Risk Based Supervisory Framework

Foreword

SBP’s Supervisory regime has evolved from compliance based supervision when CAMELS/CAELS based assessment framework was adopted in 1999. Since then, it has been continuously enhanced and updated to cope with the emerging developments and challenges of the dynamic banking system.

In order to further strengthen the supervisory regime and align it with best international practices, SBP has transformed its supervisory approach and has fully moved towards Risk Based Supervisory regime.

RBS framework is applicable to all institutions under SBP’s supervisory ambit. The assessment mechanism delineated in this document specifically related to Banks/DFIs/MFBs. The supervisory framework of other institutions, i.e. exchange companies, credit bureaus, PSO/PSP/EMIs etc., has also been developed on the same principles of risk based supervision but slightly modified taking into account size, complexity and nature of business of different institutions.

Introduction

State Bank of Pakistan (SBP), being the central bank and banking supervisor, has been entrusted, inter alia, with the responsibilities of regulating the monetary and credit system of Pakistan and to foster its growth in the best national interest with a view to securing monetary stability and fuller utilization of the country’s productive resources.

Under the prevalent legislative structure, the State Bank of Pakistan regulates and supervises Banks, Development Finance Institutions (DFIs), Microfinance Banks (MFBs), Exchange Companies (ECs), Payment Service Providers, Payment Systems Operators, Electronic Money Institutions and Credit Bureaus. State Bank has an elaborate and extensive supervisory framework for the supervision and regulation of these institutions.

The document provides an overview of SBP’s Risk Based Supervisory Framework and the processes involved in conduct of its supervisory responsibilities. This document covers SBP’s statutory obligations, supervisory objectives, key principles under RBS regime, overview of supervisory assessment process and intervention.

Statutory Framework

State Bank of Pakistan regulates and supervises Banks, DFIs, MFBs, ECs, Payment Service Providers, Operators of Payment Systems, Electronic Money Institutions and Credit Bureaus in terms of powers conferred on it by the following statutes:

1. State Bank of Pakistan Act, 1956
2. Banking Companies Ordinance, 1962
3. The Banks Nationalization Act, 1974
4. Microfinance Institutions Ordinance, 2001
5. Payment Systems and Electronic Fund Transfer Act, 2007
6. Foreign Exchange Regulation Act, 1947
7. Credit Bureaus Act, 2015
8. Anti-Money Laundering Act, 2010

Objectives of Supervision

State Bank aims to maintain a sound and progressive financial services sector. This requires achieving i) stability of financial system, ii) safe and sound financial institutions, iii) safe and efficient financial infrastructure, iv) transparent and fair-dealing intermediaries and, v) well-informed and empowered financial consumers.

Stability of financial system

SBP continuously evaluates safety and soundness of financial institutions, strengthen governance and risk management standards, capital requirements and enforcement and resolution mechanism.

Safe and sound financial institutions

The prime focus of SBP’s regulation and supervision is on the safety and soundness of banks, DFIs, MFBs and other regulated entities. The distress or collapse of key financial institutions has more damaging consequences for systemic stability as such institutions transmit problems to another and consequently undermine public confidence.

Safe and efficient financial infrastructure

State Bank envisions an enabling environment for creation of new business models and payment mechanisms in coordination with financial infrastructure providers. The platforms under financial infrastructure serve as important part of overall financial system. Their failure may amplify systemic risks by seizing up financial flows, undermining the fulfillment of obligations and transmitting shocks from one institution to another.

Transparent and fair-dealing financial institutions

SBP expects financial institutions to adopt fair business practices and high standards of disclosure when dealing with consumers. In this regard, SBP prescribes disclosure requirements, assess fitness and propriety to promote integrity among financial institutions and their representatives, set competency requirements and instill fair business practices in the marketing and distribution of financial services and products.

Well-informed and empowered financial consumers

SBP regularly issues regulations and guidelines and plays its due supervisory role in ensuring that consumers are well-informed and empowered to assume principal responsibility for their own protection.

Key Principles of SBP’s Supervisory Approach

SBP’s supervisory framework is based on following key principles:

• Forward-Looking: The risk assessment is forward looking and dynamic. This process of risk assessment takes account both activities of the institutions and impact of external environment for early identification and prompt intervention.
• Judgement Based: Risk profiling of regulated institutions is primarily based on supervisory judgment, supported by evidence and analysis. However, the supervisor’s judgement may vary from regulated institutions’ own assessment.
• Structured Assessment: Distinct evaluation of risks and risk management processes including controls and governance, which enables identification of high risk or weak control areas.
• Risk Focused: Supervisory focus is on key issues that pose greatest risk to the safety and soundness of the individual institutions and the stability of the financial system.
• Proportionality: Supervisory intensity and allocation of resources is sensitive to both, level of risk within and amongst regulated institutions.
• Ongoing Supervision: Risk-based supervision emphasizes on evaluation of risks in a continuum. It involves monitoring how risks are evolving, identifying emerging risks and engaging with FI for prompt corrective actions.

SBP’s Risk Based Supervision Framework

SBP’s RBS framework follows the international best practices, aligned with local industry dynamics. The ultimate responsibility for managing the risks of FIs rests with the BoD and management of the respective FIs. The assessment under RBS regime is a dynamic process, which is based on all encompassing supervisory activities including off-site monitoring, on-site assessments and enhanced engagements with management of FIs.

Significant Activities

The risk assessment process starts with identification of individual activities that are material to the institution and are known as “Significant Activities (SA)”. A significant activity is fundamental to the institution’s business model and its ability to meet its overall business objectives.

Inherent Risks

Inherent risk is intrinsic to an activity or process in the absence of any mitigating controls. The relevant inherent risk(s) of significant activities are identified and assessed as Low, Moderate, Above Average or High. The categories of risks include Credit, Market, Operational, Strategic and Legal & Regulatory risk.

Quality of Controls and Governance

• Operational Management: Responsible for day-to-day controls and is the first line of defense.
• Control Functions: Internal Audit, Compliance, and Risk Management act as second and third lines of defense.
• Governance Functions: Focuses on the role of the Board of Directors and Senior Management regarding fairness, integrity, transparency, and accountability.

Net Risk and its Direction

Net Risk is one of the key component of the RBS risk matrix. It is determined by the inherent risk mitigated by the operational management, internal control functions, and governance (QCG).

Overall Net Risk (ONR)

ONR depicts the consolidated risk rating of all significant activities of the financial institution. It is rated as Low, Moderate, Above Average or High.

Capital, Earnings, and Liquidity

• Capital: Assessment of capital adequacy and management.
• Earnings: Assessment of level, sustainability, and quality of earnings.
• Liquidity: Assessment of capacity to generate or obtain sufficient cash to meet commitments.

Composite Risk Rating (CRR)

CRR is an assessment of the FI’s overall risk profile. It is rated as Low, Moderate, Above Average or High, accompanied by a direction (Decreasing, Stable, or Increasing).

Supervisory Intervention

Intervention stages determine how supervisory concerns are addressed:

• Normal: Regular activities.
• Enhanced: Increased intensity and reporting requirements.
• Mandated Action: Coercive powers and restrictions.
• Remediation: Severe invasive actions for material risks.
• Resolution: Restructuring, winding up, or liquidation.

Supervisory Processes

SBP uses a detailed process including:

• Supervisory Planning: Defining key activities for the year.
• Off-Site Analysis: Ongoing monitoring through data and meetings.
• On-Site Assessment: Thorough investigation of risks and controls.
• Supervisory Ratings & Updation of Risk Matrix: Finalizing ratings to guide intervention.