulatory threshold requirements. The supervisor has a range of options to address such scenarios. Description and findings re EC3 The RBNZ emphasizes the importance of risk-based governance by banks (self-discipline) in its supervisory framework and expects banks’ Boards and management to set target ratios as a buffer above regulatory minima (e.g., for capital and liquidity requirements) to ensure early identification by the bank through its risk metric reporting, which are also monitored by the bank supervisors. Where the RBNZ is concerned about a potential future breach of regulatory requirements by a bank, it will proactively address its concerns with the bank affected; for example, if its capital adequacy ratio was trending towards regulatory minima. However, opportunities for preventive action are limited due to the lack of sufficient supervisory guidelines. In general, the supervisory response is calibrated to the relative materiality of the breach. For example, where, in recent instances, two newly-registered banks unintentionally breached their related party exposures limits (imposed as conditions of registration) through a misunderstanding regarding the definitions of items included in the limit calculation. The RBNZ formally required immediate corrective action, and requested confirmation that the bank put in place additional effective procedures to prevent a recurrence. In addition, in each case the bank concerned was required to publicly disclose the breach in its next quarterly disclosure statement. No more punitive action has been taken in such instances. The market discipline pillar of the RBNZ’s supervisory framework serves to reinforce the incentives on bank directors to ensure pending breaches of supervisory requirements are resolved before a breach occurs, as any failure to meet public disclosure statement requirements, any breaches of conditions of registration, or any (material) breakdown in control systems or the application thereof within the bank would be required to be

NEW ZEALAND INTERNATIONAL MONETARY FUND 91 identified in relation to the directors’ attestations in the next published disclosure statement and may trigger other continuous reporting requirements.

There are a range of options available to resolve pending problems. In the first instance, the RBNZ will look to the bank concerned, its Board, and if necessary its owners/parent bank to address the problem in a timely manner. Where appropriate, a work-out plan or resolution strategy will be agreed with the entity, and potentially other constraints on the bank’s activities could be imposed by the RBNZ; e.g., through conditions of registration or capital overlays, or directives, until satisfactory corrective action has been completed. EC4 The supervisor has available a broad range of possible measures to address, at an early stage, such scenarios as described in essential criterion 2 above. These measures include the ability to require a bank to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisor provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the bank, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, Board members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the bank, and revoking or recommending the revocation of the banking license. Description and findings re EC4 The RBNZ adopts a proportionate (risk-sensitive) supervisory approach to banks’ breaches of regulatory requirements. For one-off non-material breaches such as minor disclosure statement OiC infractions, remediation might involve correction to and republication of disclosure statement data; through to more serious supervisory concerns regarding breaches of conditions of registration or legislative requirements where more substantive corrective action might be required to achieve a prompt return to compliance (e.g., capital injection from the parent; instigation of a report from external experts). The RBNZ’s Compliance Issues Register has a set of criteria for decisions on referral of more material or repeated breaches of regulatory requirements or compliance failures to PSD’s Investigation and Enforcement team for further investigation and to make recommendations to supervision management on enforcement action to be taken. The range of formal supervisory powers available to the RBNZ under the RBNZ Act are summarized in the response to EC 2 above. Conditions of registration under s74 of the RBNZ Act may be put in place to restrict the current activities of the bank or impose more stringent prudential limits and requirements. Directives may be issued, with the consent of the MoF under s113 where the prerequisite criteria are met (including failure to comply with any requirement imposed under the Act) which can have broad scope, such as requiring the cessation of new activities or acquisitions, restricting, or suspending payments to shareholders or share repurchases, or restricting asset transfers. In conjunction with s113B of the Act, with the consent of the Minister, the RBNZ may

NEW ZEALAND 92 INTERNATIONAL MONETARY FUND replace or restrict the powers of managers or Board members. If the circumstances of section 113 (1) (a) to (e) are met (e.g., a bank is not carrying on its business in a prudent manner, but not merely because there has been a failure to comply with regulatory requirements), and the Governor-General has appointed a statutory manager of the bank under s117, the rights and powers of controlling owners are overridden, and the statutory manager may facilitate a takeover by or merger with a healthier institution, and has all the powers of the Board and Management of the bank. In addition, the MoF may by notice given in accordance with a recommendation by the RBNZ, direct the RBNZ to cancel the registration of a bank where the RBNZ is satisfied that the bank meets the criteria of s77(2) of the Act, including for example where there was (material or persistent) non-compliance with a condition of registration; or the bank has not carried on its business in a prudent manner; or the bank has failed to comply with any obligation under the Act or any related regulations. EC5 The supervisor applies sanctions not only to the bank but, when and if necessary, also to management and/or the Board, or individuals therein. Description and findings re EC5 Supervisory sanctions imposed through, or in relation to, a bank’s conditions of registration, for example to impose a higher capital overlay or otherwise constrain the scope of a bank’s business, will apply to the legal entity only. The RBNZ Act (s89A)) provides for personal liability for a bank director, or the New Zealand Chief executive officer of a cross-border incorporated (branch) registered bank if a disclosure statement signed by or on behalf of that person is false or misleading. Sections 156AA to 156AC of the Act impose penalties for offenses under the relevant provisions of Part 5 (bank registration and supervision) of the Act and each offense, upon summary conviction, may apply to an individual or a body corporate, or both as appropriate. A small number of sections of Part 5, e.g., s74 on failure to comply with a condition of registration, or s95 on failure to publish a report under s95 as required by the RBNZ, impose offenses on the registered bank alone. An alternative form of non-criminal sanction may be imposed on an officer or employee of a registered bank through the power to issue a direction to a registered bank or its associated person limiting or ceasing the involvement of an officer or employee in the management or conduct of its business, or on a director of a bank through the power to remove or replace a director of a bank (or appointing any person as a director). Each of these steps requires the prior consent of the MoF. EC6 The supervisor has the power to take corrective actions, including ring-fencing of the bank from the actions of parent companies, subsidiaries, parallel-owned banking structures, and other related entities in matters that could impair the safety and soundness of the bank or the banking system. Description and findings re EC6 In the first instance, conditions of registration imposed on a bank are the usual tool to effect early corrective action in respect of a registered bank in circumstances that could

NEW ZEALAND INTERNATIONAL MONETARY FUND 93 otherwise impair the safety and soundness of the bank or the banking system. The scope of conditions of registration may relate to any of the following matters: a) the incorporation and ownership structure of the registered bank; b) the size and nature of the registered bank’s business or any part of its business; c) the ability of the registered bank to carry on its business in a prudent manner; d) the standing of the registered bank in the financial markets; e) the suitability for their positions of the directors and senior managers of the registered bank; f) the standing of the owner of the registered bank in the financial markets; g) the registered bank’s capital in relation to the size and nature of its business; h) the registered bank’s loan concentration and risk exposures; i) the separation of the registered bank’s business from other business and from other interests of any person owning or controlling the registered bank; j) the registered bank’s internal controls and accounting systems; k) the registered bank’s risk management systems and policies; l) the arrangements for outsourcing any business, or functions relating to any business, of the registered bank to be carried on by any person other than the registered bank; m) the public disclosure of information by the registered bank as required by OiCs; and n) certain matters in relation to the home jurisdiction legal and regulatory requirements and the publication of financial or other information by the head-office or parent of a registered bank that is cross-border incorporated, or is a subsidiary of a cross-border incorporated entity. More serious or urgent concerns regarding the safety and soundness of the bank or the banking system would entail the exercise of the RBNZ’s powers of direction to a bank, and/or the removal of directors with the consent of the MoF; or the initiation of statutory management of a registered bank of the Act, by order of the Governor-General, on the advice of the MoF, given in accordance with a recommendation of the RBNZ. Each of these powers may also be exercised in respect of an associated person of a registered bank. An associated person of a registered bank includes subsidiaries and associated companies of the bank, and the bank’s holding companies (including New Zealand bank branches of the cross-border parent bank) or any owner of 20 percent or more of the bank’s voting or non-voting securities (e.g., shares or other instruments conferring ownership rights). Associated person does not include subsidiaries of the bank’s holding company. The criteria for initiating direction powers are:

NEW ZEALAND 94 INTERNATIONAL MONETARY FUND a) the bank or associated person is insolvent or is likely to become insolvent; or b) the bank or associated person is about to suspend payment or is unable to meet its obligations as and when they fall due; or c) the affairs of the bank or associated person are being conducted in a manner prejudicial to the soundness of the financial system; or d) the circumstances of the bank or associated person are such as to be prejudicial to the soundness of the financial system; or e) the business of the bank has not been, or is not being, conducted in a prudent manner; or f) any of the following persons has failed to comply with any requirement imposed by or under this Act or regulations made under the Act; (i) the bank: (ii) a director of the bank: (iii) in the case of a cross-border incorporated bank, its New Zealand chief executive officer; or g) any of the following persons has been convicted of an offence against the Act: (i) the bank: (ii) a director of the bank: (iii) in the case of a cross-border incorporated bank, its New Zealand chief executive officer; or h) the bank has failed to comply with a condition of its registration. Powers available to a statutory manager of a bank or associated person upon appointment include placing a moratorium on specified actions by any person in respect of the bank or associated person, and suspending payment of any money owed or the obligation to provide funding to any person. Where a cross-border incorporated (branch) bank is placed in statutory management, a locally incorporated company may be created by the statutory manager and any of the branch’s property or assets may be vested in that company. The statutory manager is vested with management of the bank concerned, is empowered to carry on its business, and has all of the powers, rights, and privileges of the bank, its Board of directors and its shareholders. The statutory manager may also pay creditors and compromise creditors’ claims, and may sell the registered bank in whole or a part of its business. EC7 The supervisor cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem bank situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). Description and findings re EC7 Largely because of the dominant role of the four largest Australian banks in owning or controlling New Zealand banking groups representing over 86 percent of the banking

NEW ZEALAND INTERNATIONAL MONETARY FUND 95 sector’s assets, the RBNZ has a statutory requirement to support the Australian financial authorities in meeting their statutory responsibilities, and to the extent reasonably practical, to avoid any action that is likely to have a detrimental effect on financial system stability in Australia. Consultation with and considering the advice of, the relevant Australian financial authorities is required before taking any action that could have such an effect. Matching obligations are imposed on APRA under Australian legislation. The FMA is the New Zealand counterpart agency for financial business conduct and capital markets regulation, and the RBNZ has an agreement in place with the FMA to cooperate and share information including in relation to any proposed major supervisory intervention. Formal memorandums of understanding are in place with both APRA and FMA on cooperation and information sharing. In respect of both of these key relationships with other regulatory authorities, regular engagement is maintained at the executive level, as well as at the policy and operational (supervision) levels to ensure the co-operation and coordination objectives are sustained. The RBNZ and Treasury also work together on matters relating to problem bank resolution as set out in a MoU agreed in 2012. For example:  The Treasury and RBNZ both have roles in the event of financial distress and need to work together to ensure the government has appropriate crisis resolution tools that meet each agencies objectives.  The RBNZ and Treasury will coordinate advice to the Minister in a period of actual or potential financial distress.  In anticipation of any government intervention in the financial system the Treasury will lead on operational matters arising from financial distress where these have fiscal implications.  The RBNZ is responsible for ensuring that the Treasury and the Minister are informed in a timely manner if an institution faces a material likelihood of distress. The appointment of a statutory manager as described in EC6 above provides for a range of resolution options including closure, or assisting in restructuring, or merger with a stronger institution. The RBNZ will cooperate and collaborate with relevant domestic and foreign authorities to the extent consistent with its statutory objectives. The RBNZ’s crisis management toolkit sets out the requirements for engagement with other regulators, and the steps involved in the bank resolution process. Crisis simulation exercises include representatives of official agencies, with the trans-Tasman exercise in November 2011 including representatives from the Australian Treasury and APRA.

NEW ZEALAND 96 INTERNATIONAL MONETARY FUND Additional criteria AC1 Laws or regulations guard against the supervisor unduly delaying appropriate corrective actions. Description and findings re AC1 There are no legal provisions that specifically determine bank supervision requirements on timing of corrective actions. AC2 When taking formal corrective action in relation to a bank, the supervisor informs the supervisor of nonbank related financial entities of its actions and, where appropriate, coordinates its actions with them. Description and findings re AC2 As the regulator of NBDTs and prudential supervisor of insurers as well as registered banks, the RBNZ (PSD) has effective sharing of information on common financial entity groups and interests across the co-located teams covering each sub-sector. To the extent that the two private sector trustee company supervisors of NBDTs, or the FMA, should be made aware of any actions by the RBNZ that might impact on entities under their supervisory responsibility, effective communication, and cooperation processes are already established with those organizations. Assessment of principle 11 Largely Compliant Comments The RBNZ addresses supervisory concerns with banks in a proactive and timely manner, including formal communication and escalation to senior management and the Board as appropriate. Remediation progress and completion is monitored, and documented in the compliance issues register. A range of supervisory tools are available to address non-compliance with regulatory requirements. If the imposition of, or variation of conditions of registration are not sufficient where formal actions are necessary to achieve effective remediation or orderly resolution of a problem bank, and the necessary preconditions are met for cases of severe institutional stress or very material non-compliance with regulatory or prudential requirements, the powers of direction or statutory management can be used where necessary. These powers may be exercised in the interests of the safety and soundness of the bank or to minimize damage to the financial system in the event of a bank failure, in a manner appropriate to the particular circumstances. The use of these powers may be necessary to mandate ring-fencing of the registered bank from the actions of its parent company and its affiliates. The RBNZ’s recent use of formal enforcement powers has most commonly involved imposing requirements for disclosure republication, additional conditions of registration, or the use of s95 reports to effect corrective action. In practice the supervisory tools and measures available to handle moderately severe compliance problems or deficiencies in prudent policies and practices have achieved effective corrective action, as shown in the case study examples provided to assessors. There has been no need to use the powers of

NEW ZEALAND INTERNATIONAL MONETARY FUND 97 direction, statutory management, or mandatory revocation of registration in respect of banks to date. The RBNZ will cooperate and collaborate with relevant domestic and foreign authorities, consistent with its statutory objectives, in the circumstances where orderly resolution of a bank is deemed appropriate. Specific legislative provision is made for cooperation with Australian authorities. Should the resolution process involve the appointment of a statutory manager, options available to the statutory manager would include closure, or assisting in restructuring, or merger with a stronger institution. Most corrective action is taken to address breaches of registration conditions. Preventive action would be enhanced by making compliance with banking supervision policy documents evidence of prudent banking. Issuing guidelines on risk management and addressing non-compliance would make enforcement more pro-active. The threshold for issuing directions (including to remove directors) is high and relates to possible systemic impacts or existing violations or business not being conducted in a prudent manner plus consent of the MoF is required. The ability of the RBNZ to act at an early stage to address unsafe and unsound practices or activities that could pose risks to banks or to the banking system is hampered by the lack of supervisory guidance and requirements, potentially limiting the use of supervisory judgment. The RBNZ has at its disposal an adequate range of supervisory tools to bring about corrective action including the ability to revoke the banking license following the MoF agreeing to the RBNZ’s recommendation for revocation. Principle 12 Consolidated supervision. An essential element of banking supervision is that the supervisor supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide. Essential criteria EC1 The supervisor understands the overall structure of the banking group and is familiar with all the material activities (including nonbanking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisor understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group, in particular contagion and reputation risks, may jeopardize the safety and soundness of the bank and the banking system. Description and findings re EC1 RBNZ prudential supervision work focuses on the New Zealand banking group (or groups in the case of banking groups under “dual-registration,” i.e., subsidiary and branch of the same foreign banking group operating in New Zealand) as defined in the conditions of registration and in Part 5 of the RBNZ Act:  For New Zealand incorporated banks that is the registered bank and all other entities included in the group as defined in section 6(1) of the Financial Markets Conduct Act

NEW ZEALAND 98 INTERNATIONAL MONETARY FUND 2013, for the purposes of Part 7 of that Act. In practice, that means the New Zealand registered bank and all of its subsidiaries.  For overseas incorporated (branch) banks that is the New Zealand business of the registered bank (the parent) and its subsidiaries as required to be reported in group financial statements for the group’s New Zealand business under section 461B(2) of the Financial Markets Conduct Act 2013. In practice that means all branches and subsidiaries in New Zealand of the parent bank. (There are exceptions to the standard definition that have been granted by the RBNZ for two banking groups, to exclude nonbank entities that are not managed or controlled within the banking operations in New Zealand.) The main tools for prudential monitoring and analysis of registered banks including the banking groups as defined above, are the PRESS risk assessment process as discussed in CP8. The purposes of bank registration and supervision as set out in section 68 of the RBNZ Act expect that concerns regarding contagion and reputation risks, including the subsidiaries to the registered bank, will be motivations for supervisory action. Standard conditions of registration for New Zealand incorporated banks include that nonfinancial activities must not in aggregate be material relative to the New Zealand banking group’s total activities; that insurance business assets are not greater than 1 percent of the New Zealand banking group’s consolidated assets; and that a substantial proportion of the New Zealand banking group’s business is conducted in and from New Zealand. The combined effect of these requirements is to constrain the scope for nonbanking activities within New Zealand incorporated registered banks. New Zealand banks do not have at the time of the assessment material retail banking operations located offshore (with the exception of one smaller bank that has recently acquired an Australian-based reverse mortgage portfolio). The five larger locally incorporated banks also use (branches of) wholesale funding subsidiaries operating in major financial centers overseas to raise funding in offshore markets. In the case of financial conglomerates, securities activities are licensed and monitored by the FMA’s supervision team under the Financial Markets Conduct Act 2013. Engagement with FMA is through regular information exchanges including ad-hoc phone calls, quarterly supervisor catch-up meetings and annual joint supervisory workshops involving RBNZ and FMA supervisors for each registered bank group. The first joint supervisory workshop was held in December 2015. Insurance activities are licensed and supervised by RBNZ Insurance Oversight team under the Insurance (Prudential Supervision) Act 2010. If there was a NBDT in the New Zealand banking group, it would also be regulated and monitored by the NBDT team embedded in RBNZ Banking Oversight. The Overseas Bank Disclosure OIC (see Schedule 3, clause 14 (3)) requires the directors and New Zealand chief executive officer to attest whether or not they believe that the

NEW ZEALAND INTERNATIONAL MONETARY FUND 99 branch and, if applicable, any other members of the registered bank’s banking group had systems in place to monitor and control adequately the material risks of relevant members of the registered bank’s banking group including credit risk, concentration of credit risk, interest rate risk, currency risk, equity risk, liquidity risk, and other business risks, and that those systems were being properly applied. EC2 The supervisor imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the banking group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, lending limits and group structure. Description and findings re EC2 The primary manner in which the RBNZ imposes prudential requirements on banks post-registration is through the conditions of registration for each bank issued under section 74 of the RBNZ Act. The standard conditions for locally incorporated banks and overseas incorporated (branch) banks are set out in Appendix 1 of the Banking Supervision document BS1 – Statement of Principles (which cover capital adequacy requirements; limitation on size insurance business; credit exposures to connected persons; and liquidity requirements). These conditions of registration are targeted at the consolidated banking group as defined in the conditions of registration themselves (see EC1 above). Published bank disclosure statements and prudential returns reported to the RBNZ are almost entirely at the consolidated banking group level, as defined in EC1, to give a comprehensive view of the group’s business. Prudential limits are not imposed on banks’ large credit exposures but reporting to the RBNZ, and quarterly published data on the concentration of credit exposures to individual counterparties (e.g., see local OiC Schedule 13 for New Zealand incorporated banks) is based on large credit exposures of the New Zealand banking group. Lending limits with respect to high loan-to-value (LVR) residential mortgage lending imposed through conditions of registration are applied to the bank itself as the primary residential mortgage lender. An additional requirement is that a bank must not act as a broker or arrange for a member of its banking group to provide a residential mortgage loan to avoid the restrictions. Risk and financial management reporting to the RBNZ by the larger New Zealand incorporated banks under s93 of the RBNZ Act includes divisional risk reporting, focused deep-dive risk reports, and key risk metrics for major business units, particularly for the large banks with multiple business lines. The RBNZ finds this more granular information critical to understand the broad scope of business and risks in these banking groups – in more detail than the consolidated published and prudential reports. Summary information on banks’ subsidiaries should be published in annual disclosure statements. Bank supervisors can obtain updated information on each group’s structure, and organization charts, as needed. EC3 The supervisor reviews whether the oversight of a bank’s foreign operations by management (of the parent bank or head office and, where relevant, the holding

NEW ZEALAND 100 INTERNATIONAL MONETARY FUND company) is adequate having regard to their risk profile and systemic importance and there is no hindrance in host countries for the parent bank to have access to all the material information from their foreign branches and subsidiaries. The supervisor also determines that banks’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with supervisory and regulatory requirements. The home supervisor takes into account the effectiveness of supervision conducted in the host countries in which its banks have material operations. Description and findings re EC3 New Zealand incorporated banks wishing to establish a subsidiary, branch or representative office in another country should seek the approval of the RBNZ before making application to the host supervisor or licensing authority, as outlined in paragraph 136 of the Statement of principles BS1. At present, however, the RBNZ indicates that there are no material banking operations of New Zealand banks in foreign jurisdictions (other than funding subsidiaries issuing debt in foreign capital markets to fund the New Zealand banking group). The RBNZ estimates that at this moment there are no sufficiently material risks in the banks’ offshore subsidiary funding operations to warrant monitoring and supervising those operations separately from the supervision of the banking group as a whole. The RBNZ indicates that a future role as active home supervisor can be adopted without impediments. EC4 The home supervisor visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisor meets the host supervisors during these visits. The supervisor has a policy for assessing whether it needs to conduct on-site examinations of a bank’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate. Description and findings re EC4 As indicated in EC3, currently there are no foreign operations of New Zealand incorporated banks which are significant enough to warrant additional attention. In any case, the RBNZ does not have a policy of conducting on-site examinations of banks’ foreign operations where those operations are material. Risk management matters or prudential vulnerabilities relating to a New Zealand incorporated bank’s foreign operations would be obtained through the consolidated private reporting and engagement meetings with bank senior management and directors in New Zealand, in the first instance, if there were any material foreign operations. As host supervisor, the RBNZ has a well-established practice to allow APRA, as the most significant home supervisor, to conduct on-site inspections of Australia banks’ operations in New Zealand. RBNZ staff participate as observers. This is further discussed in CP13. EC5 The supervisor reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the bank and the banking group, and takes appropriate supervisory action.

NEW ZEALAND INTERNATIONAL MONETARY FUND 101 Description and findings re EC5 The PRESS risk evaluation surveillance framework incorporates parent support assessments for the New Zealand bank as one of 10 key inputs. The RBNZ supervisory model does not include the review of the main activities of companies affiliated with the parent banks of foreign banks. Nonetheless, the four largest banking groups in New Zealand are Australian owned, and their parent banks are supervised by APRA. Given the systemic importance of those banks in New Zealand, the RBNZ places significant emphasis on maintaining close working relationships with APRA at the operational supervisory level, as well as at the policy, senior management and governance levels. The RBNZ will initiate appropriate supervisory responses to limit the potential contagion impact on the safety and soundness of a New Zealand bank’s operations that might arise where concerns are identified regarding the activities or prudential condition of parent companies or their affiliates. In the first instance, separation from interests of owners could be effected through conditions of registration, escalating to the use of directive powers or statutory management powers if necessary in extreme cases. EC6 The supervisor limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the bank and banking group is compromised because the activities expose the bank or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisors is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered Description and findings re EC6 As indicated in EC3, there are currently no material foreign operations of New Zealand incorporated banks. Should the RBNZ become aware of risks in a bank’s foreign offices, or have concerns regarding its ability to exercise effective consolidated supervision, the RBNZ can under section 74 of the RBNZ Act, issue conditions of registration that can constrain the size and nature of a bank’s business; and on other matters relating to the ability of the bank to carry on its business in a prudent manner. Should additional powers be necessary, section 113 of the Act permits the RBNZ to give directions to a bank with the consent of the MoF, to require the bank to consult with the RBNZ, and/or to take specified actions or cease carrying on any part of its business. The RBNZ has no formal policies to limit the scope of foreign operations of New Zealand incorporated banks on the basis of weak host jurisdiction supervision arrangements.

NEW ZEALAND 102 INTERNATIONAL MONETARY FUND EC7 In addition to supervising on a consolidated basis, the responsible supervisor supervises individual banks in the group. The responsible supervisor supervises each bank on a stand-alone basis and understands its relationship with other members of the group.34 Description and findings re EC7 At the present time, there are no New Zealand incorporated banks that have another registered bank as a subsidiary, although the policy framework does not preclude such banks being registered. There are currently four banking groups where there is both a New Zealand incorporated bank and a New Zealand registered bank as a branch of the overseas parent bank (described as “dual-registered” banks). In cases where there is more than one registered bank in the banking group, each of the banks are prudentially supervised as separate regulated entities with their own conditions of registration and applicable policy and reporting requirements. Additional criteria AC1 For countries which allow corporate ownership of banks, the supervisor has the power to establish and enforce fit-and-proper standards for owners and senior management of parent companies. Description and findings re AC1 Corporate ownership of registered banks is permitted in New Zealand. At the time of bank registration, under s73 of the RBNZ Act, an assessment must be made of the ownership and incorporation structure of the applicant, and the standing of the owner in the financial markets, which will include public and private information on significant shareholders and parent company directors. In the case of a bank registration application from a subsidiary of an overseas entity, under section 73B of the RBNZ Act, an assessment must also be made of the law and regulatory requirements in the home jurisdiction that relate to, inter alia, the duties and powers of directors of the overseas person. See also CP5, on licensing. The RBNZ does not have the power to establish and enforce fit-and-proper standards for owners and senior management of parent companies of New Zealand incorporated banks, but does at the time of application for registration for an overseas incorporated (branch) bank, review at that time the suitability for their positions of the existing directors of the bank (head office), and the existing or proposed chief executive of the New Zealand (branch) operations. Subsequent appointments to the position of the chief executive for the New Zealand operations of an overseas incorporated registered bank require the prior non-objection from the RBNZ, as set out in the bank’s conditions of registration. Assessment of Principle 12 Largely compliant

34 Please refer to Principle 16, Additional Criterion 2.

NEW ZEALAND INTERNATIONAL MONETARY FUND 103 Comments The RBNZ’s supervisory approach, risk and prudential reporting requirements, and monitoring and analysis are based on the registered bank’s banking group as defined in conditions of registration. These conditions allow RBNZ to conduct supervision on a subconsolidated basis, i.e., focused on the registered bank and its subsidiaries. The wider banking group or conglomerate would be considered through the assessment of parent support in the PRESS assessment. However, the corporate structures of New Zealand banking groups are simple and there are no material foreign operations of New Zealand incorporated banks. The four banking groups operating in New Zealand with more complex structures are large Australian banking groups supervised by APRA. As an additional backstop, current powers of the RBNZ seem sufficient to constrain aspects of a bank’s operations and in certain defined circumstances with the consent of the MoF issue directions to a bank that may have the effect of requiring it to cease carrying on a part of its business if risks or concerns on the wider group arise. Currently, the RBNZ pays commensurate attention to consolidated supervision per se, limited to factoring into PRESS risk assessments the “parent support” as a risk factor, as well as maintaining good coordination with the insurance supervisory function of the RBNZ and the FMA (see EC1). The RBNZ would be ready to change its approach to consolidated supervision if the risk profile of the banking groups changes. Moving forward, the RBNZ is advised to prepare itself in case the current circumstances and mitigating factors mentioned above change, and develop a proper framework for consolidated supervision, including, for example, having a proper economic definition of the banking group under supervision, establishing a supervisory methodology to collect and analyze information of intragroup transactions, and developing formal policies to limit the scope of foreign operations of New Zealand incorporated banks on the basis of weak host jurisdiction regulation or supervision. Principle 13 Home-host relationships. Home and host supervisors of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisors require the local operations of foreign banks to be conducted to the same standards as those required of domestic banks. Essential criteria EC1 The home supervisor establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisors. In its broadest sense, the host supervisor who has a relevant subsidiary or a significant branch in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisors.

NEW ZEALAND 104 INTERNATIONAL MONETARY FUND Description and findings re EC1 The RBNZ is not a home supervisor for any bank with material cross-border operations. Therefore, the RBNZ has not established any bank-specific supervisory colleges. As host supervisor, the RBNZ participates in supervisory colleges established by APRA for the National Australia Bank (NAB) and ANZ Bank. APRA organizes ANZ college and NAB college meetings about once every two years. Recognizing the excellent quality of supervisory colleges, the RBNZ’s primary relationship with APRA is on a bilateral basis. The RBNZ also participates in the supervisory college established by DNB for Rabobank (this college is now run by the ECB). The RBNZ attends Rabobank colleges on a cost efficient basis, given its limited significance in the New Zealand financial system (of about 2 percent of total bank assets), and the small share of Rabobank’s New Zealand operations relative to the bank’s global operations. Finally, the RBNZ participates in a limited way in supervisory colleges established by the home supervisors of some banks registered as branches in New Zealand such as HSBC. EC2 Home and host supervisors share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group35 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as MoUs) are in place to enable the exchange of confidential information. Description and findings re EC2 The RBNZ’s most significant home-host relationship is with APRA, as is discussed further in this assessment. Good working relationships between the RBNZ and APRA staff are maintained which facilitates information sharing. Front line supervisors from the RBNZ meet face-to-face with APRA supervisors for a day-long meeting at least once a year to share information. These meetings may also be attended by RBNZ staff from other areas such as the statistics unit or those involved in stress testing. In between these formal meetings, RBNZ and APRA supervisors share information on a confidential basis. Evidence of practice of this relationships where shown to the assessors. A MoU concerning co-operation in banking and insurance supervision was signed with APRA in May 2012. It provides a formal basis for sharing information (the MoU is discussed further in Principle 3, EC2). EC3 Home and host supervisors coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups. Description and findings re EC3 There are good examples of collaboration between the RBNZ and APRA (the primary home-host relationship) in areas of common interest:  APRA and RBNZ collaborate on stress test exercises. The most recent such exercise was an APRA-run stress test in 2014, which encompassed the New Zealand subsidiaries of the four major Australian banks. In this part of the exercise the RBNZ

35 See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on supervisory colleges for further information on the extent of information sharing expected.

NEW ZEALAND INTERNATIONAL MONETARY FUND 105 was involved in preparing the New Zealand scenario (particularly the stress on the agricultural sector), leading communication on all aspects of the stress test with New Zealand banks, analyzing the New Zealand results and providing feedback to the banks.  The RBNZ participates as observer in APRA’s on-site regular inspections of the New Zealand subsidiaries of the four major Australian banks.  As discussed in EC2 of CP3, the RBNZ and APRA signed a MoU in 2005 that sets out cooperation arrangements for the implementation of Basel II. Although there is no such MoU for Basel III implementation, the RBNZ and APRA worked closely on Basel III policy, especially on the alignment of non-viability loss absorbency requirements so that the capital of banks that are subsidiaries of Australian-incorporated banks could be recognized by both regulators. A Bulletin article on The RBNZ’s Application of the Basel III capital requirements describes the alignment of non-viability requirements (see page 14).  In 2016, the Reserve Bank and APRA collaborated on a review of the approach to provisioning for dairy sector losses taken by the Australian-owned New Zealand incorporated banks. However, the level of interdependency between the RBNZ and APRA, as recognized by the authorities in the several agreements and legislation changes that they have achieved, and mentioned several times in this report, would demand that home and host supervisors undertake collaborative work on a more regular basis on the areas of common interest to improve the effectiveness and efficiency of supervision of cross-border banking groups, while achieving their own statutory objectives. Areas such as business continuity, crisis management, or the supervision of banking sector vulnerabilities would benefit from an effective collaborative work between the two supervisors. EC4 The home supervisor develops an agreed communication strategy with the relevant host supervisors. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues. Description and findings re EC4 The RBNZ is not the home supervisor of any bank with material cross-border operations. As host supervisor the RBNZ cooperates with home supervisors to provide feedback on joint activities. Feedback letters following on from supervisory colleges were provided as example of evidence of jointly agreed feedback following an APRA-led supervisory college. EC5 Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early

NEW ZEALAND 106 INTERNATIONAL MONETARY FUND stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. Description and findings re EC5 The dominant position of Australia owned banks in the New Zealand financial system, and the significant importance of the New Zealand operation in the four largest Australian banking groups, recovery and resolution planning inevitably acquires a cross-border context. This high risk profile and systemic importance of the New Zealand operations demands effective cooperation and coordination among the RBNZ and APRA. The legislative basis for cross-border cooperation is section 68A of the RBNZ Act (and parallel provisions in Australian legislation). This legislation imposes obligations on New Zealand and Australian regulators to consult each other and to avoid actions that may have a detrimental effect on financial stability, without unduly constraining the actions of the regulators. A Memorandum of Cooperation (MoC) on Trans-Tasman Bank Distress Management was signed in 2010 by the RBNZ, the New Zealand Treasury, RBA, APRA, ASIC, and the Australia Treasury. The MoC provides a broad framework to promote and facilitate a coordinated response by the participants to a trans-Tasman banking crisis, and to allocate responsibility for particular elements of the response. The MoC states that participants will seek to cooperate where practical in respect of all stages of resolving a crisis situation including in public communication. The MoC also states that the timing of any public announcements of support for the parent bank or the subsidiary will need to be coordinated where possible, given the pressure that announcements in one country could have on the other. As noted in CP3, EC5, in 2011 a crisis simulation exercise was undertaken to test elements of the memorandum. The MoC has not yet been tested in an actual case of stress situation. EC6 Where appropriate, due to the bank’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisors also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures. Description and findings re EC6 Response to EC5 above is also relevant to EC6. In addition, the TTBC, discussed in CP3, was established to monitor and coordinate trans-Tasman home-host regulatory issues, including crisis management preparedness. A key goal for the Council is to promote the coordination and harmonization of trans-Tasman bank regulation where appropriate. However, significant barriers remain to a joint resolution. Further work is being undertaken in the context of the TTBC, which has not yet reached tangible outcomes. As there is no guarantee that an agreement can be reached on joint resolution, the RBNZ as host supervisor has an interest in ensuring domestic financial stability would not be

NEW ZEALAND INTERNATIONAL MONETARY FUND 107 compromised by the process of an orderly separation. For example, the RBNZ’s BS11 (outsourcing policy) was established with this in mind. The outsourcing policy is currently under review. Proposals include requiring large banks (as defined in the policy) to prepare a separation plan from its parent. The outcomes of the revised outsourcing policy will also require banks to satisfy the RBNZ that, where the bank is part of an overseas banking group, the bank is able to meet the requirements of the outsourcing policy as a standalone entity in the event of a separation from its parent in order to provide basic banking services. This situation demands effective collaboration between the different national authorities involved. The RBNZ has engaged with APRA in the review of the outsourcing policy. EC7 The host supervisor’s national laws or regulations require that the cross-border operations of foreign banks are subject to prudential, inspection, and regulatory reporting requirements similar to those for domestic banks. Description and findings re EC7 Cross border operations of foreign banks operating in New Zealand may be registered either as branches or as locally incorporated banks. Banks registered as branches are subject to fewer prudential and reporting requirements compared to banks that are locally incorporated. For instance, branches are not subject to the RBNZ’s capital or liquidity requirements and have fewer governance requirements compared to locally incorporated banks. Branches are also not subject to the RBNZ’s OBR policy. There are limitations on the extent to which foreign banks may operate as branches. If these limits are exceeded, a foreign bank will be required to locally incorporate and will be subject to the same requirements as domestic banks. In particular, local incorporation will be required if any of the following apply: (i) the bank’s liabilities in New Zealand, net of amounts due to related parties exceed NZ$15 billion; (ii) in the case of a retail deposit taker, the entity is incorporated in a jurisdiction that has legislation which gives deposits made, or credit conferred, in that jurisdiction a preferential claim in a winding up; (iii) in the case of a retail depositor, the home jurisdiction does not impose adequate disclosure requirements; and (iv) the applicant is incorporated in a jurisdiction that has unsatisfactory supervisory arrangements (including disclosure arrangements) and market discipline The four largest banks in New Zealand are Australian owned locally incorporated banks, three of them with “dual registration” (subsidiary and branch registrations). As locally incorporated subsidiaries, these banks are subject to similar requirements to domestic banks. However due to their size, these banks are also subject to additional requirements such as outsourcing and OBR requirements that do not apply to smaller domestic banks. EC8 The home supervisor is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisor informs host supervisors of intended visits to local offices and subsidiaries of banking groups.

NEW ZEALAND 108 INTERNATIONAL MONETARY FUND Description and findings re EC8 Section 98A of the RBNZ Act allows the RBNZ to authorize a home country supervisor to conduct an inspection of a New Zealand registered bank provided sufficient provision exists to protect the confidentiality of information obtained by the home country supervisor. The RBNZ is notified of APRA’s intended visits to the New Zealand subsidiaries of Australian banks. EC9 The host supervisor supervises booking offices in a manner consistent with internationally agreed standards. The supervisor does not permit shell banks or the continued operation of shell banks. Description and findings re EC9 There are no registered banks that operate as booking offices or shell banks in New Zealand. The RBNZ Act provides for the RBNZ to register banks taking into account certain application criteria (see CP5). As discussed in EC2 of CP5, the RBNZ will not register shell banks or booking branches because such banks will not meet the application criteria. However, as discussed in CP4, entities incorporated in New Zealand may provide financial services outside New Zealand without having to be licensed as banks or NBDTs in New Zealand. There are a number of New Zealand incorporated entities that operate in this manner, i.e., their business consists of providing financial services solely outside of New Zealand. These entities usually operate over the internet and have no (or limited) physical presence in New Zealand. The RBNZ does not hold any detailed information about New Zealand incorporated entities that provide financial services solely outside of New Zealand. EC10 A supervisor that takes consequential action on the basis of information received from another supervisor consults with that supervisor, to the extent possible, before taking such action. Description and findings re EC10 The RBNZ would consider information that another supervisor provides that is relevant to the New Zealand financial system. In the case of the RBNZ’s relationship with APRA, in May 2012 APRA and the RBNZ signed a MoU concerning co-operation in banking and insurance supervision (see CP3, EC2). While not legally binding, on the basis of the MoU APRA and the RBNZ expect to inform each other of material administrative penalties imposed or other enforcement action taken against any trans-Tasman bank and to provide prior notice of any such action in so far as it is practical to do so. In addition, section 68A of the RBNZ Act is about trans-Tasman cooperation. It is discussed in CP3, EC2. Assessment of Principle 13 Largely compliant Comments The RBNZ is not a home supervisor for any bank with material cross-border operations. As host supervisor, the RBNZ has established an enhanced home-host relationship with APRA compared to common practices worldwide or to those required by this Principle. This reflects the fact that both New Zealand and Australian authorities are conscious that they need to go further than the information exchange that is normally expected in relation with CP13. For example, the trans-Tasman arrangements, including changes in

NEW ZEALAND INTERNATIONAL MONETARY FUND 109 reciprocal legislations (in the case of New Zealand, section 68A of the RBNZ Act), were successfully established. Although there are extensive coordinating efforts, sometimes specific national interests prevent supervisory approaches from being in sync and a view widely shared by stakeholders is that there is room to enhance coordination. Recognizing this unique interdependence, proportionality in this Principle demands continuous effective practice of coordination to plan supervisory activities and undertake collaborative work in common areas of interest to improve the supervision of significant and systemic cross-border banking groups in a cost effective manner (see EC3). The RBNZ is encouraged to be proactive and identify areas of policy making and supervisory practice where cooperation and collaborative work with APRA can deliver tangible results. For example, areas such as cross-border outsourcing risks, analysis of general banking risks, group corporate governance, cross-border funding, assessment of credit exposures, obtaining and analyzing banks’ data, and assessment of risk management systems, could be considered. In addition, collaborative work should also include cross-border crisis management (see EC6), and banking resolution with the rest of the authorities involved (see EC5). The implementation of the OBR policy, for example, is perhaps the first time where these heightened trans-national arrangements have been tested, and the continuous dialogue attests, once again, to the open nature of the communication. Trans-Tasman cooperation arrangements are expected to address cost-efficient solutions that accommodate national interests. In this context, the RBNZ could pursue the possibility of including in the Trans-Tasman Memorandum of Cooperation specific provisions for the Australian authorities to improve the likelihood of continued provision of services to the New Zealand subsidiary by the parent bank or other group member as a supplement to some of the specific systems requirements proposed for separation arrangements. The RBNZ maintains home-host relationships with other relevant home supervisors. B. Prudential Regulations and Requirements Principle 14 Corporate governance. The supervisor determines that banks and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organizational structure, control environment, responsibilities of the banks’ Boards and senior management,36 and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the bank. Essential criteria EC1 Laws, regulations or the supervisor establish the responsibilities of a bank’s Board and senior management with respect to corporate governance to ensure there is effective

36 Please refer to footnote 27 under Principle 5.

NEW ZEALAND 110 INTERNATIONAL MONETARY FUND control over the bank’s entire business. The supervisor provides guidance to banks and banking groups on expectations for sound corporate governance. Description and findings re EC1 Although not enforceable by the RBNZ, the Companies Act 1993 sets responsibilities for the directors of any company in New Zealand.  Section 131(1) requires every director, when exercising powers or performing duties, to act in good faith and in what the director believes to be the best interests of the company.  Part 8 of the Companies Act 1993 imposes a number of other general requirements on directors of companies, including specifically section 137 which imposes a duty of care. The RBNZ operates a three pillar approach to supervision, consisting of self-discipline, market discipline and regulatory discipline. Self-discipline refers to a bank’s internal risk management and governance systems, responsibility for which rests primarily with the bank’s Board and senior management. This emphasis is backed up by the RBNZ document BS14 which provides guidance on good corporate governance generally, and also provides supporting definitions and application guidance for certain governance-related conditions of registration that are imposed on all locally incorporated banks. Before BS14 was issued in December 2010, there was no specific RBNZ policy document on corporate governance: the publication of BS14 served the dual purpose of issuing guidance on good corporate governance, and of expanding on the previous very limited conditions of registration relating to corporate governance. As BS14 notes (paragraph 3(4)), it does not aim to be a comprehensive statement of good corporate practice, since there are many documents elsewhere providing such guidance: it notes that there are two documents that are especially relevant for New Zealand banks, namely:  Corporate Governance in New Zealand Principles and Guidelines: A Handbook for Directors, Executives and Advisers, published by the New Zealand Securities Commission in March 2004; and  The Basel Committee’s Principles for enhancing corporate governance, published in October 2010. Part 2 of BS14 provides supporting material to a number of specific conditions of registration that the RBNZ imposes on all locally incorporated banks, relating to Board composition, the appointment of directors and senior managers, and the Board audit committee. Part 3 of BS14 picks out key points from Principle 2 of the Basel 2010 principles. These cover the qualifications and experience of Board members both individually and

NEW ZEALAND INTERNATIONAL MONETARY FUND 111 collectively, directors’ professionalism and personal integrity, reviewing Board performance, Board involvement in selecting new members, and the balance of skills and expert knowledge on the Board audit committee. RBNZ is planning to impose an additional condition of registration to make non￾compliance with the guidance in Part 3 of BS14 evidence that a bank could be determined not to have been carrying on business in a prudent manner, in terms of s78 of the Act. The purpose is to give additional legal backing to any action the RBNZ might need to take to address any weaknesses identified in the competencies and experience of a bank’s Board generally, or its audit committee in particular. EC2 The supervisor regularly assesses a bank’s corporate governance policies and practices, and their implementation, and determines that the bank has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisor requires banks and banking groups to correct deficiencies in a timely manner. Description and findings re EC2 The RBNZ does not assess in a comprehensive way banks’ corporate governance policies and practices, and how they are implemented. However, corporate governance is one of the matters on which supervisors need to form a view, in assessing a bank’s control risks under the PRESS framework. This assessment generally focuses on the outcomes achieved rather than banks’ policies and processes delivering those outcomes. The PRESS guidance document lists the following issues for supervisors to consider:  Strength and quality of the Board (sufficient mix of skills, knowledge and experience).  Corporate values and code of conduct.  Clear and transparent corporate structure (not complex or opaque).  Quality of CEO and senior management (sufficient experience, knowledge and control).  Management of conflicts of interest (conflict of interest policy).  Separate audit (or audit and risk) committee with a reporting line to the Board.  Independent risk management (including CRO), compliance and internal audit functions.  Compensation policy (compensation should not be based primarily on financial performance). The RBNZ has identified material deficiencies in corporate governance arrangements in the course of supervisory engagement with banks, and has required banks to correct them. One example discussed with assessors concerned a bank implementing changes in one of its IRB models for credit risk without seeking the RBNZ’s prior approval. A discussion with the bank’s CFO was followed by a request for information, issued under

NEW ZEALAND 112 INTERNATIONAL MONETARY FUND s93 of the RBNZ Act, on the structure and reporting lines of the risk teams in New Zealand and in the home country. This confirmed that the CRO and CFO of the New Zealand bank both had ‘solid’ reporting lines to the CRO and CFO of parent, as well as to the NZ CEO. In response to a letter from the RBNZ, the bank changed their executive delegations to remove solid reporting lines to the parent bank. EC3 The supervisor determines that governance structures and processes for nominating and appointing Board members are appropriate for the bank and across the banking group. Board membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, Board structures include audit, risk oversight and remuneration committees with experienced non-executive members Description and findings re EC3 The RBNZ does not formally review banks’ governance structures and processes for nominating and appointing Board members. The RBNZ does impose, via conditions of registration, standard minimum requirements on the composition of bank Boards, namely:  minimum of five directors;  majority of Board members (i.e., more than half) must be non-executive;  at least half of Board members must be independent;  any alternate for a non-executive director must be non-executive, and for an independent director must be independent;  at least half of the independent directors must be ordinarily resident in New Zealand; and  chairperson must be independent (and counts towards the required total of independent directors). Guidance in BS14 sets out the RBNZ’s expectations of the experience and competence of all Board members, individually and collectively, including non-executive directors. The RBNZ’s non-objection requirement provides the opportunity to object to any proposed Board appointee who clearly lacks experience that is either relevant in general, or that the Board may particularly need at that point.

The guidance in BS14 also includes the following expectation on the Board’s own involvement in assessing suitability of new members: “to the extent that it is involved in identifying potential Board members, the Board should ensure that the candidates are qualified to serve as Board members and are able to commit the necessary time and effort to fulfil their responsibilities” (clause 17(7)). The RBNZ imposes a specific requirement for banks to have an audit committee. Specifically, a bank must have a Board audit committee, or other separate Board

NEW ZEALAND INTERNATIONAL MONETARY FUND 113 committee covering audit matters, whose mandate includes ensuring the integrity of the bank’s financial controls, reporting systems, and internal audit standards. A bank’s audit committee must have at least three members, all of them non-executive and a majority independent, and the chairperson of the committee must be independent and must not be the chairperson of the Board. The RBNZ does not impose specific requirements for bank Boards to have risk oversight or remuneration committees. One of the planned follow-up actions from the Regulatory Stocktake is to impose a standard condition of registration on every locally incorporated bank, requiring the bank to have internal processes in place to ensure the suitability of directors and senior managers, and that these processes have been complied with. The main purpose of this change is to address the issue that the RBNZ’s non-objection process for directors and senior managers currently only applies on initial appointment, and there is no form of regular follow-up. EC4 Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty.”37 Description and findings re EC 4 The Companies Act 1993 imposes requirements on Board members, as discussed under EC1 above: s137 imposes a ‘duty of care’ and s131 imposes a ‘duty of loyalty’, reinforced by the standard condition of registration that prohibits a bank’s constitution from including any provision that allows a director to act other than in the best interests of the bank. The Companies Act imposes severe penalties for a serious breach of the director’s duty to act in good faith and in the best interests of the company (up to five years’ imprisonment or a fine of up to $200,000). EC5 The supervisor determines that the bank’s Board approves and oversees implementation of the bank’s strategic direction, risk appetite38 and strategy, and related policies, establishes and communicates corporate culture and values (e.g., through a code of conduct), and establishes conflicts of interest policies and a strong control environment. Description and findings re EC5 For the 10 largest banks, the RBNZ regularly obtains copies of the bank’s Risk Appetite Statement and its annual strategic plan. The RBNZ can determine from this the Board’s role in approving the bank’s strategic direction, and risk appetite. The RBNZ does not

37 The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to approach the affairs of the company in the same way that a ’prudent man’ would approach their own affairs. Liability under the duty of care is frequently mitigated by the business judgment rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.” 38 “Risk appetite” reflects the level of aggregate risk that the bank’s Board is willing to assume and manage in the pursuit of the bank’s business objectives. Risk appetite may include both quantitative and qualitative elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and “risk tolerance” are treated synonymously.

NEW ZEALAND 114 INTERNATIONAL MONETARY FUND directly and systematically determine that the Board oversees implementation of the bank’s strategic direction and risk appetite, but gains some insight into this from regular discussions with independent directors, and from discussions with senior management on the bank’s strategic direction. The supervisor requires this insight to assess the bank’s strategic risks within its overall PRESS assessment. The RBNZ also has discussions on strategic direction with other smaller registered banks, but on a more ad hoc basis. The RBNZ does not assess in a direct or structured way how bank Boards communicate corporate culture and values throughout the bank, and does not routinely obtain copies of any corporate codes of conduct that banks may have. Banks are required to include some specific information relating to conflicts of interest in their full year disclosure statements:  For each director, details of any transaction between the director (or a close associate of the director) and the bank (or another member of the banking group) that are not on normal commercial terms, or could otherwise be reasonably likely to materially influence the director in carrying out his or her duties.  The Board policy for avoiding or dealing with conflicts of interest which may arise from the personal, professional or business interests of the directors. Directors are required to attest every quarter that credit exposures to connected persons were not contrary to the interests of the banking group (see local OIC, Schedule 2, clause 17). Banks are also subject to a condition of registration that exposures to connected persons are not on more favorable terms than corresponding exposures to non￾connected persons, and directors must attest every quarter that all conditions have been met (details of this requirement are set out in the policy document BS8). The RBNZ thus determines that the Board establishes conflicts of interest policies in these specific areas, namely (1) the directors’ own conflicts of interest, and (2) providing loans to connected parties. The RBNZ does not determine whether a bank’s Board establishes conflicts of interest policies more generally, nor is it generally able to assess the Board’s involvement in establishing a strong control environment. EC6 The supervisor determines that the bank’s Board, except where required otherwise by laws or regulations, has established fit-and-proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of Board strategies, including monitoring senior management’s performance against standards established for them. Description and findings re EC6 The RBNZ does not actively determine these outcomes in a comprehensive way. It relies on the strength of the incentives on directors to ensure the right outcomes. To be able to sign their attestations in respect of risk management systems and compliance with conditions of registration, directors have to be able to place reliance on the expertise and integrity of the bank’s senior management.

NEW ZEALAND INTERNATIONAL MONETARY FUND 115 The regular meetings with banks’ chairs and independent directors provide an opportunity to discuss directors’ views on key senior management, and how they form those views. EC7 The supervisor determines that the bank’s Board actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with long-term objectives and financial soundness of the bank and is rectified if there are deficiencies. Description and findings re EC7 The RBNZ has not to date reviewed banks’ compensation systems, and their Boards’ role in it, on a systematic in-depth basis. The RBNZ follows a targeted, risk-based approach to the risks arising from compensation arrangements. For instance, in its thematic review of housing lending carried out over 2013-2014, the RBNZ asked banks for details of their compensation arrangements for front-line lending staff, to assess whether incentives were appropriately aligned with the bank’s longer-term performance. The banks covered by this exercise were the five largest mortgage lenders, making up 96 percent of the market. This exercise looked specifically at the nature of the arrangements in place, not the Board’s role in overseeing those arrangements. EC8 The supervisor determines that the bank’s Board and senior management know and understand the bank’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g., special-purpose or related structures). The supervisor determines that risks are effectively managed and mitigated, where appropriate. Description and findings re EC8 The RBNZ takes a risk-based approach to the question of whether Board and senior management understand issues arising from complex structures. The RBNZ does not determine this criterion on a mechanistic basis across all banks, but would obtain information and raise questions with directors or senior managers as necessary if any bank did give cause for concern. Based on its knowledge of how New Zealand banking groups structure their business and on information in financial statements, the RBNZ is confident that this is not currently a material source of risk. EC9 The supervisor has the power to require changes in the composition of the bank’s Board if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. Description and findings re EC9 The RBNZ Act gives the RBNZ the power to remove, replace or appoint directors of any bank. However, the criteria for exercising these powers represent high hurdles, and most of them do not relate directly to how individual directors may be carrying out their duties. The most relevant criteria are that a director has failed to comply with the Act or regulations made under the Act, that a director has been convicted of an offense against the Act, or that the business of the bank has not been conducted in a prudent manner. Other criteria in s113(1) that relate to the registered bank could be tied back to an individual director, or to the Board as a whole, depending on the circumstances. The

NEW ZEALAND 116 INTERNATIONAL MONETARY FUND RBNZ must also have reasonable grounds to believe that it is necessary to remove, replace or appoint a director of the bank, and must obtain the prior consent of the MoF. Although directors cannot be appointed without the non-objection of the RBNZ, there is no direct mechanism for the RBNZ to withdraw that non-objection and thereby require a director to resign, separate from the exercise of s113B of the RBNZ Act. The RBNZ recently concluded that it would not be able to determine that a bank was not “carrying on business in a prudent manner” in terms of s78 of the RBNZ Act, if the bank’s Board fell short of the guidelines in Part 3 of BS14. Following consultation carried out as part of the Regulatory Stocktake, the RBNZ plans to impose a condition of registration (under s74 of the Act) concerning Board skills and experience on all locally incorporated banks. A breach of a condition of registration provides another ground (in s113(1)(h)) for exercising s113B. The planned change referred to under EC3 above is also relevant under this EC. This would reinforce banks’ own responsibility to consider whether individual directors continue to fulfil the role expected of them on the Board. This approach may also be buttressed by providing high level guidance on RBNZ’s expectations around how these internal processes should work. Additional criteria AC1 Laws, regulations or the supervisor require banks to notify the supervisor as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of a bank’s Board member or a member of the senior management. Description and findings re AC1 There is no formal regulation or supervisory requirement that requires any such notification at present. Notification is a supervisory expectation, but it relies on banks volunteering the information and judging the type of information that calls into question the fitness and propriety of a director or senior manager. Assessment of Principle 14 Materially Noncompliant Comments The Companies Act 1993 and RBNZ requirements impose duties on the Board of a bank to take responsibility for overseeing the way the bank is run. The RBNZ (BS14) gives guidance on the experience, qualification and personal qualities expected of bank Board members individually, and of the Board as a whole. It operates a non-objection regime to ensure that minimum fit-and-proper standards are met, and has in practice an ability to require changes in the composition of banks’ Boards. There are requirements for bank Boards to have a minimum number of independent directors, and to have an audit committee. The directors’ attestation requirement gives directors a strong incentive to ensure that senior management in risk control areas are competent to discharge their duties effectively.

NEW ZEALAND INTERNATIONAL MONETARY FUND 117 However, a number of aspects of the essential criteria are not met by the RBNZ supervisory approach. For instance, the RBNZ does not review the governance structures and processes for nominating and appointing Board members (EC3); it has insufficient engagement with bank Boards to be certain whether directors are effective and exercise their duty of care and duty of loyalty (EC4), or to determine that the Board has communicated corporate culture and values and established a strong control environment (EC5). Nor does the RBNZ look into a Board’s approach to selecting senior management, or find out how a Board oversees senior management’s execution of Board strategies and monitors their performance (EC6). And the RBNZ does not give any consideration to Board remuneration committees (EC3), or to the bank’s compensation system as a whole and the Board’s role in overseeing it (EC7) (although the RBNZ does take account of compensation arrangements in specific business lines, prioritizing the most significant areas of risk within its rolling program of targeted reviews). The RBNZ is broadly compliant with criteria dealing with requirements applying to bank Boards and with the ability to ensure that Boards have the right mix of skills and experience, particularly given the implementation of BS14 since 2010; but is not compliant in a number of criteria that require the supervisor to assess hands-on how a bank’s Board operates. Directors attest that the bank had systems in place to monitor the bank’s material risks, and that those systems were being properly applied. This would not include matters such as the way that the Board monitors the performance of senior managers, or establishes remuneration arrangements. However, the planned change noted under EC3 would tie continuing suitability of directors and senior managers to a condition of registration, and hence link this particular matter to the directors’ attestation. The guidance issued under BS14 is narrow and focused on Board composition and qualifications. The guidance does not address supervisory expectations on risk appetite statements, strategic planning and policy development and implementation. Under the self-discipline pillar, the RBNZ leaves the main responsibility for overseeing the running of a bank to its Board, subject to some basic initial checks on competence and probity, and requirements on Board composition. The BCP requires much closer involvement of the supervisor in determining how the Board carries out its role, than is represented by the current schedule of meetings with chairs and independent directors of banks. Principle 15 Risk management process. The supervisor determines that banks39 have a comprehensive risk management process (including effective Board and senior

39 For the purposes of assessing risk management by banks in the context of Principles 15 to 25, a bank’s risk management framework should take an integrated “bank-wide” perspective of the bank’s risk exposure,

NEW ZEALAND 118 INTERNATIONAL MONETARY FUND management oversight) to identify, measure, evaluate, monitor, report and control or mitigate40 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of the bank. The risk management process is commensurate with the risk profile and systemic importance of the bank.41 Essential criteria EC1 The supervisor determines that banks have appropriate risk management strategies that have been approved by the banks’ Boards and that the Boards set a suitable risk appetite to define the level of risk the banks are willing to assume or tolerate. The supervisor also determines that the Board ensures that: (a) a sound risk management culture is established throughout the bank; (b) policies and processes are developed for risk-taking, that are consistent with the risk management strategy and the established risk appetite; (c) uncertainties attached to risk measurement are recognized; (d) appropriate limits are established that are consistent with the bank’s risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff; and (e) senior management takes the steps necessary to monitor and control all material risks consistent with the approved strategies and risk appetite. Description and findings re EC1 Directors are required to attest, via disclosure statements, that the bank has systems in place to monitor and control adequately material risks. However, the RBNZ has not issued guidelines to provide directors with its expectations as to what constitutes adequate systems and controls. Therefore, attestations will not always be against common benchmarks for New Zealand banks. The RBNZ obtains information and forms views on the adequacy of banks’ risk management strategies and setting of risk appetite. This comes from a variety of sources, and is undertaken in a risk-based fashion: that is, more information is obtained from the bigger banks, and also in the context of the biggest emerging risks. This information

encompassing the bank’s individual business lines and business units. Where a bank is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 19 under Principle 1) and should also take account of risks posed to the bank or members of the banking group through other entities in the wider group. 40 To some extent the precise requirements may vary from risk type to risk type (Principles 15 to 25) as reflected by the underlying reference documents. 41 It should be noted that while, in this and other Principles, the supervisor is required to determine that banks’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with a bank’s Board and senior management.

NEW ZEALAND INTERNATIONAL MONETARY FUND 119 feeds in to the supervisor’s assessment of the bank’s control risks as part of the overall summary assessment under the PRESS process. The RBNZ annually obtains and reviews risk appetite statements from the 10 largest banks, which allows it to determine whether risk management strategies and appetite are approved by the Board, and to assess the adequacy of the bank’s risk strategy. The RBNZ also requests various bank internal risk reports on a regular basis. For the five largest banks these typically include a report against risk appetite, a business risk profile, and various reports relating to specific risks. The RBNZ can see which of these reports are going to the Board. The amount of reports requested is somewhat less for the next five largest banks, and less again for the five smallest local banks. The RBNZ meets jointly with the CRO and CFO of the ten largest locally incorporated banks annually, and these meetings provide an opportunity to discuss the bank’s risk management framework. Recent thematic reviews of particular risk areas have also included some consideration by the RBNZ of the general risk framework within which specific risks are addressed. The thematic review of housing lending by the five largest banks (March 2014) included a review of the risk appetite framework and how risk appetite is promulgated through the bank. This found that banks generally had Board-set risk appetites and suitable processes to cascade appetite for different risks through the bank. A review of the ten largest banks’ ICAAPs (completed in June 2015) also considered banks’ overall risk management approach, as well as how risks links specifically to capital. For the big four Australian subsidiaries, the RBNZ is also able to draw on reviews carried out by APRA (as parent group supervisor), and by the parent bank itself. As with the RBNZ’s own work, these may look at the overall risk management framework, or at some specific risk area that sheds light on some aspect of the framework, possibly identifying matters for improvement. Market discipline also puts incentives on banks to have appropriate risk management strategies: in the local OIC, Schedule 17 clause 2 requires a bank in its full year disclosure statement to provide details of its risk management objectives, policies, strategies and processes generally, and specific details on the management of each material risk. The RBNZ does not pro-actively or comprehensively determine the Board’s role in ensuring that the objectives of the risk appetite statement are rolled out across the bank (in line with the points (a) to (e) specified in this EC). The RBNZ gains a limited impression of this from the regular meetings which are held with the bank’s chairperson and independent directors (for the five largest banks – independent directors once a year, chairperson separately twice a year; for the next five largest banks – independent directors once a year, chairperson separately once a year; for the five other small local

NEW ZEALAND 120 INTERNATIONAL MONETARY FUND banks, jointly with the chairperson and independent directors once a year). These discussions can give the RBNZ an idea of how well Board members understand their risk management role. The regular meetings with CRO and CFO will also give some insight into the Board’s role. The quarterly directors’ attestations provide a source of assurance that banks’ Boards are ensuring that some of the outcomes (a) to (e) are being achieved. Directors are subject to potentially severe penalties for recklessly attesting that systems are in place to monitor and control all of the banking group’s material risks and are being properly applied, and therefore have strong incentives to ensure that senior management have put in place the appropriate risk management framework, including limit structures, and are actively ensuring that the right attitude to risk is cascaded to relevant front-line staff. EC2 The supervisor requires banks to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisor determines that these processes are adequate: (a) to provide a comprehensive “bank-wide” view of risk across all material risk types; (b) for the risk profile and systemic importance of the bank; and (c) to assess risks arising from the macroeconomic environment affecting the markets in which the bank operates and to incorporate such assessments into the bank’s risk management process. Description and findings re EC2 In most areas of risk, the RBNZ does not impose direct requirements on banks to have comprehensive risk management policies and processes. The main mechanism to achieve that outcome is the directors’ attestation requirement: in every disclosure statement, the directors must attest that, over the reporting period covered by the disclosure statement:  the registered bank had systems in place to monitor and control adequately the material risks of the banking group, including credit risk, concentration of credit risk, interest rate risk, currency risk, equity risk, liquidity risk, operational risk and other business risk, and that those systems were being properly applied. The RBNZ does impose some risk management requirements specifically in relation to (1) overall adequacy of capital, and (2) management of liquidity risk: Capital adequacy All locally incorporated banks are subject to a condition requiring them to have an ICAAP that accords with the requirements set out in the policy document BS12. Liquidity risk All locally incorporated banks are subject to a condition that requires them to have an internal framework for liquidity risk management with key specific features, backed up by more general guidance given in Section D of the policy document BS13, Liquidity Policy.

NEW ZEALAND INTERNATIONAL MONETARY FUND 121 As the RBNZ reviews the adequacy of how banks are managing risks in a targeted, risk￾based manner, it does not determine in a systematic way whether a bank’s risk management policies are adequate as a whole to provide a comprehensive bank-wide view of risk across all material risk types. However, the RBNZ forms a view on the level of control risk of each bank as part of its PRESS supervisory approach, and draws on a range of sources to do so. These may include for example discussions with the CRO, input from the parent bank and parent bank supervisor, or a thematic review (such as the ICAAP review). If this process identifies particular problems, the RBNZ will seek improvements. The RBNZ does not determine specifically that a bank’s risk management framework focusses adequately on risks emerging from the macroeconomic environment. However regular prudential interviews with CEOs, CROs and others give the RBNZ the chance to discuss high-level emerging risks, and thus to form a view on how well senior management are picking up on such risks. EC3 The supervisor determines that risk management strategies, policies, processes and limits are: (a) properly documented; (b) regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk profiles and market and macroeconomic conditions; and (c) communicated within the bank The supervisor determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorization by, the appropriate level of management and the bank’s Board where necessary. Description and findings re EC3 The RBNZ does not determine compliance on a comprehensive basis across all risk management strategies, policies, processes and limits of all locally incorporated banks. Rather, it relies on a combination of regulatory requirements relating to these outcomes, directors’ attestations, selected documentation obtained in a risk-based manner on banks’ risk management frameworks, working top-down from the highest level (typically the risk appetite statement) to more detailed specifications, and risk-based thematic reviews. The annual requests to banks for key Board and senior management reports deliver a number of documents that provide evidence that the most important parts of the risk management framework are properly documented, and allow the RBNZ to review how these documents are reviewed and updated over time. EC4 The supervisor determines that the bank’s Board and senior management obtain sufficient information on, and understand the nature and level of risk being taken by the bank and how this risk relates to adequate levels of capital and liquidity. The supervisor also determines that the Board and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive.

NEW ZEALAND 122 INTERNATIONAL MONETARY FUND Description and findings re EC4 The directors’ attestation on risk management systems does not relate specifically to the information directors receive on the level and nature of risk that a bank takes on. Supervisors do not routinely review Board meeting minutes to gain insights on Board involvement. A determination that Boards and senior management understand the nature and level of risk taken on by the bank, how it relates to adequate capital and liquidity, and the limitations and uncertainties of the information they receive is made through conversations with the relevant people. The RBNZ relies mainly on routine meetings with independent directors, the CRO and CFO, and the Chief Executive to form a view on this. The ICAAP review in 2015 found that the five largest locally incorporated banks generally report risk and capital metrics adequately, but did not specifically produce reports that would help senior management to assess the sensitivity and reasonableness of central assumptions. The review found that the next five largest domestic banks reported risks adequately, but there was less evidence that they link risks to capital. In relation to adequate liquidity, the supervisory teams are currently developing plans for a ‘theme day’ on market risk, funding, and liquidity risk management with each of the five largest banks, and, potentially the smaller domestic banks. Among other things, this exercise will cover banks’ compliance with the qualitative and quantitative requirements of BS13. It is anticipated that this will develop into an annual engagement with each bank. EC5 The supervisor determines that banks have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisor reviews and evaluates banks’ internal capital and liquidity adequacy assessments and strategies. Description and findings re EC5 The RBNZ does not review and evaluate these outcomes across all banks on a continuing basis. Consistent with its supervisory approach, it obtains a reasonable level of comfort from a combination of regulatory requirements, self-discipline via directors’ attestations, and market discipline, backed up by thematic reviews of different aspects of the larger banks’ risk management carried out on a rolling basis. EC6 Where banks use models to measure components of risk, the supervisor determines that: (a) banks comply with supervisory standards on their use; (b) the banks’ Boards and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and (c) banks perform regular and independent validation and testing of the models The supervisor assesses whether the model outputs appear reasonable as a reflection of the risks assumed.

NEW ZEALAND INTERNATIONAL MONETARY FUND 123 Description and findings re EC6 The RBNZ is only involved with banks’ models that relate to specific supervisory requirements. These are:  Internal Ratings Based approaches to modelling credit risk, for determining capital requirements for credit risk;  Advanced Measurement Approach (AMA) models for determining operational risk capital requirements; and  Stress testing models to contribute to assessing overall capital adequacy, required as part of the ICAAP policy (BS12). The RBNZ does not set supervisory standards for the use of market risk VaR models or any other models apart from those above, and does not determine any of the above matters in relation to their use. The big four Australian subsidiaries have been accredited to use IRB and AMA models. To be able to decide on model accreditation, the RBNZ needs to obtain information on the methodology of any model that a bank wishes to use for capital adequacy calculations. However, the RBNZ does not verify on-site or from ongoing information requests that a bank is operating an accredited model exactly as the bank has described it. Nor does it determine that a bank meets every one of the requirements for IRB or AMA model use set out in BS2B (Subpart 4C for IRB, paragraphs 8.4 to 8.34 for AMA). The RBNZ made clear its expectation of Board involvement in a bank’s use of Basel II models right from the initial application process. This included for instance that “the Board Chair, on behalf of the Board, will have to attest that, after reasonable inquiry, the Board believes that information provided in the application is accurate and fairly presents the bank’s state of readiness to implement Basel II’s internal models approaches”. Directors’ attestations that all conditions have been met, along with specific requirements in BS2B tying responsibility for credit risk and operational risk models to the Board, give the RBNZ comfort that banks comply with supervisory standards on the use of these models. The RBNZ has not determined in a systematic way that banks’ Boards and senior management do in practice understand the limitations of models. However, it did hold meetings in 2014 with the Board Chairs of each of the four modelling banks specifically on the subject of IRB and AMA models used for capital adequacy purposes, with the aim of learning about the type of information on these models that is presented to the Board, and the Board’s involvement in decisions and processes around internal models. The RBNZ may also obtain insights into this question more generally from routine prudential meetings with bank chairs and other independent directors, and with senior management such as CFO and CRO.

NEW ZEALAND 124 INTERNATIONAL MONETARY FUND After initial accreditation, the RBNZ does not determine on a regular basis that banks carry out regular validation and testing of IRB and AMA models in accordance with the specific requirements set out in BS2B. Model validation could be the subject of a thematic review at some point, but the RBNZ has to date regarded it as higher priority to focus on the quality of the models, and use accreditation as a lever to improve that. EC7 The supervisor determines that banks have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products and counterparties. The supervisor also determines that these reports reflect the bank’s risk profile and capital and liquidity needs, and are provided on a timely basis to the bank’s Board and senior management in a form suitable for their use. Description and findings re EC7 The RBNZ does not directly and comprehensively determine the adequacy of a bank’s information systems for measuring the bank’s risk exposures and their capital and liquidity needs. This would require on-site supervision, which is not consistent with the RBNZ’s supervisory model or prioritization of use of its limited resources. The RBNZ relies to some extent on internal and external audit for comfort that information systems measure and assess exposures adequately:  Although the main work of internal audit is to check that the processes for producing risk management reports have been properly followed, they may pick up material deficiencies in the information systems generating those reports, and would raise these with the supervisor.  The external auditor carries out an audit of a bank’s financial statements with the objective of providing reasonable assurance that the totals presented in the bank’s statement of position give a true and fair view of the bank’s position in accordance with applicable reporting standards (i.e., NZ IFRSs). While this is not directly assessing whether the bank’s information systems are adequate for measuring the bank’s exposures, the audit is likely to pick up any material deficiencies in the way that those systems measure the value of balance sheet items for accounting purposes, which typically will also lead to weaknesses in the way that exposures are measured for risk management purposes. If the RBNZ had particular concerns about some aspect of a bank’s information systems for measuring and assessing exposures, it could use the power it has under s95 of the RBNZ Act to require that the bank provide it with a report prepared by a person approved by the RBNZ. The RBNZ routinely obtains copies of banks’ key internal reports on risk exposures submitted to senior management and the Board that are relevant for allowing it to assess banks’ risk profiles under its PRESS supervisory approach. The RBNZ is also advised of changes and improvements in banks’ risk and financial management reports, and in that

NEW ZEALAND INTERNATIONAL MONETARY FUND 125 case obtains copies to ascertain whether it would be useful to receive them on a regular basis in future. Assessment of these reports, along with the regular meetings with banks’ independent directors and with senior management, allows the RBNZ to determine whether these reports are sufficiently timely and suitable for the use of the Board and senior management. EC8 The supervisor determines that banks have adequate policies and processes to ensure that the banks’ Boards and senior management understand the risks inherent in new products,42 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model, and major acquisitions). The supervisor determines that the Boards and senior management are able to monitor and manage these risks on an ongoing basis. The supervisor also determines that the bank’s policies and processes require the undertaking of any major activities of this nature to be approved by their Board or a specific committee of the Board. Description and findings re EC8 Strategic risk is one of the key risks covered under the heading of ‘Business Risks’ within the RBNZ’s PRESS supervisory framework. The RBNZ assesses the potential risks arising from a bank’s general strategic direction. Regular meetings with a bank’s CEO, Chair, or CFO and CRO (as relevant) would typically include discussion of the bank’s general strategic direction and of any major new initiatives, such as major acquisitions, major systems upgrades, changes of focus on particular lines of business, or changes in risk tolerance in particular areas. However, none of this goes to the level of detail of the RBNZ determining that bank Boards and senior management understand the risks inherent in launching new products or other major initiatives, or can manage these risks on an ongoing basis. Nor does the RBNZ confirm that any major initiative by a bank has to be approved at Board or Board sub-committee level. EC9 The supervisor determines that banks have risk management functions covering all material risks with sufficient resources, independence, authority and access to the banks’ Boards to perform their duties effectively. The supervisor determines that their duties are clearly segregated from risk-taking functions in the bank and that they report on risk exposures directly to the Board and senior management. The supervisor also determines that the risk management function is subject to regular review by the internal audit function. Description and findings re EC9 The RBNZ determines these matters drawing on a number of sources (more for the larger locally incorporated banks than for the smaller ones). It assesses banks’ risk management frameworks against a standard ‘three lines of defense’ model. This model requires as the second line of defense an independent risk management function that has sufficient resources and separation from the first line of defense (the risk limits within which the front-line staff originating business work). The third line of defense includes an internal audit function that reviews the effective operation of the first and second lines of defense.

42 New products include those developed by the bank or by a third party and purchased or distributed by the bank.

NEW ZEALAND 126 INTERNATIONAL MONETARY FUND One key source for these assessments is the annual meetings the RBNZ holds with the internal auditors of the 10 largest local incorporated banks. The meetings may include a discussion with the auditor on the strengths and weaknesses of internal controls and risk management within the three lines of defense framework, and also views on their relationship in practice with the second line of defense. These discussions would as a matter of course determine whether the internal auditor regularly reviews the risk management function. The RBNZ obtains further information on the risk management function from a different viewpoint in its routine annual meetings with bank CROs. Thematic reviews also consider the overarching risk management framework, and the risk management function in respect of the specific risk that is the focus of the review. This gives more in-depth insights in a particular area chosen for its importance to systemic risk. For example, the RBNZ carried out a thematic review of the five biggest banks’ housing lending in 2014, which identified some areas of weakness to be addressed. A series of ‘theme days’ with the big four banks in December 2015 covered operational risk among other matters, and the three lines of defense model was first on the agenda for the session on operational risk. Some of the regular internal reports that the RBNZ routinely receives from banks are reports on risk exposures, allowing it to see which reports go to which levels of senior management and the Board. EC10 The supervisor requires larger and more complex banks to have a dedicated risk management unit overseen by a Chief Risk Officer (CRO) or equivalent function. If the CRO of a bank is removed from his/her position for any reason, this should be done with the prior approval of the Board and generally should be disclosed publicly. The bank should also discuss the reasons for such removal with its supervisor. Description and findings re EC10 There is no explicit regulatory requirement for banks to have a dedicated risk management unit overseen by a CRO or equivalent. However, large banks have a CRO function. There are no formal requirements that the removal of a CRO should be approved by the Board in advance, or that it should be disclosed publicly. EC11 The supervisor issues standards related to, in particular, credit risk, market risk, liquidity risk, interest rate risk in the banking book and operational risk. Description and findings re EC11 The RBNZ has not issued standards on risk management for most of these risks. Liquidity risk is the one risk where the RBNZ has issued comprehensive risk management guidelines. In developing its liquidity policy (BS13), the RBNZ decided that it should impose some specific quantitative ratio requirements on its banks, and that it would also be desirable to broadly align with Basel Committee requirements. At that time (2008), the Basel Committee had not announced its plans to develop quantitative requirements, but had included qualitative guidance for banks in its Principles for Sound Liquidity Risk

NEW ZEALAND INTERNATIONAL MONETARY FUND 127 Management and Supervision, so the RBNZ included risk management guidelines that are based on these Principles. Banks that are accredited to use the AMA approach to determine their operational risk capital requirement must meet certain high level standards on operational risk management, set out in Part 8 of BS2B. See the responses on EC2 and EC3 under CP25. The RBNZ’s guidance on banks’ ICAAPs also sets out the following high-level considerations on a bank’s risk management framework as a pre-requisite for determining overall capital adequacy):  “A sound risk management framework is a pre-requisite for the effective assessment of a bank’s overall capital adequacy position. This framework should include robust Board and senior management oversight, risk monitoring and reporting processes, and regular independent review. There should be credible and consistent policies and procedures to identify, measure, and report all material risks that the bank faces.”  “The Board is responsible for setting the bank’s tolerance for risk, and ensuring that the bank’s business remains within that risk tolerance. To achieve this, the Board should ensure that management establishes a framework for assessing the various risks, develops a system to relate risk to the bank’s capital level, and sets up a method for monitoring compliance with internal risk management policies”.  “Bank management should understand the nature and level of risk that the bank takes. They are responsible for ensuring that internal risk management processes are appropriately sophisticated and formal for the size and nature of the bank’s business. Bank management is responsible for establishing strong internal processes that state capital adequacy goals with respect to risks”. EC12 The supervisor requires banks to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialize and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the bank. The supervisor, working with resolution authorities as appropriate, assesses the adequacy of banks’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisor seeks improvements if deficiencies are identified. Description and findings re EC12 The RBNZ has specific contingency planning requirements for liquidity risk, and addresses within its general supervisory approach banks’ contingency planning for other risks crystallizing. EC13 The supervisor requires banks to have forward-looking stress testing programs, commensurate with their risk profile and systemic importance, as an integral part of their

NEW ZEALAND 128 INTERNATIONAL MONETARY FUND risk management process. The supervisor regularly assesses a bank’s stress testing program and determines that it captures material sources of risk and adopts plausible adverse scenarios. The supervisor also determines that the bank integrates the results into its decision-making, risk management processes (including contingency arrangements) and the assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisor’s assessment includes the extent to which the stress testing program: (a) promotes risk identification and control, on a bank-wide basis (b) adopts suitably severe assumptions and seeks to address feedback effects and system-wide interaction between risks; (c) benefits from the active involvement of the Board and senior management; and (d) is appropriately documented and regularly maintained and updated. The supervisor requires corrective action if material deficiencies are identified in a bank’s stress testing program or if the results of stress tests are not adequately taken into consideration in the bank’s decision-making process. Description and findings re EC13 Banks are required to have an ICAAP that accords with the requirements set out in the document BS12. Paragraph 12 of BS12 says “the bank should perform rigorous and forward-looking stress tests that identify plausible severe loss events or adverse changes in market conditions, and assess their impact on the bank’s capital adequacy”. This is in the context set by paragraph 8 of BS12, “the level of detail and sophistication of the analysis required in a bank’s ICAAP depends on the size, nature and complexity of the bank’s business”.

Banks accredited to use IRB models for credit risk must also meet the Basel minimum requirements for the IRB approach, and these include a stress-testing requirement: this is set out in paragraphs 4.252 to 4.254 of the policy document BS2B. The joint APRA/RBNZ stress-test exercise for the four largest banks in 2014, and information that the RBNZ gathered over 2014-15 from the five largest banks on their stress-testing methodology, led to the RBNZ identifying areas for improvement. The RBNZ also engaged the five domestically owned banks in a basic credit stress test in 2014. This exercise was designed as an introduction to stress-testing for these banks, and was intended to be the first step in a continuing process to enhance stress-testing capacity at these banks. The stress-testing frameworks of the ten largest locally incorporated banks were also considered as part of the ICAAP thematic review. This did not look at the quality of stress-testing models as such, but for instance considered how formalized the stress￾testing processes are, and the degree of Board involvement. These were found to be

NEW ZEALAND INTERNATIONAL MONETARY FUND 129 satisfactory at the largest banks, while some areas for improvement were noted at some of the smaller banks. For 2015/16, the RBNZ has given the four largest banks a common scenario to use in their internal process so that the results can be compared directly across banks. EC14 The supervisor assesses whether banks appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. Description and findings re EC14 The RBNZ does not assess this systematically and pro-actively across all banks. Supervisors generally spend very little time assessing how banks account for risks in performance measurement or in new product approval, or how they determine internal pricing either via documentation requested from banks, or in discussion with relevant people such as the CRO. Additional criteria AC1 The supervisor requires banks to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent Principles, such as reputational and strategic risks. Description and findings re AC1 The Reserve Bank requires banks to determine a ‘Pillar 2’ capital allocation for other material risks not covered in the Pillar 1 capital requirements, but it is not included in the calculation of banks’ capital ratios, and there is no explicit regulatory requirement for bank to hold capital against it. Assessment of Principle 15 Materially Noncompliant Comments Most of the essential criteria are not met. The RBNZ forms a high level view of banks’ approaches to risk management from regular meetings with Board members and relevant senior management, and from copies of banks’ risk appetite statements and internal risk management reports that it routinely obtains. More detailed assessment of risk management in specific areas occurs on a risk-based basis (for instance in the review of housing lending). But this does not amount to the comprehensive ‘determination’ of matters listed for instance in ECs 1, 2, and 3. The only standards on risk management that the RBNZ has issued are in respect of overall capital adequacy (the ICAAP guidance in BS12), and in respect of liquidity risk management (BS13). The RBNZ assessed compliance with the ICAAP guidelines in the ICAAP review in 2015, but has not yet assessed whether banks are following the liquidity risk guidelines. The RBNZ is broadly compliant with EC10 (the requirements relating to a bank having a risk management unit, and the role of the CRO), at least for the 10 largest locally incorporated banks. The RBNZ is also making progress towards broad compliance with EC13 (requirements around, and assessment of, banks’ own stress-testing approaches).

NEW ZEALAND 130 INTERNATIONAL MONETARY FUND In terms of meeting the ECs through other means, the RBNZ places considerable reliance on the incentive effect of directors’ attestation that their bank has systems in place to manage all material risks, and that those systems have been properly applied. The RBNZ also takes comfort from the directors’ attestation that the bank has met all conditions of registration, in relation to certain risk management matters that are included in specific conditions. These include the ICAAP and liquidity risk management requirements, and the conditions (set out in BS2B) that modelling banks must meet to use the IRB and AMA approaches to capital adequacy. There are a number of the ECs under which the RBNZ does not absolutely ‘determine’ the outcomes listed, but does obtain enough information to assess broadly that they are occurring. These include matters such as risk management culture being established throughout the bank, and an adequate system of limits being in place and being effectively operated. Once the self-discipline overlay is imposed on top of this, the RBNZ is comfortable that the outcomes envisaged in these are in practice being achieved. The RBNZ is not compliant with:  EC7 (determination that banks have information systems that are adequate for measuring, assessing and reporting on the size, composition and quality of exposures);  EC8 (Board and senior management adequately monitor the risks from introducing new products and significant strategic initiatives);  EC11 (supervisor issues standards in all key areas of risk); and  EC14 (determination that the bank accounts appropriately for risk in internal pricing, new product approval, and performance measurement). Principle 16 Capital adequacy.43 The supervisor sets prudent and appropriate capital adequacy requirements for banks that reflect the risks undertaken by, and presented by, a bank in the context of the markets and macroeconomic conditions in which it operates. The supervisor defines the components of capital, bearing in mind their ability to absorb losses. At least for internationally active banks, capital requirements are not less than the applicable Basel standards. Essential criteria EC 1 Laws, regulations or the supervisor require banks to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which a bank might be subject to supervisory action. Laws, regulations or the supervisor define the qualifying components of capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis.

43 The Core Principles do not require a jurisdiction to comply with the capital adequacy regimes of Basel I, Basel II and/or Basel III. The Committee does not consider implementation of the Basel-based framework a prerequisite for compliance with the Core Principles, and compliance with one of the regimes is only required of those jurisdictions that have declared that they have voluntarily implemented it.

NEW ZEALAND INTERNATIONAL MONETARY FUND 131 Description and findings re EC1 Capital requirements: The RBNZ Act 1989 enables the RBNZ to imposes capital requirements on banks through “conditions of registration.” Section 78(1)(c) establishes that conditions of registration may include capital in relation to the size and nature of the business. Following this general legal empowerment, the RBNZ’s regulations on the capital adequacy framework for locally incorporated registered banks are included in the documents BS2A (Standardized Approach) and BS2B (Internal Models Based Approach) (see EC2). Additionally, the OiC for Disclosure Statements—discussed in CP10—require banks to disclosure their capital ratios, calculated in accordance with the relevant Capital Adequacy Framework. Banks and bank officers could face severe penalties under the RBNZ Act if the bank fails to publish the Disclosure Statement as required or if a Disclosure Statement contains false or misleading information (RBNZ Act sections 89, 89A, and 89B). The RBNZ is undertaking a capital review over 2016-17. The objective of the review is to ensure that banks, including domestically important banks, hold an adequate level of capital in respect of the risks they face. An assumption underlying the review is that the RBNZ will continue to take a conservative approach to capital adequacy relative to international standards. The capital review will take account of recent updates to the Basel Committee framework. Since January 1, 2013, locally incorporated registered banks are subject to a condition of registration requiring that the banking group meet the following minimum capital ratios: Common Equity Tier 1 (CET1) capital: 4.5 percent of risk weighted assets; Tier 1 capital: 6 percent of risk weighted assets; and total capital: 8 percent of risk weighted assets. Locally incorporated registered banks are also required by their conditions of registration to hold a buffer of capital above the minimum capital ratios, made up of common equity of 2.5 percent risk weighted assets. The RBNZ reports that all locally incorporated banks comply with the above minimum ratios and hold capital above the buffer ratio. The RBNZ has the legal power to increase the size of this buffer, via condition of registration, and may do this to, for example, address macroeconomic risks arising from above trend credit growth. This aligns with the Basel III counter-cyclical buffer. No counter-cyclical buffer is in place presently. Branches of banks incorporated overseas are subject to a condition of registration requiring that the whole bank complies with the capital adequacy requirements of the home country supervisor. Capital thresholds for supervisory action: the RBNZ Act 1989 provides a number of qualitative tests that allow the RBNZ to issue a direction to a bank or place the bank into statutory management. These include: the potential insolvency of the bank, the

NEW ZEALAND 132 INTERNATIONAL MONETARY FUND circumstances of the bank are prejudicial to the soundness of the financial system or failure to comply with legal requirements. Additionally, since January 1, 2014, If a bank’s capital buffer falls below the 2.5 percent buffer requirement, the bank is required by its conditions of registration to limit distributions of earnings. Conditions of registration also specify that if the bank’s capital buffer is less than the buffer requirement, the bank must prepare a capital plan to restore the buffer ratio to above 2.5 percent, and this must be approved by the RBNZ (this requirement would apply to an increased buffer requirement if a counter-cyclical buffer were in place). The minimum capital ratios may provide a threshold for more intensive intervention. A breach of the minimum ratios is a breach of a condition of registration and hence is an offence under the RBNZ Act. The RBNZ has a range of actions that it may take in response to a breach of minimum ratios including that:  under section 113 of the RBNZ Act the RBNZ may issue a direction to the bank, including a direction to take any action to address the breach of condition. If the bank failed to comply with the direction the bank could be placed into statutory management under section 118;  BS1 sets out the RBNZ’s operational requirement that if a minimum ratio is breached the bank must provide a capital plan to the RBNZ that sets out how it intends to restore the capital ratio. This plan will be required to be published. This requirement would be implemented through the issuance of a direction;  the RBNZ may recommend the de-registration of a bank that is not complying with its conditions of registration, including its capital requirements; and  the RBNZ could take enforcement action, with the potential to result in fines on the bank upon summary conviction. Capital components with the ability to absorb losses on a going concern basis: The RBNZ’s capital requirements establish that Additional Tier 1 (AT1) and Tier 2 instruments must either convert into ordinary shares or be written off on the occurrence of a non￾viability trigger event, as determined by the RBNZ. AT1 instruments must also automatically convert to ordinary shares or be written off if the capital ratio of the banking group falls below 5.125 percent of risk weighted assets. Under their conditions of registration locally incorporated banks are required to receive a notice of non-objection from the RBNZ before including any AT1 or Tier 2 capital instrument in their capital ratios. The RBNZ reports that several New Zealand banks have issued instruments complying with the new qualifying criteria for AT1 and Tier 2 capital. The instruments issued contain loss absorption features: banks have issued both instruments with principal write-off at the point of non-viability, and instruments that can be converted into ordinary shares.

NEW ZEALAND INTERNATIONAL MONETARY FUND 133 According to the RBNZ, a market for Basel III-compliant instruments has been developing in New Zealand, and banks have found sufficient demand to allow them to issue these instruments. This market is likely to develop over the coming years with further capital issues. The RBNZ Bulletin article: ‘The RBNZ’s application of the Basel III capital requirements for banks’ provides more detail on the definition of capital. This definition of capital has been in place since 2013. EC2 At least for internationally active banks,44 the definition of capital, risk coverage, the method of calculation and thresholds for the prescribed requirements are not lower than those established in the applicable Basel standards. Description and findings re EC2 There are no internationally active banks incorporated in New Zealand. The RBNZ’s BS2A and B capital framework seeks to align with the Basel framework and with the capital requirements of APRA. The RBNZ’s policy would allow departures that reflect particular New Zealand circumstances and where adoption of the Basel framework would make New Zealand’s requirements less conservative. The definition of risk-weighted exposures is largely consistent with the Basel framework. On credit risk, the RBNZ has adopted a more conservative approach in certain areas of exposures to farm, residential mortgages and credit cards from the Basel framework. On operational risk, the RBNZ seeks to follow Basel standards closely. On market risk, the RBNZ’s approach to capital for market risk is a simplified version of the Basel approach, and has not been updated to reflect the amendments to the Basel approach since 1996. New Zealand banks’ exposure to market risk is relatively small. Their main involvement in market-related contracts arises from interest rate-related products to hedge the interest rate risk in the banking book, and (for the largest banks) FX-related products to hedge the FX risk from borrowing in foreign currencies. The RBNZ believes that these capital requirements have served New Zealand well, but will review their ongoing appropriateness as part of the capital review. The RBNZ has chosen at this stage not to implement a leverage ratio given its preference for a risk-based approach to capital adequacy. The RBNZ is however, keeping the leverage ratio under review and will reconsider in light of other countries’ experiences. The RBNZ notes that the Basel guidance does not foresee the implementation of the leverage ratio until 2018.

44 The Basel Capital Accord was designed to apply to internationally active banks, which must calculate and apply capital adequacy ratios on a consolidated basis, including subsidiaries undertaking banking and financial business. Jurisdictions adopting the Basel II and Basel III capital adequacy frameworks would apply such ratios on a fully consolidated basis to all internationally active banks and their holding companies; in addition, supervisors must test that banks are adequately capitalized on a stand-alone basis.

NEW ZEALAND 134 INTERNATIONAL MONETARY FUND EC3 The supervisor has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisor considers not to have been adequately transferred or mitigated through transactions (e.g., securitization transactions)45 entered into by the bank. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. Description and findings re EC3 As discussed in EC1, the RBNZ imposes capital requirements on banks through conditions of registration. Conditions apply individually, and therefore different conditions (and different capital requirements) may apply to different banks. The RBNZ has, in a number of instances, imposed capital requirements that apply individually to a bank in cases where the RBNZ considers that an individual risk exists that has not been adequately mitigated. This is normally public information. Under section 78 of the RBNZ Act the RBNZ may impose conditions of registration limiting loan concentrations. The RBNZ’s Connected Exposures Policy (BS8) is an example of where limits have been placed on risk exposures, being exposures to connected parties. Both on and off balance sheet exposures are included in the calculation of prescribed capital requirements. EC4 The prescribed capital requirements reflect the risk profile and systemic importance of banks46 in the context of the markets and macroeconomic conditions in which they operate and constrain the build-up of leverage in banks and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable Basel requirements. Description and findings re EC4 The RBNZ has not chosen to apply a capital overlay to domestically systemically important banks; nor has it applied additional capital charges based on the size of banks. The RBNZ is confident that the relatively conservative application of the Basel capital requirements means that the effective minimum capital requirement is higher across the board. As discussed in EC3 capital requirements are imposed by conditions of registration which apply to bank’s individually and therefore may differ between banks to reflect idiosyncratic risks.

45 Reference documents: Enhancements to the Basel II framework, July 2009 and: International convergence of capital measurement and capital standards: a revised framework, comprehensive version, June 2006. 46 In assessing the adequacy of a bank’s capital levels in light of its risk profile, the supervisor critically focusses, among other things, on (a) the potential loss absorbency of the instruments included in the bank’s capital base, (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures, (c) the adequacy of provisions and reserves to cover loss expected on its exposures and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from bank to bank to ensure that each bank is operating with the appropriate level of capital to support the risks it is running and the risks it poses.

NEW ZEALAND INTERNATIONAL MONETARY FUND 135 The RBNZ’s regulatory approach aims at systemic-risk objectives. This approach is carried over into the capital framework, under which risk drivers for capital requirements are based not only on individual bank risk but systemic risk also. Accordingly, as discussed in EC2, this has moved the RBNZ to set higher overall capital adequacy standards than the applicable Basel requirements in several areas, principally in relation to housing loans and farm loans. As an example, the RBNZ has applied a higher correlation factor within the formula for calculating risk weights for housing loans for IRB banks. It cannot be said that the RBNZ has exhausted the possibilities that capital requirements have to constrain the build-up of leverage to the real estate sector in banks and the banking sector. EC5 The use of banks’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisor. If the supervisor approves such use: (a) such assessments adhere to rigorous qualifying standards; (b) any cessation of such use, or any material modification of the bank’s processes and models for producing such internal assessments, are subject to the approval of the supervisor; (c) the supervisor has the capacity to evaluate a bank’s internal assessment process in order to determine that the relevant qualifying standards are met and that the bank’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken; (d) the supervisor has the power to impose conditions on its approvals if the supervisor considers it prudent to do so; and (e) if a bank does not continue to meet the qualifying standards or the conditions imposed by the supervisor on an ongoing basis, the supervisor has the power to revoke its approval. Description and findings re EC5 Banks seeking to use internal models for the calculation of capital requirements must first be accredited by the RBNZ. Currently, only the four Australian banks are accredited. Accreditation is effected through a bank’s conditions of registration, which specify the capital adequacy standard to be used to calculate capital requirements. BS2B (Capital Adequacy Framework (internal models approach)) sets out the RBNZ’s requirements for internal model approaches, including the specific risk quantification requirements as well as governance, validation and other requirements that the bank must adhere to: (a) for credit risk, banks’ internal models must adhere to the quantification requirements described in subparts 4B and 4C of BS2B. These requirements have largely been adopted from the Basel standards, although in places the RBNZ

NEW ZEALAND 136 INTERNATIONAL MONETARY FUND imposes conservative supervisory floors on some inputs (e.g., minimum LGDs for residential mortgage exposures). The RBNZ determines whether a bank’s model fits the requirements; (b) as part of their conditions of registration, banks accredited for internal models must maintain a compendium of approved models with the RBNZ (BS2B 1.3A, 1.3B). The compendium must be agreed to by the RBNZ and only models in that compendium may be used to calculate regulatory capital requirements. The compendium contains information such as a model’s version number and information about the RBNZ’s approval of that model. Changes to an approved model, including changes to ‘probability of default (PD), LGD or ‘exposure at default’ (EAD) estimates, must have RBNZ approval before the bank can implement such changes in their regulatory capital calculations. Model changes must be formally submitted to the RBNZ for assessment and approval; (c) Assessments of proposed internal models are made by specialist, non-supervisory staff. Advice is then provided to an internal committee chaired by the Head of the PSD for decisions on models. The minimum requirements for internal models include model documentation that evidences compliance with the risk quantification requirements, and model change submissions must include descriptions of the proposed changes and the rationale for the change. The RBNZ can reject a model submission if sufficient information in line with the requirements is not provided. Together, these requirements allow the RBNZ to form an opinion on whether a bank’s model reasonably reflects the bank’s risks; and (d) The RBNZ can and often does impose conditions on model approvals, for example specific parameter calibrations or floors on model outputs. The RBNZ attaches any conditions to the approval of a model in the letter approving that model, and these conditions are reflected in the bank’s compendium of approved models for enforcement purposes. Banks may only use models that the RBNZ has assessed as meeting the qualifying standards. Unapproved changes to a model that would result in that model no longer meeting the qualifying standards would result in a breach of that bank’s conditions of registration, by way of the requirement to only operate models listed in the bank’s compendium of approved models. Similarly, when the RBNZ approves a model subject to certain conditions, if a bank no longer met those conditions then that model would not be an approved model, and this would result in a breach of their conditions of registration via the compendium requirement. EC6 The supervisor has the power to require banks to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).47 The supervisor has the power to require banks:

47 “Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverses stress testing.

NEW ZEALAND INTERNATIONAL MONETARY FUND 137 (a) to set capital levels and manage available capital in anticipation of possible events or changes in market conditions that could have an adverse effect; and (b) to have in place feasible contingency arrangements to maintain or strengthen capital positions in times of stress, as appropriate in the light of the risk profile and systemic importance of the bank. Description and findings re EC6 The RBNZ’s approach to setting capital requirements is that banks should hold a level of capital that is at all times capable of absorbing, with a high probability, the shocks that could occur over the reasonably foreseeable future. This approach also maintains that banks’ minimum capital holdings should be risk sensitive with the risk of an exposure assessed in the context of an economic downturn scenario. For example, paragraph 4.266 of BS2B requires that the economic and market conditions underlying the data used for estimating PD, LGD and EAD must be relevant to reasonably conceivable future conditions; paragraph 4.235 requires that PD estimates must present an assessment of the obligors’ ability and willingness to pay, even in the face of adverse economic conditions; paragraph 4.285 requires that LGD estimates reflect downturn economic conditions and paragraph 4.292 requires that EAD estimates must be appropriately conservative for an economic downturn. Additionally, under their conditions of registration locally incorporated banks are required to have an ICAAP according to “Guidelines of a bank’s internal capital adequacy assessment process” (BS12). Under the ICAAP the bank must assess and measure any material risk that is not captured by the risk based framework and determine an internal allocation of capital for that risk. Paragraph 17 of BS12 requires that the ICAAP should be forward looking and requires that the Board and senior management examine the bank’s current and future capital requirements and take account of the impact of the business cycle on capital planning. Banks are expected to perform rigorous and forward looking stress tests that identify plausible severe loss events or adverse changes in market conditions and assess their impact on capital adequacy. Stress testing results may influence the level at which internal capital ratio limits are set by bank boards. Such limits are set at a level above the regulatory minimum and bank boards would not normally accept limit breaches without sound justification except in exceptional circumstances. The RBNZ has also run several multiple institution stress tests in recent years. The most resource intensive has focused on the big-4 Australian-owned banks, in conjunction with APRA. These banks are also now required to perform a common scenario test as part of their ICAAP. The RBNZ has also recently conducted a test of New Zealand-owned banks, and a test focusing on risks associated with dairy lending. AC1 For non-internationally active banks, capital requirements, including the definition of capital, the risk coverage, the method of calculation, the scope of application and the capital required, are broadly consistent with the principles of the applicable Basel standards relevant to internationally active banks.

NEW ZEALAND 138 INTERNATIONAL MONETARY FUND Description and findings re AC1 The RBNZ capital adequacy framework is the same for all banks. All New Zealand owned registered banks have mainly domestic operations and are subject to either BS2A or BS2B, both of which are broadly consistent with the Basel framework. As discussed in EC2, the leverage ratio has not been implemented. AC2 The supervisor requires adequate distribution of capital within different entities of a banking group according to the allocation of risks. Description and findings re AC2 Conditions of registration apply to the registered bank and therefore the registered bank is responsible for compliance with the RBNZ capital requirements. As discussed in CP12, at the present, there are no New Zealand incorporated banks that have another registered bank as a subsidiary, although the policy framework does not preclude such banks being registered. There are no cases where an adequate distribution of capital within different entities of a banking group is required, other than in the case of banking groups under “dual registration” as discussed in this report. Assessment of Principle 16 Compliant Comments The RBNZ seeks to follow the Basel guidance for capital adequacy to the extent that the guidance is appropriate for New Zealand requirements. The RBNZ has implemented both the Basel II Internal Models Based Approach (four banks are accredited to use the IRB approach) and Standardized approaches, and was an earlier adopter of the main elements of the Basel III requirements. The RBNZ takes a simple and conservative approach to capital adequacy, for example, imposing a number of floors in respect of risk-weighted assets to ensure that appropriate levels of capital are held in respect of credit risks, and not implementing national discretions that allow for a lowering of capital adequacy. The main conceptual divergence from the Basel framework is the leverage ratio, which the RBNZ has not considered implementing at this stage given its preference for a risk￾based approach to capital adequacy. The RBNZ is, however, keeping the leverage ratio under review and will reconsider in light of other countries’ experiences. The RBNZ indicates that compliance with the leverage ratio, as is currently calibrated, would not be an issue for the local banking industry. Other departures from the Basel framework (such as, Pillar 2, Pillar 3, SIFI surcharges), can be considered examples of a regulatory policy effort tailored to national circumstances. The capital framework is currently under review. The assessors welcome RBNZ efforts to reconsider the leverage ratio as a regulatory backstop. The RBNZ may wish to explore whether capital requirements are sufficiently well calibrated to constrain the build-up of leverage in banks and the banking sector according to expectations of EC4.

NEW ZEALAND INTERNATIONAL MONETARY FUND 139 Principle 17 Credit risk.48 The supervisor determines that banks have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk49 (including counterparty credit risk)50 on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the bank’s loan and investment portfolios. Essential criteria EC1 Laws, regulations or the supervisor require banks to have appropriate credit risk management processes that provide a comprehensive bank-wide view of credit risk exposures. The supervisor determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank, take into account market and macroeconomic conditions and result in prudent standards of credit underwriting, evaluation, administration, and monitoring. Description and findings re EC1 Credit risk is a key topic of discussion in meetings with bank executives. These discussions incorporate management of credit risk in the context of the bank’s risk appetite, risk profile, and market/macroeconomic conditions. Board risk reports also cover these topics. More in-depth review of credit risk management processes has taken place through thematic reviews of bank’s housing and rural portfolios. The RBNZ does not formally ‘determine’ whether each bank’s credit risk processes provide a comprehensive bank-wide view of credit risk exposures, the RBNZ can and does identify shortcomings in this area as they become evident through regular supervisory activity. Material concerns are incorporated into PRESS assessments (PRESS assessments include consideration of risk management frameworks and processes within the PRESS risk category ‘Internal Controls’) and followed-up where appropriate. The RBNZ’s supervisory activity is supported by market discipline and self-discipline to ensure banks have appropriate credit risk management policies in place. Market and self-discipline are applied through disclosure requirements and director attestations. In particular, all banks are required in include in quarterly disclosure statements, an attestation from directors that the bank has systems in place to monitor and control adequately banking group’s material risks (credit risk is one such risk specified) and that those systems are being properly applied.

48 Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets. 49 Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities. 50 Counterparty credit risk includes credit risk exposures arising from OTC derivative and other financial instruments.

NEW ZEALAND 140 INTERNATIONAL MONETARY FUND Market discipline is also applied through a requirement to disclose information about risk management policies (including credit risk management policies). The information that is required to be disclosed captures, among other things, a general description of the systems and processes for identifying, measuring and monitoring exposures to risk, including the frequency with which exposures are monitored and reported. Disclosures of risk management policies are required annually, and any changes to policies must be disclosed quarterly. EC2 The supervisor determines that a bank’s Board approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,51 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the Board. The supervisor also determines that senior management implements the credit risk strategy approved by the Board and develops the aforementioned policies and processes. Description and findings re EC2 The RBNZ assesses, through regular supervisory activity, Board involvement in approving and reviewing credit risk management strategy, policies and processes, and how these strategies are implemented:  Reports received include the Board approved strategy and risk appetite settings, as well as regular Board reports prepared by the Chief Risk Officer that cover credit risk management.  As credit risk is a key risk for all New Zealand incorporated banks (and most banks registered as branches), credit risk management is typically one of the main agenda items in engagement with bank directors and senior management. In order to make the attestations referred to in EC1, bank directors and banks must satisfy themselves that the bank’s credit risk management strategy, policies and processes are consistent with the risk appetite set by the Board, that the strategy is being implemented, and that policies and processes approved by the Board are developed. EC3 The supervisor requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including: (a) a well-documented and effectively implemented strategy and sound policies and processes for assuming credit risk, without undue reliance on external credit assessments; (b) well defined criteria and policies and processes for approving new exposures (including prudent underwriting standards) as well as for renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures; (c) effective credit administration policies and processes, including continued analysis of a borrower’s ability and willingness to repay under the terms of the debt

51 “Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments.

NEW ZEALAND INTERNATIONAL MONETARY FUND 141 (including review of the performance of underlying assets in the case of securitization exposures); monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system; (d) effective information systems for accurate and timely identification, aggregation and reporting of credit risk exposures to the bank’s Board and senior management on an ongoing basis; (e) prudent and appropriate credit limits, consistent with the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff; (f) exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board where necessary; and (g) effective controls (including in respect of the quality, reliability and relevancy of data and in respect of validation procedures) around the use of models to identify and measure credit risk and set limits. Description and findings re EC3 The RBNZ does not have specific requirements in relation to credit risk policies and processes, the RBNZ’s engagement with banks has included discussion of the credit risk control environment. For instance, the housing and rural thematic review incorporated discussion and analysis on: risk governance and appetite; credit origination policies and procedures (including credit approval authorities, underwriting strategies, credit risk grading, front line lender incentives, credit risk review and assurances on originations); valuation practices; and risk reporting to the Board. The risk management information that banks are required to disclose includes: a general description of the systems and procedures for controlling risk (including credit risk) including whether exposure limits are employed; policies with respect to collateral/security; policies on the use of financial instruments to mitigate or hedge risk; and strategies and processes for monitoring the continuing effectiveness of hedges and other mitigants. Specific disclosure requirements relating to credit risk mitigation also capture policies and processes for netting; the method used for measuring the mitigating effects of collateral; and the main types of guarantor and credit derivative counterparty and their credit worthiness. Internal models banks are also required to disclose a broad overview of the model approaches and methods used to calculate Probability of Default, Loss Given Default and Exposure at Default, as well as information on the control mechanism for rating systems used to measure credit risk. Other than the disclosure and attestation requirements there are generally no prescriptive regulatory requirements relating to the control of the credit risk environment. The exception is for internal model banks which are subject to various qualitative

NEW ZEALAND 142 INTERNATIONAL MONETARY FUND requirements relating to the use of internal models. These requirements are broadly aligned with those set out in the Basel Committee’s Basel II framework. The RBNZ does not regularly determine that bank’s policies and processes establish an appropriate and properly controlled credit risk environment. However, through the regular supervisory activity the RBNZ may form a view about controls in a bank’s credit risk environment. Any concerns about control in the credit risk environment are incorporated into PRESS assessments. EC4 The supervisor determines that banks have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors that may result in default including significant unhedged foreign exchange risk. Description and findings re EC4 The RBNZ does not explicitly determine that banks have policies and processes to monitor the total indebtedness of entities to which a bank extends credit and any risk factors that may result in default. EC5 The supervisor requires that banks make credit decisions free of conflicts of interest and on an arm’s length basis. Description and findings re EC5 The RBNZ expects banks to make credit decisions free of conflicts of interest and on an arm’s length basis. Bank directors are required by law to disclose conflicts of interest. Companies Act requires each director to cause to be entered into the interests register and disclose to the bank Board details of any transaction or proposed transaction in which the director has an interest. The RBNZ’s Connected Exposure Policy (BS8) states that exposures to connected persons shall not be on more favorable terms than corresponding exposures to non-connected persons. All banks are required to disclose in full year disclosure statements details of any transactions involving bank directors (or close relative’s/business associates) that have been entered into on terms different from those that would apply in the ordinary course of business. Also, all banks are required to disclose once a year the policy of the Board of directors for avoiding or dealing with conflicts of interest which may arise from the personal, professional or business interests of directors. The RBNZ’s corporate governance requirements for banks include rules that are relevant to making credit decisions free from conflict of interest on an arm’s length basis. In particular, BS14 requires that the bank policy must not include any provision permitting a director, when exercising powers or performing duties as a director, to act other than in what he or she believes is the best interests of the company (i.e., the registered bank). BS14 also requires at least half the Board members (and the chairperson) to be independent directors. The criteria for independence are intended to ensure that an

NEW ZEALAND INTERNATIONAL MONETARY FUND 143 independent director is free from any business or other association that could materially interfere with the exercise of independent judgement. EC6 The supervisor requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the bank’s capital are to be decided by the bank’s Board or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the bank’s activities. Description and findings re EC6 The RBNZ expects banks to set lending authority limits in accordance with lending officer skills and experience, and the lending environment. Lending authority limits are discussed with banks where appropriate. However, there is no specific regulatory requirement. EC7 The supervisor has full access to information in the credit and investment portfolios and to the bank officers involved in assuming, managing, controlling and reporting on credit risk. Description and findings re EC7 The RBNZ may by notice in writing require a bank to supply it with such information, data and forecasts relating to the business, operation or management of the bank and for such periods and in such form as may be specified in the notice. As noted elsewhere, the RBNZ obtains regular board risk reports from most New Zealand locally incorporated banks (except those banks that are relatively small), including credit risk reports. The RBNZ does not have explicit powers giving it access to lending officers of a bank, nor access to individual credit files except where it has appointed someone to carry out an investigation of the affairs of a registered bank pursuant to the RBNZ Act. Section 101 states that the RBNZ may appoint a person to carry out an investigation where it is satisfied that this is necessary or desirable for the purpose of determining whether or not the RBNZ should exercise the powers conferred under section 113 or section 117. While there is no formal power giving access to lending officers or credit files, other than in a stress situation, the RBNZ does sometimes seek meetings with officers involved in the credit function. Such access has always been granted. For instance, during the 2014 thematic review of housing and rural credit risk the RBNZ meet with senior lending officers. EC8 The supervisor requires banks to include their credit risk exposures into their stress testing programs for risk management purposes. Description and findings re EC8 New Zealand incorporated banks are required through conditions of registration to have an ICAAP that accords with the requirements set out in the RBNZ’s ICAAP Guidelines. BS12 states that a bank must have an ICAAP that enables the bank to ensure it has adequate overall capital in relation to its risk profile (paragraph 6). A bank’s ICAAP should capture all material risks including ‘Pillar 1’ risks such as credit risk (paragraph 13). As part of the ICAAP, banks are required to perform rigorous and forward-looking stress-tests and assess the impact of these tests on the bank’s capital levels (paragraph 18). Locally incorporated banks also participate in the Reserve Bank-initiated stress tests. Several collective stress tests of the larger New Zealand banks have been run in the last

NEW ZEALAND 144 INTERNATIONAL MONETARY FUND five years (and, in 2014, a test of a number of smaller New Zealand-incorporated banks participated). As well as running periodic ‘regulator initiated’ stress tests, the Reserve Bank has also recently begun to work with APRA to provide common scenarios for use in the major banks’ internal stress testing. Credit risk is the primary area of interest for this stress testing work. More specific requirements apply to internal models banks that broadly correspond to the BCBS Basel II minimum requirements for the IRB approach in relation to stress tests used in assessment of capital adequacy. These requirements cover the nature of events or scenarios that must be incorporated into stress test and the sources of information a bank must consider for stress tests. Assessment of Principle 17 Materially Noncompliant Comment A large part of the RBNZ’s supervisory activity is focused on credit risk. Credit risk is a key topic of discussion in meetings with bank executives. These discussions incorporate management of credit risk in the context of the bank’s risk appetite, risk profile, and market/macroeconomic conditions. Board risk reports also cover these topics. More in￾depth review of credit risk management processes has taken place through thematic reviews of bank’s housing and rural portfolios. Market discipline is applied through disclosure of credit risk management policies, and self-discipline is applied through director attestations about systems in place to monitor and control credit risk. Drawing on the supervisory activity described above, the RBNZ’s assessment of credit risk management is incorporated into bank PRESS reviews. The RBNZ may take further supervisory action to affect change such as feedback letters provided at the conclusion of the credit risk thematic review. However, relative to EC1, 3, and 4 the process is noncompliant. The RBNZ does not have specific requirements for credit risk management processes and does not regularly conduct detailed reviews of banks’ processes for credit risk management. The RBNZ is able to assess, through review of bank risk reports, and through bank discussions (including discussions with bank directors) Board involvement in approving and reviewing credit risk management strategy, policies and processes, and how these strategies are implemented. However, the RBNZ does not systematically review Board approval and reviews of credit risk management strategy, policies and processes as envisaged by EC2. There is no formal power giving access to lending officers or credit files, other than in a stress situation, although the RBNZ does sometimes seek meetings with officers involved in the credit function. Such access has always been granted.

NEW ZEALAND INTERNATIONAL MONETARY FUND 145 Banks are required to include credit risk exposures in their stress testing programs. Stress testing requirements are set out the ICAAP guidelines (for all locally incorporated banks), in IRB standards (for the four largest banks), and through regular RBNZ led exercises for the larger banks. Principle 18 Problem assets, provisions and reserves.52 The supervisor determines that banks have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.53 Essential criteria EC1 Laws, regulations or the supervisor require banks to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisor require regular review by banks of their problem assets (at an individual level or at a portfolio level for assets with homogenous characteristics) and asset classification, provisioning and write-offs. Description and findings re EC1 The RBNZ expects banks to have adequate policies and procedures for the early identification and management of problem assets, and to maintain adequate provisions. Although the RBNZ does not have specific requirements that banks formulate or review policies, the RBNZ supervises problem loan identification and management through a number of channels including: the collection of detailed monthly bank asset quality information (presented to RBNZ senior management in MBORs); receipt of bank risk reports; and regular engagement with bank executives. Accounting standards used for financial reporting set out the recognition and calculation of impaired loans. New Zealand has adopted International Financial Reporting Standards (IFRSs), so for a New Zealand incorporated bank, GAAP means New Zealand equivalents to IFRSs (NZ IFRSs). The New Zealand External Reporting Board (XRB) implements all standards and updates to standards issued by the IASB (IFRSs, IASs etc.) by issuing New Zealand equivalents. Impaired assets are determined in accordance with IAS 39 or NZ IFRS 9 if the bank is an early adopter of the new accounting standards. The RBNZ does not set rules for the periodic review by banks of their individual credits, asset classifications and provisioning.

52 Principle 17 covers the evaluation of assets in greater detail; Principle 18 covers the management of problem assets. 53 Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisor in addition to provisions (“above the line” charges to profit).

NEW ZEALAND 146 INTERNATIONAL MONETARY FUND OiCs issued pursuant to the RBNZ Act require banks to disclose detailed information about their asset quality and provisioning in quarterly disclosure statements. The OiCs require a full audit of disclosure statements for the full financial year and a limited scope audit of disclosure statements for the first six months of the financial year. In addition, banks are required to give a general description of the methods used to identify and monitor exposure to credit risk, including the frequency with which exposures are monitored and a general description of the systems and procedures for controlling the risk, including, where applicable, whether exposure limits are employed, any policies with respect to collateral or other security, and any policies on the use of financial instruments to mitigate or hedge risks. Finally, in the full year disclosure statements banks are required to disclose a description of the approaches followed for individual and collective allowance for impaired assets, and any statistical methods used in assessing asset impairment. In the view of the RBNZ, in order to meet these disclosure requirements banks would need to review individual credits, asset classifications and provisioning on a regular basis (at least once per quarter), using their own internal systems. Typically, the Board of the bank sets rules for the periodic review of individual credits, asset classification and provisioning, and monitors compliance with those rules via Board reports and reviews by internal audit and/or by a credit risk review team who are independent from the credit granting function. Disclosure statements are subject to a full audit at the end of the financial year and to a limited scope audit at the end of the first six months of the financial year. In carrying out their audit functions, auditors review banks’ loan classification and provisioning policies, and their implementation. In carrying out this work the auditors draw upon the work done by internal audit/credit review after undertaking testing to ensure that this work can be relied upon. EC2 The supervisor determines the adequacy of a bank’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisor’s opinion may be conducted by external experts, with the supervisor reviewing the work of the external experts to determine the adequacy of the bank’s policies and processes Description and findings re EC2 Every registered bank is required to publish an audit report in its full year disclosure statement. The report must state whether or not, in the opinion of the auditor, the financial statements of the banking group comply with generally accepted accounting practice. The RBNZ meets with the external auditors of all locally incorporated banks (except small banks) each year. A standing agenda item is ‘issues identified during the most recent financial year’. RBNZ expects the external auditor to advise it of any material matters arising during the course of the auditors’ review of the bank which could include any

NEW ZEALAND INTERNATIONAL MONETARY FUND 147 concerns about the bank’s loan classification and provisioning policies. However, detailed discussions do not occur unless auditor raises concerns or off-site analysis by RBNZ denotes provisions lower than peer. The RBNZ periodically undertakes thematic reviews based on topics of supervisory interest. During 2016 the RBNZ is undertaking a thematic review of bank’s problem loan identification and loss provisioning methods. This review is motivated by emerging stress in the dairy sector and will cover the main dairy lending banks. The RBNZ’s assessment of bank credit risk models (for those banks accredited to use internal models under Basel II) incorporates an assessment of risk grades as part of the review of bank probability of default models. However, the focus of this assessment is on capital models, provisioning models are not examined. EC3 The supervisor determines that the bank’s system for classification and provisioning takes into account off-balance sheet exposures.54 Description and findings re EC3 The RBNZ does not routinely assess whether bank systems for classification and provisioning take into account off-balance sheet exposures. Instead, it relies on the work of the external auditor (as noted above). EC4 The supervisor determines that banks have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. Description and findings re EC4 The RBNZ does not assess whether banks have appropriate policies and procedures to ensure provisions and write-offs are timely. Instead, it relies on the work of the external auditor (as noted above). EC5 The supervisor determines that banks have appropriate policies and processes, and organizational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g., 30, 60, or 90 days). The supervisor tests banks’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g., rescheduling, refinancing or reclassification of loans). Description and findings re EC5 The RBNZ does not routinely assess bank policies and processes or resources for the early identification of deterioration assets, oversight of problem assets, and collection on past due obligations. In the areas of policies and processes, the RBNZ relies on the work of external auditors and on disclosure requirements. In order to meet disclosure requirements, banks need to classify past due and homogenous impaired assets by the number of days past due. In addition, the RBNZ

54 It is recognized that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the bank (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled.

NEW ZEALAND 148 INTERNATIONAL MONETARY FUND receives monthly ‘asset quality return’ information from banks (as described in EC6 below). Currently, this includes information on loans that are 90 days past due but not impaired. The RBNZ is reviewing what asset quality return information is needed and is likely to also require information on loans that are 30 days and 60 days past due. The RBNZ does not systematically test banks’ treatment of assets with a view to identifying circumvention of classification and provisioning standards. However, periodically issues are identified with the way that banks report asset quality data, and where necessary the RBNZ has required banks to change their approach to reporting problem loans as a result. As noted above, the RBNZ is reviewing what asset quality return information is needed. This review includes consideration of what information is needed on loans that are performing only because they have been restructured or rescheduled in some way. Another example was the RBNZ’s observation that one bank’s housing portfolio historically recorded a low rate of nonperforming loans relative to peers. In theory this could have been due to misclassification of loans. This issue was tested and discussed with the bank concerned. The thematic review being conducted in 2016 will capture the topic of early identification of deteriorating assets. EC6 The supervisor obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisor requires banks to have adequate documentation to support their classification and provisioning levels. Description and findings re EC6 The RBNZ receives monthly information from most banks on asset quality (four banks registered as branches with relatively small operations in New Zealand do not provide monthly asset quality information). This information includes the following balances at the end of the month: total lending; impaired assets; specific provisions; collective provisions; 90 days past due but not impaired; and watch list loans. This information is provided separately for up to 12 sectors (i.e., consumer; housing; dairy; sheep and beef; other rural; investment property; property development; other commercial lending secured by residential mortgages; other commercial lending; corporate; asset based lending; and all other lending). Monthly asset quality information also includes the amount of total credit exposure to any individual counterparty or group of closely related counterparties for whom any exposure is in arrears by 30 days or more, if the credit exposure to the counterparty or counterparties concerned exceeds 10 percent or more of equity. The RBNZ also receives Board risk reports from the ten largest locally incorporated banks. The reports typically include information on asset quality and provisions.

NEW ZEALAND INTERNATIONAL MONETARY FUND 149 The RBNZ does not require banks to have documentation to support their classification and provisioning levels. However, as noted above impaired assets are determined in accordance with IAS 39 or NZ IFRS 9 if the bank is an early adopter of the new accounting standards. Thus, in the preparation of financial statements, auditors would require these papers to be prepared or provided to ensure the information contained in the financial statements is appropriate. EC7 The supervisor assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g., if the supervisor considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisor has the power to require the bank to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital and, if necessary, impose other remedial measures. Description and findings re EC7 The RBNZ assesses the adequacy of asset classification and provisioning taking into account disclosure statement information, private reporting (in particular bank asset quality returns) and bank risk reports. An example of how the RBNZ monitors this area is the MBOR which compares provisions held as a percentage of total impaired and past due assets over time and across banks. The RBNZ regularly requires banks to undertake stress testing exercises. These stress tests can provide information on the level of provisions banks might set aside in unfavorable credit risk scenarios. For example, the 2015 Common Scenario Stress Test gave information about individual and collective provisions set aside by participating banks in response to the stress test scenarios. If the RBNZ requires a bank to make adjustments to asset classifications, provisioning or capital, or determines to require a bank to undertake other remedial measures, the RBNZ could impose a new condition of registration on the bank (notwithstanding the RBNZ’s powers, in practice, more informal methods are used as discussed below). r 74(2) of the RBNZ Bank Act provides that the RBNZ may impose conditions of registration. These matters include, among other matters: (a) capital in relation to the size and nature of the business; (b) loan concentration and risk exposures; (c) internal controls and accounting systems; and (d) Risk management systems and policies. EC8 The supervisor requires banks to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees, credit derivatives and collateral. The valuation of collateral reflects the net realizable value, taking into account prevailing market conditions. Description and findings re EC8 There are generally no explicit requirements that banks have mechanisms in place for continually assessing the strength of guarantees, credit derivatives, and appraising the

NEW ZEALAND 150 INTERNATIONAL MONETARY FUND value of collateral. An exception is a requirement for IRB banks to have in place a residential property valuation policy that meets certain requirements). EC9 Laws, regulations or the supervisor establish criteria for assets to be: (a) identified as a problem asset (e.g., a loan is identified as a problem asset when there is reason to believe that all amounts due, including principal and interest, will not be collected in accordance with the contractual terms of the loan agreement); and (b) reclassified as performing (e.g., a loan is reclassified as performing when all arrears have been cleared and the loan has been brought fully current, repayments have been made in a timely manner over a continuous repayment period and continued collection, in accordance with the contractual terms, is expected). Description and findings re EC9 Impaired assets are determined in accordance with IAS 39 or NZ IFRS 9 if the bank is an early adopter of the new accounting standards. EC10 The supervisor determines that the bank’s Board obtains timely and appropriate information on the condition of the bank’s asset portfolio, including classification of assets, the level of provisions and reserves and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. Description and findings re EC10 The RBNZ receives Board risk reports from most banks (although not those banks which are very small). These reports typically include information on asset quality and provisions, and information on any new or recent asset review processes. The reports assist the RBNZ to understand the financial position of the bank but also as the RBNZ becomes familiar with the content and timeliness of these reports, the RBNZ is able to form a view on whether the bank Board is receiving timely and appropriate information on the condition of the bank’s assets. EC11 The supervisor requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisors require banks to set an appropriate threshold for the purpose of identifying significant exposures and to regularly review the level of the threshold. Description and findings re EC11 There is no explicit requirement that valuation, classification and provisioning for significant exposures are conducted on an individual basis. In practice banks do classifications, valuations and provisioning for significant exposures on an individual basis. EC12 The supervisor regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to banks’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisor considers the adequacy of provisions and reserves at the bank and banking system level in the light of this assessment.

NEW ZEALAND INTERNATIONAL MONETARY FUND 151 Description and findings re EC12 The RBNZ regularly assesses trends and risk concentrations associated with bank problem assets. This assessment is undertaken primarily through the MBOR and through quarterly PRESS assessments. A key risk mitigation strategy is the capital banks hold to absorb unexpected losses. In setting capital requirements, the RBNZ takes into account risk concentrations. For instance, the RBNZ’s IRB capital requirements for housing lending and for rural lending are materially higher than the Basel II standard partly due to the RBNZ’s assessment of the risk concentration in these sectors. The RBNZ gains insight into other risk mitigation strategies through regular engagement with banks and also through bank stress testing exercises. Assessment of Principle 18 Materially Noncompliant Comments The RBNZ expects banks to have adequate policies and procedures for the early identification and management of problem assets, and to maintain adequate provisions. The RBNZ supervises this area through a number of channels including: the collection of monthly bank asset quality information (presented to RBNZ senior management in MBORs); receipt of bank risk reports; and regular engagement with bank executives. Where emerging issues are identified the RBNZ may increase supervisory intensity (for instance through a thematic review or stress testing requirements) and, where necessary, the RBNZ may effect change in bank practices either indirectly (through moral suasion) or directly (e.g., increased capital requirements). The RBNZ does not make detailed determinations as anticipated by the Essential Criteria for this Principle. The RBNZ has not issued definitions of problem assets, forbearance, cured loans. The RBNZ supervisory activity is underpinned by financial reporting requirements and disclosure requirements relating to asset quality, risk management and external auditor findings. Areas of weaknesses include:  The RBNZ does not systemically and routinely assess or make determinations about bank’s policies and processes (this is relevant to several Essential Criteria including EC2, EC3, EC4, EC5, and EC7).  The RBNZ also does not explicitly have laws that require banks to identify and manage problem assets (relevant for EC1, EC8, EC9, and EC11). For a number of these requirements, RBNZ relies on accounting standards. Principle 19 Concentration risk and large exposure limits. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisors set prudential

NEW ZEALAND 152 INTERNATIONAL MONETARY FUND limits to restrict bank exposures to single counterparties or groups of connected counterparties.55 Essential criteria EC1 Laws, regulations or the supervisor require banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.56 Exposures arising from off-balance sheet as well as on-balance sheet items and from contingent liabilities are captured. Description and findings re EC1 The RBNZ requires banks to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk. The RBNZ uses a combination of regulatory, self and market discipline tools to achieve this. Regulatory discipline:  As specified in BS1 Statement of Principles, all banks have a condition of registration that they must have an ICAAP BS12 that includes “comprehensive coverage of risks the bank faces” and that “the bank should have in place policies and systems to monitor and control concentrated exposures to credit and other risks, and in turn to consider whether additional capital is a suitable mitigant.” While banks are not currently required to hold additional capital against these risks, they are required (as a condition of registration) to identify them. Self-discipline:  Bank directors must make quarterly attestations that they have complied with all of their conditions, which include the ICAAP.  Bank directors are also required to make a quarterly ‘risk management’ attestation that the bank has the systems to monitor and control material risks, and that these systems are being properly applied. Concentration risk is specifically mentioned as one of the material risks. The specific text of the attestation) is the following: “The registered bank has had systems in place to monitor and control adequately the banking group’s material risks, including credit risk, concentration of credit risk, interest rate risk, currency risk, equity risk, liquidity risk and other business risks and that those systems are being properly applied”.

55 Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof. 56 This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a bank is overly exposed to particular asset classes, products, collateral, or currencies.

NEW ZEALAND INTERNATIONAL MONETARY FUND 153 Market discipline:  Banks must publicly disclose their risk management policies, which include their approach to risk concentration, on an annual and semi-annual basis. They are also required to disclose changes to these processes on a quarterly basis, if material changes have occurred.  Banks must also publicly disclose concentration of credit exposures to individual counterparties and groups of closely related counterparties, on a quarterly basis. Banks are required to report on exposures to any counterparties that represent greater than 10 percent of equity. Banks must report the number of large exposures (above 10 percent of equity) in successive bands of 5 percent of equity (so 10–15 percent, 15–20 percent, 20–25 percent etc.). The detailed disclosure requirements are specified in Concentration of credit exposures to individual counterparties, which is Schedule 13 of the disclosure OICs for locally incorporated banks and Schedule 10 for branches of overseas-incorporated banks. EC2 The supervisor determines that a bank’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures creating risk concentrations and large exposure57 to single counterparties or groups of connected counterparties. Description and findings re EC2 The RBNZ relies primarily on the requirement that banks publicly disclose concentrations in either Disclosure Statements or Financial Statements to ensure that systems are in place to aggregate and facilitate active management of exposures creating risk concentration.

The RBNZ is also initiating a new quarterly regulatory report on large credit exposures (see EC4). In addition, the RBNZ collects private data, on a monthly basis, on any ‘large exposures’ that are in arrears. This private data collection also works to ensure that banks are tracking these exposures on an ongoing basis. The RBNZ does not test or verify information received nor review bank information systems. EC3 The supervisor determines that a bank’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the bank’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisor also determines that the bank’s policies and processes require all material concentrations to be regularly reviewed and reported to the bank’s Board.

57 The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e., it should encompass actual claims and potential claims as well as contingent liabilities). The risk weighting concept adopted in the Basel capital standards should not be used in measuring credit exposure for this purpose as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses (see “Measuring and controlling large credit exposures, January 1991).

NEW ZEALAND 154 INTERNATIONAL MONETARY FUND Description and findings re EC3 The RBNZ uses a mix of regulatory, self and market discipline tools to fulfil these criteria. EC4 The supervisor regularly obtains information that enables concentrations within a bank’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. Description and findings re EC4 Financial reporting standards require banks to report information on any areas of credit risk concentration, which includes counterparty, geographical area, currency or market concentration. This disclosure must cover:  a description of how management determines concentrations;  a description of the shared characteristic that identifies each concentration (e.g., counterparty, geographical area, currency or market); and  the amount of the risk exposure associated with all financial instruments sharing that characteristic. In its supplemental disclosure requirements, the RBNZ requires banks to provide this same information in their semi-annual statements. The Disclosure OiCs also require that banks separately disclose their credit risk exposure to the agricultural sectors. This applies to both the full-year and half-year disclosure statements. Beyond this, the extent of information collected differs depending on the risk profile of the regulated entity. Supervisors of large banks receive additional information and place a greater focus on large exposures, reflecting the RBNZ’s ‘risk-based’ approach to supervision.  For all banks, individual supervisors review the disclosure information regarding large exposures. Major changes or issues in this report would trigger additional supervisory focus.  For all banks, supervisors also receive information on any ‘large exposures’ (defined as greater than 10 percent equity) that are in arrears. This is monthly information, included in each bank’s asset quality report, which contains specific borrower names. If received, this type of information would trigger additional supervisory focus.  For the 10 largest banks, RBNZ management also reviews a summary of the most recent large exposure disclosures from the major banks (as per quarterly Disclosure Statement) as part of its review of the Monthly Bank Oversight Report (MBOR).  For the 10 largest banks, the RBNZ receives detailed Board/Bank Executive Management information. Typically, each bank’s Risk Appetite Statement (RAS) contains the general parameters for each bank’s approach to credit concentration and large exposures. Credit Risk Officer’s reports, which the RBNZ also collects for the 10 largest banks, also typically contain detailed information regarding portfolio concentration as well as large exposures.

NEW ZEALAND INTERNATIONAL MONETARY FUND 155 A new regulatory report, which will apply to all registered banks, will require banks to list their largest credit exposures, irrespective of their credit ratings. This information will include specific borrower/group names, dollar amounts and details regarding credit quality and risk mitigation. The pilot phase of a new quarterly large exposures reporting regime has commenced with reporting as at March 2016. It will be one of the new prudential ‘satellite’ reports that are part of the RBNZ’s Balance Sheet Redevelopment project. This project had been in the planning phase for several years and is the final phase of a comprehensive, multi-year redesign of the RBNZ’s statistical reporting. This data will enable individual supervisors to monitor their banks in a more consistent and systematic way, and will enable the RBNZ to better monitor the systemic implications of large exposures. EC5 In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisor has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisor may exercise discretion in applying this definition on a case by case basis. Description and findings re EC5 The definition of ‘closely related counterparties’ is set in the Disclosure OiC, which states that: “group of closely related counterparties means a group of legal or natural persons who are related in such a way that— a) the financial soundness of any one of them may materially affect the financial soundness of the others; b) one has the power to control the others; or c) one has the capacity to exercise significant influence over the others”.

The RBNZ can make changes to this definition, if needed and after consultation. EC6 Laws, regulations or the supervisor set prudent and appropriate58 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including those giving rise to counterparty credit risk exposure), on-balance sheet as well as off￾balance sheet. The supervisor determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. Description and findings re EC6 The RBNZ does not place a limit on the amount of exposure that banks can have to single counterparties or groups of connected counterparties. The RBNZ prefers to let banks set their own internal policies and limits. Individual supervisors do, however, closely monitor large exposures, particularly for large banks and those with significant large exposures.

58 Such requirements should, at least for internationally active banks, reflect the applicable Basel standards. As of September 2012, a new Basel standard on large exposures is still under consideration.

NEW ZEALAND 156 INTERNATIONAL MONETARY FUND In 2011, the RBNZ conducted a review of large exposures and concluded that, although a number of banks did have large exposures, the banks were effectively managing the risk though collateral arrangements or other means. The RBNZ is planning to look again at the large exposures of banks, once the initial data collection for the new reporting has been reviewed. EC7 The supervisor requires banks to include the impact of significant risk concentrations into their stress testing programs for risk management purposes. Description and findings re EC7 BS12 specifies that ICAAPs should capture risks not fully captured under Pillar 1 and states that the bank should have in place policies and systems to monitor and control concentrated exposures to credit and other risks, and in turn consider whether additional capital is a suitable risk mitigant. BS12 provides more detailed guidance around stress tests, stating that “the bank should perform rigorous forward-looking stress tests that identify severe loss events or adverse changes in market conditions, and assess their impact on bank’s capital adequacy.” Any bank adhering carefully to this policy would necessarily be monitoring and constructing stress testing around its large exposures. Additional criteria AC1 In respect of credit exposure to single counterparties or groups of connected counterparties, banks are required to adhere to the following: (a) 10 percent or more of a bank’s capital is defined as a large exposure; and (b) 25 percent of a bank’s capital is the limit for an individual large exposure to a private sector nonbank counterparty or a group of connected counterparties. Minor deviations from these limits may be acceptable, especially if explicitly temporary or related to very small or specialized banks. Description and findings re AC1 The RBNZ does not have a regulatory limit on the size of individual large exposures, nor does it impose an additional capital charge for these exposures. For the purposes of its disclosure requirements, the RBNZ defines large exposures as 10 percent or more of a bank’s equity (rather than capital). For the purposes of its private reporting on large exposures, the RBNZ measures large exposures as a percentage of CET1 capital. Assessment of Principle 19 Materially Noncompliant Comments For ECs 1 through 5 and EC7, the RBNZ uses a mix of regulatory discipline, self-discipline and market discipline to achieve the desired results. However, the approach does not meet the CP requirements. In a number of areas, rather than regulatory established limits and policy requirements the RBNZ relies on attestations from the Board that they are in place.

NEW ZEALAND INTERNATIONAL MONETARY FUND 157 For EC6 and AC1, there are no regulatory limits established. The RBNZ intends to conduct another review of large exposures and, once the new data collection has been analyzed, may review the current approach, depending on the conclusions of that work. Principle 20 Transactions with related parties. In order to prevent abuses arising in transactions with related parties59 and to address the risk of conflict of interest, the supervisor requires banks to enter into any transactions with related parties60 on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. Essential criteria EC1 Laws or regulations provide, or the supervisor has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties identified in the footnote to the Principle. The supervisor may exercise discretion in applying this definition on a case by case basis. Description and findings re EC1 The RBNZ has the power to impose conditions of registration that relate to the bank’s ability to ‘carry on business in a prudent manner’, which specifically includes ‘separation of the business or proposed business from other business and from other interests of any person owning or controlling the applicant or registered bank’ and also includes loan concentration. These powers allow the RBNZ to set requirements on transactions with related parties, which the RBNZ terms ‘connected persons’. The RBNZ defines connected persons in BS8: A connected person is ‘any person, other than a government of a country which is a member of the Organization for Economic Cooperation and Development, which is:  an owner (which means any person who has a substantial interest in the registered bank), or  an entity in which an owner has a substantial interest (other than the registered bank and entities in which the registered bank itself has a substantial interest), or  a person which has a substantial interest in an owner, or  a director of the registered bank.”

59 Related parties can include, among other things, the bank’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the bank exerts control over or that exerts control over the bank, the bank’s major shareholders, Board members, senior management and key staff, their direct and related interests, and their close family members as well as corresponding persons in affiliated companies. 60 Related party transactions include on-balance sheet and off-balance sheet credit exposures and claims, as well as, dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction should be interpreted broadly to incorporate not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a bank has an existing exposure) subsequently becomes a related party.

NEW ZEALAND 158 INTERNATIONAL MONETARY FUND A person has a ‘substantial interest’ in an entity if that person:  holds (whether directly or indirectly) more than 20 percent of the issued securities of an entity, other than securities that carry no right to participate beyond a specified amount in a distribution of either profits or capital; or  is entitled to receive (whether directly or indirectly) more than 20 percent of every dividend (or, in the case of an entity which is not a company, distributions of a similar nature) paid on securities issued by the entity, other than securities that carry no right to participate beyond a specified amount in a distribution of either profits or capital; or  is in a position to exercise, or control the exercise of, more than 20 percent of the maximum number of votes that can be exercised at a meeting of an entity or the owners of the entity; or  controls or significantly influences the composition of the Board of the entity, or, if the entity does not have a Board of directors, the body which has the power to manage or direct or supervise the management of the business and affairs of the company. If the RBNZ deems it necessary, it can vary conditions of registration and could change these definitions to ensure that specific parties are included. The RBNZ has imposed a condition of registration on locally incorporated New Zealand banks requiring that they comply with BS8. BS8 does not apply to branches. EC2 Laws, regulations or the supervisor require that transactions with related parties are not undertaken on more favorable terms (e.g., in credit assessment, tenor, interest rates, fees, amortization schedules, requirement for collateral) than corresponding transactions with non-related counterparties.61 Description and findings re EC2 BS8 Connected Exposures Policy specifically states that exposures to connected persons shall not be on more favorable terms than corresponding exposures to non-connected persons. Furthermore, directors are required to make a quarterly attestation that “credit exposures to connected persons (if any) were not contrary to the interests of the registered bank’s banking group.” Directors must also make a quarterly attestation that the bank has complied with its conditions of registration. This would include BS8 and any specific additional conditions related to related party exposure to which a bank may be subject. In addition, ‘claw back’ provisions under statutory management (as described under s138 of the RBNZ Act) dis-incentivize ‘improper disposal of property’ (i.e., sub-market sales or transactions) under business-as-usual circumstances. If the court thinks fit, it can order that property be transferred to the statutory manager, or that the person acquiring the property pay a higher sum. The RBNZ also applies the ‘voidable transaction’ provisions of the Companies Act, which allows transactions undertaken on a non-arm’s length basis

61 An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g. staff receiving credit at favorable rates).

NEW ZEALAND INTERNATIONAL MONETARY FUND 159 when an entity was unable to pay its debts to be voided if a bank is in statutory management or liquidation. EC3 The supervisor requires that transactions with related parties and the write-off of related￾party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the bank’s Board. The supervisor requires that Board members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. Description and findings re EC3 The RBNZ does not have specific requirements that transactions with related parties or write-off of related party exposures be subject to prior approval by the bank’s Board. Additionally, the definition of transactions is not as broad as the CP’s and focuses on credit exposures. The RBNZ also requires banks’ Board members to disclose any transactions they may have entered into that would be on terms other than ‘arm’s length’ as well as anything that could impact the exercise of the Director’s duties. The RBNZ also requires that Boards disclose their policies for avoiding conflicts of interest. Both of these disclosures are included in full-year disclosure statements. EC4 The supervisor determines that banks have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. Description and findings re EC4 RBNZ does not conduct detailed reviews of these policies and processes. EC5 Laws or regulations set, or the supervisor has the power to set on a general or case by case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralization of such exposures. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. Description and findings re EC5 BS8 sets limits on exposures to connected persons:  Aggregate exposures to all connected persons including banks (netted off against funds received from such persons under robust bilateral netting agreements) are set according to a rating-contingent limit (see table below).  The aggregate net limit of exposure to ‘nonbank’ related parties is set at 15 percent of the banking group’s tier 1 capital.  The aggregate gross limit (before netting) for all related party exposures is 125 percent of the banking group’s Tier 1 capital.

NEW ZEALAND 160 INTERNATIONAL MONETARY FUND Credit Rating Connected exposure limit (% of the banking group’s Tier 1 capital) AA/Aa2 and above 75 AA-/Aa3 70 A+/A1 60 A/A2 40 A-/A3 30 BBB+/Baa1 and below 15 The RBNZ can alter the requirements for a particular bank by imposing a non-standard condition. BS8 specifically states that “advances of a capital nature by a banking group to connected persons must be deducted from the banking group’s Tier 1 capital.” EC6 The supervisor determines that banks have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, and to monitor and report on them through an independent credit review or audit process. The supervisor determines that exceptions to policies, processes, and limits are reported to the appropriate level of the bank’s senior management and, if necessary, to the Board, for timely action. The supervisor also determines that senior management monitors related party transactions on an ongoing basis, and that the Board also provides oversight of these transactions. Description and findings re EC6 The RBNZ has not issued standards for adequate policies and processes to monitor related party transactions. The RBNZ does not review bank policies on a regular basis. EC7 The supervisor obtains and reviews information on aggregate exposures to related parties. Description and findings re EC7 BS8 requires that the aggregate credit exposure of the banking group be assessed for the purposes of complying with the policy. BS8 defines ‘credit exposure’ as the amount of maximum loss that a party could incur as a result of the counterparty to that contract failing to discharge its obligations, without taking into account the value of collateral, guarantees etc. This information is required as at the balance date and in respect of peak end-of-day aggregate credit exposure for the full year accounting period. While BS8 allows netting in certain circumstances (pursuant to a robust industry standard netting agreement), it also sets a maximum of aggregate gross exposures at 125 percent of the banking group’s Tier 1 equity. In their annual Connected Exposures disclosures, banks are required to provide a statement as to whether aggregate exposure has been calculated on a gross or a bilateral net basis. If any part has been undertaken on a bilateral net basis, the bank must also provide:

NEW ZEALAND INTERNATIONAL MONETARY FUND 161  The gross amount as a percent of Tier 1 capital, before eligible netting has taken place.  The amount, as a percent of Tier 1 capital that has been netted off.  A statement that there is a limit of 125 percent of banking group Tier 1 capital in respect of the gross amount of aggregate credit exposure to connected persons that can be netted off in determining the net exposure. The RBNZ is implementing a new private reporting framework for Connected Exposures that builds on this with the data available quarterly from March 2016. The template requires detailed information on gross and net exposure. Assessment of Principle 20 Materially Noncompliant Comments The RBNZ has flexibility to determine the definition of connected exposures. The BS8 condition of registration requires that transactions with related parties be at arms-length. The definition of transaction is credit-related and does not specifically identify all those included in the CP definition. The RBNZ does not comply with ECs 3 and 4, as there is no requirement for Board pre-approval or restrictions on credit processes for related party transactions. Limits are set on exposures to related parties. The RBNZ does not conduct detailed reviews of bank policies and processes to determine that adequate monitoring of related party transactions is in place (EC6). The definition of related parties does not cover all parties or transactions as defined in the footnotes to the definition of CP20. Regulatory reports on related party exposure contain aggregate totals to monitor compliance with regulatory limits. However, they do not provide details on individual exposures concerning terms, renewals, and approval process. In conjunction with the review on large exposures, RBNZ expects to also review connected exposure limits and the calibration thereof. Principle 21 Country and transfer risks. The supervisor determines that banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk62 and transfer risk63 in their international lending and investment activities on a timely basis. Essential criteria EC1 The supervisor determines that a bank’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation

62 Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk as all forms of lending or investment activity whether to/with individuals, corporates, banks or governments are covered. 63 Transfer risk is the risk that a borrower will not be able to convert local currency into foreign exchange and so will be unable to make debt service payments in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the borrower’s country. (Reference document: IMF paper on External Debt Statistics – Guide for compilers and users, 2003.)

NEW ZEALAND 162 INTERNATIONAL MONETARY FUND of country risk and transfer risk. The supervisor also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the bank, take into account market and macroeconomic conditions and provide a comprehensive bank￾wide view of country and transfer risk exposure. Exposures (including, where relevant, intra-group exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-borrower/end-counterparty basis). Banks are required to monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. Description and findings re EC1 The RBNZ does not actively determine any of these matters. A bank’s directors’ quarterly attestation refers to adequate management of all of the banking group’s material risks, and hence must cover country or transfer risks for any bank for which those risks are material. Given the small scale of New Zealand banks’ country and transfer risk and the high credit ratings of the main countries involved, the RBNZ believes that its supervisory approach to country and transfer risk is proportionate.

There is no specific regulatory requirement for banks to monitor or evaluate developments in country or transfer risk. If a bank’s financial statements began to indicate that country or transfer risk were becoming material for the bank, or that the nature of the risks was deteriorating, the RBNZ would consider steps such as discussion with the bank’s Board or senior management, or more frequent and detailed reporting on risk exposures. EC2 The supervisor determines that banks’ strategies, policies and processes for the management of country and transfer risks have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. Description and findings re EC2 The RBNZ does not focus specifically on country or transfer risk in any of the work it carries to assess how much a bank’s Board is involved in overseeing and approving the bank’s approach to managing its risks generally. EC3 The supervisor determines that banks have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis; and ensure adherence to established country exposure limits. Description and findings re EC3 The RBNZ does not determine this directly in any systematic way. Consistent with its general supervisory approach, the RBNZ relies principally on self and market discipline to incentivize these outcomes. EC4 There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. There are different international practices that are all acceptable as long as they lead to risk-based results. These include:

NEW ZEALAND INTERNATIONAL MONETARY FUND 163 (a) The supervisor (or some other official authority) decides on appropriate minimum provisioning by regularly setting fixed percentages for exposures to each country taking into account prevailing conditions. The supervisor reviews minimum provisioning levels where appropriate. (b) The supervisor (or some other official authority) regularly sets percentage ranges for each country, taking into account prevailing conditions and the banks may decide, within these ranges, which provisioning to apply for the individual exposures. The supervisor reviews percentage ranges for provisioning purposes where appropriate. (c) The bank itself (or some other body such as the national bankers’ association) sets percentages or guidelines or even decides for each individual loan on the appropriate provisioning. The adequacy of the provisioning will then be judged by the external auditor and/or by the supervisor. Description and findings re EC4 The RBNZ has no direct involvement in the setting of appropriate levels of provision against country and transfer risk. EC5 The supervisor requires banks to include appropriate scenarios into their stress testing programs to reflect country and transfer risk analysis for risk management purposes. Description and findings re EC5 The RBNZ does not currently require banks to include scenarios in their stress-testing that reflect country and transfer risk in the usual sense of risks arising from direct lending exposures to cross-border counterparties. Given the current scale and nature of these risks, the RBNZ believes such a requirement would be disproportionate. EC6 The supervisor regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisor also has the power to obtain additional information, as needed (e.g., in crisis situations). Description and findings re EC6 Under financial reporting standards, banks are required in their annual financial statements to report on the risks arising from financial instruments. This includes qualitative and quantitative descriptions of each risk, including concentrations of risk. To meet this requirement, banks (where relevant) provide descriptions of how country risk arises and how they manage the risk, and how total credit exposures are broken down into New Zealand and non-New Zealand exposures (with individual countries identified where material). The RBNZ additionally requires banks’ half-year disclosure statement to include figures showing credit risk concentration, which typically shows any cross-border exposures. This information is reviewed as part of supervisors’ regular reviews of bank disclosure statements. As discussed under EC1 above, the total amounts are a small percentage of total risk, and the credit exposures are highly rated. The RBNZ therefore views the nature and frequency of the information as sufficient. Assessment of Principle 21 Compliant

NEW ZEALAND 164 INTERNATIONAL MONETARY FUND Comments New Zealand is exposed to the Australian economy as home country for the parents of the largest banks in New Zealand that represent approximately 86 percent of the banking system. The RBNZ monitors Australia closely, is very familiar with the financial soundness of the parent banks, and has a close relationship with APRA. As a result, and due to the fact that cross-border lending by banks in New Zealand is limited and primarily to Australia, the level of country risk monitoring is adequate. However, monitoring would need to increase if the exposure became more diversified. Principle 22 Market risk. The supervisor determines that banks have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. Essential criteria EC1 Laws, regulations or the supervisor require banks to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisor determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the bank; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. Description and findings re EC1 Directors of New Zealand banks are required to make certain attestations which, among other things, cover market risk. Also banks are required to disclose certain information about market risk and assess market risk capital adequacy. In order to make these attestations, disclosures and assessments, directors and senior management would need to satisfy themselves that appropriate market risk management processes are in place which provide a comprehensive bank-wide view of market risk exposure. Banks that are locally incorporated are required through conditions of registration to have an ICAAP that accords with the requirements set out in BS12. The ICAAP should capture all material risks that a bank faces, including market risk (which extends to interest rate risk in the banking book, and is captured under Pillar 1), risks not fully captured under Pillar 1, risks not taken into account by the Pillar 1 process, and risk factors external to the bank – see BS12 (paragraph 13). BS12 (paragraph 19) states that the bank should establish an adequate system for monitoring and reporting risk exposures. The RBNZ does not generally make formal determinations about banks’ market risk management processes, market risk is incorporated into the RBNZ’s risk rating process (the PRESS process). A PRESS assessment is undertaken for each bank and includes separate consideration of market risk. In the case of market risk, the assessment is generally linked to the bank’s peak capital charge for interest rate risk, foreign currency risk and equity risk. However, the assessment could also take into account:

NEW ZEALAND INTERNATIONAL MONETARY FUND 165  Disclosure statement reviews.  Reviews of bank reports to executive management and Board committees.  Formal engagement meetings with banks. Several meetings each year include agenda items on market risk. In practice the amount of time spent discussing market risk is limited. However, during 2016-17 a more focused ‘themed’ session with the major banks is planned which will include a detailed discussion of market risk. In practice almost all the banks for which the PRESS process applies are assessed as having low market risk given the relatively small market risk exposures of New Zealand banks. EC2 The supervisor determines that banks’ strategies, policies and processes for the management of market risk have been approved by the banks’ Boards and that the Boards oversee management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the banks’ overall risk management process. Description and findings re EC2 Banks’ Boards typically set or approve market risk strategies and policies, and periodically review those policies and monitor compliance with policies through Board reports, questioning of management and internal/group audit or risk review processes. The RBNZ’s ICAAP Guidelines (BS12) is referred to in EC1. Paragraph 20 of BS12 state that the bank’s Board and senior management should receive regular reports or updates on the bank’s risk profile (and capital needs). The ten largest locally incorporated banks are required to provide the RBNZ Board papers that include bank risk appetite statements (which typically include a section on appetite and tolerances for market risk), Board risk reports (that typically include material on market risk monitoring including metrics to measure performance against Board tolerances), and the ICAAP document. EC3 The supervisor determines that the bank’s policies and processes establish an appropriate and properly controlled market risk environment including: (a) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the bank’s Board and senior management; (b) appropriate market risk limits consistent with the bank’s risk appetite, risk profile and capital strength, and with the management’s ability to manage market risk and which are understood by, and regularly communicated to, relevant staff; (c) exception tracking and reporting processes that ensure prompt action at the appropriate level of the bank’s senior management or Board, where necessary; (d) effective controls around the use of models to identify and measure market risk, and set limits; and

NEW ZEALAND 166 INTERNATIONAL MONETARY FUND (e) sound policies and processes for allocation of exposures to the trading book. Description and findings re EC3 The RBNZ does not routinely determine that banks’ policies and processes establish an appropriate and properly controlled market risk environment. EC4 The supervisor determines that there are systems and controls to ensure that bank’ marked-to-market positions are revalued frequently. The supervisor also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risk-taking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the bank relies on modeling for the purposes of valuation, the bank is required to ensure that the model is validated by a function independent of the relevant risk-taking businesses units. The supervisor requires banks to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. Description and findings re EC4 The RBNZ does not review banks’ mark-to-market systems and controls, transaction capturing, or valuation processes. The RBNZ has not set any valuation adjustment requirements for banks. EC5 The supervisor determines that banks hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. Description and findings re EC5 The RBNZ requires locally incorporated banks, through conditions of registration, to hold Pillar 1 regulatory capital for market risk. The amount of market risk capital required to be held by a locally incorporated bank is published in the bank’s disclosure statements each quarter. Although the RBNZ conducts checks on compliance with disclosure requirements, the RBNZ does not conduct detailed checks on whether banks comply with market risk capital requirements. The RBNZ does not determine whether banks make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities for the purposes of a bank’s capital regulatory capital calculation. EC6 The supervisor requires banks to include market risk exposure into their stress testing programs for risk management purposes. Description and findings re EC6 As part of the ICAAP, banks are required to perform rigorous and forward-looking stress￾tests and assess the impact of these tests on the bank’s capital levels. Assessment of Principle 22 Largely Compliant Comments Under the RBNZ’s supervisory approach, responsibility for market risk management rests primarily with bank directors and senior management. The RBNZ’s requirements for risk management (including market risk management) therefore rely heavily on director attestations and disclosure, although Pillar 1 capital and ICAAP requirements capture market risk. In order to meet these requirements directors and senior management would

NEW ZEALAND INTERNATIONAL MONETARY FUND 167 need to satisfy themselves that appropriate market risk management processes are in place. The RBNZ gains insight into how these requirements are met and into bank’s strategies, policies and procedures through review of bank disclosure statements and of Board risk reports. The RBNZ also sets market risk capital requirements and requires locally incorporated bank’s ICAAP to capture market risk. Supervisory views about market risk are formed through the PRESS process which takes account of disclosure statement information and bank risk reports. Compared to other risk areas (particular credit risk) active supervision of market risk is limited in light of the low exposure to market risk faced by New Zealand banks. Compliance with the Essential Criteria is weak as the RBNZ does not have specific requirements for market risk processes (EC1) and does not formally review processes and systems (EC2/EC3/EC4). The rating is based on the low volume of open exchange positions, trading accounts and equity holdings and the results of stress testing showing the small impact of market risk. If risk increases or becomes more diversified’ an attendant increase in monitoring will be required. Principle 23 Interest rate risk in the banking book. The supervisor determines that banks have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate interest rate risk64 in the banking book on a timely basis. These systems take into account the bank’s risk appetite, risk profile and market and macroeconomic conditions. Essential criteria EC1 Laws, regulations or the supervisor require banks to have an appropriate interest rate risk strategy and interest rate risk management framework that provides a comprehensive bank-wide view of interest rate risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of interest rate risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the bank, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the bank’s changing risk profile and market developments. Description and findings re EC1 There are no direct laws, regulations or RBNZ requirements for a bank to have an appropriate interest rate risk strategy and interest rate risk management framework. The RBNZ does not distinguish anywhere in its prudential framework between interest rate risk arising from trading activities, and interest rate risk in the banking book. The capital requirements for market risk as a whole do not make any distinction between banking book and trading book business. Accordingly, within the market risk total, the

64 Wherever “interest rate risk” is used in this Principle the term refers to interest rate risk in the banking book. Interest rate risk in the trading book is covered under Principle 22.

NEW ZEALAND 168 INTERNATIONAL MONETARY FUND methodology for calculating capital for interest rate risk captures interest rate risk in the banking book. The major New Zealand banks are exposed to interest rate risk mainly from their deposit￾taking and lending activities, with their repricing gaps being fairly typical of banks with large retail mortgage books. Banks manage these risks by the nature of the products they offer (e.g., banks do not generally offer fixed interest rates on mortgages for periods of longer than five years), and by holding interest rate derivatives to hedge the risks.

The banks’ aggregate hedged interest rate risk exposures for both traded and non-traded risk (as measured by regulatory capital requirements, and banks’ own VaR modelling and sensitivity analyses) are relatively small: the total capital requirement is rarely more than 5 percent of Tier 1 capital (and this is a conservative measure, being on a Basel standardized basis). Interest rate risk in the banking book generally makes up the majority of total interest rate risk: banks do not take significant proprietary interest rate positions and are exposed to only small amounts of traded interest rate risk, mainly arising from short-term liquidity management activities. EC2 The supervisor determines that a bank’s strategy, policies and processes for the management of interest rate risk have been approved, and are regularly reviewed, by the bank’s Board. The supervisor also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. Description and findings re EC2 The major New Zealand banks (and most of the other locally incorporated banks) are required to provide the RBNZ with Board papers that include bank risk appetite statements (which typically include a section on interest rate risk in the banking book), and Board risk reports (that typically include material on IRRBB monitoring). The documents give the RBNZ a view of the level of Board oversight of interest rate risk in the banking book. This confirms that banks’ boards typically set or approve strategies and policies for interest rate risk in the banking book, periodically review those policies and monitor compliance with policies through Board reports, questioning of management and internal/group audit or risk review processes. EC3 The supervisor determines that banks’ policies and processes establish an appropriate and properly controlled interest rate risk environment including: (a) comprehensive and appropriate interest rate risk measurement systems; (b) regular review, and independent (internal or external) validation, of any models used by the functions tasked with managing interest rate risk (including review of key model assumptions); (c) appropriate limits, approved by the banks’ Boards and senior management, that reflect the banks’ risk appetite, risk profile and capital strength, and are understood by, and regularly communicated to, relevant staff;

NEW ZEALAND INTERNATIONAL MONETARY FUND 169 (d) effective exception tracking and reporting processes which ensure prompt action at the appropriate level of the banks’ senior management or Boards where necessary; and (e) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of interest rate risk exposure to the banks’ Boards and senior management. Description and findings re EC3 The RBNZ does not determine in a systematic way that each bank’s policies and processes establish an appropriate and properly controlled interest rate environment including all the features listed above. EC4 The supervisor requires banks to include appropriate scenarios into their stress testing programs to measure their vulnerability to loss under adverse interest rate movements. Description and findings re EC4 A joint RBNZ/APRA stress-testing exercise in 2014 involved the regulators providing the four big banking groups with two different adverse economic scenarios. One of these scenarios involved a sharp rise in interest rates, with mortgage lending rates peaking at 11–12 percent. The 5 smaller domestically owned banks have so far only taken part in a simple credit risk stress-testing exercise organized by the RBNZ. Additional criteria AC1 The supervisor obtains from banks the results of their internal interest rate risk measurement systems, expressed in terms of the threat to economic value, including using a standardized interest rate shock on the banking book. Description and findings re AC1 The RBNZ does not obtain directly from banks the result of their internal interest rate risk measurement systems in a mandated format. AC2 The supervisor assesses whether the internal capital measurement systems of banks adequately capture interest rate risk in the banking book. Description and findings re AC2 The RBNZ does not assess this. Assessment of Principle 23 Materially Noncompliant Comments The RBNZ does not make an absolute determination that banks have adequate systems to manage and control or mitigate interest rate risk in the banking book, nor that there is a Board-approved strategy and policies for managing the risk, which have been developed and implemented effectively by senior management. The RBNZ also does not carry out the necessary work to determine, for example, that a bank has effective information systems for accurate and timely identification and reporting of interest rate risk exposure to Board and senior management. The RBNZ does not meet the formal requirements for ECs 1 to 3. Principle 24 Liquidity risk. The supervisor sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for banks that reflect the liquidity needs of the bank. The supervisor determines that banks have a strategy that

NEW ZEALAND 170 INTERNATIONAL MONETARY FUND enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the bank’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the bank’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. At least for internationally active banks, liquidity requirements are not lower than the applicable Basel standards. Essential criteria EC1 Laws, regulations or the supervisor require banks to consistently observe prescribed liquidity requirements including thresholds by reference to which a bank is subject to supervisory action. At least for internationally active banks, the prescribed requirements are not lower than, and the supervisor uses a range of liquidity monitoring tools no less extensive than, those prescribed in the applicable Basel standards. Description and findings re EC1 Locally-incorporated banks are required to comply with the RBNZ’s Liquidity Policy (BS13). This imposes a range of quantitative and qualitative requirements on banks. Specifically, the policy requires that banks comply with the following quantitative requirements by condition of registration:  the one-week mismatch ratio is not less than zero percent at the end of each business day;  the one-month mismatch ratio is not less than zero percent at the end of each business day; and  The one-year CFR is not less than 75 percent at the end of each business day. Banks report their compliance with these metrics to the RBNZ on a monthly basis. The reports include a range of underlying data that input into the calculation of the headline metrics. The reports are monitored by the RBNZ’s statistics team and the relevant bank supervisor, with any anomalies or material changes pursued with the bank. Any breaches of this condition must be disclosed in the audited disclosure statements that banks are required to publish quarterly. The CFR has been progressively increased from an initial minimum of 65 percent to its current setting of 75 percent. This requirement was specifically designed to lengthen the tenor of funding in New Zealand and address the perceived over-exposure to short term wholesale funding. The RBNZ introduced BS13 before the development of the applicable Basel standards. However, the quantitative requirements are broadly aligned in terms of their high-level objectives and structure, and previous assessments have suggested that they result in broadly equivalent levels of conservativism as the Basel standards. RBNZ will in due course review whether to update BS13 to reflect the Basel standards.

NEW ZEALAND INTERNATIONAL MONETARY FUND 171 Banks that operate as a branch in New Zealand are not currently subject to any prudential liquidity requirements. This will be reconsidered as part of the forthcoming review. The list of eligible liquid assets under BS13 is broader than under the Basel standards. This reflects the relative shortage of Basel-compliant liquid assets in New Zealand. EC2 The prescribed liquidity requirements reflect the liquidity risk profile of banks (including on- and off-balance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. Description and findings re EC2 The quantitative liquidity requirements were specifically designed for New Zealand conditions. During the development phase, the key risk that was identified was the over￾exposure of New Zealand banks to short term wholesale funding. The structure of the CFR and the incremental increases in the minimum requirement has been designed to help address this concern. In conjunction with market pressures post crisis, the policy has been successful in reducing the reliance on non-core funding. The chart below shows the increase in core funding across the banking system since the GFC and the introduction of the policy. The requirements also reflect the (un)availability of high-quality liquid assets in New Zealand. This is evidenced by the broad range of assets that are included within the list of primary and secondary liquid assets in the policy, when compared to the new international standards. The list of qualifying liquid assets (set out in BS13A) was initially aligned with the list of repo eligible assets within the Reserve Bank’s domestic market operations (DMO). Some gaps have emerged as a result of a recent DMO review of eligibility and haircuts. Subject to the outcome of the broader review of BS13 against the Basel framework, it is possible that RBNZ will seek to close the gap between BS13A and the revised DMO framework. Any changes to the existing list of liquid assets for prudential purposes will be assessed against prudential objectives. 50 60 70 80 90 100 50 60 70 80 90 100 2003 2005 2007 2009 2011 2013 2015 % % Minimum CFR Core funding ratio (CFR)

NEW ZEALAND 172 INTERNATIONAL MONETARY FUND The mismatch ratios within BS13 include a 15 percent drawdown assumption on all committed lines, and include any inflows and outflows contractually due on derivative contracts. However, the quantitative requirements do not pick up wider market movements or potential for increased collateral calls directly. There are strong incentives on bank treasurers to monitor and manage these risks closely. RBNZ receives copies of the large banks’ ALCO market risk reports as part of the RBNZ Act s93 reporting requirements (described in EC3 below). EC3 The supervisor determines that banks have a robust liquidity management framework that requires the banks to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the banks’ Boards. The supervisor also determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the banks’ risk profile and systemic importance Description and findings re EC3 In addition to the quantitative requirements, the conditions of registration for all locally incorporated banks require them to have an internal framework for liquidity risk management that is adequate in the bank’s own view for managing its liquidity risk at a prudent level. Specifically, the condition requires that the plan: (a) is clearly documented and communicated to all those in the organization with responsibility for managing liquidity and liquidity risk; (b) identifies responsibility for approval, oversight and implementation of the framework and policies for liquidity-risk management; (c) identifies the principal methods that the bank will use for measuring, monitoring and controlling liquidity risk; and (d) considers the material sources of stress that the bank might face, and prepares the bank to manage stress through a contingency funding plan. PSD writes to the large locally incorporated banks each year (under section 93 of the RBNZ Act) to request copies of key Board and senior management reports. For all large locally incorporated banks this request includes the provision of the liquidity risk management framework. PSD reviews this document for compliance with the condition set out above. The document is approved by the bank’s Board before it is submitted to RBNZ. For the smaller locally incorporated banks, the level of private reporting is lower. EC4 The supervisor determines that banks’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment including: (a) clear articulation of an overall liquidity risk appetite that is appropriate for the banks’ business and their role in the financial system and that is approved by the banks’ Boards;

NEW ZEALAND INTERNATIONAL MONETARY FUND 173 (b) sound day-to-day, and where appropriate intraday, liquidity risk management practices; (c) effective information systems to enable active identification, aggregation, monitoring and control of liquidity risk exposures and funding needs (including active management of collateral positions) bank-wide; (d) adequate oversight by the banks’ Boards in ensuring that management effectively implements policies and processes for the management of liquidity risk in a manner consistent with the banks’ liquidity risk appetite; and (e) regular review by the banks’ Boards (at least annually) and appropriate adjustment of the banks’ strategy, policies and processes for the management of liquidity risk in the light of the banks’ changing risk profile and external developments in the markets and macroeconomic conditions in which they operate. Description and findings re EC4 BS13 provides guidance on the matters that should be addressed by banks’ internal liquidity strategies. The measures identified in EC4 are addressed as follows: a) BS13 requires banks to identify their risk tolerance and objectives for liquidity risk management. This process should reflect the nature of the bank’s business, potential demands from off the bank’s balance sheet and from connected parties, the environment and markets in which the bank operates, and the nature of its relationship with its owner or related parties. The overall structure for liquidity risk management must be approved by the Board. b) BS13 states that banks’ internal strategies should address liquidity risk and liquidity positions over a range of time horizons, from intra-day payment and settlement needs in Real-Time Gross Settlement systems out to the long term, and for all material sources of liquidity risk. Furthermore, it requires that the buffer of liquid assets should consider the intra-day needs for collateral stemming from the bank’s operation in payment and settlement systems. c) BS13 states that to support internal control of liquidity risk, banks should be capable of producing, analyzing and responding to additional information during periods of stress. This should include being able to quickly assess its position and available sources of liquidity, taking account of any practical matters, and should also consider means of prioritizing payments and controlling outflows where possible. d) BS13 requires that the overall strategy for liquidity risk management be approved by the Board, and states that the Board should take responsibility for ensuring that the registered bank has and implements an effective structure and liquidity-risk management framework for the bank, including contingency planning, so as to be able to achieve the bank’s objectives for liquidity-risk management in normal times and in periods of stress. e) The Board is required to attest on a quarterly basis that the bank complies with the liquidity conditions of registration (as set out in EC1 and EC3 above). This ensures

NEW ZEALAND 174 INTERNATIONAL MONETARY FUND that banks’ Boards regularly review all aspects of the liquidity risk management process. As part of the annual section 93 process (as set out in EC3), the RBNZ requests that all large locally incorporated banks submit an annual statement of risk appetite which identifies internal limits on relevant liquidity risk metrics. The annual risk appetite statement must be approved by the Board of the bank prior to its submission to the RBNZ. Banks report compliance against the risk appetite levels as part of their monthly Balance Sheet and Treasury Reports, which are shared with the relevant banking supervisor. The banking supervision teams use the information contained within these reports to input into the liquidity risk assessment of the quarterly Proportional Risk Evaluation Surveillance System (PRESS) report. The engagement identified above does not equate to the supervisor ‘determining’ the matters set out in the essential criteria. To do so would require a level of engagement at the next level down and would require a more hands-on approach to supervision than undertaken by the RBNZ. However, the reports allow the RBNZ to undertake a reasonable determination on the extent that the issues are being addressed, and provide a trigger for more in-depth discussion where the RBNZ identifies material concerns. This is common across all the matters covered in BS13 that are not explicitly part of the two associated conditions of registration. In addition, the supervisory teams are currently developing plans for a ‘theme day’ on market risk, funding and liquidity risk management with the five largest banks and, potentially, the smaller domestic banks. The objective will be to deepen the understanding of specific areas/risks relevant to the individual banks. This review will cover, inter alia, banks’ compliance with the qualitative and quantitative requirements in BS13. It is anticipated that this will develop into an annual engagement with each bank. EC5 The supervisor requires banks to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g., credit, market, operational and reputation risk) may impact the bank’s overall liquidity strategy, and include: (a) an analysis of funding requirements under alternative scenarios; (b) the maintenance of a cushion of high quality, unencumbered, liquid assets that can be used, without impediment, to obtain funding in times of stress; (c) diversification in the sources (including counterparties, instruments, currencies and markets) and tenor of funding, and regular review of concentration limits;

NEW ZEALAND INTERNATIONAL MONETARY FUND 175 (d) regular efforts to establish and maintain relationships with liability holders; and (e) regular assessment of the capacity to sell assets. Description and findings re EC5 (a) BS13 requires that the bank’s liquidity risk management framework identify an approach to managing the composition and nature of the bank’s funding and its liquid assets, including a funding plan with internal targets and limits. There is no explicit requirement on funding scenario analysis, but the composition of funding should reflect the bank’s liquidity needs, and the bank’s business should not be allowed to develop in ways that cannot be prudently supported by its funding and liquid asset holdings, thus an element of scenario analysis should be inherent in any strategic decisions. (b) The quantitative liquidity requirements of BS13 indirectly require the banks to hold a cushion of high quality, unencumbered, liquid assets that can be used to obtain funding in times of stress. Nonetheless, BS13 also explicitly recognizes that banks should, as a backstop, hold a buffer of liquid assets against liquidity shortfalls, both to meet the quantitative requirements, and take account of the full range of risks and demands facing the bank. (c) BS13 states that banks should have policies to ensure that the diversity and term of funding are prudent for the bank’s needs. It identifies a range of important elements to diversity, including but not limited to: the identity or characteristics of the provider, including whether the funding is wholesale or retail in nature; the currency of denomination; the jurisdiction of origin; the markets through which funding is raised; and the legal structure of the funding instrument. The policy also notes the importance of not allowing excessive concentrations in the term of funding, as such concentrations can be a source of difficulty when large concentrations of funding of a given term need to be renewed within a short space of time. BS13 states that the bank is responsible for adopting policies that ensure adequate diversity in the term of funding and should not rely solely on complying with the RBNZ’s quantitative requirements. (d) BS13 states that banks should actively monitor and promote their access to their important funding sources, and that they should assess their funding capacity both in normal times and in stressed circumstances. (e) BS13 states that banks cash flow management and liquid-asset stocks should include projections of positions under both normal and stressed conditions. It further states that internal cash flow projections should take account of the expected behavior of assets, and assumed behavior of cash flows and available liquidity should take account of any material practical obstacles to obtaining needed funds and realizing liquidity. Furthermore, BS13 states that the banks’ stock of liquid assets should be available permanently and should be eligible for realization by sale or pledging even in

NEW ZEALAND 176 INTERNATIONAL MONETARY FUND stressed circumstances. This should include consideration of the available facilities for realizing the liquidity value of the assets. Large banks provide a copy of their annual funding plan as part of the section 93 process (as set out in the response to EC3) to their banking supervisor for review. Banking supervision teams use the information contained within this report to input into the liquidity risk assessment of the PRESS report. EC6 The supervisor determines that banks have robust liquidity contingency funding plans to handle liquidity problems. The supervisor determines that the bank’s contingency funding plan is formally articulated, adequately documented and sets out the bank’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on lender of last resort support. The supervisor also determines that the bank’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor) and is regularly tested and updated to ensure it is operationally robust. The supervisor assesses whether, in the light of the bank’s risk profile and systemic importance, the bank’s contingency funding plan is feasible and requires the bank to address any deficiencies. Description and findings re EC6 BS13 sets out expectations for contingency management planning. This requires banks to establish a contingency funding plan, and stipulates that it be communicated to all those who would be affected by its execution. Specifically, plans should:  be designed to return the bank to a robust position as quickly as possible in the event of stress;  include policies, procedures and plans for responding to disruptions to the bank’s ability to meet its funding needs;  address all of the bank’s business lines, and take account of any off balance sheet and contingent risks that exist;  identify clear triggers, both quantitative and qualitative, and identify procedures for escalation. The absence of a trigger being hit must not preclude escalation;  include capability to generate additional reporting during periods of stress and enable the bank to quickly assess its position and available liquidity sources; and  include consideration of internal and external communications to promote market and public confidence. The RBNZ requires large banks to submit their contingency funding plan as part of their broader liquidity risk management framework under section 93. The liquidity policy is intended to ensure that all banks hold sufficient liquid assets to manage short term stress events through their own liquid asset resources. However, it should be noted that there is a shortage of assets in New Zealand that would meet the threshold of ‘high-quality liquid assets’ as defined under the Basel framework. Under

NEW ZEALAND INTERNATIONAL MONETARY FUND 177 BS13, there is a broader definition of liquid assets, which includes assets that would not be considered liquid by international standards, but are accepted by the RBNZ’s domestic market operations. EC7 The supervisor requires banks to include a variety of short-term and protracted bank￾specific and market-wide liquidity stress scenarios (individually and in combination), using conservative and regularly reviewed assumptions, into their stress testing programs for risk management purposes. The supervisor determines that the results of the stress tests are used by the bank to adjust its liquidity risk management strategies, policies and positions and to develop effective contingency funding plans. Description and findings re EC7 The guidance under BS13 sets out an expectation that banks should have a method for projecting cash flows and positions under both normal conditions and stress scenarios, and that this analysis should be performed both for the bank as a whole and, where relevant, for business units that contribute significantly to liquidity or liquidity risk. Banks conduct their own internal stress testing, which includes a range of liquidity stress scenarios. A framework of formal supervisory stress testing is currently being rolled out in New Zealand. To date, supervisor driven stress tests have focused primarily on solvency issues rather than liquidity. EC8 The supervisor identifies those banks carrying out significant foreign currency liquidity transformation. Where a bank’s foreign currency business is significant, or the bank has significant exposure in a given currency, the supervisor requires the bank to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that currency and, where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisor also monitors the bank’s liquidity needs in each significant currency, and evaluates the bank’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. Description and findings re EC8 BS13 states that all elements of the bank’s framework for measurement, monitoring, and control of liquidity risk and for management of liquidity should take account of cash flows in all currencies. This includes the setting of internal limits and targets, and the banks’ consideration of the appropriate composition of funding and liquid assets, both of which should address risks from positions and flows in all currencies. In considering the appropriate structure of its liquid asset portfolio, BS13 states that banks should have regard to a range of practical factors, including the currency of denomination and location in which the assets are held. As outlined in EC1, banks are required to report against the BS13 quantitative requirements in a monthly report. The template report includes a range of underlying measures that feed into the calculation of the requirements. This includes a breakdown of

NEW ZEALAND 178 INTERNATIONAL MONETARY FUND all funding by remaining time to maturity, whether the funding is domestic or offshore, and whether it is NZD or other currency. However, this is primarily tracked for statistical purposes rather than prudential purposes. New Zealand banks do not undertake material business in foreign currencies. The primary exposure on currency arises through offshore funding by the five largest banks. This funding is hedged into New Zealand dollars. As a result, the primary exposure is a counterparty credit risk through the hedge arrangements rather than a pure currency exposure. Additional criteria AC1 The supervisor determines that banks’ levels of encumbered balance-sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on the banks’ cost of funding and the implications for the sustainability of their long-term liquidity position. The supervisor requires banks to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. Description and findings re AC1 The RBNZ imposes a limit on banks’ issuance of covered bonds, via their conditions of registration. This limit is set at a maximum of 10 percent of a banking group’s total assets being held in a covered bond assets pool, in order to balance the benefits of covered bond issuance against the potential impact on unsecured creditors. There is no formal supervisory requirement on the total level of encumbrance of the balance sheet. A bank is required to disclose in every quarterly disclosure statement “the amount of financial assets it has pledged as collateral for liabilities or contingent liabilities”. This is required in annual financial statements by paragraph 14 of NZ IFRS 7, and in other disclosure statements by specific RBNZ disclosure requirements. Assessment of Principle 24 Compliant Comments Under the RBNZ’s prudential liquidity policy there are quantitative requirements in place that were designed to maintain strong short-term buffers and address weaknesses in the banks’ funding model. The current framework also requires banks to have an internal risk management framework that is adequate in the bank’s own view for managing liquidity risk at prudent levels, and sets clear requirements for what must be included at a high level. The policy provides guidance on relevant factors that should inform that process. Through this guidance, the policy addresses the bulk of the issues identified in the essential criteria for core principle 24.

NEW ZEALAND INTERNATIONAL MONETARY FUND 179 The RBNZ places significant onus on banks, and their Boards, to deliver outcomes that are consistent with its supervisory goals. RBNZ relies on reporting arrangements that allow it to understand how the bank is managing its liquidity risk, and engage in a targeted fashion where concerns are identified. This ongoing supervisory engagement process will be enhanced with ‘themed days’ on market risk, funding and liquidity risk management with individual banks. The four foreign-owned subsidiaries accounting for nearly 90 percent of banking assets are subject to Basel III LCR requirements set by home country rules. They must also meet RBNZ requirements. The RBNZ mismatch requirements under BS13 yield similar liquidity requirements as the LCR, and are monitored by the RBNZ. Deficiencies concerning on-site testing are reflected in CP9 rating. Principle 25 Operational risk. The supervisor determines that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk65 on a timely basis. Essential criteria EC1 Law, regulations or the supervisor require banks to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisor determines that the bank’s strategy, policies and processes are consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the bank on a bank-wide basis (including periods when operational risk could increase). Description and findings re EC1 Directors are required to make certain quarterly attestations which, among other things, cover operational risk. Also, banks are required to disclose certain information about operational risk. Another requirement relevant to EC1 is the ICAAP. New Zealand banks that are locally incorporated are required through conditions of registration to have an ICAAP that accords with the requirements set out in BS12 that the bank should establish an adequate system for monitoring and reporting risk exposures. The RBNZ does not make formal determinations about banks’ operational risk frameworks, operational risk is incorporated into the RBNZ’s risk rating process (the PRESS process). A PRESS assessment is undertaken for each bank and includes separate

65 The Committee has defined operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The definition includes legal risk but excludes strategic and reputational risk.

NEW ZEALAND 180 INTERNATIONAL MONETARY FUND consideration of operational risk. The assessment of operational risk takes into account the following:  The complexity of the bank’s organizational structure and operations.  The robustness of the bank’s payment system infrastructure and track-record of availability.  Outsourcing arrangements, including compliance with the RBNZ’s outsourcing policy.  Complexity of IT arrangements, and known obsolescence in core systems.  Operational risk losses. The RBNZ’s assessment of banks’ operational risk strategies, policies and processes draws on the following activities:  Disclosure statement reviews.  Review executive management and Board committee reports. These reports are requested under section 93 of the RBNZ Act. The reports cover a range of topics including operational risk.  Formal engagement meetings with banks. Several meetings each year include agenda items on operational risk, while for the larger banks specific meetings on operational risk are typically held. The RBNZ may impose additional requirements if a bank’s operational risk management is assessed as weak. EC2 The supervisor requires banks’ strategies, policies and processes for the management of operational risk (including the banks’ risk appetite for operational risk) to be approved and regularly reviewed by the banks’ Boards. The supervisor also requires that the Board oversees management in ensuring that these policies and processes are implemented effectively. Description and findings re EC2 Boards typically set or approve operational risk management strategies and policies, periodically and review those policies and monitor compliance through Board reports, questioning of management and internal group audit or risk review processes. The ten largest locally incorporated banks are required to provide the RBNZ with Board papers that include bank risk appetite statements (which typically include a section on operational risk) and Board risk reports (that typically include material on operational risk monitoring, including measuring performance against Board risk appetite). These documents are requested under section 93 of the RBNZ Act. The RBNZ has particular requirements for those banks that have implemented the Advanced Measurement Approach to Operational Risk capital adequacy. These requirements include that the bank’s Board approve the operational risk management

NEW ZEALAND INTERNATIONAL MONETARY FUND 181 framework and that the bank’s operational risk management processes and measurement systems are reviewed annually by external or internal auditors. EC3 The supervisor determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the bank’s overall risk management process. Description and findings re EC3 The RBNZ does not formally determine the effectiveness of operational risk management implementation by banks. However, the RBNZ’s PRESS assessment can take into account implementation effectiveness drawing on insights gained from bank risk reports and bank engagement meetings covering risk management. EC4 The supervisor reviews the quality and comprehensiveness of the bank’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the bank. In so doing, the supervisor determines that the bank is able to operate as a going concern and minimize losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. Description and findings re EC4 The RBNZ does not formally review banks’ disaster recovery (DR) and business continuity plans (BCP). The RBNZ’s expectation is that DR and BCP related risks are captured within the risks covered by the attestations described above (see EC1). However, the RBNZ’s regular bank engagement usually incorporates discussion of disaster recovery and business continuity arrangements, and copies of (e.g., annual) updates to Board/senior management on BCP arrangements may be requested in relation to the RBNZ’s annual more-targeted engagement on operational risks for the 10 largest locally incorporated banks. Information from these meetings feeds into the PRESS assessment. EC5 The supervisor determines that banks have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisor also determines that banks have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management. Description and findings re EC5 The RBNZ does not routinely review banks’ information and technology policies and processes. The RBNZ’s expectation is that technology risk is captured within the operational risks covered by the attestations described above (see EC1). However, in 2013 the RBNZ conducted a high level thematic survey of banks’ IT security risks and processes in place which are acknowledged as becoming an increasingly important part of the operational risks to which registered banks are exposed, especially as a result of the growing trend towards the electronic provision of banking information and banking services. The survey assisted the RBNZ to build upon its knowledge of the IT security arrangements of registered banks and the approaches they use to manage IT security risks. Following this work some banks have substantive workstreams underway to improve their arrangements.

NEW ZEALAND 182 INTERNATIONAL MONETARY FUND Also in 2015 the RBNZ undertook work to explore the impacts of digitization or digital disruption of the banking industry with specific regard to New Zealand banks and published the findings. The RBNZ obtains and reviews bank reports to executive management and Board committees (as discussed in EC1). These reports cover a range of topics including operational risk, with separate reports on technology risk and IT security provided by some banks. Information from these reports feed into the PRESS assessment discussed in EC1. EC6 The supervisor determines that banks have appropriate and effective information systems to: (a) monitor operational risk; (b) compile and analyze operational risk data; and (c) facilitate appropriate reporting mechanisms at the banks’ Boards, senior management and business line levels that support proactive management of operational risk. Description and findings re EC6 The RBNZ does not make any formal determination about banks’ information systems. Engagements with banks and bank reports received provide some insight into these systems. Any issues the RBNZ becomes aware of could feed into the PRESS assessment of operational risk or internal controls, and be taken up with the bank’s management for remedial action. EC7 The supervisor requires that banks have appropriate reporting mechanisms to keep the supervisor apprised of developments affecting operational risk at banks in their jurisdictions. Description and findings re EC7 The RBNZ is appraised of developments affecting operational risk through information included in disclosure statements; bank reports to executive management and Board committees (provided to the RBNZ) and regular engagement and consultations with banks. Also, in practice banks typically contact the RBNZ when there is a serious operational risk issue, particularly in respect of material payments or systems outages affecting customers’ retail payments access, transactions processing, or invocation of business continuity plans. Certain explicit reporting requirements apply for events or incidents affecting the payments system. EC8 The supervisor determines that banks have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management program covers: (a) conducting appropriate due diligence for selecting potential service providers; (b) structuring the outsourcing arrangement; (c) managing and monitoring the risks associated with the outsourcing arrangement;

NEW ZEALAND INTERNATIONAL MONETARY FUND 183 (d) ensuring an effective control environment; and (e) establishing viable contingency planning. Outsourcing policies and processes require the bank to have comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the bank. Description and findings re EC8 Banks whose New Zealand liabilities, net of amounts due to related parties, exceed $10 billion are required through conditions of registration to comply with the RBNZ’s outsourcing policy (BS11). This policy currently applies to the five largest New Zealand incorporated banks. The main requirement of this policy is that the bank has legal and practical ability to control and execute any business, and any functions relating to any business, of the bank that are carried on by a person other than the bank, sufficient to achieve, under normal business conditions and in the event of stress or failure of the bank or of a service provider to the bank, the following outcomes (also known as ‘core’ functions): a) that the bank’s clearing and settlement obligations due on a day can be met on that day; b) that the bank’s financial risk positions on a day can be identified on that day; c) that the bank’s financial risk positions can be monitored and managed on the day following any failure and on subsequent days; and d) that the bank’s existing customers can be given access to payments facilities on the day following any failure and on subsequent days. In practice, in order to meet these requirements, a bank will need to establish an effective outsourcing risk management program that includes contingency arrangements for the provision of core functions (the policy refers to a requirement that core functions that are outsourced must be effectively substitutable by other functions that are not outsourced). The policy also notes that greater risk to a bank’s legal and practical ability to control and execute ‘non-core’ functions could be tolerated where a bank has established a credible internal process to manage the risks to its business associated with outsourcing arrangements. During 2015/16 the RBNZ reviewed the outsourcing policy for registered banks. The changes proposed represent a tightening of the policy including through clearer requirements for robust back-up capability for outsourced functions that are critical to the bank’s operations, and specification of certain terms and conditions that must be included in outsourcing agreements to ensure services provided continue in the event of bank failure or (where relevant) separation of the bank from its parent bank. The new policy will be finalized taking into account submissions received. Additional criteria

NEW ZEALAND 184 INTERNATIONAL MONETARY FUND AC1 The supervisor regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g., outsourcing of key operations by many banks to a common service provider or disruption to outsourcing providers of payment and settlement activities). Description and findings re AC1 The RBNZ regularly identifies common points of exposure or vulnerability to operational risk. Some examples from recent years are identified below:  The IT security thematic review noted in EC5 above.  Outsourcing stocktake 2014. This work identified several material functions that are delivered by common suppliers.  The RBNZ has a long-standing concern about intra-day settlement and operational risks in the retail payment system. These risks arise from the length of time it takes banks to settle retail payment transactions after a payment instruction has been issued, the consequent value of unsettled transactions at any point in time, and the fact that the majority of retail payments are settled late in the banking day.  In 2015 the RBNZ undertook work to explore the impacts of digitization or digital disruption of the banking industry with specific regard to banks as noted in EC5 above.  Banks accredited to use the Advanced Measurement Approach for operational risk capital generally rely to some extent on models built by parent banks. Certain adjustments to these models can be necessary to take account of New Zealand￾specific operational risk exposures. Assessment of Principle 25 Materially Noncompliant Comments Under the RBNZ’s supervisory approach, responsibility for effective risk management of registered banks rests primarily with bank directors and senior management. The RBNZ’s requirements for risk management (including operational risk management) therefore have a focus on director attestations and disclosure. The RBNZ’s supervisory assessments of operational risks identify prudential or compliance issues which are then addressed as appropriate. While off-site assessments take place regularly (the PRESS review), in practice the RBNZ is continuously assessing banks through disclosure statement reviews, risk reports received from the banks, and bank engagements. The RBNZ’s assessment of operational risk broadly captures those areas set out in the various Essential Criteria for Operational Risk. However, these assessments are limited in terms of scope, depth and level of scrutiny. Consequently, practices cannot be equated with ‘determinations’ as referred to in the Essential Criteria. The RBNZ does not conduct in-depth reviews to regularly determine that banks have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions, including prudent policies and processes to identify, assess, evaluate, monitor, report and control or

NEW ZEALAND INTERNATIONAL MONETARY FUND 185 mitigate operational risk on a timely basis. Other than on outsourcing, the RBNZ has not issued guidelines on operational risk. Principle 26 Internal control and audit. The supervisor determines that banks have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent66 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. Essential criteria EC1 Laws, regulations or the supervisor require banks to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the bank’s Board and/or senior management and deal with organizational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorized trading and computer intrusion). More specifically, these controls address: (a) organizational structure: definitions of duties and responsibilities, including clear delegation of authority (e.g., clear loan approval limits), decision-making policies and processes, separation of critical functions (e.g., business origination, payments, reconciliation, risk management, accounting, audit and compliance); (b) accounting policies and processes: reconciliation of accounts, control lists, information for management; (c) checks and balances (or “four eyes principle”): segregation of duties, cross￾checking, dual control of assets, double signatures; and (d) safeguarding assets and investments: including physical control and computer access. Description and findings re EC1 In general, the RBNZ Act and conditions of registrations, particularly BS14 on corporate governance, do not require explicitly the minimum requirements regarding internal control and audit mentioned in this EC1, other than separating the audit committee from the Board of the bank. This reflects RBNZ policy of not being prescriptive in on supervisory expectation. The RBNZ understand that directors’ attestations, as discussed in this report, provide the right set of incentive for the bank to develop a sound framework of internal control and audit, tailored to the needs and circumstances of the individual bank itself.

66 In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee.

NEW ZEALAND 186 INTERNATIONAL MONETARY FUND In particular, sections 131 to 138 of the Companies Act 1993 (Companies Act) set out the general responsibilities of the Board of Directors with respect to corporate governance principles. Section 74 of the RBNZ Act permits the RBNZ to impose conditions of registration that relate to, among other things, the matters referred to in the sections of the Act 73(2)(a) and (e) and 78(1)(e), (f) and (fa), which allow the RBNZ to impose requirements to address, among other things, matters on the incorporation and ownership structure of the bank; the suitability for their positions of the directors and senior managers of the bank; separation of the business carried on by the bank from other business and from other interests of any person owning or controlling the registered bank; the bank’s internal controls and accounting systems; and the bank’s risk management systems. BS14 is the RBNZ’s Corporate Governance policy. It notes that among the Board’s key responsibilities is to ensure the integrity of the bank’s financial controls, reporting systems and internal audit standards. It also requires that the Board collectively will, in practice, take decisions in the best interests of the bank, without undue influence from parties whose interests may diverge from those of the bank. OiCs issued under section 81 of the RBNZ Act require directors to make attestations in quarterly public disclosure statements, including an attestation that the bank has systems in place to monitor and control adequately the banking group’s material risks, including credit risk, interest rate risk, currency risk, equity risk, liquidity risk and other business risks, and that those systems are being properly applied. Section 95 of the RBNZ Act states that the RBNZ may, by notice in writing to a registered bank, require that the registered bank supply the RBNZ with a report, prepared by a person approved by the RBNZ, on the financial and accounting systems and controls of that registered bank. EC2 The supervisor determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisor also determines that the staff of the back office and control functions have sufficient expertise and authority within the organization (and, where appropriate, in the case of control functions, sufficient access to the bank’s Board) to be an effective check and balance to the business origination units. Description and findings re EC2 The RBNZ does not explicitly determine that there is an appropriate balance between the skills and resources of the back office and control functions relative to the front office business/origination. Through means of the directors’ attestations in quarterly public disclosure statements as discussed in this report, the RBNZ relies on Board and senior management to ensure the expectation on internal control mentioned in this EC2. These are to include an attestation that the bank has systems in place to monitor and control adequately the banking

NEW ZEALAND INTERNATIONAL MONETARY FUND 187 group’s material risks. Directors are responsible for ensuring that their bank has appropriate systems and controls, and that these are working effectively. The RBNZ discusses internal controls with banks at regular consultations. These discussions cover matters such as on the independence and credibility of the back office and control functions, the capability of these functions to provide sufficient monitoring and assurance, and whether their resourcing is commensurate with the risks to which the bank is exposed. EC3 The supervisor determines that banks have an adequately staffed, permanent and independent compliance function67 that assists senior management in managing effectively the compliance risks faced by the bank. The supervisor determines that staff within the compliance function is suitably trained, have relevant experience and have sufficient authority within the bank to perform their role effectively. The supervisor determines that the bank’s Board exercises oversight of the management of the compliance function. Description and findings re EC3 As it was the case in EC2, the RBNZ does not explicitly determine that banks comply with the expectations of their compliance function as stated in this EC3. The RBNZ’ supervisory model puts bank’s internal risk management and governance systems under the responsibility of bank’s Board and senior management. The RBNZ holds discussions with banks on the strength of their compliance functions. EC4 The supervisor determines that banks have an independent, permanent and effective internal audit function68 charged with: (a) assessing whether existing policies, processes and internal controls (including risk management, compliance and corporate governance processes) are effective, appropriate and remain sufficient for the bank’s business; and (b) ensuring that policies and processes are complied with. Description and findings re EC4 OiCs issued pursuant to section 81 of the RBNZ Act require directors to attest that the bank has systems in place to monitor and control adequately the banking group’s material risks and that those systems are being properly applied. The 17th Schedule of the OiC requires banks to publish in disclosure statements a statement as to whether the banking group has an internal audit function. RBNZ staff review the information relating to the audit function contained in quarterly disclosure statements. All banks report that they regularly review the operation of the audit function to ensure that it is assisting the Board in performing its responsibilities and that it has adequate resources.

67 The term “compliance function” does not necessarily denote an organizational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance that should be independent from business lines. 68 The term “internal audit function” does not necessarily denote an organizational unit. Some countries allow small banks to implement a system of independent reviews, e.g. conducted by external experts, of key internal controls as an alternative.

NEW ZEALAND 188 INTERNATIONAL MONETARY FUND The RBNZ staff meet with the internal auditor annually (for the 10 largest New Zealand incorporated banks). These meetings are comprehensive on the relevant topics regarding the internal audit function. In few cases, these discussions led to supervisory engagement with the Board of the bank or with senior management if the findings raised concerns about internal audit’s effectiveness. In the case of a small bank, for example, this engagement led to the bank hiring two accounting firms to carry out the internal audit of credit processes and Treasury respectively to support the in-house internal audit function. The RBNZ discusses the independence and effectiveness of the internal audit function with bank senior management, although directors are primarily responsible for ensuring that auditing arrangements are appropriate. The RBNZ also meets with independent directors of banks on the Board audit and risk committees. The RBNZ also conducts exit interviews with departing internal auditors. These discussions include the reasons for why the internal auditor is leaving, the challenges for their successor and their relationship with bank senior management. An example of such interview was provided to illustrate practice. EC5 The supervisor determines that the internal audit function: (a) has sufficient resources, and staff that are suitably trained and have relevant experience to understand and evaluate the business they are auditing; (b) has appropriate independence with reporting lines to the bank’s Board or to an audit committee of the Board, and has status within the bank to ensure that senior management reacts to and acts upon its recommendations; (c) is kept informed in a timely manner of any material changes made to the bank’s risk management strategy, policies or processes; (d) has full access to and communication with any member of staff as well as full access to records, files or data of the bank and its affiliates, whenever relevant to the performance of its duties; (e) employs a methodology that identifies the material risks run by the bank; (f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment and allocates its resources accordingly; and (g) has the authority to assess any outsourced functions. Description and findings re EC5 The RBNZ does not explicitly determine the characteristic of the internal audit function stated in EC5. Supervisory staff meets with internal auditors and makes judgements on the effectiveness of the function as discussed in EC4. These discussions include the level of experience and background of the internal auditor, as well as the level of resourcing for the function. The RBNZ reflects on the reporting lines of the internal audit function, and would raise concerns if it deemed the reporting line to be inappropriate. Assessment of Principle 26 Materially non-compliant

NEW ZEALAND INTERNATIONAL MONETARY FUND 189 Comments The RBNZ does not comply with most of the requirements of this Principle. As discussed in this report before, this is largely due to the RBNZ’s approach to supervision, where determining that bank’s internal risk management and governance systems are adequate for prudential reasons rests within the bank’s Board and senior management, based on the standards of BS14 and other legal dispositions. The role of the RBNZ consists of light￾handed monitoring based on bank senior management and directors’ regular consultations. The RBNZ should be conscious that an independent verification of internal controls is a critical area to ensure the soundness of individual institutions. Principle 27 Financial reporting and external audit. The supervisor determines that banks and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisor also determines that banks and parent companies of banking groups have adequate governance and oversight of the external audit function. Essential criteria EC1 The supervisor69 holds the bank’s Board and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally and that these are supported by recordkeeping systems in order to produce adequate and reliable data. Description and findings re EC1 There are financial reporting obligations in primary legislation (the Financial Markets Conduct Act 2013 – FMCA), for which the responsible body is the FMA, and there are disclosure requirements imposed by OiCs, a form of secondary legislation made under the RBNZ Act, for which the RBNZ is responsible. The supervisor for this assessment criterion includes both the FMA and the RBNZ. The FMA is the enforcing body for the FMCA, and the RBNZ is the enforcing body for its own disclosure requirements. The RBNZ’s disclosure requirements reinforce the responsibilities that FMCA imposes on the Board and management of registered banks for preparing full year financial statements in accordance with IFRS. In addition, RBNZ’s disclosure provisions also require the directors to attest that every disclosure statement (including that at the full year, which includes full year financial statements), is not false or misleading, and the RBNZ Act provides heavy penalties for false attestations. The RBNZ disclosure requirements also make the Board responsible for ensuring that the registered bank publishes interim financial statements that comply with NZ IAS 34 (the IFRS standard for interim financial reporting). The disclosure OiCs require every registered bank to publish a disclosure statement every quarter (more detail is provided in CP28).

69 In this Essential Criterion, the supervisor is not necessarily limited to the banking supervisor. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisors.

NEW ZEALAND 190 INTERNATIONAL MONETARY FUND The financial reporting obligations for registered banks are provided by the FMCA. A registered bank falls within the definition of “FMC reporting entity” in section 451 of FMCA, and as a result is subject to the financial reporting requirements of Part 7 of FMCA. These include that the registered bank must prepare annual financial statements in accordance with generally accepted accounting practice in New Zealand (‘NZ GAAP’), which means all accounting standards applicable in New Zealand. If the bank has one or more subsidiaries, annual financial statements must be prepared for the banking group (but not for the bank as a stand-alone legal entity). See s460 and s461 of FMCA. The New Zealand External Reporting Board (XRB) implements all standards and updates to standards issued by the IASB (IFRSs, IASs etc.) by issuing New Zealand equivalents. The XRB’s main principle is to act as a standard-taker rather than a standard-maker, so its practice is only to depart from word-for-word adoption of IFRSs in New Zealand in exceptional circumstances (i.e., when there is compelling reason to do so), and it clearly marks in NZ IFRSs where any such differences occur. In accordance with FMCA, all registered banks have higher public accountability and are therefore classified as ‘Tier 1 for-profit entities’ under this framework, and are therefore subject to the full version of NZ IFRSs. As noted on the IFRS website, “New Zealand has already adopted New Zealand equivalents to International Financial Reporting Standards (NZ-IFRS) for all for-profit entities that have public accountability (this includes all registered banks) and for all large for-profit public sector entities. NZ-IFRS are identical to IFRS as issued by the IASB with three additional New Zealand-specific standards.” Keeping proper accounting records is required under section 455 of FMCA. This also includes a legislative requirement for a registered bank to establish and maintain a satisfactory system of control of its accounting records. Section 458 of FMCA requires a registered bank to keep all accounting records for a period of at least seven years. Finally, section 459 of FMCA requires a registered bank to make the accounting records required under section 455 available for inspection to various persons including the FMA, and other persons legally authorized to inspect the accounting records of the bank. The directors’ attestation within the RBNZ disclosure regime also imposes a clear responsibility on directors, and on senior management who report to them, to ensure that the bank’s record-keeping systems support the preparation of financial statements in accordance with NZ IFRS. Finally, it is the responsibility of the external auditor, in carrying out their audit, to evaluate whether the banking group’s financial statements are prepared in accordance with the applicable financial reporting framework (see paragraphs 12 and 13 of auditing standard ISA (NZ) 700).

NEW ZEALAND INTERNATIONAL MONETARY FUND 191 EC2 The supervisor holds the bank’s Board and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. Description and findings re EC2 Section 461D of FMCA requires every registered bank to ensure that the annual financial statements required by sections 460 or 461 (see EC1 above) are audited by a qualified auditor. A “qualified auditor” is defined in section 461E of FMCA as a licensed auditor or a registered audit firm within the meaning of the Auditor Regulation Act 2011. Subsections 461E(4) and (5) of FMCA address independence, by preventing a person with various forms of connection to the bank from being a qualified auditor. The independence of the auditor is also ensured by professional ethical standards to which qualified auditors are subject. While the requirement to ensure that the financial statements are audited by a qualified auditor lies with the registered bank, section 534 of FMCA also ties this responsibility back to the directors, as it means (among other things) that if a bank is found to have contravened any of the requirements in section 460 (preparation of financial statements in accordance with GAAP) or 461D (financial statements to be audited by a qualified auditor) the directors of the bank must be regarded as having contravened the same provision for the purposes of the civil liability regime in the FMCA. However, civil liability does not automatically follow from contravention. Sections 499 to 501 of the FMCA provide some defenses for persons who are deemed to have contravened. Separately, both the bank and its directors commit a criminal offence where they knowingly fail to comply with accounting standards (as noted under EC1). Section 461F of FMCA requires that audits of registered bank financial statements required by s461D must be carried out in accordance with applicable auditing and assurance standards. Section 461G of FMCA further requires the auditor’s report resulting from the audit to comply with the requirements of all applicable auditing and assurance standards. “Applicable auditing and assurance standard” is defined in section 5(1) of the Financial Reporting Act 2013 as a standard issued by the XRB under section 12 of the FR Act, that applies to an audit in accordance with the standard. The XRB issues New Zealand versions of the International Standards on Auditing (ISAs) issued by the International Auditing and Assurance Standards Board (IAASB). As with the accounting standards, the XRB only makes changes to ISAs (NZ) compared to ISAs where there are compelling reasons to do so. Apart from cross-references being to other ISAs (NZ) rather than to ISAs, and commencement dates determined by the XRB, there are very few differences between ISAs and ISAs (NZ), and these have the effect of making them more conservative.

NEW ZEALAND 192 INTERNATIONAL MONETARY FUND There is a robust legal framework provided by FMCA, and the FMA is responsible for enforcing its requirements. The FMA is required to perform regular reviews of audit firms on their compliance with the Auditing and Assurance Standards issued by the XRB. These reviews include a review of the internal quality control system of the audit firm and a reasonable number of audit files. The selection of audit files includes the audits of banks. The RBNZ as prudential supervisor plays the following role in holding a bank’s Board and management responsible for ensuring that the bank’s annual financial statements carry an independent external auditor’s opinion as a result of an audit carried out in accordance with internationally recognized standards:  The disclosure OiCs require a full year disclosure statement to include an auditor’s report on the disclosure statement as a whole, which includes the financial statements prepared in accordance with NZ GAAP. The OiCs specify various matters that must be included in the auditor’s report (as set out in Schedule 1 of both the local and the branch OiC), but in particular it must include everything required by ISAs (NZ) in relation to the audit of the financial statements as such.  The director attestation requirement includes directors having to attest that the disclosure statement includes all the information required by the OiC, including the specified auditor’s report. Hence the RBNZ’s disclosure regime ensures, first, that the external auditor’s opinion on the financial statements is published, and second, that directors are responsible for ensuring that it is included in the full year disclosure statement. EC3 The supervisor determines that banks use valuation practices consistent with accounting standards widely accepted internationally. The supervisor also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that banks document any significant differences between the valuations used for financial reporting purposes and for regulatory purposes. Description and findings re EC3 The RBNZ’s supervisors do not carry out their own determination of the matters in this EC. The RBNZ relies on external auditors to find areas where valuation practices are inconsistent with accounting standards and directors’ attestations. Scarce supervisory resources limit RBNZ compliance with this assessment criterion. The RBNZ generally expects banks to use the financial reporting valuation of a financial instrument for regulatory purposes except in the very limited cases where regulatory requirements explicitly require otherwise. This is rooted in the RBNZ’s historical approach to supervision: until a few years ago, banks’ disclosure statements were the only regular source of prudential information on banks, so that key information on compliance with regulatory limits was provided in disclosure statements alongside financial statements. Although the RBNZ now receives more prudential information on a private basis (for instance, more frequent data on asset quality), it remains the case that quarterly disclosure statements anchor the figures provided privately to the accounting valuations.

NEW ZEALAND INTERNATIONAL MONETARY FUND 193 The main area where there is some divergence is in the definition of regulatory capital, where for instance ‘total equity’ on the accounting balance sheet is often different from regulatory ‘common equity tier 1 capital’, because of certain regulatory deductions and other adjustments under the Basel framework. Banks’ Pillar 3 disclosure of capital adequacy is included in their quarterly financial statements along with their financial statements, and the full year financial statements generally provide a sufficiently detailed breakdown of accounting equity and capital liabilities on the balance sheet to enable the reader to reconcile the figures with the components of regulatory capital. This provides a public record of the main area of significant difference between financial reporting and regulatory valuations. On the question of fair value estimation, the auditor would not be able to give the required “true and fair view” opinion on the annual financial statements if he or she did not obtain sufficient evidence that the banks’ fair value methods or estimates are aligned with the requirements of the relevant accounting standards (see ISA (NZ) 540, on “Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures”). It is worth noting that New Zealand banks report immaterial amounts of fair value assets and liabilities in the Level 3 category (those with valuation based significantly on unobservable inputs): for the 2014/2015 financial year, the total was $2 million across the large banks. EC4 Laws or regulations set, or the supervisor has the power to establish the scope of external audits of banks and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. Description and findings re EC4 As discussed under EC2 above, audits of banks’ financial statements must be carried out in accordance with New Zealand equivalents of ISAs issued by the IAASB. Collectively, these set the scope of the audit, the standards to be followed, and establish a risk and materiality based approach for the conduct of the audit. ISA (NZ) 200 ‘Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (New Zealand)’ sets the high level scope of external audits of banks. The ISAs (NZ) make it clear that the auditor must use an approach based on materiality (see ISA (NZ) 200 and ISA (NZ) 320 ‘Materiality in Planning and Performing an Audit’. ISAs (NZ) also require a risk-based approach in general, and specifically ISA (NZ) 315 ‘Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment’ provides comprehensive requirements and guidance on how the auditor should identify and assess audit risk. Separately, as noted in EC1 of CP28 under the heading of “reliability,” the RBNZ requires auditors to give opinions on the supplementary information that banks publish in their full-year disclosure statements on top of that required for the financial statements.

NEW ZEALAND 194 INTERNATIONAL MONETARY FUND EC5 Supervisory guidelines or local auditing standards determine that audits cover areas such as the loan portfolio, loan loss provisions, nonperforming assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. Description and findings re EC5 As explained under EC2 above, local auditing standards applying to banks are New Zealand equivalents to International Standards on Auditing (ISAs (NZ)). As explained under EC4, under ISAs (NZ) the overarching objective of an audit is to enable the auditor to give a view on whether financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework, which for New Zealand banks means NZ IFRSs. EC6 The supervisor has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. Description and findings re EC6 The RBNZ does not have this power. Although the RBNZ can require a bank to remove or replace its auditor under s113A(f) of the RBNZ Act, the grounds for doing so relate only to the situation of the bank, not to any consideration of the competence of the auditor. As explained under EC2 above, FMCA requires every registered bank to ensure that its annual financial statements are audited by a qualified auditor, where a ‘qualified auditor’ is defined as a licensed auditor or a registered audit firm within the meaning of the Auditor Regulation Act 2011 (AR Act). The AR Act has a delegated authority model: it gives the FMA the power to accredit any person that can provide effective audit regulatory systems and meets certain other criteria in the Act. Currently, NZICA and CPA Australia are “accredited bodies” under the Act, and in that role they are responsible for issuing licenses to their members. Given this framework for regulation of auditors, if the RBNZ was concerned about the quality of work carried out by an external auditor or potential conflicts of interest in their audit, or suspected that they were not following professional standards, it would raise concerns with the auditor and/or the bank in question. If the concerns were not addressed, or if they were serious enough in the first place, the RBNZ would indicate its concerns to the accredited body and the FMA, being responsible for disciplinary matters. Disciplinary powers available to accredited bodies and the FMA under the AR Act include the ability to cancel or suspend an auditor’s license. In that case, a bank would no longer be able to use that auditor to audit its financial statements, given section 461D of FMCA (see response to EC2 above). Further, the FMA has the power to issue directions to registered audit firms following an audit quality review. Audit firms are required to follow these directions. Also, as noted under EC1, the FMA is the enforcing body for the FMCA. In particular, the FMA may issue a direction order under section 468 of the FMCA if it is satisfied that a

NEW ZEALAND INTERNATIONAL MONETARY FUND 195 person has contravened or is likely to contravene a ‘Part 7 financial reporting provision’ of the FMCA. Therefore, if a registered bank were to propose to use an auditor who did not meet the expectations of being “qualified” or of carrying out an audit in accordance with applicable auditing and assurance standards, by virtue of lack of experience, expertise, conflict of interest or other professional standards required, then the FMA could (following the process in section 475 of the FMCA) direct the bank not to use that auditor, or to use some other auditor that does meet the requirements. EC7 The supervisor determines that banks rotate their external auditors (either the firm or individuals within the firm) from time to time. Description and findings re EC7 Auditors of FMC reporting entities are required to comply with the following rotation rules:  The XRB has issued Professional and Ethical Standard (PES) 1 'Code of Ethics for Assurance Practitioners', which is based on the corresponding international standard and has the status of a regulation in New Zealand. Paragraphs 290.148 to 290.153 of this Standard cover ‘Long Association of Senior Personnel (Including Partner Rotation) with an Audit or Review Client’. This includes the specific requirement that, in respect of an audit of a public interest entity, an individual shall not be a key audit partner for more than seven years, and after standing down, must not resume that role for at least two years. All registered banks qualify as ‘public interest entities.’  The required rotation period is shorter for banks that are listed entities. Listed entities are subject to the listing rules of the New Zealand stock exchange (NZX): section 3.6 of the rules requires each issuer to establish an Audit Committee, and the required duties of the Audit Committee include ensuring that the external auditor or lead audit partner is changed at least every five years (see paragraph 3.6.3(f)). But note that not many locally incorporated banks are listed: only one (Heartland) has listed equity, while a few others have some listed debt issues. EC8 The supervisor meets periodically with external audit firms to discuss issues of common interest relating to bank operations. Description and findings re EC8 The banking supervisor for each of the 10 biggest locally incorporated banks meets annually with the audit partner responsible for the external audit of the bank. Valuation practices are not covered as one of the specific agenda items for these meetings. EC9 The supervisor requires the external auditor, directly or through the bank, to report to the supervisor matters of material significance, for example failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the bank’s financial reporting process or other matters that they believe are likely to be of material significance to the functions of the supervisor. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. Description and findings re EC9 Under section 96 of the RBNZ Act, the auditor of a registered bank is required to disclose to the RBNZ, after informing the registered bank of an intention to do so, information relating to the affairs of that registered bank obtained in the course of holding office as

NEW ZEALAND 196 INTERNATIONAL MONETARY FUND an auditor if, in the auditor's opinion, the information indicates that the bank is insolvent or in serious financial difficulties, or if the information is likely to assist, or be relevant to, the RBNZ in the exercise of its supervisory responsibilities. While this wording does not match exactly that in EC9, the RBNZ believes that this amounts to a broadly similar test of when the auditor is expected to bring matters to its attention. Section 98 protects an auditor from any civil, criminal or disciplinary proceedings brought against the auditor arising from the disclosure, in good faith, of any such information to the RBNZ. In addition, under section 461G of the FMCA, if the auditor’s report on a bank’s financial statements indicates that it has not complied with Part 7 of the FMCA (which imposes annual financial reporting obligations in accordance with GAAP), the auditor must within seven days of signing the report send a copy of it, and of the financial statements, to the FMA and the XRB.70 Additional criteria AC1 The supervisor has the power to access external auditors’ working papers, where necessary. Description and findings re AC1 The RBNZ does not have the power to obtain working papers from the external auditor itself. The FMA has wide ranging powers to obtain information under section 25 of the Financial Markets Authority Act 2011, which include powers to require production of working documents and to require auditors to attend interviews if necessary. In addition, under section 52 of the FMA Act, the FMA may authorize a suitable qualified or trained person to exercise the FMA’s power to obtain information as discussed before. However, this power is rarely used to authorize another regulatory agency to require the supply of information under section 25 directly. The standard practice is that the FMA uses the power under section 25 to obtain documents and information itself, and shares these with other regulatory agencies to the extent permitted by section 30 of the FMA Act. Assessment of Principle 27 Largely compliant Comments The New Zealand legal framework ensures that the financial statements of every bank are prepared in accordance with New Zealand equivalents to internationally recognized accounting standards (NZ IFRSs), and are audited by a qualified external auditor in accordance with auditing standards applicable in New Zealand that are equivalent to internationally recognized auditing standards (ISAs). The Auditor Regulation Act 2011 promotes the expertise and integrity of auditors. The same Act provides powers to remediate audits that are deficient.

70 The reference in s461G to ‘supervisor’ is to a supervisor of an issue of debt securities or of a managed fund under FMCA, not to the banking supervisor.

NEW ZEALAND INTERNATIONAL MONETARY FUND 197 However, the RBNZ does not itself determine that banks use valuation practices consistent with IFRSs (see EC3). It relies on the external auditing process and director attestations to deliver this prudential outcome. The RBNZ believes it is more appropriate and efficient for those with the relevant expertise to fulfil their responsibilities, than for the RBNZ to duplicate their efforts.

The RBNZ meets annually with the external auditor of the 10 largest locally incorporated banks. However, the standard agenda for these meetings with external auditors does not cover valuation practices, an area specifically trusted to external auditors (EC8). Valuation practices would only be discussed on an exceptions basis, under the agenda item “issues identified during the most recent financial year”. Other areas of supervisory responsibility delegated to external auditors are normally not covered in these meetings either. Principle 28 Disclosure and transparency. The supervisor determines that banks and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. Essential criteria EC1 Laws, regulations or the supervisor require periodic public disclosures71 of information by banks on a consolidated and, where appropriate, solo basis that adequately reflect the bank’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. Description and findings re EC1 All registered banks operating in New Zealand are required to publish regular disclosure statements. These disclosure requirements are set out in OiCs, but are administered by the RBNZ. Separate requirements apply to New Zealand incorporated banks and to overseas incorporated banks. All banks are currently required to publish disclosure statements on a quarterly basis. The disclosure statement for the bank's full financial year contains more comprehensive information than those for the half year and ‘off-quarters’ (i.e., the first three months and first nine months of its financial year). The RBNZ recently conducted a stocktake of the prudential requirements for banks and NBDTs. One of the outcomes of this is a proposal to enhance disclosure with a new quarterly “Dashboard” of key financial information on all locally-incorporated banks. The RBNZ is still evaluating proposals related to these issues. Detailed information on the Stocktake and the proposed Dashboard approach is available on the consultations and policy initiatives section of the RBNZ’s website. The starting point for the content of the disclosure statements is financial statements, following standard IFRS requirements for the full year statements and using interim financial reporting standards (NZ IAS 34) for the half-year and off-quarter (CP27 discusses the financial reporting background in New Zealand). The OiCs require substantial

71 For the purposes of this Essential Criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisor.

NEW ZEALAND 198 INTERNATIONAL MONETARY FUND supplemental information not required by IFRS, including the bank’s capital adequacy position. Additional background on the disclosure requirements is provided in BS7A: Registered Bank Disclosure Regime: Explanatory information on Orders-in-Council. Comparability: as described in BS7A, banks have significant discretion and, generally speaking, banks are permitted to present their disclosure data in the format they most deem appropriate. The definitions in disclosure statements reference a mix of financial statement definitions and capital adequacy definitions. Broad comparability of the underlying concepts (asset impairment etc.) is ensured by the link to financial reporting standards (NZ IFRSs). Capital adequacy definitions are more standardized (as prescribed in BS2A and BS2B) and enable good comparability. In order to facilitate comparison across banks, the RBNZ also prepares its own summaries of key publicly disclosed information and presents this on its website. As discussed above, as an outcome of its recent Regulatory Stocktake, the RBNZ is currently evaluating several different proposals to further enhance the clarity, consistency and efficiency of public disclosure. Relevance: the RBNZ has conducted several reviews (including a major review in 2011 and the Regulatory Stocktake in 2015) and regularly engages with stakeholders (through public consultation and targeted conversations with key users- e.g., Rating agencies) in order to ensure the ongoing relevance of its disclosure information to users. The RBNZ has deliberately chosen not to impose a materiality threshold on the information in disclosure statements. Timeliness: disclosure statements for the full financial year must be published within three months of the year-end. Disclosure statements for the half-year must generally be published within two months of that date. Disclosure statements in respect of the first and third quarters of a bank's financial year must generally be available within two months of the end of those quarters. Reliability: a bank's disclosure statement is required to contain certain statements signed by each Director of the bank and, in the case of a bank incorporated overseas, the bank’s New Zealand chief executive officer. These must state: whether the bank has systems in place to monitor and control adequately the banking group's material risks and whether those systems are being properly applied; whether the bank has complied with its conditions of registration over the period covered by the disclosure statement; whether the banking group's loans to connected persons are contrary to the interests of the banking group; and that the information contained in the disclosure statement is not false or misleading. Directors and, in the case of a bank incorporated overseas, the New Zealand chief executive officer, face criminal and civil penalties under the RBNZ of New Zealand Act if information contained in a disclosure statement is found to be false or misleading. Where the RBNZ believes that a disclosure statement is false or misleading, it requires a bank to

NEW ZEALAND INTERNATIONAL MONETARY FUND 199 publish corrections to the disclosure statement or publish a new disclosure statement. The financial statements included in a bank's disclosure statement for the end of year is subject to a full audit (see CP27), and the interim financial statements at the half year are subject to review by an external auditor. Solo vs. Consolidated: while the RBNZ privately collects “solo” information for its prudential regulatory purposes, the public disclosure is focused on the “New Zealand Banking Group.” This is the same group used for reporting for the purposes of the Financial Reporting Act 2013 and the Financial Markets Conduct Act 2013, except where the RBNZ has specified (by notice in writing to the bank) a different group. The RBNZ also requires a small number of disclosures on the ‘solo’ entity rather than the group. For example, locally incorporated banks are also required to disclose solo capital ratios in their full and half-year disclosure statements. Those ratios are required alongside group capital ratios and extensive other details on the group capital adequacy position. EC2 The supervisor determines that the required disclosures include both qualitative and quantitative information on a bank’s financial performance, financial position, risk management strategies and practices, risk exposures, aggregate exposures to related parties, transactions with related parties, accounting policies, and basic business, management, governance and remuneration. The scope and content of information provided and the level of disaggregation and detail is commensurate with the risk profile and systemic importance of the bank. Description and findings re EC2 The required disclosures include both qualitative and quantitative information on each of the topics mentioned above. “Subpart 2 – Content of Disclosure Statements” (in both the OiCs for New Zealand incorporated banks and overseas incorporated banks) shows the relevant schedules that must be prepared for each period, and the information that is covered. New Zealand financial reporting standards (NZ IFRS) require that the relevant financial statements have extensive information on most of the headings referenced for EC2. The RBNZ’s additional requirements supplement these disclosures, particularly with regard to capital and asset quality reporting fit for the New Zealand regulatory system. For branches, the RBNZ does not require any supplementary related party exposure information, though disclosure is still required under IAS 24. On the issue of remuneration, the RBNZ does not have supplemental disclosure requirements regarding remuneration. The remuneration disclosures are only those required in s211 of the Companies Act of 1993. The requirements in that Act are that information on remuneration be prepared in each company’s annual reports unless shareholders who together hold at least 95 percent of the voting shares agree that the report need not do so.

NEW ZEALAND 200 INTERNATIONAL MONETARY FUND Both locally incorporated and overseas incorporated banks are required to prepare disclosure statements. Branch disclosure varies somewhat and is not as extensive as for locally incorporated banks, owing to the risk-based approach and the low systemic importance of branches. The reporting requirements for those banks using Internal Ratings Based (IRB) approach to capital adequacy (which are the four major New Zealand banks), are more extensive than those for smaller banks in respect of capital adequacy. EC3 Laws, regulations or the supervisor require banks to disclose all material entities in the group structure. Description and findings re EC3 The New Zealand financial statement requirements ensure that group structure is clearly presented in annual financial statements. NZ IFRS 10 requires an entity that is a parent to present consolidated financial statements. NZ IFRS 12 requires an entity to disclose information that enables users of financial statements to evaluate:  the nature of, and risks associated with, its interests in other entities; and  the effects of those interests on its financial position, financial performance and cash flows. Application guidance in NZ IFRS 12 make it clear that in practice this means that all material entities must be disclosed (including special purpose entities). The RBNZ’s supplemental requirements ask registered banks to provide details on their ownership structure (details of ultimate parent bank and ultimate holding company and interests in 5 percent of more of voting securities of the registered bank), priority of creditor’s claims, plus details on any guarantees or cross guarantees. The details are generally required on a quarterly basis, with details on the parent or ultimate holding company required in the half year or off quarters only if there have been changes.

Most of the detailed supplemental requirements are in respect of the “Banking Group,” with some exceptions. A banking group is generally made up of the bank and any companies controlled by it. A bank that is incorporated overseas and operates a branch in New Zealand (rather than as a separate company) is required to disclose information both for the New Zealand branch and for the overseas bank of which it is part. EC4 The supervisor or another government agency effectively reviews and enforces compliance with disclosure standards. Description and findings re EC4 On a quarterly basis, each supervisor makes an attestation to his/her Manager, stating that the disclosure statement materially contains the information required by the relevant OiC; does not have any material errors or omissions; and is materially in the form required by the relevant OiC.

NEW ZEALAND INTERNATIONAL MONETARY FUND 201 When supervisors discover elements of disclosure statements that are missing, they notify the banks. Supervisors regularly request that banks correct and republish corrected versions of their disclosure statements on their websites. Likewise, supervisors take action when they believe information may be false, or of concern in any other way. EC5 The supervisor or other relevant bodies regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of banks’ operations (balance sheet structure, capital ratios, income earning capacity, and risk profiles). Description and findings re EC5 The RBNZ publishes a number of aggregate and bank specific statistical reports that facilitate public understanding of the banking system and support market discipline. A list of the RBNZ’s main statistical publications is available under the heading “registered banks” on the main statistics page of the RBNZ’s website. Most of the statistics are aggregates, presented on a monthly or quarterly basis. These aggregates are published relatively quickly, usually within a month or so of the date of the information. The RBNZ also publishes individual bank data, though with a somewhat longer lag time. In these reports, the RBNZ aims to facilitate comparison of banks on a range of metrics (including profitability, credit ratings, capital ratios, balance sheet structure and asset quality), based on information in public disclosure statements:  Bank-specific information for New Zealand incorporated banks  Bank-specific information for overseas branches The RBNZ also publishes balance sheet aggregates based on the information in public disclosure statements.

In addition, the RBNZ publishes information and commentary on the overall banking system in its semi-annual Financial Stability Report. This report contains a number of important charts and discussions about bank capital, asset quality and liquidity. The RBNZ also presents this report throughout the country and engages in discussions with a broad range of stakeholders about its findings. As part of its macroprudential monitoring, the bank also publishes a quarterly chartpack, which presents key macroprudential indicators. Additional criteria AC1 The disclosure requirements imposed promote disclosure of information that will help in understanding a bank’s risk exposures during a financial reporting period, for example on average exposures or turnover during the reporting period. Description and findings re AC1 Most of the reporting on risk exposures is on the basis of exposures at the end of the period. However, for a few key items, banks must disclose both the end-period amount

NEW ZEALAND 202 INTERNATIONAL MONETARY FUND and the peak end-of-day exposure during the period. This applies, (1) to market risk exposures, (2) related party exposures, and (3) individual credit concentration. Assessment of Principle 28 Compliant Comments The RBNZ is committed to achieving high-quality public disclosure by banks in line with international standards and practices. New Zealand has comprehensive financial reporting requirements, which the RBNZ supplements in various ways, particularly in regards to capital and asset quality. The RBNZ is actively engaged to achieve disclosure requirements that best meet the needs of users. Within these efforts, the RBNZ is encouraged to assess effectively whether public disclosure meets the actual needs of the users as a means to enable them to exercise market discipline. The RBNZ is also encouraged to complement disclosure requirements with information on remuneration as discussed under EC2. Principle 29 Abuse of financial services. The supervisor determines that banks have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities.72 Essential criteria EC1 Laws or regulations establish the duties, responsibilities and powers of the supervisor related to the supervision of banks’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. Description and findings re EC1 In June 30, 2013 the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act) came into force. Section 130 1 (a) of the AML/CFT Act and related regulations establish the duties, responsibilities and powers of RBNZ as an AML/CFT supervisor of banks (along with all NDBT and life insurers). This includes the 24 registered banks for compliance with the Act. The RBNZ’s functions as an AML/CFT supervisor are set out in section 131, which include: monitor and assess the level of ML/TF risk; monitor banks’ compliance with this Act and regulations, and for this purpose to develop and implement a supervisory program; enforce compliance with this Act and regulations; and co-operate with domestic and international counterparts to ensure the consistent, effective, and efficient implementation of this Act. Section 132 of the Act provides the RBNZ all the powers necessary to carry out its functions under this Act. These include: on notice, to have access to all records,

72 The Committee is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the context of this Principle, “the supervisor” might refer to such other authorities, in particular in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the criteria mentioned in this Principle.

NEW ZEALAND INTERNATIONAL MONETARY FUND 203 documents or information relevant to its supervision and monitoring of reporting entities for compliance with this Act; conduct on-site inspections in accordance with section 133; provide guidance to assist reporting banks in their compliance with the Act; co-operate and share information with overseas counterparts. The scope of the “criminal activities” that banks must be vigilant towards, and report suspicious transactions on, are outlined in section 40 of the Act which states: if a person conducts or seeks to conduct a transaction through a reporting entity that the reporting entity has reasonable grounds to suspect is or may be relevant to the investigation or prosecution of any person for a money laundering offence or other criminal activities (as described in section 40), the reporting entity must report a suspicious transaction report. EC2 The supervisor determines that banks have adequate policies and processes that promote high ethical and professional standards and prevent the bank from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. Description and findings re EC2 The RBNZ conducts a mixture of on-site inspections, desk-based reviews and thematic reviews on its banks to determine that the regulatory and legislative framework is in place. The RBNZ has developed an AML Supervision Manual that outlines how to conduct supervision which is being adapted as the RBNZ gains in experience. Since June 30, 2013, when the Act came into force, the RBNZ has conducted 31 on-site inspections of the 25 registered banks. Every entity has to produce an annual report for AML/CFT purposes. These reports are one of the bases for the RBNZ to determine the higher risk entities. Size is considered along with other related risk factors, such as customers, products and jurisdictions, when assessing this risk. The riskier banks, due to their size, products and systemic importance, would receive on-site visits every year or 18 months. The capacity of the RBNZ dedicated team is such that they should be able to visit at least 20 entities per year. The scope of the on-site visits is tailored to the riskier areas detected in each bank. Follow-up on-site visits can also be determined. Desk-based work and thematic reviews complement individual institutions’ risk based on-site inspections and guide the inspection program. On 27 June 2016, the RBNZ published an updated version of the Banking Supervision Handbook document Guidelines on Anti-Money Laundering and Countering Financing of Terrorism (BS5). EC3 In addition to reporting to the financial intelligence unit or other designated authorities, banks report to the banking supervisor suspicious activities and incidents of fraud when such activities/incidents are material to the safety, soundness or reputation of the bank.73

73 Consistent with international standards, banks are to report suspicious activities involving cases of potential money laundering and the financing of terrorism to the relevant national center, established either as an independent governmental authority or within an existing authority or authorities that serves as an FIU.

NEW ZEALAND 204 INTERNATIONAL MONETARY FUND Description and findings re EC3 Section 40 of the Act requires banks to report suspicious transactions to the Financial Intelligence Unit (FIU). There is no legislative requirement to report suspicious activities and incidents of fraud to the RBNZ. The FIU may share information with the RBNZ as the banks’ AML supervisor. The RBNZ indicates that as a matter of course PSD receives operational risk reports from banks on a regular basis that report on fraud and financial crime. EC4 If the supervisor becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisor, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. Description and findings re EC4 Section 139 of the Act enables an AML/CFT supervisor to disclose any information (which may include suspicious transaction information) to any government agency (which includes NZ Police and the FIU for law enforcement purposes. The RBNZ meets regularly with the two other AML supervisors (the Department of Internal Affairs and FMA) and the FIU at the AML/CFT Supervisors Forum to share operational information. To date, the RBNZ has not taken action (other than supervisory feedback responses and actions as the issue have not met the material issue threshold or similar) in relation to non-reporting of suspicious transactions by a bank. EC5 The supervisor determines that banks establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisor also determines that such policies and processes are integrated into the bank’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management program, on a group-wide basis, has as its essential elements: (a) a customer acceptance policy that identifies business relationships that the bank will not accept based on identified risks; (b) a customer identification, verification and due diligence program on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; (c) policies and processes to monitor and recognise unusual or potentially suspicious transactions; (d) enhanced due diligence on high-risk accounts (e.g., escalation to the bank’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk);

NEW ZEALAND INTERNATIONAL MONETARY FUND 205 (e) enhanced due diligence on politically exposed persons (including, among other things, escalation to the bank’s senior management level of decisions on entering into business relationships with these persons); and (f) clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five-year retention period. Description and findings re EC5 Customer due diligence (CDD) is a key core component of an AML/CFT program. As a matter of course, the RBNZ reviews its reporting entities’ CDD and enhanced CDD (EDD) procedures, policies and controls when conducting on-site inspections or desk based reviews. In respect of “(a)-(f)” above: (a) Section 58 requires each reporting entity to undertake an assessment of the AML/CFT risk that it may reasonably expect to face before conducting CDD or establishing an AML/CFT program. As part of this assessment of risk, customer type is considered, with some types presenting a higher inherent risk. For instance, the RBNZ regularly sees statements in programs that a particular customer segment (e.g., shell banks) will not be accepted as customers. (b) Section 31 requires each reporting entity to conduct CDD on an ongoing basis. When conducting ongoing CDD, each reporting entity must have regard to the type of customer due diligence conducted when the business relationship with the customer was established and the level of risk involved (section31(4)). CDD in the Act includes verification of beneficial ownership (sections 11(1)(b), 16(1)(b) and 24(1)(a)), obtaining information on the nature and purpose of the proposed business relationship (section 17) and obtaining sufficient information to determine whether the customer should be subject to EDD (section 17). (c) Section 31 requires each reporting entity to undertake account monitoring in order to identify any grounds for reporting a suspicious transaction. The account monitoring, depending on the level of risk involved, must regularly review the customer’s account activity and transaction behavior. Section 57(c) & (d) require each reporting entities program to include adequate and effective procedures, policies, and controls for account monitoring and reporting suspicious transactions. (d) Section 22(1)(d) requires each reporting entity to conduct EDD when the level of risk involved deserves particular situation. Section 22 requires banks to conduct EDD in particular high risk accounts. (e) Politically exposed people (PEP) are high risk customers. Section 26 of the Act requires reporting entities to take reasonable steps to determine whether the customer or any beneficial owner is a politically exposed person. If so, senior management approval is required to continue the business relationship. There are additional requirements under Section 26 (2) (b) on the reporting entity to obtain information about the source of wealth or funds of the customer or beneficial owner, who is identified as a PEP, and take reasonable steps to verify the source.

NEW ZEALAND 206 INTERNATIONAL MONETARY FUND (f) Sections 49 - 54 of the Act outline the obligation of reporting entities to keep transaction, identity, verification, and program records. The retention of records is required for 5 years after the completion of a transaction and 5 years (for identity and verification records) after the end of the business relationship or the completion of the occasional wire transfer. These sections also outline how the records are to be kept, when records need not be kept and also the destruction of records. RBNZ considers that local banks compliance with CDD requirements is generally good. Compliance rates have tended to fluctuate from bank to bank due in part to the Act only being in force for three years. RBNZ has conducted AML/CFT on-site visits of all of its registered banks, and a number of inherently higher risk banks have received more than two on-site visits. The RBNZ considers CDD compliance a core AML/CFT obligation and is a topic reviewed (through discussions and sample reviews) during the visits. The RBNZ is satisfied with its level of understanding of the level of CDD compliance. EC6 The supervisor determines that banks have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include: (a) gathering sufficient information about their respondent banks to understand fully the nature of their business and customer base, and how they are supervised; and (b) not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. Description and findings re EC6 Section 29 of the AML/CFT Act requires a financial institution that has or proposed to have a correspondent relationship with a respondent financial institution to conduct enhanced customer due diligence on that respondent financial institution. Section 29(2) outlines the enhanced customer due diligence that is required, including gathering information to fully understand the nature of the respondent’s business, assessing the respondent’s AML/CFT controls, and have approval from its senior management before establishing a new correspondent banking relations, among others. Section 37 of the AML/CFT Act states that if customer due diligence is unable to be conducted in accordance with the Act (i.e., cannot satisfy itself of the requirements in section 29(2)(a)-(g)) the reporting entity must not establish a business relationship with the customer or terminate any existing business relationship with the customer. Section 39 of the AML/CFT Act requires reporting entities not to establish or continue a business relationship with or allow an occasional transaction to be conducted through it by a shell bank, or a financial institution that has a correspondent banking relationship with a shell bank. The RBNZ assesses the requirements of sections 29 and 37 when conducting on-site supervisory interactions with banks that have, or may have correspondent banking

NEW ZEALAND INTERNATIONAL MONETARY FUND 207 relationships. RBNZ’s attention to corresponding banking is commensurate to the less intense risk that these activities have in New Zealand. Supervisory work is primarily focused on a risk-based approach – including looking at CDD activities. In the area of correspondent banking relationships, the onus is mostly placed on the banks themselves to conduct proper due-diligence of their corresponding banks. The revision of procedures, or lack thereof, would trigger a more intense scrutiny by the RBNZ. EC7 The supervisor determines that banks have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism. Description and findings re EC7 Section 57 of the Act requires banks to have adequate and effective procedures, policies and controls for conducting customer due diligence, account monitoring and reporting suspicious transactions among other requirements. The adequacy and/or effectiveness of those procedures, policies and processes are considered in every AML supervisory interaction with banks and its on-site reviews. The RBNZ takes a measured and considered response when it identifies banks that do not have sufficient controls and systems in place and identify material non-compliance with the Act, such as the public and private warnings that the RBNZ offered to illustrate practice. Banks undertook remedial measures as a result of the non-public and public warnings. EC8 The supervisor has adequate powers to take action against a bank that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. Description and findings re EC8 The AML/CFT Act provides for both criminal and civil liability for a bank that does not comply with its obligations related to relevant laws and regulations regarding certain criminal activities. In respect of civil liability, the RBNZ has powers under section 79 of the AML/CFT Act, to issue formal warnings, accept enforceable undertakings, seek injunctions from the High Court and apply to the court for a pecuniary penalty. Sections 92-112 of the Act provides offences for non-compliance with AML/CFT requirements. The RBNZ also indicates that lack of compliance with its obligations, may impact on a bank’s registration. The RBNZ has the authority to withdraw, restrict, or suspend a financial institutions registration through the RBNZ Act, under the power in s78, rather than the AML/CFT Act 2009. Thereby, the RBNZ can recommend to the Minister that the bank’s registration be cancelled (via s77(2)(f)), or to give the bank directions under s113(1)(e) (subject to the Minister’s consent). The scope of directions provide by s113A is wide-ranging and allows various forms of restriction on a bank’s business, going as far as effectively requiring it to suspend its operations. The Reserve Bank document “Guidelines on Anti-Money Laundering and Countering Financing of Terrorism” (BS5) provides an explicit link between the AML/CFT Act and the Reserve Bank Act, by making it clear that the Reserve Bank expects a registered bank’s AML/CFT “policies, systems and procedures” to comply with the AML/CFT Act and related regulations. BS5 also provides further detail on the legal framework summarized here.

NEW ZEALAND 208 INTERNATIONAL MONETARY FUND EC9 The supervisor determines that banks have: (a) requirements for internal audit and/or external experts74 to independently evaluate the relevant risk management policies, processes and controls. The supervisor has access to their reports; (b) established policies and processes to designate compliance officers at the banks’ management level, and appoint a relevant dedicated officer to whom potential abuses of the banks’ financial services (including suspicious transactions) are reported; (c) adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and (d) ongoing training programs for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities. Description and findings re EC9 When assessing banks for compliance with the AML/CFT Act, the RBNZ considers the minimum requirements as outlined in sections 59, 56, and 57 respectively that cover those related in (a)–(d) above. (a) Section 59 requires each reporting entity to have its risk assessment and AML/CFT program audited every 2 years by an independent and appropriately qualified person. Section 59(7) states that a reporting entity must provide a copy of any audit to its AML/CFT supervisor on request. The RBNZ requests a reporting entity’s audit report when conducting on-site inspections or desk based reviews of a reporting entity. (b) Section 56 requires each reporting entity to designate an employee as an AML/CFT compliance officer to administer and maintain its AML/CFT program. The AML/CFT compliance officer must report to a senior manager of the reporting entity. The RBNZ considers the structural arrangements and reporting requirements when conducting on-site inspections or desk-based reviews of a reporting entity. (c) Section 57 requires each reporting entity to have a program that includes adequate and effective procedures, policies, and controls for vetting. The RBNZ considers the vetting of staff when conducting on-site inspections or desk-based reviews of a reporting entity. (d) Section 57 requires each reporting entity to have a program that includes adequate and effective procedures, policies, and controls for training on AML matters for senior managers, the AML/CFT compliance officer and any other employee that is engaged in AML/CFT related duties. The RBNZ considers the training material content, frequency of training and testing of staff when conducting on-site inspections or desk-based reviews of a reporting entity.

74 These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions.

NEW ZEALAND INTERNATIONAL MONETARY FUND 209 EC10 The supervisor determines that banks have and follow clear policies and processes for staff to report any problems related to the abuse of the banks’ financial services to either local management or the relevant dedicated officer or to both. The supervisor also determines that banks have and utilize adequate management information systems to provide the banks’ Boards, management and the dedicated officers with timely and appropriate information on such activities. Description and findings re EC10 Section 57 of the AML/CFT Act requires each reporting entity to have an AML/CFT program with adequate and effective, procedures, policies and controls for complying with customer due diligence requirements (including account monitoring) (section 57(c)) and reporting suspicious transactions (section 57(d)). The RBNZ, as a matter of course, reviews the identification of unusual transactions, the investigation of those transactions, and the reporting to and by the AML/CFT compliance officer when conducting on-site inspections or desk-based reviews of a reporting entity. Section 57 requires each reporting entity to have an AML/CFT program with adequate and effective, procedures, policies and controls for monitoring and managing compliance with, and the internal communication of and training in, those procedures, policies, and controls (section 57(l)). The RBNZ, as a matter of course, considers the management reporting and dissemination of relevant information in a timely manner when conducting on-site inspections or desk-based reviews of a reporting entity. EC11 Laws provide that a member of a bank’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. Description and findings re EC11 Section 44 of the AML/CFT Act provides protection for a person reporting suspicious transactions and states that no civil, criminal and disciplinary proceedings lie against a person who discloses or supplies any information in any suspicious transaction report. This section does not apply if the information is provided in bad faith and does not apply in respect of proceedings for an offence under sections 92–97. EC12 The supervisor, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. Description and findings re EC12 The RBNZ is a member of the AML/CFT Supervisors’ Forum that meets fortnightly to discuss operational AML/CFT issues. This group comprises the RBNZ, DIA, FMA, FIU, and Ministry of Justice. The RBNZ is member of the AML/CFT National Coordination Committee (NCC) which is established under section 150 of the Act. This group meets monthly to primarily discuss policy and operational issues. Recent invitees to join the committee include the IRD, Ministry of Foreign Affairs and Trade and the MBIE. The AML/CFT supervisors of the Five Eyes nations, under the International Supervisors Forum (ISF), have quarterly teleconference meetings to exchange information and good practice. The types of information shared include thematic discussion, lessons learned from on-site visits and enforcement actions, emerging trends and risks and identification

NEW ZEALAND 210 INTERNATIONAL MONETARY FUND of future issues. This year the AML/CFT Supervisor Manager for DIA will represent NZ at the ISF plenary in Washington DC. The RBNZ is also a member of the Five Eyes Law Enforcement Group’s International Supervisors Forum. This group includes representatives from AUSTRAC, FINCEN, FINTRAC, FCA, and New Zealand (RBNZ, DIA and FMA). The RBNZ is authorized to share information with other competent authorities in accordance with the AML/CFT Act (Section 132 (2) (d) and 139), and may use, for the purposes of AML/CFT supervision, information it has obtained or is held by it in the exercise of its powers or the performance of its functions and duties under the RBNZ Act 1989, and vice versa (sections 137 (1 and 2), and 140). New Zealand AML/CFT supervisors are working to formalize more MOUs at the international level, to facilitate the exchange of information and assistance with foreign supervisory authorities. They are focusing on FINTRAC/CANAFE and FINCEN at present. EC13 Unless done by another authority, the supervisor has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisor regularly provides information on risks of money laundering and the financing of terrorism to the banks. Description and findings re EC13 The AML/CFT supervision team has members with international and domestic ML/FT expertise in private sector banking and law enforcement. For example, a senior analyst of the AML/CFT team wrote before joining the team: NZ’s National ML/FT Risk Assessment 2010 while working at the New Zealand Police FIU as well as the quarterly published typology reports. He has written the RBNZ’s sector risk assessment on ML/TF which is planned to be published in late 2016. Assessment of Principle 29 Compliant Comments The RBNZ is the designated AML/CFT competent authority under the AML/CFT Act for banking activities. New Zealand has recently amended its AML/CFT legislation and improved its AML/CFT regime in order to address FATF’s recommendations. A newly revamped AML/CFT framework with a dedicated AML/CFT Act came into force on June 30, 2013. The Act (and relevant regulations) captures the requirement for a bank to understand its ML/TF risks, and apply the appropriate CDD based on the level of risk of a customer. RBNZ benefits from a specialist unit that has built expertise and relationships with other authorities, including in Australia. The RBNZ has achieved significant progress in addressing deficiencies in the regime prior to 2013, including RBNZ Regulations of 2008, and efforts are moving in the right direction and according to the Principle. Implementation nonetheless is recent and probably with short staffing. The next FATF assessment in 2019 would be a relevant landmark to assess progress in the maturity of the framework.

NEW ZEALAND INTERNATIONAL MONETARY FUND 211 SUMMARY COMPLIANCE WITH THE BASEL CORE PRINCIPLES Table 2. New Zealand—Summary Compliance with the Basel Core Principles Core Principle Grad Comments

1. Responsibilities, objectives and powers LC RBNZ’s objectives are broadly defined in line with CP1. However, at an operational level some uncertainty has arisen because of the practical interpretation given to broadly defined legal terms. In addition, it is also of concern that responsibilities for banking supervision are not clearly defined and understood by all authorities involved, as further discussed in CP2.
2. Independence, accountability, resourcing and legal protection for supervisors MNC RBNZ’s shortage of banking supervision staff and limited resources are serious impediments to developing an effective supervisory approach, even if the current low-intensity approach was maintained. In addition, although the RBNZ Act gives the RBNZ powers to operate at arm’s length from the government, subject to checks and balances embedded in legislation, the Act should be aligned with the Insurance (Prudential Supervision) Act (IPSA) and the NBDT Act by removing the role of the Minister in issuing directions. Section 68B and current arrangements under the 2012 MoU create ambiguities in the role of the RBNZ and Treasury that, if not addressed decisively, may lead to undue government interference in the primarily prudential responsibilities of the RBNZ.
3. Cooperation and collaboration LC The framework for cooperation and collaboration with relevant domestic authorities, particularly the Treasury, may create ambiguities, given their mutual advisory roles and responsibilities for resolution and prudential policy, as discussed in CP2. The framework for cooperation and collaboration with APRA, as the relevant foreign supervisor, is outstanding. However, given the unique co-dependence between the RBNZ and APRA, the RBNZ may wish to explore additional practical and proactive ways of collaborating with APRA, to deliver supervision of the cross-border systemically important banks in a manner that is cost-effective for both the supervisors and the industry.
4. Permissible activities LC The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. The authorities, however, need to assess risks posed by companies registering in New Zealand and offering bank-like or other financial services only abroad.

NEW ZEALAND 212 INTERNATIONAL MONETARY FUND Core Principle Grad Comments 5. Licensing criteria C The registration process is compliant with CP5. 6. Transfer of significant ownership C The framework is adequate and transfer activity is not significant in the New Zealand banking sector at the time of the assessment. Future assessments of the BCP will need to consider the materiality of this activity in the banking sector. 7. Major acquisitions C Idem. 8. Supervisory approach MNC The primary methodology employed by the RBNZ to assess risks off￾site is PRESS, which functions as an early warning system by tracking trends and measuring possible impact on the banking system. The supervisory approach relies on the market discipline provided by disclosure and transparency, backed by attestation from directors as to the adequacy of risk management. Regulatory discipline is imposed through off-site monitoring, interviews with bank management, enforcement when deficiencies are uncovered and by a limited issuance of supervisory policies. The analysis is not documented, and it does not include a detailed evaluation of risk mitigants. The results of PRESS are not specifically discussed with banks. 9. Supervisory techniques and tools MNC The RBNZ does not rely on on-site inspections as a supervisory tool. Attestations by directors are not verified by on-site reviews but by reviewing documents requested off-site. Meetings with banks provide an opportunity to discuss supervisory findings and bank risks. Stress testing is required in the ICAAP process and is also performed by the RBNZ. 10. Supervisory reporting MNC The RBNZ does not independently verify the prudential returns, and is not planning to do so. Currently, verification of supervisory returns and the valuation framework for prudential purposes consists of cross-checking different reporting outcomes for consistency. 11. Corrective and sanctioning powers of supervisors LC The RBNZ Act provides broad powers to the supervisor. Section 113 grants powers to issue directions, with the consent of the MoF, to require corrective action and impose sanctions. Section 78 defines “prudent manner”; a bank’s failure to conduct business in a prudent manner may lead to the bank being issued a direction. However, issuance of a direction based on BS documents or supervisory judgment is hampered as the threshold is high. Enabling the issuance of bank-specific directions without the need for MoF consent, and more directly linking compliance with BS documents setting out expectations for prudent banking would facilitate the use of supervisory judgment and timely supervisory action.

NEW ZEALAND INTERNATIONAL MONETARY FUND 213 Core Principle Grad Comments 12. Consolidated supervision LC The RBNZ’s supervisory approach focuses on the registered bank’s banking group as defined in conditions of registration and the RBNZ Act, i.e., the registered bank and its subsidiaries. The wider banking group or conglomerate would be considered in respect of funding or capital support, and contagion or reputation risk implications e.g., through the assessment of parent support in the PRESS assessment. Nevertheless, the concept of proportionality is considered in the assessment as discussed under “Methods of ongoing supervision” (under “Main Findings”, see above). 13. Home-host relationships LC The RBNZ is not a home supervisor for any bank with material cross￾border operations. As host supervisor, the RBNZ has a close home￾host relationship with APRA. However, there is still scope for the RBNZ to take advantage of more proactive coordination and collaboration with APRA to fulfil the RBNZ’s supervisory objectives and tasks in a cost-efficient manner. 14. Corporate governance MNC BS14 and BS10 establish supervisory policy on Board size and composition, fit-and-proper requirements, and require directors to act in best interest of the bank. RBNZ is also planning to enhance its ability to ensure ongoing suitability of directors/ management, since currently non-objection by the RBNZ is only required at the time of appointment. The guidance issued is limited, and the level of engagement does not address whether directors are effective and exercise their duty of care, and whether the Board approves and oversees the implementation of policy and compliance with the risk appetite statement. 15. Risk management process MNC While the RBNZ requires banks’ directors to attest to having adequate risk management systems in place, it has not issued requirements to serve as benchmarks for banks to measure their systems against. Issuing enforceable requirements would also facilitate effective corrective action or the taking of enforcement action. The RBNZ takes a high-level approach to determining the adequacy of risk management, relying on reports reviewed off-site or meetings with the banks. The supervisory approach does not meet most of the essential criteria that require detailed reviews of operations and a more intrusive approach. 16. Capital adequacy C The capital adequacy framework is, in substance, aligned with international standards, with a simple and conservative bias. Departures from the Basel framework (leverage ratio, Pillar 2, Pillar 3, SIFI surcharges) can be considered examples of regulatory policy choices tailored to national circumstances. The capital framework is currently under review.

NEW ZEALAND 214 INTERNATIONAL MONETARY FUND Core Principle Grad Comments 17. Credit risk MNC The RBNZ does not have requirements on credit risk management policies; does not issue guidance on credit management processes or Board involvement; and does not verify the adequacy of banks’ processes. 18. Problem assets, provisions, and reserves MNC The RBNZ has not issued requirements or definitions on nonperforming loans, forbearance, renewals, cured loans or loan classifications based on risk. The RBNZ does not issue prudential guidelines on loan loss provisioning. 19. Concentration risk and large exposure limits MNC The RBNZ does not establish large exposure limits, nor has it issued guidance on the management of concentration risk. In 2016 an additional regulatory collection of large exposure data was initiated. 20. Transactions with related parties MNC BS8 on connected (related) party lending establishes a limit on aggregate nonbank related exposure at 15 percent of Tier 1 capital, and aggregate related exposure (including banks) at 125 percent of Tier I capital. The aggregate limit on net exposures (under robust bilateral netting agreements) is set according to the bank’s credit rating, with a maximum of 75 percent of Tier 1 capital. The policy does not require prior Board approval for effecting transactions or write-offs. Exposure to related parties of a bank’s directors is not included in the definition of bank related parties. Compliance is monitored off-site but information collected does not provide sufficient detail to monitor related party transactions. 21. Country and transfer risks C The level of country risk is minimal as banks do not actively engage in cross-border exposure. The RBNZ is very familiar with conditions in Australia where the exposure lies as home country for the four largest banks. Additionally, Australia country risk is low. The RBNZ closely monitors Australia country risk and the parents of the subsidiaries in New Zealand. 22. Market risk LC Capital requirements are based on the Basel 1996 amendment. Estimates of market risk reveal low impact. RBNZ monitoring is considered proportionally appropriate. 23. Interest rate risk in the banking book MNC The RBNZ has not issued guidance on the management of interest rate risk or interest rate risk strategy/policies nor issued benchmarks for measuring the risk. RBNZ relies on reviewing banks’ internal reporting. 24. Liquidity risk C BS13 establishes the supervisory policy on liquidity. Quantitative limits are imposed on one-week, one-month and a one-year CFR that produce results no less than the Basel standards, according to RBNZ estimates of the comparisons. 25. Operational risk MNC The RBNZ reviews banks’ operational risk management practices through the review of banks’ management reports. Detailed

NEW ZEALAND INTERNATIONAL MONETARY FUND 215 Core Principle Grad Comments guidelines and on-site testing to verify adequacy of bank practices is not performed. 26. Internal control and audit MNC The RBNZ does not comply with most of the requirements of CP26, nor does it intend to do so. Determining for prudential reasons that banks have adequate internal control frameworks is left to the bankers themselves. The role of the RBNZ is to maintain light￾handed monitoring based on regular consultations with bank senior management and directors. Independent verification of internal controls is a critical area to ensure the soundness of individual institutions. 27. Financial reporting and external audit LC New Zealand’s legal framework ensures that the financial statements of every bank are prepared and audited in accordance with New Zealand equivalents to internationally recognized accounting and auditing standards. However, the RBNZ does not itself determine that banks use valuation practices consistent with IFRSs. It relies on the external auditing process and director attestations to provide this prudential outcome. The RBNZ meets with the external auditor of each of the largest locally incorporated banks. However, these meetings do not cover valuation practices, or other areas of supervisory responsibility entrusted to external auditors. 28. Disclosure and transparency C The RBNZ is committed and actively engaged in achieving high-quality public disclosure by banks in line with international standards and practices. The RBNZ should continue its efforts to assess whether public disclosure meets the needs of the users as a means to enable market discipline. The RBNZ is encouraged to complement disclosure requirements with information on remuneration as discussed under Principle 14. 29. Abuse of financial services C New Zealand was relatively late in implementing legislation and an AML/CFT regime (in 2013). This has allowed the RBNZ to benefit from experiences in other jurisdictions, and achieve significant progress in addressing deficiencies in the pre-2013 regime. The supervisory approach in this area departs from the hands-off approach to prudential supervision in general. The framework still needs to mature further, and the next FATF assessment in 2019 will be an important landmark to reassess progress.

NEW ZEALAND 216 INTERNATIONAL MONETARY FUND RECOMMENDED ACTIONS AND AUTHORITIES COMMENTS A. Recommended Actions 62. Table 3 below lists the suggested actions for improving compliance with the BCPs and the effectiveness of regulatory and supervisory frameworks. Table 3. New Zealand—Recommended Actions Recommended Actions to Improve Compliance with the Basel Core Principles and the Effectiveness of Regulatory and Supervisory Frameworks Reference Principle Recommended Action Principle 1 Develop an operational definition of the RBNZ’s objective for banking supervision to remove possible ambiguities arising from the broad formulations in the legislation. Based on these clarifications, consider revisiting some of the key tenets of the supervisory approach, in particular the absence of independent verification of supervisory returns, and first-hand knowledge of the soundness and risk management of individual banks and banking groups. This will also raise the international standing of New Zealand’s banking supervision. Principle 2 As an overall conclusion from this BCP assessment, reassess the level of resources needed to adequately fulfil the RBNZ’s responsibilities for banking supervision. The authorities should reassess the need to clearly delineate the roles and responsibilities of the Treasury vis-à-vis RBNZ’s statutory objectives for banking supervision, to ensure that control functions and checks-and-balances do not become undue interference in the execution of RBNZ’s prudential mandate. Similarly, clarifications should be agreed on the exercise of those sections in the RBNZ Act where the Minister may have the power to give directions to the RBNZ, particularly section 68B. Clarifications should narrow the scope for the government to unduly interfere in the statutory responsibilities and routine tasks of the RBNZ as an independent supervisor. Arrangements and procedures for interaction between the Treasury and RBNZ, including the interpretation of section 68B, have to be established clearly in such a way that the relationship between the two organizations is transparent and traceable. Principle 3 The recommendations in CP2 and CP13, as they relate to cooperation and collaboration with national and trans-Tasman authorities, also address deficiencies in achieving compliance with CP3.

NEW ZEALAND INTERNATIONAL MONETARY FUND 217 Principle 8 Increase the analysis of the risk mitigants listed for the individual risks, retain work papers, and share the results of the analysis with banks. Principle 9 Carry out, or have carried out on its behalf, on-site inspections to verify or test data and information on which the analysis of key risks relies: for example, the credit portfolio, Board minutes, and the implementation of Board policies and regulatory reports. On-site reviews can be targeted and their frequency based on risk. Principle 10 The RBNZ is encouraged to develop processes for strong first-hand independent verification of banks’ prudential returns, especially in the areas of earnings and credit asset quality, given the credit profile of the banking industry. This will allow the effective identification of prudential concerns through an independent assessment of risks, while ensuring that these risks are mitigated in a timely manner. Principle 11 Make compliance with BS Policy documents evidence of prudent practice (s78) and eliminate Ministerial consent for directions under section 113(1)(e) of the RBNZ Act (thereby also aligning with IPSA and the NBDT Act). These changes would facilitate the implementation of enforcement action on a preventive basis and support the use of supervisory judgment. Principle 12 RBNZ is advised to prepare itself for the possibility that the current circumstances and mitigating factors change, and develop a proper framework for consolidated supervision. This could include, for example: developing a proper economic definition of the banking group under supervision; establishing a supervisory methodology to collect and analyze information on intragroup transactions; and developing formal policies to limit the scope of foreign operations of New Zealand incorporated banks on the basis of weak host jurisdictions. Principle 13 The RBNZ is encouraged to identify areas where policy making and supervisory activities for the day-to-day supervisory assessment of risks would benefit further from active cooperation and collaborative work with APRA, to enhance RBNZ’s cost-effective approach to supervision pursuing its own statutory mandate. For example, RBNZ could pursue a proactive coordinated approach on the assessment of group risk exposures, risk management, corporate governance and cross-border crisis management. Principle 14 The significant reliance on self-discipline is not supported by published and enforceable supervisory expectations. The update of BS14 should include expanded guidelines on risk appetite statements, on required policies to be developed by the Boards, and on codes of conduct. Principle 15, 17, 18, 19, 20, 21, 22, 23, 25. Achieving compliance would require a major change to the RBNZ’s supervisory approach.

NEW ZEALAND 218 INTERNATIONAL MONETARY FUND  Supervisory regulations or enforceable policies would need to be issued establishing benchmarks and requirements for measuring, monitoring and managing risks. This would provide guidance to banks on supervisory expectations when attestations are made.  A more intrusive approach would be needed, including on-site inspections (by the RBNZ or its appointed representative) to determine compliance and deepen supervisors’ understanding of banking operations and risks.  Increase the forward looking capacity of supervision by increased use of stress testing.  Additional resources and training would be required. Principle 17/18 As this is the most significant risk in New Zealand, detailed guidelines should be issued, addressing: loan classification, extended loans, forbearance, nonperforming and cured loans, and provisioning. There need to be on-site reviews to ascertain credit portfolio quality and to verify the accuracy of internal bank reports shared with the RBNZ. Principle 19 Establish lending limits for concentrated credit exposures and ensure banks are properly aggregating exposures across any connected group of counterparties. Principle 20 Expand the requirements on related party loans to include prior approval by the Board and reporting on write-offs for Board approval. Expand the information collected to include terms, names and repayment status. And expand the definition of related party to include related parties of the bank’s directors and other parties and transactions, as defined in footnotes to CP20. Principle 26 The RBNZ should be conscious that independent verification of internal controls is a critical area to ensure the soundness of individual institutions, and an indispensable means to exercise effective regulatory discipline. Principle 27 While respecting the difference in responsibilities between external auditors and the RBNZ, the RBNZ should engage them in a focused and effective dialogue to discuss valuation practices, as well as other areas of prudential concern delegated to external auditors.

NEW ZEALAND INTERNATIONAL MONETARY FUND 219 B. Authorities’ Response to the Assessment The New Zealand authorities (the FMA, MBIE, RBNZ, and Treasury) wish to thank the IMF and the banking assessors for their thorough assessment of New Zealand’s compliance with the Basel Core Principles for Effective Banking Supervision. The authorities welcome the opportunity to comment on the IMF’s Detailed Assessment Report (DAR). The New Zealand authorities strongly support the FSAP as a means of promoting and improving both the quality of financial sector regulation and the outcomes that this regulation aims to achieve. By way of context, the New Zealand banking system is highly concentrated and largely foreign owned, with subsidiaries of the four large Australian banks accounting for a large share of total banking assets. New Zealand is not a member of either the Basel Committee on Banking Supervision (BCBS) or the Financial Stability Board (FSB). Nevertheless, New Zealand looks to adopt the recommendations of international standard setting bodies when they are appropriate for New Zealand circumstances, and these are often customised to deliver outcomes that best meet New Zealand’s needs. The last New Zealand FSAP was conducted during 2003–04. Since that time there have been significant developments in the New Zealand regulatory landscape, including to banking sector regulation and supervision. Some developments can be traced to the recommendations of the previous FSAP, while others are tied to separate factors such as the global financial crisis. The New Zealand financial system weathered the crisis comparatively well – the banking system did not experience a major deterioration in asset quality and non-performing loans remained low by international standards. The crisis did, however, highlight the reliance of the New Zealand banking system on wholesale market funding. In response the Reserve Bank introduced a new prudential liquidity policy in 2010 designed to ensure banks self-insure against short-term funding pressures. The Reserve Bank was quick to adopt the new global solvency standard for banks embodied in Basel III, implementing the new higher minimum capital requirements at the start of 2013. The crisis also prompted the accelerated development and subsequent implementation of a policy designed to minimise the damage to the financial system from the failure of a large bank. This policy, Open Bank Resolution (OBR), was introduced in 2012. Complementing these policy developments, the Reserve Bank has also stepped up its supervisory intensity since the crisis, reflected in the degree of engagement with banks, and improvements in its supervisory analysis and data. The DAR acknowledges these significant improvements in the Reserve Bank’s ‘regulatory’ pillar. The DAR notes that the Reserve Bank’s approach to banking sector regulation rests not only on a ‘regulatory pillar’ (formal enforceable rules and requirements) but also on ensuring that bank directors and senior managers have the right incentives to manage their bank’s risks (self-discipline),

NEW ZEALAND 220 INTERNATIONAL MONETARY FUND and that market participants have the appropriate information, incentives and mechanisms to help influence the behaviour of banks in a way that also contributes to a sound and efficient banking sector (market discipline). The New Zealand authorities recognise that, despite a rebalancing towards more regulation post-crisis, New Zealand’s banking regime remains somewhat unusual given the emphasis that the Reserve Bank places on self-discipline and market discipline, and its relatively low-intensity supervisory approach. The findings and recommendations contained in the DAR provide an opportunity for the Reserve Bank to reflect on its current model and the extent to which, together, the ‘three pillars’ might better contribute to a sound and efficient New Zealand banking system. The recommendations imply extensions or adjustments to the Reserve Bank’s current model in the following areas:  There should be common benchmarks and enforceable requirements against which banks should measure, monitor and manage all the key risks facing their business in order to facilitate corrective or enforcement action.  In conjunction, there should be a greater willingness to take supervisory or enforcement actions, not just in response to formal regulatory breaches, but also on a more preventive basis (based on a greater use of supervisory standards) to mitigate ‘imprudent behaviour’ that could lead to more serious consequences.  Supervisory and disclosure information should be subject to more verification either by the Reserve Bank or by external experts.  Market discipline has more limitations than the Reserve Bank’s approach suggests.  There should be a reassessment of the resources needed to adequately fulfil the Reserve Bank’s responsibilities for banking supervision. The Reserve Bank, in conjunction with other relevant New Zealand authorities, will consider the recommendations in these and other areas identified in the DAR. It is too early to provide a definitive response, but the Reserve Bank believes that those recommendations tied more explicitly to improving self-discipline and market discipline merit particular attention. As an example the Reserve Bank recently initiated a thematic review of the attestation framework, partly in response to the IMF’s findings. The DAR also acknowledges the importance of trans-Tasman cooperation given the significant presence of Australian-owned banks in New Zealand. The New Zealand authorities believe that the current home-host arrangements established with Australian authorities are very sound and consistent with international best practice. Nevertheless, the authorities will continue to develop and deepen the work with their Australian counterparts on areas of common interest.

NEW ZEALAND INTERNATIONAL MONETARY FUND 221 The IMF assessment places considerable importance on the principle of ensuring the continued independence of the Reserve Bank in the performance of its regulatory and supervisory functions. While the DAR does not point to any examples of government interference, New Zealand authorities will work together to consider the recommendations in this area and to ensure that an appropriate degree of separation is maintained between the Reserve Bank and the executive branch of government. In conclusion, the New Zealand authorities found the FSAP a valuable process with many potentially useful insights for the Reserve Bank’s prudential framework. The New Zealand authorities will be considering the recommendations systematically over the coming months with a view to ensuring that New Zealand’s approach to banking sector regulation continues to be cost-effective while promoting the soundness and efficiency of the financial system.